Trusted personal health apps will have access to patient portals for the secure exchange of information recorded about the person and their health care.
6. Almost 100 general practices
were offering a patient portal in
September 2014
37,000 patients had been
provisioned a portal account
7. Ngaio uses a smartphone app to help manage her diabetes
She performs blood glucose and cholesterol tests at home and
uploads the results to her patient portal
She graphs these results alongside lab test results, blood
pressure, weight and exercise data
She consults her doctor online with any concerns
8. Repository delegates request
and receives authorisation to
permit access to the app
Clinical data
repository
App web
service
The app (a) authenticates itself to
the repository and requests access
to (b) save and retrieve data
Performs home blood
test, uploads results
and views alongside
other data
Access control
service
Logs in and
authorises access
to the app
9. Repository delegates request
and receives authorisation to
permit access to the app
Clinical data
repository
App web
service
The app (a) authenticates itself to
the repository and requests access
to (b) save and retrieve data
Performs home blood
test, uploads results
and views alongside
other data
Access control
service
Logs in and
authorises access
to the app
Record locator
service
X.509
client
cert.
JSON
web
token
Auth.
scopes
10.
11. An ecosystem that supports
many users, apps,
publishers, patient portals,
repositories and access
control services
12. Sharing portal and
repository data with an app
will be under explicit
patient control
19. Patient portals will be the
docking points where
personal health apps
connect to the ecosystem
20. Portal systems will expose
patient information and
communication functions
via a standard API
21. OAuth2 is the chosen
protocol for authentication
and authorisation
22. Digital certificates for
mutual authentication will
enable patient portals,
repositories and access
control services to operate
within a circle of trust
24. Patient portals and apps
will allow the user to login
with Real Me, which must
add OAuth2 support
25.
26. Support people who use
portals and apps on behalf
of others will have their
own user accounts
27. NHI number will become
another federated identity
attribute under Real Me,
which must add support for
OpenID Connect
28. Health Provider Index
(HPI) identities will be used
and there will be an open
electronic addressing
scheme and directory of
health practitioners,
facilities and organisations
29. Patient portals and
repositories will have
RESTful APIs, based where
practical on HL7 FHIR
30. Rich apps will support
SNOMED CT and LOINC for
clinical terminology
32. A record locator service
will enable document
search across all
repositories
33. Apps will need to support
the clinical document
metadata standard and a
common repository API
34. Record locator service
Clinical data
repository
CDR
CDR
Record locator service
one index across n sources, serving clinical
workstations, patient portals and apps
Storing, locating and retrieving clinical
documents (XDS model)
35. Authorisation scopes will
include:
search:[<NHI number>]
summary:[<NHI number>]
send-email-to:<address>
36. Patient portals and apps
will support defined CDA
document types, FHIR
resources and common
media types
37. 10041 Medications, Allergies and Adverse
Reactions
10043 CDA Common Templates
10047 Comprehensive Clinical
Assessments for Older People
10050.2 Maternity Care Summary
10052 Ambulance Care Summary
GP2GP and NZePS
38. Xero has an API that
enables account owners to
grant access to apps
Public apps are registered
at api.xero.com and
certification is not needed
Access tokens are issued for
a limited time
39. Certified apps may connect
to portals and repositories
Publishers will be asked to
register new apps
Accredited agents will test
and certify apps against
published standards
40. A directory of repository,
patient portal and
authorisation server
endpoints will be published
Editor's Notes
People are involved in their own care and share a core set of personal health information with providers.
People trust and understand how their information is used and recorded.
Patient portal interfaces with GP systems, shared care systems, clinical data repositories, My List of Medicines, clinical assessment and shared care planning tools, telehealth services
Naturally, we also want to support multiple mobile device types, brands and operating systems
We also want to support multiple mobile device types, brands and operating systems
We also want to support multiple mobile device types, brands and operating systems
Blue Button was developed in 2010 by USA Veterans Affairs to allow users to download a health summary from a patient portal
ONC for Health IT took over Blue Button in 2012
Blue Button+ added structured data and support for web services in 2013
Each BB+ provider is the pairing of an OAuth2 authorisation service with a data service that implements the BB+ interface
Each BB+ provider is the pairing of an OAuth2 authorisation service with a data service that implements the BB+ interface
Patient portals are secure web apps featuring cross browser support and an accessible user interface
Patient portals are in rollout around the country
There is a robust face-to-face provisioning process, based on the patient-practitioner relationship
Portals provide the ability to order a repeat prescription, make an appointment or send a note to the GP, as well as view personal health information
Providers will be obliged to operate certified patient portal systems that have such an API
Patient portals are secure web apps featuring cross browser support and an accessible user interface
Patient portals are in rollout around the country
There is a robust face-to-face provisioning process, based on the patient-practitioner relationship
Portals provide the ability to order a repeat prescription, make an appointment or send a note to the GP, as well as view personal health information
Providers will be obliged to operate certified patient portal systems that have such an API
OpenID Connect is an identity layer on OAuth2
In general, the authorisation server will be separate from the resource server
The resource server can trust the access token because it is signed by the authorisation server
HTTPS secure connections over the internet
Identity, authentication and authorisation services will be provided by the NHI system, Real Me and patient portals
We need stronger evidence of identity than social media provides
The NHI system is probably not suitable as an OAuth2 identity and authorisation server
Real Me is a federated identity system, offering an identity verification service and a login service
Systems such as the NHI system can become identity attribute providers under this federated model, storing a Federated Identity Tag (FIT) per person as a link to the Real Me identity
A Federated Login Tag (FLT) per person is used in a similar way to support single sign-on
In order to support Real Me, patient portals will need to store FITs and FLTs, but will these need to be the same across different portals?
Having NHI number as a federated identity attribute under Real Me would support uses such as GP enrolment and patient portal provisioning
Real Me is a product and registered trademark of the New Zealand Government and New Zealand Post
1500 clinical impressions among about 3000 finding and diagnosis concepts
Matched content is listed in an Atom feed
The app issues an authenticated HTTPS GET request to retrieve any document from its repository location
10040.4 Clinical Document Metadata Standard defines twenty metadata elements for clinical data repository content
It is a standard for repository, record locator, clinical workstation, shared care and portal solutions
CDA and other payload types are supported.
CDA for discharge summary and med rec content, clinical assessments, care summaries.
Xero public apps use the standard three-legged OAuth process that allows the user to authorise access to their Xero account by a third party app:
User presses a โConnect to Xeroโ button in the app and is redirected to a Xero authorisation service to login
User selects which Xero account they want to grant the app access to
User is redirected back to the app, which can then interact with the selected account via the API
Access tokens last for 30 minutes (partner apps are more privileged but need to be centrally hosted)
Xero also supports partner apps, which are more privileged
Partners are issued an 99 client certificate for their apps
Partner apps present an X.509 client certificate issued by Xero
Partner apps access the Xero API at a different URL from public apps
Partner apps also use a different signature method to public apps - requests are signed using the RSA-SHA1 method
Partner apps use the same three-legged authorisation process as public apps, but the 30 minute access tokens are automatically renewed