Integrating Zoom with an EMR platform

November 1, 2017

We have seen significant traction in the last few months with several of our large health care customers using Zoom to integrate with their EMR platform including Epic to launch Tele-visits between the providers and patients.  Our platform offers simple and robust Tele-health APIs to create a seamless integration with existing EMR platform. More important than the integration itself is to design a right tele-visit workflow -  scheduling the visit, showing the visits in the appointments in the right places in your EMR on desktop and mobile, providing launch interface in the provider and patient portal/apps etc.  If you are looking into integrating Zoom with your EMR, please pay very close attention to the workflows since the integration itself with Zoom will be a breeze!

Let’s take a deep dive into these APIs and how they function. We have given examples of how our integration works with Epic since most of our customers are building it with Epic.

 

Setting up the account for Tele-visits

If you already have a Zoom collaboration deployment, you might want to think about creating a separate account in Zoom to manage tele-visits. Tele-visits might need different account level settings (such as enabling HIPPA on the account) and you might want to get periodic reports that include just those tele-visit sessions. There are other account level customization that we will be introducing soon which will be of great benefit.

 

Tele-visit APIs

In order to simplify the integration, we have introduced few APIs that has built in semantics for user management and session creation.  Before using the APIs, you need to work with your EMR vendor on the workflow design. Once you identify the zoom launch points in the workflow, you can follow these steps.

  • Get your API key and secret by logging into your zoom account (https://developer.zoom.us/me/). You need to enter the app details for the very first time before you see the API key/sec in the API tab

 

  • There are few key parameters to the Tele-health API:
    • usertype – valid values are 1 or 2 – a value of 1 indicates that the URL is called for a provider and a value of 2 indicates that it’s for a patient
    • sessionid – a unique id representing that tele-visit session
    • userid – a unique id for representing the provider or patient
    • firstname – first name to display in the zoom video window
    • lastname – last name to display in the zoom video window

 

  • To create a zoom session for tele-visit, use the following API:

https://www.zoom.us/telehealth?org_id=xxxx&data=yyyyy

org_id is your zoom API key

data is the AES encryption of the following parameters that we have discussed. Note that the firstname and lastname are optional parameters.

usertype, sessionid, userid, firstname, lastname

The encryption key is your API secret

 

  • An example of this encrypted URL would be:

https://www.zoom.us/telehealth?org_id=b4MGSMLTmqTUdGw&data=%2ByPf3sXYRHiJRed4Icrq3sL5i

where org_id is the Zoom API key and data is the encrypted parameter string with the encryption key being Zoom API secret. Please make sure that you URL encode the data.

If you need help on the encryption, please check out the Java sample code in our git

 

  • When Zoom platform receives this request, it finds your account with org_id and decrypts the data with your account API secret to find the values for usertype, sessionid, userid, first and last names. If the “usertype” = 1 (provider), Zoom auto-creates the account for that user, auto-creates a meeting with the “sessionid” and returns back a meeting URL. If the “usertype=2” (patient or visitor), Zoom checks to see if a meeting exist with that “sessionid” and returns the meeting URL. “sessionid” should be the same between the patient and provider calls and that tells Zoom to put them in the same meeting.

 

  • In Epic, you would create an FDI record in Hyperspace and Mychart. While we are providing the following as a reference point, please always check this with your Epic technical contact.

 

The provider FDI record should be:

“usertype=1&userid=%EPICUSERID;;; ; ;;NONE;%&sessionid=%CSN%”

 

The patient FDI record should be:

“usertype=2&userid=%WPRID;;; ; ;;NONE;%&sessionid=%CSN%”

  • Just make sure that the encrypted string is URL encoded. If not, you will see validation failures.

 

  • Since Epic runs in Citrix environment, you need to get the configuration done in Epic deployment so that Zoom is launched outside of the Citrix for providers. Please contact your epic technical services engineer for assistance.

 

  • As you can see from the above, Zoom doesn’t get in the middle of how this session is scheduled and notified – this is taken care by your EMR platform. You don’t have to create user accounts in Zoom since that’s incorporated into the semantics of that API call.

 

Waiting Room or Meeting Lobby indicator

It’s a common use case for the provider (in Epic Hyperspace) to get an indication if the patient is already waiting in the video session. In order to enable this, go to your zoom account integrations page (https://zoom.us/account/integration) , find Epic and configure the call back URL.

 

 

This callback URL needs to be provisioned and obtained from your Epic installation. Make sure that this URL is routable and works from outside of your network. In Epic, this call back will light up the button next to "No one is connected".

 

 

Make sure that this call back URL is reachable from outside of your network.

Licensing

These tele-visit APIs are available at no additional cost. All you need is to have a paid zoom account with enough host licenses for the providers.  For now, we don’t provide a developer only account for testing and you need to create a paid zoom account or use the account you already have for testing. We are in the process of enabling free developer accounts and that will be available in the next release in few weeks.

 

Security

When we create a meeting URL for the tele-visit session, we auto-generate a password and encrypt it for that session so that no one else can join even if they know the meeting id. This encrypted password is part of the URL that Zoom send back to Epic. This password will be regenerated every time you launch the URLs.

As you can see from how the API is structured, Zoom does not have any visibility into the patient or provider identity (e-mails, phone number, names etc.)  - the first and last names that is passed in the URL is optional and it’s only used to display the names under the video window and we do not store them.

All the video and audio traffic is AES 256 encrypted end to end. You can also disable and annotation on the accounts that you use for tele-visit.

Moving Forward

We are looking into customizing the waiting room so that you can add a custom image or modify the text that the patients see when waiting for the provider to arrive. We will be updating the developer forums when these features are available.

Hope this is helpful for those integrating Zoom into an EMR. As always, if you have questions or suggestions, feel free to use our developer forums and we will help you out.

 

 

Thiya Ramalingam
Thiya heads the platforms, integrations, product partnerships and private cloud engineering @ Zoom