Getting Started
This page provides information on using the Memorial Hermann Patient Access and Provider Directory APIs defined by the 21st Century Cures Act. For more information on these API requirements, please visit the CMS fact sheet here:
Policies and Technology for Interoperability and Burden Reduction | CMS
These APIs are based on:
Health Level 7® (HL7) Fast Healthcare Interoperability Resources (FHIR®) 4.0.1
There are two Memorial Hermann APIs based on the following:
- The Consumer Access API allows Memorial Hermann customers to access their claims and available clinical information.
- The Provider Directory API facilitates searches for Memorial Hermann providers.
Access and Authentication
This section provides steps for accessing and authenticating the Memorial Hermann APIs.
- The Consumer Access API is a secured end point and can be accessed using OAuth 2.0 authentication, as described in this section.
- The Provider Directory API is a public end point and no authentication is required.
To access the Consumer Access API, third party app developers must register your developer account and get your application authorized. To begin registering your developer account, download the "Third Party App Developer Application Form" and follow the instructions within.
The Consumer Access API is secured using OAuth 2.0 using a grant type of Authorization Code. Three things are required to get started:
- Client ID
- Client Secret
- Authorization URL
The Authorization URL is:
https://apigatewaytest.memorialhermann.org/inforIntSTS/connect/authorize
In order to begin the authentication, the app needs to send an HTTP POST to the above URL with grant type of Authorization Code and the Client ID and Client Secret included.
The app will be redirected with the option to sign in with EveryDayWell. Please select EveryDayWell, and then the user will be allowed to sign in using their EveryDayWell account.
After entering their username and password, the user will need to click “Allow” for the app to be able to access their data. The app will then be given an authentication code to retrieve an access token.
The URL to obtain the access token is:
https://apigatewaytest.memorialhermann.org/inforIntSTS/connect/token
The app can then include the access token as a bearer token to read and search data as defined in the rest of this document.
Note: Based on the authentication process, the FHIR Bridge server has context for the identity of the member. The app can run a simple Patient resource read to obtain the member id:
GET [base]/Patient
Consumer Access API
Security
Memorial Hermann API requests using the Consumer Access API make use of patient-specific information which could be exploited by malicious actors resulting in exposure of patient data. For this reason, all Memorial Hermann consumer access/patient transactions are secure, with access limited to authorized individuals.
Authorization, Authentication, and Registration
All FHIR HTTP interactions described in this section are subject to the access and authentication controls defined in the previous section.
FHIR RESTful API Capabilities
All transactions are in a JSON format. When submitting HTTP requests, the following status codes may be returned:
HTTP Status Code |
Description |
200 |
Successful Request |
400 |
Bad Request |
403 |
Forbidden |
404 |
Not Found |
405 |
Method Not Allowed |
422 |
Un-processable Entity |
500 |
Internal Service Error |
503 |
Service Unavailable |
Consumer Access Resources
These are the endpoints and resources available with the Consumer Access API.
Base URL
The base URL for each endpoint is:
Production:
https://apigateway.memorialhermann.org:7443/infor/CustomerApi/prod
Test:
https://apigatewaytest.memorialhermann.org:7443/infor/CustomerApi/test
Capability Statement
The CapabilityStatement resource documents a set of capabilities (behaviors) of a FHIR Server for a particular version of FHIR that may be used as a statement of actual server functionality or a statement of required or desired server implementation.
- The Capability Statement for the Memorial Hermann Consumer Access API can be accessed using:
GET [base]/metadata
Coverage
The Coverage resource is intended to provide the high-level identifiers and descriptors of an insurance plan, typically the information which would appear on an insurance card, which may be used to pay, in part or in whole, for the provision of health care products and services.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Coverage resource using:
GET [base]/Coverage/[id]
Explanation of Benefit
The ExplanationOfBenefit (EOB) resource combines key information from a Claim, a ClaimResponse and optional Account information to inform a patient of the goods and services rendered by a provider and the settlement made under the patient's coverage in respect of that Claim. The ExplanationOfBenefit resource may also be used as a resource for data exchange for bulk data analysis, as the resource encompasses Claim, ClaimResponse and Coverage/Eligibility information.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning an Explanation of Benefit bundle using:
GET [base]/ExplanationOfBenefit?{searchParameters}
Search parameters can be combined using “&”, and can include:
patient=[Patient/{id}]
provider=[Practitioner/{id}]
service-date=[date]
Patient
The Patient resource provides demographics and other administrative information about an individual receiving care or other health-related services.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Patient resource using:
GET [base]/Patient/[id]
Practitioner
The Practitioner resource provides information about a person with a formal responsibility in the provisioning of healthcare or related services.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Practitioner resource using:
GET [base]/Practitioner/[id]
Provider Directory API
Overview
The Provider Directory API accesses the Memorial Hermann Provider and Pharmacy Directories. This section describes the FHIR resources and RESTful capabilities that the Provider Directory API supports.
