Portal and Web Application Connectivity Architecture and Standards Version: 1.0 Document Owner: ehealth Ontario
Copyright Notice Copyright 2015, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying or transmission electronically to any computer, without prior written consent of ehealth Ontario. The information contained in this document is proprietary to ehealth Ontario and may not be used or disclosed except as expressly authorized in writing by ehealth Ontario. Trademarks Other product names mentioned in this document may be trademarks or registered trademarks of their respective companies and are hereby acknowledged. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 i
Document Control The electronic version of this document is recognized as the only valid version. Approval History APPROVER(S) TITLE/DEPARTMENT APPROVED DATE Peter Bascom Mike Krasnay Revision History Chief Architect/Architecture, Standards and Planning Director of Integration and Solutions Architecture/ Architecture, Standards and Planning YYYY-MM-DD YYYY-MM-DD VERSION NO. DATE SUMMARY OF CHANGE CHANGED BY 0.04 7/18/2015 Initial Draft prepared for copy edit ehealth Ontario 0.05 7/24/2015 Edited version. Distributed for internal review ehealth Ontario 0.10 10/27/2015 Updated based on internal reviews ehealth Ontario 0.11 9/3/2015 Prepared for SC/BTC review ehealth Ontario 0.20 11/19/2015 Updates based on BTC and SC open review ehealth Ontario 1.0 11/25/2015 Final for publication ehealth Ontario Document Sensitivity Level Low Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 ii
Table of Contents About this Document 1 Executive Summary 2 Clinical Portals and Web Applications... 2 Unified Point of Access... 3 Single Sign On (SSO) and Patient Context Sharing... 3 Introduction 4 Blueprint Alignment... 4 Provincial and Regional Portals... 5 Special Focus Portals and Web Applications... 6 Provider Managed Portals and Web Applications... 6 Consumer Health Portals... 7 Standards Alignment... 7 Connectivity Overview... 7 Current State 10 Clinical Portals and Web Applications... 10 Provincial and Regional Portals... 10 Special Focus Portals and Web Applications... 11 Provider Managed Portals and Web Applications... 12 Unified Point of Access... 12 Single Sign on and Patient Context Sharing... 13 Authentication... 14 Service Authorization... 15 Context Sharing... 15 Future State 16 Clinical Portals and Web Applications... 16 Provincial and Regional Portals... 16 Special Focus Portals and Web Applications... 17 Provider Managed Portals and Web Applications... 17 Unified Point of Access... 17 Single Sign on and Patient Context Sharing... 18 Authentication... 18 Authorization... 19 Context Sharing... 19 Transition 21 Clinical Portals and Web Applications... 21 Unified Point of Access... 21 Single Sign on and Patient Context Sharing... 21 Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 iii
Table of Figures Figure 1: Blueprint view of types of ehealth portal in Ontario... 5 Figure 2: Current state of portals and web applications showing clinical viewers and data sources... 10 Figure 3: Current state of ehealth Portal... 12 Figure 4: Current state of single sign on and patient context sharing... 14 Figure 5: Future state of portals and web applications showing clinical viewers and data sources... 16 Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 iv
About this Document The portal and web application connectivity document expands on information presented in Ontario s EHR connectivity strategy. It addresses the technical and architectural solution for provider portals in Ontario. The following documents are also referenced: Ontario s ehealth blueprint Single sign on/patient context sharing standard Note: The Ministry of Health and Long-Term Care has embarked on ehealth 2.0 a comprehensive undertaking to renew the province s ehealth strategy. This document has been developed and released prior to completion of ehealth 2.0. As such, this document will likely need to be updated in the future to reflect the confirmed strategic directions of ehealth 2.0. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 1
Executive Summary While the electronic health record (EHR) architecture makes provision for health care providers working exclusively in their point of service (POS) systems, the vast majority of clinical information systems used in practice today are not designed for such integration. For the foreseeable future it is necessary to rely upon web-based portals and applications to ensure that all providers have access to provincial EHR information. The current landscape is filled with independent, non-integrated web-based solutions. Some are used for viewing EHR data, others for performing specific work flows. There is no unified access point or single credential that providers can use for these applications. The goal of portal and web application connectivity is to create a consolidated provider view that will: Ensure that all providers in Ontario have access to a regional and/or provincial portal that shows comprehensive provincial EHR data Ensure that all providers in Ontario have access to the special focus portals and web applications, such as the Client Health & Related Information System (CHRIS) or Panorama, necessary for their practice Offer a unified point of access to providers for the purpose of accessing EHR viewers, special focus portals, and web applications Enable single sign on and patient context sharing so that providers do not need to maintain multiple sets of credentials and can seamlessly transition between all portals and applications One of the core principles in Ontario s ehealth blueprint is to minimize changes to clinician workflows by facilitating access from existing point of service applications, so that users can use familiar tools to access health information from EHR sources with minimal disruption to their working environment. To that end, portal and web application connectivity attempts to re-use existing assets that have significant uptake or provide significant clinical value, while maintaining alignment with Ontario s ehealth blueprint. Clinical Portals and Web Applications In the future, all health care providers in Ontario will continue to work in their core clinical information systems. They will also have access to regional or provincial EHR portals that offer longitudinal views of patient clinical information. These portals may have their own look and feel but they will be integrated with provincial repositories and registries (such as the provider, client, and consent registries) to ensure consistent views of EHR data and to allow seamless integration. All access to provincial assets will be through the provincial health information access layer (HIAL). The south west Ontario (SWO) region s ClinicalConnect viewer will continue to be the EHR viewer for that region. It is a strategic asset due to the significant investment it has received, its clinical uptake, and its value to providers. For the same reasons the clinical data viewer (CDV) will continue to be the regional EHR viewer for the GTA region while also being adopted for the northern and eastern Ontario (NEO) region. The ehealth Portal will provide an EHR viewer that is unaffiliated with any of the regions but shows the same clinical data for providers not on the ClinicalConnect or CDV roadmap. Strategic special focus portals and web applications such as Panorama and CHRIS will continue to be maintained and enhanced by their owners as required. As with the EHR viewers, they will access clinical data through the provincial HIAL and will utilize the common provincial registries. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 2
