In the healthcare industry, secure access to patient information is paramount. To ensure robust authentication for backend applications, SMART backend services provides a comprehensive framework built upon OAuth 2.0 standards. In this guide, we’ll walk you through the process of building a backend OAuth 2.0 app, completing the required Epic community member setup, and obtaining an access token using a JWT (JSON Web Token) for your backend service.
OAuth 2.0 authentication for backend applications allows secure access to patient information without direct user interaction. Here’s how you can set up your backend application:
You can create a new private key named privatekey.pem using OpenSSL with the following command:
openssl genrsa -out /path_to_key/privatekey.pem 2048
Make sure the key length is at least 2048 bits.
Then you can export the public key to a base64 encoded X.509 certificate named publickey509.pem using this command:
openssl req -new -x509 -key /path_to_key/privatekey.pem -out /path_to_key/publickey509.pem -subj '/CN=myapp'
Where ‘/CN=myapp’ is the subject name (for example the app name) the key pair is for. The subject name does not have a functional impact in this case but is required to create an X.509 certificate.
Ensure your application is mapped to an Epic user account for auditing purposes. This setup is essential for tracking web service calls made by your backend application and maintaining compliance with security standards.
JWTs play a crucial role in obtaining access tokens for Backend Services. Here’s how you can generate a JWT and exchange it for an access token:
After completing the OAuth 2.0 setup, you can manage your app’s configuration and select the specific resources you need data from:
import os
import json
import requests
from datetime import datetime, timedelta, timezone
import jwt
import secrets
def get_bearer_token():
EPIC_ENDPOINT = os.getenv('EPIC_ENDPOINT')
try:
client_id = os.getenv("CLIENT_ID")
message = {
'iss': client_id,
'sub': client_id,
'aud': EPIC_ENDPOINT + "/oauth2/token",
'jti': secrets.token_hex(16),
'iat': int(datetime.now(timezone.utc).timestamp()),
'exp': int((datetime.now(timezone.utc) + timedelta(minutes=5)).timestamp()),
}
private_key = os.getenv("FHIR_PVT_FILE").replace("\\n", "\n")
compact_jws = jwt.encode(message, private_key, algorithm='RS384')
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
}
data = {
'grant_type': 'client_credentials',
'client_assertion_type':
'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
'client_assertion': compact_jws
}
response = requests.post(EPIC_ENDPOINT + "/oauth2/token", headers=headers, data=data)
response_data = json.loads(response.text)
bearer_token = response_data['access_token']
return bearer_token
except Exception as e:
raise e
def get_api_headers():
try:
bearer_token = get_bearer_token()
return {
'Authorization': f"Bearer {bearer_token}",
'Accept': 'application/fhir+json'
}
except Exception as e:
raise e
In my case, I need to retrieve patient-related information using the Medical Record Number (MRN), and then obtain encounter and observation data, I followed these steps:
import requests
# OAuth 2.0 access token obtained earlier
access_token = “YOUR_TOKEN”
# Function to retrieve patient ID using MRN
def get_patient_id(mrn):
base_url = "https://fhir.epic.com/interconnect-fhir-oauth/"
search_url = f"{base_url}/Patient?identifier=MRN|{mrn}"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.get(search_url, headers=headers)
if response.status_code == 200:
data = response.json()
if "entry" in data:
patient_id = data["entry"][0]["resource"]["id"]
return patient_id
return None
# Function to fetch encounters for a patient
def fetch_encounters(patient_id):
base_url = "https://fhir.epic.com/interconnect-fhir-oauth/"
encounter_url = f"{base_url}/Encounter?subject={patient_id}"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.get(encounter_url, headers=headers)
if response.status_code == 200:
data = response.json()
if "entry" in data:
encounters = [entry["resource"] for entry in data["entry"]]
return encounters
return None
# Function to fetch observation data for an encounter
def fetch_observations(encounter_id):
base_url = "https://fhir.epic.com/interconnect-fhir-oauth/"
observation_url = f"{base_url}/Observation?encounter={encounter_id}"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
response = requests.get(observation_url, headers=headers)
if response.status_code == 200:
data = response.json()
if "entry" in data:
observations = [entry["resource"] for entry in data["entry"]]
return observations
return None
# Example usage
mrn = "123456" # Replace with the patient's MRN
patient_id = get_patient_id(mrn)
if patient_id:
encounters = fetch_encounters(patient_id)
if encounters:
for encounter in encounters:
encounter_id = encounter["id"]
observations = fetch_observations(encounter_id)
# Process observation data as needed
print(f"Encounter ID: {encounter_id}, Observations:
{observations}")
else:
print("No encounters found for the patient.")
else:
print("Patient not found.")
