Administrative Messages API Overview
Administrative Messages API Overview
Provide secure messaging (with attachments) between patients and practices.
Patients can send messages from the Patient Portal and view replies from the practice:
- Secure messages to and from patients
- Ask a doctor/nurse/biller (patient initiated questions from the portal)
Administrative messages are confidential and authenticated exchanges.
- They are confidential because the messages stay on Medfusion secure servers and recipients must view them there.
- They are authenticated because patients and practice staff must sign in before they can send or view messages. This is similar to a web-based email account.
To see information about tracking the secure messages read by patients on the portal, see the Read Communications API.
Why use secure messaging?
There are many industry regulations that require secure communication between the sender and the receiver of the message, including the Health Insurance Portability and Accounting Act (HIPAA), the Sarbanes-Oxley Act (SOX), and the Gramm-Leach-Bliley Act (GLBA). It’s also a requirement for Meaningful Use Stage 2 certification. Secure messaging is a server-based approach to protect sensitive data that provides compliance with these industry regulations.
Use Case Workflows
1. Send messages from a practice to patients
The “send messages” workflow is initiated when a practice staff member sends a message to a patient. Your system can post the message immediately or it can post messages on a regular schedule. At the current time, only general messages can be sent from the practice staff to patients.
- Practice staff member uses the EHR or PM to address, write, and send a message to a patient.
- EHR/PM system either POSTs the message immediately to the Medfusion system, or saves the message until a scheduled time to post all recent messages. (Either way requires the message to be sent as part of a batch.)
- Medfusion system receives the message and sends email to notify the patient that they have a new message.
- Patient sign into Patient Portal to read the message.
If “AllowReply” is set to “true” for the message, the patient will have the option of sending a reply back to the original sender.
2. Retrieve patient messages for practice staff
The “retrieve messages” workflow starts with one or more patients sending messages through the Medfusion Patient Portal, and the partner system sends a GET request on a regular schedule to retrieve them. At the current time, patients can send general messages and “Ask a Doctor/Nurse/Biller” messages, as configured in the Medfusion Site Generator.
- Patients sign in to the Patient Portal and send messages to the practice. Messages may be addressed to a particular doctor or staff member, or to a particular type of staff member (doctor, nurse, billing office), or they may be general messages.
- EHR/PM system sends GET request on a regular basis to retrieve new messages.
- Medfusion system responds by sending all requested messages to EHR/PM system.
- EHR/PM system routes the messages to the correct doctors or staff members and notifies them that they have new messages.
- The recipients read the messages in the EHR/PM system, and can optionally send replies.
GET administrativeMessages Workflow
The Medfusion system does not delete or otherwise mark messages that have been retrieved, and they remain available for subsequent retrieval should the partner system wish to. The normal flow is that the partner system would pass back the Last-Timestamp header value in the next call as the ‘since’ value, so that they are always seeing “new” messages. However, even though it is not the normal flow, the partner system is always free to request all of its accumulated messages (including those previously returned) or a set newer than any timestamp. Messages will be retained by the Medfusion system for approximately a month and then deleted to free up space.