Unified Point of Access EHR viewers, clinical portals, and web applications can be launched directly from a web browser or from a point of service application (such as a hospital information system). A profusion of user registrations, agreements, and support arrangements, and lack of patient context significantly hinders the adoption of these applications. To mitigate this situation, this approach proposes creating a unified aggregator or consolidated provider view from which all portals and applications can be accessed. This point of access will be provided by ehealth Portal. Health care providers will log into ehealth Portal and be presented with links to all the portals and web applications they are authorized to use. This will not prevent them from directly accessing the applications; it will simply give them a convenient launching point, as well as collaborative spaces for communicating with other providers and sharing documents and information. Use of ehealth Portal as a unified access point for all web based clinical applications, in conjunction with single sign on (SSO) and patient context, will increase adoption and uptake for all services, as providers will only need to remember a single URL to access all of them. As new systems and services come online or change, authorized providers will be made immediately aware of them upon logging into ehealth Portal. Single Sign On (SSO) and Patient Context Sharing Single sign on allows providers to move between applications without maintaining multiple login accounts; context sharing allows a patient identifier from one application to be shared with another. ehealth Portal will support ehealth Ontario s single sign on/patient context sharing standard, allowing it to be launched from a hospital information system or EMR so that providers can seamlessly transition to it from their POS, and the single sign on and context sharing will propagate to the other accessible systems. EHR viewers, portals, and web applications will be updated to support the single sign on/patient context sharing standard, which will allow providers to launch an EHR viewer, portal, or web application, and be seamlessly logged in using the same credentials used to log into their POS system. After using the first application to find a client, the provider will then be able to launch another application or portal without having to search again. Integrating with the provincial client registry is not a requirement for participating in context sharing; however, if an application does not use the provincial client registry to resolve identifiers, it may not be able to show clinical data for all patients. It is therefore strongly recommended that all portals and applications use the provincial registries. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 3
Introduction While the EHR architecture makes provision for providers working exclusively in their point of service system, the vast majority of clinical information systems used in practice today are not designed for such integration. For the foreseeable future it is therefore necessary to rely upon web-based portals and applications to ensure that all providers have access to provincial EHR information. The current landscape is filled with independent, non-integrated web-based solutions. Some are used for viewing EHR data, others for performing specific work flows. There is no unified access point or single credential to that providers can use for these applications. The goal of portal and web application connectivity is to create a consolidated provider view that will: Ensure that all providers in Ontario have access to a regional and/or provincial portal that shows comprehensive provincial EHR data Ensure that all providers in Ontario have access to the special focus web applications and portals necessary for their practice Provide a unified point of access to all EHR viewers and special focus web applications and portals Enable single sign on so that health care providers do not need to maintain multiple sets of credentials and can seamlessly transition between applications within the consolidated provider view One of the core principles in Ontario s ehealth blueprint is to minimize changes to clinician workflows by facilitating access from existing point of service applications, so that users can use familiar tools to access health information from EHR sources with minimal disruption to their working environment. To that end, the approach attempts to reuse existing assets that have significant uptake or provide significant clinical value. Blueprint Alignment Ontario s ehealth blueprint groups portals with other access points, including laboratory information systems (LIS), electronic medical record (EMR) systems, hospital information systems (HIS), and pharmacy systems used in labs, clinics, hospitals, pharmacies, home care settings, and community services, all of which provide access to health care information and sources of requests for health care information. Health care clients, providers, health sector managers (end users) and researchers use these access points to automate business, clinical, and information practices and processes, as well as to support program and research functions. Access points use data or web channels to connect to the EHR. In order to get, put or use EHR data in a secure and interoperable manner, they use standards-based integration tools and interoperable specifications to connect to the HIAL. Access to EHR data is provided by standard messaging formats such as HL7, through provincial and business services exposed by the HIAL. The ehealth blueprint describes portals as web sites that provide a unified point of access to online services for a target group of users, aggregating information from multiple sources and presenting it as a unified whole. Standardsbased web portals are a key delivery channel for sharing EHR information. The anticipated portal landscape will include portals serving user groups or aggregating similar content and services, such as: Provincial and regional portals Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 4
Special focus portals, supporting specific interests, run by health care organizations such as Cancer Care Ontario Provider-managed portals run by hospitals or other health care organizations Consumer health portals for the general public to access their health information and services Individual portals are integrated into a federated, standards-based, province-wide structure, offering shared content and services to stakeholders. All ehealth portals will be technologically interoperable, able to use a province-wide authentication and authorization framework, and will follow taxonomy and component construction standards to simplify integration and content sharing. Figure 1: Blueprint view of types of ehealth portal in Ontario Provincial and Regional Portals Designed to offer a wide selection of information and functionality from different sources across the province, these portals provide reference implementations of EHR functionality and core infrastructure for applications that will be used by providers and health care recipients. These portals will: Be based on common portal standards, to promote sharing and reuse of portlets. This will reduce development, implementation and ongoing support costs, and will promote a common presentation of Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 5
