My Health Record - Mobile integration

Overview - FHIR® Gateway (Mobile)

The Australian Digital Health Agency (the Agency) aims to increase the adoption of My Health Record by connecting the My Health Record platform to mobile applications through industry-standard APIs. 

This guide provides essential information on getting started and the necessary forms for connecting to the My Health Record Mobile Gateway.

To find out more about the Mobile Gateway and connecting to the My Health Record system register your interest by emailing help@digitalhealth.gov.au.

What's the difference between the B2B and Mobile approaches?

The mobile enablement program has made use of the FHIR® Draft Standards in creating the mobile APIs. There is also a higher amount of granularity in the mobile solution in terms of the scope of the APIs – the APIs that have been developed for the mobile program are more detailed than the CDA which is extracted for B2B.

Pre-requisites

Connection with the HI Service is a pre-requisite to becoming conformant with My Health Record. Please refer to Healthcare Identifiers Service (HI) Service if you have not completed this step.

Access and Integration

The integration approach currently supported by the My Health Record System Operator is shown below.

For consumer access a consumer, must first log into my.gov.au and grant access to the application. This is done by redirecting to the my.gov.au login. Once the consumer has logged and granted access the token can be retrieved.

Step 1: Understand requirements and guidelines

Read through the Welcome Pack materials

• App Vendor Guide to the Connection Process
• Portal Operator - Production Environment Access Request Form (PEAR)
• Portal Operator Registration Agreement​ (PORA)
• Operations Requirements and Guidelines
• Consent Requirements and Guidelines
• Security Requirements and Guidelines
• Presentation Requirements and Guidelines
• My Health Record - FHIR® Mobile Gateway CCD Risk Based Approach - Risk Assessment Questionnaire
• Managing Your App in Production

Read through the My Health Record FHIR® Gateway Technical Specifications

• API Specification
• Data Mapping
• Error Mapping
• Release Note

Request National Authentication Service for Health Public Key Infrastructure (NASH PKI) Test​ certificate (for Interaction Model 4 only). 

This only applies to the Consumer mobile app connecting with the My Health Record system via an intermediary server (Interaction Model 4). 

Note: Test certificate credentials need to be recorded in Step 2. 

Contact developerliaison@servicesaustralia.gov.au to request your NASH PKI Test Certificate Kit.

Step 2: Register 

After reading the requirements above (and receipt of the NASH PKI Test Certificate for Interaction Model 4 apps), the next step is to download and complete the Portal Operator Registration Form (PORF). This will then need to be posted to our Canberra office, details can be found in the form.  

Step 2.1. Portal Operator Registration Form

In this form, you will need to provide details about your organisation and proposed app, such as the nominated Operator Officers, the app’s intended purpose and the way it intends to interact with the My Health Record system. You will also be required to verify the identity of all nominated Operator Officers and your Portal Operator Registration Form will undergo review by the System Operator. Once approved, the form will be progressed to the next step in the connection process. 

• Download Portal Operator Registration form (PORF) v5.4

Step 2.2. Receive Test Kit including test data and access credentials

After the Portal Operator Registration Form has been approved, you will be provided with a Mobile Test Kit. The kit includes test cases and test data to assist with testing your app integration with the My Health Record system. Unique credentials for accessing the My Health Record Test Environment will be provided along with the Test Kit.

For any questions about the process, please contact help@digitalhealth.gov.au

Step 3: Develop your app

With access to the Test Environment secured, development of your app can commence to enable connectivity with the MHR My Health Record system. Use the API Mapping, API Specifications and API Release Notes provided in the Welcome Pack for guidance.

Step 3.1. Submit prototypes, use cases and Risk Assessment Questionnaire

Once your app is successfully integrated your app into the My Health Record system test environment, you can contact help@digitalhealth.gov.au.

Step 3.2. Agency to review prototypes, use cases and Risk Assessment Questionnaire

A team member will guide you through the next steps, which include an Agency review of the prototype to ensure your app complies with the Consent Requirements and Guidelines.

In parallel with this review, you can perform a test of your app using the test cases and test data provided in the Test Kit and submit the results to healthAPIGatewaySVT@deloitte.com.au for review. Support will be provided if there are any connection issues. This step is called My Health Record Notice of Connection (NoC) ‘self-assessment’ testing. 

You may also attend a virtual session with the My Health Record team to test your app to complete NoC testing.

Step 4: Declare conformance 

Following successful testing of the app connection to the My Health Record system and before being authorized to access the Production Environment, a declaration must be made confirming that the app complies with the mandatory requirements outlined in the Interoperability Requirements.

Refer to the Welcome Pack here for details.

Note: For apps built using Interaction Model 4 you will need to request production certificates through Services Australia here.

Below you will find the key forms required to be completed to gain production access to the My Health Record system. For any questions about the process, please contact help@digitalhealth.gov.au.

Step 4.1. Submit Production Environment Access Request (PEAR) Form   

The purpose of this form is for your organisation to register as a Registered Portal Operator. Completion of this form is a prerequisite for gaining access to the production environment. Please fill out the form electronically, then print and manually provide all required signatures. Finally, please scan and send the signed form to help@digitalhealth.gov.au.

Note: for mobile apps, a form is required for each platform your app is being developed for.

• Download the Production Environment Access Request Form here

Step 4.2. Submit Portal Operator Registration Agreement (PORA) 

The purpose of this Agreement is to satisfy the System Operator that the organisation applying to be a portal operator complies with the My Health Records Act and Rules, and agrees to be bound by the conditions of registration outlined in this document.​ 

• Download Portal Operator Registration Agreement here

Step 5. Gain production access

You will be granted authorisation to access the My Health Record Production Environment when: 

• The My Health Record System Operator is satisfied that testing has been successfully completed (Step 3); 
• You have declared that the app conforms to the mandatory requirements (Step 4) and 
• You agree to the terms as outlined in the contract. 

Consumer-facing applications that connect to the My Health Record Mobile Gateway will be registered as Portal Operators.

Managing your app in Production 

Once your app is in production you will need to be familiar with the process for liaising with the My Health Record System Operator about incidents and other events including changes and upgrades to your app. The Managing your App in Production document will provide you with useful information. 

• Download the Managing Your App in Production document here

If you are interested in understanding the My Health Record Business to Business Gateway refer to the below guide.

• Learn more about the My Health Record B2B Gateway here