Secure Transfer of EHR Data to Salesforce Using FHIR and HL7 in Health Cloud

Electronic Health Records (EHR) data is crucial for patient care and coordination among healthcare providers. Integrating EHR data into Salesforce Health Cloud requires adherence to industry standards to ensure secure and accurate data transfer. Two key standards that facilitate this process are HL7 (Health Level Seven) and FHIR (Fast Healthcare Interoperability Resources).

HL7: The Backbone of Healthcare Data Exchange 

HL7 is a set of international standards for the exchange, integration, sharing, and retrieval of electronic health information. It primarily focuses on the exchange of clinical data, ensuring that information moves seamlessly between different healthcare systems.

Example: Imagine a hospital that needs to send a patient’s lab results to a primary care physician who uses a different EHR system. The lab results are formatted according to HL7 standards and sent as an HL7 message. The physician’s system, which is also HL7-compliant, receives and interprets the message, allowing the physician to access the lab results in their system.

FHIR: The Modern Standard for Health Data Interoperability 

FHIR is a newer standard developed by HL7, designed to provide a more flexible and scalable method for healthcare data exchange. FHIR leverages modern web technologies, such as RESTful APIs, to enable faster and more efficient data transfer. It also allows for the exchange of smaller, discrete pieces of information (known as "resources"), making it easier to work with specific data elements within a larger EHR system.

Example: A patient visits an urgent care center, and their medication list needs to be shared with their regular healthcare provider who uses Salesforce Health Cloud. The urgent care system uses FHIR to package the medication list as a FHIR resource and sends it securely to the provider’s system. The provider can then view and manage the patient's medication list directly within Salesforce.

Below is an example of an XML data snippet following the HL7 standard that could be used to transfer EHR data, such as patient information, securely to Salesforce Health .

XML Data Example: Patient Demographics

This XML example demonstrates how a patient’s demographic information might be formatted using HL7 v3 standards. This data could be transferred securely to Salesforce Health Cloud after being converted to a FHIR resource.

<Patient xmlns="urn:hl7-org:v3">

    <id extension="123456" root="2.16.840.1.113883.19.5"/>

    <name use="L">

        <given>John</given>

        <family>Doe</family>

    </name>

    <administrativeGenderCode code="M" codeSystem="2.16.840.1.113883.5.1"/>

    <birthTime value="19800501"/>

    <addr use="HP">

        <streetAddressLine>123 Main St</streetAddressLine>

        <city>Anytown</city>

        <state>CA</state>

        <postalCode>90210</postalCode>

        <country>US</country>

    </addr>

    <telecom use="HP" value="tel:+1-555-555-5555"/>

    <maritalStatusCode code="M" codeSystem="2.16.840.1.113883.5.2"/>

    <languageCommunication>

        <languageCode code="en-US"/>

    </languageCommunication>

</Patient>

Explanation of the XML Elements:

• <Patient>: The root element that defines the patient entity.

• <id>: A unique identifier for the patient within the EHR system. The extension attribute is the patient's ID, and the root attribute is the identifier's namespace.

• <name>: Contains the patient’s name. The given element is the first name, and the family element is the last name.

• <administrativeGenderCode>: The patient’s gender, where M represents male. The codeSystem attribute points to the standard coding system.

• <birthTime>: The patient’s date of birth in the format YYYYMMDD.

• <addr>: The patient’s home address, including street, city, state, postal code, and country.

• <telecom>: The patient’s telephone number.

• <maritalStatusCode>: The patient’s marital status, where M represents married.

• <languageCommunication>: The language the patient communicates in, using the language code en-US for English (United States).

How This XML Data Is Used:

1. Conversion to FHIR: Before transferring this data to Salesforce Health Cloud, it would be converted into a FHIR resource, such as a Patient resource.

2. Secure Transfer: The FHIR-compliant data can then be transferred securely using HTTPS and OAuth 2.0, ensuring that the patient’s sensitive information is protected during the transfer.

Integration with Salesforce: Once the data is in Salesforce, healthcare providers can access and manage the patient’s information within the Health Cloud environment, supporting better care coordination and decision-making.

Here are a few more examples of exchange of json data using FHIR v4.0 resources.

Condition Resource (Problem/Diagnosis)

{

  "resourceType": "Condition",

  "id": "6789",

  "clinicalStatus": {

    "coding": [

      {

        "system": "http://terminology.hl7.org/CodeSystem/condition-clinical",

        "code": "active"

      }

    ]

  },

  "verificationStatus": {

    "coding": [

      {

        "system": "http://terminology.hl7.org/CodeSystem/condition-ver-status",

        "code": "confirmed"

      }

    ]

  },

  "code": {

    "coding": [

      {

        "system": "http://snomed.info/sct",

        "code": "38341003",

        "display": "Hypertension"

      }

    ]

  },

  "subject": {

    "reference": "Patient/123456"

  },

  "onsetDateTime": "2023-01-01",

  "evidence": [

    {

      "detail": [

        {

          "reference": "Observation/blood-pressure"

        }

      ]

    }

  ]

}

Observation Resource (Blood Pressure Measurement)

{

  "resourceType": "Observation",

  "id": "blood-pressure",

  "status": "final",

  "category": [

    {

      "coding": [

        {

          "system": "http://terminology.hl7.org/CodeSystem/observation-category",

          "code": "vital-signs",

          "display": "Vital Signs"

        }

      ]