clinical data. Individual portlets, e.g. for labs or medications, will be able to share context and will be presented together to provide clinicians with a more complete health care client perspective. Provide web-based access to all ehealth Ontario core services, such as labs and medication management Provide users with local, regional and provincial assets in one location Facilitate the rapid deployment of new health applications and information repositories Provide contextual references to associated sites, agencies and organizations Special Focus Portals and Web Applications Ontario has a number of organizations dedicated to the care and treatment of health care clients with specific requirements, and these organizations use of and participation in the EHR is supported. These special focus portals and applications are not just for viewing data, but can also be used for clinical transactions such as: eprescribing: allows physicians and other medical practitioners to write and send prescriptions to participating pharmacies electronically instead of using handwritten or faxed notes or calling in prescriptions ereferrals: the automation of one or more activities involved in initiating, negotiating and closing the process of referring a patient econsult: allows a provider to send a question to another (specialist) provider electronically, without requiring the client to see the provider being consulted Reusable, standards-based portlets will enable rapid deployment and adoption of appropriate features for the special focus area. Provincial and regional portals can maintain links to these special focus portals, providing context-specific references and extending the continuity of experience for users. Provider Managed Portals and Web Applications Since providers have the strongest relationships with health care clients and the deepest understanding of their health issues, organizations such as large hospitals may create their own web-based access channels for communication with staff and health care clients. These portals will also be able provide access to the EHR. Examples include: Hospital portals for internal health care staff Hospital web applications for health care clients Radiology, labs, or medication web access interfaces Primary care web interfaces for health care clients Community care health care client and provider web applications Pharmacy portals for health care clients Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 6
Some providers may be able to access health care client information using local technology such as a connected (local) EMR. Other providers who do not have this capability can access the EHR via a portal. Web technologies such as portals will allow access to elements of the EHR, enabling ehealth Ontario to deploy features broadly and rapidly as new services are available. Consumer Health Portals These are portals accessible to anyone in Ontario. The blueprint allows for the future implementation of consumer health portals, to provide health-related information to any user of the health care system. Consumer oriented functionality can be provided through consumer portlets presented across multiple delivery partner portals. The consumer experience will provide users with access to information and services to allow them to be more engaged in their own health care, to better navigate the health system, and to interact with providers. Since this document is focused on health care provider access, consumer portals are not in its scope. It is, however, identified as a future opportunity within the Portal Business document. Standards Alignment ehealth Ontario s Architecture and Standards group is uniquely positioned to provide integration standards and recommendations for all web based applications, specifically: ehealth Ontario s single sign on/patient context sharing standard, based on SAML authorization ehealth Ontario provincial client registry standard A provincial reference model for how regional and special focus portals can participate in connectivity Other standards are available on the ehealth Ontario Standards page. Accessibility for any web application is important. As such the use of industry and provincial standards for accessibility are applicable: The W3C Web Content Accessibility Guidelines (WCAG) 2.0 The Accessibility for Ontarians with Disability Act Connectivity Overview In keeping with its core principles, the approach recognizes that the SWO, GTA, and NEO regional viewers are strategic assets that should continue to provide access to EHR data for all providers in the province. Strategic special focus portals such as CHRIS will also continue to serve their own targeted provider community. ehealth Portal will provide a unified point of access to these viewers. Single sign on will be enabled by the federation of identity providers with the ehealth Ontario identity federator, ONE ID, ensuring that providers can log onto ehealth Portal and move seamlessly between web-based viewers without maintaining separate credentials. ehealth Portal will also become a service provider in the provincial identity federation so that it can be launched with credentials from any federated identity provider, e.g. point of service (POS) applications such as hospital information systems. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 7
Finally, patient context will be enabled. A provider viewing a client s data in their hospital information system and wanting a broader EHR view of that data can launch a browser and display the client s EHR information without reentering a username or password or re-selecting the client. To ensure a consistent view of the EHR and to enforce consistent access policies, all viewers will access provincial repositories and registries via the provincial health information access layer. Summary of Portals and Viewers Current State There is a proliferation of special focus portals with no catalogue or unified entry point Regional portals exist, but present only a subset of the EHR Most portals use local registries and are not integrated with provincial registries ONE ID systems and processes are approved for protection and access of personal health information (PHI) ONE ID provides inclusive security services for the Ontario Telemedicine Network (OTN) Hub, Cancer Care Ontario (CCO) ereports, ehealth Portal, Drug Profile Viewer (DPV), OLIS, Panorama and others A distributed network of registration agents supports the issuance of ONE ID credentials ONE ID provides a security enforcement layer for provincial HIAL segment ONE ID is a federated identity provider (IDP) ONE ID provides identity and entitlement data provisioning and reconciliation services ONE ID provides enhanced risk based authentication Health care client context management between POS systems and EHR viewers occurs at EHR viewer launch only Future State Providers have access from POS systems to ehealth Portal EMR applications fully integrated with the provincial federated SSO model. ehealth Portal provides a launching point for regional portals and special focus portals and web applications Regional portals present a complete