eMedsys EHR FHIR API Documentation

FHIR API Table of Contents

• Overview
• Terms of Use
• Prerequisite
• Authentication
• FHIR API Documentation
  • Capability Statement
  • Service based URL
  • Well Defined Configuration
• 3rd Party SMART Apps
• Native Applications

Overview

The eMedsys EHR FHIR API is a Rest API conforming to the R4 specification and the US Core 3.1 Implementation Guide (IG).

Terms of Use

Click here to see eMedsys EHR FHIR API Terms of Use.

Prerequisite

In order for a practice to begin using the eMedsys EHR FHIR API the practice must enable the option flag ‘Enable eMedsys EHR FHIR’ in Admin > Global Settings.

Authentication

eMedsys EHR uses OAuth to authenticate the end client according to the HL7 SMART-On-FHIR Implementation Guide.

FHIR API Documentation

The eMedsys EHR FHIR is documented using Swagger. The various functions, success messages and error messages are set forth in the swagger documentation.

• Access the TriMed FHIR Swagger Documentation at: https://fhir.trimed.cloud/swagger/index.html
• Access TriMed sample JSON responses at: Response Examples.

Sample Error Responses

Error: 400

Invalid Request — wrong data sent to the API

Error: 403

Unauthorized Access — invalid authorization header

Error: 500

Underlying service fault

Capability Statement

GET fhir/metadata ( https://fhir.trimed.cloud/metadata )

This will return the Capability Statement. This will be returned in a JSON response.

Service based URL

The main service base endpoint for eMedsys EHR FHIR API is: ( https://fhir.trimed.cloud )

Well Defined Configuration

GET fhir/metadata ( https://fhir.trimed.cloud/.well-known/smart-configuration )

This well defined configuration page for the eMedsys EHR FHIR can be found at the page listed above. This will be returned in a JSON response.

3rd Party SMART Apps

eMedsys EHR supports the ability for 3rd party apps who implement the SMART on FHIR App Launch Implementation Guide 1.1.0 context.

3rd party Apps using the confidential app profile must be authorized by the Practice. Access Tokens issued to 3rd party apps are only valid for one hour and must be renewed with a refresh token which is valid for three months. Refresh tokens are only issued if the offline_access scope is authorized by the eMedsys EHR user authenticating with eMedsys EHR through their 3rd party app.

For a patient to have access to their patient data via a 3rd party app they must have api credentials generated by their practice from the patient chart (by an EHR user).

Native Applications

Interoperability requirements with eMedsys EHR for Native Applications

• Native applications wishing to use the eMedsys EHR FHIR API with refresh tokens MUST be capable of storing the refresh token in a secure manner similar to the requirements of storing a secret for confidential apps.
• Native applications must register their application as a confidential app
• Native applications must request the offline_scope in their initial API request in order to receive a refresh token
• Native application refresh tokens are valid for 3 months before they must be renewed.
• Native applications can only communicate with eMedsys EHR over a TLS secured channel in order to ensure the safe transmission of the refresh token.
• Native applications must use the Authorization Code grant flow in order to receive a refresh token.

Revoking Clients, Users, Access Tokens, Refresh Tokens

Revoking Clients/Tokens

The practice can revoke all access privileges and open tokens within the patient chart in the eMedsys EHR.