Security
Memorial Hermann's Provider Directory API is an open API, as required by the 21st Century Cures Act, and does not require third-party applications to send consumer identifying information and does not require authentication.
FHIR RESTful API Capabilities
All transactions are in a JSON format. When submitting HTTP requests, the following status codes may be returned:
HTTP Status Code |
Description |
200 |
Successful Request |
400 |
Bad Request |
403 |
Forbidden |
404 |
Not Found |
405 |
Method Not Allowed |
422 |
Un-processable Entity |
500 |
Internal Service Error |
503 |
Service Unavailable |
Provider Directory Resources
These are the resources and the endpoints available with the Memorial Hermann Provider Directory API.
Base URL
The private Consumer Access API URLs defined in the previous section can be used to access the Provider Directory Resources.
In addition, the following open base URLs for test and production endpoints are:
Production:
https://apigateway.memorialhermann.org:7443/infor/CustomerApi/public
Test:
https://apigatewaytest.memorialhermann.org:7443/infor/CustomerApi/public
Capability Statement
The CapabilityStatement resource documents a set of capabilities (behaviors) of a FHIR Server for a particular version of FHIR that may be used as a statement of actual server functionality or a statement of required or desired server implementation.
- The Capability Statement for the Memorial Hermann Provider Directory API can be accessed using:
GET [base]/metadata
Location
The Location resource refers to a practitioner or person for the purpose of achieving some form of action.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Location resource using:
GET [base]/Location/[id]
- The [id] is a concatenation of the practitioner id and their postal code separated by an underscore (_).
- Example: 12345555567_90210
- The Location can be searched as a search parameter within a PractitionerRole search.
Note: When referenced in an ExplanationOfBenefit resource, the logical ID of the Location resource only includes the practitioner ID, not the concatenation of the postal code.
Organization
The Organization resource refers to a formally or informally recognized grouping of people or organizations formed for the purpose of achieving some form of collective action. Includes companies, institutions, corporations, departments, community groups, healthcare practice groups, payer/insurer, etc.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Organization resource using:
GET [base]/Organization/[id]
- The [id] is a concatenation of the organization id and their postal code separated by an underscore (_).
- Example: 12345555567_90210
- The Location can be searched as a search parameter within a PractitionerRole search.
Note: When referenced in an ExplanationOfBenefit resource, the logical ID of the Organization resource only includes the organization ID, not the concatenation of the postal code.
Practitioner
The Practitioner resource provides information about a person with a formal responsibility in the provisioning of healthcare or related services.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a Practitioner resource using:
GET [base]/Practitioner/[id]
- The practitioner name can also be searched as a search parameter within a PractitionerRole search.
PractitionerRole
The PractitionerRole resource provides a specific set of Roles/Locations/specialties/services that a practitioner may perform at an organization for a period of time.
Read and Search Criteria
- The Memorial Hermann FHIR server SHALL be capable of returning a PractitionerRole resource using:
GET [base]/PractitionerRole/[id]
- The Memorial Hermann FHIR server SHALL be capable of returning an PractitionerRole bundle using:
GET [base]/ExplanationOfBenefit?{searchParameters}
Search parameters can be combined using “&”, and can include:
role=[role]
1
specialty=[specialty]
1
organization.name=[name]
organization.address-postalcode=[address-postalcode]
location.address-postalcode=[address-postalcode]
practitioner.family=[family]
1 See Appendix 1 for valid codes