view of the EHR All portals and web applications are integrated with provincial registries ONE ID is an identity federation operator and routes distributed authentication traffic for the province ONE ID provides a centralized application authorization datastore, with management interfaces to assist service owners in making authorization decisions ONE ID is a mobile application security provider ONE ID provides a large deployment base of provincially trusted digital identity providers Participating viewers and POS systems are able to set and acquire health care client context, enabling health care client context to be continually maintained between a provider s POS system and EHR viewer ONE ID provides a federated trust relationship between ONE ID and GO Secure (the Government of Ontario online access point for Broader Public Sector organizations) for purpose of enabling provider single sign on Transition Technology refresh for ehealth Portal is completed ONE ID technology platform refresh in support of mobile application security is complete ehealth Portal enhancements take place to support aggregation of and linkage to regional and special focus portals Regional portals are integrated with provincial assets (provincial provider registry (PPR), provincial client registry (PCR), OLIS, clinical data repository (CDR), diagnostic imaging (DI), comprehensive drug profile repository (CDPR)), providing a complete EHR view Special focus portals and web applications are integrated with provincial registries (PPR, PCR, ONE ID) in support of patient context An end state context management solution is be created, including architecture and standards governance Finalization of federation business framework (policies, standards & agreements) takes place cgta transitions to the provincial ONE ID solution Strategic Assets Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 8
ehealth Portal EHR viewers: o CDV o ClinicalConnect TM viewer o Provincial EHR portal Special focus portals and web applications: o CHRIS o CCO ereports, CCO DAP-EPS o OTN Hub o Panorama Provincial registries and repositories: o PPR o PCR o OLIS o CDR o DI o CDPR EMR systems HIS ONE ID suite of services Key Milestones Completion of ehealth Portal technology refresh Completion of regional portal integration with provincial registries (PPR, PCR) Completion of special focus portal and web application integration with provincial registries (PPR, PCR) Completion of regional portal integration with provincial repositories (OLIS, CDR, DI, CDPR) Completion of special focus portal and web application integration with provincial repositories as appropriate Onboarding of regional EHR viewers (cgta, cneo, cswo) Onboarding of ehealth Portal as a federated application Migration of cgta pilot organizations Onboarding of special focus portals and web applications Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 9
Current State Clinical Portals and Web Applications In Ontario, significant investments have been made into regional web portals that provide a view into the provincial EHR. These portals provide access to health care information such as acute care admit, discharge and transfer (ADT) records, lab results, diagnostic imaging reports, allergies, and drug profiles from across the province. The current state of clinical portals in Ontario is shown below in Figure 2, which illustrates the ClinicalConnect viewer used in SWO, the clinical data viewer (CDV) used in GTA, the ehealth Portal EHR viewer used provincially, and the NEO Ottawa Hospital portal pilot. The diagram does not contain an exhaustive view of portals and applications, but contains illustrative instances referenced in the document. cmp PIM - Clinical Portals and Web Applicationsl Current State Provincial Health Care Providers SWO Provider GTA Provider NEO Provider Special Standalone Focus Portals Clinical and Applications Web Applications Provider Managed portals Portals and Web Applications Provincial and Regional Portals CHRIS Viewer Cancer Care Ontario OTN Hub Panorama UHN - Patient Results Online MyTOH Portal ClinicalConnect Viewer Clinical Data Viewer Provincial EHR Viewer Provincial EHR EHR Integration Assets Assets ClinicalConnect Connect Component Provincial Client Registry Provincial Provider Registry Portlet Web Services Services Consent Audit Provincial Health Provincial Information HIAL Access Layer Integration Data Terminology XDS Registry ehealth Ontario HIAL Segment ONEID Integration Data Standalone Clinical Repositories cgta cgta CDR CDR Solution Solution Provincial Repositories Local Registries Lab Reports Client Health and Resource Related Information Database System Repository Immunization Record Repository Others Clinical Data Repository Lab Reports OLIS Repository DI Health Network System Reports (HNS) Registry Data Local Client Registry Local Provider Registry LTC Case Data Registry Data Registry Data Registry Data Local Consent Registry Local Terminology Registry Figure 2: Current state of portals and web applications showing clinical viewers and data sources Provincial and Regional Portals ClinicalConnect is a secure web portal that provides physicians and clinicians in the SWO region with real-time access to their patients' electronic medical information. The primary sources of data for ClinicalConnect are SWO regional hospital information systems, but it also presents data from other clinical data repositories such as community care access centres (CCACs), oncology centres, and OLIS. The underlying software for ClinicalConnect is supplied by Influence Health. The viewer has been deployed and has significant uptake within the SWO region. ClinicalConnect is portlet based. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 10
In the GTA region, the cgta clinical data viewer (CDV) is the regional portal. It presents a consistent view of clinical information for a single patient at a time. Its primary source of data is the provincial clinical data repository (CDR), but it also presents data from other clinical repositories such as OLIS. The CDV s underlying software is based on the Harris Provider Portal. This is a standards-based web portal with commercial, off-the-shelf (COTS) portlets. The CDV has recently gone live in the GTA region with a limited production release and plans to roll out to the entire region within the year. Currently, the NEO region does not have a portal. Pilots are underway using portlets provided by ehealth Ontario and ONE ID authorization, but they are not expected to roll out to the entire region. ehealth Ontario has developed a web based provincial EHR portal, built with ehealth Ontario-developed portlets (applications) presenting data from provincial repositories such as OLIS and diagnostic imaging, accessed from ehealth Portal for those without access to a regional portal. The portal infrastructure is the same as that used in the CDV which supports the JSR-286 portlet standard and the WSRP 2.0 standard. All the portlets are written using the WSRP 2.0 standard so that they can be used in other portals, such as the CDV. The current users of the provincial EHR portal include a wide range of provider types (e.g. nurses, lab technologists and researchers) and a wide range of settings (e.g. public health units, community agencies, long term care homes, CCACs, and project/initiative groups such as Health Links). They use the provincial EHR portal to access: The provincial