ЕСОЗ - публічна документація

Cancel Diagnostic Report Package

Owned by Iryna Biiovska
Last updated: Jun 27, 2024 by Yuliia Mazur (UA SoE eHealth)
3 min read

Purpose

This web service allows to cancel diagnostic report and observations, crated as a part of Diagnostic Report Data Package, in case they were entered in error.

Note : You have only one attempt to cancel each package via API. In case you signed and cancelled package partly and now you need to cancel more entities from this package - appeal to eHealth administrator.

 

Specification

Link

https://medicaleventsmisapi.docs.apiary.io/#reference/medical-events/diagnostic-report-data-package/cancel-diagnostic-report-package

Resource

/api/patients/{{id}}/diagnostic_report_package

Scope

diagnostic_report:cancel

Components

Diagnostic Report Data Package

Microservices

API paragraph not found

Protocol type

REST

Request type

PATCH

Sync/Async

Async

Public/Private/Internal

Public

 

Logic

Відкликання діагностичного звіту

 

Request structure

See on Apiary

Example:

{ "signed_data": "'ew0KICAicGVyaW9kIjogew0KIC...'" }

 

Authorize

Request to process the request using a token in the headers

  • Verify the validity of access token

    • Return 401 in case validation fails

  • Verify token is not expired

    • in case error return 401 

  • Check user scopes in order to perform this action (scope = 'diagnostic_report:cancel')

    1. Return 403 in case invalid scope(s)

Headers

Наприклад:

  • Content-Type:application/json

  • Authorization:Bearer {{access_token}}

  • API-key:{{secret}}

Request data validation

  1. Validate digital signature

    1. ds.drfo == PRM.parties.tax_id where (PRM.parties.id==PRM.employees.party_id where (PRM.employees.id==$.diagnostic_report.reported_by.identifier.value))

  2. Compare signed_content to previously created content

    1. select encounter, select * from observations where diagnostic_report.identifier.value=$.id and compare to signed_content (do not include statuses to comparation, cancellation_reason and  explanatory_letter )

      1. in case of inconsistencies return "Submitted signed content does not correspond to previously created content"

  3. Validate entities are not canceled yet (status!= "entered_in_error")

    1. in case of error "Invalid transition"

  4. Validate at least one entity in the request marked as "entered_in_error"

    1. in case of error "At least one entity should have status "entered_in_error""

Validate legal entity

  • Validate diagnostic_report belongs to the legal entity where the current user works

    • $.diagnostic_report.managing_organization==token.client_id

      • in case of error return 403 "User is not allowed to perform actions with an enity that belongs to another legal entity"

Validate patient

  • Validate patient is active

    •  ME.patient.status=="active"

      • in case of error return "Patient is not active"

Validate User

  • Extract user_id from token

  • Get list of APPROVED employees with this user_id in current Legal Entity

  • Check that for user one of the conditions is TRUE:

    • user has an employee that specified as author of the diagnostic report ($.diagnostic_report.recorded_by.identifier.value is in the list of APPROVED employees)

    • OR check that user has an employee which has approval granted by the patient with access_level:write for this diagnostic_report resource ($.approvals.granted_resources.identifier.value==$.diagnostic_report._id AND $.approvals.granted_to.identifier.value==PRM.employees.id AND $.approvals.access_level='write')

    • OR user has an employee has MED_ADMIN employee type

    • otherwise, return error 409  "Employee is not performer of diagnostic report, don't has approval or required employee type"

  • If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

    • in case not match - return 403 ("Access denied. Party is not verified")

 

Processing

  1. Save signed_content to Media Storage

  2. Set status `entered_in_error` for objects, submitted with status `entered_in_error`

  3. Set cancellation_reason

  4. Set explanatory_letter 

 

Response structure

See on Apiary

Example:

{ "data": { "status": "pending", "eta": "2018-08-02T10:45:16.000Z", "links": [ { "entity": "job", "href": "/Jobs/NBXk9EyErUZv1RhXgyvgg" } ] }, "meta": { "code": 202, "url": "http://example.com/resource", "type": "object", "request_id": "req-adasdoijasdojsda" } }

 

{ "meta": { "code": 404, "url": "http://example.com/resource", "type": "object", "request_id": "req-adasdoijasdojsda" }, "error": { "type": "NOT_FOUND", "message": "Patient not found" } }

 

Post-processing processes

API paragraph not found

 

HTTP status codes

HTTP status code

Message

What caused the error

HTTP status code

Message

What caused the error

202

 

 

401

 Unauthorized

 

403

Invalid scopes

 

404

Patient not found

 

409

 

Validation failed



ЕСОЗ - публічна документація