Patient Portal & Mobile App Workflows
This document defines eight core workflows for the Patient Portal & Mobile App module. Each workflow includes process steps, decision points, integration hooks, exception handling, and the paperless transformation achieved by the HIS.
Regulatory context (UAE): All workflows must comply with UAE Federal Decree-Law No. 45/2021 on Personal Data Protection (UAE PDPL), MOH/DHA/DOH policies on patient access to records, and HIE requirements for NABIDH (Dubai) and Malaffi (Abu Dhabi). Identity verification and consent capture must support Emirates ID and UAE Pass. Audit trails and access logs must be retained per local regulator retention policies.
WF-PPT-001: Patient Portal Registration & Activation
Process Flow
Actor(s): Patient, Registration Clerk (optional for in-person)
Trigger: Patient registers at facility or self-registers online/mobile
Pre-conditions:
- Patient demographic record exists in
patients(MRN assigned) OR patient is creating a pre-registration record. - Facility has configured UAE Pass integration and identity verification rules.
- Portal is configured with supported languages and terms of use.
- Patient opens portal web or mobile app and selects “Register / Create Account”.
- System asks patient to choose registration path:
- a. “Use UAE Pass” (recommended), or
- b. “Use Emirates ID + mobile OTP”. - If UAE Pass selected:
- System redirects to UAE Pass OAuth 2.0 / OpenID Connect flow.
- Patient authenticates with UAE Pass and grants consent to share identity attributes.
- System receives ID token and profile (Emirates ID, full Arabic/English name, mobile, email).
- If Emirates ID path selected:
- Patient enters Emirates ID (e.g.,
784-1990-1234567-1) and date of birth. - System validates format and queries
patient_identifiersinehr-patient-mgmtto find matching patient. - System sends OTP to patient’s registered mobile number (from
patient_demographics) or to mobile entered if allowed by policy. - Patient enters OTP; system verifies within configured time window.
- System displays matched patient details (masked) and asks patient to confirm identity (e.g., last 4 digits of mobile or PO Box).
- System checks if a
portal_accountsrecord already exists for this patient: - If active account exists → stop and prompt patient to use “Forgot Password” flow. - If inactive/pending account exists → resume activation. - Patient enters/confirm contact details (email, mobile) and sets: - Username (or uses email as username), - Password (meeting complexity rules), - MFA method (SMS OTP, authenticator app, or device biometric if mobile).
- System creates or updates
portal_accounts: - Linkspatient_idand optionallyuser_id(if shared auth), - Stores email, phone, activation_status =PENDING_VERIFICATION, language_preference default (English or Arabic). - Patient selects preferred language (English/Arabic) and notification channels (email/SMS/push) on a preferences screen.
- System creates/updates
portal_preferencesfor the account (notification_email, notification_sms, notification_push, language, display_theme). - System displays terms of use and UAE PDPL data processing consent (bilingual). Patient must explicitly accept.
- On acceptance, system:
- Updates
portal_accounts.activation_status = 'ACTIVE',activation_date = NOW(),uae_pass_linked = TRUE/FALSEas applicable. - Logs a new row in
portal_sessionsfor first login.
- Updates
- System sends welcome notification (email/SMS/push) with basic portal guide via
portal_notifications. - For dependents (<18 or per facility policy), system offers “Add child / dependent”:
- Parent enters dependent Emirates ID / MRN.
- System verifies relationship (from EHR or via manual approval queue).
- On approval, system inserts
proxy_access_grantswith access_level and expiry.
- Patient is redirected to dashboard (
SCR-PPT-001).
Data Modified:
portal_accounts— INSERT/UPDATEportal_preferences— INSERT/UPDATEportal_sessions— INSERT (initial session)portal_notifications— INSERTproxy_access_grants— INSERT (if proxy configured)audit_logs(module-level, if present) — INSERT for consent and identity verification
Mermaid Flowchart
Decision Points
- Registration method: - If UAE Pass available and patient chooses it → use OIDC; higher assurance. - If Emirates ID path chosen → rely on OTP + demographic match.
- Patient match: - If no patient found by Emirates ID → show guidance to contact registration desk; do not create orphan portal account.
- Existing portal account: - If active account exists → block duplicate registration, direct to account recovery. - If pending/inactive → reuse and complete activation.
- Consent acceptance: - If patient declines UAE PDPL consent or terms → do not activate account; mark record for follow-up.
Integration Points
- EHR & Patient Management (
ehr-patient-mgmt): - Read:
patients,patient_demographics,patient_identifiersfor Emirates ID, MRN, mobile, DOB. - Write: none directly; demographic updates handled in separate workflows.
- UAE Pass (INT-PPT-008):
- OAuth 2.0 / OpenID Connect for identity verification and SSO.
- Data: Emirates ID, name, mobile, email, assurance level.
- Identity / Auth service:
- Shared
userstable if central auth is used; linkportal_accounts.user_id. - Notification service:
- Uses
portal_notificationsto send email/SMS/push for welcome and OTP (if internal).
Exception Handling
- No patient match by Emirates ID:
- Do not create portal account.
- Display localized message: “We could not find your record. Please contact Registration or call +971 4 XXX XXXX.”
- Log event for registration team follow-up.
- OTP failures / UAE Pass timeout:
- Allow limited retries (e.g., 3 attempts).
- After threshold, temporarily lock registration for that Emirates ID and log security event.
- Duplicate account attempt:
- Show non-technical message; provide “Forgot Password” link.
- Log as security-relevant event.
- Consent not accepted:
- Do not activate account; keep
activation_status = 'PENDING_CONSENT'. - Display explanation referencing UAE PDPL rights and how to request offline access.
- Integration outage (UAE Pass or SMS gateway):
- Show banner “Online registration temporarily unavailable”.
