SanteonNL / shared-care-planning

https://santeonnl.github.io/shared-care-planning/
GNU General Public License v3.0
4 stars 3 forks source link

q How does care plan role e.g. "contributor" relate to the job title/specialty of a care profession e.g. "physical therapist". #43

Open joostholslag opened 4 months ago

joostholslag commented 4 months ago

I think this deserves an answer in the IG, to make the scope clear (task assignment and authorisations right?), so not necessarily an overview of involved parties) and to avoid confusion.

jorritspee commented 4 months ago

SCP distinguishes between 2 roles: CarePlanService (CPS) and CarePlanContributor (CPC) (https://santeonnl.github.io/shared-care-planning/overview.html#actors). The CPC role differs between the 3 transactions

  1. Creating and responding to a Task "This actor creates and updates the care plan and tasks/orders for other (future) Care Plan Contributors." We could say that only professionals with certain jobs/specialties/roles/professions are authorized to do this. This is not yet implemented.

  2. Updating CarePlan and CareTeam "This actor creates and updates the care plan and tasks/orders for other (future) Care Plan Contributors." We could say that only professionals with certain jobs/specialties/roles/professions are authorized to do this. This is not yet implemented. We do say that only the CarePlan.author can delete a CarePlan. See https://santeonnl.github.io/shared-care-planning/security-authorization.html#resource-access. N.B.: CareTeam can never be directly updated by a CPC, this is done by the CPS

  3. Getting data from CareTeam members "The CP-Contributor may also retrieve data from the other Care Plan Contributor(s)" We could say that jobs/specialties/roles/professions are a parameter for authorization, commonly referred to in other contexts as the "role-zib-matrix", meaning that some roles should only be able to access zibs a, b, c, and other roles should access a, b, c, d and e. This is not implemented in SCP. Our primary focus in authorization is: step 1 active membership of CareTeam, step 2 use case specific access rules based on Condition- and Request-code, see https://santeonnl.github.io/shared-care-planning/security-authorization.html#an-example-of-use-case-specific-access-rules.

Do you agree, @bramwesselo?

bramwesselo commented 4 months ago

Thanks for the elaborate answers @jorritspee. My answer would be: every participant in the CareTeam is a contributor. At this moment, we've left the 'job title/specialty' out-of-scope, because that would require additional registration/standardization at all involved care organizations (imaging a care organization having a team of nurses and doctors that are jointly responsible for a Task; then you must either add all these roles in the CareTeam or define this team with a 'job title/specialty'. Changes are that this will get messy/complicated)