We have seen significant traction in the last few months with several of our large health care customers using Zoom to integrate with their EMR platform to launch Tele-visits between the providers and patients. Our platform offers simple and robust Tele-health APIs to create a seamless integration with existing EMR platform. More important than the integration itself is to design a right tele-visit workflow — scheduling the visit, showing the visits in the appointments in the right places in your EMR on desktop and mobile, providing launch interface in the provider and patient portal/apps, etc. If you are looking into integrating Zoom with your EMR, please pay very close attention to the workflows since the integration itself with Zoom will be a breeze!
Let’s take a deep dive into these APIs and how they function.
Setting up the account for Tele-visits
If you already have a Zoom collaboration deployment, you might want to think about creating a separate account in Zoom to manage tele-visits. Tele-visits might need different account level settings (such as enabling HIPPA on the account), and you might want to get periodic reports that include just those tele-visit sessions. There is another account level customization that we will be introducing soon which will be of great benefit.
To simplify the integration, we have introduced few APIs that has built-in semantics for user management and session creation. Before using the APIs, you need to work with your EMR vendor on the workflow design. Once you identify the zoom launch points in the workflow, you can follow these steps.
- Get your API key and secret by logging into your zoom account (https://developer.zoom.us/me/). You need to enter the app details for the very first time before you see the API key/sec in the API tab
- There are few key parameters to the Tele-health API:
- usertype — valid values are 1 or 2 — a value of 1 indicates that the URL is called for a provider and a value of 2 indicates that it’s for a patient
- sessionid — a unique id representing that tele-visit session
- userid — unique id for representing the provider or patient
- firstname — first name to display in the zoom video window
- lastname — the last name to display in the zoom video window
- To create a zoom session for tele-visit, use the following API:
org_id is your zoom API key
data is the AES encryption of the following parameters that we have discussed. Note that the firstname and lastname are optional parameters.
usertype, sessionid, userid, firstname, lastname
The encryption key is your API secret
- An example of this encrypted URL would be:
where org_id is the Zoom API key and data is the encrypted parameter string with the encryption key being Zoom API secret. Please make sure that you URL encode the data.
If you need help on the encryption, please check out the Java sample code in our git
- When Zoom platform receives this request, it finds your account with org_id and decrypts the data with your account API secret to find the values for usertype, sessionid, userid, first and last names. If the “usertype” = 1 (provider), Zoom auto-creates the account for that user, auto-creates a meeting with the “sessionid” and returns back a meeting URL. If the “usertype=2” (patient or visitor), Zoom checks to see if a meeting exists with that “sessionid” and returns the meeting URL. “sessionid” should be the same between the patient and provider calls and that tells Zoom to put them in the same meeting.
- Just make sure that the encrypted string is URL encoded. If not, you will see validation failures.
- If your EMR platform runs in Citrix environment, you need to get the configuration done in on the EMR so that Zoom is launched outside of the Citrix for providers.
- Zoom doesn’t get in the middle of how this session is scheduled and notified — this is taken care of by your EMR platform. You don’t have to create user accounts in Zoom since that’s incorporated into the semantics of that API call.
Waiting Room or Meeting Lobby indicator
It’s a common use case for the provider to get an indication if the patient is already waiting in the video session. To enable this, go to your zoom account integrations page (https://zoom.us/account/integration), find Epic and configure the callback URL. Note that this is not specific to Epic and can be used with any EMR as a notification call back from Zoom.
Make sure that this call back URL is reachable from outside of your network.
These tele-visit APIs are available at no additional cost. All you need is to have a paid zoom account with enough host licenses for the providers. For now, we don’t provide a developer only account for testing, and you need to create a paid zoom account or use the account you already have for testing. We are in the process of enabling free developer accounts, and that will be available in the next release in a few weeks.
When we create a meeting URL for the tele-visit session, we auto-generate a password and encrypt it for that session so that no one else can join even if they know the meeting id. This encrypted password is part of the URL that Zoom send back to to the EMR. This password will be regenerated every time you launch the URLs.
As you can see from how the API is structured, Zoom does not have any visibility into the patient or provider identity (e-mails, phone number, names, etc.) — the first and last names that are passed in the URL is optional, and it’s only used to display the names under the video window, and we do not store them.
All the video and audio traffic is AES 256 encrypted end to end. You can also disable and annotation on the accounts that you use for tele-visit.
We are looking into customizing the waiting room so that you can add a custom image or modify the text that the patients see when waiting for the provider to arrive. We will be updating the developer forums when these features are available.
Hope this is helpful for those integrating Zoom into an EMR. As always, if you have questions or suggestions, feel free to use our developer forums, and we will help you out.