- Allow in-person registration via Registration Clerk who can complete activation later.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Manual registration forms for portal access | Online/mobile self-registration with identity verification | Reduces front-desk workload; 24/7 access |
| Wet-ink signature on portal terms & consent | Click-through digital consent with timestamp and audit trail | Supports UAE PDPL accountability and proof of consent |
| Paper-based proxy authorization forms | Structured proxy_access_grants with electronic approval workflow |
Clear, revocable proxy access with expiry controls |
| Printed welcome packs / brochures | In-app onboarding guide and digital help content | Lower printing costs; always up to date |
Remaining Paper Touchpoints: Some facilities may still use paper forms for complex guardianship/legal proxy documentation; these can be scanned into patient_documents and referenced by the proxy workflow.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| Patient (via portal/app) | Registration path choice (UAE Pass or Emirates ID + OTP) | User interaction |
| UAE Pass (INT-PPT-008) | ID token and profile: Emirates ID, name, mobile, email, assurance level | OAuth 2.0 / OpenID Connect |
| Patient (Emirates ID path) | Emirates ID number, date of birth, OTP response | Manual entry + SMS verification |
patients / patient_identifiers (EHR) |
Patient match by Emirates ID: MRN, demographics | FK lookup via internal API |
| Patient (via portal/app) | Username, password, MFA method, language, notification preferences, terms acceptance | User input on registration form |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
portal_accounts |
Account record: patient_id, user_id, activation_status, uae_pass_linked, activation_date | INSERT or UPDATE |
portal_preferences |
Notification channels, language, display theme | INSERT or UPDATE |
portal_sessions |
Initial session log | INSERT |
portal_notifications |
Welcome notification (email/SMS/push) | INSERT |
proxy_access_grants |
Proxy access for dependents (if configured) | INSERT |
| Audit log | Consent acceptance, identity verification events | INSERT |
Post-conditions:
- Patient has an active portal account linked to their MRN and Emirates ID
- UAE PDPL consent recorded with timestamp and audit trail
- MFA method configured for subsequent logins
- Proxy access for dependents established (if applicable)
- Patient can access all portal features
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| UAE Pass authentication round-trip | ≤ 5 sec | Show timeout message and offer Emirates ID path if > 10 sec | UAE Pass API response time |
| Emirates ID patient lookup | ≤ 2 sec | Show loading indicator; timeout at 10 sec with error message | patient_identifiers query time |
| OTP delivery to mobile | ≤ 30 sec | Allow resend after 60 sec; max 3 attempts then lockout | SMS gateway delivery receipt |
| OTP validation window | 5 min validity | Expired OTP prompts resend | System clock comparison |
| End-to-end registration completion | ≤ 5 min (UAE Pass); ≤ 8 min (Emirates ID path) | N/A (patient-driven) | portal_accounts.activation_date − session start |
| Proxy access approval (manual) | ≤ 24 h for staff-reviewed proxy requests | Alert registration supervisor if pending > 24 h | proxy_access_grants.created_at vs approval timestamp |
State Transition Diagram
WF-PPT-002: Online Appointment Booking
Process Flow
Actor: Patient
Trigger: Patient wants to schedule, reschedule, or cancel an appointment
Pre-conditions:
- Patient has an active
portal_accountsrecord and is authenticated. - Scheduling module is integrated and exposes provider availability via FHIR (INT-PPT-002).
- Facility booking rules (lead times, telehealth eligibility, referral requirements) are configured.
- Patient logs into portal/app and navigates to “Book Appointment”.
- Patient selects:
- a. Self or dependent (if proxy access exists), and
- b. Visit type (e.g., in-person, telehealth, new, follow-up). - Patient searches for provider or clinic by: - Provider name, specialty, facility, or preferred emirate.
- System queries Scheduling module for matching providers and available slots (FHIR
Practitioner,Schedule,Slot). - System displays provider profiles (photo, specialty, languages, location, next available slot, patient ratings).
- Patient selects a provider and preferred date range.
- System retrieves and displays available time slots, applying: - Provider working hours, - Telehealth eligibility, - Gender preference (if configured), - DOH/DHA rules (e.g., referral required for some services).
- Patient selects a time slot and confirms appointment type (in-person vs telehealth).
- System checks:
- a. Referral/authorization requirement (via
policy-contract-mgmt/billing-claims),
- b. Double-booking conflicts for patient,
- c. Any pre-visit forms or tests required. - If referral/authorization required and missing:
- System informs patient and may allow provisional booking with “Pending Authorization” status or block booking per policy.
- If pre-visit questionnaire is required, system prompts patient to complete it immediately or later (creates
patient_submitted_formsstub). - Patient confirms booking; system creates appointment in Scheduling module (FHIR
Appointment) with source =portal. - Scheduling module returns confirmation (appointment_id, status, location/telehealth link).
- System:
- Stores reference to
appointments.appointment_id, - Sends confirmation via
portal_notifications(email/SMS/push), - Offers ICS calendar download / add-to-calendar.
- Stores reference to
- Patient can view, reschedule, or cancel existing appointments from “My Appointments”:
- Reschedule triggers similar slot search and updates appointment.
- Cancellation updates appointment status and may enforce cancellation rules (e.g., no cancellation within 24 hours).
Data Modified:
appointments(in Scheduling module) — INSERT/UPDATE (via API)telehealth_sessions— INSERT (for telehealth bookings, pre-created stub with scheduled_datetime)patient_submitted_forms— INSERT (for pre-visit questionnaires)portal_notifications— INSERTportal_audit_log(if present) — INSERT for booking/reschedule/cancel actions
Mermaid Flowchart
Decision Points
- Referral/authorization requirement:
- If required and missing:
- Option A: Block booking and show instructions (upload referral, call center).
- Option B: Allow provisional booking with “Pending Authorization” and notify billing/authorization team.
- Pre-visit forms:
- If required → create
patient_submitted_formsstub and prompt patient. - If optional → allow patient to skip but remind before visit. - Reschedule vs cancel: - If within restricted window (e.g., <24 hours) → may block cancellation or show warning and require confirmation.
Integration Points
- Scheduling module (
scheduling, INT-PPT-002): - FHIR
Appointment,Schedule,Slotfor availability and booking. - Data: provider_id, patient_id, appointment type, location, telehealth flag.
- Billing & Claims (
billing-claims) / Policy & Contract (policy-contract-mgmt): - Read: referral/authorization status, coverage rules for visit type.
