Introduction

Access to patient medical data is now managed by ABAC module, current chapter is no longer actual.

There are several types of access to patient medical data in eHealth, such as:

Primary care doctor

A primary care doctor can access to all patient medical data, if there are an active declaration between this practitioner and the patient.

Active doctors declarations are selected by the algorithm below during the first request  and then caсhed to the Redis:

Search for declarations using user_id and client_id

1. Select party_id from PRM.Party_users where 
   1. PRM.Party_users.user_id = user_id
2. Select IDs from PRM.Employees where
   1. PRM.Employees.party_id = Select 1.
   2. PRM.Employees.legal_entitty_id= client_id
3. Select person_id from OPS.Declarations where  
   1. OPS.Declarations.employee_id IN Select 2.
   2. OPS.Declarations.status IN (active, pending_verification)
4. Select user_id from PRM.Party_users where
   1. PRM.Party_users.party_id = Select 1.
5. Write all selected records into Redis in the structure:
   user_id | client_id | | [{person_id}|

Search for declarations using employee_id

1. Select party_id and client_id from PRM.Employees where PRM.Employees.id= employee_id
2. Select user_id from PRM.Party_users where
   1. PRM.Party_users.party_id = party_id
3. Select IDs from PRM.Employee where
   1. PRM.Employee.party_id = Select 2.
   2. PRM.Employee.legal_entitty_id= client_id
4. Select person_id from OPS.Declarations where  
   1. OPS.Declarations.employee_id = Select 3.
   2. OPS.Declarations.status IN (active, pending_verification)
5. Write all selected records into Redis in the structure:
   user_id | client_id | | [{patient_id}|

The data in the Redis expires after N minutes or when declared event happens:

Refresh record in the Redis

1. Delete record from the Redis after N minutes (N = 15 by default)  
2. If new declaration was signed with the Doctor, delete the record from the Redis where key = declarations.employee_id

Whenever doctor tries to access patient medical data, active declaration should be checked according to the algorithm:

Authorization using declaration by user_id and client_id

1. Search for a record in the Redis where the key = user_id + client_id
   1. If there is no record, call Cacher and work with respose
2. Search for patient_id in array
   
   1. If there are no records with such patient_id return an error -"Access denied - you have no active declaration with the patient"
   2. If there is a record - grand access

Secondary care doctor

Will be implemented in next phases

Emergency room

Will be implemented in next phases

Public information

A set of public patient medical data such as blood type, allergies intolerances, medications intolerances e.t.c are known as Patient Summary. Patient Summary could be requested by any doctor.