Bridge Athenahealth
BridgeDemo
SAML-based bridge that embeds the HDS doctor dashboard inside athenahealth’s EHR as a “Launch Outbound” embedded app. Doctors authenticate via SAML SSO — no separate HDS login required after onboarding.
- Doctor opens the embedded app from athenahealth EHR
- athenahealth sends a signed SAML assertion to the bridge ACS endpoint
- Bridge resolves the doctor identity (practice ID + subject)
- First time: onboarding UI — doctor creates or links an HDS account
- Returning: bridge validates stored token and routes to doctor-dashboard
Smart Routing
Section titled “Smart Routing”After authentication, the bridge redirects to doctor-dashboard embedded mode based on context:
- No patient ID →
/embed— data sets overview - Known patient →
/embed/patient/{username}— patient timeline - Unknown patient →
/embed/invite?athenaPatientId={id}— invite flow with QR code, email, and copy link
Patient Mapping
Section titled “Patient Mapping”- athenahealth patient IDs are per-practice (not globally unique)
- Mapping key:
{practiceId}:{doctorSubject}:{athenaPatientId}→ HDS username - One athena patient ID maps to exactly one HDS account per doctor (enforced, 409 on conflict)
- Mappings stored as events in the bridge’s Pryv account
Architecture
Section titled “Architecture”- bridge-athenahealth — SAML handling, doctor onboarding, patient mapping, routing
- doctor-dashboard (embedded mode) — all patient UI: invite, timeline, data sets
- Session sharing via
localStorage— “Open full dashboard” works in a new tab
Tech Stack
Section titled “Tech Stack”- Node.js + Express, SAML via samlify
- Frontend: React + Vite (onboarding UI only, served at
/app/) - Deployed on Dokku (dev: demo-bridge-athena.datasafe.dev)
Testing
Section titled “Testing”A mock athenahealth SAML IdP is deployed at demo-athena-test-idp.datasafe.dev for testing the full flow without a real athenahealth environment. Fill in doctor/patient fields and click “Launch Embedded App”.