- Telehealth subsystem:
- For telehealth appointments, create
telehealth_sessionsstub and generate secure join URLs. - Notification service:
- Confirmation, reminder, and change notifications via
portal_notifications.
Exception Handling
- Slot no longer available (race condition):
- Scheduling API returns conflict.
- System informs patient: “This slot has just been taken. Please choose another time.”
- Refresh available slots.
- Referral check service unavailable:
- System may:
- Allow booking but flag “Authorization status unknown”, or
- Temporarily disable online booking for affected services.
- Telehealth not supported for selected provider/service:
- Hide telehealth option or show explanatory message.
- Cancellation policy violation:
- If patient attempts to cancel within restricted window, show policy and contact number; optionally allow request for cancellation that staff must approve.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Phone calls and manual appointment books | Online real-time booking with electronic schedule | Reduces call volume; fewer double-bookings |
| Paper appointment cards | Digital confirmations, reminders, and calendar integration | Decreases no-shows; easier rescheduling |
| Manual referral verification via fax/paper | Automated referral/authorization checks via integrated systems | Faster validation; fewer denied visits |
| Paper pre-visit questionnaires at reception | Online patient_submitted_forms completed before arrival |
Shorter check-in times; better data quality |
Remaining Paper Touchpoints: Some external referrals may still arrive as paper/fax and be scanned into patient_documents before being recognized by the system.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| Patient (via portal/app) | Visit type, provider/specialty search, preferred date range | User interaction |
proxy_access_grants |
Dependent selection (if proxy booking) | FK lookup |
| Scheduling module (INT-PPT-002) | Provider profiles, schedule, available slots | FHIR Practitioner, Schedule, Slot |
| Billing / Policy & Contract | Referral/authorization status, coverage rules | Internal API |
| Facility booking rules | Lead times, telehealth eligibility, cancellation policy | Configuration |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
appointments (Scheduling module) |
New or updated appointment: patient_id, provider_id, type, datetime, status, source = portal |
FHIR Appointment via API |
telehealth_sessions |
Stub record for telehealth bookings with scheduled_datetime | INSERT |
patient_submitted_forms |
Pre-visit questionnaire stub (if required) | INSERT |
portal_notifications |
Confirmation, reminder, rescheduling, or cancellation notification | INSERT |
| Calendar (patient device) | ICS file or add-to-calendar link | Download / deep link |
Post-conditions:
- Appointment confirmed in Scheduling module with portal as source
- Patient has confirmation with appointment details and any required actions
- Pre-visit forms queued (if applicable)
- Telehealth session stub created (if telehealth appointment)
- Reminders scheduled for upcoming appointment
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Provider/slot search results | ≤ 3 sec | Show loading indicator; timeout at 10 sec | Scheduling API response time |
| Slot availability refresh | Real-time (≤ 2 sec) | N/A | Scheduling API cache |
| Appointment creation API call | ≤ 3 sec | Show error and retry if > 10 sec | Scheduling API response time |
| Confirmation notification delivery | ≤ 1 min from booking | Alert if notification not delivered within 5 min | Notification delivery receipt |
| Appointment reminder | 24 h and 2 h before appointment | Auto-send; escalate to SMS if push not delivered | portal_notifications.sent_datetime |
| Referral/authorization check | ≤ 5 sec | Proceed with provisional booking if timeout > 10 sec | Policy/Contract API response time |
State Transition Diagram
WF-PPT-003: View Health Records
Process Flow
Actor: Patient
Trigger: Patient wants to view clinical information (results, medications, notes)
Pre-conditions:
- Patient has active portal account and is authenticated (password/MFA or biometric).
- Release rules for results and notes are configured (e.g., delay for sensitive results).
- Integrations with EHR, LIS, RIS, and PIS are operational.
- Patient logs into portal/app and navigates to “My Health Records”.
- System performs authorization check:
- Confirms patient or proxy access rights (via
proxy_access_grants). - System loads health summary:
- Active problems (from
patient_problems), - Allergies (patient_allergies), - Active medications (from PIS/EHR), - Upcoming appointments. - Patient selects a category: Lab Results, Radiology, Medications, Allergies, Problems, Immunizations, Clinical Notes, Vitals.
- For Lab Results:
- System queries LIS via FHIR
DiagnosticReport/Observationor EHR cache. - Applies result release rules (e.g., 3-day delay for certain pathology results). - Displays list with date, test name, status, and flags abnormal values. - Provides trend charts for key LOINC-coded tests (e.g., HbA1c, creatinine). - For Radiology:
- System queries RIS/EHR for finalized reports (FHIR
DiagnosticReport). - Applies release delay if configured. - Displays report text and optionally key images (via DICOM viewer link). - For Medications:
- System retrieves active and historical medication list (FHIR
MedicationRequest/MedicationStatement). - Displays patient-friendly names, instructions, start/stop dates. - For Clinical Notes: - System retrieves notes from EHR that are marked “patient-visible”. - Applies any DOH/DHA policies on psychiatric or sensitive notes.
- Patient can: - Filter by date range, provider, or facility. - Download selected records as bilingual PDF. - Request FHIR export (e.g., for NABIDH/Malaffi or personal health apps).
- System logs each access event (who, when, what category) for UAE PDPL audit.
- If patient is proxy viewing dependent records, system enforces access_level (e.g., may hide certain adolescent data per facility policy).
Data Modified:
portal_sessions— UPDATE (last activity timestamp)portal_audit_log/access_logs— INSERT (record view events)- No clinical data is modified; all reads from EHR/LIS/RIS/PIS.
Mermaid Flowchart
Decision Points
- Authorization / proxy rights: - If proxy has limited access_level → hide restricted categories (e.g., reproductive health for adolescents).
- Result release rules: - If result is within delay window or marked “provider review first” → withhold from display and show message “Your doctor is reviewing this result.”
- Export type: - If patient requests FHIR export → generate time-limited download link or push to external app per consent.
