Patient Portal
Overview
There are three options for setting up a patient portal. The first option is a functional Patient Portal, which is included with OpenEMR (The Native Patient Portal). The second option is using a third party patient portal, which utilizes a set of APIs included within OpenEMR. For a demonstration of each of these options, try out the Online Demo. The third option uses a WordPress installation as the patient interface, providing a rich platform for web site development and secure isolation from OpenEMR without requiring a third party service.
To set up a patient portal with options 1 or 2 will require your OpenEMR instance to be open to the web. To do this in a secure fashion requires an intimate knowledge of all the pieces involved (OpenEMR, Apache, MySQL, PHP, https, certificates, routers, firewalls etc.). A wiki page has been created for the community to begin standardizing ways to ensure that OpenEMR is secure, which can be found at the Securing OpenEMR wiki page.
Native Patient Portal
This is a fully functional onsite (meaning served from the same site as OpenEMR) patient portal.
Instructions
- To turn the portal on, toggle on Administration->Globals->Portal->'Enable Onsite Patient Portal'
- Set the portal web address at Administration->Globals->Portal->'Onsite Patient Portal Site Address' (this address is the link to your portal that gets emailed to patients)
- Note that if you have multi-site configured for OpenEMR, then need to use the following link to ensure the patient goes to the correct site: https://your_web_site.com/openemr/patients/index.php?site=default (where default is substituted with the site directory)
- Portal is at openemr/patients/
- To authorize a patient to use portals, need to set the following demographic entry to 'YES': Demographics->Choices->'Allow Patient Portal'. To allow emailing of the portal login credentials to the patient also need to set an email address in the patient demographics and need to set the following demographic entry to 'YES': Demographics->Choices->'Allow Email'.
- Patient portal login credentials for patients can be created/reset in the patient summary screen at the 'Create/Reset Onsite Portal Credentials' button (button is located at the top of the summary screen).
- When click 'Save' in the portal login credentials screen, it will email the credentials to the patient and the credentials can also be printed out. (note that for email to work, patient needs to 1) ok email in demographics->choices, 2) have a email address entered in demographics, 3) an email address needs to be set in Administration->Globals->Notifications->'Patient Reminder Sender Email' )
- When a patient logs into the portal for the first time (or after credentials are reset), the patient will be forced to set another password.
- Portal features include the following:
- Display of CCR and CCD reports.
- Display of Labs
- Display of Medications
- Display of Allergies
- Display of Appointments
- The portal is also set to work with OpenEMR's translation engine and uses the same translation login settings of OpenEMR that are set at Administration->Globals->Locale (by default, it will ask the patient for language on login).
- TODO(for developers):
- The appointment setting feature by the patient is not yet ready. The find appt and find open slot scripts are still buggy and the extraneous stuff needs to be removed. When these scripts are ready, can then place the following global in Administration->Globals to turn on this feature: Administration->Globals->Connectors->'Allow Patient Modification of Appointments'. Will also need to add following to the openemr_postcalendar_categories table, pc_catname column: Office Visit (Patient Scheduled). The script that needs to be improved/modified is here: openemr/patients/add_edit_event_user.php
Third Party Patient Portal
OpenEMR contains a set of APIs to support a fully functional offsite (meaning served from a different site than OpenEMR) Patient Portal. By default, it will support the third party patient portal offered by Z&H Healthcare, which is currently the only available and free third party patient portal for OpenEMR. So these tutorials and instructions are specific to the free Patient Portal offered by Z&H Healthcare.
Video Tutorials
Setup
Register a Existing Patient
Register a New Patient
Configure to receive online payments
Patient guide 1 - New Registration
Patient guide 2 - Logging in
Patient guide 3 - Entering your demographics and Insurance info
Patient guide 4 - Scheduling Appointments
Patient guide 5 - How to view and print medical records
Patient guide 6 - How to understand the ledger
Patient guide 7 - How to make an online payment
Instructions
- To turn the portal on, toggle on Administration->Globals->Portal->'Enable Offsite Patient Portal'
- Click on 'Portal Activity' link at the top of the left navigation menu
- Register your practice and write down the following items your entered:
- 'Provider ID For Patient Login'
- 'Portal Offsite User Name'
- 'Portal Offsite Password'
- Go to Administration->Globals->Portal and fill in the following fields and then click 'Save'
- 'Offsite Patient Portal Username' from above 'Portal Offsite User Name' entry
- 'Offsite Patient Portal Password' from above 'Portal Offsite Password' entry
- Click on 'Portal Activity' link at the top of the left navigation menu
- Fill in the desired settings and Save
- To register a patient for the portal:
- To authorize a patient to use portals, need to set the following demographic entry to 'YES': Demographics->Choices->'Allow Patient Portal'. To allow emailing of the portal login credentials to the patient also need to set an email address in the patient demographics and need to set the following demographic entry to 'YES': Demographics->Choices->'Allow Email'.
- Patient portal login credentials for patients can be created/reset in the patient summary screen at the 'Create/Reset Offsite Portal Credentials' button (button is located at the top of the summary screen).
- When click 'Save' in the portal login credentials screen, it will email the credentials to the patient and the credentials can also be printed out. (note that for email to work, patient needs to 1) ok email in demographics->choices, 2) have a email address entered in demographics, 3) an email address needs to be set in Administration->Globals->Notifications->'Patient Reminder Sender Email' )
- A patient then enters the Z&H Healthcare Patient Portal at: https://mydocsportal.com
- 'Provider ID' is from the entry above when registering the clinic ('Provider ID For Patient Login')
- User Name and Password are from the patient login credentials created above.
