Medical Office Force

JOIN THE FORCE

Logo
Request a Demo

Developer API

The Medical Office Force FHIR API allows you to connect to Medical Office Force products using the FHIR (Fast Healthcare Interoperability Resources) standard for healthcare resources.

The FHIR standard enables application developers to create products and exchange clinical data in a secure manner that is consistent, flexible, and easy to implement.

The FHIR standard is constantly evolving. This version of the Medical Office Force FHIR API supports FHIR release 4 (“R4”) and the United States Core Data for Interoperability (“US Core”) guidelines and requirements for data sharing.

Previous versions of the Medical Office Force FHIR API were compatible with the DSTU2 release. That version is still available, and the documentation is available separately.

A note on terminology: For the purpose of this documentation, the term “application” refers to a software program connecting to a Medical Office Force product through the Medical Office Force FHIR API. The term “product” refers to the Medical Office Force EHR.

 

Capability Statement

A FHIR Capability Statement documents the set of capabilities and behaviours available from the FHIR API service implementation. The Capability Statement includes information about supported FHIR resources and security protocols and should be used by applications as the set of rules the application should follow.

To get a copy of the Medical Office Force FHIR API capability statement, make the following request:

GET/FHIR path]/metadata

FHIR Resources

  • The Medical Office Force FHIR API allows users to search for and access selected clinical, demographic, and facility information via REST. This data is referred to by FHIR as resources and include healthcare or related items such as patients or medications. All resources are addressable by a unique identifier (id) that can be used to access or reference them.

FHIR resources are accessed through HTTP and use the HTTP verbs. For example:

  • GET: Retrieve and search for FHIR resources.
    POST: Save a new FHIR resource. Do not send an _ID value for the new resource with a POST request. Passing an _ID value indicates to the Medical Office Force FHIR API that the resource already exists and results in an error. Note: The May 2022 version of the Medical Office Force FHIR API does not support writing data back to the product.
    PUT: Update a FHIR resource. A PUT request must include the _ID value for the resource. The PUT request also requires an If-Match value in the HTTP header. This is used to validate that the version of the resource in the application that is being updated matches the version in the product database. This prevents conflicting updates.

  • The Medical Office Force FHIR API supports both JSON and XML formats. By default, the Medical Office Force FHIR API returns data in JSON. Use the Accept HTTP header to control this format.

    • */*: Application accepts anything.
    • application/fhir+XML: Response is in XML.
    • application/fhir+JSON: Response is in JSON.

Authorization

The Medical Office Force FHIR API supports the HL7® SMART Application Launch Framework Implementation Guide Release 1.0.0 implementation specification, a profile of the OAuth 2.0 specification. Additionally, the Medical Office Force FHIR API supports OpenID Connect Core 1.0. For more information on these specifications, see hl7.org/fhir/smart-app-launch/1.0.0/.

The following sections describe the authorization flows for FHIR applications.

 

Stand-alone application launch for a Medical Office Force product user

The endpoint for the product’s Medical Office Force FHIR server is available from the Medical Office Force Endpoint Directory. Typically, endpoints that include /fhir are for product users. These (non-patient) application endpoints can also be tagged with a Provider badge on the Endpoint Directory.

    1. The application requests the Capability Statement from the Medical Office Force FHIR server.
    2. The Medical Office Force FHIR server returns the Capability Statement, which includes two endpoints:
      • Authorize endpoint: for the Medical Office Force Authorization server
      • Token endpoint

      For example:

      [
  {
    "url": "authorize",
    "valueUri": "https://.../authorize"
  },
  {
    "url": "token",
    "valueUri": "https://.../token"
  }
]
    3. The application sends credentials to the Medical Office Force Authorization server. These credentials include the application’s client ID and client secret (available on the FHIR App page on the Medical Office Force Connect Portal).
    4. If the application credentials are recognized by the Medical Office Force Authorization server (meaning the client has authorized the application in the Medical Office Force License Management Portal), the product’s login screen displays. The user can enter their user credentials (user ID and password) in the product.

If the application credentials are not recognized by the Medical Office Force Authorization server, the server returns an error.

  1. OAuth sends the user’s product credentials to the Medical Office Force Authorization server. If the credentials are valid, the server returns a temporary token to the application’s Callback URL (as defined in the Medical Office Force Connect Portal for the application).
  2. The application then sends the temporary token to the token endpoint, and the Medical Office Force Authorization server returns a regular token. The length of time during which the token is valid is defined in the Medical Office Force License Management Portal.

Stand-alone application launch for a patient

The endpoint for the product’s Medical Office Force FHIR server is available from the Medical Office Force Endpoint Directory Endpoint Directory. Typically, endpoints that include /open are for patient applications. These patient application endpoints can also be tagged with a Patient badge on the Endpoint Directory.

  1. The application requests the Capability Statement from Medical Office Force FHIR server.
  2. The Medical Office Force FHIR server returns the Capability Statement which includes the authorize endpoint for the Medical Office Force Authorization server and the token endpoint.
  3. The application sends credentials to the Medical Office Force Authorization server. These credentials include the application’s client ID and client secret. (On the FHIR App page on the Medical Office Force Connect Portal.)
  4. If the application credentials are recognized by the Medical Office Force Authorization server (meaning the client has authorized the application), the server verifies that the patient is valid.
Api Documentation