Ghasi e-Prescribing Gateway Service — Service Overview
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · 03 platform-services · 02 DDD
Purpose
The ghasi-eprescribing-gateway-service is the national/enterprise medication interoperability spine of the Ghasi platform. It routes FHIR R4 MedicationRequest and MedicationDispense resources between authorized prescriber systems (Ghasi EHR first, then third-party EMRs) and pharmacy systems (Ghasi Pharmacy first, then external networks). It validates profiles at the interop boundary, enforces role-based write constraints, correlates end-to-end prescription identifiers, delivers reliable Subscription notifications, and maintains a complete HIPAA-equivalent audit trail.
This is the FLAGSHIP cross-tenant interoperability service of the platform. It is architecturally distinct from the generic fhir-gateway — it owns the authoritative interop persistence of medication workflow resources (ADR-0043, ADR-0044).
Kong route: /v1/ghasi-e-prescribing-gateway (direct); also proxied via fhir-gateway /fhir/R4/interop/ghasi-eprescribing/* for first-party services.
Bounded Context Responsibilities
| In scope | Out of scope |
|---|---|
Authoritative interop persistence of MedicationRequest, MedicationDispense | Clinical medication list and MAR (medication-service) |
| FHIR R4 profile validation (tenant-configured IG packages) | Clinical CPOE order lifecycle (orders-service) |
| Role enforcement: EHR writes MR; Pharmacy writes MD; neither can impersonate the other | Pharmacy inventory/ERP (pharmacy-service) |
| Idempotent create (Idempotency-Key + payload fingerprint) | Generic FHIR routing for non-medication resources (fhir-gateway) |
| ETag / If-Match optimistic concurrency; 412 on stale | Real-time insurance adjudication (future adapter) |
| Subscription notifications (HTTPS, signed, replay-safe) | Full national HIE (XCA/XDS/PIX) beyond medication path |
| DLQ, outbox, retry for reliable delivery | NCPDP SCRIPT (explicitly excluded from mandatory; optional adapter only) |
| Prescription business identifier correlation across EHR–Gateway–Pharmacy | Clinical CDS (EHR-first; optional passthrough in P4) |
| Tenant routing rules: preferred pharmacy, fallback, region | |
| Directory APIs: Organization and Endpoint discovery | |
| HIPAA-equivalent audit trail per mutation (AuditEvent + platform audit) | |
| Multi-tenant isolation; per-tenant IG pin |
Delivery Phases
| Phase | Name | Status |
|---|---|---|
| Phase 0 | Documentation and ADR closure | Done |
| Phase 1 | First-party vertical slice (Ghasi EHR ↔ Pharmacy) | In Progress |
| Phase 2 | Enterprise hardening (Task/Directory depth, Redis, HAPI validation) | Planned |
| Phase 3 | National/third-party onboarding | Planned |
| Phase 4 | P2 gated features (bulk export, CDS passthrough, multi-region) | Gated |
Upstream Dependencies
| Service | Why |
|---|---|
| identity-service (Keycloak) | JWT validation; B2B client credentials for EHR/Pharmacy backends |
| orders-service (CPOE) | Only first-party service that POSTs MedicationRequest to gateway |
| medication-service | Reads medication list context; does NOT post MR to gateway |
| pharmacy-service | Posts MedicationDispense; reads MR via Subscription or GET |
| fhir-gateway | Proxies first-party service calls via interop path |
| terminology-service | ATC, RxNorm, SNOMED CT coding validation |
| audit-service | Platform audit pipeline |
| provider-directory-service | Organization/Endpoint directory for routing |
Downstream Dependents
| Service | Dependency |
|---|---|
| pharmacy-service | Receives MR via NATS events and Subscription; posts MD back |
| orders-service | Gets ACK/correlation ID from gateway post-MR submit |
| population-health-service | Aggregate medication prescribing metrics |
| patient-portal-service | Read-only projection of patient's prescription history |
Key Architectural Decisions
- Dual entrypoint (ADR-0043 B1). Direct:
Kong /v1/ghasi-e-prescribing-gateway. Viafhir-gateway:/fhir/R4/interop/ghasi-eprescribing/*. First-party services SHOULD use the interop path; B2B integrators may use the direct path. - Authoritative interop persistence (ADR-0044).
gepgw_*Postgres tables own the interop copy of MR/MD. EHR remains clinical owner; Pharmacy remains fulfillment owner. - Write ownership enforced at gateway. EHR/orders-service → MR only. Pharmacy-service → MD only. Gateway returns
403 FORBIDDEN_WRITEif wrong actor type. - Profile validation. Tenant-configured IG packages (Zod in MVP; HAPI validator in Phase 2). Validation failure returns
422 OperationOutcome. - FHIR R4 mandatory; NCPDP excluded. International-first. NCPDP SCRIPT is an optional regional adapter in pharmacy-service — not in gateway core.
- Outbox-based reliable notifications. Subscription notifications are delivered from the outbox; DLQ + replay for failed deliveries.
Architecture Diagram
Source Reconciliation
Sources: _sources/ghasi-e-prescribing-gateway/. Key files: SPEC.md v1.3, ARCHITECTURE_BASELINE.md, PHASED_IMPLEMENTATION_PLAN.md v2.0, INTEGRATOR_GUIDE.md, P2_STAKEHOLDER_REVIEW.md. Legacy FR prefix FR-RX-* preserved alongside new FR-EPRX-*. ADR-0043 and ADR-0044 are normative co-references.