Getting Started with FHIR APIs

Introduction

Standards-based interoperability is critical to modern healthcare delivery, patient engagement, care coordination, population health management, and regulatory compliance. Enabledoc provides a comprehensive set of Fast Healthcare Interoperability Resources (FHIR®) APIs that enable healthcare organizations, application developers, researchers, and third-party vendors to securely access and exchange electronic health information (EHI) using nationally recognized interoperability standards.

Enabledoc's API platform supports secure access to patient Protected Health Information (PHI) through standards-based authentication and authorization mechanisms, allowing developers to build patient-facing applications, provider-facing applications, population health solutions, analytics platforms, and healthcare integration services.

Our FHIR APIs are based on the following industry standards:

  • HL7 FHIR Release 4 (R4)
  • SMART on FHIR Application Launch Framework
  • SMART Backend Services Authorization
  • OAuth 2.0 Authorization Framework
  • OpenID Connect (OIDC)
  • United States Core Data for Interoperability (USCDI) Version 3
  • ONC Health IT Certification Program
  • HIPAA Security and Privacy Rules

Standards References

Enabledoc's FHIR API platform is certified to the Office of the National Coordinator for Health Information Technology (ONC) certification criterion §170.315(g)(10) Standardized API for Patient and Population Services and supports requirements established by the 21st Century Cures Act Final Rule.

 

Application Types

Enabledoc supports third-party application integration through the SMART on FHIR framework and SMART Backend Services.

Applications may launch from inside or outside the Enabledoc ecosystem and can securely access authorized patient information based on user permissions and granted scopes.

Enabledoc utilizes Microsoft Identity Platform technologies to provide secure OAuth 2.0 and OpenID Connect authentication and authorization services.

Supported Application Categories

Front‑End SMART Applications

Patient Applications

Patient applications allow individual patients to access their health information using their portal credentials. Supported workflows include:

  • Standalone patient applications
  • Patient portal launch applications

Provider Applications

Provider applications support physicians, nurses, care coordinators, clinical staff, and other authorized healthcare professionals. Supported workflows include:

  • Standalone provider applications
  • EHR embedded provider applications

Backend Service Applications

Backend services use SMART Backend Services Authorization to securely access data without interactive user login. Supported use cases include:

  • Population health management
  • Clinical quality reporting
  • Research and analytics
  • Data warehousing
  • Health Information Exchange (HIE)
  • Payer integrations
  • Care coordination platforms

Backend applications may retrieve data for one patient, multiple patients, or an entire approved patient population depending on organizational authorization.

 

 

Security and Compliance

Enabledoc is committed to protecting patient privacy and ensuring secure access to healthcare information.

All API access is protected using :
  • OAuth 2.0 Authorization Framework
  • OpenID Connect Authentication
  • TLS 1.2 or higher encryption
  • Scope-based authorization controls
  • Audit logging and access monitoring
  • Organization-level application approval workflows
Developers are responsible for
  • Maintaining HIPAA compliance
  • Implementing secure application design
  • Protecting patient PHI
  • Following SMART on FHIR implementation guidelines
  • Complying with federal and state healthcare regulations
  • Maintaining cybersecurity best practices
  • Executing Business Associate Agreements (BAAs) when required by healthcare organizations

 

 

Developer Guidelines

All applications integrating with Enabledoc must comply with our Terms of Use and Security Requirements.

Applications must

  • Protect patient privacy and confidentiality.
  • Not introduce malicious, harmful, or destructive code.
  • Not impair application, database, or network performance.
  • Not corrupt or alter healthcare data.
  • Follow HIPAA Security Rule requirements.
  • Maintain appropriate security controls.
  • Adhere to OAuth 2.0 and SMART on FHIR standards.
  • Respect patient consent and authorization requirements.

Applications must not

  • Access unauthorized patient records.
  • Circumvent security controls.
  • Interfere with clinical workflows.
  • Create risks to patient safety.

Developer Registration and Application Enrollment

Third-party developers, healthcare organizations, technology partners, and EHR vendors must register a Developer Account to access Enabledoc FHIR APIs.

