“Things would have changed if I had timely access to electronic medical records.”
As a platform, HealthVault provides an innovative access management and programming interfaces for applications and devices to access a user’s health information.
In the previous chapter we discovered how to fetch and manipulate data stored in HealthVault. This chapter takes a closer look at the API offered by HealthVault to enable this interaction in a programmatic fashion. We will discuss various ways in which an application or device can interface with the HealthVault platform. The code samples will use .NET interfaces because they fit well with HealthVault, but the same interfaces are available in Java, PHP, and other languages. The chapter will introduce the elements of programming that give the programmer access to data in HealthVault. Toward the end of this chapter, we will discuss various architectural options available for interfacing an application or device with HealthVault. We’ll start by discussing accounts because the first task is to get access to your own account.
HealthVault provides innovative access management to let a family health manager access and manage the records of various family members. Mom, serving as the family health manager, can create records for her husband and children. In Figure 3-1, Jane has created accounts for her husband, Tom, and two kids, Chris and Sara. She has full access to all information in her family’s HealthVault records.
Additionally, HealthVault enables the same records to be accessed through multiple accounts. Full access can be thought of as custodial access to the record. In Figure 3-2, Jane has full access to her family’s health information. Tom has also signed up to share the responsibility of managing the health information of their kids, Chris and Sara, and also has full access to their health information.
An application gets access to HealthVault account information through an API called Get-PersonInfo. This API returns a structure called PersonInfo, which in turn consists of the records associated with a HealthVault account (Example 3-1).
Example 3-1. PersonInfo data structure
PS C:Windowssystem32> Get-Personinfo PersonId : 0ce0d6e0-cfaf-4464-abea-6d0253078df6 Name : Vaibhav Bhandari ApplicationSettings : SelectedRecord : Vaibhav Bhandari AuthorizedRecords : {[b11511c8-c30d-4ffd-8d98-f433d0b5827b, Vaibhav Bhandari]} PreferredCulture : en-US PreferredUICulture : en-US Connection : ApplicationConnection : Microsoft.Health.HealthClientAuthorizedConnection
Using the HealthVault PowerShell plug-in, you can try out the
Get-PersonInfo API using the command get-personinfo
. The structure returned
consists of a unique PersonId
for the account and a set of
record identifiers authorized to be used with the application for this
particular account. Any pertinent information for the application is
stored in ApplicationSettings
. The
user’s preferred language and display settings are stored in the
PreferredCulture
and PreferredUICulture
fields,
respectively.
An application can decide to work with only one record at a time, termed as a single record application (SRA), or provide an interface to work with multiple records associated with the signed-in user, termed as a multiple record application (MRA). Interfacing with HealthVault describes how to enable each of these record management capabilities in detail.
A HealthVault application interacts with two distinct resources:
The HealthVault Platform (https://platform.healthvault.com/platform/wildcat.ashx)
The HealthVault Shell (https://account.healthvault.com).
The HealthVault Platform provides XML over HTTP requests to manipulate data hosted by the service, and the HealthVault Shell provides account management, user authentication, and other services.
HealthVault provides a development environment for partners to develop their applications. The development environment is hosted at https://platform.healthvault-ppe.com/latform for the HealthVault Platform and https://account.healthvault-ppe.com for the HealthVault Shell.
Each HealthVault application gets a unique identifier called an AppID. Developers can get a free application identifier using the HealthVault Configuration Center (https://config.healthvault-ppe.com).
For our example application, we are using an application ID that was already created for a HelloWorld sample application. In Chapter 4, we will create our own application.
The HealthVault Shell provides its functionality primarily by redirecting the end user’s browser. The HealthVault Shell presents a secure user interface dialog in the browser. These dialogs help with user authentication, authorization, record selection, and managing the user’s experience around health data.
An application communicates its intention to the HealthVault Shell using a URI construct like https://account.healthvault.com/redirect.aspx?target=<ShellTarget>&targetqs=<ShellTargetParams>.
The <ShellTarget> parameter specifies the intent of the application, which could range from prompting the user to authorize the application to letting the user view their health items. Table 3-1 summarizes some of these targets; a detailed list of the Shell Targets is available on the HealthVault MSDN at http://msdn.microsoft.com/en-us/library/ff803620.aspx.
Table 3-1. HealthVault Shell redirect interface (partial list)
HealthVault Shell Target | Purpose |
---|---|
| Prompts the user to authorize himself and select record(s) to be used with an application |
| Redirects a user to another HealthVault application |
| Allows an application to create a new HealthVault account, and redirects to the application after account authorization |
| Enables a client or desktop application to create an instance of its application on the device |
| Enables an application to redirect to the HealthVault Shell for reconciling a CCR/CCD with a user record |
| Allows an application to redirect a user to view or create health record items using the HealthVault Shell |
In certain circumstances, the HealthVault Shell needs to communicate with the application. For example, if a user wants to know the privacy statement of the application or if the user decides to not authorize permission for the application to access their health items, the HealthVault shell would then need to communicate with the application. HealthVault requires applications to register a “Redirect URL” for the functionality they provide. The Redirect URL should be a secure (HTTPS) URL that can respond to a request of this nature:
https://<ApplicationRedirectURL>?target=<ApplicationTarget>&targetqs=<ApplicationTargetParameters> |
The <ApplicationTarget> specifies the desired action to get serviced; it could range from the user asking for a privacy statement to the user rejecting the application’s authorization request. Table 3-2 summarizes some of these targets; a detailed list of the Application Targets is available at http://msdn.microsoft.com/en-us/library/ff803620.aspx.
