1 Filtration Logic
- 1.1 1. Define forbidden group Items
- 1.2 2. Check Medical event is allowed to access
2 Medical events to filter

Filtration Logic

For each method described in Table “Medical events to filter“ use following logic to define if User has an access to medical events with data included in the Forbidden groups.

1. Define forbidden group Items

Define forbidden group Items presented in Medical events the User should not see

Get all active Forbidden group Items from cache.
- if cache is empty - fill it with all active forbidden group items (forbidden_group_codes and forbidden_group_services)
Get all active and approved user's employees
Get all Approvals on forbidden groups granted by patient to all user's employees
- if it merged person/preperson - get all active Approvals on forbidden groups granted by active master_person to all user's employees
Form list of forbidden group items that still are restricted for the User: eliminate items in approvals from the all forbidden group items.

2. Check Medical event is allowed to access

Check Medical event data is allowed to access according to Forbidden groups

Do usual validations in methods described in the table “Medical events to filter” (column “Method”)
Additionally filter Medical events by rule (values in fields (column “Filter by“) are not in the forbidden list of items defined at p.1 OR user is an author of the ME)
- in case of error - look at “Result“ column

How to define user is author of the Medical event?

Check party_users table: If inserted_by user in ME belongs to the same party as user from the token, then this is an author.

Medical events to filter

Medical event	Method	Filter by	Forbidden group items	Result	Additional info

Medical event	Method	Filter by	Forbidden group items	Result	Additional info
Episode	Get Episode by id	diagnoses_history (with is_active=true )	codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes	Return 403 error with type “forbidden“	https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/583402142
	Get Episode by search params			Do not render in the response	https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/583403084
	Get approved Episodes			Do not render in the response	https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/583402954
	Get Active Diagnoses Summary	current_diagnoses		Do not render in the response	Summary active Diagnoses
	Get Short Episodes Summary	diagnoses_history		Do not render in the response
Encounter	Get encounter by id	diagnoses actions reasons action_references	diagnoses by codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes actions by codes from dictionary eHealth/ICPC2/actions reasons by codes from dictionary eHealth/ICPC2/reasons code by service_id	Return 403 error with type “forbidden“
	Get encounters by search params			Do not render in the response
	Get encounters in episode context			Do not render in the response
	Get encounter details in episode context			Return 403 error with type “forbidden“
Condition	Get conditions in episode context	code evidences	code by codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes evidences by codes from dictionary eHealth/ICPC2/reasons	Do not render in the response
	Get condition details in episode context			Return 403 error with type “forbidden“
	Get conditions by search params			Do not render in the response
	Get condition by id			Return 403 error with type “forbidden“
	Get Conditions Summary			Do not render in the response
	Get Condition Summary by id			Return 403 error with type “forbidden“
Diagnostic report	Get Diagnostic report by id	conclusion_code code	conclusion_code by codes from dictionary eHealth/ICD10_AM/condition_codes code by service_id	Return 403 error with type “forbidden“
	Get Diagnostic reports by search params			Do not render in the response
	Get approved Diagnostic report			Do not render in the response
	Get Diagnostic report Summary by id			Return 403 error with type “forbidden“
	Get Diagnostic reports Summary			Do not render in the response
Procedure	Get Procedure by id	code	service_id	Return 403 error with type “forbidden“
	Get Procedures by search params			Do not render in the response
	Get Procedure Summary by id			Return 403 error with type “forbidden“
	Get Procedures Summary			Do not render in the response
Care plan	Get Care plan by id	addresses	codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes	Return 403 error with type “forbidden“
Care plan activity	Get Activity by id	reason_code product_reference (if kind=service_request)	reason_code by codes from dictionaries: eHealth/ICD10AM/condition_codes eHealth/ICPC2/condition_codes product_reference by: service_id if resource type=service service_group_id if resource type=service_group	Return 403 error with type “forbidden“
Care plan activity	Get Activities	reason_code product_reference (if kind=service_request)		Do not render in the response
Service request	Get Service request by search params	code	code by: service_id if resource type=service service_group_id if resource type=service_group	Do not render in the response
	Get Service request by id			Return 403 error with type “forbidden“
	Get Service request list in episode context			Do not render in the response
	Get Service request details in episode context			Return 403 error with type “forbidden“
	Get Service request by requisition			Do not render in the response

E-Health

Medical Events filtration by Forbidden groups_EN

Filtration Logic

1. Define forbidden group Items

2. Check Medical event is allowed to access

Medical events to filter