Introduction:
This document describes the Integration with the SMART App Launch Framework via FHIR allows a third-party application to connect with Provider(s) using the ZoomMD Software and retrieve Electronic Health Record data from those Providers.
This API collection for use of Health IT developers seeking to use our ONC 2015 Edition Cures Update Certified (g)(10) Standardized API for Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®) services.
These applications can launch from inside the user interface of ZoomMD. The framework supports Apps for use by clinicians, patients, and others via a Patient Portal or any FHIR system where a user can give permissions to launch an App. It provides a reliable, secure authorization protocol for a variety of App architectures, including Apps that run on an end-user’s device as well as Apps that run on a secure server.
This documentation is intended for use by third-party application developers which will describe registration, syntax, functionality and errors/exceptions they will see when using the FHIR API to integrate with provider(s) using the ZoomMD software
Registration
Developers wishing to integrate with the API must contact the PHI Provider that uses ZoomMD as their EMR. ZoomMD is an AWS cloud based EMR solution and as such, each API instance is separate based on the Provider (each Provider is considered a separate entity and will have their own API URL, registration for which third- party developers have access to their data via the FHIR API on their system, and each Provider is responsible for maintaining the rights of API accounts). Once a Provider decides to grant access to you as a third-party developer, they will set up a new developer account with access to the API based on the needs of the developer and agreed upon permissions with the Provider.
Configurations
The following are configuration settings that a third-party developer App needs to meet:
- The App MUST read and parse JSON responses.
- The App MUST assure that sensitive information (authentication secrets, authorization codes, tokens) are transmitted ONLY to authenticated servers, over TLS-secured channels.
- §170.315(g)(10) requires secure connection using TLS version 1.2 or higher.
- If the App is a Bulk Export application, the application MAY need to be setup to handle longer lasting connections based on the data that is being exported.
- The App MUST send requests over HTTPS.
- HTTP requests will be rejected.
It is published on the endpoint: https://www.zoommd.com/zoommd-file-api-endpoints