Integrations Overview

Vantrexia connects your Remote Patient Monitoring workflows with leading EMR systems, RPM device platforms, and communication services through standards-based, HIPAA-compliant integrations. All data exchange is encrypted in transit, validated against FHIR R4 schemas, and logged in immutable audit trails.

Available Integrations

Vantrexia currently supports three production integrations that together form a complete RPM data pipeline—from bedside device readings to EMR clinical records and patient notifications:

eClinicalWorks

Certified FHIR R4 integration with eClinicalWorks EMR. Supports bidirectional patient synchronization and automated observation pushing via JWT-authenticated backend services (RS384) or OAuth2 standalone flows with PKCE.

Production FHIR R4 JWT / OAuth2
View documentation →

MioConnect

RPM device gateway for ingesting telemetry data from FDA-cleared medical devices including blood pressure monitors, pulse oximeters, weight scales, and glucose meters. Supports webhook-based real-time data delivery and batch synchronization.

Production Webhooks REST API
View documentation →

Firebase Cloud Messaging

HIPAA-compliant push notification delivery to iOS and Android mobile apps. All notification payloads undergo PHI sanitization before transmission—only non-identifying alert types and action codes are sent. Sensitive data is fetched securely upon app open.

Production FCM v1 API HIPAA Safe
View documentation →

Supported Standards

All Vantrexia integrations are built on open healthcare and security standards to ensure interoperability, auditability, and vendor independence:

Standard Version Usage
HL7 FHIR R4 (4.0.1) Patient, Observation, and clinical resource exchange with eClinicalWorks. All RPM data is transformed into FHIR-compliant resources before syncing.
OAuth 2.0 RFC 6749 Authorization framework for user-interactive EMR access. Supports authorization_code grant with PKCE (RFC 7636) for standalone launch.
JWT (JSON Web Tokens) RFC 7519 / RS384 Machine-to-machine authentication for backend FHIR API calls. Client assertions signed with RSA-384 keys registered via JWKS endpoint.
SMART on FHIR v1.0 App launch framework for EHR-embedded contexts (planned for future eCW embedded launch support).
Webhook (HTTP POST) Custom Real-time telemetry delivery from MioConnect. HMAC-SHA256 signature verification on all incoming payloads.

Integration Architecture

The following diagram illustrates the end-to-end data flow from RPM devices through Vantrexia's integration layer to the eClinicalWorks EMR. Each transition point includes validation, transformation, and audit logging:

Integration Data Flow 
┌─────────────────┐     ┌──────────────────┐     ┌─────────────────────────┐
│   RPM Devices   │     │  MioConnect Cloud │     │   Vantrexia Backend     │
│                 │     │                  │     │                         │
│ Blood Pressure  │────▶│  Device Gateway   │────▶│  Webhook Receiver       │
│ Pulse Oximeter  │     │  Telemetry Store  │     │  Data Validation        │
│ Weight Scale    │     │  Device Mgmt API  │     │  Observation Creation   │
│ Glucose Meter   │     │                  │     │                         │
└─────────────────┘     └──────────────────┘     └───────────┬─────────────┘
                                                             │
                                                             │ FHIR R4 Transform
                                                             ▼
┌─────────────────┐     ┌──────────────────┐     ┌─────────────────────────┐
│  Provider App   │     │  eClinicalWorks  │     │   FHIR Integration      │
│                 │     │  EMR System      │     │   Service               │
│ Dashboard       │◀───│  Patient Records  │◀───│  JWT Auth (RS384)       │
│ Triage Alerts   │     │  Observations    │     │  POST Observation       │
│ Billing         │     │  Clinical Notes  │     │  GET Patient            │
│ Reports         │     │                  │     │  Delivery Confirmation  │
└─────────────────┘     └──────────────────┘     └─────────────────────────┘

Data Flow Steps

  1. Device Reading — Patient takes a measurement on their RPM device (e.g., blood pressure cuff). The device transmits data via Bluetooth to the MioConnect hub or mobile app.
  2. MioConnect Relay — MioConnect's cloud platform receives the reading, normalizes the data format, and sends a webhook POST to Vantrexia's registered endpoint with an HMAC-SHA256 signature.
  3. Webhook Processing — Vantrexia verifies the webhook signature, validates the payload schema, and creates an internal Observation record. Triage rules are evaluated automatically, generating alerts for out-of-range readings.
  4. FHIR Transformation — The Observation is transformed into a FHIR R4 Observation resource using standardized LOINC codes (e.g., 85354-9 for blood pressure, 2708-6 for SpO2).
  5. EMR Sync — A JWT client assertion is generated (RS384), exchanged for an access token at eCW's OAuth server, and the FHIR Observation is POSTed to eCW's FHIR R4 endpoint. Delivery confirmation is logged.
  6. Provider Notification — If triage rules trigger an alert, a HIPAA-safe push notification is sent to the provider's mobile app via Firebase Cloud Messaging.
End-to-End Latency: From device reading to EMR record creation, the typical end-to-end latency is under 60 seconds. MioConnect webhook delivery averages 5–15 seconds, and eCW FHIR API calls complete in 2–5 seconds. Celery workers process the integration pipeline asynchronously to avoid blocking the main API.

Integration Security

All integrations enforce multiple layers of security to protect patient health information:

  • Transport Encryption — TLS 1.2+ required on all API calls and webhook deliveries. Certificate pinning is used for eCW FHIR endpoints.
  • Authentication — JWT RS384 for machine-to-machine, OAuth 2.0 + PKCE for interactive flows, HMAC-SHA256 for webhook verification.
  • PHI Minimization — Push notifications contain zero PHI. Webhook payloads include only device IDs and readings—patient identity is resolved server-side.
  • Audit Logging — Every integration API call is logged with timestamp, user/service identity, resource type, action, and outcome. Logs are immutable and retained for 7 years per HIPAA requirements.
  • Key Rotation — RSA keys and API credentials are rotated on a 90-day cycle via AWS Secrets Manager.
BAA Required: Before enabling eClinicalWorks or MioConnect integrations in production, ensure that a signed Business Associate Agreement (BAA) is in place with each vendor. Vantrexia's standard BAA templates are available from the compliance team.