client registry The provincial provider registry Laboratory results from the OLIS repository Diagnostic imaging reports from the provincial DI repository Special Focus Portals and Web Applications Multiple independent projects are underway or operational across the province to create special focus portals and web applications that support specific work flows, providing functionality that is too complex to be integrated directly into one of the EHR viewers. These applications may benefit from integration with provincial assets to support single sign on, enhanced security, and common look and feel. Additionally, benefit may be gained through integration with provincial repositories such as the provincial client and provider registries. While delivering clinical value, there is further opportunity to leverage provincial assets for consistency in how they are accessed and how they work together. Special focus portals include: CHRIS: the Client Health & Related Information System, a web-based patient management tool for Ontario's CCACs. CCO ereports and DAP-EPS: Cancer Care Ontario ereports, a web based reporting platform integrated with ONE ID for Primary Care Physicians (PCPs) to access screening activity reports for various cancers. Diagnostic Assessment Program Electronic Pathway Solution (DAP-EPS) is an internet accessible, web based tool to improve the patient and provider experience throughout the diagnostic journey. This interactive website provides patients, DAP staff and health care providers with shared information and support as a patient progresses from the suspicion of cancer to a definitive cancer or a non-cancer diagnosis OTN Hub: the Ontario Telemedicine Network Hub is Ontario s online telemedicine community that offers health care providers a variety of choices to care for patients and collaborate with colleagues to enhance their practice. The OTN hub supports a full spectrum of virtual care product and services including: video Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 11
conferencing, provider directory, econsult, education, and referral to patient remote patient monitoring applications. Panorama: an application that deals with immunization and communicable disease outbreak management. Provider Managed Portals and Web Applications As stated in Ontario s ehealth blueprint, providers have the strongest relationships with health care clients and the deepest understanding of their health issues. Organizations such as large hospitals have created their own web-based access channels for communication with staff and health care clients. In general, these systems are integrated with hospital data sources, but do not include broader data from the EHR, and they are not integrated with provincial repositories such as the provincial client and provider registries or one another. Although they deliver clinical value, there is no consistency in how they are accessed or how they work together. Many of these applications are tactical in nature and are expected to be replaced by more strategic assets as the provincial registries and repositories are integrated with more systems. Two such examples of existing portals and applications include: The Ottawa Hospital s MyTOH portal, a portal where clinicians can access hospital information and parts of the EHR using the same portlets that are used on the provincial EHR portal University Health Network s Patient Results Online, which provides quick, secure and easy access to health information from participating hospitals and lab information systems across the GTA. Available records include patient notes, discharge summaries, and lab reports across GTA hospitals. Unified Point of Access eho Connectivity Strategy PIM - Unified Point of Access Current State Sign-on Provider Collaboration ehealth Portal SSO SSO SSO SSO SSO Provincial EHR Viewer Drug Profile Viewer Panorama Electronic Notice of Live Birth Oral Health Information Support System Figure 3: Current state of ehealth Portal Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 12
ehealth Portal currently provides two main services: Collaboration and communities Access to web based EHR applications such as: Provincial EHR viewer Drug profile viewer Panorama Electronic Notice of Live Birth Oral Health Information Support System The collaboration spaces and communities provided by ehealth Portal allow health care providers across the province to share documents, conversations and data in a secure manner. Providers can be enrolled in multiple communities on ehealth Portal. The ehealth Ontario provincial EHR viewer (which contains portlets that provide access to lab results and diagnostic imaging reports) is currently accessed via ehealth Portal: providers log into ehealth Portal and, once authenticated, are provided with a link to the EHR portal. ehealth Portal is also used to launch special focus web applications such as the drug profile viewer (DPV) and Panorama. Although ehealth Portal is used to launch these applications using single sign on, it does not currently support single sign on to other applications, or the passing of patient context to any applications. Single Sign on and Patient Context Sharing ONE ID is ehealth Ontario's identity and access management solution. It provides and manages credentials that clinicians can use to access EHR services, and enables single sign on to EHR services using providers' existing credentials. It also provides a number of capabilities (e.g. authorization, risk-based authentication) used to secure access to provincial EHR services. In its current state, ONE ID already delivers a significant amount of the required functionality related to identity, access, federation, and context services for the provincial EHR. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 13
eho Connectivity Strategy PIM - ehr Identity Federation & Services Current State Health Care Care Providers Providers SSO Token EHR ehr Identity Providers ONEID IDP Authenticate SWO Provider GTA Provider NEO Provider Provincial Identity Prov iders EHR Data SSO Token Provincial EHR ehr Clinical Data Viewers Provincial EHR EHR Integration Assets Assets Consent Provincial Client Registry Terminology Audit POS Systems ehealth Portal EHR Clinical Viewer Clinical Data Viewer ClinicalConnect Viewer Context EHR Data Service Registry Provincial Provider Registry Provincial Provincial Health HIAL Information Access Layer Integration Data ONEID - Secure Token Service XDS Registry ehealth Ontario HIAL Segment EHR Data Provincial Repositories Security Decision ONEID - Policy Decision Point (PDP) OLIS Repository Clinical Data Repository DI Reports Health Network System (HNS) Figure 4: Current state of single sign on and patient context sharing Authentication A core function of ONE ID is to provide digital identities to providers in Ontario for the purposes of consuming provincial EHR services. Through an extensive network of registration agents (RAs), ONE ID utilizes an established, mature, and Ministry of Health and Long Term Care (MOHLTC)-approved business process to verify a provider s real world identity and issue a digital credential. ONE ID supports a range of delegated user management functions including assisted registration, express registration, and service desk support. It also offers self-service capabilities to manage passwords (change and forgotten) and identities (profile updates and forgotten IDs). As an identity provider, ONE ID is also responsible for providing authentication services for end users and protected applications. Today these applications include both internal ehealth Ontario-owned or managed services such as ehealth Portal, OLIS, and the ODB portlet, and externally owned and managed services such as those offered by CCO and OTN. To satisfy this requirement, ONE ID has implemented a robust authentication process which has been approved by MOHLTC for consuming services containing personal health information. Authentication within ONE ID is delivered through a combination of user ID and password, knowledge questions, RSA tokens, digital certificates, and risk-based/adaptive authentication. ONE ID also fulfills the role of a federated identity provider. Using the processes described above, ONE ID accounts are trusted for federated login to services such as the cgta Portal and the cneo regional viewer. As the provincial identity federation grows, ONE ID accounts will be trusted for access to a larger suite of federated services. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 14
