Using Zoom’s Epic FHIR integration
Health care organizations can now integrate Zoom into the Epic FHIR workflow for video visits by integrating Zoom with Epic FHIR’s integration. During video visit appointments, Zoom video links will be included. A physician is able to access appointments on Hyperspace directly, launch Zoom video calls directly from here, and document the visit in Epic before it is concluded. On the computer or mobile device that the patient is using, the Zoom video visit can be accessed directly from the MyChart Patient portal.
Among the features provided by this integration are:
-
It is possible to authorize Epic using OAuth.
-
In Zoom meetings, the encounter provider, or the first provider that joins the video call if the encounter provider is different from the first provider that joins the video call, creates the meeting on behalf of them.
-
A temporary Zoom account will automatically be created for the patients by the integration.
-
Using SMS, providers can send their patients links to Telehealth meetings that they can attend.
Prerequisites for Zoom’s Epic FHIR integration
-
Those with the authority and responsibility to add and configure Zoom integrations on their Zoom account and those who are responsible for doing so
-
The Zoom app version 2.0 has been enabled from the Epic App Orchard
-
An account with the pro version
-
For HIPAA-enabled compliance, a signed BAA must be submitted
How to add from the Zoom App Marketplace
-
Ensure that you are logged in as the administrator of your Zoom account in the Zoom App Marketplace.
-
You can find the Epic FHIR app by entering “Epic FHIR” in the search box at the top right of your screen.
-
If you are searching for Epic FHIR in your search results, click on the app to open it up.
-
Then click on the Add button.
-
If the app asks for permissions, confirm them and click Allow.
A configuration page will be displayed by the installer once the installation is complete.
How to configure Epic FHIR
Complete the necessary information on the integration configuration page in order to complete the process.
Note: The Zoom app version 2.0 configuration on Epic needs to contain information about Zoom app version 2.0.
-
Here are the settings you need to configure:
-
Zoom API Key: Your Marketplace JWT app should contain the Zoom API Key.
-
Zoom API Secret: Your Marketplace JWT app should contain the Zoom API Secret.
Note: Ideally, you should only give your Zoom API Key and Secret to Zoom or to the appropriate person within your company who has access to the Zoom API. Third parties should never be given access to your personal information. In order to conduct Epic FHIR Zoom Room video visits, this key and secret must be used in conjunction with the Zoom Rooms API JWT authorization. -
Zoom App Secret: During the process of enabling the Zoom app on App Orchard, Zoom provides a client secret that must be provided.
-
Zoom App Private Key: In order to enable the Zoom app in App Orchard, the privatekey.pem file must contain the value contained in the proprietary key.pem file provided by Zoom.
-
Epic FHIR R4 Base URL: The URL of the Epic instance from which you can access the Epic FHIR R4 endpoints is the base URL of the Epic instance.
-
Epic Telehealth Base URL: Your Epic 2020 telehealth endpoints can be accessed through the base URL of your instance, which is the URL for your instance.
-
Epic OAuth Base URL (Optional): It is the base URL of your Epic FHIR authorization server instance that you will need to enter. It is not necessary to include this field, but it can be included to enhance the efficiency of launches by avoiding the need to make a remote call to Epic to get this value instead of having to make this call.
-
Epic Environment:
-
The Epic test environment has been set to Test.
-
To set up a live production environment for Epic, change the setting to Production.
-
-
Patient Admittance Policy: Depending on your preference, you can set it as you like.
-
Provider User Type: For providers who do not have a Zoom account, the Zoom integration automatically creates a user account for them when initiating telehealth meetings. In order to assign these accounts to a certain type of user, you will need to select that type of user.
-
(Optional) Epic Device Test Endpoint URL: Enter the complete URL where users can test out the meeting feature before they make a video call with you.
-
(Optional) Healthcare Provider Device Test Help URL: It is very important that you enter the full URL where users can get help when they are testing the meetings feature.
-
-
Save the changes by clicking the Save button.
How to configure account-level settings
It is important to keep these Zoom account-level settings unlocked in order to remain able to integrate Epic FHIR into Zoom.
-
Administrators with the privilege to edit account settings can log in to the Zoom web portal by logging in as an administrator.
