Overview for Developers

Before you can connect your apps to the 1upHealth FHIR Server to send and receive health data, you must make sure that your applications support FHIR Release 4 (R4 version 4.0.1).

We recommend that you allow two to four weeks to modify your applications to support FHIR R4 and new data types.

You must also demonstrate support for FHIR R4 and provide details about your application (such as a logo, description, and links) before it can be made available to members of the supported health plans.

FHIR R4 is designed for all future versions to be backward compatible with all R4 components. This makes it a stable version that provides more access to data, and allows you to dedicate more time to patients.

Adoption of R4 creates a true standard and is another important step towards true FHIR interoperability. FHIR R4 builds on DSTU2 and STU3. With FHIR R4, you can get access to a patient’s clinical data through the 1upHealth FHIR API platform.

Authorization & Connection Requirements

Before you can connect your application to the 1up Payer Patient Access APIs you must support one of the following authorization methods.

Authorization Method		Description
OAuth 2.0	Preferred	Use the `authorization_code` workflow to connect to a payer's `/authorize` endpoint. You must have your client ID and configure a redirect. (Optional) You can also state parameters and scopes.
OpenID Connect 1.0 (OIDC)	Optional	OpenID Connect implements authentication as an extension of the OAuth 2.0 authorization method. To configure your application to use this extension, you can include the `openid` scope value in the Authorization request. Information about the authentication that occurs is returned in an ID Token, which is a JSON Web Token (JWT). For more information about ID Tokens, see ID Token in OpenID Connect Core 1.0 incorporating errata set 1.

Authorization Method

Description

OAuth 2.0

Preferred

Use the authorization_code workflow to connect to a payer's /authorize endpoint.

You must have your client ID and configure a redirect.

(Optional) You can also state parameters and scopes.

OpenID Connect 1.0 (OIDC)

Optional

OpenID Connect implements authentication as an extension of the OAuth 2.0 authorization method.

To configure your application to use this extension, you can include the openid scope value in the Authorization request. Information about the authentication that occurs is returned in an ID Token, which is a JSON Web Token (JWT).

For more information about ID Tokens, see ID Token in OpenID Connect Core 1.0 incorporating errata set 1.

To connect to the 1up Payer Patient Access APIs, you must use FHIR R4 APIs.

Supported FHIR Version & FHIR Resources

The supported FHIR resources vary depending on the payer. Some payers support only resources related to claims and coverage. Other payers also support clinical resources.

Payer Patient Access endpoints support only FHIR R4 (version 4.0.1).

You can use most of the FHIR R4 resources to expand the amount of data you’re able to query. This includes the following resources:

ExplanationOfBenefit
Coverage
Organization
Patient
Practitioner
Location

Supported Scopes

1upHealth supports the following scopes for patient access.

patient/*.read — Get read-only access to all of the available FHIR resources for the authenticated member
user/*.read — Get read-only access to resources for the specified user
launch/patient — Specify the patient to get access to
openid — Get an ID token that meets the OpenID Connect standard requirements

For more information about the supported scopes, see the HL7 FHIR SMART Application Launch Framework Implementation Guide R1.

Questions about this page? Contact us