ЕСОЗ - публічна документація

RC_(CSI-2483,CR-441)_Reject Medication request

Owned by Viacheslav Tybin (SoE eHealth)
Oct 02, 2024
3 min read

Purpose

This WS is designed to reject previously created Medication Request.

Key points

  1. Only authenticated and authorized user with appropriate scope can reject Medication Request.

  2. Medication Request can be rejected only from ‘ACTIVE' status.

Specification

Apiary

Authorization

  1. Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  2. Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  3. Check user scopes in order to perform this action (scope = 'medication_request:reject')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:reject”) in case of invalid scope(s)

  4. If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at > current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

    1. in case not match - return 403 ("Access denied. Party is not verified")

  5. If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):

    1. in case of error - return 403 ("Access denied. Party is deceased")

Validations

Validate Digital Sign

  • Validate request is signed

    • in case of error - return 400 (“document must be signed by 1 signer but contains 0 signatures”)

  • Check DS is valid and not expired

  • Validate that DS belongs to the user

    • Check that DRFO from DS and party.tax_id matches

      • in case of error - return 422 (“Does not match the signer drfo“)

Validate Medication request

  • Get Medication request identifier from the URL. Check Medication request exists in OPS DB

    • in case of error - return 404

Validate user

Medication Request rejection is allowed for user if he has one of the following active and approved employee that:

  • is an author of the Medication request Request (medication_request.employee_id)

  • has an approval on write Care plan if Medication Request based on the Care plan (medication_request.based_on)

  • is Med_Admin from legal entity where Medication Request is created

    • in case of error - return 409 ("Employee is not author of medication request, doesn't have approval or required employee type")

Validate content

  • Validate request using JSON schema

    • in case of error - return 422

  • Check that signed content contains all required fields and is equal to stored object

    • Decode signed content

    • Render requested medication request

    • Check that rendered and decoded data matches (except for reject_reason_code and reject_reason fields)

      • in case of error - return 422 ("Signed content does not match the previously created content")

Note! Medication Request with intent plan and order has different structure:

  • Medical program is required in order

  • Medical program is absent in plan

Validation transition

  • Get status of Medication request by $.id in OPS DB. Check that Medication request is in status ‘ACTIVE’

    • if invalid - return 409 ("Invalid status Medication request for reject transition!")

For more information look at Medication request status model

Validate reject reason code

  • Validate $.reject_reason_code is a value from MEDICATION_REQUEST_REJECT_REASON dictionary

    • in case of error - return 422 ("value is not allowed in enum")

Service logic

  1. Save signed content to media storage.

  2. Update Medication request in OPS DB:

    1. set status = 'REJECTED'

    2. set reject_reason_code = $.reject_reason_code

    3. set reject_reason = $.reject_reason

    4. set updated_by = user_id

    5. set updated_at = now()

  3. Send SMS for person

    1. If Medication request has program with medical program setting request_notification_disabled = true, then don't send SMS.

      Else:

      1. If authorize_with exists in medication request and is not empty, check:

        1. Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)

        2. Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter, if it is set to true - for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from medication request – exists active and approved confidant person relationship between person from request and confidant_person_id from authentication method value (using following logic: https://e-health-ua.atlassian.net/wiki/spaces/CSI/pages/17667883028 with person_id = person from request and confidant_person_id = value from auth method) - expected :ok, :approved response)

          1. in case any validation failed - do not send SMS to person

          2. else - get authentication_method from authorize_with

        3. If authorize_with does not exist in medication request or is empty - get default authentication_method of person from MPI

      2. If authentication_method == OTP, then send SMS to a person from Medication request:

        1. Generate SMS text (

          1. get template from reject_template_sms parameter

          2. enrich template with data from Medication request

        2. Send SMS to a person

  4. Add new status to event manager

field

value

field

value

event_type

StatusChangeEvent

entity_type

MedicationRequest

entity_id

$.id

properties.status.new_value

$.status

event_time

$.update_at

changed_by

$.changed_by

  1. If the medication request is based on activity with quantity:

  1. recalculate and set remaining_quantity for the activity as described at PreQualify Medication Request: 6. Check Care Plan and Activity (p. 2. d. 1) and do not include current MR but include all MD which related to current MR

ЕСОЗ - публічна документація