Versions Compared

Old Version 22

changes.mady.by.user Erik Sundvall

Saved on

compared with

New Version 23

changes.mady.by.user Heath Frankel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MethodURLParametersDescriptionNotes
POST/ehr
  • subjectId (optional): id of the subject in the external system
  • subjectNamespace (optional): namespace of the subject id in the external system
Create a new EHR

HF: How do subjectId and subjectNamespace manifest themselves in the EHR model/resource?

HF: We should allow EHR_STATUS and EHR_ACCESS objects so it is not necessary to make additional requests resulting in multiple contributions

HF: We need audit details for the contribution

HF: What is returned in the response?

PUT/ehr/{ehrId}As aboveCreate a new EHR with specified ehr_idHF: Required when creating an EHR with same ehr_id as in another system
GET/ehr/{ehrId} Get EHRHF: Useful to get profile of an EHR. E.g. time created, how many compositions, is there a directory, what was the last contribution etc.
DELETE/ehr/{ehrId} Delete an EHR

TB: this isn't possible (well not by an external REST access - it would be an internal admin operation); all you can do is mark an EHR as inactive, which would be a POST (I think) to /ehr/{ehr_id}/ehr_status/other_details/is_active or similar. But even this operation, if it succeeds, is serious - it makes it look like an EHR is deleted, so it's probably not appropriate via any externally visible REST interface.

SI: In some countries the patient/client is owner of the data and it has the right (by the law) to ask for a complete (total) removal of all his data, which is more than just an inactive flag.

TB: that's true, but doing the delete would require some documentation and/or special permission. I still doubt very much that this could ever be done through a visible REST interface, unless all the proof parameters were provided, and I think these would be too variable to standardise.

DB: I agree with SI, this can be a requirement. The authentication/permission is a completely different issue. You could argue that the same kind documentation or special permission would be needed for creating a new composition.

BL: I would leave this out of the REST API for the moment. If this is a requirement somewhere it can be performed by other means (special admin interface to the system or similar).

DB: I won't leave this out, delete has a clear use case (i.e. opt-out from clinical research)

ES: Seems like delete EHR is needed in some cases, so it should be system configurable, we just need to agree on what HTTP status codes/messages to return for different cases.

GET/ehr/{ehrId}/ehr_status Retrieve EHR_STATUS 
POST/ehr/{ehrId}/ehr_status Update EHR_STATUS 
PUT/ehr/{ehrId}/ehr_status/... Update an attribute in ehr_statusTB
GET/ehr/{ehrId}/ehr_access Retrieve EHR_ACCESS 
POST/ehr/{ehrId}/ehr_access Update EHR_ACCESS 
PUT/ehr/{ehrId}/ehr_acess/... Update an attribute in ehr_accessTB

...