eMedsys EHR FHIR API Documentation
FHIR API Table of Contents
- Overview
- Terms of Use
- Prerequisite
- Authentication
- FHIR API Documentation
- 3rd Party SMART Apps
- Native Applications
Overview
The eMedsys EHR FHIR API is a Rest API conforming to the R4 specification and the US Core 3.1 Implementation Guide (IG).
Terms of Use
Click here to see eMedsys EHR FHIR API Terms of Use.
Prerequisite
In order for a practice to begin using the eMedsys EHR FHIR API the practice must enable the option flag ‘Enable eMedsys EHR FHIR’ in Admin > Global Settings.
Authentication
eMedsys EHR uses OAuth to authenticate the end client according to the HL7 SMART-On-FHIR Implementation Guide.
FHIR API Documentation
The eMedsys EHR FHIR is documented using Swagger. The various functions, success messages and error messages are set forth in the swagger documentation.
- Access the TriMed FHIR Swagger Documentation at: https://fhir.trimed.cloud/swagger/index.html
- Access TriMed sample JSON responses at: Response Examples.
Sample Error Responses
Error: 400
Invalid Request — wrong data sent to the API
Error: 403
Unauthorized Access — invalid authorization header
Error: 500
Underlying service fault
Capability Statement
https://fhir.trimed.cloud/metadata )
GET fhir/metadata (This will return the Capability Statement. This will be returned in a JSON response.
Service based URL
https://fhir.trimed.cloud )
The main service base endpoint for eMedsys EHR FHIR API is: (
Well Defined Configuration
https://fhir.trimed.cloud/.well-known/smart-configuration )
GET fhir/metadata (This well defined configuration page for the eMedsys EHR FHIR can be found at the page listed above. This will be returned in a JSON response.
3rd Party SMART Apps
eMedsys EHR supports the ability for 3rd party apps who implement the SMART on FHIR App Launch Implementation Guide 1.1.0 context.
3rd party Apps using the confidential app profile must be authorized by the Practice. Access Tokens issued to 3rd party apps are only valid for one hour and must be renewed with a refresh token which is valid for three months. Refresh tokens are only issued if the offline_access scope is authorized by the eMedsys EHR user authenticating with eMedsys EHR through their 3rd party app.
For a patient to have access to their patient data via a 3rd party app they must have api credentials generated by their practice from the patient chart (by an EHR user).
Native Applications
Interoperability requirements with eMedsys EHR for Native Applications
- Native applications wishing to use the eMedsys EHR FHIR API with refresh tokens MUST be capable of storing the refresh token in a secure manner similar to the requirements of storing a secret for confidential apps.
- Native applications must register their application as a confidential app
- Native applications must request the offline_scope in their initial API request in order to receive a refresh token
- Native application refresh tokens are valid for 3 months before they must be renewed.
- Native applications can only communicate with eMedsys EHR over a TLS secured channel in order to ensure the safe transmission of the refresh token.
- Native applications must use the Authorization Code grant flow in order to receive a refresh token.
Revoking Clients, Users, Access Tokens, Refresh Tokens
Revoking Clients/Tokens
The practice can revoke all access privileges and open tokens within the patient chart in the eMedsys EHR.