owned this note
owned this note
Published
Linked with GitHub
---
tags: CDEX
title: CDex Flow Chart
---
# CDex Flow Chart
These example FlowCharts were created to assist the TestScript and Reference Implementation development team and are provided here to assist developers in implementing CDEX transactions. They are example only and actual workflows may differ from them.
Individual flowcharts ( the text between the "'''") can be viewed using *flowchart.js*. flowchart.js is a flowchart DSL and SVG render that runs in the browser and terminal. For more information see https://flowchart.js.org/. Alternatively this page can be viewed on https://hackmd.io/.
## Attachments
### Client
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
oauth=>subroutine: Authentication and Authorization
get_attach_data=>subroutine: Get Attachments data
sign=>subroutine: Signature Needed:
Bundle into provider signed
Document Bundle
unsolited_claim=>operation: unsolicited claim:
provider assigns the
tracking control number
on the prior auth and
submitted attachments
unsolited_preauth=>operation: unsolicited pre-auth:
provider assigns the
tracking control number
on the claim and
submitted attachments
solicited_claim=>operation: solicited claim:
used payer assigned
Claim control number
solicited_preauth=>operation: solicited pre-auth:
used payer assigned
Claim control number
get_reassoc_data=>subroutine: collect data for reassociation
get_reassoc_data=>subroutine: supply other Data elements
for reassociation to the Claim
add_claim_param=>operation: AttachTo parameter = "claim"
add_preauth_param=>operation: AttachTo parameter = "prior-authorization"
invoke_operation=>subroutine: Provider invokes
$submit-attachment operation
to submit attachments to Payer
http_200=>operation: Receive http 200 Success
http_400=>operation: Receive Error response
=/- OperationOutcome
is_claim=>condition: Is the documentation
for a Claim?
is_solicited_claim=>condition: Is it in response to
a request for additional
information for a claim?
is_solicited_preauth=>condition: Is it in response
to a request for additional
information by the payer?
need_sig=>condition: Is a signature needed?
is_signed=>condition: Is the attachment
data already signed
(e.g.,signed CCDA document?)
post_ok=>condition: Is transaction successful?
validate=>subroutine: Testscript: validation step(stub)
st->get_attach_data->need_sig->is_claim
is_claim(yes)->add_claim_param->is_solicited_claim(yes)->solicited_claim->get_reassoc_data->validate->oauth->invoke_operation->post_ok
is_claim(no)->add_preauth_param->is_solicited_preauth(yes)->solicited_preauth->get_reassoc_data->validate->oauth->invoke_operation->post_ok
is_claim(yes)->add_claim_param->is_solicited_claim(no)->unsolited_claim->get_reassoc_data->validate->oauth->invoke_operation->post_ok
is_claim(no)->add_preauth_param->is_solicited_preauth(no)->unsolited_preauth->get_reassoc_data->validate->oauth->invoke_operation->post_ok
need_sig(yes)->is_signed(yes)->is_claim
need_sig(yes)->is_signed(no)->sign->is_claim
need_sig(no,bottom)->is_claim
post_ok(yes)->http_200->e
post_ok(no)->http_400->bad_transaction
```
### Server
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
request=>operation: Receive $submit-attachments
http_200=>operation: Return http 200 Success
http_400=>operation: Return 400+ Error response +/-
OperationOutcome
oauth_ok=>condition: Is client
authenticated?
req_ok=>condition: Is valid request?
payload_ok=>condition: Is payload valid
FHIR Object
need_sig=>condition: Are signatures
required?
is_signed=>condition: Is attachment signed
FHIR Document
sig_ok=>condition: Is valid signature?
