Create Allergy throws 403 forbidden request

[Shankar Ganesh Jayaraman]

x-request-id →5af4c407e3924131956e1f7987dd5999

I have created a patient and then while I try to add allergy to the created patient I am getting 403 forbidden error,

{

    "resourceType": "OperationOutcome",

    "issue": [

        {

            "severity": "error",

            "code": "forbidden",

            "details": {

                "text": "Forbidden resource"

            },

            "expression": [

                "http.Authorization"

            ]

        }

    ]

}

[Benjamin Eichhorn (Cerner)]

Hi Shankar,

The practitioner you are using does not have a relationship for the given patient and encounter resulting in the 403.

Thanks,

Ben (Cerner)

[Shankar Ganesh Jayaraman]

Create allergy results in 403 even after adding relationship to the patient.

x-request-id →dce1bd4ca05fa1b1ab8a888308406c79

Patient created with the below Payload which includes contact array with relationship dictionary, but still 403 for adding allergy for the created patient.

{

  "resourceType": "Patient",

  "extension": [

    {

      "url": "http://hl7.org/fhir/us/core/StructureDefinition/us-core-birthsex",

      "valueCode": "M"

    },

    {

      "url": "http://hl7.org/fhir/us/core/StructureDefinition/us-core-race",

      "extension": [

        {

          "url": "ombCategory",

          "valueCoding": {

            "system": "urn:oid:2.16.840.1.113883.6.238",

            "code": "2028-9",

            "display": "Asian"

          }

        },

        {

          "url": "detailed",

          "valueCoding": {

            "system": "urn:oid:2.16.840.1.113883.6.238",

            "code": "2039-6",

            "display": "Japanese"

          }

        }

      ]

    },

    {

      "url": "http://hl7.org/fhir/us/core/StructureDefinition/us-core-ethnicity",

      "extension": [

        {

          "url": "ombCategory",

          "valueCoding": {

            "system": "urn:oid:2.16.840.1.113883.6.238",

            "code": "2186-5",

            "display": "Non Hispanic or Latino"

          }

        }

      ]

    }

  ],

  "identifier": [

    {

      "assigner": {

        "reference": "Organization/619848"

      }

    }

  ],

  "active": true,

  "name": [

    {

      "use": "official",

      "family": "PatientCorey",

      "given": [

        "CernerCorey",

        "NewCorey"

      ],

      "period": {

        "start": "2010-05-17T14:54:31.000Z"

      }

    },

    {

      "use": "usual",

      "given": [

        "Bigby"

      ],

      "period": {

        "start": "2012-05-22T15:45:50.000Z"

      }

    }

  ],

  "telecom": [

    {

      "system": "phone",

      "value": "8168229121",

      "use": "home",

      "period": {

        "start": "2012-05-17T15:33:18.000Z"

      }

    }

  ],

  "gender": "male",

  "birthDate": "1990-09-15",

  "address": [

    {

      "use": "home",

      "line": [

        "121212 Metcalf Drive",

        "Apartment 403"

      ],

      "city": "Kansas City",

      "district": "Jackson",

      "state": "KS",

      "postalCode": "64199",

      "country": "United States of America",

      "period": {

        "start": "2012-05-17T15:33:18.000Z"

      }

    }

  ],

  "maritalStatus": {

    "coding": [

      {

        "system": "http://terminology.hl7.org/CodeSystem/v3-NullFlavor",

        "code": "UNK",

        "display": "Unknown"

      }

    ],

    "text": "Unknown"

  },

  "communication": [

    {

      "language": {

        "coding": [

          {

            "system": "urn:ietf:bcp:47",

            "code": "en",

            "display": "English"

          }

        ],

        "text": "English"

      },

      "preferred": true

    }

  ],

  "contact": [

    {

      "relationship": [

        {

          "coding": [

            {

              "system": "http://terminology.hl7.org/CodeSystem/v2-0131",

              "code": "N"

            }

          ]

        }

      ],

      "name": {

        "family": "du Marché",

        "_family": {

          "extension": [

            {

              "url": "http://hl7.org/fhir/StructureDefinition/humanname-own-prefix",

              "valueString": "VV"