Service Authorization Service authorization is the mechanism by which a user or system s eligibility to access a particular EHR service is evaluated. This service level authorization is known as coarse-grained authorization and is accomplished through attribute-based authorization as described below. It should be noted that the more detailed fine-grained authorization and access controls such as read/write permissions are the responsibility of each EHR service provider. The current EHR service authorization model is based on an authorization database which is manually maintained by ONE ID representatives. This interim approach creates a distributed use authorization store, which is centrally managed by trusted registration agents. Authorization data for individuals is added to the SAML (security assertion markup language) response token and passed on to the service/application providers who can then use this data to make an informed decision on the user s eligibility to access the requested service. All EHR services that are presented on the provincial HIAL are authorized by ONE ID. Before any request is passed by the HIAL to a clinical domain repository, the HIAL contacts the ONE ID policy decision point to ensure that the requester (user and/or system) is properly identified and authorized. Authorization is accomplished by comparing authentication information contained within a validated SAML message to a set of rules maintained by ONE ID for the selected target resource. This application/message level security is in addition to the transport level security provided through mutual, certificate based authentication at the transport layer. Context Sharing ONE ID s single sign on and context sharing capabilities are key enablers to provincial EHR connectivity. They offer streamlined access to EHR services for providers who have already logged onto supported hospital information systems. This provincial single sign on solution enables health care providers to access EHR services using a digital identity issued by a federated identity provider. Patient context sharing has been integrated with the single sign on technology and process. A provider viewing a client s data in their hospital information system and wanting a broader EHR view of that data can click a button to launch a browser and display the client s EHR information without reentering a username or password or selecting the client again. In its current state, patient context information is passed inside the SAML authentication messages that flow between the source system (currently only two HIS are supported) and the destination (EHR viewers). The limitation of this implementation is that context is only passed as part of the logon/single sign on process; it is not continually maintained throughout a provider s (portal, EHR viewer, POS) session. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 15
Future State In an ideal world, providers would work exclusively within their HIS or EMR. In practice, providers must navigate amongst multiple EHR systems. ehealth Ontario is in a unique position to act as the consolidator of multiple webbased systems, providing a unified point of access to them via ehealth Portal. The future state for ONE ID is a platform which delivers a comprehensive authentication, authorization, and context management solution which can be leveraged by consumers of and contributors to the provincial EHR. Clinical Portals and Web Applications eho Connectivity Strategy PIM - Clinical Portals and Web Applications Future State Providers SWO Provider GTA Provider NEO Provider Point of Service Systems Sign-on SSO and Context Sign-on Sign-on Collaboration Provider Managed Portals portals and Web Applications SSO and Context Sign-on POS Systems ehealth Portal TOH Portal EHR Data Sign-On EHR Data EHR Data EHR Data Special Focus Special Portals Focus Web and Applications Web Applications Provincial EHR and Regional Viewers Portals SSO and Context SSO and Context CHRIS Viewer Cancer Care Ontario OTN Hub Panorama Provincial EHR Viewer Clinical Data Viewer ClinicalConnect Viewer ClinicalConnect Connect Component Provincial Provincial HIAL HIAL Provincial EHR EHR Integration Assets Assets ehealth Ontario HIAL Segment GTA HIAL Segment NEO HIAL Segment SWO HIAL Segment Coordinates/Delivers Provincial Client Registry Provincial Provider Registry Service Registry XDS Registry Consent Audit Agreements Registry Subscriptions and Notfications Provincial Repositories Terminology Deidentification ONEID OLIS Prescribed Client Health and Integrated Repository Registry Related Information Assessment Record System Repository Repository Primary Care Clinical Data Repository DI Reports Comprehensive Immunization Drug Profile Record Repository Repository Analytics Repository Figure 5: Future state of portals and web applications showing clinical viewers and data sources Provincial and Regional Portals The ClinicalConnect viewer will be the regional EHR viewer for the SWO region, and available for use in acute, primary, and community care settings. It will complement existing point of care systems (e.g. HIS) by leveraging the point of care systems user logons and patient context, but will also be used in settings where there is no point of care system. It will provide a complete view of data from across the province. The presentation layer of the system will be primarily unchanged, with the majority of changes involving how EHR data is collected and aggregated by the ClinicalConnect connect component. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 16
