PatientSafetyAccessRestrictions API documentation

The AccessRestrictions concerning Patient Safety API-area covers APIs to manpulate data that is related to safety of the patient.

Validation rules

There are several fields that could be used to specify delay disclosure / postpone delivery of PatientSafetyObjects. Only one of the fields DelayDeliveryUntil, DelayDays or DelayFromTime could be specified.

Field: DelayDeliveryUntil

DelayDeliveryUntil is used to specify the actual time when a PatientSafetyObject at earliest could be disclosed.

There are special rules depending on the value for the field ConfidentialityCode.

Field: ConfidentialityCode Valid values for field DelayDeliveryUntil Error-message if violated
N null DelayDeliveryUntil cannot be specified with ConfidentialityCode N
NORN_* null DelayDeliveryUntil and DelayDays must be null for confidentialityCode NORN. DelayDeliveryUntil will be set by the service
Any other code Any valid time in the future DelayDeliveryUntil or DelayDays must have values for confidentialityCode ConfidentialityCode
DelayDeliveryUntil must be set to a value in the future

For ConfidentialityCode that starts with NORN_*, such as NORN_FFL, NORN_KUT, NORN_EPO, NORN_ALL, NORN_FOR, NORN_FFH, NORN_FPB, NORN_DUP, NORN_ANG, the input value for DelayDeliveryUntil field in the request is expected to be null, and will be set by the service itself to Maximum DateTime, which will be in year 9999, and thus will be delayed forever.

Field: DelayDays

DelayDays is used for a parent PatientSafetyObject to specify the number of days until a siebling PatientSafetyObject at earliest could be disclosed. Because at the creation time of a parent PatientSafetyObject, the creation time of the siebling PatientSafetyObject is unknown, so the DelayDeliveryUntil of the siebling PatientSafetyObject have to be calculated at a later time.

There are special rules depending on the value for the field ConfidentialityCode.

Field: ConfidentialityCode Valid values for field DelayDays Error-message if violated
N null DelayDays cannot be specified with ConfidentialityCode N
NORN_* null DelayDeliveryUntil and DelayDays must be null for confidentialityCode NORN. DelayDeliveryUntil will be set by the service
Any other code Any valid positive number of days DelayDeliveryUntil or DelayDays must have values for confidentialityCode ConfidentialityCode
DelayDays must be a positive value

Field: DelayFromTime

DelayFromTime is used in conjuction with a siebling PatientSafetyObject to specify what time DelayDeliveryUntil will be calculated from. The calculated DelayDeliveryUntil time of the siebling will then be the DelayFromTime (for the siebling) plus the DelayDays number of days of the parent. In addition to DelayFromTime also the ParentConfidentialObjectId must be specified. If not both DelayFromTime and ParentConfidentialObjectId fields are specified this error-message will be returned: "Parent Confidential Object must be specified when DelayFromTime is specified".

Examples - Patient Safety Access Restrictions

Examples on how to use this API

List Patient Safety Access Restrictions

API for search and retrieving a list of patient safety access restrictions.

Endpoint: HTTP POST /access-restrictions/patient-safety/_search

These endpoints list all connected patient safety access restrictions for a specified offid, offering the flexibility to filter by parentConfidentialObjectId and confidentialObjectId type/values. While offId is the only required parameter, the others are optional.

{
  "offId": "12345678901",
  "confidentialObjectId": {
    "type": "Svarrapport",
    "value": "d20b8fa0-5268-4cf0-8ed8-0bb92c68164b"
  },
  "parentConfidentialObjectId": {
    "type": "Rekvisisjon",
    "value": "5b4a0742-1e01-47e3-9f0d-e2f688fcf051"
  }
}

List applicable Access Restrictions

Excludes access restrictions with past dates specified in 'DelayDeliveryUntil'.

{
  "offId": "12345678901",
  "ApplicableOnly": true
}

Manipulate patient safety access restriction-data

Examples on how to call the different endpoints to manipulate patient safety access restriction-data for confidential objects.