Table 3-2. HealthVault Application Targets (partial list)
HealthVault Application Target | Purpose |
---|---|
| Notifies the application that the user successfully logged in and/or granted authorization to the application. |
| Notifies the application that the user logged out of her HealthVault session. The application can then do cleanup and show a sign-out page. |
| Notifies the application that the user successfully changed the selected record. Record Management: Diving Deep shows example of handling this. |
| Notifies the application that the user wants to view her privacy statement. |
| Notifies the application that the user wants to view its terms of use or service agreement. |
The HealthVault Platform provides a number of APIs to enable access to application and user data; these APIs are well documented at http://developer.healthvault.com/pages/methods/methods.aspx. The following discussion will focus on the kinds of functionality provided by these APIs. Table 3-3 summarizes the APIs available from the HealthVault platform.
Table 3-3. HealthVault API summary
HealthVault API category | API names | Purpose |
---|---|---|
Authentication | CreateAuthenticatedSessionToken RemoveApplicationRecordAuthorization NewApplicationCreationInfo NewSignupCode GetPersonInfo GetAuthorizedRecords | Authenticate an application and a user. |
Reading Health Items | GetThings | A rich interface to retrieve health items along with an associated digital signature or streamed BLOBs. |
Adding & Updating Health Items | PutThings OverwriteThings BeginPutBlob | Enable an application to add or update health item data. |
Delete Health Items | RemoveThings | Enables an application to delete data. |
Patient Connect | AssociatePackageId BeginPutConnectPackageBlob CreateConnectPackage CreateConnectRequest GetAuthorizedConnectRequests DeletePendingConnectPackage DeletePendingConnectRequest | Enable clinical applications to create a temporary drop-off or permanent connection for consumers without having a web interface. |
Asynchronous Processing | GetAuthorizedPeople GetUpdatedRecordsForApplication GetEventSubscriptions UpdateEventSubscription SubscribeToEvent UnsubscribeToEvent | Enable an application to work asynchronously with HealthVault and create a publish/subscribe model. |
Messaging | SendInsecureMessage SendInsecureMessageFromApplication | Enable applications to send messages to consumers using these APIs. |
Terminology | GetVocabulary SearchVocabulary | Enable applications to retrieve or search terminologies hosted by HealthVault. |
Application Management | SetApplicationSettings GetApplicationSettings AddApplication UpdateApplication | Enable an application to store a record-specific setting and manage derivative applications. |
Service Discovery | GetServiceDefinition GetThingType | Help with service discovery. |
OpenQuery | SaveOpenQuery GetOpenQueryInfo DeleteOpenQuery | These are hardly used, but they give the ability to run pre-canned queries for a health record. |
Applications authenticate themselves to the HealthVault platform using the CreateAuthenticatedSessionToken API. Users are authenticated through HealthVault.com, and applications can get tokens for authorization using the HealthVault Shell redirect interface at http://msdn.microsoft.com/en-us/library/ff803620.aspx.
CreateAuthenticatedSessionToken, or CAST, is the most commonly used HealthVault API. This API provides authentication tokens for clients as well as web applications. Most HealthVault wrappers provide an API for this purpose.
Individual methods are available for an application to fetch record and person authorization details. Most notably, NewApplicationCreationInfo is used by mobile clients to receive security keys from the HealthVault platform.
The core function that lets an application read items from a user’s HealthVault record is GetThings. We will discuss this API in detail in GetThings, but to summarize, this API provides the ability to query HealthVault, fetch a health item with granular details, and fetch large BLOB items, such as images.
After CreateAuthenticatedSessionToken, GetThings is the most commonly used HealthVault API.
The counterpart of GetThings is PutThings. It is used by most applications to update and create health items. We will discuss this function in detail in the section PutThings.
OverwriteThings allows applications to force overwrites on existing health items. This API generally is not used.
HealthVault, unlike most personal health platforms, provides a mechanism to store large files such as medical images. Applications can upload large chunks of information by using the BeginPutBlob API. It is fairly tricky to use, but there is good documentation on how to use it via raw XML interfaces at http://msdn.microsoft.com/en-us/library/ff803584.aspx, as well as through the HealthVault .NET SDK at http://msdn.microsoft.com/en-us/library/ff803576.aspx.
DeleteThings is the one of the simplest HealthVault functions, allowing applications to delete individual health items from a user’s record. HealthVault keeps an audit trail of all operations, including the delete operation.