    }

  ],

  "code": {

    "coding": [

      {

        "system": "http://loinc.org",

        "code": "85354-9",

        "display": "Blood pressure panel with all children optional"

      }

    ]

  },

  "subject": {

    "reference": "Patient/123456"

  },

  "effectiveDateTime": "2023-01-01T08:30:00+00:00",

  "component": [

    {

      "code": {

        "coding": [

          {

            "system": "http://loinc.org",

            "code": "8480-6",

            "display": "Systolic blood pressure"

          }

        ]

      },

      "valueQuantity": {

        "value": 140,

        "unit": "mmHg",

        "system": "http://unitsofmeasure.org",

        "code": "mm[Hg]"

      }

    },

    {

      "code": {

        "coding": [

          {

            "system": "http://loinc.org",

            "code": "8462-4",

            "display": "Diastolic blood pressure"

          }

        ]

      },

      "valueQuantity": {

        "value": 90,

        "unit": "mmHg",

        "system": "http://unitsofmeasure.org",

        "code": "mm[Hg]"

      }

    }

  ]

}

MedicationRequest Resource (Treatment/Prescription)

{

  "resourceType": "MedicationRequest",

  "id": "54321",

  "status": "active",

  "intent": "order",

  "medicationCodeableConcept": {

    "coding": [

      {

        "system": "http://www.nlm.nih.gov/research/umls/rxnorm",

        "code": "316764",

        "display": "Lisinopril 10 MG Oral Tablet"

      }

    ]

  },

  "subject": {

    "reference": "Patient/123456"

  },

  "authoredOn": "2023-08-15",

  "dosageInstruction": [

    {

      "text": "Take 1 tablet by mouth daily",

      "timing": {

        "repeat": {

          "frequency": 1,

          "period": 1,

          "periodUnit": "d"

        }

      },

      "route": {

        "coding": [

          {

            "system": "http://terminology.hl7.org/CodeSystem/v3-RouteOfAdministration",

            "code": "PO",

            "display": "Oral"

          }

        ]

      },

      "doseAndRate": [

        {

          "doseQuantity": {

            "value": 1,

            "unit": "tablet"

          }

        }

      ]

    }

  ]

}

These examples showcase how structured data can be exchanged securely between systems using standardized formats and protocols, ensuring that patient information remains accurate and protected throughout the process.

Integrating EHR Data with Salesforce Health Cloud 

Salesforce Health Cloud is designed to provide a comprehensive view of patient data, enabling better care coordination and patient engagement. To integrate EHR data into Health Cloud securely, the following steps are typically involved:

1. Mapping EHR Data to FHIR Resources: The first step in transferring EHR data to Salesforce Health Cloud is mapping the existing EHR data to FHIR resources. This involves transforming the data into FHIR-compliant formats that can be easily ingested by Salesforce. For example, patient demographics, medication lists, and lab results can be represented as FHIR resources.Example: Suppose a hospital needs to share patient demographics with a specialty clinic using Salesforce Health Cloud. The hospital’s system converts the patient’s information (name, age, address, etc.) into a FHIR Patient resource. This FHIR resource is then sent to Salesforce Health Cloud, where it is stored and made available to healthcare providers within the system.

2. Establishing Secure Communication Channels: Data security is paramount when dealing with sensitive health information. HL7 and FHIR support the use of secure communication protocols like HTTPS and OAuth 2.0 to ensure that data is encrypted during transit. This prevents unauthorized access and ensures that the data remains confidential and intact.Example: When a patient’s lab results are sent from a diagnostic lab to Salesforce Health Cloud, HTTPS is used to encrypt the data during transmission. Additionally, OAuth 2.0 ensures that only authorized systems can access the data. This double layer of security ensures that sensitive health information is protected.

3. Using APIs for Data Exchange: Salesforce Health Cloud provides APIs that can interact with FHIR-compliant data. These APIs can be used to retrieve, update, and store patient information securely. The integration typically involves the use of Salesforce's RESTful APIs, which are aligned with FHIR standards, allowing for seamless communication between EHR systems and Salesforce.Example: A healthcare provider wants to retrieve a patient’s allergy information from an EHR system and update it in Salesforce Health Cloud. The provider’s system uses Salesforce’s FHIR-compliant API to pull the AllergyIntolerance resource from the EHR. Once retrieved, the data is stored in Salesforce Health Cloud, ensuring that the patient’s allergy information is up-to-date and accessible.

4. Ensuring Compliance with Healthcare Regulations: Healthcare data is subject to stringent regulations, such as HIPAA (Health Insurance Portability and Accountability Act) in the United States. When transferring EHR data to Salesforce, it's essential to ensure that all processes comply with these regulations. This includes implementing role-based access controls, maintaining audit logs, and ensuring data integrity.Example: When integrating EHR data into Salesforce Health Cloud, the system is configured to restrict access to sensitive patient information based on user roles. For instance, only authorized healthcare providers can access detailed clinical data, while administrative staff might only see non-clinical information. Additionally, all access to patient data is logged, ensuring compliance with regulatory requirements.

Conclusion: 

Integrating EHR data into Salesforce Health Cloud using HL7 and FHIR ensures that patient information is transferred securely and efficiently. By leveraging these standards, healthcare providers can achieve greater interoperability, leading to improved patient outcomes and more streamlined operations. With the growing adoption of FHIR, the process of integrating EHR data into platforms like Salesforce is becoming more standardized, reducing complexity and enhancing the security of health data exchanges.