ЕСОЗ - публічна документація

RC_CSI-2483_Approvals

Description

  1. Service to manage time-limited access to users or legal entities resources.

  2. All the approvals are stored centralized. Unfortunately we cannot use JWT because of the patient use cases.

  3. Approvals are used by ABAC service as a data source to make decisions based on rules

  4. Approvals are stored in the medical events MongoDB.

  5. There should be no MPI_id in DB, only mpi-hash.

  6. Approval can be granted as to user (employee), so to legal_entity (to all employees of the legal_entity).

  7. Approval can be granted not only for particular medical event of the patient, but also for all medical events (incl. MR, MRR, MD) of the patient at once.

Use cases

  1. As a doctor I want to be able to get access to some specific patient resources So that I can provide the healthcare services for any patient that has asked me to help

  2. As a doctor I want to be able to get access to the patient resources that has been included in the Service Request So that I can provide the healthcare services and process service request

  3. As a doctor I want to be able to get access to the patient resources that are the context of granted resource So that I can provide the healthcare services and process child_resources

  4. As a doctor I want to be able to get access for legal_entity to the patient resources that has been included in the Service Request So that all employees of legal_entity can provide the healthcare services and process service request

  5. As a Patient I want to provide access to my medical data resources for the specific eHealth user So that I can get the healthcare consultation from whoever I want

  6. As a Patient I want to authorize all the grant access to my profile actions using the authorization methods that I have chosen in the declaration So that I can be sure that my medical data is protected.

Data model

Approvals

Object name: approvals

Name

Type

M/O

Description and constraints

Name

Type

M/O

Description and constraints

id

string

m

id of approval

patient_id

string

m

mpi_id hash

granted_resources

Reference

m

list of resources that are allowed by approval

granted_to

Reference

m

type and identifier of entity to whom access has been granted (employee or legal_entity)

expires_at

timestamp

m

expiration date-time timestamp

granted_by

Reference

m

type and identifier of entity who has granted access. It can be MPI_id

reason

Reference

o

type and identifier of entity based on which approval has been created

access_level

string

m

`read` or 'write'

urgent

Object

m

authentication_type and phone number

inserted_at

datetime

m

 

inserted_by

guid

m

 

updated_at

datetime

m

 

updated_by

guid

m

 

is_verified

bool

m

identifies if Verify approval was called for record

created_by

Reference

m

type and identifier of entity who has created approval. Reference on prm.employees.id

authorize_with

string

o

persons auth method id hash

Data example:

approval
{ "_id" : UUID("fc15b8a3-d7cb-41f7-8cbc-7317e9ad515f"), "access_level" : "read", "expires_at" : ISODate("2019-12-27T12:54:27.000Z"), "granted_by" : { "display_value" : null, "identifier" : { "type" : { "coding" : [ { "code" : "mpi-hash", "system" : "eHealth/resources" } ], "text" : null }, "value" : "E7F9B8B5D5F1779A83CE29DC2E2A3F0BA525A31C75E645092AAD3A67B8B56291" } }, "granted_resources" : [ { "display_value" : null, "identifier" : { "type" : { "coding" : [ { "code" : "episode_of_care", "system" : "eHealth/resources" } ], "text" : null }, "value" : UUID("17f31552-f4f1-4bf1-bd49-5da282e517bf") } } ], "granted_to" : { "display_value" : null, "identifier" : { "type" : { "coding" : [ { "code" : "employee", "system" : "eHealth/resources" } ], "text" : null }, "value" : UUID("7583111f-7c90-4cb0-9941-b5414bb71ca0") } }, "inserted_at" : ISODate("2019-12-26T12:54:27.379Z"), "inserted_by" : UUID("20349bbf-726c-4d13-9f6a-b8a1bcdfd2b5"), "patient_id" : "E7F9B8B5D5F1779A83CE29DC2E2A3F0BA525A31C75E645092AAD3A67B8B56291", "reason" : { "display_value" : null, "identifier" : { "type" : { "coding" : [ { "code" : "service_request", "system" : "eHealth/resources" } ], "text" : null }, "value" : UUID("d8cf4081-eaf4-4039-8248-a00a0d44481f") } }, "is_verified" : "true", "updated_at" : ISODate("2019-12-26T12:55:11.944Z"), "updated_by" : UUID("20349bbf-726c-4d13-9f6a-b8a1bcdfd2b5"), "urgent" : { "phone_number" : "+38095*****95", "type" : "OTP" } }

 

ЕСОЗ - публічна документація