Only users can view the audit trail for health items by using HealthVault Shell’s history functionality. Applications do not have access to the audit trail of a health item.
Several clinical applications use HealthVault to send information to consumers either a single time or continually through backend systems. CreateConnectPackage allows applications to create a one-time package for the user to receive in his HealthVault account, and DeleteConnectPackage allows applications to perform cleanup as necessary. On the other hand, CreateConnectRequest allows applications to establish a continual link with a patient’s HealthVault record. Applications can get the details needed to make the link by using GetAuthorizedConnectRequests.
HealthVault will delete the validated connect requests after a period of time. It is advised that applications calls GetAuthorizedConnectRequests daily or weekly to ensure that all validated connect requests are retrieved.
HealthVault provides several mechanisms for an application to
perform asynchronous processing. GetAuthorizedPeople gets information
about the people that are authorized to use the application. This
function paginates results using a PersonID
cursor and provides a way to query
authorizations created after a given point in time. Applications have
found this function useful to send email updates and reminders to
their subscribers. Similarly, GetUpdatedRecordsForApplication
retrieves a list of records for an application with things that have
been updated since a specified date.
HealthVault provides a powerful publish/subscribe mechanism.
Applications can subscribe to events around create, read, update, and
delete operations on HealthVault thing types. These events are
registered with the platform using the SubscribeToEvent
method. In addition to
defining the subscribe event, the application registers a secure URI
to which the HealthVault platform publishes events. The HealthVault
eventing mechanism is documented in detail with appropriate examples
at http://msdn.microsoft.com/en-us/library/gg681193.aspx.
The InstantPHR application from GetReal Consulting (http://www.getrealconsulting.com/instantphr/) is a good example of an application that uses HealthVault’s asynchronous processing and eventing in particular to notify users of changes in their health records.
Applications using HealthVault can send email messages to HealthVault users. The SendInsecureMessageFromApplication API allows the application to choose the sender address and specify its domain.
The HealthVault Messaging APIs are insecure. It would be better for an institution to set up the Direct email protocol and send secure email to the HealthVault user. HealthVault users get free Direct email addresses.
Terminologies, also known as vocabularies, are a list of codes
associated with well-known terms in a particular domain. HealthVault
hosts numerous terminologies. Most of these are tagged as wc
and are created by Microsoft. However,
several third-party terminologies from the National Library of
Medicine, USDA, HL7, and other institutions are also hosted.
You can use the PowerShell HealthVault plug-in to verify that HealthVault hosts approximately 150 terminologies:
PS C:> (Get-Vocabulary).Count 150
The terminologies can be accessed using the GetVocabulary API. Accessing the terminologies does not require user authentication; these are application-only APIs. Some terminologies hosted by HealthVault, such as RxNorm, are huge. RxNorm is a terminology that attempts to normalize all medication names and contains more than 200,000 entries. The SearchVocabulary API provides an XML interface as well as a JSON interface to search vocabularies. In fact, one can get an auto-completion text box for entering a medication by using SearchVocabulary on RxNorm. The HealthVault user interface provides auto-completion for medications, conditions, and other health item types using the SearchVocabulary API.
The SetApplicationSettings and GetApplicationSettings APIs provide a way for applications to store and retrieve their record-specific settings in HealthVault. Information such as theme selection by a particular user or order of authorized records can be stored in application settings. The multiple record management (MRA) functionality detailed later in this chapter can be implemented using these APIs.
HealthVault also allows a certain kind of application called a
Master Application to create and manage other applications. Master
Applications use the AddApplication
and
UpdateApplication
functions to manage the “child”
applications they create.
There are very few Master Applications in the HealthVault ecosystem. The GoLive or publication bar for these applications is high. Once an application of this type is created, it cannot be deleted.
The GetServiceDefinition
function provides
access to all the details of HealthVault applications, including
Methods, Schemas, and Configurations for the service. Using
GetServiceDefinition
, an application can
programmatically discover HealthVault service information and keep it
up to date.
You can use the PowerShell HealthVault plug-in (Example 3-2) to explore
GetServiceDefinition
.