validate=>subroutine: Testscript: validation step(stub)
st->request->oauth_ok
oauth_ok(yes)->req_ok
oauth_ok(no)->http_400->bad_transaction
req_ok(yes)->payload_ok
req_ok(no)->http_400->bad_transaction
payload_ok(yes)->need_sig
payload_ok(no)->http_400->bad_transaction
need_sig(yes)->is_signed
need_sig(no,bottom)->http_200()->e
is_signed(no)->sig_ok
is_signed(yes,bottom)->http_200->e
sig_ok(yes)->http_200->e
sig_ok(no)->http_400->bad_transaction
```
## Direct Query
### Client:
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
disc=>subroutine: Discovery of Patient FHIR_ID
oauth=>subroutine: Authentication and Authorization Workflow
search=>subroutine: Query for data
http1=>operation: Receive http 200 Success
+ SearchBundle payload
http2=>operation: Receive Error response
=/- OperationOutcome
search_ok=>condition: Query Successful?
validate=>subroutine: Testscript: validation step(stub)
need_sig=>condition: Are signatures
required?
sig_ok=>condition: Is valid signature?
on SearchSet Bundle
st->disc->oauth->search->search_ok
search_ok(yes)->http1->validate->need_sig
search_ok(no)->http2->bad_transaction
need_sig(yes)->sig_ok
need_sig(no,bottom)->e
sig_ok(yes)->e
sig_ok(no)->bad_sig
```
### Server
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
request=>operation: Receive FHIR Query
make_bundle=>subroutine: produce FHIR SearchSet Bundle
sign=>subroutine: Signature Needed:
organization signs
SearchSet Bundle
return_200=>operation: Return http 200 Success
payload = Searchset Bundle
return_400=>operation: Return 400+ Error response +/-
OperationOutcome
oauth_ok=>condition: Is client
authenticated?
req_ok=>condition: Is valid request?
op_ok=>condition: Is operation
successful?
need_sig=>condition: Are signatures
required?
validate=>subroutine: Testscript: validation step(stub)
st->request->oauth_ok
oauth_ok(yes)->req_ok
oauth_ok(no)->return_400->bad_transaction
req_ok(yes)->make_bundle->op_ok
req_ok(no)->return_400->bad_transaction
op_ok(yes)->validate->need_sig
op_ok(no)->return_400->bad_transaction
need_sig(yes)->sign->return_200->e
need_sig(no,bottom)->return_200->e
```
## Task
### Cient
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
post=>subroutine: POST Task to Server
post_ok=>condition: Is FHIR create
transaction successful?
Receive http 200 Success
fetch_task_ok=>condition: Is FHIR read
transaction successful?
Receive http 200 Success
fetch_data_ok=>condition: Is FHIR read
transaction successful?
Receive http 200 Success
search_ok=>condition: Is FHIR search
transaction successful?
Receive http 200 Success
is_polling=>condition: Client polling
the Task?
is_done=>condition: Is Task completed?
is_notified=>condition: Subscription Notification
that Task completed?
is_contained=>condition: Is Task.output contained?
need_sig=>condition: Is signature
required?
is_signed=>condition: Is attachment signed
FHIR Document
is_ok_sig=>condition: Is valid signature?
disc=>subroutine: Discovery of Patient FHIR_ID
create_task=>subroutine: Create Task resource to request Data
fetch_task=>subroutine: Get completed Task from
FHIR Server using FHIR read
fetch_data=>subroutine: Get FHIR data referenced
in Task.output using FHIR read
search=>subroutine: Get Data referenced
in Task.output using FHIR search
validate_task1=>subroutine: Testscript: validation step(stub)
validate_task2=>subroutine: Testscript: validation step(stub)
validate_data=>subroutine: Testscript: validation step(stub)
validate_searchset=>subroutine: Testscript: validation step(stub)
validate_fhirdoc=>subroutine: Testscript: validation step(stub)
poll=>subroutine: Polls Task
subscribe=>subroutine: POST Subscription for Task Updates
st->disc->create_task->validate_task1->post->post_ok
post_ok(yes)->is_polling
post_ok(no)->bad_transaction
is_polling(yes)->poll->is_done
is_polling(no)->subscribe->is_notified(yes)->fetch_task
is_notified->fetch_task
is_done(yes)->fetch_task->fetch_task_ok
is_done(no)->poll
fetch_task_ok(yes)->validate_task2->is_contained
fetch_task_ok(no)->bad_transaction
is_contained(yes)->need_sig
is_contained(no,bottom)->fetch_data->fetch_data_ok
fetch_data_ok(yes)->validate_data->need_sig
fetch_data_ok(no)->bad_transaction
need_sig(yes)->is_signed
need_sig(no,bottom)->e
is_signed(yes)->e
is_signed(no)->bad_sig
```
#### Create Task Resource
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
in_data=>operation: Populate Task with Patient,date,owner,requester
in_text=>operation: Add text to Task.input
in_code=>operation: Add code to Task.input
in_search=>operation: Add search string to Task.input
in_sig=>operation: indicate signature required
in_pou=>operation: Add POU to Task.input
in_wq=>operation: Add Work Queue to Task.input
in_reason=>operation: Add reason code or reference to
Task.reasonCode/reasonReference
is_text=>condition: Is free text request?
