Patient access API access guide

Overview

The Patient Access is a secure and public-facing API to make patient membership, coverages, claims, and clinical information available. This API requires authentication for any user.

This documentation presumes that anyone accessing the API is familiar with the implementation guides for patient access USCore (hl7.org) and HL7.FHIR.US.CARIN-BB\Home - FHIR v4.0.1.

Third party application developer registration

To gain access to the API developer portal, register third party applications and request third party application client credentials, developers should first create an API Developer Portal account using our registration page. Once the API Developer has an account they can register their Organization and Third Party Application(s) via the API Developer Portal. At the time of registration access to production and/or demo environment can be requested.

Part of the third party application registration process includes requesting client credentials. The OAuth2 Authorization Server / Open ID Connect Provider (AS/OP) provides necessary details for establishing secure communication with the third party application.

Demo/Sandbox environment

At the time an application is registered access to a production and/or demo environment can be requested.

URL (Production) – https://patientaccess-api.capbluecross.com/r4

Our FHIR RESTful capabilities include:

  1. Support the US Core resource profiles.
  2. Support the CARIN-BB resource profiles.
  3. Implement the RESTful behavior according to the FHIR specification.
  4. For all the supported search interactions in this guide, support the GET based search only.
  5. Return the following response classes (at a minimum):
    • (Status 400): invalid parameter
    • (Status 401/4xx): unauthorized request
    • (Status 403): insufficient scopes
    • (Status 404): unknown resource
  6. Support json source formats for all US Core and CARIN-BB interactions.
  7. Support the searchParameters on each profile individually and in combination.

/Profile -

  • /C4BB-Patient
  • /C4BB-Coverage
  • /C4BB-Practitioner
  • /C4BB-Organization
  • /C4BBExplanationOfBenefitInpatientInstitutional
  • /C4BBExplanationOfBenefitOutpatientInstitutional
  • /C4BBExplanationOfBenefitProfessionalNonClinician
  • /CarePlan
  • /CareTeam
  • /DiagnosticReportLab
  • /LabObservation
  • /Goal
  • /Medication and /MedicationRequest
  • /Encounter
  • /Procedure
  • /Provenance
  • /metadata

C4BB-Patient

  • Search Practitioner by Patient ID
  • Search Practitioner by Last Updated Date

C4BB-Coverage

  • Search Coverage by Beneficiary ID
  • Search Coverage by Coverage ID
  • Search Coverage by Last Updated Date

C4BB-Practitioner

  • Search Location by Name
  • Search Location by Practitioner ID
  • Search Location by Last Updated Date

C4BB-Organization

  • Search Organization by name
  • Search Organization by address
  • Search Organization by Organization ID
  • Search Organization by updated date

C4BBExplanationOfBenefitInpatientInstitutional OR C4BBExplanationOfBenefitOutpatientInstitutional OR C4BBExplanationOfBenefitProfessionalNonClinician

  • Search ExplanationOfBenefit Affiliation by Patient ID
  • Search ExplanationOfBenefit Affiliation by EOB ID
  • Search ExplanationOfBenefit Affiliation by Service Date (a combination of formats)
  • Search ExplanationOfBenefit Affiliation updated date (a combination of formats)

CarePlan

  • Search Care Plan by Patient ID
  • Search Care Plan by Category
  • Search Care Plan by CarePlan ID
  • Search Care Plan by updated date

CareTeam

  • Search Care Team by Patient ID
  • Search Care Team by Status
  • Search Care Team by CareTeam ID
  • Search Care Team by updated date

DiagnosticReportLab

  • Search Lab Diagnostic by Patient ID
  • Search Lab Diagnostic by Patient ID and Category
  • Search Lab Diagnostic by Patient ID and Code
  • Search Lab Diagnostic by Patient ID, Category, and Date
  • Search Lab Diagnostic by DiagnosticReportLab ID
  • Search Lab Diagnostic by updated date

LabObservation

  • Search Lab Observation by Patient ID
  • Search Lab Observation by Patient ID and Category
  • Search Lab Observation by Patient ID and Code
  • Search Lab Observation by Patient ID, Category, and Date
  • Search Lab Observation by LabObservation ID
  • Search Lab Observation by updated date

Goal

  • Search Goal by Patient ID
  • Search Goal by Goal ID
  • Search Goal by updated date

Medication/Medication Request

  • Search Medication Request by Patient ID
  • Search Medication Request by Patient ID and Intent
  • Search Medication Request by Patient ID, Intent and Status
  • Search Medication Request by Medication Request ID
  • Search Medication Request by updated date

Encounter

  • Search Encounter by Patient ID
  • Search Encounter by Patient ID and Date
  • Search Encounter by Encounter ID
  • Search Encounter by updated date

Procedure

  • Search Procedure by Patient ID
  • Search Procedure by Patient ID and Date
  • Search Procedure by Procedure ID
  • Search Procedure by updated date

Provenance

  • Search Provenance by Patient ID
  • Search Provenance by Provenance ID
  • Search Provenance by updated date

At runtime, the pre-registered application will submit a client_id, client_secret, aud, state as well as appropriate Smart on FHIR// OpenID Connect scopes such as launch/patient, fhirUser, openid, patient/*.read, etc..

Capital Blue Cross monitors API requests, and request patterns, reserving the right to block IP address(es) if API traffic originating from that address(es) frequently disrupts normal operations of the API or demonstrates patterns of behavior consistent with attempts to attack the systems providing the API.

SMART on FHIR: SMART App Launch Framework (hl7.org)

  • US Core: HL7.FHIR.US.CORE\US Core Client CapabilityStatement - FHIR v4.0.1
  • CARIN Blue Button: HL7.FHIR.US.CARIN-BB\C4BB CapabilityStatement - FHIR v4.0.1
  • Drug Formulary: HL7.FHIR.US.DAVINCI-DRUG-FORMULARY\usdf-server CapabilityStatement - FHIR v4.0.1
  • Conformance Expectation - SHALL

Resources

Description

CMS Interoperability and Patient Access Final Rule

Interoperability and Patient Access Final Rule (May 1, 2020) Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally-Facilitated Exchanges, and Health Care Providers (85 Fed. Reg. 25510)

21st Century Cures Act

Interoperability, Information Blocking, and the ONC Health IT Certification Program