Authentication Flow (PFS)
Overview
To make requests on behalf of a Patient, a Patient Facing Application must have a Patient App Linkage in place.
As part of the authentication, the following checks are undertaken. If any check “fails”, then the PFS Consumer will be unable to make requests, and an appropriate error code and HTTP request code are returned.
Are Patient Facing Services Enabled?
Patient Facing Services must be enabled for the tenant. If they are not, then any requests to Patient Facing Services API endpoints will be rejected.
Medicus users can choose to override the tenant settings for an individual patient. This means that Patient Facing Services could be enabled or disabled for one or more patients at the healthcare organisation.
Enabling Individual Patient-Facing Services
The healthcare organisation can specify which individual Patient Facing Services are available, both at a healthcare organisation level and for individual patients.
The following table outlines the Patient Facing Service and the API endpoint related to that service.
Patient Facing Service | Endpoint |
|---|---|
Access Care Record | Access Patient Journal |
Access Care Record | Download file |
Appointment Management | Book Appointments |
Appointment Management | List Appointments |
Appointment Management | List Bookable Services |
Appointment Management | Cancel Appointment |
Appointment Management | Find Available Appointments For A Given Service |
Prescription Ordering | List Prescriptions |
Prescription Ordering | List Prescription Requests |
Prescription Ordering | Create Prescription Requests |
Prescription Ordering | Cancel Prescription Request |
Prescription Ordering | View Nominated EPS Dispensers |
Prescription Ordering | Change Nominated EPS Dispensers |
Does a Patient App Linkage Exist for This Patient?
A Patient App Linkage must exist between the App and the Patient.
A Patient App Linkage is only necessary to make requests on behalf of a patient.
Other end points such as “Exchange Linkage Token” do not require a Patient App Linkage to be in place.
Does the App Have the Required Accredited Interactions to Access this Resource/Endpoint?
At this point, Medicus checks to see if the app is allowed to make requests to this resource.
The App’s Accredited Interactions are set by a Medicus Partner Manager on the Medicus Developer Portal.