TL;DR Oystehr provides a comprehensive suite of hosted services for health tech and EHR builders, including application management and sophisticated configuration of access control policies down to individual resources.
Last week we released Oystehr Apps, a Oystehr service vital for building user-facing healthcare apps.
Oystehr's APIs provide you a compliant backend out of the box so you can build better faster. To invoke Oystehr APIs securely, users need to authenticate so your application knows they are authorized. When users log into your Oystehr Application, they get a token representing their identity to Oystehr’s APIs.
Every user and role in your Oystehr project has their Oystehr API access constrained by Access Policies which you configure. For example, you might use Access Policies to constrain a patient’s account such that they can only fetch data directly related to them (using the FHIR Patient Compartment).
PM Pediatric Care uses the Oystehr App Service to secure their Behavioral Health Intake Dashboard. When you first navigate to the Dashboard, you are sent to this login page on auth.oystehr.com:
After logging in, Dashboard users are brought to this page, which calls Oystehr’s FHIR APIs with the user’s auth token. By leveraging Oystehr’s FHIR APIs, the PM Pediatric Care development team is building sophisticated medical applications without the expense of building a proprietary backend.
To use Oystehr’s APIs from your web and native apps, you first secure them with Oystehr’s App service. Oystehr’s authorization is built to the industry-standard OAuth 2.0 specification, providing your application with the highest level of security. In just a few clicks or API calls, you can enable multi-factor authentication for your Oystehr Applications. You won’t need to build or find your own auth platform — it can be configured using Oystehr’s APIs and a few lines of code.
Use our hosted login screens. Here’s an example using Auth0’s React library to easily drop in a secure workflow:
<Auth0Provider
domain="https://auth.oystehr.com"
clientId="YOUR_CLIENT_ID_HERE"
audience="https://api.oystehr.com"
redirectUri="https://example.com"
> ...
This is the quickest way to add authentication to your application as the hosted authentication app provides screens for logging in, resetting password, 2-factor authentication, and signing up.
Build your own auth pages. You can implement the OAuth 2.0 authorization code with PKCE flow by calling the Auth0 /authorize and /oauth/token endpoints on auth.oystehr.com.
Settings for Applications can be configured, such as:
The Oystehr console has pages for managing Applications.
With Oystehr’s App service launch, you can get started building user-facing apps on the Oystehr platform. Beta users are already building EHR apps to manage intake workflows, and lightweight RCM products to post insurance claims to clearing houses and manage their resolution.
If you have any questions, you can email us or join our Slack.
Our new behavioral health intake application, built on Oystehr, allowed us to build a solution that is customized for our use including scheduling, insurance validation, and direct integration with our eClinicalWorks EHR.
Chief Medical Information Officer at PM Pediatric Care