-
Click Account Management from the navigation menu, and then click Account Settings from the Account Management menu.
-
Go to the tab Meetings and click on it.
-
There are a few settings that need to be unlocked in order to function properly:
-
If you have unlocked the Allow participants to join before host setting under Schedule meeting, you will be able to schedule meetings.
-
The Waiting Room setting needs to be unlocked under the Security menu.
-
How to remove from the Zoom App Marketplace
-
Ensure that you are logged in as the administrator of your Zoom account in the Zoom App Marketplace.
-
Click on the Manage button at the top of the page, which can be found in the right corner.
-
Select the Added Apps option from the navigation menu at the top of the page.
-
Click on the Remove button next to the Epic FHIR app on your device.
Security
-
HIPAA compliance is one of Zoom’s top priorities.
-
AES-256 bit encryption is used for all communications between Zoom, Epic, and Zoom video sessions within the video chat application.
-
Using Epic, you can launch Zoom video visits that are dynamically password protected.
-
In your video visit sessions, all the settings you have set up at the account level will apply. It is possible to turn off recording features, annotation features, and any other feature you deem necessary for security reasons, for example.
-
Using Epic FDI records and information from Zoom user accounts, the integration creates Zoom user accounts automatically for patients and providers. A provider account can be manually deleted by an administrator by following the steps below:
-
Administrators with the privilege to edit account settings can log in to the Zoom web portal by logging in as an administrator.
-
Select User Management from the navigation menu, then select Users from the drop-down menu.
-
Locate the user accounts for the providers that you wish to delete.
Note: Email addresses ending in @zoomtelevisit.com are used to identify accounts associated with providers.
-
How your data is used
As a result of this integration, the following Zoom account information will be accessed and used:
-
User account’s first and last name: During the video visit meeting, it is displayed that the provider’s first and last name is displayed.
-
Meeting settings: If you wish to create a meeting with a video visit, the account-wide meeting settings should be used.
There are a variety of information from your Epic account that this integration accesses and uses:
-
Session ID: In order to report the status of the provider and patient meeting connection (connected or disconnected) as well as the device testing results to Epic in a consistent manner, this data is used to identify each epic video visit session.
-
Epic user ID: Assigned uniquely to the patient when reporting connection status (connected/disconnected) of a patient meeting to Epic, this field is used to uniquely identify the patient. In addition to this, a Zoom account is automatically created when a video visit meeting is scheduled for a video conference.
-
Epic provider ID: Identifies the provider when it is time to report to Epic the status of the connection between the provider and the meeting (connected/disconnected). In addition, a Zoom account is automatically created if it is different from the encounter provider when a video visit meeting is scheduled.
-
Epic encounter provider ID: Identifies the encounter provider in relation to the scheduled video visit in a unique manner. When a Zoom meeting is scheduled with a video visit, this parameter allows the host to be determined. Additionally, it is used in order to automatically create a Zoom account in order to be able to participate in video meetings.
-
User first and last name: A Zoom account is automatically created when a video visit meeting is scheduled for an automated time. During the meeting, this information will be displayed as well.
-
Provider email: The email is used to lookup the user’s Zoom account which is used for the video visit meeting if the provider launch is set up to use the provider’s existing Zoom account.
-
Zoom Room name: If you are participating in a Zoom Room video visit (Epic monitor call), the Zoom Room code is used in order to determine which Zoom Room connects to the meeting.
Configuring Epic FDI records
In order to use the FHIR integration, FDI records need to be configured for each type of launch of video visits that are supported by the integration. In addition to a URL string corresponding to a particular API in the integration application, these records also contain parameters related to the participants and the Epic appointment associated with the meeting, which can all be used to identify the meeting participants and Epic appointment.
Here is a list of the URLs which are required for each of the types of visits. “Installation Mnemonic Values” will contain a field entitled “URL” where each of these values will be entered.
