• Lives represent a user on your application
  • Mable centralizes lives by their email, which means that once authorized, you can have access to data that the life already has on marble.
    • Email is required for a life. A user must provide their primary email so marble can link their profiles.
    • Using an alternative email address will create an additional life for the same user, which will not be reconciled with the life associated with their primary email.
  • When using medchart’s API “full-stack” all operations are based on a life id
    • Create an authorization request for a life
    • Write data (FHIR resources) to a life profile
    • Create a retrieval to obtain records from a data source for a life

Root Life

  • Every life has a “root life”. The root life represents the source of truth as reported by the user using the Medchart Portal and from the identity validation.
  • Your app can read the root life information if the life provides you with ~/lives/ authorization
    • Access to read the root life (~/lives/ is automatically requested when a life is created by your application.

Embedded Sessions

  • Embedded Sessions allow a life to interact with the Marble platform
  • The embedded session is a URL you can redirect your user to where the user will:
    • Login (passwordless flow)
    • Authentication is required to ensure that a patient’s account and personal information is secured within Marble
    • Validate identity (if applicable)
    • Identity verification is required only when a specific Provider requires it to proceed with a record retrieval. The Identity verification flow is simple, streamlined, and secure for a user.  They can use a webcam or their mobile device to take a photo of their ID (driver's license, passport, or government ID) and a selfie.  In a matter of seconds, their ID will be validated to ensure a user is who they say they are if their face matches their ID, their ID is authentic, and that there is a real person going through the verification process.
    • Complete life profile (if applicable)
    • Basic demographics of a user are defined to populate their profile so that their information can be used to identify and retrieve their records with Providers.
    • Accept or reject requested authorizations
    • Explicit consent is required for any retrievals to take place on a patient’s behalf and/or data to be shared with an application. This part of the workflow delivers the right consent at the right time given the context of any request (Provider type, record type, etc.)