A referral platform is safer when application boundaries follow accountability
If you were designing a patient-referral platform from scratch, the first architectural decision is not database technology or API style. It is where responsibility changes hands. Order origination, clinical review, booking, service execution, and result closure are related, but they are not the same domain object pretending to wear different hats.
Referral platform bounded contexts
Loading diagram...
A useful way to split referral platform responsibilities
| Capability | What it owns | What it should not own |
|---|---|---|
| Referral intake | Origin verification, identity checks, request completeness, canonical normalization | Slot booking decisions or final reporting |
| Clinical review | Acceptance, urgency, destination, protocol or service-plan decisions | Patient-mastering or archive retrieval infrastructure |
| Scheduling coordination | Availability matching, preparation tasks, reminders, reschedule logic | Final diagnostic interpretation |
| Service execution | Accession or service-instance tracking, modality or encounter completion evidence | Original business intent authoring |
| Closure | Diagnostic report, result delivery, closed-loop notification, amendment trail | Upstream slot inventory |
This boundary-first view also makes team ownership clearer. It tells you which service should expose an API, which one should publish state changes, and which one is authoritative when statuses disagree.
Durable identifiers keep business intent separate from operational work
A well-designed referral platform carries several identifiers at once. The patient identity is not the referral identity. The referral business id is not the appointment id. The appointment id is not the accession or performed-service id. Mixing those keys is how systems lose traceability when redirection, rebooking, or partial completion happens.
Why one referral lifecycle usually needs multiple identifiers
| Artifact | Typical key | Reason to keep it separate |
|---|---|---|
| Original referral order | Business referral id or placer order number | Represents clinical intent from the source system. |
| Receiving workflow case | Task, queue, or receiving-case id | Tracks acceptance, clarification, and ownership inside the receiving organization. |
| Booked event | Appointment id | Represents one reserved time and participant arrangement. |
| Performed service instance | Accession or modality-service id | Links one concrete execution to evidence, images, or encounter details. |
| Result package | Diagnostic report or result id | Captures the signed outcome and any downstream amendment history. |
Identifier separation across the referral lifecycle
Loading diagram...
Do not let one mutable status pretend to mean everything
A status like "scheduled" may mean booked in one system, merely proposed in another, or ready for modality worklist generation in a third. Keep business and operational states explicit.
Your contract surface should mirror the real workflow artifacts
From an integration point of view, the cleanest architecture uses different contracts for different kinds of work. Service intent, local operational work, booked events, performed execution, and traceability records each need their own surface area because they answer different business questions.
A practical contract stack for referral applications
| Layer | Main artifact | What it answers |
|---|---|---|
| Clinical intent | HL7 ORM or FHIR ServiceRequest | What service was requested and why? |
| Operational work | FHIR Task or local queue object | Who owns the next action and what is its business state? |
| Booking | Schedule, Slot, and Appointment | What capacity was offered and what was actually reserved? |
| Execution | DICOM MWL and MPPS or Encounter evidence | What was actually performed and under which service instance? |
| Outcome | HL7 ORU or FHIR DiagnosticReport | What result came back and did it close the loop? |
| Traceability | FHIR Provenance and AuditEvent | Who changed what, when, and under which policy or workflow context? |
You can still ship these layers inside one product, but the domain model should preserve their separate semantics. That is what keeps queue ownership, execution evidence, and final closure from collapsing into one opaque status machine.
Task - FHIR v4.0.1
Official workflow resource for operational work, including status, businessStatus, focus, owner, and relevantHistory.
Read the Task resourceAppointment - FHIR v4.0.1
Official booking resource for reserved healthcare events, including participant and appointment status rules.
Read the Appointment resourceDICOM Basic Worklist Management Service Class
Official DICOM definition of modality worklist behavior and scheduled procedure-step query patterns.
Read the Modality Worklist chapterDICOM Modality Performed Procedure Step
Official DICOM chapter for performed-procedure-step reporting after the service actually starts or completes.
Read the MPPS chapterKnowledge Check
Test your understanding with this quiz. You need to answer all questions correctly to mark this section as complete.