Filtration Logic
For each method described in Table “Medical events to filter“ use following logic to define if User has an access to medical events with data included in the Forbidden groups.
1. Define forbidden group Items
Define forbidden group Items presented in Medical events the User should not see
Get all active Forbidden group Items from cache.
if cache is empty - fill it with all active forbidden group items (forbidden_group_codes and forbidden_group_services)
Get all active and approved user's employees
Get all Approvals on forbidden groups granted by patient to all user's employees
Form list of forbidden group items that still are restricted for the User: eliminate items in approvals from the all forbidden group items.
2. Check Medical event is allowed to access
Check Medical event data is allowed to access according to Forbidden groups
Do usual validations in methods described in the table “Medical events to filter” (column “Method”)
Additionally filter Medical events by rule (values in fields (column “Filter by“) are not in the forbidden list of items defined at p.1 OR user is an author of the ME)
in case of error - look at “Result“ column
How to define user is author of the Medical event?
Check party_users table: If inserted_by user in ME belongs to the same party as user from the token, then this is an author.
Medical events to filter
Medical event | Method | Filter by | Forbidden group items | Result | Additional info |
---|---|---|---|---|---|
Episode | diagnoses_history | codes from dictionaries:
| Return 403 error with type “forbidden“ | ||
Do not render in the response | |||||
Do not render in the response | |||||
current_diagnoses | Do not render in the response | https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/17052631052 | |||
diagnoses_history | Do not render in the response | https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/17052631052 | |||
Encounter | diagnoses actions reasons action_references |
2. actions by codes from dictionary eHealth/ICPC2/actions 3. reasons by codes from dictionary eHealth/ICPC2/reasons 4. code by service_id | Return 403 error with type “forbidden“ | ||
Do not render in the response | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Condition | code evidences |
2. evidences by codes from dictionary eHealth/ICPC2/reasons | Do not render in the response | ||
Return 403 error with type “forbidden“ | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Diagnostic report | conclusion_code code |
| Return 403 error with type “forbidden“ | ||
Do not render in the response | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Do not render in the response | |||||
Procedure | code | service_id | Return 403 error with type “forbidden“ | ||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Do not render in the response | |||||
Care plan | addresses | codes from dictionaries:
| Return 403 error with type “forbidden“ | https://e-health-ua.atlassian.net/wiki/spaces/MRIN/pages/1969520673 | |
Care plan activity | reason_code product_reference (if kind=service_request) |
| Return 403 error with type “forbidden“ | https://e-health-ua.atlassian.net/wiki/spaces/MRIN/pages/1957232737 | |
Do not render in the response | https://e-health-ua.atlassian.net/wiki/spaces/MRIN/pages/1969455146 | ||||
Service request | code | code by:
| Do not render in the response | ||
Return 403 error with type “forbidden“ | |||||
Do not render in the response | |||||
Return 403 error with type “forbidden“ | |||||
Do not render in the response |