Integration Points
- EHR & Patient Management (
ehr-patient-mgmt): - Read: problems, allergies, immunizations, vitals, clinical notes, documents.
- LIS (
lis, INT-PPT-003): - Read: lab results via FHIR
DiagnosticReport/Observation. - RIS (
ris, INT-PPT-004): - Read: radiology reports via FHIR
DiagnosticReportand DICOM viewer. - PIS (
pis, INT-PPT-005): - Read: medication list and dispensing status.
- NABIDH / Malaffi HIE:
- Optional: cross-facility records if connected, respecting patient consent.
Exception Handling
- Data source unavailable (LIS/RIS/PIS/EHR):
- Show partial data with clear banners: “Some information is temporarily unavailable. Please try again later.”
- Log integration error for IT.
- Result flagged as sensitive:
- Do not display; show generic message and encourage patient to contact provider.
- Export failure:
- If PDF/FHIR export fails, show error and allow retry; log technical details for support.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Printed lab and radiology result letters mailed to patients | Immediate online access to results with explanations and charts | Faster communication; reduced postage and printing |
| In-person visits to Medical Records to request copies | Self-service viewing and downloading of records | Frees HIM staff; improves patient satisfaction |
| Physical CD/DVDs for imaging | Online radiology report and link to DICOM viewer | Easier sharing with other providers; less media handling |
| Paper forms to request record copies | Digital export (PDF/FHIR) with electronic consent | Supports NABIDH/Malaffi and personal health apps |
Remaining Paper Touchpoints: Some patients may still request certified paper copies for legal purposes; these are generated from the EHR but outside the portal workflow.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| Patient (via portal/app) | Category selection (Lab Results, Radiology, Medications, Notes, etc.) | User interaction |
proxy_access_grants |
Proxy access level (determines visible categories) | FK lookup |
EHR (ehr-patient-mgmt) |
Problems, allergies, immunizations, vitals, clinical notes | FHIR resources via internal API |
| LIS (INT-PPT-003) | Lab results | FHIR DiagnosticReport / Observation |
| RIS (INT-PPT-004) | Radiology reports and image links | FHIR DiagnosticReport, DICOM viewer URL |
| PIS (INT-PPT-005) | Medication list and dispensing status | FHIR MedicationRequest / MedicationStatement |
| Result release rules | Delay periods, sensitivity flags, provider-review-first rules | Configuration |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
| Portal UI | Health summary, lab results with trends, radiology reports, medication list, clinical notes | Rendered for patient display |
| Patient device | PDF download or FHIR export of selected records | On-demand generation |
portal_audit_log / access_logs |
Record view events: who, when, what category, what records | INSERT |
portal_sessions |
Last activity timestamp update | UPDATE |
Post-conditions:
- Patient has viewed requested health information
- All access events logged for UAE PDPL audit compliance
- Result release rules enforced (withheld results not displayed)
- Proxy access restrictions applied for dependent records
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Health summary load | ≤ 3 sec | Show partial data with loading indicators for slow sources | API response times |
| Lab results retrieval | ≤ 5 sec | Show banner "Loading results..." if > 5 sec; timeout at 15 sec | LIS API response time |
| Radiology report retrieval | ≤ 5 sec | Show banner if delayed; timeout at 15 sec | RIS API response time |
| DICOM viewer launch | ≤ 10 sec | Show loading animation; timeout at 30 sec | DICOM viewer load time |
| PDF export generation | ≤ 10 sec | Show progress indicator; timeout at 30 sec | Export service response time |
| Result release delay | Configurable per test type (e.g., 3 days for pathology) | N/A (policy-driven) | Release rule engine |
WF-PPT-004: Secure Messaging
Process Flow
Actor(s): Patient, Provider
Trigger: Patient has non-urgent clinical question or provider initiates message to patient
Pre-conditions:
- Patient has active portal account.
- Provider has active user account and is enabled for portal messaging.
- Message routing rules (provider inbox, department pools) are configured.
- Patient navigates to “Messages” and selects “New Message”.
- Patient chooses: - Recipient provider or department, - Subject, - Message body (free text).
- System displays warning banner: “Not for emergencies. In case of emergency, call 998/999.”
- Patient optionally: - Marks message as “Urgent (non-emergency)”, - Attaches files (images, PDFs) within allowed size and type.
- System validates: - Recipient selection, - Message length, - Attachment size/type, - That message is not empty.
- System creates a message thread if new, or appends to existing thread:
- Inserts into
portal_messageswith sender_type =PATIENT, recipient_type =PROVIDERorDEPARTMENT, sent_datetime = NOW(), is_urgent flag. - System routes message to provider portal / physician portal inbox (INT-PPT-007) and optionally to EHR in-basket.
- Provider receives notification (internal + optional email/SMS) and opens message in Physician Portal.
- Provider reviews message and responds: - Types reply, may attach educational documents or instructions. - May link reply to an encounter (existing or new teleconsultation).
- System inserts provider reply into
portal_messageswith sender_type =PROVIDER, updates thread, and sets read/unread flags. - Patient receives notification via
portal_notificationsand sees threaded conversation in portal. - System may automatically file message thread into EHR as part of the patient record (documentation) with appropriate encounter linkage.
- SLA monitoring: - Background job checks for messages without provider response beyond configured SLA (e.g., 24 hours) and escalates or sends reminders.
Data Modified:
portal_messages— INSERT/UPDATE (read_datetime, thread_id)portal_notifications— INSERTportal_audit_log— INSERT (message sent/received events)- EHR messaging tables (in Physician Portal module) — INSERT/UPDATE
Mermaid Flowchart
Decision Points
- Urgent flag: - If patient marks as urgent → system may highlight in provider inbox and enforce shorter SLA, but still show “not for emergencies” warning.
- Recipient type: - If department selected → route to shared inbox; assignment rules determine responsible provider.
- Encounter linkage: - If message content indicates clinical decision (e.g., medication change) → provider may be required to link to an encounter for billing and medico-legal reasons.
Integration Points
- Physician Portal (
physician-portal, INT-PPT-007): - Bidirectional messaging API; provider inbox and replies.
