Patient First Application Access API

Purpose

The purpose of the Patient First patient access API is to meet the requirements of the ONC Health IT Certification Program 2015 Edition. The operations provided through the API are specifically written to address the documentation and authentication (170.315(g)(7)), partial clinical information (170.315(g)(8)), and the full encounter clinical summary (170.315(g)(9)) requirements. Patient First has taken the position that the patient should be responsible for the release of their information through the API. It has also been decided that only the individual medical records will be available via the API, regardless of whose medical records you may have been granted access to. Access to the API is accomplished by a patient that participates in the Patient First Patient Portal. Each patient is individually responsible for authorizing application access to the API. All access through the API is logged in the patient portal participant’s activity log.

Authorize Application Access API

Authorizing application access to the API is the responsibility of each Patient First Patient Portal participant. Authorization is granted by the 'Settings' dialog within a participant's account under the 'Authorize API's' setting. The user must check the 'Allow 3rd party API's to access your medical records' block AND click the 'UPDATE' button. When checked, the participant can click the 'Add' button and fill in the name of the API Application and click the 'Submit' button. This action will add the application to the list and generate two important pieces of information, the 'APPLICATION USERNAME' and the 'APPLICATION KEY'. Both of these pieces of information must be given to the 3rd party application developer.

Application Access via API can be turned off at the participant level by unchecking the 'Allow 3rd party API's to access your medical records' block AND clicking the 'UPDATE' button. Application Access via API can also be turned off at the application level by clicking the 'DELETE' link within the respective application row.

All API access by authorized 3rd party applications will be recorded in the participants 'Account Activity' audit.

Terms of Use

Terms of Use

List of Operations

GenerateToken

This method addresses the 170.315(g)(7) requirement and is used to generate a token for all other requests. An active token is required for all operation calls. To generate a token, the application much have knowledge of the “ApplicationUserName” and “ApplicationKey”. The patient portal participant can create these keys specific to them by accessing the “Settings” page in the patient portal. When a token is generated, it is good for thirty minutes after which a new token must be generated. The patient also has the ability to disable API access per application. The developer documentation is here.

GetField

This method addresses the 170.315(g)(8) requirement and is used to get a specified data element within the date range. The response also includes patient demographics. An active token is required to retrieve the list. The developer documentation is here. The available data elements are:

  • Assessment and Plan of Treatment - Returns a list of visits within the specified date range including the assessment and plans for the patient recorded at the time of the visit.
  • Care plan field(s), including goals and instructions - Returns a list of visits within the specified date including the care plan of the patient recorded at the time of the visit.
  • Care team members - Returns a list of visits within the specified date including the care team members of the patient recorded at the time of the visit.
  • Date of Birth - Returns a list of visits within the specified date including the date of birth of the patient recorded at the time of the visit.
  • Ethnicity - Returns a list of visits within the specified date including the coded entry and description for the ethnicity of the patient recorded at the time of the visit.
  • Goals - Returns a list of visits within the specified date range including the treatment goals and descriptions for the patient recorded at the time of the visit.
  • Health Concerns - Returns a list of visits within the specified date range including the patient's health status and health concerns recorded at the time of the visit.
  • Immunizations - Returns a list of visits within the specified date range including the immunizations of the patient recorded at the time of the visit.
  • Laboratory test(s) - Returns a list of visits within the specified date including the lab tests of the patient recorded at the time of the visit.
  • Laboratory value(s)/result(s) - Returns a list of visits within the specified date including the lab results of the patient recorded at the time of the visit.
  • Medications - Returns a list of visits within the specified date including the medications of the patient recorded at the time of the visit.
  • Medication allergies - Returns a list of visits within the specified date including the medication allergies of the patient recorded at the time of the visit.
  • Patient Name - Returns a list of visits within the specified date including the patient name recorded at the time of the visit.
  • Plan of Treatment - Returns a list of visits within the specified date range including the treatment plans for the patient recorded at the time of the visit and upcoming lab tests.
  • Preferred Language - Returns a list of visits within the specified date including the preferred language of the patient recorded at the time of the visit.
  • Problems - Returns a list of visits within the specified date including the problems of the patient recorded at the time of the visit.
  • Procedures - Returns a list of visits within the specified date including the procedures of the patient recorded at the time of the visit.
  • Race - Returns a list of visits within the specified date including the coded entry and description for the race of the patient recorded at the time of the visit.
  • Sex - Returns a list of visits within the specified date including the sex of the patient recorded at the time of the visit.
  • Smoking Status - Returns a list of visits within the specified date including the smoking status of the patient recorded at the time of the visit.
  • Unique Device Identifier(s) for a Patient's Implantable Device(s) - Returns a list of visits within the specified date range including the list of identifiers for implantable devices of the patient recorded at the time of the visit.
  • Vital signs (height, weight, BP, etc.) - Returns a list of visits within the specified date including the vital signs of the patient recorded at the time of the visit.

     

    GetAll

    This method addresses the 170.315(g)(9) requirement and is used to get a list of CCDAs within the date range specified. An active token is required to retrieve the list. The CCDAs are represented as XML contained in a CDATA tag within the JSON presentation. The developer documentation is here.