            }

          ]

        },

        "given": [

          "Bénédicte"

        ]

      },

      "telecom": [

        {

          "system": "phone",

          "value": "+33 (237) 998327"

        }

      ],

      "address": {

        "use": "home",

        "type": "both",

        "line": [

          "534 Erewhon St"

        ],

        "city": "PleasantVille",

        "district": "Rainbow",

        "state": "Vic",

        "postalCode": "3999",

        "period": {

          "start": "1974-12-25"

        }

      },

      "gender": "female",

      "period": {

        "start": "2012"

      }

    }

  ],

  "generalPractitioner": [

    {

      "reference": "Practitioner/6090007"

    }

  ]

}

[Fenil Desani (Cerner)]

Hi Shankar,

As Benjamin mentioned, The practitioner you are using does not have a relationship for the given patient and encounter resulting in the 403.
Can you confirm there is a relationship for practitioner to given patient and Encounter?

Thanks,

Fenil

[Shankar Ganesh Jayaraman]

Hi Fenil,

I am not creating an encounter for the patient. 

Should I create an encounter first for the patient and pass the encounter Id in the Create allergy payload?

[Shankar Ganesh Jayaraman]

While I am trying to create an encounter with patient and Practitioner I am getting 400 bad requests.

x-request-id →401225b2a71db70062799a6c600686e0

[Nishanth Namana (Cerner)]

Hello Shankar,

Here are the steps that should be followed to create an Allergy.

1. Use an existing or create a patient.
2. If you wish to add an encounter(Encounter is not a required field to create allergy) to the allergy, create an encounter with the patient ID that you got from step 1.(Looks like we are currently having an issue writing in identifiers for encounters on our end. But identifier is not a required field so identifier field can be ignored for your use case.)
3. Create an Allergy using the Patient ID and Encounter ID from the previous steps. 

Thank you,
Nishanth Namana(Cerner)

[Shankar Ganesh Jayaraman]

Hi Nishanth,

If "Encounter is not a required field to create allergy" how should I avoid 403 errors while creating allergy against the newly created patient?

I couldn't create an encounter for the patient ID 7282008(newly created).

While I create encounter I am getting the below error with status code 400,

x-request-id →15ab504b18c83abaab9f27bb2f376398

{

    "resourceType": "OperationOutcome",

    "issue": [

        {

            "severity": "error",

            "code": "invalid",

            "details": {

                "text": "Invalid request"

            }

        }

    ]

}

 

[Joshua Fisk (Cerner)]

Hi Shankar,

The simple answer is that to avoid the 403 you could remove the encounter field on your POST body. This would then skip the validation that we perform when attempting to create an allergy with an associated encounter. If having an encounter present on the allergy is important for your workflow then in order to supply one you will have to create a relationship for the validation.

[Shankar Ganesh Jayaraman]

How would I create relationships with practitioner and patient? Without creating encounter?

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/53114b40-238f-4d3a-8faf-30b62325ddc0%40googlegroups.com.

[Joshua Fisk (Cerner)]

Alright I think I was able to figure everything out in the workflow you're trying to do.

1- One of the key parts will be starting with a Patient whose generalPracitioner is Practitioner/4464007. This is a practitioner which already has a relationship with the user that the developer portal uses for OAuth.

2- From there you will be able to create an Encounter for your new patient. I did this using the example on fhir.cerner.com (I was using the R4 endpoints and examples for all of these calls), but had to remove the identifier field.

3 - I was then able to create an AllergyIntolerance using the new Encounter and Patient. I also updated the note.authorReference field to be the practitioner used above, and removed the reaction.severity field as there is an issue with that in sandbox at the moment.

I think that should be all of the steps I went through. Let me know if it's not reproducible for you. I should also note that you can skip step 2 if you leave off the encounter field when writing the AllergyIntolerance.

- Joshua Fisk

To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-developers+unsub...@googlegroups.com.

[Shankar Ganesh Jayaraman]

Joshua,

Thank you for the steps, I have followed it and it is really helpful and working. 

I also noticed that creating an Allergy encounter is not required and it's mandatory to have the Practitioner Id as 4464007 since it's used for getting OAuth token.