Nepal Health Facilities integration

Owned by Dragos Dobre
Last updated: Apr 03, 2020
2 min read

Objective: Integrate openIMIS with Health Facilities through FHIR module

limitations of FHIR module and what are the permissions

Minutes;

  • meeting with 9 devs from Nepal partners

  • developed their own MRS

  • some are already integrated with DHIS2 using default API => 1to1 connexion

  • endpoints to be used:

    1. Get the Master Data from REST API

    2. Enquire the Insuree/Patient with EligibilityRequest and Patient search by Insuree Id

    3. Send Claims with POST Claim

    4. Get Claim status with GET ClaimResponse/UUID

  • features:

    • medical items and services to be dld (once then incrementally updated?) =>

      • doesn’t

      • use REST API to dld the data

    • eligibility request => enquiring (live requests based on chfid >> what hit rate expected?, can we (openIMIS) support/‘offer’?)

      • Patient information not part of the EligibilityResponse

      • use the Patient resource with the search by the identifier with the Insuree number

    • claim submission (Claim Attachments too?) (single submit or bulk submits? >> what hit rate, can we (openIMIS) support/‘offer’?)

    • claimRequest => get the situation of the Claim (live requests based on claim id >> what hit rate expected?, can we (openIMIS) support/‘offer’?)

  • Security

    • Connection restriction (by IP of the external APP)

    • Authentication

      • technical user connecting (the application)

      • ‘real user’ identity in the external app >> the other app & openIMIS have to share the “login definitions” (or auto-provisioning - with a “default role… and HF?”)

        • shared SSO (external share the signed token to prove user is who he claim to be)

        • plain username transmitted (in hearder,…) - openIMIS ‘trust’ the other application

    • Authorization

       

      • per FHIR resource ?

      • ‘fine grained’ (limited accès to claims of user-registered HF,…)?

        • WARNING: eligibility (FHIR) request is bound to the stored-proc : any fine grained security would have to be made in the stored proc (if not already done)

  • Performances

    • How do we “protect against”/”temper” load generated on openIMIS by API calls (balance resources with openIMIS “interactive” users)?

    • Serve ‘static’/'meta' (/…) data from mirrored DB?

  •  

 

Did you encounter a problem or do you have a suggestion?

Please contact our Service Desk


This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-sa/4.0/