-
Provider (Hyperspace)
https://applications.zoom.us/epicfhir/providerlaunch?org_id=<Zoom API key> -
Nurse (hyperspace)
https://applications.zoom.us/epicfhir/nurselaunch?org_id=<Zoom API key> -
Patient (MyChart)
https://applications.zoom.us/epicfhir/patientlaunch?org_id=<Zoom API key> -
Zoom Room (In-Patient)
https://applications.zoom.us/epicfhir/zoomroomlaunch?org_id=<Zoom API key> -
Device Test
https://applications.zoom.us/epicfhir/devicetest?org_id=<Zoom API key>
Below is a list of the parameters that can be used to identify the launch context. You will need to enter these values into the field called “CONTEXT” in the “Installation Mnemonic Values” section.
-
Provider (Hyperspace)
epicSessionId=%CSN%&firstName=%USERFNAME%&lastName=%USERLNAME%&epicUserId=%EPICUSERID;;; ; ;;NONE;%&useProviderZoomAccount=<true|false>&noRedirect=<true|false> -
Patient (MyChart)
epicSessionId=%CSN%&epicUserId=%WPRID;;; ;;;NONE;%&firstName=%WPRFNAME%&lastName=%WPRLNAME%&encounterProviderId=%EXTENSION;<Provider LPP ID>%&useProviderZoomAccount=false&noRedirect=<true|false> -
Zoom Room (In-Patient)
epicSessionId=%CSN%&epicProviderId=%USERPROVID;;;;;<ID TypeValue>%&useProviderZoomAccount=<true/false>&roomName=<Zoom Room Name>&roomDisplay=<Zoom Room Display Name>&noRedirect=<true|false> -
Nurse (hyperspace)
epicSessionId=%CSN%&firstName=%USERFNAME%&lastName=%USERLNAME%&epicProviderId=%USERPROVID;;;;;<ID type value>%&useProviderZoomAccount=<true|false>&noRedirect=<true|false> -
Device Test
epicSessionId=%CSN%&epicUserId=%WPRID;;; ;;;NONE;%&firstName=%WPRFNAME%&lastName=%WPRLNAME%
Usage
FDI records pertaining to telehealth appointments can be configured by the healthcare administrator. Providers can then access the Hyperspace portal, find their telehealth appointment, and launch the video visit once the admin has configured FDI records for each type of meeting. In this meeting, the providers will be chosen as the host, and they will automatically join in the meeting once it starts, as soon as it starts.
Patients are able to find their appointments within MyChart, and then start their visits directly from the portal. A loading screen will appear on the patients’ computer screens if they have not yet joined the meeting, with a message that says “Please wait until the host joins the meeting so it can begin”. The patient will either join the meeting automatically or must wait for the provider to manually admit them to the meeting once the provider has joined the meeting, depending on the patient admission policy configured by the administrator.
Troubleshooting for Zoom’s Epic FHIR integration
Meeting Indicator
In Epic’s Hyperspace client, when patients join telehealth meetings, a green light appears to indicate that they have joined. We can use notification records in order to diagnose the cause of an indicator failure when the indicator is not working correctly.
Using the following steps, you will be able to access the notification records screen:
-
You will need to sign in as the administrator of the Zoom user account in order to access the Zoom App Marketplace.
-
On the right hand side of the page, click the Manage button.
-
Click Configure in the Epic FHIR app, then select Notification Records in the Notification Records menu.
-
There was an error in the indicator for the meeting on Zoom or an issue with the Epic CSN, which means that the indicator wasn’t working right, and you need to enter it.
-
Click on the Search button.
A list of notifications is displayed as a result of the search. The columns in this table correspond to notifications that were sent from Zoom to Epic and provide data on the date and time that the patient or provider joined and left the meeting.
It is indicated by the RespCode column whether or not Epic was able to successfully handle the notification. The number 200 is displayed for successful notifications. The value of “200” is indicative that there is a problem with Epic’s notification system. This can result in the indicator not working as intended if the value is other than “200”.
If there is a problem, you may wish to check the following things:
-
Make sure you have configured the Epic Telehealth Base URL correctly in the settings.
-
It is important to make sure that all Zoom IP addresses which are capable of initiating notifications are included in your network allow list if you are using an IP allow list. You can find the IP addresses of the network firewalls or proxy servers on Zoom’s network firewall settings page (network firewall TCP addresses) under the Configuration tab.
-
It is essential that Epic is properly configured with FDI records.
Please contact Zoom Support if you would like additional assistance.