Veracity Patient Data API Access
Introduction
This document provides an overview of Veracity 9.1 application access Web API in accordance to 170.315 (g)(7), 170.315 (g)(9). You will also agree to TERMS OF SERVICE.
The application can be accessed by any authorized third party vendor or otherwise that has been given credentials by the clinic to access their instance of the veracity application. Client software must be capable of making HTTPS RESTful requests.
Security:
Veracity 9.1 implements multi-layer security system. Authentication token is needed to access the application API. Only SSL/TLS connections (TLS 1.0 or higher) are accepted. All plaintext connections will be refused.
Note: Please limit your connection frequency to a value appropriate for your use case. Connection attempts which are more frequent than permitted by the bandwidth allocation for the data resource are not allowed.
Steps needed to access the Web API:
- Contact the clinic for Client ID and Client Secret
- Call the authorization API to receive an authorization token. If the client credentials are valid, the server returns an authorization token.
- Use the authorization token to query patients using specific demographics data. If the patient is found, a patient unique ID is returned.
- Use the patient Unique ID to query patient’s specific clinical data.
- You can query patient specific categories shown below. If categories are left blank, all patient data will be returned.
- You can query data with specified date range. If left blank, all data will be returned.
- The authorization token expires after a period of inactivity. You have to retrieve another authorization token.
Web API workflow:
Categories:
| Code | Description |
| Demographics | Patient demographics |
| Problems | Patient problems |
| Medications | Patient medications |
| Allergies | Patient allergies |
| Immunizations | Patient immunization |
| VitalSigns | Patient vitals |
| CarePlan | Patient care plan |
| LabResults | Patient lab results |
| Procedures | Patient procedures |
| ChiefComplaint | Patient chief complaints |
| Instructons | Provider instructions to patients |
| HealthConcerns | Patients health concerns |
| AssessmetnandPlan | Patient assessments and plan |
| MedicalDevices | Patient implantable devices |
| Social | Patient social history |
| FunctionalStatus | Patient functional status |
| CognitiveStatus | Patient cognitive status |
| ReferralReason | Patient referral reason |
*Any request parameter must be sent using x-www-form-urlencoded
Functions
POST /authorize
Authorize to receive an authentication token to use in subsequent requests
| URL | Request headers | Parameters |
|---|---|---|
| https://ver9.allegiancemd.com/ehr/api/v1/authorize | N/A | clientId:String (required) clientSecret:String (required) |
ExceptionsUnauthorized: Wrong clientId or clientSecret | ||
ResponseResponse Type: JSON{ | ||
POST /getIdent
Query patients with first name, last name and date of birth
| URL | Request headers | Parameters |
|---|---|---|
| https://ver9.allegiancemd.com/ehr/api/v1/getIdent | Authorization:String (required) – Bearer {tokenId} | fname:String(required) lname:String(required) dob:Date(required) |
ExceptionsNo results: Patient was not found | ||
ResponseResponse Type: JSON
Patient account is returned [ { “account”: “ad17484a-ff7d-4989-be26-d8a04e65c9ce ” } ] | ||
POST /patient/clinicalData/{patientIdentifier}
Query patients with first name, last name and date of birth
| URL | Request headers | Parameters |
|---|---|---|
| https://ver9.allegiancemd.com/ehr/api/v1/authorize | Authorization:String (required) – Bearer {tokenId} | categories:String(optional) fromDate:Date(optional) toDate:Date(optional) |
ExceptionsWrong Patient Identifier: wrong patient identifier was provided | ||
Response | ||
API Calls Details
AUTHORIZATION APIs
https://ver9.allegiancemd.com/ehr/api/v1
POST /authorize
Request headers
N/A
Request parameters
clientId (required)
clientSecret (required)
Response
{
“access_token”: “eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJiOGI1MDFjOS1mMTExLTQ”,
“resource_owner_authority”: “EHR”,
“token_type”: “Bearer”,
“expires_in”: “300”,
“success”: “true”
}
PROTECTED APIs
POST /patient/getIdent
Request headers
Authorization (required) – Bearer {tokenId} (example tokenId: eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJiOGI1MDFjOS1mMTExLTQ)
Request parameters
fname(required)
lname(required)
dob(required)
Response:
POST /patient/clinicalData/{patientIdentifier}
Request headers
Authorization (required) – Bearer {tokenId} (example tokenId: eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJiOGI1MDFjOS1mMTExLTQ)
Request parameters
categories(optional)
fromDate(optional)
toDate(optional)
Categories: comma seperated
Values Sample: Demographics, Problems, Medications, Allergies, Immunizations, VitalSigns, AssessmentandPlan, LabResults, Procedures, Instructions, HealthConcerns,CarePlan,MedicalDevices.
fromDate – toDate: Date range
Response
POST /patient/demoData/{account}
Request headers
Authorization (required) – Bearer {tokenId} (example tokenId: eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJiOGI1MDFjOS1mMTExLTQ)
Request Path parameters
Patient account
Response:
PROTECTED APIs
POST /calendar/search
Request headers
Authorization (required) – Bearer {tokenId} (example tokenId: eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJiOGI1MDFjOS1mMTExLTQ)
Request parameters
fromDate (required (format string YYYY-mm-dd))
toDate (required (format string YYYY-mm-dd))
Only 5 days range
Response:
Exceptions and Error Conditions
- The http status code equal to 500 (Internal Server Error): Error details is returned in message parameter in JSON{sucess:”false”,message:”detailed error message”}
- The http status code equal to 200 (OK): successful request