- EHR (
ehr-patient-mgmt): - Optional: store message threads as part of patient record or encounter documentation.
- Notification service:
- Outbound notifications for new messages and reminders.
Exception Handling
- Invalid attachments:
- Reject file and show message: “Only images (JPG/PNG) and PDFs up to 10 MB are allowed.”
- Provider inbox unavailable:
- If Physician Portal is down, queue messages and show “Your message has been received; response may be delayed.”
- Misrouted messages:
- Admin tools to reassign threads to correct provider/department; logged in audit trail.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Paper message slips taken by reception and placed in provider trays | Structured portal_messages with timestamps and routing |
Reduces lost messages; improves traceability |
| Phone tag and voicemail for non-urgent questions | Asynchronous secure messaging with SLA monitoring | Better patient experience; less phone time |
| Printed patient education leaflets | Digital attachments and links sent via portal | Always current; bilingual content easily managed |
Remaining Paper Touchpoints: None for this workflow — fully digital communication channel.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| Patient (via portal/app) | Recipient provider/department, subject, message body, attachments, urgency flag | User input |
portal_accounts |
Patient identity and account context | FK lookup |
| Message routing rules | Provider inbox mapping, department pools, assignment rules | Configuration |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
portal_messages |
Message record: sender, recipient, subject, body, attachments, thread_id, is_urgent, sent_datetime | INSERT |
| Physician Portal (INT-PPT-007) | Message routed to provider inbox | Internal API |
| EHR (optional) | Message thread filed as encounter documentation | Internal API |
portal_notifications |
Notification to provider (new message) and patient (reply received) | INSERT |
portal_audit_log |
Message sent/received events | INSERT |
Post-conditions:
- Message delivered to provider inbox with appropriate priority
- Patient can track message status and view threaded conversation
- SLA monitoring active for provider response time
- Message optionally linked to encounter for clinical documentation
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Message send (patient to system) | ≤ 2 sec | Show error if send fails | Portal API response time |
| Message delivery to provider inbox | ≤ 1 min | Alert IT if delivery delayed > 5 min | Message routing log |
| Provider response (non-urgent) | ≤ 24 h | Auto-reminder to provider at 20 h; escalate to department head at 48 h | portal_messages response timestamp − original sent_datetime |
| Provider response (urgent) | ≤ 4 h | Auto-reminder at 3 h; escalate to department head at 6 h | portal_messages response timestamp − original sent_datetime |
| Patient notification of reply | ≤ 1 min from provider reply | Alert if notification not delivered within 5 min | Notification delivery receipt |
WF-PPT-005: Prescription Refill Request
Process Flow
Actor(s): Patient, Provider
Trigger: Patient needs medication refill for existing prescription
Pre-conditions:
- Patient has active portal account.
- Medication list is synchronized with PIS/EHR.
- Facility policy allows portal-based refill requests for eligible medications.
- Patient navigates to “Medications / Refills”.
- System retrieves current and recent medications from PIS/EHR (FHIR
MedicationRequest,MedicationDispense). - System displays list with: - Medication name, dose, instructions, - Remaining refills (if tracked), - Last dispensed date, - Refill eligibility status (e.g., “Refillable”, “Too early”, “Contact provider”).
- Patient selects one or more medications and clicks “Request Refill”.
- System prompts patient to: - Confirm quantity (e.g., 30 days), - Select pharmacy (facility pharmacy or preferred external pharmacy from profile), - Add optional note to provider.
- System validates: - That each medication is eligible for refill (not expired, not controlled if policy disallows, not too early).
- For each requested medication:
- System creates a refill request record (in PIS/CPOE context) and a message to the prescribing provider via
portal_messagesor provider refill queue. - Provider reviews refill request in Physician Portal: - Approve as requested, - Modify (change quantity, switch medication), - Deny (with reason).
- System updates refill request status and notifies patient via
portal_notifications. - If approved:
- System sends electronic prescription/order to PIS (CPOE integration) for dispensing.
- PIS updates dispensing status; portal shows “Ready for pickup” or “In process”.
- Patient picks up medication or receives delivery per pharmacy workflow.
Data Modified:
- PIS / CPOE tables for refill orders — INSERT/UPDATE
portal_messages— INSERT (refill request thread)portal_notifications— INSERTportal_audit_log— INSERT (refill request events)
Mermaid Flowchart
Decision Points
- Refill eligibility: - If medication is controlled or requires in-person review → block refill and suggest appointment. - If refill is too early based on last dispense date → show message and optionally allow provider message.
- Provider decision: - Approve → direct to PIS. - Modify → treat as new order; may require additional checks. - Deny → require reason to be communicated to patient.
Integration Points
- PIS (
pis, INT-PPT-005): - Read: medication list, dispensing history.
- Write: refill orders /
MedicationRequestupdates. - CPOE (
cpoe): - For provider order entry of modified/denied refills that become new prescriptions.
- Physician Portal:
- Refill approval queue and messaging.
Exception Handling
- Medication list not available:
- Show message: “We are unable to retrieve your medications at this time.”
- PIS integration failure during approval:
- Queue order for retry; inform provider and patient that processing may be delayed.