Example 3-2. Using GetServiceDefinition in HvPosh
PS C:Windowssystem32> Get-ServiceDefinition HealthServiceUrl : https://platform.healthvault-ppe.com/platform/wildcat.ashx Version : 1.9.2679.7415 HealthServiceShellInfo : Microsoft.Health.HealthServiceShellInfo Assemblies : {} Methods : {AddApplication, AllocatePackageId, AssociateAlternateId, BeginPutBlob...} IncludedSchemaUrls : {https://platform.healthvault-ppe.com/platform/XSD/types.xsd, https://platform.healthvault-ppe.com/platform/XSD/auth.xsd, https://platform.healthvault-ppe.com/platform/XSD/application.xsd, https://platform.healthvault-ppe.com/platform/XSD/vocab.xsd...} ConfigurationValues : {[allowedDocumentExtensions, .avi,.bluebutton,.bmp,.ccd,.ccr,.cda, .doc,.docm,.docx,.eml,.gif,.jpg,.mp3,.one,.pdf,.png,.ppsm,.ppsx, .ppt,.pptm,.pptx,.pub,.rpmsg,.rtf,.scp,.tif,.tiff,.txt,.vsd,.wav, .wma,.wmv,.xls,.xlsb,.xlsm,.xlsx,.xltx,.xml,.xps], [autoReconcilableTypes, 1e1ccbfc-a55d-4d91-8940-fa2fbf73c195, 9c48a2b8-952c-4f5a-935d-f3292326bf54], [blobHashBlockSizeBytes, 2097152], [blobHashDefaultAlgorithm, SHA256Block]...}
Open Query is an insecure mechanism for running preconfigured queries invoked with an identifier on HealthVault data. For example, the following query:
https://platform.healthvault.com/platform/openquery.ashx?id=9C4C77CF-1DF0-4c41-BD3D-EC9232B5BC8A |
invokes a saved request that corresponds to the specified identifier. Only queries associated with GetThings can be saved with SaveOpenQuery. The invocation of the open query doesn’t require authentication and authorization, and the HealthVault team discourages its use and might remove it in future updates.
The most important HealthVault functions an application should become familiar with are GetThings and PutThings. In the following sections we will dive deeper in to each of these functions, discuss their treatment in the HealthVault .NET SDK, and see some examples. The code in this chapter can be a starting point for the more complex applications introduced in the rest of this book.
The best way to understand GetThings API is to look at the XML that an application would send to HealthVault platform to request a set of things (Example 3-3).
Example 3-3. GetThings XML request
<wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request"> <auth>...</auth> <header>...</header> <info> <group name="GetWeights" max="10"> <id>d8460ea8-50d4-4c30-ad92-49d1a1020b52</id> <filter> <type-id>d8460ea8-50d4-4c30-ad92-49d1a1020b52</type-id> <thing-state>Active</thing-state> <created-app-id>1F82D899-22E0-43F2-A645-59EDB6927645</created-app-id> <xpath>/thing/data-xml/weight/value/kg[.>=60]</xpath> </filter> <format> <section>core</section> <xml /> </format> <current-version-only>true</current-version-only> </group> </info> </wc-request:request>
Each GetThings request can have multiple queries called a
group
(Line ). Each group is identified by its name
. The response from HealthVault combines
the items returned by the group; group-name
is used to index items returned
for a particular query group. The group
element can take one or more
attributes to control the results. The attribute used in the previous
example is max
, which tells the
HealthVault platform to return the top 10 items for this query.
Each query group can contain <filter>
subelements to return
particular items with a specific identification. Example 3-3 requests items with a specific
type-id
(Line ). The d84..52
identifier is associated with a
particular instance of the weight type. Multiple IDs can be specified
in each request. Other elements, such as client identifiers and thing
keys, can also be used instead of an ID. The filter
also restricts results to those that
have an active thing-state
(Line
) and were created using the Withings
application (Line ). Items also can be
filtered using XPath; on Line we are
looking for weight items whose values are greater than 60 kg, maybe
because we know that the scale was misconfigured during this time. To
sum up, the query in Example 3-3 returns
the core XML sections of the top 10 weight elements that were created
by the Withings application and have values greater than 60 kg.
The format and quantity of information returned by the GetThings
query can be controlled by format
specifiers. Using the section
tag,
we can specify that we just want the core
elements of the requested thing types
(Line ). Other section tags could specify
digital signatures, audit information, or effective permissions for
the request. Using the xml
tag
(Line ), one can run an XSL transform on
the thing types or choose from existing transforms available for the
type. Our xml
tag is empty, so no
transform is run in the sample query. We will discuss MTT, STT, and
other transforms in Chapter 4.
An application can request only the current versions of HealthVault thing types (Line ), although the platform does store older versions of the data.
To complete the discussion on the format of the GetThings
request, note that I have collapsed the auth
and header
tags at the beginning of the code
block. These elements specify the authorization information for the
method and various other header elements, such as the method name,
final-xsl, version, user, and application tokens.
Table 3-4 summarizes the
querying ability of the GetThings
method. To learn more, please refer to the methods schema
documentation at http://developer.healthvault.com/pages/methods/methods.aspx
and associated HealthVault SDK reference at http://msdn.microsoft.com/en-us/library/hh672196.aspx.
Table 3-4. GetThings query parameters
Search Criteria | .NET SDK name | XML element | Name description |
---|---|---|---|
Group Attribute |
|
| Identifies the group |
|
| Maximum number of things to be returned | |
|
| Maximum number of full things | |
Identifiers |
|
| Client ID of the thing |
|
| Thing instance ID | |
|
| Thing key | |
Filters |
|
| Various thing filters |
|
| ||
|
| ||
|
| ||
|
| ||
|
| ||
Formats |
|
| Section to be retrieved (core, audits, effective permissions, digital signatures) |
| Name of the transform to apply | ||
| Version ID of the type format | ||
| Sequence of | ||
Versions |
|
|
Now that we understand the paradigm through which one can access
things from HealthVault using the GetThings
methods, let’s look at how we can
utilize querying to display weight values in our application.
