Patient Portal Service

Consumer-facing web and mobile application providing patients secure access to their health records, appointments, messaging, and self-service features

Service Patient-Facing Mobile + Web Patient Portal API v2

Overview

The Patient Portal provides a user-friendly interface for patients to engage with their healthcare, view records, communicate with providers, and manage appointments—all in compliance with patient access requirements.

Key Features

Health Records Access

  • Medical History: Problems, diagnoses, procedures
  • Medications: Current and past medications
  • Allergies: Drug and food allergies
  • Immunizations: Vaccination history
  • Test Results: Labs and imaging (after provider review)
  • Visit Summaries: After visit summaries (AVS)
  • Clinical Notes: Provider documentation
  • Download: CCD (Continuity of Care Document) export

Appointments

  • Schedule: Book appointments online
  • View Upcoming: Calendar view of scheduled visits
  • Reschedule/Cancel: Self-service management
  • Pre-Registration: Complete forms before visit
  • Telehealth: Join video visits
  • Wait Times: Real-time wait time estimates

Secure Messaging

  • Provider Messages: Direct secure communication with care team
  • Attachments: Share photos/documents
  • Response SLA: Provider response within 48 hours
  • Topic Selection: Appointment, medication, billing, general

Prescriptions

  • View Medications: Current medication list
  • Request Refills: Electronic refill requests
  • Pharmacy: Update preferred pharmacy
  • Medication History: Past medications

Billing & Payments

  • View Statements: Current balance and history
  • Pay Online: Credit card, debit card, ACH
  • Payment Plans: Set up installment plans
  • Insurance: View coverage information
  • Copay Estimates: Before visit estimates

Health Management

  • Care Plans: View and track care plans
  • Health Maintenance: Preventive care reminders
  • Educational Materials: Personalized health education
  • Health Trackers: Blood pressure, glucose, weight
  • Care Gaps: Identified care opportunities

Technology Stack

  • Frontend: React, Next.js, TypeScript
  • Mobile: React Native (iOS + Android)
  • Backend: Node.js, NestJS
  • Database: PostgreSQL
  • Cache: Redis
  • FHIR API: Integration with EHR Service
  • Identity: OAuth 2.0, SMART on FHIR

Security & Privacy

Authentication

  • Username/password
  • Multi-factor authentication (SMS, email, authenticator app)
  • Biometric (mobile): Touch ID, Face ID
  • Password complexity requirements
  • Account lockout after failed attempts

Authorization

  • Patient owns their data
  • Proxy access (parent/child, authorized representative)
  • Break-the-glass not applicable (patient access always allowed)

Audit Logging

  • All access logged for HIPAA compliance
  • Patient can view access log
  • Suspicious activity alerts

Session Management

  • 15-minute idle timeout
  • Secure session cookies
  • Force logout on password change

21st Century Cures Act Compliance

Information Blocking

  • No Blocking: Cannot block patient access to EHI (Electronic Health Information)
  • Timely Access: Results available without delay after provider review
  • No Fees: Cannot charge for electronic access
  • API Access: Must support app-based access (FHIR API)

Patient Access API

  • FHIR-based API for third-party apps
  • SMART on FHIR authorization
  • Scope-based access (patient/*.read)
  • Rate limiting for stability

User Experience

Mobile-First Design

  • Responsive web design
  • Native mobile apps (iOS + Android)
  • Push notifications
  • Offline capability (view cached data)

Accessibility

  • WCAG 2.1 AA compliant
  • Screen reader support
  • High contrast mode
  • Keyboard navigation
  • Multiple languages (English, Spanish, Chinese, Vietnamese)

Personalization

  • Dashboard widgets customizable
  • Notification preferences
  • Preferred language
  • Timezone awareness

Performance

  • Page load time: < 2 seconds
  • API response: < 500ms
  • Mobile app startup: < 3 seconds
  • 99.9% uptime (planned maintenance windows)

Patient Engagement Metrics

  • Activation Rate: % of patients who activate account
  • Monthly Active Users: MAU
  • Feature Usage: Most used features
  • Appointment No-Show: Reduction via reminders
  • Message Volume: Secure messages vs phone calls
  • Patient Satisfaction: NPS score

Integration Points

  • EHR Service: Patient data via FHIR API
  • Appointment Service: Scheduling integration
  • Lab Systems: Test results
  • Imaging Systems: Radiology reports
  • Billing: Statements and payments
  • Patient Education: Health literacy content
Edit this page