1 EMR Configuration

This section describes EMR configuration. It contains the following topics:

Section 1.1, "Overview"
Section 1.2, "Configuration"
Section 1.3, "Configuring the OPSS Keystore"

1.1 Overview

To publish genomic reports to EMR, you must configure OHPM to integrate with EPIC EMR. This section describes how to configure EMR.

Multiple EMR integration configurations can be created and maintained in OHPM. However, at any given point in time, only one configuration will remain in the active status. If not, the genomic report will not be published to EMR from OHPM.

1.2 Configuration

Perform the following steps to configure OHPM for EPIC EMR:

Note:

Steps 1 to 4 in the following list should be performed only if EMR configuration was not done during installation.

Note down the host name and the TLS port number where EPIC EMR listens for incoming lab result message.

This TLS port typically is the EPIC Interconnect HL7 V2 interface that can handle base64 encoded attachments. Oracle strongly recommends that you use TLS 1.2 as it is secure.
Get the Certificate Authority (CA) Certificate of the CA that signed the digital certificates used by EPIC TLS.

CA certificates are generally from standard public CAs like Verisign. If EPIC was configured to use a self-signed certificate, then use the local CA certificate employed to sign the certificate request.
If you have completed EMR configuration through the installer, proceed to step 5. If not, proceed to step 3.
Load the CA Certificate into OHPM WebLogic Server's Oracle Platform Security Services (OPSS) keystore. You can do this either:
- Using the Enterprise Manager
- Using the WebLogic Scripting Tool
Grant permission to read the keystore.

Use the EMR Integration Configuration REST service available as part of the OHPM application to configure details required to publish a report to the EMR using the TLS keystore created in the previous step.

The service end point of the EMR Integration Configuration REST service and definition of its payload are as follows:

Table 1-1 Service End Point

HTTP Method	URL	Description
GET/DELETE	http://<host>:<port>/ohpm/opmemrintegration/resources/opm/api/v1.0/emrconfigservice/emrconfig/{emrId}	Retrieve or Delete EMR integration configuration for a given EMR ID
GET	http://<host>:<port>/ohpm/opmemrintegration/resources/opm/api/v1.0/emrconfigservice/emrconfig/status/{status}	Retrieve EMR integration configuration for a given status. Status is active A or Inactive I.
POST/PUT	http://<host>:<port>/ohpm/opmemrintegration/resources/opm/api/v1.0/emrconfigservice/emrconfig	Create or Update using the EMRIntegrationConfig payload

Table 1-2 Definition of Payload

Field (XML/JSON)	Description	Valid Value Set	Example
emrIntegrationConfig	Root Element	-	-
createdById	Created by user ID (automatically populated)	-	-
createdOnDt	Date when record was created (automatically populated)	-	-
description	Description of the EMR	User defined	EPIC EMR
emrId	A unique ID for the configuration. Used to update.	User defined	Epic_1
emrType	Type of the EMR	EPIC	EPIC
integrationHost	Host name or IP of the remote EMR system for TCP/TLS communication, otherwise NULL	Remote host name/IP	remotehost.com
integrationPort	Port number for TCP/TLS communication, otherwise NULL	Valid remote host port number	8088
integrationUrl	SOAP/REST URL for SOAP/REST end point, otherwise NULL	Valid URL	https://host:7002/epic/fhir/svc
integrationAuthMethod	Authentication method for calling remote service	HTTP-BASIC, WS-SECURITY	HTTP-BASIC
integrationAuthUsername	Username for HTTB-BASIC and WS-SECURITY. Credentials must be available in OPSS/JPS configuration	User defined	testuser
integrationSslKeystore	OPSS/JPS keystore name in stripe OPMApp. Mandatory when the integration URL starts with https.	User defined	castore
messageFormat	The format of the EMR message to be generated	HL7V2	HL7V2
messageTemplateLoc	Location of the template. The default location for EPIC is templates/EPIC_HL7V2.template	Valid file location	templates/EPIC_HL7V2.template
receivingApplication	The name of the application receiving the HL7V2 message.	User defined	EPIC
receivingFacility	The name of the facility receiving the HL7V2 message.	User defined	EPIC-LAB
reportTestName	Test name (code) to represent genomic test result, based on what EMR accepts	User defined	GENE^GENOMIC EXAM
rowWid	Internally generated surrogate primary key	-	-
sendingApplication	The name of the application sending the HL7V2 message.	User defined	ORACLE-MI
sendingFacility	The name of the facility sending the HL7V2 message.	User defined	GENETIC-LAB
status	Status of the configuration record	A (active), I (inactive)	A
transportProtocol	Transport protocol supported by this EMR	TCP, TLS, SOAP1, SOAP2, REST	TLS

Following is a sample XML payload for the REST service to create a TLS connection configuration to EPIC:

