Integrating With: Access Rio

In the modern healthcare services, seamless integration between systems is critical for ensuring efficient data exchange and streamlined workflows. Access Rio, a widely used EPR in the NHS in England, supports integration through its robust set of APIs and reporting tools. These APIs enable organisations to interact securely with patient records, generate reports, and build customised solutions tailored to their needs. In this article, we explore the key features, security considerations, and processes involved in integrating with Access Rio.

Overview of Access Rio Integration

Access Rio’s integration capabilities are built on a lightweight SOAP-based API framework. This framework offers a secure and reliable way to access data, perform CRUD operations, and run predefined reports. At its core, the integration system includes features like device and user authentication, transport security using SSL, and robust auditing mechanisms. By leveraging these APIs, healthcare organisations can access data in real time, automate routine processes, and maintain compliance with stringent data protection standards.

The integration APIs can be broadly categorised into two types: dynamic data retrieval APIs (e.g., fetching patient alerts or demographics) and report APIs (e.g., generating detailed patient summaries). Both types of APIs rely on underlying SQL queries that developers prepare and configure for specific use cases.

Security and Authentication

Access Rio employs a multi-layered security model to ensure data integrity and prevent unauthorised access. The system uses mutual TLS (mTLS), requiring both the client and server to present SSL certificates for secure communication. This guarantees endpoint authentication and encrypts all data exchanged over the network.

The authentication model includes two primary mechanisms:

  • PLAIN Authentication: This requires a username and password for user-specific interactions. It is typically used when the API is accessed directly by an end user or a specific application account.
  • SYSTEM Authentication: This mechanism validates the calling system using SSL certificates without requiring user credentials. It is ideal for backend integrations or applications where no direct user interaction occurs.

For every successful authentication, the system generates an authentication token, which must be included in subsequent API calls. These tokens are short-lived, promoting secure, session-based interactions. Developers must account for token expiration by re-authenticating when necessary.

Developing with Access Rio APIs

Dynamic APIs allow developers to retrieve real-time data using SQL queries tailored to specific needs. For example, the PatientAlertsGet API fetches alerts associated with a patient. Developers start by crafting a base SQL query to fetch the desired data. Variables within the SQL query, such as @clientId, are parameterised as $clientId$ for integration into the API.

Once the SQL query is ready, it is inserted into Access Rio’s database using the ExternalSystemApiReportOperations table. The system supports flexible configurations, enabling developers to define API-specific metadata such as response keys, action endpoints, and reply actions.

Report APIs, on the other hand, are used to generate structured data outputs, often in the form of tabular summaries or detailed XML. Unlike dynamic APIs, reports are hierarchical, consisting of a parent report with multiple sub-reports. For instance, the MedView report includes sections for demographics, admissions, documents, and referrals.

Each sub-report corresponds to a specific SQL query, and developers can define execution order, formatting options, and stylesheets (XSLT) for customised presentations. This flexibility allows for creating comprehensive, multi-part reports tailored to diverse requirements.

Access Rio SOAP Request Structure

Access Rio APIs communicate using SOAP messages, which are structured into three main parts: the envelope, the header, and the body. The envelope serves as the outermost wrapper for the message, ensuring proper communication between the client and server. Within the envelope, the header contains essential authentication details, including the authentication token, the name of the target system (e.g., “RIO”), and the platform type, which is typically fixed as “API.” These details validate and secure the communication.

The body of the SOAP message specifies the API being invoked and includes the relevant parameters in a structured XML format. For example, when fetching patient alerts, the body would define the operation name (e.g., PatientAlertsGet) and include parameters such as clientId with associated values. Each parameter follows a specific schema defined by the WSDL file, ensuring compatibility and correct data formatting. The WSDL, generated after API configuration, provides developers with precise details on the required parameters, their types, and their structure, serving as a guide for crafting valid requests.

Auditing and Compliance

Integration with Access Rio ensures compliance with healthcare regulations like NHS DTAC by providing detailed audit trails. Every API call is logged, capturing details such as the method invoked, parameters passed, and authentication details. Depending on the deployment configuration, organisations can enable page-level auditing for individual API calls or application-level auditing for broader system interactions. These audit logs are invaluable for troubleshooting, performance analysis, and compliance reporting.

Testing and Troubleshooting

Before deploying APIs in a production environment, rigorous testing is essential. Developers commonly use tools like SOAPUI or Postman for crafting and sending SOAP requests. Access Rio also provides a public SDK endpoint for testing purposes, with an aggressive token expiration policy to simulate real-world scenarios.

When debugging, server logs stored in the <Rio Install Folder>/logs/CommonServices/ directory offer valuable insights. Common errors include invalid authentication tokens, improperly formatted data, and missing mandatory parameters. Each error is accompanied by a code and description, making it easier to pinpoint and resolve issues.

Practical Use Cases

Integrating with Access Rio opens the door to numerous possibilities for healthcare organisations:

  • Patient Alerts: Dynamic APIs can retrieve alerts or notifications, helping care providers stay updated about critical patient information.
  • Custom Reports: Report APIs enable generating tailored summaries, such as patient demographics, admission history, and clinical notes.
  • Third-Party Applications: By enabling SYSTEM authentication, Rio APIs facilitate secure integrations with external applications like monitoring systems, patient portals, scheduling tools, and analytics platforms.

Getting Started

To integrate with Access Rio, organisations must ensure they meet key prerequisites:

  • Access Assurance: Innovators must engage with Access to attain access to Access Rio APIs and documentation.
  • Certificates: Both client and server SSL certificates must be installed and configured.
  • Database Access: Developers need access to the Rio database for API configuration.
  • Development Tools: Tools like SSMS (SQL Server Management Studio) and SOAPUI are essential for query development and testing.

Once these prerequisites are in place, developers can begin creating APIs by defining SQL queries, parameterising them, and inserting them into the system. Following proper testing and accreditation ensures that the APIs meet quality and performance standards.

Conclusion

Integrating with Access Rio provides healthcare organisations with the tools they need to enhance operational efficiency and improve patient care in community and mental health NHS trusts. With its secure APIs, robust auditing capabilities, and flexible configurations, Access Rio enables seamless data exchange and powerful customisations. By adhering to best practices in development, testing, and deployment, organisations can unlock the full potential of Access Rio integration, ensuring their systems work harmoniously to deliver better outcomes.

Ready to accelerate your technology project?

Chat to our team of experts and let's see how we can help you.