Guides
Start typing to search…
  1. Guides
  2. IAS

Execute an IAS Workflow

After completing configuration and sandbox validation, your organization can execute IAS workflows in production. IAS workflows follow a consistent sequence: identity verification, token validation, retrieval initiation, status monitoring, and result processing.

Step 1: Initiate Identity Verification

Begin by initiating identity verification with your approved Credential Service Provider (CSP).

Your system should:

  • Generate a correlation identifier for the transaction
  • Launch the CSP verification process
  • Capture the verification outcome and reference

Identity verification must meet required assurance levels before proceeding.

Step 2: Validate the IAS Token

After successful verification, validate the signed IAS token. Tokens are time-bound and must be used within their validity window.

Your system should:

  • Verify the token signature using the CSP JSON Web Key Set (JWKS) endpoint
  • Validate issuer (iss) and audience (aud) claims
  • Validate issuance (iat) and expiration (exp) claims
  • Confirm the purpose of use value T-IAS
  • Ensure that demographic attributes in the token match the demographics stored in the tenant Patient resource

If token validation fails or demographic values do not match the stored Patient record, retrieval is rejected.

Step 3: Initiate Retrieval

Once a valid IAS token is available, initiate retrieval.

Your system should:

  • Provide the IAS token as required for the IAS workflow
  • Ensure the request is designated with the required purpose of use T-IAS
  • Include required identifiers and request parameters
  • Persist identifiers returned by Health Gorilla for correlation

Retrieval processing begins asynchronously.

Step 4: Monitor Retrieval Status

IAS retrieval is asynchronous.

Your system must monitor retrieval status until a terminal state is reached.

Terminal states include:

  • completed
  • partial
  • failed

Do not consume results until a terminal state is reached.

If status is partial or failed, review associated error details and determine whether retry or operational escalation is required.

Step 5: Retrieve Results

After processing completes, retrieve results.

Your system should:

  • Retrieve results
  • Follow pagination instructions when applicable
  • Validate response integrity and completeness

Results include DocumentReference resources and may include Binary resources. Structured data is available only if document import is enabled, after documents are imported into your tenant, via standard FHIR R4 APIs.

Step 6: Persist and Process Data

After retrieval:

  • Persist required clinical data in your system
  • Retain provenance metadata as required for compliance
  • Do not persist IAS tokens beyond operational necessity
  • Do not reuse identity tokens beyond their validity window

Step 7: Audit and Correlation

For each IAS workflow execution, your system should:

  • Log correlation identifiers
  • Persist identifiers returned by Health Gorilla
  • Capture timestamps and final outcome status
  • Retain required audit metadata

Strong audit practices support traceability, operational review, and compliance requirements.

Common Failure Scenarios

Operational workflows may encounter:

  • Expired or invalid IAS identity tokens
  • Demographic mismatch between token and tenant Patient record
  • No matching records returned through exchange
  • Exchange timeouts or transient service disruptions

Your system should follow established operational procedures for each scenario and obtain a new valid IAS token when required.

Updated 20 days ago