Linking CVS/MinuteClinic just forwards to provider site

[philipsd6]

When I click on the "CVS Health & Minute Clinic" tile, it launches the https://mychart.minuteclinic.com auth page, but then when I complete authenticating, it just loads the normal MyChart site for CVS/MinuteClinic. Nothing gets added to fasten.

What am I doing wrong?

[EasternPA]

Same.

https://open.epic.com/MyApps/Endpoints

shows this endpoint

https://retailepicfhir.cvshealth.com/FhirProxy/api/FHIR/DSTU2/

but the open smart vaccine card initiative at

https://github.com/the-commons-project/vci-directory/blob/main/vci-issuers.json

has this for CVS

https://retailepicfhir-uat.cvshealth.com/FhirProxyTST/api/epic/2021/Security/Open/EcKeys/32001/SHC

Notice the -uat in the hostname. Preprod if you do systems architecture stuff. The TST in FhirProxyTST is also interesting.

Finally, I'm sure this is also useful

https://developer.cvshealth.com/apis

[AnalogJ]

Sent the following email to CVS Health and Epic:

CVS Health FHIR endpoint does not correctly implement Smart-on-Fhir (Redirect to Logout)

Hi,

I'm trying to connect to the CVS Health (Org ID: 1829) R4 FHIR Endpoint. However the OAuth flow is not working correctly. Unlike other organizations using Epic/MyChart, visiting the CVS OAuth2 authorize page will start a series of redirects that seems to reset/logout the oauth session and ends with the patient portal login page, at which point there is no prompt to provide permissions/access to my 3rd party application.

Here's the redirect order that I was able to determine:

https://retailepicfhir.cvshealth.com/FhirProxy/oauth2/authorize?redirect_uri=https%3A%2F%2Flighthouse.fastenhealth.com%2Fv1%2Fcallback%2Fepic&response_type=code&response_mode=fragment&state=XXXXXXXXXX&client_id=ZZZZZZZZZZZZZZZZZ&scope=fhirUser+openid+profile&aud=https%3A%2F%2Fretailepicfhir.cvshealth.com%2FFhirProxy%2Fapi%2Ffhir%2FR4&code_challenge=XXXXXXXXXX&code_challenge_method=S256


https://mychart.minuteclinic.com/MyChartPRD/Authentication/OAuth/Start?org=&redirect_uri=https%3A%2F%2Flighthouse.fastenhealth.com%2Fv1%2Fcallback%2Fepic&response_type=code&response_mode=fragment&state=XXXXXXXXXX&client_id=ZZZZZZZZZZZZZZZZZ&scope=fhirUser+openid+profile&aud=https%3A%2F%2Fretailepicfhir.cvshealth.com%2FFhirProxy%2Fapi%2Ffhir%2FR4&code_challenge=XXXXXXXXXX&code_challenge_method=S256

https://mychart.minuteclinic.com/MyChartPRD/Home/LogOut?postlogoutmode=oauthlogin&skipAbandonCurrent=1

https://mychart.minuteclinic.com/MyChartPRD/bye.asp?postlogoutmode=oauthlogin&skipAbandonCurrent=1&hideText=1

https://mychart.minuteclinic.com/MyChartPRD/default.asp?action=logout&mode=oauthlogin&liteMode=true

https://mychart.minuteclinic.com/MyChartPRD/Authentication/Login?action=logout&mode=oauthlogin&liteMode=true

I'll update once I hear back from them.

[EasternPA]

Thank you for updating this. If you get this working, I think there would be value in adding CVS' vaccine card and lab test result API as a unique provider in fasten (URL listed in my comment), assuming they host that API separately and haven't just moved everything over there. Not sure if they serve up the QR codes via the API or if fasten would need to generate one from the JSON data returned.

[AnalogJ]

Yeah, the Smart Vaccine Cards are a feature that I'd like to support with Fasten as well. Currently immunization & vaccination information is available in the Patient Profile page (not in Smart Vaccine Card format however).

[AnalogJ]

CVS/MinuteClinic integration is working correctly now.