40.1.1Smile CDR Payer to Payer Quickstart Guide

Experimental

In a payer to payer transfer, Smile can be configured to act both as the source (old payer) or target (new payer).

This guide will walk through how to configure each.

In either case, the first steps are the same:

1. Add a System to System Data Exchange Module and register a Storage module as a dependency.

40.1.1.1Source (Old Payer)

1. If consent filtering is required, enable it in the System to System Data Exchange module.
2. If one doesn't exist, add a SMART_OUT_SECURITY module.
3. Configure the SMART module with all the basic properties needed (port, jwks file or keystore, issuer url, and a local security dependency for username/password) 1. Take note of the issuer url. This will be needed for the OIC Client later.
4. Configure the SMART module to support the client credentials flow.
5. Save and start the SMART_OUT module.
6. Ensure that there is a FHIR Endpoint module, or configure one if necessary.
7. Enable OpenID Connect Security and add the newly configured SMART_OUT module as the 'OpenID Connect Authentication' dependency.
8. Save and restart the FHIR Endpoint module.
9. In the Storage module, ensure bulk_export is enabled.
10. In the Storage module, ensure index missing search parameters is enabled.
11. If desired, an additional consent service can be configured (see Optional steps below) in the Storage module, but is not necessary.
12. If necessary, save and restart the Storage module.
13. Under Users & Authorization, create a new OIC Client under the SMART_OUT module.
14. Set a client_id and a client_secret and enable Client Credentials flow. Keep track of these as they will be needed by the target server.
15. Add the following scopes to the client: cdr_all_user_authorities and openid.
16. Grant the following permissions to the client: FHIR_OP_INITIATE_BULK_DATA_EXPORT, FHIR_OP_MEMBER_MATCH, FHIR_ALL_READ, and FHIR_ALL_WRITE.
17. Save the client.

During the export of resources from the old payer, a consent service may be configured to provide additional filtering during said export.

40.1.1.2Target (New Payer)

1. Create a System to System Data Exchange module (if one doesn't already exist) and add a storage module dependency.
2. Set the Reference System used by Target Patient property. This value should match exactly one identifier.system value on any local patients used during an $sdh.s2s.invoke-export flow.
3. Set the Responder Identifier System. Imported resources will use this when storing their source system ids as identifiers.
4. Save and restart the System to System Data Exchange module if necessary.
5. Under Users & Authorization, create a new OIC Server* under the System to System Data Exchange module.
6. Set the issuer url to the Source's OIC Client.
7. Set the .well-known endpoint. Should be something like {issuer.url}/.well-known/openid-configuration.
8. Set the token introspection client id / client secret. These should be the same values as the Source OIC Client's client_id and client_secret so that the target can connect to the source.
9. Set the FHIR endpoint url (if this field isn't visible, verify the server is being created under the System to System Data Exchange)
10. Under the (associated) Storage module, enable Auto-Create Placeholder Reference Targets.
11. Set the value for Reference System used by Target Patient.

• It is important that the OIC Server on the target is created under the System to System Data Exchange module, and not a security module.