TL;DR ZapEHR provides a comprehensive suite of hosted services for health tech and EHR builders, including application management and sophisticated configuration of access control policies down to individual resources.
Last week we released Zap Apps, a ZapEHR service vital for building user-facing healthcare apps.
ZapEHR’s APIs provide you a compliant backend out of the box so you can build better faster. To invoke ZapEHR APIs securely, users need to authenticate so your application knows they are authorized. When users log into your ZapEHR Application, they get a token representing their identity to ZapEHR’s APIs.
Every user and role in your ZapEHR project has their ZapEHR API access constrained by Access Policies which you configure. For example, you might use Access Policies to constrain a patient’s account such that they can only fetch data directly related to them (using the FHIR Patient Compartment).
PM Pediatric Care uses the ZapEHR App Service to secure their Behavioral Health Intake Dashboard. When you first navigate to the Dashboard, you are sent to this login page on auth.zapehr.com:
After logging in, Dashboard users are brought to this page, which calls ZapEHR’s FHIR APIs with the user’s auth token. By leveraging ZapEHR’s FHIR APIs, the PM Pediatric Care development team is building sophisticated medical applications without the expense of building a proprietary backend.
To use ZapEHR’s APIs from your web and native apps, you first secure them with ZapEHR’s App service. ZapEHR’s authorization is built to the industry-standard OAuth 2.0 specification, providing your application with the highest level of security. In just a few clicks or API calls, you can enable multi-factor authentication for your ZapEHR Applications. You won’t need to build or find your own auth platform — it can be configured using ZapEHR’s APIs and a few lines of code.
Use our hosted login screens. Here’s an example using Auth0’s React library to easily drop in a secure workflow:
<Auth0Provider
domain="https://auth.zapehr.com"
clientId="YOUR_CLIENT_ID_HERE"
audience="https://api.zapehr.com"
redirectUri="https://example.com"
> ...
This is the quickest way to add authentication to your application as the hosted authentication app provides screens for logging in, resetting password, 2-factor authentication, and signing up.
Build your own auth pages. You can implement the OAuth 2.0 authorization code with PKCE flow by calling the Auth0 /authorize and /oauth/token endpoints on auth.zapehr.com.
Settings for Applications can be configured, such as:
The ZapEHR console has pages for managing Applications.
With ZapEHR’s App service launch, you can get started building user-facing apps on the ZapEHR platform. Beta users are already building EHR apps to manage intake workflows, and lightweight RCM products to post insurance claims to clearing houses and manage their resolution.
If you have any questions, you can email us or join our Slack.
Our new behavioral health intake application, built on ZapEHR, allowed us to build a solution that is customized for our use including scheduling, insurance validation, and direct integration with our eClinicalWorks EHR.
Chief Medical Information Officer at PM Pediatric Care