Epic Nexus’s Approach to Individual Access Services in TEFCA via FHIR

About Individual Access Services

Individual Access Services (IAS) provides the ability for patients to use apps of their choice to retrieve copies of their medical records from participants in TEFCA—just like how patients can connect their individual bank and credit card accounts to a personal finance app to track their budget. Consider the following example use case:

Clara’s family moved around frequently during her childhood, so she often received care from new doctors in her family’s new town for her chronic condition. As a result, she has patient records all over the country. Now that she is going off to college, she is moving again and will need to establish care with a new primary care provider in the same town as her college. Clara wants to be able to have all of her records in a single view so she can more easily get her new doctor up to speed. She also wants to be able to use the app to track her health data from smart devices to help manage her chronic condition on her own.

An IAS app connected to the TEFCA framework could help meet Clara’s needs. The TEFCA framework enables the IAS app to identify where Clara may have received care in the past based on Clara’s past addresses. So, if Clara doesn’t remember where she received care, an IAS app can help her figure it out. If Clara enters data for her tracking into the app, she knows that her doctor will be able to view it in their EHR software the next time she goes in for a visit.

Roles

The following entities have a role in IAS exchange:

  • The Patient – Chooses to use an IAS app to request their health information through the TEFCA network.
  • IAS App – An app that is a Participant in TEFCA for the Individual Access Services Exchange Purpose. The app will initiate TEFCA queries to get that data.
  • The IAS App’s Qualified Health Information Network (QHIN) – The IAS app’s pathway to TEFCA participation. IAS apps become TEFCA Participants by signing a contract with one of TEFCA’s designated Qualified Health Information Networks.
  • The Epic Nexus QHIN – The Epic Nexus QHIN onboards Epic Nexus Participants to TEFCA. It also facilitates locating patient records from the community of Epic Nexus Participants.
  • Epic Nexus Participants – Epic community members that are connected to TEFCA. These participants respond to FHIR-based queries from IAS apps. The list of Epic Nexus Participants can be found here.

Workflow: Individual Access Services via FHIR with Epic Nexus

Pre-conditions and Assumptions:

  1. The IAS app and its QHIN support FHIR-Based exchange in the TEFCA framework as described by the QHIN Technical Framework and applicable SOPs.
  2. The IAS app has an active RCE Directory entry.
  3. The IAS app has completed Epic Nexus’s Client Registration Steps detailed below.
  4. The IAS app has completed Epic Nexus’s Connection Testing Steps detailed below.
  5. Epic Nexus Participants have listed their FHIR Endpoints and support for FHIR Based Exchange in the RCE Directory.
  6. Sufficient time has passed since (1) and (2) for directory updates and clients to have been distributed to Epic Nexus Participants.

Before an IAS app can retrieve a patient’s records through FHIR APIs, the patient must know which organization has their records. If the patient does not know, the IAS apps should use the Nominal Workflow to get a list of organizations likely to have data on that patient.

Nominal Workflow: Patient Does Not Know Where They Were Cared For

  1. The patient registers with the IAS app and completes IAL2 verification per the IASv2 SOP.
  2. The IAS app’s QHIN sends a patient discovery (XCPD) query with an exchange purpose of T-IAS to the Epic Nexus QHIN. Epic Nexus Participants support IASv1 SAML claims, and a transition to IASv2 SAML claims is planned for the future.
  3. The Epic Nexus QHIN responds to the request with the HomeCommunity ID (HCID) of each Epic Nexus Participant in the RCE Directory likely to have that patient’s records.
  4. The IAS app works with their QHIN to look up the FHIR Endpoint for each returned HCID.
  5. The IAS app follows the standard OAuth 2.0 workflow to obtain an access token for each Participant whom the app queries, as specified in the Authorization and Access section. The IAS app uses the access token in subsequent FHIR requests.

Alternative Workflow: Patient Knows Where They Were Cared For

If the patient knows which TEFCA Participants hold their records, the IAS app might choose to skip the XCPD query and direct them to this Alternative Workflow:

  1. The IAS app presents a list of facilities that are available in TEFCA to the patient.
  2. The patient selects the healthcare facilities from which they wish to request their data.
  3. The workflow continues starting at step 4 of the Nominal Workflow.

Epic Nexus’s Client Registration Steps for TEFCA IAS Apps Using FHIR

All IAS apps must register a client with Epic Nexus by following the steps below.

