Process Docs

Copy page

Start Visit Process Guide: Send OTP Workflow

Start Visit Process Guide: Send OTP Workflow

1. Overview: Securing Patient Consent

This guide details the Send OTP Workflow, a critical step within the broader Start Visit Process. This workflow manages the entire patient consent mechanism by using One-Time Passwords (OTPs) to gain explicit authorisation for a patient's visit and related health record access under the Social Health Authority (SHA).

1.1. Why This Workflow Is Critical

This workflow is vital because it represents the point at which patient engagement and explicit consent must be obtained before a visit can be formally initiated. It's critical as it helps in:

• Ensuring Patient Consent: It is the primary mechanism for obtaining the patient's direct and verifiable approval.
• Enabling Formal Visit Initiation: A successful OTP process is a non-negotiable prerequisite for the final Start Visit Workflow.
• Preventing Unauthorised Access: By requiring OTP verification, it adds a layer of security, ensuring only the authorised patient consents to the visit and any associated access to their health records.

In short, this workflow ensures every patient encounter respects privacy by obtaining explicit consent, a fundamental requirement for valid healthcare service delivery under SHA.

2. Workflow Details: Send OTP

This part of the workflow manages sending the One-Time Password (OTP) to the patient's registered phone number to initiate the consent process.

2.1. What This Workflow Does

The Send OTP Workflow prepares and sends an OTP to the beneficiaryʼs phone number. It handles:

• Receiving Patient Identifiers: This process involves obtaining the patient's unique Client Registry ID and, optionally, their contact preference.
• Preparing Consent Request: Using these identifiers, the system internally gathers all necessary patient information (like phone number), facility details, and the specific permissions required for this consent service.
• Requesting OTP Dispatch: The system sends this prepared request to generate and send an OTP.
• Obtaining Consent Reference: If successful, it receives a unique reference ID for this consent request, essential for later verification.
• Providing Status: It communicates whether the OTP was successfully requested and sent.

2.2. Step-by-Step System Behavior

1. Input Reception: The system receives the patient's beneficiary_cr_id and, optionally, beneficiary_contact_id.

2. Internal Patient Data Lookup: Using these IDs, the system looks up the patient's registered phone number, the facility's identifier, and the required consent permissions (e.g. access to the patient's record).

3. Request OTP: The system securely sends this prepared patient, facility, and permission information to the consent service.

4. Processing & Dispatch of OTP: The system generates a unique OTP and sends it via SMS to the patient's phone.

5. Receive Response: The system gives a response indicating if the OTP was sent and providing a unique consent_request_id.

6. Outcome Processing: The system stores the consent_request_id for the next step.

2.4. Workflow Data Dictionary (Conceptual)

This table outlines the key information used and produced by this workflow:

Field Name (Conceptual)	Description	Required	Purpose
beneficiary_cr_id	The patient's unique Client Registry ID.	Yes	Internal identity is key to finding all patient and contact details for the SHA consent request.
beneficiary_contact_id	An optional identifier for a specific patient contact if they have multiple.	No	Ensures OTP is sent to a specific phone number. If not provided, the system uses the default.

2.5. Expected Outcomes

Success: OTP Successfully Dispatched

• The system successfully requested, and SHA confirmed the OTP was sent to the patient. A consent_request_id is provided. The workflow can proceed to Start Visit Workflow.

Failure: Invalid Patient/Contact Data

• The provided patient ID or contact ID was invalid or could not be found internally. OTP dispatch failed. The user needs to correct the input before re-attempting.

3. Critical Success Factors for Consent OTP Integration

For your integration with the Consent OTP Workflows to be successful, keep these key points firmly in mind:

• Ensure Accurate Patient Identification: The patient's Client Registry ID must be accurate and valid. This allows the system to correctly retrieve all necessary patient and contact details for OTP dispatch by SHA.
• Implement OTP Input Interface: Design your user interface to prompt the patient for the OTP and make it easy to enter. Include options for re-sending OTPs if the initial one expires or isn't received, while respecting any rate limits.
• Design for Comprehensive Error Handling: Be prepared to handle all documented failure scenarios from both the Send and Verify OTP workflows (e.g., invalid input, expired OTPs, network issues). Clear, user-friendly error messages should guide staff and patients on corrective actions.