Add patient safety access restriction (Rekvisisjon)

Endpoint: HTTP POST /access-restrictions/patient-safety

Add patient safety access restriction for a confidential object (Rekvisisjon - a medical requisition). Because the actual confidential object that will be access restricted will be added later delayDeliveryUntil cannot be specified so instead delayDays number of days will be specified.

{
  "patientSafetyObject": {
    "person": {
      "offId": "12345678901"
    },
    "confidentialObjectId": {
      "type": "Rekvisisjon",
      "value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
    },
  },
  "delayDays": 14,
  "confidentialityCode": "NORU"
}

Associate confidential objects (Svarrapport) and add a patient safety access restriction

Endpoint: HTTP POST /access-restrictions/patient-safety/associate-parent

Later associate a siebling confidential objects (Svarrapport - a medical examination report) with a parent confidential object (Rekvisisjon) and also add an patient safety access restriction for the siebling confidential object (Svarrapport) if the parent confidential object had an patient safety access restriction. The calculated delayDeliveryUntil time of the siebling will then be the delayFromTime (for the siebling) plus the delayDays number of days of the parent. The caculated delayDeliveryUntil time for this example would be 2024-01-18T20:50:20.908216Z.

{
  "patientSafetyObject": {
    "person": {
      "offId": "12345678901"
    },
    "confidentialObjectId": {
      "type": "Svarrapport",
      "value": "49b2c6af-9edc-487d-bf34-97874ca8d483"
    },
    "parentConfidentialObjectId": {
      "type": "Rekvisisjon",
      "value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
    }
  },
  "delayFromTime": "2024-01-04T20:50:20.908216Z"
}

Update patient safety access restriction (Svarrapport)

Endpoint: HTTP POST /access-restrictions/patient-safety

At a later time the sibling patient safety access restriction for a confidential object (Svarrapport - a medical examination report) is updated with a specific delayDeliveryUntil time-value that is 3 days later than the initial (default) 14 days value specified in the delayDays field of the parent.

{
  "patientSafetyObject": {
    "person": {
      "offId": "12345678901"
    },
    "confidentialObjectId": {
      "type": "Svarrapport",
      "value": "49b2c6af-9edc-487d-bf34-97874ca8d483"
    },
    "parentConfidentialObjectId": {
      "type": "Rekvisisjon",
      "value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
    }
  },
  "delayDeliveryUntil": "2024-01-21T20:50:20.908216Z",
  "confidentialityCode": "NORU"
}

Removing a patient safety access restriction (Svarrapport)

Endpoint: HTTP POST /access-restrictions/patient-safety

Remove patient safety access restriction for a confidential object (Svarrapport - a medical examination report) by specifying a confidentialityCode N that indicates no access restriction / not access restricted (Normal).

{
  "patientSafetyObject": {
    "person": {
      "offId": "12345678901"
    },
    "confidentialObjectId": {
      "type": "Svarrapport",
      "value": "27772521-507f-4494-9b4d-7ea41924c243"
    },
    "parentConfidentialObjectId": {
      "type": "Rekvisisjon",
      "value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
    }
  },
  "confidentialityCode": "N"
}

Add patient safety access restriction (code NORN_FFL)

Endpoint: HTTP POST /access-restrictions/patient-safety

Add another patient safety access restriction for a confidential object (Svarrapport - a medical examination report), set confidentialityCode NORN_FFL, one of the codes that means access is restricted indefinitely. The input value for delayDeliveryUntil field in the request is expected to be null, and will be set by the service itself to maximum DateTime, which will be in year 9999, and thus will be delayed forever.

{
  "patientSafetyObject": {
    "person": {
      "offId": "12345678901"
    },
    "confidentialObjectId": { 
      "type": "Svarrapport",
      "value": "509af0f7-9794-4b62-b296-cfb4de43b917"
    },
  },
  "confidentialityCode": "NORN_FFL"
}