The CDV will be the regional EHR viewer for the GTA region, available in acute, primary, and community care settings. It will complement existing point of service systems (e.g. HIS) by leveraging its user logons and patient context, but will also be used in settings where there is no POS system. The user interface of the CDV will be essentially unchanged, but new provincial data sources, such as drug profiles or diagnostic imaging, will be added. In the NEO region, the CDV will become the regional EHR viewer. It will be unchanged from that used for the GTA region but data sources from the NEO region will be added. ehealth Ontario will provide an EHR viewer that is not affiliated with any of the regions, built upon the same assets as ehealth Portal and comprised of custom built portlets accessing the provincial repositories and registries through the provincial HIAL. There are no technological barriers to providers having a choice of regional viewer, since all viewers display information for the entire province and all participate in provincial identity federation and single sign on. However, since these viewers are being developed with regional requirements in mind, the business may restrict users to the viewer developed in concert with their region since it will most closely meet their requirements. Special Focus Portals and Web Applications The portal and web application connectivity approach recognizes that many special focus portals are strategic assets that are core to adoption within the province. The regions and province have invested significant effort into designing and implementing these systems which provide clinical value and enjoy significant adoption. Strategic special focus portals such as Panorama and CHRIS will continue to be maintained and enhanced by their current owners as required. As with the EHR viewers, they will access clinical data through the provincial HIAL and utilize the common provincial registries (provider, client, consent, etc.) to ensure consistent views of EHR data and to allow seamless integration. Increased adoption will be realized by the awareness created with links available through a consolidated provider view of ehealth Portal. See Ontario s EHR connectivity strategy for details on individual applications. Provider Managed Portals and Web Applications Provider managed portals such as the Ottawa Hospital s MyTOH will continue to serve their provider communities. As with special focus portals and web applications, they will access EHR data through the provincial HIAL and utilize the common provincial registries (provider, client, consent, etc.) to ensure consistent views of EHR data and to allow seamless integration. Alignment with integration standards will ensure that they can expose the provincial EHR using both data services and portlet services. Unified Point of Access Although all EHR viewers and clinical portals will be accessible directly from a web browser or by launching from a point of service system (such as an HIS), the continuing profusion of URLs and web applications will significantly hinder their adoption and usability. To mitigate this profusion of access points, this document proposes creating a unified aggregator from which all other portals can be accessed ehealth Ontario s ehealth Portal. Requirements for this unified point of access include: Frequently accessed applications must be front and centre Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 17
The portal must supply easy to create collaborative spaces that allow providers to communicate with each other and share documents, etc. The point of access must have the ability to limit specific content or services to appropriate users The point of access must provide personalization capabilities, so that providers can see what they want to see, not what administrators think they should see The point of access must support mobile browsing and launching of mobile enabled portals and applications A health care provider will log into ehealth Portal and be presented with links to EHR viewers and special focus portals. Provider managed portals and applications may choose to launch the unified point of access, but they will not be launched from it, since their target audience is not provincial in scope. The unified point of access will not prevent providers from accessing services through other routes, it will simply give them a convenient launching point. ehealth Portal will also support closely governed collaborative spaces as well as ad-hoc spaces for circle-of-care communication that can be created and destroyed as required. These spaces will provide messaging and document sharing services, etc., allowing ehealth Portal to become a community collaboration space where health care providers can subscribe to services which help them. Use of ehealth Portal as a unified access point will increase adoption and uptake for services and applications, as providers will only need a single URL to access all of them. As new systems and services come online or change, providers will be made immediately aware of them. ehealth Portal will be enhanced to support two modes of access: Direct user login, where health care providers use a web browser to navigate to the portal and log in with credentials from any federated identity provider Launching of the portal from within any compliant point of service application (e.g. HIS, EMR), regional portal, or provider managed portal using SSO with provider and patient context A health care provider will have the means to launch or request access to all portals (regional, ehealth and special focus portals) from across the province by using a single click from their clinical information system via ehealth Portal. Not all clinicians will want to use ehealth Portal as their access point; some may want to use their own as the aggregator (e.g. CCACs using CHRIS with only relevant links embedded on certain web pages). This approach does not preclude this, but maintenance and governance of these other access points will need to be supported by their individual owners. Single Sign on and Patient Context Sharing The single sign on solution is based on HTTP transactions between client browser and the launching application. This is a known limitation of the solution. Point of service systems that do not support making HTTP calls cannot participate without custom integration. Authentication The ONE ID federation broker will provide the foundation for all single sign on transactions for EHR clinical viewers and POS systems. It will provide a robust framework enabling participating organizations and applications to securely Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 18
and reliably route authentication information. Through its architecture model, organizations can easily join the provincial federation and quickly realize the value and services it offers. In addition to the provider workflow and adoption efficiencies, the federation broker will also provide a centralized location in which provincial/mohltc security directives can be applied. The key function of the broker is to securely route authentication transactions between parties. As part of these transactions, the broker receives metadata related to the provider making the request, which is compared to provincially established (and approved) security directives to determine if the transaction should continue, be rejected, or flagged for follow-up investigation. The federation operator sets the provincial standards, specifications, and policies related to federated identities and services, which provides a centralized point of responsibility for management of the provincial federation. It also enables a more efficient engagement, review and approval process with the MOHLTC and other government bodies (e.g. Information and Privacy Commissioner). Leveraging ehealth Ontario s governance committees to set and communicate these policies and standards ensures that all key stakeholders have input into the material. Just as the broker is key to the secure routing of identity data, federated IDPs play a critical role in the success of the provincial federation and the EHR as a