Patient Portal Development

Self-service appointment scheduling using FHIR R4 Slot and Appointment resources to query real-time provider availability directly from your scheduling system. Patients select appointment type, provider, location, and preferred time without calling the front desk. The FHIR Appointment resource creates the booking record in your EHR at the point of patient confirmation, so the scheduling system and the portal stay in sync without a separate data synchronisation job. The booking flow adapts to appointment type requirements: new patient intake forms, referral number capture, insurance verification prompts, and pre-visit questionnaires are presented at the correct step in the booking sequence based on the appointment type definition.

SMART on FHIR launch context enables single-sign-on from within your EHR patient-facing applications, so patients who access the portal from within an integrated health system don't re-authenticate. Automated confirmation messages deliver immediately after booking; reminder messages fire at configurable intervals before the appointment via SMS, email, or push notification. Rescheduling and cancellation are available directly in the portal with cancelled slots triggering waitlist offers where the waitlist feature is configured. No-show tracking feeds back into patient engagement analytics.

Lab results delivered through the portal using LOINC-coded panels from the FHIR R4 DiagnosticReport and Observation resources. LOINC coding enables the portal to display results with accurate reference ranges, flagged values (low/high/critical), and structured contextual information that makes them interpretable to the patient rather than a raw lab printout. Imaging reports, visit summaries, medication history, and immunisation records are accessible in a single health record view. The FHIR R4 Patient/$everything operation retrieves the complete longitudinal patient record, enabling a full timeline view of care history.

Blue Button 2.0 API integration allows Medicare beneficiaries to pull their Part A, B, and D claims data directly into the portal, providing a consolidated view of care received across providers. ONC 21st Century Cures Act patient access requirements are met through the FHIR-based data access layer -- patients can request their complete health information and receive it in a machine-readable format. Result release follows your clinical rules: automatic release on a defined timer (configurable by result type), hold for provider review before the patient sees the result, or provider-initiated release with an attached interpretation message. Patients receive a push notification or email when new results are available, which drives portal return visits without requiring a phone call from the practice.

HIPAA-compliant asynchronous messaging between patients and the care team, with message content encrypted in transit via TLS 1.2+ and at rest using AES-256 in a HIPAA-compliant message store. PHI in message bodies is never stored in plain text in a relational database row -- it is encrypted at the field level with key management handled through AWS KMS or an equivalent HSM-backed service. Business Associate Agreements with every infrastructure provider processing message content are included in the compliance documentation package.

Messages route to the correct team member or pool based on message type and clinical team configuration: clinical questions go to the nurse inbox, appointment requests route to scheduling, billing inquiries route to the billing team. Response time SLAs are configurable per message type so clinical questions receive a different priority routing than administrative requests. Read receipts confirm patient-side delivery. Message threads carry full audit logging -- every access, read, and reply is logged with timestamp, user identity, and access context -- for HIPAA compliance review and eDiscovery. Multi-factor authentication (TOTP via apps like Google Authenticator, or SMS-based OTP) is required before accessing message content containing PHI, with session timeout controls configurable per compliance policy.

Care plan task tracking for patients managing chronic conditions or post-procedure recovery, built on FHIR R4 CarePlan and Goal resources so the care plan displayed in the portal reflects what the clinical team has documented in the EHR. Tasks, milestones, and check-in prompts are presented in a clear timeline with completion status visible to both the patient and the care team. Patient-reported outcome (PRO) measures -- including validated PROMIS (Patient-Reported Outcomes Measurement Information System) instruments for pain, physical function, fatigue, and mental health -- are collected through structured forms within the portal and written back to the EHR as FHIR Observation resources.

Medication list is populated from the FHIR R4 MedicationRequest resource with RxNorm-coded medications so the display includes structured drug names, strengths, dosing instructions, and refill history rather than free-text strings. Medication reminder notifications fire on the patient's configured schedule for complex multi-drug regimens. Prescription refill request submission directly from the medication list includes routing to the prescribing provider with status tracking through approval and pharmacy processing steps. Immunisation records pulled from FHIR Immunization resources and preventive care reminders tied to care gaps identified in the EHR are presented to the patient with clear next steps.

Invoice access and online payment for outstanding balances with support for partial payments, payment plan setup, and saved payment method for recurring instalments. Insurance information management allows patients to update coverage details, insurance ID numbers, and group plan information ahead of appointments to reduce check-in delays. Explanation of Benefits (EOB) documents are accessible in the portal alongside the corresponding invoice so patients can understand what their insurer covered and what their patient responsibility represents.

Payment processing integrates with your existing billing system via its API for real-time balance data and immediate payment posting -- so when a patient pays at 10pm, the balance is cleared in the billing system that night, not batched the next business day. Payment confirmation and receipt by email is sent immediately on transaction completion. Patients who can see their balance and pay online pay faster and with fewer staff touchpoints than patients who receive paper statements and a phone number to call. WCAG 2.1 AA accessibility compliance is built into the billing UI so the payment workflow is usable by patients with visual, motor, and cognitive disabilities -- this is also an ONC patient access requirement for portals used with federally funded programmes.

iOS and Android native or React Native cross-platform mobile app with the full portal feature set -- FHIR-powered appointment booking, lab results with LOINC reference ranges, HIPAA-compliant secure messaging, care plan task tracking with PROMIS outcome collection, medication list with RxNorm codes, and billing and payment. Biometric authentication (Face ID, Touch ID on iOS; fingerprint on Android) enables fast, secure sign-in without password entry on each session, using the device's secure enclave to store the credential -- no biometric data is transmitted to the server.

Multi-factor authentication (TOTP via authenticator app, or SMS OTP) is enforced before accessing PHI for the first time on a new device, with configurable session re-authentication intervals per your compliance policy. Push notifications via APNs (iOS) and FCM (Android) deliver new test result alerts, provider message notifications, appointment reminders, and care plan check-in prompts in real time. WCAG 2.1 AA accessibility compliance covers screen reader support (VoiceOver on iOS, TalkBack on Android), sufficient colour contrast ratios, and touch target sizing appropriate for users with motor impairments. The mobile app is the primary access point for most patients under 50 -- building web-only first and adding mobile later creates a two-phase adoption problem. We build both from the start under the same data architecture and FHIR integration layer.