Questions around integration of our standalone Multi-Tenant application

[Daya]

Hello,

We are beginning the integration of our Standalone and Multi-Tenant/SaaS application with Cerner Sandbox. After reading SMART on FHIR documentations it is not very clear as to how we can identify one client (hospital) from another.

In perhaps a similar question asked and answered here it seems we may be able to use our self assigned client_id for this purpose, but will the client_id be included in every response or will we have to store/retrieve client_id in/from user's session.

Please let me know if this client_id based approach is the right approach or if there is a better approach or any documentation on this topic.

Regards,
Daya

[Jenni Syed (Cerner)]

Hi,

The client id identifies your application, not the data you're accessing.

You can read this thread to see some details we've given others to do something similar: https://groups.google.com/d/msg/cerner-fhir-developers/xw856tLx2tI/2Atz2V1eFQAJ

Like that thread states, a tenant contains many hospitals (or facilities, private practices, etc).

Regards,

~ Jenni

[Daya]

Can the tenant_id be used to identify the hospital using our app? Is tenant_id available in every response?

[Jenni Syed (Cerner)]

Hi Daya,

As stated in that post, the tenant is returned with the token response. You authorize per tenant and it is returned from the SMART launch workflow.

A tenant != a single hospital. A tenant can contain multiple hospitals (though within a single health system), and a health system can have several tenants that hold their data (because of purchases/reorg).

Regards,

Jenni

[Daya]

Thanks Jenni,

Help me make sure I got this right. As an example HCA corporations have multiple hospitals throughout the country,

1. So in this case HCA is a tenant. So
   
1. Can all these hospitals under HCA have just one tenant id? if yes then how do you identify one hospital from the other within the same health system?
   
2. How does you limit the list of patient to one hospital? or more granular to a single unit.
   
2. Do all hospitals have their own cerner installations and unique tenant ids?
3. Does a single tenant map to the hospital's cerner installation?

[Jenni Syed (Cerner)]

Hi Daya,

HCA, especially since it has some UK tenants and there are laws about data going across UK borders (but also because they've probably done mergers and acquisitions), would have multiple tenant ids. These tenant ids are likely not always specific to a hospital.

The Organization and Location resources (which we don't yet implement) are how an app tracks down specific hospitals, rooms, beds...

To find all patients that have had encounters with those locations, you would use Encounter (and the org/location associated to it) in FHIR.

Can you clarify what your use case is that you need to identify a specific location or facility for the use of the standalone application?

~ Jenni

[Daya Sharma]

Hi Jenni,

Our use case is as follows

1. Our app will be used by nurses using a hand held device (not EHR UI) - hence standalone.
2. Nurses can access list of patients in a unit and perform our app specific functions such as create reminders for patient under their care.
3. Reminder will pop up on their device even if they are logged out. The nurses can snooze or take an action on a reminder. Pop up even if nurse is logged out may not mean offline access in cerner terminology but is definitely called offline access on our end.
   

Regards,

Daya

--
You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/6ab50709-fe1a-40ac-b5e2-e32d5162df64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jenni Syed (Cerner)]

Hi Daya,

That use case is specifically offline_access as defined by the SMART specification, or pub/sub and other options that our server doesn't currently implement. (note: if you're storing the reminder and pop up outside/without needing access to the actual patient record, then authorization to our FHIR server implementation actually wouldn't be required after the initial identification and association of the reminder to the patient)

Unfortunately, there's not a good way to get a list of all patients in a specific unit today from our sandbox. This would likely require the nurse to select a location (search the Location resource or configure one) and then search Encounter by location (which we don't support) in FHIR, but neither is currently available in our API. There are also List resources that might eventually work, but again, this isn't implemented yet by our server.

~ Jenni

[Daya Sharma]

Hi Jenni,

We have our own pub/sub system that will be used for showing Reminder pop-ups.

Is the Location resource supported by Cerner? How and where can we configure it?

Is there any other way to list patients by unit with in a hospital?