is_code=>condition: Is coded request?
is_pou=>condition: Add Purpose of Use Code?
is_sig=>condition: Is Signature required?
is_wq=>condition: Add Work Queue Code?
is_formalauth=>condition: Is formal authorization
needed?
in_formalauth=>operation: Add reference to
formal request resource (e.g.,CommunicationRequest
or ServiceRequest) to Task.basedOn
is_prov=>condition: Is Provenance needed?
in_prov=>operation: Add request for provenance
to request (as _include param
to search string or free text)
st->in_data->in_reason->is_text(yes)->in_text->is_sig
is_text(no)->is_code(yes)->in_code->is_sig
is_code(no)->in_search->is_sig
is_sig(yes)->in_sig->is_pou
is_sig(no,bottom)->is_pou
is_pou(yes)->in_pou->is_wq
is_pou(no,bottom)->is_wq
is_wq(yes)->in_wq->is_formalauth
is_wq(no,bottom)->is_formalauth
is_formalauth(yes)->in_formalauth->is_prov
is_formalauth(no,bottom)->is_prov
is_prov(yes)->in_prov->e
is_prov(no,bottom)->e
```
#### Subscription Flow
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
create_subsc=>subroutine: Create Subscription resource
to notify When Task is
completed, failed, or rejected
post=>subroutine: POST Subscription for Task Updates
oauth=>subroutine: Authentication and Authorization Workflow
post=>subroutine: POST Subscription to Server
post_ok=>condition: Is FHIR create
transaction successful?
get_notified=>inputoutput: Get notified Task status updated
cancel_subsc=>subroutine: DELETE Subscription for Task Updates
del_ok=>condition: Is FHIR delete
transaction successful?
st->create_subsc->oauth->post->post_ok
post_ok(yes)->get_notified->cancel_subsc->del_ok
post_ok(no)->bad_transaction
del_ok(yes)->e
del_ok(no)->bad_transaction
```
### Server
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_transaction=>end: Transaction Error
bad_sig=>end: Signature invalid
request=>operation: Receive Task
http_200=>operation: Return http 200 Success
http_400=>operation: Return 400+ Error response +/-
OperationOutcome
get_data=>subroutine: Get requested data
may require human intervention
validate=>subroutine: Testscript: validation step(stub)
update_taskout=>subroutine: update Task.out with
external references to the data
update_taskout_contained=>subroutine: Populate Task.contained
with the requested data
and reference it inTask.out
status_completed=>operation: Change Task.status to "completed"
status_failed=>operation: Change Task.status to "failed"
sign=>subroutine: Signature Needed:
Bundle into provider signed
Document Bundle
oauth_ok=>condition: Is client
authenticated?
req_ok=>condition: Is valid request?
payload_ok=>condition: Is payload valid
FHIR Object
pou_ok=>condition: Is POU(and reason)
appropriate use of data?
need_sig=>condition: Are signatures
required?
is_signed=>condition: Is attachment signed
FHIR Document
sig_ok=>condition: Is valid signature?
