Versions Compared

Old Version 16

changes.mady.by.user John Schneider

Saved on

compared with

New Version 17

changes.mady.by.user John Schneider

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

The responsibility model manages different levels of responsibility and privileges for a patient's episode of care and care plans.

The CarePlan has only one type of responsibility:

...

Practitioner's CareTeams and the responsibility model control what operations the practitioner can perform on what level.

Managing the practitioner's CareTeams

The practitioner's CareTeams are registered and managed at the municipality and/or regional user management systems (IdP).

The eHealth infrastructure automatically updates a practitioner’s relation to CareTeams when the practitioner logs into the eHealth Infrastructure with information from the token received from the IdP.

Episode of Care responsibilities

...

  1. ManagingOrganization - custodian of the patient's data

  2. CareManagerOrganization - holds formal responsibility for the patient's episode of care

  3. CareTeam - the practitioners who perform actions at the episode of care level.

...

EpisodeOfCare.managingOrganization

This organization is the custodian of the patient's data on the eHealth infrastructure and is responsible for data control, as required by GDPR requires.

This top-level organization controls the patient's data, is used for reporting and billing, and does not change. The Managing Organization remains the same even if a patient relocates. If a patient moves to a different region or municipality, a new Episode of Care must be created based on their new address.

...

The managing organisation is controlled as part of role-based access control for reporting. See https://ehealth-dk.atlassian.net/wiki/spaces/EDTW/pages/1695842461/Access+Control+in+eHealth+Services#Reports

...

EpisodeOfCare.careManagerOrganization

This organization holds has formal responsibility for the patient's episode of care. care. It can change but typically stays within the same managing organisation. See Responsibility with General Practitioner as caremanagerOrganization for an example.

The formal responsibility can only be changed when the receiving CareManagerOrganization accepts it.
Examples are:

  1. A department in a hospital (usually a descendant of the ManagingOrganization)

  2. or a General Practitioner.

EpisodeOfCare.Team

...

The Team team is the group of practitioners who perform actions at the episode of care level.

The team consists of practitioners with the authority to e.g. assign new CarePlans to the Patient's EpisodeOfCare.

The Team for an EpisodeOfCare can be changed with the right permissions. The responsibility history is stored when updated in EpisodeOfCare.teamHistory.

The practitioners have roles , like "behandlingsansvarlig" or "bestillingsansvarlig" and are related to the patient's episode of care through a CareTeam. The roles can be "behandlingsansvarlig" or "bestillingsansvarlig"

Practitioners in the Team can work across different CarePlans.

Their actions involve:

  1. assigning new CarePlans to the patient's episode of care,

  2. closing or pausing existing CarePlans,

  3. assigning new CareTeams to an active CarePlan.

RBAC

The EpisodeOfCare.team is used in the access control and has the following consequences for the security model. If the CareTeam Context matches the episodeOfCare.team then the following may be allowed:

  • Apply PlanDefinition (PlanDefinition$apply)

  • Create EpisodeOfCare (EpisodeOfCare.create-episode-of-care)

  • Update CarePlan and ServiceRequest

  • Read careteam for CarePlan and ServiceRequest

  • Suggest careteam and update careteam for CarePlan and ServiceRequest

  • Create, read and update ClinicalImpression

  • Create, read, update and search Goals

  • Read and search CarePlan

  • Read ServiceRequest

  • Read Observation, QuestionnaireResponse, and Media

  • Create and update QuestionnaireResponse (if QuestionnaireResponse.status is in-progress)

See https://ehealth-dk.atlassian.net/l/cp/sPfabiTK for details and the complete list.

CarePlan responsibilities

The CarePlan has only one type of responsibility: the CareTeam

  1. CareTeam - the practitioners who perform actions at the episode of care level.

CarePlan.CareTeam

The CareTeam holds references to one or more CareTeams that have with operational responsibility for the patient's CarePlan.

The practitioner's CareTeams are registered at the municipality and/or regional user management systems (IdP). The eHealth infrastructure automatically updates the CareTeam/Practitioner relation when a practitioner logs into the eHealth InfrastructureCarePlan careteam is responsible for monitoring the execution and progress of the patient's CarePlan.

The team shall include practitioners who adjust plans and approve results for publishing and can also involve practitioners with service and support roles.

CarePlans.CareTeams can change, and the history is recorded in CarePlan.ehealth-teamHistory.

Practitioners with privileges can change the CareTeam at the CarePlan level.

RBAC

The CarePlan.team is used in the access control and has the following consequences for the security model. If the CareTeam Context matches the CarePlan.team then the following may be allowed :

  • Read careteam for CarePlan and ServiceRequest

  • Search CarePlan

  • Suggest careteam and update careteam for CarePlan and ServiceRequest

  • Create, read, update and search ClinicalImpression

  • Create, read, update and search Goals

  • Read Observation, QuestionnaireResponse, and Media

  • Create and update QuestionnaireResponse (if QuestionnaireResponse.status is in-progress)

Example

The following picture illustrates an example of the responsibility model.

...