How can our app identify the hospital since single tenant ID could mean multiple hospitals?

Regards,

Daya

On Tue, Oct 2, 2018 at 2:36 PM 'Jenni Syed (Cerner)' via Cerner FHIR Developers <cerner-fhir...@googlegroups.com> wrote:

Hi Daya,

That use case is specifically offline_access as defined by the SMART specification, or pub/sub and other options that our server doesn't currently implement.

Unfortunately, there's not a good way to get a list of all patients in a specific unit today from our sandbox. This would likely require the nurse to select a location (search the Location resource or configure one) and then search Encounter by location (which we don't support) in FHIR, but neither is currently available in our API. There are also List resources that might eventually work, but again, this isn't implemented yet by our server.

~ Jenni

--

You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/17209b22-1c9c-4f65-a73e-2f0c5d48c568%40googlegroups.com.

[Daya Sharma]

while awaiting your response to the previous email I did some research around location and it seems that our app can know the location of the FHIR server atleast https://groups.google.com/d/msg/cerner-fhir-developers/4ErT6VR4uGM/kKVRI42aAgAJ . Though I am not sure how that will help us when one FHIR server location is used by multiple hospitals

[Jenni Syed (Cerner)]

We have our own pub/sub system that will be used for showing Reminder pop-ups.

Ok, it sounds like you probably don't need offline_access then. It would just be doing access on behalf of a user (and be registered as a practitioner application).

 

Is the Location resource supported by Cerner? How and where can we configure it?

No, it is not currently supported. We do return a reference to the lowest level of location on encounter: https://fhir.cerner.com/millennium/dstu2/encounters/encounter/ 

However, there's no way to search by location, and we do not currently allow apps to get all encounters of all patients in the system so that you could post-filter.

 

Is there any other way to list patients by unit with in a hospital?

Not currently via FHIR.

 

How can our app identify the hospital since single tenant ID could mean multiple hospitals?

I don't think this is actually the main challenge the app will face. The first challenge isn't just the hospital (a nurse likely doesn't care about 99% of the patients in the hospital, only the small percent currently under their care). It's how you will allow the nurse to configure her current unit/assignment/list of patients. There is nothing in a standalone app that would let you determine this level of location detail automatically without having the user configure this or provide their preference. This also assumes the user only cares about patients based on location.

Once you're over that challenge, the next block would be using that location to find patients under their care. There's not currently anything implemented in our FHIR server that will aid with this, though there are at least places in the FHIR specification that could aid this if implemented.

Given the gaps, though not great, an option would be to have the nurse search for the patient she wants notifications on.

~ Jenni

[Daya Sharma]

Hi Jenni,

Thanks for confirming the gaps. So the more I think about our standalone app for nurses, it seems the flow at high level would be

1. Nurses launches our standalone app on handheld device.
2. Our public app calls the https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca along with client_id to get access_token
3. Nurse is prompted for authentication
4. Using bearer token issued for the user (nurse) Patient and other resources are accessed

Could you please confirm if this possible for a standalone application? Coz I have not found a single example as yet. If you know of an example provider app please let me know

Best Regards,

Daya

--

You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/ac87299e-87ac-48d3-80ef-b99a649d29db%40googlegroups.com.

[Jenni Syed (Cerner)]

Hi Daya,

Yes, this is possible. You would authorize with the scopes openid profile online_access user/Patient.read. The first 2 scopes allow you to know the current user. online_access allows the app to refresh the token while the nurse is logged in. The final scope allows you to search patients on behalf of the nurse.

Once authorized, you would search patient using whatever parameters you need: https://fhir.cerner.com/millennium/dstu2/individuals/patient/#search

1. Our public app calls the https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca along with client_id to get access_token

This will just be true in the sandbox for your proof of concept and testing. In a live environment, this URL would need to be configured for the application (or discoverable for the user), since the FHIR url varies by site. You will get the URL that is needed for each site when a client onboards your application.

