Core Feature Analysis
6
Insurances Configured
3 prod + 3 sandbox
4
FHIR Endpoints
1 partially configured
5
Backend Handlers
11 total Lambda functions

🏥Supported Insurances

Aetna Production
Base URL: apif1.aetna.com/fhir/v2/patientaccess
Client ID: 07a6467243c62fcbb025d082e883de14
Status: ✅ Fully configured
Callback: rekapi4.rekencile.com/aetna/callback
Anthem Production
Base URL: patient360ca.anthem.com/P360Member/api/fhir-r4
Client Secret: 7EUiqGGx7kCE83b4i7WUl1cnpaAJeUgP
Status: ✅ Fully configured
Callback: rekapi4.rekencile.com/anthem/callback
Cigna Production
Base URL: p-hi2.digitaledge.cigna.com/PatientAccess/v1-devportal
Client ID: 5fde8817-677a-4e93-9f98-13221b07f0be
Status: ✅ Fully configured
Callback: 8xr41aajg2.execute-api.us-west-2.amazonaws.com/dev
BlueShieldCA Partial
Base URL: esbndp-api2.bsc.bscal.com/bsc/fhir-sandbox/fhir-server/api/v4
Client ID: tbd
Status: ⚠️ Credentials not set
Note: Sandbox only, prod not configured
Aetna-Sandbox Sandbox
Base URL: vteapif1.aetna.com/fhirdemo/v2/patientaccess
Client ID: 7ae7bdccfb459012cc0f298d5791a1af
Status: ✅ Configured
Anthem-Sandbox Sandbox
Base URL: fhir.careevolution.com/Master.Adapter1.WebClient/api/fhir-r4
Client ID: 948784cb-593b-4603-8f1a-7ba0b6d1d5a8
Status: ✅ Configured

🔄Connection Flow

1
User selects insurance in app
rek-app/screens/RekPickInsuranceScreen.js — User picks from supported list
2
App redirects to insurance OAuth endpoint
Deep link to insurance's authorization URL with client_id, redirect_uri, scope
supportedInsurances.js → insurance_login_fullUrl
3
Insurance returns auth code via callback
GET /{insurance}/callback?code=XXX — handled by insuranceCallback.js
handlers/all/insuranceCallback.js
4
Token exchange & session creation
getBearerTokenFromInsurance() exchanges code for bearer token. Saved to InsuranceLoginSession table
common/insurance.js → saveInsuranceLoginSession()
5
Insurance connection stored
POST /insurance/connection — creates InsuranceConnection record in DynamoDB
handlers/all/insuranceConnection.js
6
SNS triggers async claim pull
InsuranceConnectionSNSTopic triggers pullClaims Lambda via Step Functions
serverless.yml → insuranceConnectionMsg SNS
7
EOBs stored to DynamoDB
FHIR ExplanationOfBenefits parsed and saved to ExplanationOfBenefits table
handlers/aetna/eobs.js, handlers/cigna/eobs.js

⚠️Critical Issues

📋Data Model

DynamoDB Tables:

SupportedInsurances — insurance_rek_id (PK), userFriendlyName (RK)

InsuranceLoginSession — sessionRekId (PK), userRekId, bearerToken, accessToken, creationDate

InsuranceConnections — connectionRekId (PK), userRekId, insuranceRekId, authentication, creationDate

InsuranceMember — memberRekId (PK), userRekId, insuranceMemberId, connectionRekId

ExplanationOfBenefits — eobRekId (PK), userRekId, connectionRekId, serviceDate, provider, totalAmount

RekencileEncounters — encounterRekId (PK), userRekId, connectionRekId, encounterDate

🎯Recommendations

1 Immediate (Before Launch)

  • Move all insurance credentials to AWS Secrets Manager
  • Enable DynamoDB encryption at rest (KMS)
  • Implement token encryption before storage
  • Configure proper BlueShieldCA credentials
  • Add HTTPS-only enforcement on all insurance callbacks

2 Short-term (Post-Launch)

  • Implement OAuth token refresh workflow
  • Add insurance connection revocation (logout)
  • Build staging redirect URIs for all insurers
  • Add rate limiting on insurance endpoints
  • Implement insurance session expiration

3 Growth (1000+ Users)

  • Add Redis caching for insurance session data
  • Implement insurance API response caching
  • Add DAX for DynamoDB read optimization
  • Build insurance health monitoring dashboard
  • Add failover logic for insurance API timeouts

4 Expand Coverage

  • Add United Healthcare, Humana, Kaiser
  • Build insurance API integration testing suite
  • Create sandbox environment per insurance
  • Document FHIR profile variations per insurer
  • Build insurance compatibility matrix