PatientSafetyAccessRestrictions API documentation
The AccessRestrictions concerning Patient Safety API-area covers APIs to manpulate data that is related to safety of the patient.
Validation rules
There are several fields that could be used to specify delay disclosure / postpone delivery of PatientSafetyObjects. Only one of the fields DelayDeliveryUntil, DelayDays or DelayFromTime could be specified.
Field: DelayDeliveryUntil
DelayDeliveryUntil is used to specify the actual time when a PatientSafetyObject at earliest could be disclosed.
There are special rules depending on the value for the field ConfidentialityCode.
Field: ConfidentialityCode | Valid values for field DelayDeliveryUntil | Error-message if violated |
---|---|---|
N | null | DelayDeliveryUntil cannot be specified with ConfidentialityCode N |
NORN_* | null | DelayDeliveryUntil and DelayDays must be null for confidentialityCode NORN. DelayDeliveryUntil will be set by the service |
Any other code | Any valid time in the future | DelayDeliveryUntil or DelayDays must have values for confidentialityCode ConfidentialityCode |
DelayDeliveryUntil must be set to a value in the future |
For ConfidentialityCode that starts with NORN_*, such as NORN_FFL, NORN_KUT, NORN_EPO, NORN_ALL, NORN_FOR, NORN_FFH, NORN_FPB, NORN_DUP, NORN_ANG, the input value for DelayDeliveryUntil field in the request is expected to be null, and will be set by the service itself to Maximum DateTime, which will be in year 9999, and thus will be delayed forever.
Field: DelayDays
DelayDays is used for a parent PatientSafetyObject to specify the number of days until a siebling PatientSafetyObject at earliest could be disclosed. Because at the creation time of a parent PatientSafetyObject, the creation time of the siebling PatientSafetyObject is unknown, so the DelayDeliveryUntil of the siebling PatientSafetyObject have to be calculated at a later time.
There are special rules depending on the value for the field ConfidentialityCode.
Field: ConfidentialityCode | Valid values for field DelayDays | Error-message if violated |
---|---|---|
N | null | DelayDays cannot be specified with ConfidentialityCode N |
NORN_* | null | DelayDeliveryUntil and DelayDays must be null for confidentialityCode NORN. DelayDeliveryUntil will be set by the service |
Any other code | Any valid positive number of days | DelayDeliveryUntil or DelayDays must have values for confidentialityCode ConfidentialityCode |
DelayDays must be a positive value |
Field: DelayFromTime
DelayFromTime is used in conjuction with a siebling PatientSafetyObject to specify what time DelayDeliveryUntil will be calculated from. The calculated DelayDeliveryUntil time of the siebling will then be the DelayFromTime (for the siebling) plus the DelayDays number of days of the parent. In addition to DelayFromTime also the ParentConfidentialObjectId must be specified. If not both DelayFromTime and ParentConfidentialObjectId fields are specified this error-message will be returned: "Parent Confidential Object must be specified when DelayFromTime is specified".
Examples - Patient Safety Access Restrictions
Examples on how to use this API
List Patient Safety Access Restrictions
API for search and retrieving a list of patient safety access restrictions.
Endpoint: HTTP POST /access-restrictions/patient-safety/_search
These endpoints list all connected patient safety access restrictions for a specified offid, offering the flexibility to filter by parentConfidentialObjectId and confidentialObjectId type/values. While offId is the only required parameter, the others are optional.
{
"offId": "12345678901",
"confidentialObjectId": {
"type": "Svarrapport",
"value": "d20b8fa0-5268-4cf0-8ed8-0bb92c68164b"
},
"parentConfidentialObjectId": {
"type": "Rekvisisjon",
"value": "5b4a0742-1e01-47e3-9f0d-e2f688fcf051"
}
}
List applicable Access Restrictions
Excludes access restrictions with past dates specified in 'DelayDeliveryUntil'.
