TriMed Complete FHIR API Documentation

FHIR API Table of Contents

• Overview
• Terms of Use
• Prerequisite
• Authentication
• FHIR API Documentation
  • Capability Statement
  • Service based URL
  • Well Defined Configuration
• 3rd Party SMART Apps
• Native Applications

Overview

The TriMed Complete FHIR API is a Rest API conforming to the R4 specification and the US Core 3.1 Implementation Guide (IG).

Terms of Use

Click here to see TRIMED EHR FHIR API Terms of Use.

Prerequisite

In order for a practice to begin using the TriMed Complete FHIR API the practice must enable the option flag ‘Enable TriMed Complete FHIR’ in Admin > Global Settings.

Authentication

TriMed Complete uses OAuth to authenticate the end client according to the HL7 SMART-On-FHIR Implementation Guide.

FHIR API Documentation

The TriMed Complete FHIR is documented using Swagger. The various functions, success messages and error messages are set forth in the swagger documentation.

• Access the TriMed FHIR Swagger Documentation at: https://fhir.trimed.cloud/swagger/index.html
• Access TriMed sample JSON responses at: Response Examples.

Sample Error Responses

Error: 400

Invalid Request — wrong data sent to the API

Error: 403

Unauthorized Access — invalid authorization header

Error: 500

Underlying service fault

Capability Statement

GET fhir/metadata ( https://fhir.trimed.cloud/metadata )

This will return the Capability Statement. This will be returned in a JSON response.

Service based URL

The main service base endpoint for TriMed Complete FHIR API is: ( https://fhir.trimed.cloud )

Well Defined Configuration

GET fhir/metadata ( https://fhir.trimed.cloud/.well-known/smart-configuration )

This well defined configuration page for the TriMed Complete FHIR can be found at the page listed above. This will be returned in a JSON response.

3rd Party SMART Apps

TriMed Complete supports the ability for 3rd party apps who implement the SMART on FHIR App Launch Implementation Guide 1.1.0 context.

3rd party Apps using the confidential app profile must be authorized by the Practice. Access Tokens issued to 3rd party apps are only valid for one hour and must be renewed with a refresh token which is valid for three months. Refresh tokens are only issued if the offline_access scope is authorized by the TriMed Complete user authenticating with TriMed Complete through their 3rd party app.

For a patient to have access to their patient data via a 3rd party app they must have api credentials generated by their practice from the patient chart (by an EHR user).

Native Applications

Interoperability requirements with TriMed Complete for Native Applications

• Native applications wishing to use the TriMed Complete FHIR API with refresh tokens MUST be capable of storing the refresh token in a secure manner similar to the requirements of storing a secret for confidential apps.
• Native applications must register their application as a confidential app
• Native applications must request the offline_scope in their initial API request in order to receive a refresh token
• Native application refresh tokens are valid for 3 months before they must be renewed.
• Native applications can only communicate with TriMed Complete over a TLS secured channel in order to ensure the safe transmission of the refresh token.
• Native applications must use the Authorization Code grant flow in order to receive a refresh token.

Revoking Clients, Users, Access Tokens, Refresh Tokens

Revoking Clients/Tokens

The practice can revoke all access privileges and open tokens within the patient chart in the TriMed Complete EHR.