Our application currently fetches all the weight readings.
However, we want to be able to explore the readings on a graph one
week at a time. Example 3-4 shows how we can
do it. As Line shows, we begin by
creating a searcher object for the record we are working with, and
then create a new filter for the weight type (Line ). Once we have the filter, we add properties
to filter the value so that we get only those weight items that are
dated for the previous week using EffectiveDateMin
(Line ).
Once the query is constructed, we issue a GetThings request to
HealthVault (Line ). Because we have only
one group, we index for the results in the first set of matching
results (GetMatchingItems()[0]
).
Example 3-4. Using the EffectiveDateMin filter to get weekly data
protected void Btn_ShowWeeklyWeightReadings_Click(object sender, EventArgs e) { HealthRecordSearcher searcher = PersonInfo.SelectedRecord.CreateSearcher(); HealthRecordFilter filter = new HealthRecordFilter(Weight.TypeId); filter.EffectiveDateMin = DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)); searcher.Filters.Add(filter); HealthRecordItemCollection items = searcher.GetMatchingItems()[0]; TimeSeries t = new TimeSeries("Weight Graph"); foreach (Weight item in items) { //Assuming all data is in one unit t.SeriesValue.Add(new TimeSeries.TimeSeriesValues( item.EffectiveDate, item.Value.DisplayValue.Value)); } TimeplotView.Plots.Add(t); TimeplotView.DataBind(); TimeplotView.Visible = true; }
After getting the matching items, we create a new TimeSeries
(Line ) and add each item individually to the series.
The TimeSeries.ascx.cs file
contains an implementation of this class. You can choose to use your
own implementation with any other graphing library. In this example,
I’m using the Flot JavaScript graphing library (http://code.google.com/p/flot/). TimeplotView
(Line ) is an instance of a user control that has a
Flot graphing object.
In the last three lines we add the constructed TimeSeries
to the graphing object and make
it visible on the screen. Figure 3-3 shows the results of
running this query on the selected record.
As with GetThings, we’ll begin our coverage of the PutThings API by looking at the XML an application would send to HealthVault to create or update a set of things. Compared to GetThings, this is a simple request (Example 3-5).
Example 3-5. PutThings XML sample
<wc-request:request xmlns:wc-request="urn:com.microsoft.wc.request"> <auth> <hmac-data algName="HMACSHA1">IB7cdWXFNKE+xhrvE5poT5ulueE=</hmac-data> </auth> <header>...</header> <info> <thing> <type-id>0a5f9a43-dc88-4e9f-890f-1f9159b76e7b</type-id> <thing-state>Active</thing-state> <data-xml>...</data-xml> </thing> </info> </wc-request:request>
Each PutThings request can add instances of a thing
(Line ).
Each thing has a type-id
(Line
) that identifies what kind of data item
it is. In Example 3-5, the thing is of
type Weight
. Because we are adding
a weight thing, the data-xml
(Line
) part of this request needs to adhere to
the schema for this particular type. In Chapter 4, we will discuss
the thing-type schema. The important aspect of using this schema is to
make sure to use a unique thing-id
.
In case of an update, the thing-id
is the instance of weight you want to update. Additionally, the
thing-version-id
element should be
the version ID of the element that is currently in the HealthVault.
HealthVault offers optimistic concurrency, which means that if an
application tries to update an old thing that has already been updated
by some other application, its version ID will have changed and the
new put won’t succeed. The thing-version-id
is critical to make sure
one update does not override another.
Let’s modify our application to add a new Weight
element to HealthVault. On the
Default.aspx page, we construct a text box to
enter weight in pounds and associate a “save” button with it, with the
action as Btn_SubmitWeight_Click
.
Example 3-6 illustrates how we will go
about saving a new element to HealthVault. Notice the
HealthVault-specific DateTime
field
(HealthServiceDateTime
) on Line
and a way to differentiate the actual
WeightValue
from DisplayValue
on Lines –. HealthVault
enables health items to have a flexible date and time. It also stores
measurements in a canonical format and allows users to see them in the
format in which they entered the data.
In the case of Weight
, it is
stored canonically in kilograms, but we assume the user prefers to
enter and display the weight in pounds. So, on Line we multiply the value entered by the user by
1.6. The DisplayValue
of the weight
is in pounds (lbs
), which the
applications working with this type can use to show the value to the
user.
Having a well-formed weight health item, we can send it to
HealthVault by calling the NewItem
method in the HealthVault .NET SDK. Under the hood, the NewItem
call issues a PutThings request to
the HealthVault platform. The HealthVault SDK also has an UpdateItem
method, which saves changes to an
existing item using the PutThings
method.
To update an existing item, one essentially does the same thing
as shown, except you use the UpdateItem
SDK method instead of NewItem
.