{
"offId": "12345678901",
"ApplicableOnly": true
}
Manipulate patient safety access restriction-data
Examples on how to call the different endpoints to manipulate patient safety access restriction-data for confidential objects.
Add patient safety access restriction (Rekvisisjon)
Endpoint: HTTP POST /access-restrictions/patient-safety
Add patient safety access restriction for a confidential object (Rekvisisjon - a medical requisition). Because the actual confidential object that will be access restricted will be added later delayDeliveryUntil
cannot be specified so instead delayDays
number of days will be specified.
{
"patientSafetyObject": {
"person": {
"offId": "12345678901"
},
"confidentialObjectId": {
"type": "Rekvisisjon",
"value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
},
},
"delayDays": 14,
"confidentialityCode": "NORU"
}
Associate confidential objects (Svarrapport) and add a patient safety access restriction
Endpoint: HTTP POST /access-restrictions/patient-safety/associate-parent
Later associate a siebling confidential objects (Svarrapport - a medical examination report) with a parent confidential object (Rekvisisjon) and also add an patient safety access restriction for the siebling confidential object (Svarrapport) if the parent confidential object had an patient safety access restriction. The calculated delayDeliveryUntil
time of the siebling will then be the delayFromTime
(for the siebling) plus the delayDays
number of days of the parent. The caculated delayDeliveryUntil
time for this example would be 2024-01-18T20:50:20.908216Z
.
{
"patientSafetyObject": {
"person": {
"offId": "12345678901"
},
"confidentialObjectId": {
"type": "Svarrapport",
"value": "49b2c6af-9edc-487d-bf34-97874ca8d483"
},
"parentConfidentialObjectId": {
"type": "Rekvisisjon",
"value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
}
},
"delayFromTime": "2024-01-04T20:50:20.908216Z"
}
Update patient safety access restriction (Svarrapport)
Endpoint: HTTP POST /access-restrictions/patient-safety
At a later time the sibling patient safety access restriction for a confidential object (Svarrapport - a medical examination report) is updated with a specific delayDeliveryUntil
time-value that is 3 days later than the initial (default) 14 days value specified in the delayDays
field of the parent.
{
"patientSafetyObject": {
"person": {
"offId": "12345678901"
},
"confidentialObjectId": {
"type": "Svarrapport",
"value": "49b2c6af-9edc-487d-bf34-97874ca8d483"
},
"parentConfidentialObjectId": {
"type": "Rekvisisjon",
"value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
}
},
"delayDeliveryUntil": "2024-01-21T20:50:20.908216Z",
"confidentialityCode": "NORU"
}
Removing a patient safety access restriction (Svarrapport)
Endpoint: HTTP POST /access-restrictions/patient-safety
Remove patient safety access restriction for a confidential object (Svarrapport - a medical examination report) by specifying a confidentialityCode
N that indicates no access restriction / not access restricted (Normal).
{
"patientSafetyObject": {
"person": {
"offId": "12345678901"
},
"confidentialObjectId": {
"type": "Svarrapport",
"value": "27772521-507f-4494-9b4d-7ea41924c243"
},
"parentConfidentialObjectId": {
"type": "Rekvisisjon",
"value": "5ede44e1-3b3c-45f2-9f49-cf73c1d7e5fc"
}
},
"confidentialityCode": "N"
}
Add patient safety access restriction (code NORN_FFL)
Endpoint: HTTP POST /access-restrictions/patient-safety
Add another patient safety access restriction for a confidential object (Svarrapport - a medical examination report), set confidentialityCode
NORN_FFL, one of the codes that means access is restricted indefinitely. The input value for delayDeliveryUntil
field in the request is expected to be null, and will be set by the service itself to maximum DateTime, which will be in year 9999, and thus will be delayed forever.
{
"patientSafetyObject": {
"person": {
"offId": "12345678901"
},
"confidentialObjectId": {
"type": "Svarrapport",
"value": "509af0f7-9794-4b62-b296-cfb4de43b917"
},
},
"confidentialityCode": "NORN_FFL"
}