New features to round out 2024!

FHIR API Improvements

FHIR API improvements continue with the addition of resources and search functionality related to booking appointments, the addition of token search capabilities across multiple resources, and Patient write!

The full scope includes:

• Creating Patient resources (updating Patients is coming later)
• Reading (and soon writing) Appointment resources
• Slot and Schedule resources available via a Custom Operation, to hide away some complex business logic
• A couple of custom ValueSets, CodeSystems, and extensions to represent Bp Premier-specific concepts (though we’re also trying to map to standard FHIR concepts as much as possible)
• Searching for Appointments by patient, practitioner, date, service type, and more
• Searching for Patients and Practitioners by various new fields
• The ability to _include and _revinclude many of these resources, to reduce the number of queries needed to fetch the relevant data

We’re also working with Best Practice to improve the documentation for the FHIR API, so keep an eye out for that.

FHIR API improvements will be released as soon as they’re ready, so you’ll see bits and pieces coming through in each release for the foreseeable future. Once we’re done with Appointments, it’s on to Clinical resources — medications, allergies, immunisations.

OAuth

Security is always at the forefront of our thoughts, and OAuth has been one of the big improvements we wanted to make for a while.

We’ll be updating our documentation with more information as we release to Production, however some key points:

• OAuth will not be required when we first launch it, but we do recommend integrators consider transitioning quickly due to the added security benefits.
• OAuth does not currently replace any of our other authentication or authorisation systems. It’s an additional safeguard.
• We have implemented OAuth 2.0 using Microsoft Entra ID as the identity provider. This removes the security risks associated with us managing identities ourselves, and puts control of application registrations and access tokens in the hands of integrators. That means integrators can apply their own security processes as they like, such as rotating client secrets related to their app registration at their desired frequency.
• This does mean integrators will need Microsoft Entra ID to use our OAuth feature. This is free to use by itself. If you don’t already use Azure, we can help walk you through the set up process.

OAuth is now available in the current staging release. Please contact us if you would like to configure it!

Webhook Notifications

We’ve heard time and again that integrators want webhooks. And it makes sense — especially with async and registered queries — to remove the need for integrators to poll our cloud for query results. So we’ve decided to release an MVP implementation to gather feedback and scope out the functionality gaps.

This feature will be experimental at first. This means we may release breaking changes to it at any time, and therefore we would not recommend using it in production until the experimental tag is removed. When that will happen will depend on what feedback we receive and how much the implementation needs to change to match integrator’s needs.

One of our key concerns with implementing webhooks is data security, which has resulted in two key design decisions:

• The webhook payload will only contain enough metadata to identify which query is complete, not the query result. This mitigates risks around storing practice data in the cloud and ensuring data is only seen by those who should receive it.
• To receive webhook notifications, integrators will need to register a URL or URL template with Halo. That URL will be linked to your Halo Cloud subscription, and all webhooks for your queries will be sent to that URL. This ensures webhook notifications are always sent to the correct URL.

Experimental webhooks will be available in early November. Contact us if you would like more information, or are keen to try them out!

Integrator Portal

We’ve heard a few requests for an integrator portal to enable easier support and account management, so we’ve just kicked off an MVP that we’re aiming to release before the end of the year.

The initial scope for the portal will be targeted at helping your support staff troubleshoot issues, by displaying practice connectivity and recent errors for a particular site. Future improvements we’re considering include account configuration options and billing data.

If there is anything you would like to see in a portal, please let us know! Otherwise, keep an eye out for more news in the coming weeks.

Feedback

If you would like to know more about any of the features we have coming down the line, or would like to talk about how these improvements will fit your use case, please feel free to reach out to support@haloconnect.io.