VPN Security Configuration
- In OpenEMR 4.1.2(patch 2), will be able to set up access via VPN to the offsite portal, which means OpenEMR instance will not need to be exposed to the internet. Here's a PDF document with instructions:
CMS Portal
The CMS Patient Portal is currently in development by Sunset Systems, mostly complete but not yet released. It is an interface from OpenEMR to a content management system such as WordPress. Initially only WordPress is supported, and for simplicity the remainder of this document will focus on that.
Why a CMS Portal?
Important aspects of the CMS Portal are:
- Security. A compromise of the public portal is not a compromise of OpenEMR.
- No need to trust and pay for an outside service for portal hosting and management. Anyone who can set up and maintain a WordPress web site can operate their own portal.
- As the portal is based on the world's most popular content management system, it is easily made an integral part of a more general public web site for the practice.
- The full power of WordPress and its more than 31,000 available plug-ins are available to enrich the functionality of the site. E-commerce is one example.
Features include:
- New or existing patients may register for an account with the portal.
- Demographics and insurance information may be submitted via the portal.
- The administrator may create clinical portal forms that correspond to existing "layout based forms" in OpenEMR but are easy for patients to understand and use. Patients can then fill these out to save transcription time and improve accuracy, and perhaps eliminate some visits entirely.
- History and Issues (medical problems, allergies, medications etc.) are also supported.
- Images and documents may be uploaded by the patient and then stored in OpenEMR.
- Secure messaging between clinic and patient, including transfer of attached documents.
- Easy user interfaces in OpenEMR for reviewing, correcting and storing data from the portal.
- Document templates in OpenEMR may be customized with layout-based form data that was imported from the portal, thereby easily producing documents such as referral reports.
Regarding security, notice we say the interface is "from OpenEMR", not "to OpenEMR". An important design aspect is to not expose OpenEMR to connections from potentially dangerous sources. Otherwise it can be very bad news if the CMS is compromised or if someone figures out how to impersonate it. Thus the design is that all connections between the EMR and CMS are initiated by the EMR.
Also in the interests of security and privacy, patient data stored on the CMS is transient and kept to a bare minimum.
WordPress Site Requirements
To use the portal, the WordPress site should have these plug-ins installed:
- Nav Menu Roles
- Peter's Login Redirect
- User Role Editor
- Cartpauj PM (1.0.11 or greater)
- Ninja Forms
- Ninja Forms File Uploads (optional, non-free)
- Ninja Forms Conditionals (optional, non-free)
- Sunset Patient Portal (coming soon!)
In addition it may be useful to install a plug-in to facilitate sending email, such as WP Mail SMTP.
Also the WordPress site must be configured to use SSL (HTTPS). This is very important for encryption of passwords and patient data over untrusted networks.
OpenEMR Requirements
Support for the CMS portal is built in to OpenEMR as of release 4.1.3. You may need to make sure PHP cURL support is included; in Ubuntu and Debian installation of the php5-curl package does this. The other important requirement is network access to the WordPress site, which will usually be via the Internet.
Configuring WordPress
Setting up the portal is mostly an exercise in learning WordPress and its Ninja Forms plug-in. There is also a fair amount of detail work in creating your desired forms.
Your WordPress server should be configured with SSL. For this you will need a domain name and a SSL certificate. There are many commerical sources for these -- if you don't already have one you are comfortable with, try namecheap.com and their "RapidSSL" certificates.
The WordPress download page is here: http://wordpress.org/download/
WordPress installation instructions are here: http://codex.wordpress.org/Installing_WordPress
After installing WordPress, choose a theme that you like and install the plug-ins mentioned above. Also spend some time with the instructions and getting to know how to navigate the system.
The first plug-in to configure is "User Role Editor". In the administrative area go to Users -> User Role Editor. Click "Add Role" and create a new role with an ID of "patient" (this specific ID is required, all lower case) and a display name of "Patient". Make it a copy of the Subscriber role so that its only capability is "read". This is the role that will be assigned to your patients.
Then it would be good to review and customize all of your system settings. In the administrative area you'll see that "Settings" is broken down into about 9 sections: General, Writing, Reading, etc. The WP instructions will help you with these, but here are a some special notes:
- In General / Membership, "Anyone can register" should NOT be checked.
- In Reading, you probably want your front page to display a static page.
- In Login/logout redirects, you will want the "patient" role to redirect to a suitable page upon login. Plan to set that up after you have created some initial pages.
- Be sure to configure WP Mail SMTP or whatever you use to manage outgoing mail. This is to make sure that you and your users get any appropriate mail that may be generated.
Next, configure the "Cartpauj PM" plug-in which supports private messaging between patient and clinic. In the Cartpauj PM Settings page specify "Login name of administrative user" to indicate the WordPress user who is the clinic contact for private messaging.
Configuring OpenEMR
Aside from setting up your layout-based forms, the only OpenEMR setup needed is to tell it how to access your WordPress site. For that go to Administration -> Globals -> Portal and fill in the 4 "CMS Portal" fields there.
"Site Address" is the base URL of the secure WordPress site and should start with "https://". Check the "Enable CMS Portal" checkbox and also fill in the WordPress login name and password of the desired administrative user. OpenEMR will be logging in as that user when connecting to WordPress.
Creating Forms
TBD