ЕСОЗ - публічна документація

Get Service Requests in episode context

 

Purpose

API paragraph not found

 

Specification

Link

https://ehealthmedicaleventsapi.docs.apiary.io/#reference/service-requests/manage-service-requests-in-patient-context/get-service-request-details-in-episode-context

Посилання на Apiary або Swagger

Resource

api/patients/{{patient_id}}/episodes/{{episode_id}}/service_requests/{{service_request_id}}

Посилання на ресурс, наприклад: /api/persons/create

Scope

service_request:read

Scope для доступу

Components

 

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

 

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

REST

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

GET

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

 

Метод є синхронним чи асинхронним?

Public/Private/Internal

 

Потрібно зазначити тип методу за ступенем доступності

 

Logic

  1. Return all service requests related to specified episode of care

    1. Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)

    2. Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)

 

Input parameters

Input parameter

Values

Type

Description

Example

Input parameter

Values

Type

Description

Example

patient_id

 

String

Unique patient identifier

7075e0e2-6b57-47fd-aff7-324806efa7e5

episode_id

 

String

Unique patient identifier

ef30f210-5328-4f48-bfe6-c7150d4737a6

service_request_id

 

String

Unique service request identifier

aff00bf6-68bf-4b49-b66d-f031d48922b3

 

Request structure

See on Apiary

 

Authorize

  • Verify the validity of access token

    • Return (401, 'unauthorized') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'unauthorized')

  • Check user scopes in order to perform this action (scope = 'service_request:read')

    1. Return (403, 'invalid scopes') in case of invalid scope(s)

 

Headers

  • Content-Type:application/json

  • Authorization:Bearer mF_9.B5f-4.1JqM

  • api-key:aFBLVTZ6Z2dON1V

  • X-Custom-PSK:a2aa05c76f3f2d91870f923a53cc8aa8f23bbc01a8238d1c2c26d4299715a7e4

 

Request data validation

Validate data consistency

  • Ensure that requested episode of care relates to requested patient

    1. Return (404, 'not found') in case of error

Check user privileges

If ANY of this rules is met - user has privileges to access this data

Otherwise - access to this data is denied. Return (403, 'forbidden')

Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data

If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data

1. Get token metadata

  • Extract user_idclient_idclient_type

2. Determine the party_id associated with this user_id

SELECT pu.party_id FROM party_users pu WHERE pu.user_id = :user_id;

3. Determine employees related to this party_id in current MSP

SELECT e.id FROM employees e WHERE e.party_id = :party_id AND e.legal_entity_id = :client_id;

4. Find patient declarations in this MSP

SELECT d.id FROM declarations d WHERE d.legal_entity_id = :client_id AND d.employee_id IN (:employees) AND d.status IN ('active', 'pending_verification') AND d.person_id = :patient_id;

Rule 2: User with active approval to this episode can view episode details and its child entities

TBD

 

Processing

API paragraph not found

 

Response structure

See on Apiary

Example:

 

Post-processing processes

API paragraph not found

 

HTTP status codes

HTTP status code

Message

What caused the error

HTTP status code

Message

What caused the error

 200

 

 

 404

 

 

 

ЕСОЗ - публічна документація