- Patient selects non-eligible medication:
- Provide clear explanation and link to book appointment or send message.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Phone calls to pharmacy or clinic for refills | Structured online refill requests with tracking | Reduces call volume; clear audit trail |
| Paper prescription renewals | Electronic refill orders to PIS | Faster processing; fewer transcription errors |
| Manual notes on paper charts about refill requests | Digital portal_messages and order history |
Better medico-legal documentation |
Remaining Paper Touchpoints: Some pharmacies may still print labels and paper information leaflets, but refill initiation and approval are fully digital.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| PIS / EHR (INT-PPT-005) | Current and recent medications: name, dose, instructions, last dispensed, remaining refills | FHIR MedicationRequest / MedicationDispense |
| Facility refill policy | Eligibility rules: controlled substance restrictions, minimum days since last dispense, refill limits | Configuration |
| Patient (via portal/app) | Selected medications, quantity, preferred pharmacy, optional note to provider | User input |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
| PIS / CPOE | Refill order for approved medications | FHIR MedicationRequest via internal API |
| Physician Portal | Refill request for provider review (approve/modify/deny) | Provider refill queue |
portal_messages |
Refill request thread with provider communication | INSERT |
portal_notifications |
Status updates: submitted, approved, ready for pickup, denied | INSERT |
portal_audit_log |
Refill request events | INSERT |
Post-conditions:
- Refill request submitted and routed to prescribing provider
- Provider has reviewed and taken action (approve, modify, or deny)
- Approved refills sent to PIS for dispensing
- Patient notified of status at each stage
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Medication list retrieval | ≤ 5 sec | Show loading indicator; timeout at 15 sec | PIS/EHR API response time |
| Refill request submission | ≤ 2 sec | Show error and retry if > 10 sec | Portal API response time |
| Provider review of refill request | ≤ 24 h | Auto-reminder to provider at 20 h; escalate at 48 h | Refill request timestamp vs provider action timestamp |
| PIS order transmission (after approval) | ≤ 1 min | Alert IT if not transmitted within 5 min | Integration engine message log |
| Dispensing readiness notification | Per pharmacy SLA (typically ≤ 2 h) | Portal shows "In process" until ready | PIS dispensing status update |
State Transition Diagram
WF-PPT-006: Bill View & Online Payment
Process Flow
Actor: Patient
Trigger: Patient statement generated or patient wants to view/pay outstanding balance
Pre-conditions:
- Patient has active portal account.
- Billing & Claims module exposes statements and balances via API (INT-PPT-006).
- Payment gateway is configured and PCI DSS compliant.
- Patient navigates to “Billing & Payments”.
- System queries Billing & Claims for:
- Account summary (total outstanding, by facility),
- List of recent statements and invoices (
patient_invoices). - System displays: - Outstanding balance, - Insurance vs patient responsibility, - Links to itemized statements (bilingual).
- Patient selects a statement to view details: - Service dates, CPT codes, charges, insurance payments, adjustments, patient share.
- Patient chooses to: - Pay full balance, or - Pay custom amount, or - Enroll in payment plan (if offered).
- System checks: - Minimum payment amount, - Eligibility for payment plan (balance threshold, facility rules).
- Patient selects payment method: - Credit/debit card, Apple Pay, bank transfer (if supported).
- System redirects or opens embedded payment gateway form with: - Invoice reference, amount, patient details (tokenized).
- Patient completes payment on gateway; gateway returns success/failure callback.
- On success:
- System records payment in Billing & Claims (via API),
- Creates
patient_paymentsentry (in Billing module), - Generates digital receipt.
- System updates portal view to reflect new balance and shows receipt (downloadable PDF).
- If patient disputes a charge:
- Patient clicks “Dispute” on line item or statement.
- System creates a billing inquiry ticket (in Billing module) and sends notification to billing team.
Data Modified:
patient_invoices/patient_payments(Billing module) — INSERT/UPDATEportal_notifications— INSERT (payment confirmation)portal_audit_log— INSERT (payment and dispute events)
Mermaid Flowchart
Decision Points
- Payment plan eligibility: - If balance above threshold and patient meets criteria → offer installment plan.
- Payment success: - If gateway declines or error occurs → show reason (if allowed) and allow retry or alternative method.
- Dispute vs pay: - If patient disputes → block payment for disputed line items per facility policy or allow partial payment.
Integration Points
- Billing & Claims (
billing-claims, INT-PPT-006): - Read: statements, balances, invoice details.
- Write: payment records, dispute tickets.
- Payment Gateway (
INT-PPT-009): - REST API for payment processing and refunds.
- Notification service:
- Payment confirmations and reminders.
Exception Handling
- Billing API unavailable:
- Show message: “Billing information is temporarily unavailable.”
- Payment gateway timeout:
- Show “We could not confirm your payment. Please check your bank before retrying.”
- Mark transaction as “Pending” and reconcile later via gateway reconciliation job.
- Duplicate payment submission:
- Use idempotency keys with gateway; if duplicate detected, show existing receipt.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Paper statements mailed to PO Box | Online statements and real-time balances | Faster, cheaper, environmentally friendly |
| In-person cash/card payments at cashier | Online payments via secure gateway | Reduces queues; supports remote payment |
| Paper receipts | Digital receipts stored and downloadable | Easier record-keeping for patients |
| Manual billing inquiries via phone or written letters | Structured digital dispute tickets with tracking | Better follow-up and transparency |
Remaining Paper Touchpoints: Some patients may still request printed statements or receipts at the facility, but core workflow is digital.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
| Billing & Claims (INT-PPT-006) | Account summary, statements, invoices, insurance vs patient responsibility | Internal API |
| Patient (via portal/app) | Statement selection, payment amount, payment method, dispute details | User interaction |
| Payment Gateway (INT-PPT-009) | Payment processing form, transaction callbacks | PCI DSS-compliant REST API |
| Facility payment rules | Minimum payment amount, payment plan eligibility, cancellation window | Configuration |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
| Billing & Claims (INT-PPT-006) | Payment record: invoice reference, amount, method, transaction ID | Write via internal API |
patient_payments (Billing module) |
Payment record | INSERT |
| Portal UI | Updated balance, digital receipt (downloadable PDF) | Rendered for patient |
| Billing team | Dispute ticket (if patient disputes a charge) | Internal ticketing system |
portal_notifications |
Payment confirmation or dispute acknowledgement | INSERT |
portal_audit_log |
Payment and dispute events | INSERT |
Post-conditions:
- Payment recorded and reflected in billing system
- Patient has digital receipt and updated balance view
- Disputes tracked and routed to billing team
- Payment gateway reconciliation data available
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Billing data retrieval | ≤ 5 sec | Show loading indicator; timeout at 15 sec | Billing API response time |
| Payment gateway redirect/load | ≤ 3 sec | Show loading animation; timeout at 15 sec | Gateway response time |
| Payment processing | ≤ 10 sec | Show "Processing..." indicator; timeout at 30 sec | Gateway callback time |
| Receipt generation | ≤ 5 sec after successful payment | Show confirmation immediately; receipt PDF within 10 sec | Receipt service response time |
| Balance update in portal | ≤ 1 min after payment confirmed | Auto-refresh; show pending indicator if delayed | Billing API sync lag |
| Dispute ticket response | ≤ 48 h (billing team SLA) | Auto-reminder to billing team at 24 h; escalate to billing supervisor at 72 h | Ticket created_at vs first response |
WF-PPT-007: Telehealth Visit
Process Flow
Actor(s): Patient, Provider
Trigger: Telehealth appointment scheduled via portal or call center
Pre-conditions:
- Telehealth appointment exists in
appointmentswith telehealth flag. - Telehealth platform integrated (WebRTC-based) and compliant with UAE PDPL and local telecom rules.