<?xml version="1.0" encoding="UTF-8"?>
<emrIntegrationConfig>
   <description>EPIC EMR Configuration</description>
   <emrId>Epic_Id1</emrId>
   <emrType>EPIC</emrType>
   <integrationHost>localhost</integrationHost>
   <integrationPort>8081</integrationPort>
   <integrationSslKeystore>emrtruststore</integrationSslKeystore>
   <messageFormat>HL7V2</messageFormat>
   <messageTemplateLoc>templates/EPIC_HL7V2.template</messageTemplateLoc>
   <receivingApplication>EPIC</receivingApplication>
   <receivingFacility>EPC</receivingFacility>
   <reportTestName>GENOMIC^REPORT</reportTestName>
   <sendingApplication>ORACLE-PM</sendingApplication>
   <sendingFacility>ORACLE-PM</sendingFacility>
   <status>A</status>
   <transportProtocol>TLS</transportProtocol>
</emrIntegrationConfig>

Enable publishing the report to EMR. For details, see Section 2.3, "Enabling or Disabling Features Related to External Systems".

1.3 Configuring the OPSS Keystore

You can configure the OPSS keystore using either the WebLogic Scripting Tool or the Enterprise Manager. For standard setups, follow the WLST steps from Section 1.3.2. If you have an Enterprise Manager license, follow the steps from Section 1.3.1.

1.3.1 Using the Enterprise Manager

Note:

The Enterprise Manager requires a separate license and is not part of the OHPM installer components.

To configure the EMR keystore after using the OHPM installer, use the Enterprise Manager. This involves the following steps:

Log into WebLogic Enterprise Manager Fusion Middleware Control.
Navigate to WebLogic Domain > Security > Keystore.

Description of the illustration ''fig33.gif''
Click Create Stripe to create a new stripe named OPMApp.

Description of the illustration ''fig34.gif''
Click OK.
Click Create Keystore.
Create a new keystore that will be used in the EMR integration configuration. For example, emrtruststore.

Description of the illustration ''fig35.gif''
Ensure that Policy is selected for Protection.
Deselect Grant Permission.
Click OK.

For details on creating a keystore, see the section on Creating a Keystore with Fusion Middleware Control in the Oracle® Fusion Middleware Securing Applications with Oracle Platform Security Services available at the following location

https://docs.oracle.com/middleware/1213/idm/app-security/kssadm.htm#CACHHHCH
Select the keystore created in the previous step and click Manage.

Description of the illustration ''fig36.gif''
Click Import.
Select the Certificate Type as Trusted Certificate.
Enter an Alias.
You can either browse and select the CA certificate file or copy the certificate content into the text field provided.
Click OK. The CA trusted certificate is successfully added to the keystore.

Description of the illustration ''fig37.gif''

For details on creating a keystore, see the section on Importing a Certificate or Trusted Certificate with Fusion Middleware Control in the Oracle® Fusion Middleware Securing Applications with Oracle Platform Security Services available at the following location

https://docs.oracle.com/middleware/1213/idm/app-security/kssadm.htm#CACDEAJH

1.3.2 Using the WebLogic Scripting Tool

Perform the following steps to configure the OPSS keystore using WLST.

Load the CA Certificate into Oracle Platform Security Services (OPSS) using the WebLogic Scripting Tool (WLST). Use the following commands:

$ cd $MIDDLEWARE_HOME/wlserver/common/bin
$ ./wlst.sh
wls:/offline> connect()
Please enter your username: '<weblogic admin user>'
Please enter your password:'<weblogic admin user password>'
Please enter your server URL [t3://localhost:7001]: '<weblogic admin url>')
wls:/ohpm_domain/serverConfig> svc = getOpssService(name='KeyStoreService')
wls:/ohpm_domain/serverConfig> svc.createKeyStore(appStripe='OHF-Opm-App', name='emrtruststore', password='', permission=true)
wls:/ohpm_domain/serverConfig> svc.importKeyStoreCertificate(appStripe='OPMApp', name='emrtruststore', password='', alias='EPIC_Trusted_Cert', keypassword='', type='TrustedCertificate', filepath='<full path to the CA certificate file>')

1.3.3 Granting Permission to Use the Keystore

Perform the following steps to grant permission to use the keystore created in OPSS using WLST.

Connect to the WebLogic admin server using wlst.
Perform the steps in Section 1.3.2.

Execute the following WLST command:

wls:/offline> connect('<weblogic admin user>','<weblogic admin user password>','<weblogic admin url ex: t3://localhost:7001>')
wls:/ohpm_domain/serverConfig> svc = getOpssService(name='KeyStoreService')
wls:/ohpm_domain/serverConfig> grantPermission(appStripe="OHF-Opm-App", codeBaseURL='file:${oracle.deployed.app.dir}/OHF-Opm-App${oracle.deployed.app.ext}',
permClass="oracle.security.jps.service.keystore.KeyStoreAccessPermission", permTarget="stripeName=OPMApp,keystoreName=emrtruststore,alias=*", permActions="read")