...
This implementation guide is centered centred on the Record Access Token API call, available from our custom REST API.
...
How it works
Here are the steps:
The organisation creates a record for their patient as they normally do (e.g. via HL7 ADT A28 or CSV manual upload). The organisation can immediately send data to populate the record, for example with laboratory test results and clinic appointments.
Any user with
...
access to this patient’s record can use the new PKB REST API call to generate a patient-specific unique invitation code and
...
secret token for that record. For example, a hospital can use these values to create an invitation letter, SMS or email to send to the patient.
The patient uses the invitation code and
...
secret token to start registration on the PKB web site - refer toJoin PKB URLs.
For security, PKB tests the registering user’s knowledge of the patient’s date of birth.
The patient enters their email address and password.
The patient can now log into the PKB web site to see their data and send messages to their clinical team.
Here is an example of the steps using an integration with letter printing software (such as Synertec):
...
Tokens will time-expire (30 days10 weeks) from the time of generation.
Tokens can be generated at any time using this call. A new invitation code / decryption secret token will be generated each time. Existing invitation codes will not be invalidated (until they time-expire).
If a record already exists and was created in a different org an HTTP 401 response will might be returned.
Registration on the UK production server is performed against http://www.joinpkb.com ; parameters may be passed into this url for form pre-population if desired.
...