- Patient has compatible device and internet connection.
- Prior to visit, system sends reminder notification with telehealth link via
portal_notifications(email/SMS/push). - Patient logs into portal/app and navigates to “My Appointments” then selects telehealth visit.
- System performs device check: - Browser/app compatibility, - Camera and microphone access, - Network bandwidth.
- If device check fails, system displays troubleshooting tips and option to switch device.
- At appointment time, patient clicks “Join Visit” and enters virtual waiting room.
- System creates/updates
telehealth_sessionsrecord: - scheduled_datetime, patient_account_id, provider_id, platform, connection_quality (initial). - Provider opens Physician Portal and joins telehealth session from their side.
- When both parties are connected:
- System updates
telehealth_sessions.join_datetime_patientandjoin_datetime_provider. - Provider conducts consultation: - Reviews patient record in EHR, - Documents notes in EHR, - Places orders (labs, meds, referrals) via CPOE if needed.
- If recording is allowed by policy:
- System prompts for explicit recording consent (per UAE PDPL) and stores
recording_consentflag intelehealth_sessions.
- System prompts for explicit recording consent (per UAE PDPL) and stores
- At end of visit:
- Provider ends session; patient is disconnected.
- System sets
telehealth_sessions.end_datetimeand calculates duration_minutes and connection_quality.
- System generates visit summary in EHR and makes it available in portal (after any configured delay).
- Billing & Claims module receives telehealth encounter details for charge capture.
- Patient is prompted to complete satisfaction survey (
portal_feedbackinsert).
Data Modified:
telehealth_sessions— INSERT/UPDATEportal_notifications— INSERT (reminders)portal_feedback— INSERTportal_audit_log— INSERT (session events)- EHR encounter and documentation tables — INSERT/UPDATE
- Billing encounter/charge tables — INSERT
Mermaid Flowchart
Decision Points
- Device check: - If fails → patient can still join but with warning, or be advised to reschedule.
- Recording consent: - If recording is enabled by facility but patient declines → no recording; only metadata stored.
- No-show: - If patient does not join within grace period → provider may mark as no-show; billing rules apply accordingly.
Integration Points
- Scheduling (
scheduling): - Telehealth appointments and status updates.
- EHR (
ehr-patient-mgmt): - Encounter documentation and visit summary.
- CPOE / PIS / LIS / RIS:
- Orders placed during telehealth visit.
- Billing & Claims (
billing-claims): - Telehealth encounter charges.
- Telehealth platform:
- WebRTC session management, recording (if used).
Exception Handling
- Connectivity loss:
- If patient disconnects, system allows rejoin within appointment window.
- If provider disconnects, patient sees message and may wait or reschedule.
- Platform outage:
- Show banner and offer conversion to phone call (documented in EHR) or rescheduling.
- Privacy breach risk (e.g., patient in public place):
- Provider can advise patient to move to private area; may terminate if unsafe.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| No equivalent; patients had to attend in person | Remote telehealth consultations with full documentation | Expands access, especially in remote areas |
| Paper-based consent for teleconsultation | In-session digital consent and telehealth_sessions metadata |
Clear audit trail for consent and session details |
| Manual phone calls to confirm teleconsultations | Automated reminders and portal-based joining | Reduces missed appointments |
Remaining Paper Touchpoints: Some facilities may still use paper consent for first-time telehealth use; these can be digitized and linked to the patient record.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
appointments (Scheduling) |
Telehealth appointment: provider_id, patient_id, scheduled_datetime, telehealth flag | FHIR Appointment |
| Patient device | Camera, microphone, browser/app, network bandwidth | Device check API |
| Telehealth platform | WebRTC session management, virtual waiting room | Platform API |
| Patient (via portal/app) | Join action, recording consent, feedback | User interaction |
| EHR / CPOE / PIS / LIS / RIS | Patient record, orders placed during visit | Provider-side integration |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
telehealth_sessions |
Session record: join times, end time, duration, connection quality, recording consent, platform | INSERT/UPDATE |
| EHR | Encounter documentation and visit summary | INSERT/UPDATE |
| Billing & Claims | Telehealth encounter charges | Charge capture via internal API |
portal_feedback |
Patient satisfaction survey responses | INSERT |
portal_notifications |
Reminders, session links, visit summary availability | INSERT |
portal_audit_log |
Session events (join, disconnect, end, consent) | INSERT |
Post-conditions:
- Telehealth consultation completed and documented in EHR
- Visit summary available to patient in portal (after configured delay)
- Billing charges captured for telehealth encounter
- Session quality metrics recorded for analytics
- Patient feedback collected
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Reminder notification | 24 h and 2 h before appointment | Fallback to SMS if push not delivered | portal_notifications.sent_datetime |
| Device check completion | ≤ 30 sec | Show troubleshooting if any check fails | Device check API response |
| Virtual waiting room to provider join | ≤ 5 min from scheduled time | Show "Your provider will be with you shortly"; alert provider at 5 min | telehealth_sessions.join_datetime_provider − scheduled_datetime |
| Session connection quality | Minimum 720p video, < 200ms latency | Degrade to audio-only if bandwidth insufficient | Connection quality monitor |
| Visit summary availability in portal | ≤ 24 h after visit (or per release delay policy) | Alert if summary not posted within 48 h | Summary publication timestamp |
| Billing charge capture | ≤ 1 h after session end | Alert billing team if charge not captured within 4 h | Billing API submission timestamp |
State Transition Diagram
WF-PPT-008: Digital Forms & Consent
Process Flow
Actor: Patient
Trigger: Pre-visit forms required, consent needed, or demographics update requested
Pre-conditions:
- Form templates and consent types are configured in master data.
