Testing CARIN Digital Insurance Cards (🧪,📱,⚕️,💳)
We attended the November 2021 CARIN Testing Event with our patient access SDK to test the future of consumer directed health plan information exchange.
We had two goals.
Our first goal was to test Sero’s open source SMART Auth module as well as Flexpa, the patient access SDK we’ve been developing on top of these standards (more to come about that). SMART Auth is really just a variant of OAuth 2.0. That means it’s a conventional and familiar standard for developers.
Our second goal was to test the first version of the CARIN Digital Insurance Card IG. We’ve become contributors and secondary authors of the IG (hopefully balloted in January). The goal of the Digital Insurance Card IG is to:
… standardize the way that health insurance companies provide the data elements found on the physical insurance card in a FHIR-based API exchange. The primary use case is to support insurance members … who wish to retrieve their current proof of insurance coverage digitally
One of the requirements to an IG becoming published by HL7 is testing it publicly - so test we did!
The testing event had two “tracks,” or testing categories: (1) tested our ability to authenticate a synthetic patient with two payers; and (2) tested our ability to use an access token we received after authenticating a synthetic patient to request and retrieve patient data.
We built a demo app on top of our patient access SDK. Our first task was to make sure we could authenticate with participating servers. Two attended the first track: MITRE and University of Pittsburgh Medical Center (UPMC).
Before the event, we had already tested Sero with major health plan payers. To get working with UPMC and MITRE all we needed to do was add some basic configuration and our SDK handled the rest. Sero successfully facilitated the authentication and authorization steps to receive access tokens from both UPMC and MITRE’s authentication servers.
Getting to this point meant that we succeeded at our first goal. Easy. 🚀
Testing digital insurance cards
Our second task was to not only authenticate with a specific health plan payer but also to use those credentials to fetch a Coverage resource profiled against the CARIN Digital Insurance Card and display useful information.
A Coverage resource is a kind of FHIR resource that contains information relevant to a patient’s health coverage - information here typically matches what is found on a health card.
The CARIN Digital Insurance Card IG contains extensions and profiles that describe 80% (a FHIR goal) of what you can see on health plan cards in the United States - not just the ubiquitous Member ID but Group ID, RxBIN, RxPCN, and copays.
Not only were we able to authenticate with Humana and 1Up Health’s sandbox authentication server, but we built out a custom CARIN Digital Insurance Card React component in just a couple of hours:
Things we learned
Authentication is hard. Creating an SDK that facilitates authentication with a large number of smart health ID providers is even harder.
But, testing events like this help make testing and de-bugging the authentication process easier. Because different providers have different configurations, we get to directly ask representatives from the attending providers questions about their implementation.
For example - we helped a healthcare payer and provider identify SSL certificate issues in their sandbox environment. These issues would have otherwise taken days to resolve via email.
Test events are also a great opportunity to demo our work to the wider health standards community.
This testing event was a big deal. We added 4 new health ID configurations to our patient access SDK (you’ll hear more about this soon) in a single day.
We considered Sero “launched” when we unveiled it at last September’s Connectathon. It’s gained a good bit of traction since then and we’ve started to receive the first reports of real world projects switching to it as a way of handling SMART Auth in healthcare apps.
As always, don’t forget to star it on Github!
Are you passionate about building the next generation of patient access, and the health technology stack of the future? We’d love to hear from you at firstname.lastname@example.org if you’re excited about these things.