The code in Java shown in Example 3-7 is equivalent to the .NET in Example 3-6. The OnlineRequestTemplate is generated using the library’s SimpleRequestTemplate, and it sets an appropriate UserAuthToken and PersonId on the request.
Example 3-7. Reading weight using the Java SDK
public void PutThing() throws Exception { long weightValueInKg = 80; DisplayValue dv = new DisplayValue(); dv.setUnits("lb"); dv.setUnitsCode("lb"); dv.setValue(weightValueInKg/2.2); WeightValue wv = new WeightValue(); wv.setKg(weightValueInKg); wv.setDisplay(dv); Weight weight = new Weight(); weight.setValue(wv); weight.setWhen(DateTime.fromCalendar(Calendar.getInstance())); Thing thing = new Thing(); thing.setData(weight); SimpleRequestTemplate requestTemplate = new SimpleRequestTemplate( ConnectionFactory.getConnection()); requestTemplate.setPersonId("75ac2c6c-c90e-4f7e-b74d-bb7e81787beb"); requestTemplate.setRecordId("8c390004-3d41-4f5c-8f24-4841651579d6"); PutThingsRequest request = new PutThingsRequest(); request.getThing().add(thing); PutThingsResponse response = (PutThingsResponse)requestTemplate.makeRequest(request); }
For an application working with a single record, HealthVault
provides a simple mechanism to switch to another record using a switch
record hyperlink. In order for an application to switch to a different
record, the application needs to tell the HealthVault Shell to allow
the user to switch the record and have a preconfigured receiving end
point for the HealthVault Shell to send the user back to a
notification to change the selected record, termed a
SELECTEDRECORD
. The application redirects the user
with a hyperlink URL like the one shown in the following example. The
AUTH target implies an authentication request,
the appid implies the identifier associated with
the calling application, and the forceappauth
string makes sure that the user is able to change the record.
https://account.healthvault-ppe.com/redirect.aspx?target=AUTH&targetqs=appid%3D82d47a5a-d435-4246-895a-746c475090d3%26forceappauth%3Dtrue |
Using the HealthVault .NET Web SDK, this can be done with following line of code. The last variable enables applications to pass any optional parameters that need to pass through the URL redirection:
this.RedirectToShellUrl("AUTH", "appid=" + this.ApplicationId.ToString() + "&forceappauth=true", "passthroughParam=optional");
As a simple example, Figure 3-4 shows how one can
associate the Switch Account functionality to an existing HealthVault
application. Enabling this functionality involves two steps. First is
to create an appropriate URL to send the user to HealthVault; Example 3-8 shows the
associated code. The second step in this process is to create a
receiving URL so that HealthVault can send the user back to your
application. Example 3-9 shows the
associated code required to configure a SelectedRecordChanged
end-point page in the
HealthVault SDK’s web.config
file. These two steps are relatively simple and can be accomplished
with any programming language. HealthVault Shell Interface explains the HealthVault
shell interface, and HealthVault SDK and Open Source Libraries lists the
available libraries.
In Example 3-8,
notice that in Line , we are using the
RedirectToShellUrl
HealthVault SDK
functionality to enable creating the appropriate redirection URL for
HealthVault.
In Example 3-9, we are creating a key in the web.config file to associate a receiving end point for the selected “record changed” action. In the next section, we explain the HealthVault shell interface in detail.
The Mayo Clinic Health Manager works with all the records
associated with the account and functions as a multiple-record
application (MRA). As illustrated in Figure 3-5, I can switch
from my record to my mom’s record seamlessly within the Mayo Clinic
application. This flexibility can be achieved in an application by
including IsMRA=true
while
communicating with HealthVault Shell’s Authentication (AUTH)
mechanism, as detailed in HealthVault Shell Interface. Using this capability, the
application can then authenticate multiple records at the same time
and make requests to access health information for each one of them.
For the application to remember the previous active record before
switching to any associated record, it should store the current record
identifier in the application settings associated with the person
before making the switch.
The HealthVault team offers a .NET SDK available at http://www.msdn.com/healthvault. Additionally, a number of open source libraries offer higher-level abstractions for interacting with the HealthVault platform. This section outlines the level of abstractions available in each of these libraries.
The HealthVault .NET SDK is the official software development kit available from Microsoft for working with the HealthVault platform. The HealthVault team maintains this SDK and provides interfaces for all HealthVault interfaces.
This SDK does not support the HealthVault Client APIs for mobile phones, but it does support the HealthVault Client APIs for Windows Applications. The Shell Redirect Interface is supported, but not all capabilities are supported. Notably, this is the only SDK that supports signing health items and streaming large files to HealthVault. HealthVault uses Azure, Microsoft’s cloud storage service, to store these large files.
Throughout this book, we will be looking at code that uses this SDK, and refer to it as the HealthVault .NET SDK. Officially each major release of this SDK is supported for two years, and the SDK is currently compatible with .NET framework version 2.0.
The source code of this SDK is available for reference, but the license terms don’t allow modifications to the SDK.
