| Introduction |
|
Genius Solutions Inc. has created a set of APIs (Application Programming Interface) to provide third party software developers who are developing software applications for accessing Protected Health Information (PHI) of patients on ehrTHOMAS. This set of APIs is collectively called the ehrApi.
|
|
This document contains the information necessary for applications to access ehrTHOMAS via ehrApi. The intended purpose satisfies the requirements of 170.315(g)(10) in order to achieve patient matching and access to the USCDI.
|
|
Within ehrApi documentation sections, you will find links which provide: API syntax, function names, required and optional parameters, return variables and their types/structures, exceptions and exception handling methods and their returns.
|
|
Terms and Conditions of Use
|
|
ehrApi online documentation and its library files have been made available to developers for development and testing. The materials are provided to developers as-is with no other warranties expressed or implied. Developers may use the materials with adherence to the below terms and conditions:
|
| 1. | ehrApi online documentation has the most up-to-date information. Developers may keep copies of the materials; but, may not distribute a copy of the materials. Developers wishing to share the materials may do so via linking other developers to the materials hosted by Genius Solutions Inc. | | 2. | Developers are responsible for the products developed and how the products connect to the client's server and ehrTHOMAS application. Developers are also responsible for complying with all applicable laws, including not infringing Genius Solutions Inc and its ehrTHOMAS' intellectual property rights. | | 3. | This ehrApi provides protected health information of patients within ehrTHOMAS application and therefore must be used securely. The developer is entirely responsible for all content that is requested via the ehrApi. If you are using the ehrApi on behalf of your employer, you represent and warrant that you are authorized to accept these Terms on your employer's behalf, and that your employer agrees to indemnify Genius Solutions Inc. and its ehrTHOMAS for violation of these Terms. |
|
|
Security and Authentication
|
|
Accessing a patient PHI requires both database and per-patient authentications. The patient must communication with the data owner office (the physician) and the third party vendor. It is between the data owner and the third party vendor to choose a delivery method for database access and patient token.
|
| Database Access |
|
Developers will need to obtain a security clearance, server and database access information from the data owner in order to gain access to the database and utilize erh Standardized API to request data. It is recommended that the data owner creates a new ehrTHOMAS login access for developers to use in order to track developers activities while connecting to the database.
|
| Patient Authorized Token |
|
Any patient who wishes to allow and share their PHI with the third party vendors must contact the data owner to authorize the office to generate a patient authentication token with an expiration date.
|
|
Once the developer receive the proper access and authentication token, and download all required components, the developer should be able to access and gather patient data accordingly. The data owner can also monitor the third party vendor access through the audit log.
|
| Data Access Information |
|
With a proper access and authentication, erh Standardized API allows the developers to pass calls and returns a complete information for a single patient based on the patient token. Date parameters can be used to filter the data.
|