FHIR® Gateway (Mobile)
The Australian Digital Health Agency aims to increase the adoption of the My Health Record by connecting the My Health Record platform to mobile applications through industry-standard APIs.
Included below is key information about getting started and key forms required to connect to My Health Record Mobile Gateway.
To find out more about the Mobile Gateway and connecting to the My Health Record system you can register your interest by emailing [email protected].
What's the difference between the B2B and Mobile approaches?
The mobile enablement program has made use of the FHIR® Draft Standards in creating the mobile APIs. There is also a higher amount of granularity in the mobile solution in terms of the scope of the APIs – the APIs that have been developed for the mobile program are more detailed than the CDA which is extracted for B2B.
Access and Integration
The integration approach currently supported by the My Health Record System Operator is shown below.
For consumer access a consumer, must first log into my.gov.au and grant access to the application. This is done by redirecting to the my.gov.au login. Once the consumer has logged and granted access the token can be retrieved.
1. Prepare
Read through the Welcome Pack materials
- App Vendor Guide to the Connection Process
- Portal Operator - Production Environment Access Request Form (PEAR)
- Portal Operator Registration Agreement (PORA)
- Operations Requirements and Guidelines
- Consent Requirements and Guidelines
- Security Requirements and Guidelines
- Presentation Requirements and Guidelines
- My Health Record - FHIR® Mobile Gateway CCD Risk Based Approach - Risk Assessment Questionnaire
- Managing Your App in Production
Read through the My Health Record FHIR® Gateway Technical Specifications
Request National Authentication Service for Health Public Key Infrastructure (NASH PKI) Test certificate (for Interaction Model 4 only).
This only applies to the Consumer mobile app connecting with the My Health Record system via an intermediary server (Interaction Model 4).
Note: You will need to record the test certificate credentials in Step 2.
Contact [email protected] to request your NASH PKI Test Certificate Kit.
2. Get Started
After reading through the requirements above, (and receipt of the NASH PKI Test Certificate for Interaction Model 4 apps) the next step is to register your organisation and app.
Create an account for your organisation on the Agency's form submission platform
The Portal Operator Registration Form is hosted on the Agency's form submission platform and in order to access the Portal Operator Registration Form you must create an account.
Portal Operator Registration Form
In this form, you will need to provide details about your organisation and proposed app, such as your nominated Operator Officers, the app’s intended purpose and the way it intends to interact with the My Health Record system. You will also be required to verify the identity of all nominated Operator Officers and your Portal Operator Registration Form will undergo review by the System Operator. Once approved you will progress to the next step in the connection process.
Note you must be logged into the Agency's form submission platform to access the form.
Receive Test Kit including test data and access credentials
After your Portal Operator Registration Form has been approved, you will be provided with a Mobile Test Kit. The kit includes test cases and test data to assist with testing your app integration with the My Health Record system. You will receive unique credentials for accessing the My Health Record Test Environment along with your Test Kit.
For any questions about the process, please contact [email protected]
3. Develop your app
Now that you can access the Test Environment, you can begin developing your app so that it can connect with the My Health Record system, using the API Mapping, API Specifications and API Release Notes provided in the Welcome Pack.
Developer Guides - FHIR® Gateway - Fast Healthcare Interoperability Resources
The following Developer Guides will help you understand high-level concepts regarding the My Health Record system and the FHIR® Gateway, register as a developer for the Gateway, understand your testing obligations, understand guidelines regarding security, consent, incident management and app presentation and understand the content which will be delivered in these guides.
Submit prototypes, use cases and Risk Assessment Questionnaire
Once you have successfully integrated your app into the My Health Record system test environment, you can contact [email protected].
Agency to review prototypes, use cases and Risk Assessment Questionnaire
A team member will guide you through the next steps, which include an Agency review of the prototype to ensure your app complies with the Consent Requirements and Guidelines.
In parallel with this review, you can perform a test of your app using the test cases and test data provided in the Test Kit and submit the results to [email protected] for review. Support will be provided if there are any connection issues. This step is called My Health Record Notice of Connection (NoC) ‘self-assessment’ testing.
Undertake MHR Notice of Connection observed testing
Attending a virtual session with the My Health Record team to test your app. This is to demonstrate that your app is functioning according to the API specifications. We refer to this as Notice of Connection (NoC) testing.
4. Declare conformance
After having successfully tested that your app connects to the My Health Record system and prior to authorisation to access the Production Environment, you will need to declare that your app conforms to the mandatory requirements defined in the Interoperability Requirements.
Refer to the Welcome Pack here for details.
Note: For apps built using Interaction Model 4 you will need to request production certificates through Services Australia here.
Below you will find the key forms required to be completed to gain production access to the My Health Record system. For any questions about the process, please contact [email protected].
Submit Production Environment Access Request (PEAR) Form
The purpose of this form is for your organisation to register as a Registered Portal Operator. Completion of this form is a prerequisite for gaining access to the production environment. Please fill out the form electronically, then print and manually provide all required signatures. Finally, please scan and send the signed form to [email protected].
Note: for mobile apps, a form is required for each platform your app is being developed for.
Submit Portal Operator Registration Agreement (PORA)
The purpose of this Agreement is to satisfy the System Operator that the organisation applying to be a portal operator complies with the My Health Records Act and Rules, and agrees to be bound by the conditions of registration outlined in this document.
5. Gain production access
You will be granted authorisation to access the My Health Record Production Environment when:
- The My Health Record System Operator is satisfied that testing has been successfully completed (Step 3);
- You have declared that your app conforms to the mandatory requirements (Step 4) and
- You agree to the terms as outlined in the contract.
Consumer-facing applications that connect to the My Health Record Mobile Gateway will be registered as Portal Operators.
Managing your app in Production
Once your app is in production you will need to be familiar with the process for liaising with the My Health Record System Operator about incidents and other events including changes and upgrades to your app. The Managing your App in Production document will provide you with useful information.
Developer Guides - My Health Record Clinical Software
The following Developer Guides will help you understand high-level concepts regarding the HI Service and My Health Record system, register as a developer for the HI Service and My Health Record system, request Test Certificates and Test Environment Data, install the Test Certificates locally and import certificates in CIS Software.