This is the second most popular SDK for the HealthVault platform. The HealthVault open source Java SDK is available under a very permissive open source license at http://healthvaultjavalib.codeplex.com. This SDK was developed by members of the HealthVault team and provides interfaces for most HealthVault interfaces. The source code of the SDK is available under the Microsoft Public License, and modifications and redistribution of this code are permitted for commercial and noncommercial purposes.
Notably, this SDK supports the HealthVault Client APIs for Android mobile phones, and it provides a complete abstraction layer for Shell redirect interfaces. But it does not support Patient Connect, asynchronous processes, signing of health items, or streaming large files to HealthVault. However, there are samples or documentation available for signing and streaming.
Additionally, the SDK provides an object wrapper for thing types using code generation tools. If these classes don’t meet your needs, you can use the method schemas and create suitable wrappers.
This SDK is fully available for JDK 1.6; however, raw authentication is supported for JDK 1.4. The SDK is community supported, and patches for bug fixes or missing functionality are welcomed.
The HealthVault team provides an open source and community-supported library for the iOS platform available at https://github.com/microsoft-hsg/HealthVault-Mobile-iOS-Library. This library provides basic functionality to authenticate mobile clients. It doesn’t provide support for any additional HealthVault features.
Applications such as iTriage (http://www.itriagehealth.com/) have used this library to create HealthVault iOS applications.
This library is available under the Apache 2.0 open source license, and modifications and redistribution of this code are permitted for commercial and noncommercials purposes.
Like the iOS library, the Windows Phone library at http://healthvaultwp7.codeplex.com/ provides an authentication abstraction for Windows Phone mobile clients. Applications such LiveScape (http://livescape.mobi/) have used this library to create HealthVault-enabled Windows Phone applications.
This library is available under the Apache 2.0 open source license, and modifications and redistribution of this code are permitted for commercial and noncommercials purposes.
In Chapter 5, we will walk through a detailed application that shows how to work with HealthVault mobile interfaces.
The HealthVault team has helped create Python, PHP, and Ruby libraries. These libraries are primarily driven by partners and provide the basic authentication layer for working with the HealthVault service. Applications such as TrailX (Python), Teladoc (PHP), and podfitness (Ruby) have used these libraries to create successful HealthVault applications.
These libraries are available under the Apache 2.0 open source license, and modifications and redistribution of this code are permitted for commercial and noncommercial purposes.
Table 3-5 summarizes the functionality available in various HealthVault libraries.
Table 3-5. HealthVault SDK and open source libraries
SDK library | Distribution | Supported platform | Features available | License and support |
---|---|---|---|---|
HealthVault .NET | MSDN | Windows XP, Vista, 7 (.NET 2.0) | All HealthVault features | Microsoft Reciprocal License (MS-RL) Microsoft supported |
Java | Codeplex | JDK 1.6 JDK 1.4 (limited) | Authentication, method wrappers, thing-type wrappers | Microsoft Public License (MS-PL) Community support |
Java | Codeplex | Android (1.6+) | Authentication, thing-type wrappers | MS-PL Community support |
iOS | GitHub | iOS 4.0+ | Mobile authentication | Apache 2.0 Community Support |
Windows Phone | Codeplex | Windows Phone 7+ | Mobile authentication | Apache 2.0 Community support |
Python | Google Code | Python 2.7 | Authentication (basic) | Apache 2.0 Community support |
PHP | SourceForge | PHP | Authentication (basic) | Apache 2.0 Community support |
Ruby | RubyForge | Ruby | Authentication (basic) | Apache 2.0 Community support |
We touched on the HealthVault APIs and interface; these interfaces are usually combined in multiple ways to create integration architectures with HealthVault. This section discusses high-level options for integrating applications and devices with HealthVault. This discussion should be useful for understanding different architectural patterns available for interfacing devices and applications with HealthVault.
As of this writing, more than 80 types of devices connect with HealthVault. These devices range from pedometers and weighing scales to blood pressure meters and pulse oximeters. Figure 3-6 shows the various interfaces available for a device to connect with HealthVault.
Currently, a large number of devices interface with HealthVault through HealthVault’s Windows client utility, called HealthVault Connection Center. HealthVault Connection Center enables device integration using the Windows Portable Devices (WPD) standard.
If a device already has a Windows device driver, the appropriate data can be communicated to HealthVault using the WPD standard. The HealthVault team has a device development kit (DDK) that can be used for this integration, but its use lies outside the scope of this book.
When there are no WPD-supported elements for a device, it can still integrate with HealthVault through the HealthVault Connection Center by sending and receiving HealthVault XML directly. Chapter 4 describes the HealthVault’s XML data types. This approach is referred to as HealthVault XML in Figure 3-6. The HealthVault DDK has an example of how to go about configuring such an interface.
In addition to interfacing devices through the HealthVault Connection Center, device manufacturers can write their own client application to enable data to upload to HealthVault using the HealthVault Client SDKs. ECG Glove, which is available at http://ineedmd.com/, is a good example of a device that sends information to HealthVault using this interface.
