Vaccination Status - Technical Discovery

[ambikaroos]

Issue Ticket

Discovery Task (feature discovery)

Discovery task

• Tech research: what is being asked for? What's going on with Lighthouse? (Decision made to move forward with Lighthouse on 9/16)
• What data is available to us via Lighthouse?
  • Is there a flag indicating that a series of immunizations is complete? (If the user received a 2 dose vaccine, but has only received one, is that explicit in the data?)
  • Can we tell between official VA and self reported data?

    Key Takeaways?

    ### Staging test accounts used to do discovery research

    Blockers

Feature description

User story

UX Acceptance Criteria

Open questions

Front-end specs

Link to Sketch file / screenshot

### User flow

Common components used

NOTE: Mark any New Common Component ticket as a dependency of this ticket in ZenHub.

Accessibility requirements

• [ ]

  Content

[travis-newby]

I talked to a couple of people today and learned a couple of things...

People Dave Mazik — Lighthouse PM Stephen Barrs — OCTO Engineer Dillo Raju — GovernmentCIO Engineer

Background We were asked by Charles to use the Lighthouse APIs to obtain immunization data for a couple of reasons.

The first is that Lighthouse is likely where any immunization verification scheme will live in the future. In fact, the Lighthouse team created a SMART Health Card and verified their implementation with Apple. However, they were asked to pause this effort.

The second is that we should stay in sync with Lighthouse’s health APIs, because those APIs are what the mobile operating systems pull from in apps like Apple Health.

What I learned about Lighthouse from Dave and Stephen Lighthouse pulls data from a different source (Corporate Data Warehouse - CDW) than other VA organizations like MHV. Ultimately their data comes from Vista, and they’ve worked with an organization called the Knowledge Based Systems Group (?) to map data to FHIR. Lighthouse’s module (data mart?) inside (or adjacent to?) CDW handles roughly 6M calls per day with an average response time of 300ms.

Immunization information is available in CDW between ~4 and ~30 hours after the immunization. The immunization information available in Lighthouse is dependent on what makes it into Vista. Covid vaccinations that took place outside of VA facilities but otherwise in the VA ecosystem (like Community Care) could be included; it depends on whether they make it into Vista as structured data (as opposed to making it into Vista inside PDFs or clinical notes).

The API we’re interested in is the Veterans Health API, and we’ll want to use the R4 version of FHIR because that gives us more data. Stephen Barrs and his team have accessed data in this API before in vets-api for the Clipboard and Check In Experience. Dillo was the implementing contractor.

Stephen’s team used OAuth Client Credentials to access Lighthouse from within vets-api. “When we request the token, we include the patient ICN so that token can only be used to access the endpoints within the requested scopes for that specific Veteran.” Scopes are listed here. We’d likely use “patient/Immunization.read” to pull in the read-only data for a Veteran’s immunizations.

Stephen offered to set up a meeting between us and his contractor team to share data if necessary.

Misc This data seems like it'd be interesting to all of vets-api. So architecturally I'd like to see it built into vets-api and us call into it like we do our other services.

[travis-newby]

Today, a group of us — including Ayush, Patrick S, Patrick V, Jen, Leanna, and Travis — decided to start down the path of using Lighthouse as the API-of-choice for immunization data. We also decided that Lighthouse should be integrated into “the backend of the backend,” and used — like we do other vets-api services now — inside the mobile api.

We based these decisions on quite a few factors, including:

• Lighthouse is where future services around vaccines — such as vaccine verification — may live if implemented
• Lighthouse immunization data in is updated every 4-30 hours
• Lighthouse immunization data is available in the FHIR format, which is a good thing
• A single API call — in opposition to multiple API calls should we go the EHR or PHR route — is easier to understand and implement
• Although the OAuth Client Credential flow is not ideal, it’s similar to how we access other backend services in vets-api today
• There is prior art for connecting to the Lighthouse health APIs within vets-api

One other important thing to note is that Kathy Frisbee suggested we use Lighthouse API to access immunization data.

We also decided to not spend time looking into other Electronic Health Record (EHR) or Personal Health Record (PHR) based MHV APIs.

• Updates to the Personal Health Record happen at most once every 24 hours; this is not a significant gain in speed over the 4-30 hour time frame given to us by the Lighthouse team
• Because EHR → PHR updates happen asynchronously, the service calls are likely to be more complex than the calls to Lighthouse
• Because the EHR → PHR transition takes a non-trivial amount of time to execute, it will slow down service calls

Because of those things, there are no tangible benefits of the PHR route.

[kreek]

I spoke with Stephen Barrs, and the Lighthouse API key in vets-api does not include immunization read in its scope. We'd either have to get immunization added to that scope or get a dedicated API key. Stephen thinks Lighthouse would push for the latter. Beau Grantham is his Lighthouse contact and Stephen will be reaching out to him wrt adding scopes to an existing token vs setting something new up for Mobile.

[travis-newby]

Is there a reason for us to care one way or the other (re: added scope vs dedicated API key)?

[kreek]

I think a separate key is the right path, and adding a scope would likely take just as much time. Stephen said is was straightforward to get on boarded for consuming an existing API.

[kreek]

Talked to Beau at Lighthouse and since they don't have a form yet for requesting system to system auth access he suggested submitting that request via their contact us form. I submitted that request yesterday evening.

[kreek]

@ashley-matthews answers to the questions above

What data is available to us via Lighthouse?

The Lighthouse Health FHIR API provides an endpoint with a patient's list of immunizations. And a second endpoint, which retrieves a single immunization record by id.

Is there a flag indicating that a series of immunizations is complete? (If the user received a 2 dose vaccine, but has only received one, is that explicit in the data?)

There's a protocolApplied object which includes doseNumber and seriesDoses which are the "Dose number within series" and "Recommended number of doses for immunity", respectively.

Can we tell between official VA and self-reported data?

There's a performer field but from our Mobile Health Check-in zoom call today that only official VA entered data would be in this API.

[travis-newby]

@kreek Please document the reasons why you think adding a key is the right path — for our future selves.

If the request lingers more than a couple of days, please let me know.

[kreek]

@travis-newby Adding a key, rather than a scope, is the right call as Lighthouse can track analytics and provide support independently of the other apps (healthquest etc). And it protects us from changes not in our control i.e. outside our repo e.g. health quest goes away, or removes scopes.

[kreek]

I opened a VSP operations ticket based on Beau's instructions https://dsva.slack.com/archives/CBU0KDSB1/p1632439082099600

[ambikaroos]

Until we get an API key we can't make a call on actual data, but that is pending

[ambikaroos]

Closing and will continue work in #1645