RC_Update Medical Program (Admin CDB)

1 Purpose
2 Key points
3 Specification
4 Authorization
5 Validate legal entity
6 Validate medical program ID
7 Service logic

Purpose

This WS allows to update existing medical program and add specific medical program settings for the program.

Key points

This is a graphQl method used in Administration panel only
Only authenticated and authorized NHS employee with appropriate scope can update a Medical program.
This method allows to add/change medical program settings for the program.

Specification

  "Update a single `MedicalProgram`."
  updateMedicalProgram(
    input: UpdateMedicalProgramInput!
  ): UpdateMedicalProgramPayload

"""
Input for `updateMedicalProgram` mutation.
User must have a scope **medical_program:write**
"""
input UpdateMedicalProgramInput {
  "The ID of an object."
  id: ID!
  "Whether it is possible to create `Medication Request`"
  medicationRequestAllowed: Boolean
  "Medication request allowed status description"
  medicationRequestAllowedText: String
  "Whether it is possible to create `Medication Dispense`"
  medicationDispenseAllowed: Boolean
  "Medication dispense allowed status description"
  medicationDispenseAllowedText: String
  "Medical program settings"
  medicalProgramSettings: MedicalProgramSettingsInput
  "Medical program settings description"
  medicalProgramSettingsText: String
}

"""
Input for `MedicalProgramSettings` of `updateMedicalProgram` mutation.
"""
input MedicalProgramSettingsInput {
  "Skip MNN in treatment period requirement flag"
  skipMnnInTreatmentPeriod: Boolean
  "Care plan requirement flag"
  carePlanRequired: Boolean!
  "Skip employee validation requirement flag"
  skipEmployeeValidation: Boolean
  "Allowed employee types to create medication request"
  employeeTypesToCreateMedicationRequest: [String]
  "Speciality types allowed"
  specialityTypesAllowed: [String]
  "conditions ICD10_AM allowed"
  conditionsIcd10AmAllowed: [String]
  "Conditions ICPC2 allowed"
  conditionsIcpc2Allowed: [String]
  "Maximum length in days of treatment period for `Medication Request` created with the program"
  medicationRequestMaxPeriodDay: Int
  "Providing conditions allowed"
  providingConditionsAllowed: [String]
  "Skip declaration verification for employee on create `Medication Request`"
  skipMedicationRequestEmployeeDeclarationVerify: Boolean
  "Skip declaration verification for legal entity on create `Medication Request`"
  skipMedicationRequestLegalEntityDeclarationVerify: Boolean
  "Allows multi dispense for `Medication Request`"
  multiMedicationDispenseAllowed: Boolean
  "Allows to process `Medication Dispense` without digital sign"
  skipMedicationDispenseSign: Boolean
  "Disables patient notification on operations with `Medication Request`"
  medicationRequestNotificationDisabled: Boolean
  "Specifies medication dispense period in days"
  medicationDispensePeriodDay: Int
}

"""
Return type for `updateMedicalProgram` mutation.
"""
type UpdateMedicalProgramPayload {
  "Updated `MedicalProgram`."
  medicalProgram: MedicalProgram
}

"""
MedicalProgram contains details about medical program for reimbursement and services.
In order to obtain details user must have a scope **medical_program:read**
"""
type MedicalProgram implements Node {
  "The ID of an object."
  id: ID!
  "Primary key identifier from the database."
  databaseId: UUID!
  "The name of the `MedicalProgram`."
  name: String!
  "Type of the `MedicalProgram`."
  type: String!
  "Whether the `MediaclProgram` is active or not?"
  isActive: Boolean!
  "Date and time when record was inserted."
  insertedAt: DateTime!
  "Date and time when record was updated."
  updatedAt: DateTime!
  "Whether it is possible to create `Medication Request`"
  medicationRequestAllowed: Boolean!
  "Medication request allowed status description"
  medicationRequestAllowedText: String
  "Whether it is possible to create `Medication Dispense`"
  medicationDispenseAllowed: Boolean!
  "Medication dispense allowed status description"
  medicationDispenseAllowedText: String
  "Medical program settings"
  medicalProgramSettings: MedicalProgramSettings
  "Medical program settings description"
  medicalProgramSettingsText: String
}

"""
Medical program settings. Described at https://edenlab.atlassian.net/wiki/spaces/EH/pages/3132620836/Medical+program+settings
"""
type MedicalProgramSettings {
  "Skip MNN in treatment period requirement flag"
  skipMnnInTreatmentPeriod: Boolean
  "Care plan requirement flag"
  carePlanRequired: Boolean!
  "Skip employee validation requirement flag"
  skipEmployeeValidation: Boolean
  "Allowed employee types from `EMPLOYEE_TYPE` dictionary to create medication request"
  employeeTypesToCreateMedicationRequest: [String]
  "Speciality types allowed. From `SPECIALITY_TYPE` dictionary"
  specialityTypesAllowed: [String]
  "conditions ICD10_AM allowed. From `eHealth/ICD10_AM/condition_code` dictionary"
  conditionsIcd10AmAllowed: [String]
  "Conditions ICPC2 allowed. From `eHealth/ICPC2/condition_code` dictionary"
  conditionsIcpc2Allowed: [String]
  "Maximum length in days of treatment period for `Medication Request` created with the program"
  medicationRequestMaxPeriodDay: Int
  "Providing conditions allowed. From `PROVIDING_CONDITION` dictionary"
  providingConditionsAllowed: [String]
  "Skip declaration verification for employee on create `Medication Request`"
  skipMedicationRequestEmployeeDeclarationVerify: Boolean
  "Skip declaration verification for legal entity on create `Medication Request`"
  skipMedicationRequestLegalEntityDeclarationVerify: Boolean
  "Allows multi dispense for `Medication Request`"
  multiMedicationDispenseAllowed: Boolean
  "Allows to process `Medication Dispense` without digital sign"
  skipMedicationDispenseSign: Boolean
  "Disables patient notification on operations with `Medication Request`"
  medicationRequestNotificationDisabled: Boolean
  "Specifies medication dispense period in days"
  medicationDispensePeriodDay: Int
}

Authorization

Verify the validity of access token
- in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
- in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medical_program:write')
- return 403 (“Your scope does not allow to access this resource. Missing allowances: medical_program:write”) in case of invalid scope(s)

Validate legal entity

Extract client_id from token.
Check client scopes in order to perform this action (scope = 'medical_program:write')
- in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: medical_program:write”)
Check client type = NHS
- in case of error - return 403 ('You don’t have permission to access this resource')

Validate medical program ID

Check id exists in DB
1. in case of error - return 404 ('not_found')

Service logic

Update params submitted on input in the medical program entity. Also, set:
1. updated_by = current user (from token)
2. updated_at = current date and time