Epic telehealth integration with Pexip Infinity
Pexip's Epic telehealth integration enables healthcare organizations to hold video-based visits in Pexip Virtual Meeting Room (VMRs). The Pexip solution:
- Provides secure, easy-to-join telehealth visits from any location.
- Integrates seamlessly with Epic's standard video visit workflow.
- Uses context-aware linking within an Epic appointment to enable providers and patients to meet together over video.
- Allows providers (physicians/doctors) to directly launch their video visit from Hyperspace, Haiku, Canto or EpicCare.
- Allows patients to launch the video visit directly from MyChart
, or via join links sent by email or SMS text messages.
- Supports clinic-to-clinic and teleconsult workflows (remote provider).
- Requires no downloads or plugins.
- Enables HIPAA compliance.
Epic Electronic Health Record (EHR) customers include hospitals, health systems, and physician practices.
Each video visit is held in a one-time VMR within Pexip Infinity via the WebRTC-based Connect web app. Typically the visit will involve a single provider and patient, but multiple providers could join the same video visit — invited either by Epic-based workflows, or by calling out directly from the Pexip VMR. Multiple patients can also join the same video visit if it is a group session.
When it is time to go to their appointment, the patient clicks a button in MyChart, or clicks a join link sent to them by email or SMS text message, and this launches a video visit browser session (using the Connect app).
The provider (doctor) can see the patient’s appointment in Epic and may also be notified that the patient has connected and is ready to be seen. The provider clicks a button in their Epic system to launch their video visit and join the session.
The Pexip Infinity implementation and join process works as follows:
Each Epic appointment is held in a one-time VMR within Pexip Infinity:
- When the provider presses the Join button in their Epic app, a Connect web app call is placed via the Infinity Gateway into the one-time VMR. The join URL is configured to take them straight into the VMR.
- Similarly when the patient presses their Join button or clicks their join link, they also launch a web app call directly into the same one-time VMR.
- Epic generates a unique, one-time-use, join URL for each participant (provider and patient) for every join attempt. Each URL contains a unique Pexip Infinity alias, which is derived from the appointment information.
- If a call fails to connect for whatever reason, or the user gets disconnected, they can rejoin the same appointment but they must not try to re-use the same join URL (as it will always fail on subsequent re-use). They must close the browser tab, go back to their Epic healthcare application (typically their particular hospital's Mychart portal) and re-launch the call, or click again on their email/SMS join link. They will end up in the same meeting as before, just via a different alias.
- Within Pexip Infinity, each alias for the same appointment is associated with the same Pexip Infinity service name (which is also derived from the appointment information). This ensures that each join attempt for the same appointment is taken to the same one-time VMR.
- Thus, multiple providers and patients all meet in the same VMR if they all share the same appointment.
- Providers are treated as Hosts and patients are treated as Guests. The one-time VMR has a Host PIN, but no Guest PIN.
- Providers (Hosts) can dial out from the VMR and invite other participants if required.
- If patients (Guests) join the VMR before a provider (Host) has connected, they are held at the Waiting for the host screen until a provider joins (who automatically opens the conference with the Host PIN included within their join URL).
- Each video visit launches into an external browser session so as to allow the user continued access to either Hyperspace or MyChart.
- The launching of the external Connect web app from the various Epic platforms uses SMART on FHIR OAuth 2.0 authentication (a set of open specifications to integrate apps with Electronic Health Records, portals, Health Information Exchanges, and other health IT systems). When a provider/patient clicks "join" to launch the Pexip video session they may get challenged by OAuth to re-enter their Epic sign-on credentials. This is purely down to timing and is not in Pexip's control.
Here is an overview of the integration process, including the steps and interactions taken between the customer, Pexip and Epic:
- The customer deploys a standard Pexip Infinity platform in their self-hosted environment.
- The customer obtains and applies a telehealth license from Pexip (in addition to any other Pexip Infinity licenses they need).
- The customer performs a basic (non-telehealth) test call to ensure that at least one Conferencing Node is reachable from the Internet, has proper certificates, and that call connectivity is working correctly (e.g. by calling two people into a test VMR via the Connect web app).
- The customer formally requests the Pexip integration app via Epic Vendor Services.
- A Pexip administrator approves the customer request and securely stores the production client secret and non-production client secret.
- Pexip informs the customer of the production and non-production client secrets via secure means. The customer is then responsible for storing them securely and entering them into the Pexip Infinity Administrator interface.
- Pexip also informs the customer of the patient and provider application client IDs, and the backend OAuth2 application client ID that are appropriate to their environment.
The customer configures their Epic FDI record and Epic telehealth profile to their Pexip Infinity deployment. This is best performed simultaneously as there is some data to be shared between the two systems. The customer should:
- Create an Epic FDI record, and generate their encryption key and securely share it with Epic.
- Add an Epic telehealth profile to their Pexip Infinity deployment, using the appropriate client secrets, application client IDs and encryption key settings. The profile's uuid identifier should be included in the corresponding CRYPTURL in the Epic FDI record (see Creating an Epic telehealth profile).
- The customer sets up the private/public keypairs to support OAuth2 authentication to Epic for patients joining via email/SMS.
The customer provides Pexip with:
- The patient OAuth2 redirect URL and provider OAuth2 redirect URL that they have configured on their deployment.
- The public key files they created to support OAuth2 authentication for patients joining via email/SMS.
- Pexip asks Epic to add the two OAuth2 redirect URLs to the patient and provider applications on the Epic side, to add the public key files, and to synchronize the client secrets and encryption keys.
- When the changes are made and have propagated on the Epic backend and on Pexip Infinity, the system is ready for testing and validation.
- Pexip permanently and securely destroys any customer keys in our possession — secure storage of these (e.g. for backup or restore purposes) is now the customer's responsibility.
For full details on the mandatory and optional integration configuration steps, and further reference information, see: