Patient Access API facilitates secure movement of data from payer
systems (Producers) to the patients (Consumers) accessible via
third-party consumer applications. The Patient Access API leverages
CMS recommended CARIN IG for Blue Button® Implementation Guide (IG)
along with Common Payer Consumer Data Set (CPCDS) as anchors in
conjunction with data exchange standards, such as HL7® FHIR® and,
SMART Application Launch Framework (Standalone Sequence).
Capability Statement
Developers can access the ProviderOne FHIR server capabilities for Patient
Access API using the CapabilityStatement endpoint:
The capability statement describes the set of capabilities
(behaviors) implemented by the FHIR Server to enable the Patient
Access API. For example, it describes the enabled profiles,
interactions, search parameters and provides information about the
authorize and token endpoints.
Getting Started
Before you can access Patient Access API, you will need to register your application by submitting the Application Registration Form.
Authorize URL Format:
Getting Access Token:
| HTTP method |
|---|
| post |
| HTTP Headers |
|---|
| content-type - application/json |
| accept - application/json |
| authorization - Basic base 64({client_id}:{client_secret}) |
| HTTP Body |
|---|
| code - {oauth code} |
| grant_type - “authorization_code” |
| redirect_uri - {your_redirect_uri} |
Resources:
ProviderOne Interoperability Solution’s Patient Access API supports
following resources
Request Headers:
All requests for Patient Access API resources require the following
headers:
| content-type | application/json |
| accept | application/json |
| authorization | Bearer {ACCESS_TOKEN} |
Important information for Application Owners
| CARIN Alliance Code of Conduct | https://www.carinalliance.com/our-work/trust-frameworkand-code-of-conduct/ |
| Privacy, Security, and HIPAA | https://www.healthit.gov/topic/privacy-security-and-hipaa |
| ONC Model Privacy Notice | https://www.healthit.gov/topic/privacy-security-and-hipaa/model-privacy-notice-mpn |