Devices such as Fitbit and Withings actually take integration a step further and interface with HealthVault directly through the cloud using HealthVault APIs.
Continua Health Alliance is a nonprofit, open industry organization of health care and technology companies joining together to improve the quality of personal connected health care. With more than 230 member companies around the world, it is the leading consortium for personal health care devices. HealthVault has announced that support for Continua drivers will be available in the future. When this happens, devices will be able to play well in the HealthVault and Continua ecosystem, either by using the HealthVault Web API or by converting data into IEEE 11073 formats.
Continua is not a standards body, but has identified a set of standards that together enable a personal connected health care ecosystem. At its heart is the IEEE 11073 Personal Health Data Standard, which dictates various data standard profiles for devices ranging from blood pressure cuffs to weighing scales. IEEE 11073 is a data standard and is independent of transport.
On the transport layer, Continua supports USB personal Health Class devices, Bluetooth health care device profiles, and other transports as they become compliant in the future.
Figure 3-7 shows the interfaces supported by Continua.
As of this writing, there are more than 300 HealthVault applications are live in the United States. HealthVault applications work with the HealthVault personal health data store by using various APIs over the HTTP protocol, as we have seen with PutThings and GetThings. Figure 3-8 depicts various ways in which applications have interfaced with HealthVault, depending on their use case.
The following discussion goes into detail about various modes of connecting with HealthVault, which depend on the applications’ needs as they pertain to the underlying platform, user consent, authentication, and user interface.
In addition to data storage, native HealthVault applications can use HealthVault for user authentication and authorization. Any data accessed using this mode requires the user’s explicit permission each time the application interacts with HealthVault.
Mayo Clinic Health Manager, https://healthmanager.mayoclinic.com/, is a native HealthVault application.
Applications can choose to simply store and access data from HealthVault without using HealthVault as a primary authentication and authorization entity.
FitBit (http://www.fitbit.com/) is a good example of an offline application. It links a FitBit account with a HealthVault user record and account, and then interacts with the health items therein.
Drop Off Pick Up (DOPU) is analogous to sending a secured fax to a HealthVault user. The data flow in this architecture is one-way. The application drops the data into HealthVault, and the user picks it up.
If a consumer happens to visit a health care institution and does not intend to have an ongoing relationship with the care entity, DOPU provides an effective mechanism for the institution to provide documents.
Some entities don’t intend to maintain a public-facing website but would like to have an ongoing relationship with their users through HealthVault. Patient Connect provides an ideal mechanism for such institutions. Via this mechanism, the user authorizes an application to read or write data to her HealthVault record through a user interface on HealthVault.com.
Clinical systems such as electronic medical records (EMRs) commonly use this model to connect to HealthVault, which is why this model is called Patient Connect. It should be noted, however, that this model is not limited to clinical systems and can be used by any backend system.
Client Connectivity, referred to as Software on Device Authentication (SODA), enables applications to run on client platforms like desktop or mobile device, outside of the web browser. Every time a user installs a SODA application, the user must authorize that installation of the application to access his HealthVault record. For instance, if the user is running the same application on both his laptop and desktop, he will need to authorize both installations to access his HealthVault record.
A number of mobile health applications (such as iTriage, LiveScape, and Weight4Me) use this architecture. In Chapter 5 we will develop a mobile application and do a detailed walkthrough of the APIs available to use this type of interface.
The Direct project, formerly known as NHIN Direct, is collaboration between the public and private sector to develop a simple, secure, and standards-based method to send encrypted health information directly to known, trusted recipients over the Internet. This project aims at replacing the fax machine in health care. Providers are able to send documents to each other securely.
Direct integration is the easiest kind of integration with HealthVault, and trusted applications can actually send and receive documents to and from HealthVault using a Direct-enabled email address. HealthVault users get an email address in the format <handle>@direct.healthvault.com. As part of its Direct implementation, HealthVault automatically adds any recognized attachments (for example, CCDs or CCRs) to the user’s record.
Google Health was able to interface with HealthVault using the Direct integration. For HealthVault to accept emails from a new direct domain, the application needs to register the public key with HealthVault. If the application sends email to [email protected] with the user’s email address in the subject line, HealthVault stores the email in a password-encrypted package and sends an email to the user to associate the dropped-off information to their record. The user can also sign into her HealthVault record and read the message in the HealthVault Message Center.
Application Provisioning refers to providing an application in HealthVault’s production environment, which the HeathVault team does for all of the connectivity models discussed so far. However, in special cases it provides the ability for applications known as “master” applications to provision individual HealthVault “child” applications.
Frequently, solution providers develop HealthVault integration for common scenarios such as uploading lab information or sending clinical care record information from a facility’s EMR system. These solutions are deployed separately for each institution. The HealthVault team delegates the responsibility for creating these individual application instances to the solution provider through the Master Application mechanism.
Thus, for instance, if we wanted to deploy an individual instance of a Weight Tracker application per institution, we would use the AddApplication API available from the HealthVault Platform. Further Resources has links to examples and resources about how to create a child application.
3.142.43.206