Monitoring, maintenance and reference information for Epic telehealth integrations

This topic describes some monitoring options and additional reference information for Epic telehealth integrations with Pexip Infinity:

Monitoring appointments via Pexip Infinity

Active and historic appointments (conferences) can be viewed via the Pexip Infinity Administrator interface.

Each appointment is represented as a single conference within the Status pages on Pexip Infinity, and each conference typically has two participants — the provider and the patient. However, there could be additional participants if it is a group session or an additional provider is added to the call.

The appointment and participant names are constructed as described below.

Appointment and participant names

Appointment and participant names are displayed within the call itself (in the Infinity Connect roster) to all of the participants, and they are also shown within the Pexip Infinity Administrator interface status pages.

The appointment name (referred to as the service or conference name within Pexip Infinity) name takes the form:
"Appointment for <patient name> <telehealth profile name>:<Epic unique appointment id> in <encounter department>"

Note that "in <encounter department>" is only included if the department is known. For example:

  • "Appointment for Beverley P Spinder Healthcare Org:6ea6d1427f684721abd21c1634386f7b6 in Radiology" or
  • "Appointment for Kai Oosman Picardo Healthcare Org:5ec8f1667f531781afe19c1774322f7b8"

The participants list contains:

  • The Name field of the telehealth profile for the provider e.g. "Healthcare Org".
  • The first name / middle name / last name for the patient e.g. "Beverley P Spinder".

Epic encryption keys and client secrets

The Epic encryption key is a secret used for encrypting some of the information passed from Epic to Pexip. It should be a cryptographically strong random value. It is used in the Epic telehealth profile within Pexip Infinity and FDI records within Epic.

To generate a secret for use with Epic AES-256-CBC crypto (used with Epic version August 2019 onwards), you must generate a random 32 byte, base64 encoded key. (If you are using an older version of Epic, you can use either a 16 byte key generated using a similar method to that described below, or a simple password.)

You can generate the key using any tools that Epic may provide, or by using a Pexip command line tool as described below:

  1. Connect over ssh into the Management Node as user admin with the appropriate password.

  2. Issue the following command:

    pextelehealthkeygen 32

Example output:

value: fTW2KwlJZ6JEpRS+RlN2fruKPgggBe+Y9txLIk3QpA0=

The value output to the screen is a random 32 byte key, generated by OpenSSL, that is encoded into human-readable text using base64 encoding.

We recommend that you store this value securely (for example, using your corporate password database) in case you need to recover or reinstall your Pexip system without a suitable backup being available.

Client Secrets

The Provider application Client Secret and Patient application Client Secret that must be configured in the Epic telehealth profile are generated by Epic during the signup process and passed to Pexip, who will relay them securely to the end customer. Currently, the same value is used for both the provider and patient secrets on a single Epic telehealth profile.

A production and non-production variant of each secret is generated. These should be treated as being as sensitive as passwords, and you should ensure that the production and non-production variants are noted distinguishably.

Detailed call setup information

Pexip Infinity needs to access Epic at several points while setting up a telehealth call:

  1. During OAuth authentication before the call starts (after a user has proven their identity to Epic's satisfaction they get redirected back to Pexip Infinity with a one-time-use ID which Pexip needs to take and exchange for Epic OAuth2 tokens).
  2. When the call is connected and while it is ongoing, Pexip may need to periodically renew its OAuth2 tokens as they typically have a finite lifetime of approximately 1 hour.
  3. When the call ends, Pexip uses its OAuth2 token to make an API call to let Epic know that the call has ended.

The following sequence diagram shows the call flow when establishing and finishing a telehealth call. It shows the touch points between the Epic app, the patient/provider, the Pexip proxying and transcoding nodes and the API calls to the Epic server.

Note that:

  • The Epic API (at api.epic.hospital.com in our example) is publicly reachable.
  • All transcoding nodes (and proxying nodes) need to be able to reach out to api.epic.hospital.com. There are no inbound messages to transcoding nodes.
  • You can use a reverse proxy instead of a proxying node (the addresses are configured in the Epic telehealth profile).

Access and use of data shared between Epic and Pexip Infinity

Please refer to refer to Epic's documentation ("Integration Record Setup" in their Pexip Implementation Guide) for information about the data passed from Epic to Pexip Infinity.

The Pexip Infinity deployment obtains data from Epic that is necessary to launch the appointment in Pexip Infinity. This typically includes the first, middle and last name of the patient, the username of the launching user, the department encounter name e.g. radiology, and the CSN (contact serial number — an encrypted ID that identifies an appointment). The same data is also used for providers.

Pexip Infinity writes data to Epic. In particular it informs Epic when telehealth appointment calls terminate.

Privacy and security

The Pexip Infinity self-hosted solution supports the industry standards for communication encryption for end-user devices, ensuring that all video calls and shared media content is secure and kept private even if it crosses the internet. The entire deployment and all its data, including call status, diagnostic logs and call history, is completely under the ownership and control of the enterprise, even when deployed in the cloud.

Removing a Pexip/Epic integration

If you no longer require Epic telehealth integration, you must remove the specific Epic-related configuration from your Pexip Infinity deployment:

  • The Epic telehealth profile (Call control > Epic Telehealth Profile).
  • The Call Routing Rule that manages the incoming telehealth calls (Services > Call routing).
  • Remove the telehealth integration license from your platform (Platform > Licenses).

You should also remove any optional customizations you may have applied, including:

  • Any branding or customization overrides:

    • Any themes that customized the splash screens (Services > Themes).
    • Any customized Infinity Connect web app settings (Services > Web App customization).
    • Any local policy to customize the VMR (Call control > Policy profiles).
  • Any additional Call Routing Rules that manage device pairing and/or dial out (teleconsult) from the conference (Services > Call routing).

Please talk to your Epic provider for information about how to remove your Pexip integration from the Epic system itself.