whole. Federated identity providers are organizations that onboard new users; creating digital identities based on a formalized registration process. It is anticipated that all acute care facilities in the province will be onboarded as federated IDPs, providing EHR viewer access for a significant number of providers without complex workflows or secondary credentials overhead. As the provincial federation rollout proceeds, it is expected that additional identity providers will participate. Although acute care reaches a significant number of providers, there are other types of identities critical to a successful EHR. Community care, for example, represents another large stakeholder group whose identities could be leveraged for EHR access. ehealth Ontario s ONE ID service will be available for any care provider in the province that requires a digital identity for accessing the EHR. It is envisioned that ONE ID will play a critical role in issuing credentials for those providers working in the primary care setting who will not likely have an account issued though another trusted identity provider. The single sign on solution will facilitate many authentication methods, but it is outside the scope of the solution to dictate what standards are actually used to authorize access, and there are no plans to standardize credentials. The federated IDP agreements set the standards to participate. Regardless of the stakeholder group, leveraging identities which have been issued through trusted organizations is key to the provincial federation strategy. Authorization The federated authorization solution will enable authorized individuals from across the province to manage access to federation-enabled EHR viewers. Along with manual update processes, automated rule-driven and bulk update facilities will be added to the solution, which will eliminate the need for service providers to maintain complex access control lists for their applications. Authorization decisions can be informed by data provided in the SAML authentication message. Role based access and fine grained filtering can be implemented by the individual portals and applications based on the same authentication message. Definition of unified applications roles is not in scope for this document. For details on the current authorization messages and processes, please see the single sign on/patient context sharing standard. Context Sharing In future, the context management element of ONE ID will see a considerable redesign. The existing context solution will be replaced with one that offers more robust, feature-rich context management and which, although decoupled Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 19
(technically) from single sign on, will continue to give providers a seamless passing of patient context between participant applications. The end state context management solution will be based on web services, but a prerequisite for participating is a provincial SSO session which also requires that the application support HTTP. This will enable context information to flow freely between authorized applications without the constraints currently experienced from being coupled to authentication transactions. Once selected, patient context information will be immediately available to any applications participating in the provincial context management solution. Similarly, the provider will be able to select new context from any participating application and have that updated information made available to the other EHR viewers. In the future state, all applications that participate in patient context sharing will be integrated with the provincial client registry. If a local system, such as an EMR, is using local identifiers that are not in the provincial client registry, it must perform a lookup in the registry to obtain a shared identifier (such as medical record number (MRN) or health card number). For details on systems that are not integrated with the provincial client registry, see the following transition section. This bi-directional and distributed context management framework will form the basis for the provincial health care patient context management solution. All changes to the context management solution will go through the ehealth Ontario Standards Committee approval process. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 20
Transition Clinical Portals and Web Applications Although the existing portals and web applications can be aggregated into a consolidated provider view in their current state, in order to provide a complete view of the EHR each regional portal needs to be integrated with provincial assets (particularly the provincial client and provider registries). Once common registries are used by a viewer, it can start receiving and displaying data from the provincial repositories in support of showing the complete EHR. In particular the following transition activities must take place: The ClinicalConnect viewer must display data from the provincial acute care CDR EHR viewers (ehealth Portal, CDV and ClinicalConnect ) must display medication profiles EHR viewers must display diagnostic image reports Unified Point of Access In order to create a unified launching point for all web applications, the ehealth Portal technology will need to be refreshed, as it is over 7 years old and cannot provide the required extended functionality such as personalization and collaborative spaces. Once the refresh is complete it can be customized to provide links to the regional and special focus portals, as well as extended to use single sign on and context sharing. Initially, context sharing may be only supported from the launching system to the ehealth Portal. This will require changes to both ehealth Portal and the launching systems, but not the other provincial viewers and applications. As other applications that are available from the unified point of access are updated to support the context solution, it will be extended to them as well. Single Sign on and Patient Context Sharing Activities to transition to the future state of ONE ID will include creating an end state context management solution, as well as finalizing a federation business framework, including policies, standards and agreements. All regional EHR viewers (GTA, NEO, SWO) will be onboarded, as will the ehealth Ontario portal as a federated application. GTA pilot organizations will be migrated, followed by special focus web applications. Updates to the existing single sign on and context solution are currently being investigated and will follow the ehealth Ontario standards committee approval process before being updated. Integrating with the provincial client registry is not a requirement to participate in the context sharing; however, if an application does not use the provincial client registry to resolve identifiers, it may not be able to show clinical data for all patients. For example, if a system only identifies patients by health card number, it would not be able to find data for a patient when the context contains an MRN. However, by integrating with the provincial client registry to resolve patient identifiers, the application could map the MRN to a health number and find the data for the patient. It is therefore strongly encouraged that all portals and applications transition use the provincial registries. Architecture and Standards /Portal and Web Application Connectivity /Version 1.0 21