Skip to content

Contextual launch

wjehring edited this page Mar 22, 2023 · 31 revisions

Maturity

Standard

Motivation

Patient information necessary for care may be held on multiple systems e.g. PAS, EHR and ePaCCS. Users can separately access these systems, but this does not provide best UX. It adds additional workload in managing multiple identities and searching separately for patients. It creates clinical risk should users find the wrong patient or if the workload deters them from accessing information that would influence care.

An application can be configured to launch another system within the context of a specific patient so that relevant information is displayed to the user without searching. Authn/authz credentials can be passed so that users are not forced to manage an additional identity.

For example, a browser launched to the url:

https://sider.nhs.uk/app/launch?patient=https://fhir.nhs.uk/Id/nhs-number|4123456789&birthdate=2001-12-25&location=https://fhir.nhs.uk/Id/ods-organization-code|A12345&practitioner=https://sider.nhs.uk/auth|doctor@nhs.net

would open on a screen displaying information for the patient with NHS number 4123456789, born on 25th Dec 2001 appropriate for A12345 and doctor@nhs.net.

Questions

Implementation

App

App is the web application launched in context.

Search parameters

Name Type Required Description
patient token Yes The Identifier for the patient
birthdate date Yes The birthdate of the patient. Must be a date.
location token Yes The Identifier of the organisation or site of the practitioner launching the app
practitioner token No The Identifier of the practitioner launching the app
exp date No Identifies the expiration time on or after which the url MUST NOT be launched. Comparator prefixes (eq, ne, etc) must not be used. Must be a dateTime.
nbf date No Identifies the time before which the url MUST NOT be launched. Comparator prefixes (eq, ne, etc) must not be used. Must be a dateTime.
serviceId GUID No Identifies the warden serviceId to launch to. This avoids presenting the user with a service picker if they have multiple services assigned to them.

Implementations must:

  • reject requests where patient and birthdate parameters are missing or unrecognised
  • reject requests where the location parameter is missing or unrecognised
  • reject requests where the practitioner parameter is does not match the user after authentication
  • support patient parameter where system=https://fhir.nhs.uk/Id/nhs-number
  • support location parameter where system=https://fhir.nhs.uk/Id/ods-organization-code
  • reject requests outside the bounds of the exp and nbf parameters where these are provided. Processing follows the rules for JWT exp/nbf claims
  • reject requests where access_token is from an invalid issuer, has expired or fails signature validation.

Implementations may support:

  • patient parameter with other systems, subject to local agreement
  • location parameter where system=https://fhir.nhs.uk/Id/ods-site-code
  • location parameter with other systems, subject to local agreement
  • additional parameters as necessary for best UX, subject to local agreement.

Display

  • System must only display information relevant to the practitioner and location
  • If practitioner and/or location are invalid, system must display an error message. System may then direct user to a logon screen if appropriate.
  • System must display information relevant to the patient, including a banner containing sufficient information to allow user to verify that correct patient is displayed. Patient banner should follow NHS CUI guidelines.
  • If patient cannot be found, system must display an error message.
  • System must not allow user to change context (practitioner, location, patient) if it has been launched in context.

Launcher

Launcher is the system determining the context and launching the app

Additional Parameters

  • banner - adding this to the launch string e.g. &banner=true will hide the patient demographics banner. This can be helpful in cases where the session is being launched inside an iframe/parent application and the patient demographics are already displayed.

Security

For production systems: