Using Zoom's Epic FHIR integration
The Zoom Epic FHIR integration enables health care organizations to integrate Zoom into Epic FHIR’s video visit workflow. Zoom video links are placed in video visit appointments. Physicians can access appointments and launch Zoom video visits directly in Hyperspace and document the visit in Epic. Patients can launch the Zoom video visit from their MyChart Patient portal on their personal computer or mobile device.
This integration provides the following features:
- Supports OAuth authorization to Epic.
- Zoom meetings are created on behalf of the encounter provider or the first provider that joins the video visit if different than the encounter provider.
- The integration automatically creates temporary Zoom user accounts for patients.
- Providers can send Telehealth meeting links to patients through SMS.
If you need more information on the non-FHIR version, refer to the Epic integration guide.
Note: With the deprecation of JWT authentication in September 2023, an account admin should migrate to authenticating the Epic integration with OAuth.
This article covers:
Prerequisites for Zoom's Epic FHIR integration
- A paid Zoom account
- Account owner or admin with privileges to add and configure this integration
- A signed BAA for HIPAA-enabled compliance
How to add from the Zoom App Marketplace
- Sign in to the Zoom App Marketplace as the account administrator.
- In the top right of your screen, enter Epic FHIR in the search box to find the app.
- In your search results, find the Epic FHIR app and click it.
- Click Add.
- Confirm the permissions the app requires, then click Allow.
The installer will display the configuration page.
How to configure Epic FHIR
On the integration configuration page, complete the required information.
Notes:
- This requires information from your Zoom app version 2.0 configuration on Epic.
- Follow the below steps only if you have already used the JWT app to copy the API Key & Secret, and are reinstalling the Epic FHIR app. If not, please skip these steps.
- Sign in to the Zoom App Marketplace with your Zoom owner or admin account.
- In the top-right corner, click Manage.
- In the navigation menu, click Created Apps.
- Click your developer.zoom.us API (JWT).
- Click App credentials.
- Copy your API Key for use as Zoom API Key in a later step.
- Configure the following settings:
-
Zoom API Key: Zoom API Key should only be shared with Zoom or appropriate personnel within your company. They should never be shared with 3rd parties.
-
Zoom App Secret: The client secret provided by Zoom when enabling the Zoom app in App Orchard.
-
Zoom App Private Key: The value contained in the privatekey.pem file provided by Zoom when enabling the Zoom app in App Orchard.
-
Epic FHIR R4 Base URL: The base URL to your Epic instance where the Epic FHIR R4 endpoints can be reached.
-
Epic Telehealth Base URL: The base URL to your instance where the Epic 2020 telehealth endpoints can be reached.
-
Epic OAuth Base URL (Optional): The base URL of your instance of the Epic FHIR authorization server. This field is not necessary but can be included to make launches more efficient by bypassing the need to make a remote call to Epic to obtain this value.
-
Epic Environment:
- Set to Test for an Epic test environment.
- Set to Production for a live Epic production environment.
-
Patient Admittance Policy: Set according to your preference.
-
Provider User Type: When initiating telehealth meetings, the integration automatically creates user accounts for providers without existing Zoom accounts. Select the user type you want to assign to these accounts.
- (Optional) Epic Device Test Endpoint URL: Enter the full URL where users can test the meetings feature prior to the video visit.
- (Optional) Healthcare Provider Device Test Help URL: Enter the full URL where users can get help when testing the meetings feature.
- Click Save Changes.
Re-authenticating with OAuth
With OAuth support for the Epic FHIR Zoom App and the deprecation of JWT authentication in September 2023, Epic admins can follow these steps to migrate from JWT to OAuth authentication.
- Sign in to the Zoom App Marketplace as the account administrator.
- In the top right of the page, click Manage.
- In the navigation menu, click Added Apps.
- Click the Epic FHIR app.
- Click Update.
You will be prompted to authenticate with your Epic account. -
Provide access to the requested permissions. When authentication is complete, you will return to the Epic FHIR marketplace page.
How to configure account-level settings
The Epic FHIR integration requires the following Zoom account-level settings to remain unlocked.
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click Account Management then Account Settings.
- Click the Meetings tab.
- Ensure that the following settings are not locked:
- Under Schedule meeting, ensure that the Allow participants to join before host setting is unlocked.
- Under Security, ensure that the Waiting Room setting is unlocked.
How to remove from the Zoom App Marketplace
-
Sign in to the Zoom web portal as an administrator.
-
In the navigation panel, click Advanced then App Marketplace.
-
On the top right of the page, click Manage.
-
On the left side of the page, click Added Apps.
- Next to the Epic FHIR app, click Remove.
-
In the Remove app pop-up window, choose your reason, then click Remove.
Configuring Epic FDI records
The FHIR integration is used by configuring FDI records for each type of video visit launch that the integration supports. These records contain a URL string that corresponds to a particular API in the integration application, as well as parameters for identifying the participants and Epic appointment associated with the meeting.
Note : If you are an existing customer and have already configured your FDI records, you can continue using just the “org_id” url parameter. But if you “Regenerate” the Api Key field on EpicFhir app configuration page then you must add “acc_id” url param to your FDI records
The required URLs for each type of visit are listed below. These are entered in the “URL” field in “Installation Mnemonic Values”.
-
Provider (Hyperspace)
https://applications.zoom.us/epicfhir/providerlaunch?org_id=<Zoom API key>&acc_id=<Zoom Account Id> -
Nurse (hyperspace)
https://applications.zoom.us/epicfhir/nurselaunch?org_id=<Zoom API key>&acc_id=<Zoom Account Id> -
Patient (MyChart)
https://applications.zoom.us/epicfhir/patientlaunch?org_id=<Zoom API key>&acc_id=<Zoom Account Id> -
Zoom Room (In-Patient)
https://applications.zoom.us/epicfhir/zoomroomlaunch?org_id=<Zoom API key>&acc_id=<Zoom Account Id> -
Device Test
https://applications.zoom.us/epicfhir/devicetest?org_id=<Zoom API key>&acc_id=<Zoom Account Id>
The parameters for identifying the launch context are listed below. These are entered in the “CONTEXT” field in “Installation Mnemonic Values”
-
Provider (Hyperspace)
epicSessionId=%CSN%&firstName=%USERFNAME%&lastName=%USERLNAME%&epicUserId=%EPICUSERID;;; ; ;;NONE;%&useProviderZoomAccount=<true|false>&noRedirect=<true|false> -
Patient (MyChart)
epicSessionId=%CSN%&epicUserId=%WPRID;;; ;;;NONE;%&firstName=%WPRFNAME%&lastName=%WPRLNAME%&encounterProviderId=%EXTENSION;<Provider LPP ID>%&useProviderZoomAccount=false&noRedirect=<true|false> -
Zoom Room (In-Patient)
epicSessionId=%CSN%&epicProviderId=%USERPROVID;;;;;<ID TypeValue>%&useProviderZoomAccount=<true/false>&roomName=<Zoom Room Name>&roomDisplay=<Zoom Room Display Name>&noRedirect=<true|false> -
Nurse (hyperspace)
epicSessionId=%CSN%&firstName=%USERFNAME%&lastName=%USERLNAME%&epicProviderId=%USERPROVID;;;;;<ID type value>%&useProviderZoomAccount=<true|false>&noRedirect=<true|false> -
Device Test
epicSessionId=%CSN%&epicUserId=%WPRID;;; ;;;NONE;%&firstName=%WPRFNAME%&lastName=%WPRLNAME%
Usage
Once a healthcare administrator configures FDI records for each type of meeting, providers may access the Hyperspace portal, locate their telehealth appointment, and launch their video visit. Providers will be set as the host of the meeting, and will automatically join the meeting as soon as it begins.
Patients may locate their appointment within the MyChart portal, and launch their visit from there. If the provider has not yet joined the meeting, patients will observe a loading screen that says “Please wait for the host to start this meeting”. Once the provider has joined the meeting, depending on the patient admittance policy configured by the administrator, the patient will either automatically join the meeting or must wait for the provider to manually admit them.
Troubleshooting for Zoom's Epic FHIR integration
Meeting Indicator
Epic’s Hyperspace client displays a green light to indicate when patients join the telehealth meetings. When the indicator is not working correctly, we can use notification records to help diagnose the cause.
To access the notification records screen:
- Sign in to the Zoom App Marketplace as the Zoom user account administrator.
- In the top right of the page, click Manage.
- For the Epic FHIR app, click Configure then Notification Records.
- Enter the Zoom meeting ID for the meeting or the Epic CSN of the encounter, that the indicator was not working properly.
- Click Search.
The search will display a list of notification records. Each row corresponds to a notification sent from Zoom to Epic and contains the date and time when patients and providers joined and left the meeting.
The RespCode column indicates if the notification was successfully handled by Epic. Successful notifications display 200. A value other than “200” indicates there is a problem with the notifications reaching Epic which can cause the indicator to not work properly.
These are some things to check if there are problems:
- Confirm the Epic Telehealth Base URL configuration is correct.
- If you use an IP allow list, ensure that all Zoom IP addresses that can originate notifications are included in your network allow list. The IP addresses are listed on Zoom’s network firewall or proxy server settings page (network firewall TCP addresses).
- Ensure that the FDI records are properly configured on Epic.
For additional help, submit a request to Zoom Support.
Data Security
- Zoom helps enable HIPAA compliance.
- All communications between Zoom, Epic, and Zoom video sessions are encrypted with AES-256 bit encryption.
- Zoom video visits launched from Epic are dynamic password protected.
- All account-level settings are applicable for your video visit sessions. For example, you can disable recordings, annotations, and other features as needed for security reasons.
- The integration automatically creates Zoom user accounts for patients and providers using information from the Epic FDI records. Administrators can manually delete provider accounts by:
- Sign in to the Zoom web portal as an admin with the privilege to edit account settings.
- In the navigation menu, click User Management then Users.
- Find the provider user accounts that you want to delete.
Note: Provider user accounts are identified by emails ending in @zoomtelevisit.com.
How your data is used
This integration accesses and uses the following information from your Zoom account:
-
User account’s first and last name: The integration displays the provider’s first and last name during the video visit meeting.
-
Meeting settings: The account-wide meeting settings are used when creating a video visit meeting.
This integration accesses and uses the following information from your Epic account:
-
Session ID: Used to uniquely identify the epic video visit session when reporting patient and provider meeting connection status (connected/disconnected) and device test results to Epic.
-
Epic user ID: Used to uniquely identify the patient when reporting patient meeting connection status (connected/disconnected) to Epic. Also used when automatically creating a Zoom account for the video visit meeting.
-
Epic provider ID: Used to uniquely identify the provider when reporting provider meeting connection status (connected/disconnected) to Epic. Also used when automatically creating a Zoom account for the video visit meeting if different than the encounter provider.
-
Epic encounter provider ID: Used to uniquely identify the encounter provider associated with the scheduled video visit. It is used to determine the host when scheduling the video visit Zoom meeting. It is also used when automatically creating a Zoom account for the video visit meeting.
-
User first and last name: Used when automatically creating a Zoom account for the video visit meeting. Also displayed during the video visit meeting.
-
Provider email: If provider launch is enabled to use a provider’s existing Zoom account, the email is used to find the user’s Zoom account which is used for the video visit meeting.
-
Zoom Room name: For Zoom Room video visits (Epic “monitor” calls), it is used to identify the Zoom Room that connects to the meeting.