  1. The IAS app works with their QHIN to add an entry for the IAS app to the RCE directory.
  2. The IAS app or their QHIN emails Epic Nexus staff requesting to start the registration process.
  3. Epic Nexus will set up a meeting with the IAS app’s team and collect the following information:
    1. Client name, if different from RCE Directory
    2. HomeCommunityID (HCID), as listed in the RCE Directory.
    3. Redirect URI(s)
    4. JWK Set URL - Epic supports RS256, RS384, RS512, ES256, and ES384 signing algorithms. All clients are expected to be confidential clients capable of maintaining a JWK Set URL (JKU).

After the initial meeting and collecting that information, Epic Nexus will register the client and return a Client ID. The app must use this Client ID when initiating FHIR transactions to Epic Nexus Participants through the TEFCA framework. By registering once with Epic Nexus, your Client ID will be synced to all Epic Nexus Participants that support FHIR-based IAS Exchange.

Currently, T-IAS is the only exchange purpose of use supported by Epic Nexus for FHIR clients. Epic Nexus Participants currently act exclusively as FHIR Responding Nodes.

Epic Nexus’s Connection Testing Steps for TEFCA IAS Apps Using FHIR

Epic Nexus will test with IAS apps to validate workflows and bidirectional data exchange.

Testing will involve these groups:

  • A test instance of the IAS App.
  • The IAS App’s Staging QHIN environment.
  • The Epic Nexus Staging QHIN environment and its test participants.
  • Epic’s FHIR Sandbox environment and its test patient accounts.

Additional Technical Details and Helpful Information

Understanding Patient Authentication and App Authorization with Epic Nexus Participants

As noted in Step 5 of the Nominal Flow above, patients using a FHIR IAS app will need to authenticate with each Epic Nexus Participant responding to a query from the IAS app. Authentication with each Epic Nexus Participant using the patient’s MyChart credentials will ensure that the IAS app retrieves the right patient’s records. Without it, a mismatched record could result in a HIPAA breach due to an inappropriate disclosure.

Patients will follow the steps outlined here to give and revoke app access to their health records.

The following steps describe the Authorization Code Flow with Confidential Client JWT Authentication:

  1. The IAS app retrieves the SMART configuration metadata from /.well-known/smart-configuration and learns the /authorize and /token URLs of the Epic Nexus Participant’s OAuth 2.0 Authorization Server. For more information, see SMART 1.0: Retrieve Well-Known SMART Metadata.
  2. The IAS app redirects the patient to the Epic Nexus Participant’s /authorize endpoint, which will challenge the patient for their portal credentials to authorize the IAS app’s FHIR client. For more information, see SMART 1.0: Obtain Authorization Code.
  3. IAS FHIR Client receives an authorization_code at the specified redirect_uri and generates an access_token request. For more information, see SMART 1.1: Obtain Access Token and JWT Reference (Confidential Client Asymmetric Authentication). PKCE is not required for TEFCA clients, since they must be confidential clients.
  4. IAS FHIR Client receives an access_token and proceeds to make FHIR requests. A patient’s FHIR ID will be available in the patient field of the /token response. For more information, see SMART 1.0: Access FHIR APIs.
  5. Optional) IAS FHIR Client submits a refresh_token request to renew its access_token. For more information, see SMART 1.1: Refresh Access Token.

Which Epic Nexus Participants can my app query?

Epic Nexus Participants can respond to TEFCA FHIR Clients if their entry in the RCE Directory has the FHIR-Based Exchange Use Case and a FHIR REST Endpoint. This feature is automatically enabled for Epic Nexus Participants when they take a software update.

You can see the full list of Epic Nexus Participants here. If an Epic customer isn’t on that list, you may still be able to connect your FHIR app to their system outside of TEFCA by following the App Creation & Request Process steps on FHIR.epic.com.

Patient Matching Expectations to Promote Scalability and Efficiency

To promote the scalability of IAS using FHIR, IAS apps must not attempt to query every RCE directory entry that has FHIR endpoints. Instead, if an IAS app is uncertain which other Participants have a given patient’s records, the IAS app should initiate an XCPD query to identify the subset of Participants with potential matches. IAS apps are expected to have reasonable confidence that a given organization maintains records for a patient prior to attempting FHIR-based exchange.

FHIR Specifications

Epic Nexus Participants use the R4 version of the FHIR standard. Documentation for all of the public FHIR APIs supported by Epic’s customers are available at fhir.epic.com/specifications.

Other Helpful Tips

Epic has published an interoperability guide with design considerations for developers on Open.epic.com. Many of those considerations are applicable to IAS apps in TEFCA and may be helpful as you’re building your app. You’ll also want to consider the app developer guidelines and other documentation posted on FHIR.epic.com.