Objective: Integrate openIMIS with Health Facilities through FHIR module
limitations of FHIR module and what are the permissions
Minutes;
meeting with 9 devs from Nepal partners
developed their own MRS
some are already integrated with DHIS2 using default API => 1to1 connexion
endpoints to be used:
Get the Master Data from REST API
Enquire the Insuree/Patient with EligibilityRequest and Patient search by Insuree Id
Send Claims with POST Claim
Get Claim status with GET ClaimResponse/UUID
features:
medical items and services to be dld (once then incrementally updated?) =>
doesn’t
use REST API to dld the data
eligibility request => enquiring (live requests based on chfid >> what hit rate expected?, can we (openIMIS) support/‘offer’?)
Patient information not part of the EligibilityResponse
use the Patient resource with the search by the identifier with the Insuree number
claim submission (Claim Attachments too?) (single submit or bulk submits? >> what hit rate, can we (openIMIS) support/‘offer’?)
claimRequest => get the situation of the Claim (live requests based on claim id >> what hit rate expected?, can we (openIMIS) support/‘offer’?)
Security
Connection restriction (by IP of the external APP)
Authentication
technical user connecting (the application)
‘real user’ identity in the external app >> the other app & openIMIS have to share the “login definitions” (or auto-provisioning - with a “default role… and HF?”)
shared SSO (external share the signed token to prove user is who he claim to be)
plain username transmitted (in hearder,…) - openIMIS ‘trust’ the other application
Authorization
per FHIR resource ?
‘fine grained’ (limited accès to claims of user-registered HF,…)?
WARNING: eligibility (FHIR) request is bound to the stored-proc : any fine grained security would have to be made in the stored proc (if not already done)
Performances
How do we “protect against”/”temper” load generated on openIMIS by API calls (balance resources with openIMIS “interactive” users)?
Serve ‘static’/'meta' (/…) data from mirrored DB?