Registration Process

  1. Step 1 – Create Developer Account
    • Select Register.
    • Create a unique User ID.
    • Create a password containing:
      • Minimum 8 characters
      • One uppercase letter
      • One lowercase letter
      • One numeric character
      • One special character
    • Enter: Name, Company, Email Address, Telephone Number.
    • Submit registration.
  2. Step 2 – Create Application
    • Select Create App.
    • Choose application type:
      • Front-End Application
      • Backend Service Application
    • Enter: Application Name, Application Description.
    • Select: Patient Application or Provider Application.
    • Accept Terms and Conditions.
  3. Step 3 – Request Scopes

    Select requested SMART on FHIR scopes such as:

    • patient/*.read
    • patient/*.write
    • user/*.read
    • launch/patient
    • launch
    • offline_access
    • system/*.read
  4. Step 4 – Organization Approval
    • Enter the Organization ID supplied by the healthcare organization and submit an approval request.
    • Organization administrators will:
      • Receive email and text notifications.
      • Review application details and requested scopes.
      • Approve or deny access.
      • Issue Client ID and Client Secret credentials for approved apps.
      • Share authorized patient populations as applicable.
  5. Step 5 – Begin API Access

    Approved applications can authenticate using OAuth 2.0 and access authorized FHIR resources according to granted scopes.

 

 

FHIR API Overview

Enabledoc provides RESTful APIs compliant with HL7 FHIR Release 4 (R4).

Supported formats

  • JSON (preferred)
  • XML

Supported interactions

  • Read
  • Search
  • History
  • Batch
  • Transaction
  • Bulk Export

FHIR R4 Specification: https://hl7.org/fhir/R4/

 

 

Supported FHIR Resources

Enabledoc’s FHIR REST based API based on HL7 specifications R4 in both XML and JSON format. The official FHIR HL7 R4 Standards Can Be Found Here

The following is a list of our available functions.

 

Patient

Provides demographic and administrative information compliant with USCDI Version 3 requirements.

Supports:

  • Patient identification
  • Patient search
  • Demographic retrieval
  • Contact information
  • Communication preferences

 

Encounter

Represents healthcare encounters including:

 

Practitioner

Provides information about clinicians and providers including:

 

Provenance

Captures audit and traceability information regarding:

 

Medications

This will allow you to retrieve all prescribed and administered medications for a patient.

 

MedicationsRequest

Represents active and historical medication orders including:

 

Allergies

This will allow you to retrieve known allergies for a patient.

 

AllergyIntolerance

Provides known patient allergies and adverse reactions.

 

Condition

The Condition retrieves a patient’s problems, diagnoses, or other health concerns during the encounter or visit.The condition could be a point in time diagnosis in context of an encounter, it could be an item on the practitioner's Problem List, or it could be a concern that doesn't exist on the practitioner's Problem List.

Returns:

 

Observations

Supports retrieval of:

 

Diagnostic Report

Returns:

 

DocumentReference

Provides metadata and access to clinical documentation such as:

 

Immunization Records

This will allow you to retrieve Immunization records for a patient.Returns patient vaccination history and administered immunizations.

 

Procedures

Provides procedural and intervention data including:

 

Implanted Devices

This will allow you to retrieve a list of implanted devices installed in the patient and patient-associated medical devices..

 

Binary: CDA Document Retrieval

Supports retrieval of C-CDA clinical documents and other binary content.

 

Care Plan

Returns longitudinal care plans including:

 

Goals

Retrieve a patient’s intended health objectives, status, and due date.

 

Care Team

The CareTeam includes all the people, teams, and organizations who participate in the coordination and delivery of care for a patient. Caregivers, such as family members, guardians, and others, maybe part of the CareTeam.Identifies all individuals and organizations participating in patient care.

 

FHIR Bulk Data Export

Enabledoc supports the HL7 FHIR Bulk Data Access (Flat FHIR) specification.

Bulk Export enables authorized applications to retrieve large volumes of patient data asynchronously for:

  • Population health
  • Quality reporting
  • Research
  • Analytics
  • Data migration

Bulk Export complies with ONC certification requirements and uses SMART Backend Services authorization.

Supported export types include:

  • Patient-level export
  • Group export
  • System-level export

Reference Specifications:

Access to Bulk Export services is governed through OAuth scopes, organizational approval, and patient sharing permissions.