- Patient has active portal account.
- E-signature method (drawn signature, checkbox + OTP) is configured per UAE legal requirements.
- Patient receives notification to complete forms (e.g., pre-registration, medical history, consent) via
portal_notifications. - Patient navigates to “Forms & Consents” and sees list of: - Pending forms, - Completed forms.
- Patient selects a pending form (e.g., “New Patient Registration”, “Surgery Consent”).
- System loads form template and pre-populates fields from EHR (
patient_demographics, existing consents) where applicable. - Patient reviews and completes remaining fields: - Demographics (address, contact), - Medical history, - Insurance details, - Specific consent options (e.g., data sharing with NABIDH/Malaffi).
- System validates required fields and shows errors inline.
- For consents requiring signature: - Patient provides e-signature (signature pad) or confirms via OTP to registered mobile. - System records signature metadata (timestamp, IP, device).
- Patient submits form.
- System creates/updates
patient_submitted_forms: - form_type, form_data_json, submitted_datetime, processed = FALSE, target_module. - Background integration or workflow engine:
- Routes demographic updates to EHR (
ehr-patient-mgmt), - Routes consent data to
patient_consents, - Routes clinical history to appropriate modules.
- Routes demographic updates to EHR (
- On successful processing:
- System sets
patient_submitted_forms.processed = TRUE,processed_by(system or user), andprocessed_datetime.
- System sets
- Patient sees confirmation and can view read-only copy of submitted form/consent.
Data Modified:
patient_submitted_forms— INSERT/UPDATEpatient_consents(EHR module) — INSERT/UPDATEpatient_demographics(EHR module) — UPDATEportal_notifications— INSERT (reminders, confirmations)portal_audit_log— INSERT (form submission and consent events)
Mermaid Flowchart
Decision Points
- Signature requirement: - If consent type requires strong authentication → enforce OTP-based confirmation in addition to signature pad.
- Processing success: - If automatic mapping fails (e.g., invalid insurance policy) → flag for manual review by registration staff.
- Data overwrite rules: - If patient-submitted demographics conflict with existing data → may require staff approval before updating EHR.
Integration Points
- EHR (
ehr-patient-mgmt): - Demographics updates, medical history, and consent records.
- Patient Access / Pre-registration module (
patient-access): - Pre-registration forms and visit-specific consents.
- NABIDH / Malaffi:
- Consent flags for HIE data sharing, if applicable.
Exception Handling
- Form template changed mid-completion:
- Version forms; if template updated, allow patient to continue with version they started or restart if required.
- Signature capture failure:
- Provide fallback (e.g., OTP-only confirmation) if signature pad fails.
- Processing errors:
- Log detailed error; notify responsible team; show generic “Your form has been submitted and will be reviewed” to patient.
Paperless Transformation
| Previously Paper-Based | Now Digital In-System | Notes |
|---|---|---|
| Clipboard-based paper intake forms in waiting room | Online pre-visit forms completed at home or on mobile | Shorter check-in times; better legibility |
| Wet-ink consent forms stored in physical files | E-consents with digital signatures and audit metadata | Easier retrieval; supports UAE PDPL accountability |
| Manual re-keying of form data into EHR | Automated mapping from patient_submitted_forms JSON to EHR tables |
Reduces data entry errors and staff workload |
Remaining Paper Touchpoints: Some high-risk procedures may still require paper consent per facility legal policy; these can be scanned and linked to the patient record.
Inputs and Outputs
Inputs:
| Source | Data Element | Format / Notes |
|---|---|---|
portal_notifications |
Form completion request: form type, due date, linked appointment/encounter | Trigger notification |
| Form templates (master data) | Template definition: fields, validation rules, consent type, signature requirements | Configuration |
EHR (ehr-patient-mgmt) |
Pre-populated data: demographics, medical history, existing consents | FHIR resources via internal API |
| Patient (via portal/app) | Completed fields, e-signature, OTP confirmation | User input |
Outputs:
| Destination | Data Element | Format / Notes |
|---|---|---|
patient_submitted_forms |
Form data: form_type, form_data_json, submitted_datetime, processed flag, target_module | INSERT/UPDATE |
patient_consents (EHR module) |
Consent records: type, status, signature metadata | INSERT/UPDATE |
patient_demographics (EHR module) |
Updated demographics from pre-registration forms | UPDATE (after staff approval if required) |
| Target modules (via routing) | Clinical history, insurance details, specific consents | Routed per form type |
portal_notifications |
Submission confirmation | INSERT |
portal_audit_log |
Form submission and consent events | INSERT |
Post-conditions:
- Form data submitted and routed to appropriate target modules
- Consents recorded with e-signature metadata and timestamp
- Demographics updated (or queued for staff review if conflicts detected)
- Patient can view read-only copy of submitted forms
- Processing status tracked (pending, processed, error)
SLA and Timing
| Step | Target Time | Escalation | Measurement Source |
|---|---|---|---|
| Form template load and pre-population | ≤ 3 sec | Show loading indicator; timeout at 10 sec | EHR API response time |
| Form submission processing | ≤ 5 sec | Show confirmation; background processing continues | Portal API response time |
| Demographic update routing to EHR | ≤ 1 min from submission | Alert if not routed within 5 min | Routing engine log |
| Staff review of conflicting demographics | ≤ 24 h | Alert registration supervisor at 24 h; escalate at 48 h | patient_submitted_forms.processed_datetime − submitted_datetime |
| Consent record creation in EHR | ≤ 1 min from submission | Alert if not processed within 5 min | patient_consents.created_at |
| Pre-visit form completion (by patient) | Before appointment date | Reminder notification 48 h and 24 h before appointment | Form due date vs submission timestamp |