is_completed=>condition: Is successful in completing
the request (requested data
is available)
is_contained=>condition: Is output data
contained in the Task?
st->request->oauth_ok
oauth_ok(yes)->req_ok
oauth_ok(no)->http_400->bad_transaction
req_ok(yes)->payload_ok
req_ok(no)->http_400->bad_transaction
payload_ok(yes)->pou_ok(yes)
payload_ok(no)->http_400->bad_transaction
pou_ok(yes)->get_data->is_completed
pou_ok(no)->http_400->bad_transaction
is_completed(yes)->is_contained
is_completed(no)->status_failed->status_failed->validate
is_contained(yes)->update_taskout_contained->status_completed->validate
is_contained(no)->update_taskout->status_completed->validate
validate->need_sig
need_sig(yes)->sign->http_200->e
need_sig(no,bottom)->http_200->e
```
## Signatures
### Creation
```flow
st=>start: Start
e=>end: End (Happy Path)
get_cert=>subroutine: Obtain a digital certificate and keys from a third-party certificate authority (CA)
prep_base64_Der=>operation: Prepare base64 DER Certifcate - it is Cert PEM file wihout the footer and header and line returns
jws_header=>operation: Create JWS header to Attach to Bundle
header = {"alg": "RS256","kty": "RS", "x5c": [base64 DER]}
prep_bundle=>operation: Remove the id and meta element from Bundle to be signed
canon_bundle=>operation: Canonicalize Bundle using IETF JSON Canonicalization Scheme (JCS)
base64_url_bundle=>operation: base64_urlize the canonicalized bundle- this is the JWS payload.
creat_sig=>operation: Create Signature using private key
and RS256 algorithm to get the JWS compact serialization format
using the header and paylaod as inputs
detach=>operation: detached payload by removing the payload element
from the JWS compact serialization format
base64_jws=>operation: base64 the JWS (not base64_url!)
add_sig=>operation: Append FHIR Signature element to the Bundle be signed
st->get_cert->prep_base64_Der->jws_header->prep_bundle
prep_bundle->canon_bundle->base64_url_bundle->creat_sig->detach
detach->base64_jws->add_sig->e
```
### Validation
```flow
st=>start: Start
e=>end: End (Happy Path)
bad_sig=>end: Invalid Signature
get_cert=>subroutine: Obtain digital public key from
first certificate in JWS header "x5c" key
(or get from sender)
prep_bundle=>operation: Remove the id and meta element from Bundle to be signed
canon_bundle=>operation: Canonicalize Bundle using IETF JSON Canonicalization Scheme (JCS).
Signature using public key or Cert
and RS256 algorithm
reattach=>operation: Add payload to JWS compact serialization format
decode_jws=>operation: decode base64 JWS (not base64_url!)
rem_sig=>operation: Remove FHIR Signature element from the signed Bundle
base64_url_bundle=>operation: base64_urlize the canonicalized bundle- this is the JWS payload.
inspect_cert_info=>subroutine: Verify Issuer, Validity Dates, Subject, and KeyUsage of certificate
info_ok=>condition: Certificate information OK
(e.g., not expired)?
verify_sig=>operation: Verify JWS
is_valid=>condition: Signature validates?
rem_sig->decode_jws->prep_bundle->canon_bundle
canon_bundle->base64_url_bundle->reattach->get_cert->inspect_cert_info
inspect_cert_info->info_ok(yes)->verify_sig->is_valid
inspect_cert_info->info_ok(no)->bad_sig
is_valid(yes)->e
is_valid(no)->bad_sig
```
## Testscripts
### Profile Validation
```flow
st=>start: Start
ts_o1=>subroutine: Testscript: validation step(stub)
ts_cond1=>condition: Is Payload Valid?
ts_e1=>end: Valid Payload
ts_e2=>end: Invalid Payload
st->ts_o1->ts_cond1
ts_cond1(yes)->ts_e1
ts_cond1(no)->ts_e2
```