Dear anyone in healthcare: did any of you build an authentication service for Epic EMR OAuth?

Our company is a healthcare tech startup, and we are trying to build an authentication / authorization service which needs to talk to Epic (the giant EMR company) OAuth, via way of App Orchard/Hyperspace.

I know there are some libraries that do auth, including phx.gen.auth, but wanted to reach out if there’s anyone that did this - or if anyone has any advice on it.

Thanks in advice.

You can use something like samly, which is ok-ish, or just roll your own OAuth plug. If I recall correctly the assertion that they send is pretty simple (xml) to handle. There’s also oauth2 but I’ve never used that.

When I built out a thing for working with Epic a few years ago, I just got on a call with someone there and had them send requests to an ngrok url that forwarded to my local machine. I was able to work out the issues in a 30 minute call. If you’re already set up in App Orchard you should have a contact there and/or with a hospital’s IT department who can help you out.

1 Like