Using OAuth 2.0 authentication with SMART backend services ensures that your backend application can securely access patient information. Following our discussed steps, you can create a strong and compliant backend system that keeps sensitive data safe. Watch for more tips and tricks on using SMART backend services and OAuth 2.0 authentication to improve healthcare data security. With these technologies, you can significantly advance healthcare delivery and patient care.
How to Effectively Hire and Manage a Remote Team of Developers.
Download NowMindbowser played a crucial role in helping us bring everything together into a unified, cohesive product. Their commitment to industry-standard coding practices made an enormous difference, allowing developers to seamlessly transition in and out of the project without any confusion....
CEO, MarketsAI
I'm thrilled to be partnering with Mindbowser on our journey with TravelRite. The collaboration has been exceptional, and I’m truly grateful for the dedication and expertise the team has brought to the development process. Their commitment to our mission is...
Founder & CEO, TravelRite
The Mindbowser team's professionalism consistently impressed me. Their commitment to quality shone through in every aspect of the project. They truly went the extra mile, ensuring they understood our needs perfectly and were always willing to invest the time to...
CTO, New Day Therapeutics
I collaborated with Mindbowser for several years on a complex SaaS platform project. They took over a partially completed project and successfully transformed it into a fully functional and robust platform. Throughout the entire process, the quality of their work...
President, E.B. Carlson
Mindbowser and team are professional, talented and very responsive. They got us through a challenging situation with our IOT product successfully. They will be our go to dev team going forward.
Founder, Cascada
Amazing team to work with. Very responsive and very skilled in both front and backend engineering. Looking forward to our next project together.
Co-Founder, Emerge
The team is great to work with. Very professional, on task, and efficient.
Founder, PeriopMD
I can not express enough how pleased we are with the whole team. From the first call and meeting, they took our vision and ran with it. Communication was easy and everyone was flexible to our schedule. I’m excited to...
Founder, Seeke
Mindbowser has truly been foundational in my journey from concept to design and onto that final launch phase.
CEO, KickSnap
We had very close go live timeline and Mindbowser team got us live a month before.
CEO, BuyNow WorldWide
If you want a team of great developers, I recommend them for the next project.
Founder, Teach Reach
Mindbowser built both iOS and Android apps for Mindworks, that have stood the test of time. 5 years later they still function quite beautifully. Their team always met their objectives and I'm very happy with the end result. Thank you!
Founder, Mindworks
Mindbowser has delivered a much better quality product than our previous tech vendors. Our product is stable and passed Well Architected Framework Review from AWS.
CEO, PurpleAnt
I am happy to share that we got USD 10k in cloud credits courtesy of our friends at Mindbowser. Thank you Pravin and Ayush, this means a lot to us.
CTO, Shortlist
Mindbowser is one of the reasons that our app is successful. These guys have been a great team.
Founder & CEO, MangoMirror
Kudos for all your hard work and diligence on the Telehealth platform project. You made it possible.
CEO, ThriveHealth
Mindbowser helped us build an awesome iOS app to bring balance to people’s lives.
CEO, SMILINGMIND
They were a very responsive team! Extremely easy to communicate and work with!
Founder & CEO, TotTech
We’ve had very little-to-no hiccups at all—it’s been a really pleasurable experience.
Co-Founder, TEAM8s
Mindbowser was very helpful with explaining the development process and started quickly on the project.
Executive Director of Product Development, Innovation Lab
The greatest benefit we got from Mindbowser is the expertise. Their team has developed apps in all different industries with all types of social proofs.
Co-Founder, Vesica
Mindbowser is professional, efficient and thorough.
Consultant, XPRIZE
Very committed, they create beautiful apps and are very benevolent. They have brilliant Ideas.
Founder, S.T.A.R.S of Wellness
Mindbowser was great; they listened to us a lot and helped us hone in on the actual idea of the app. They had put together fantastic wireframes for us.
Co-Founder, Flat Earth
Ayush was responsive and paired me with the best team member possible, to complete my complex vision and project. Could not be happier.
Founder, Child Life On Call
The team from Mindbowser stayed on task, asked the right questions, and completed the required tasks in a timely fashion! Strong work team!
CEO, SDOH2Health LLC
Mindbowser was easy to work with and hit the ground running, immediately feeling like part of our team.
CEO, Stealth Startup
Mindbowser was an excellent partner in developing my fitness app. They were patient, attentive, & understood my business needs. The end product exceeded my expectations. Thrilled to share it globally.
Owner, Phalanx
Mindbowser's expertise in tech, process & mobile development made them our choice for our app. The team was dedicated to the process & delivered high-quality features on time. They also gave valuable industry advice. Highly recommend them for app development...
Co-Founder, Fox&Fork