~ Jenni 

[Daya Sharma]

Hi Jenni,

Thanks for the prompt reply. Please help me verify/understand a few more of these things

1. I understand authorizing with scopes of openid and profile will identify the currently logged in user, but what is not clear to me is
   
1. When and where does user authentication take place? we are a standalone app launched outside of EHR so there won't be any currently logged in user.
   
2. To prompt the user for authentication then what API shall we call? Are we allowed to use our own authentication form? if yes then is what is the authentication endpoint to submit the form to? is it same as Authorization server?
3. Is there an example standalone app that prompts for user authentication that I can take a look at?
   
   
2. Will the FHIR URL in prod be unique for each site/hospital? How does it relate to Tenant ID? From my current understanding a Tenant ID may represent multiple sites/hospitals, is that true?
   

Best regards,

~ Daya

--

You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/39494803-1be2-4e4b-926e-be67325e6c03%40googlegroups.com.

[Jenni Syed (Cerner)]

Daya,

The authorization workflow happens *exactly* as it happens in a launched app (the user will be prompted to sign in since there's no previous session), the only difference in your application workflow is:

* The application will need to configure the FHIR URL instead of having it passed in during launch as the "iss" parameter.

* The scopes the application requests will *not* include a launch scope

The rest of the OAuth workflow is the same. IE: using this FHIR url, the application will discover the token and authorization endpoints to continue with the OAuth calls.

The FHIR URL is 1:1 with tenant, can still represent multiple hospitals/doctors sites/facilities.

~ Jenni

[Daya Sharma]

Hi Jenny,

By any chance would "B2B" or system access - AKA OAuth 2 "client credentials" be more appropriate for our standalone application which will be used by nurses. If yes, could you please provide me with an example app or interaction diagram.

Thanks,

~Daya

--

You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/e20b7e66-06ef-494f-b1bd-b2ee5f88ae90%40googlegroups.com.

[Jenni Syed (Cerner)]

Hi Daya,

No, the use case you have is exactly what access on behalf of a user is for. B2B would be inappropriate for this use case. There are a lot of things around auditing and security privileges and restrictions that the FHIR server enforces for the user signed in. It can't do that for B2B use cases.

~ Jenni

[Daya Sharma]

Thanks Jenni,

A small clarification as I am confused  about "on behalf of user" for our standalone app to be used by nurses. Could you confirm the requested OAuth scope will be 'patient/Patient.read patient/Observation.read launch online_access openid profile' and not 'user/Patient.read user/Practitioner.read'

Regards,

~Daya

--

You received this message because you are subscribed to a topic in the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cerner-fhir-developers/NjTnWtcN508/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cerner-fhir-devel...@googlegroups.com.
To post to this group, send email to cerner-fhir...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/e392ba4a-c8ab-4f01-90e9-78af7792e29b%40googlegroups.com.

[Jenni Syed (Cerner)]

Hi Daya,

The patient* scopes can only be used when the application is launched from the EHR with context of the current patient on the chart. This is not the scenario you've described for the application. The user/* scopes are the only appropriate scopes for this. This application can also not use the launch scope, since it is not going to be launched from the actual EHR/chart. Only "online_access openid profile user/Patient.read and user/Practitioner.read" will be necessary (note, you included Observation in the first list but not the second - if your app needs access to Observations, you would also include the user/... scope for that).

See the definitions on the SMART specification documentation: http://docs.smarthealthit.org/authorization/scopes-and-launch-context/

"Patient-specific scopes allow access to specific data about a single patient. (You’ll notice that we don’t need to say whichpatient here: clinical data scopes are all about “what” and not “who.” We’ll deal with “who” below!) Patient-specific scopes take the form: patient/:resourceType.(read|write|*)."

vs

"User-level scopes allow access to specific data that a user can access. Note that this isn’t just data about the user; it’s data available to that user. User-level scopes take the form: user/:resourceType.(read|write|*)."

For the standalone app flow, the authorization server has no knowledge of *the specific patient* which is the only difference between these scopes. Both also imply that this grants the application to data that the *user also has access to.*

Regards,

Jenni