MyChart® by Epic

MyChart® offers patients personalized and secure online access to portions of their medical records. It enables them to securely use the Internet to help manage and receive information about their health. With Bluefin direct integration, merchants can now accept payments quickly and securely without exposing card information and reducing their PCI scope.

This guide describes the external payment page's configuration object. The config values are categorized as follows:

  • Internal Payment Page settings
  • PayConex settings
  • ShieldConex settings
  • EPIC MyChart settings

While most of the values for these settings are taken from other Bluefin systems, some information has to come from the customer.

Prerequisites

Information Required From the Merchant

The following information has to be provided by the customer:

  • The full domain of the webpage that will be loading our iFrame. We will be using that to whitelist their website.
  • The EPIC user credentials (page 6 of the guide)
  • The full path for the GetPaymentSessionData and PostTransactionResult endpoints on their system, e.g., https://apporchard.epic.com/interconnect-aocurprd-username/api/epic/2017/Billing/External/GetPaymentSessionData

Configure the PayConex Account

Before we can configure an instance of the Epic External Payment Page for a merchant we have to configure their PayConex account to process payments with ShieldConex Tokens. The Payments With ShieldConex Tokens guide outlines the steps involved in setting up ShieldConex on PayConex.

Create Templates in ShieldConex

Two SCX templates have to be created using the "Create PayConex Token Payments Template" option on the SCX portal. One template will be used for processing credit card payments and the other will process ACH transactions. The default PayConex Token Payments templates come with more fields than we require.

On the credit card template delete all fields except the following:

  • scx_token_card_number
  • scx_token_card_expiration
  • scx_token_card_verification
  • scx_token_first_name
  • scx_token_last_name

On the ACH template delete all fields except the following:

  • scx_token_bank_routing_number
  • scx_token_bank_account_number
  • scx_token_first_name
  • scx_token_last_name

🚧

Important

The Epic page's domain should be added to the templates domain whitelist in ShieldConex:

  • au5xo1fuga.execute-api.us-east-1.amazonaws.com
  • zhz18cy9gg.execute-api.us-east-1.amazonaws.com

We recommend that you give the templates descriptive names so that their purpose is easily identified later.

Setting Up the Configuration File

{
  "3e0c7ba8-2363-4189-9655-d817deb9dcbe" :
  {
    "name" : "App Orchard Account",
    "referrer_whitelist" : ["apporchard.epic.com"],
    "payconex" : {
      "host"    : "cert.payconex.net",
      "account" : "220614987701",
      "api_key" : "653ebd749324a2ca2c4e0e9e8ede65d8"
    },
    "shieldconex" : {
      "host"                : "secure-cert.shieldconex.com",
      "ach_only_template"   : "8c5680f96c43b8bca8f4e3819e267bc6",
      "cc_only_template"    : "6c9ae0b5718e868e10ad285080092f88"
    },
    "epic" : {
      "username" : "BLUEFINPAYMENT",
      "password" : "tFLjGjofy74W@t9JD$bo",
      "clientId" : "059c7478-b289-4d42-8669-f92d0df7b7cd",
      "details_endpoint"            : "https://apporchard.epic.com/interconnect-aocurprd-username/api/epic/2017/Billing/External/GetPaymentSessionData",
      "transaction_result_endpoint" : "https://apporchard.epic.com/interconnect-aocurprd-username/api/epic/2017/Billing/External/PostTransactionResult"
    },
    "jwt" : {
      "secret_key" : "73f677f873ffed8d26d30f9b482269cb55123a1ae6597c8fed3dbc052aaaf26a"
    }
  }
}

URL Path

Each merchant must be provided with a unique URL for their instance of the External Payment Page. The structure of the URL is as follows:

https://<domain>/prod/eepp/<config id>

The <domain> depends on the deployment server. The <config id> is the value defined in the config object. In our examples the config id is a guid, but there is no hard rule requiring it to be a guid. Any URL friendly value will do. For the config object in the example above the merchant URL is as follows:

https://zhz18cy9gg.execute-api.us-east-1.amazonaws.com/prod/eepp/3e0c7ba8-2363-4189-9655-d817deb9dcbe

External Payment Page Settings

This section summarizes the config options that are specific to the Payment Page.

VariableDescription
nameA descriptive name to give the config entry. This value is not used anywhere in the code and is simply a way to identify the different config objects.
referrer_whitelistAn array of domains from which the external page will be loaded. This information must be provided by the merchant.
jwt.secretA random 64 character string that is used to encrypt the JWE. The JWE is short lived (only lasts the duration of a session) so this value can be changed at any time.

EPIC MyChart Config Settings

This section summarizes the config options that are specific to the EPIC MyChart instance to which the Page is integrating. Most information for this section will come from the customer. The following guide explains how they come up with the information (App Orchard Implementation Guide - Bluefin External Payment Page).

VariableDescription
epic.usernameCredentials for EPIC user specifically to create this external Page. Refer to the EPIC guide for instructions.
epic.passwordEPIC user credentials.
epic.clientIdA unique identifier for this app. The value for non-production is "059c7478-b289-4d42-8669-f92d0df7b7cd" and "616686d4-9d23-4fe1-8087-34ecc58ca9c9" for production.
epic.details_endpointEndpoint called during the checkout process.
epic.transaction_result_endpointEndpoint called during the checkout process.

PayConex Config Settings

This section summarizes the config options that are specific to PayConex. The account and API key can be found on the PayConex Portal.

VariableDescription
payconex.hostThe hostname of the PayConex environment. Can be either "cert.payconex.net" or "secure.payconex.net".
payconex.accountThe PayConex account ID. This is the default account configured for this customer. The EPIC MyChart application has the ability to override this value by passing PayConex credentials through the transaction details endpoint.
payconex.api_keyThe API access key for the PayConex account.

ShieldConex Config Settings

This section summarizes the config options that are specific to ShieldConex. You will need the template reference strings for the payment methods (Credit and/or ACH) you wish to set up. These can be found in ShieldConex Manager -> Manage -> Templates, and then by selecting the specified template to view the details.

VariableDescription
shieldconex.hostThe hostname of the SCX environment. Can be either "secure-cert.shieldconex.com" or "secure.shieldConex.com".
shieldconex.ach_only_templateThe ACH template reference.
shieldconex.cc_only_templateThe credit card template reference.

Information Required From the Merchant

The following information has to be provided by the customer:

  • The full domain of the webpage that will be loading our iFrame. We will be using that to whitelist their website.
  • The EPIC user credentials (page 6 of the guide)
  • The full path for the GetPaymentSessionData and PostTransactionResult endpoints on their system, e.g., https://apporchard.epic.com/interconnect-aocurprd-username/api/epic/2017/Billing/External/GetPaymentSessionData