OneRecord API Overview

OneRecord API is a secure and reliable way for healthcare organizations and businesses to retrieve patient data from a variety of networks with the patient's permission. By using OneRecord API, organizations can streamline their operations and improve patient care by accessing all the data they need through OneRecord's network. With OneRecord API, organizations can avoid the time-consuming and complex process of retrieving patient records from multiple sources and instead access a wealth of medical data with ease.

Each OneRecord API account is called a Tenant, and can represent a single organization or a group of multiple organizations. This allows for flexible and customizable access to patient data, tailored to the needs of each individual Tenant.

How OneRecord API Works

OneRecord API enables organizations to retrieve patient data from OneRecord's network by providing groups of endpoints that correspond to different healthcare interoperability standards, such as FHIR, Carequality, or Commonwell. Before retrieving any patient data, organizations must first obtain the patient's permission using the appropriate patient authorization method for their chosen standard.

For FHIR, this typically involves OAuth-based authentication to third-party FHIR servers. For IHE-based networks like Carequality and Commonwell, a patient lookup must occur through these HIPAA-compliant partners by providing the patient's demographics. If the patient is registered with those demographics, the credentials are returned from this patient lookup process.

Once permission has been granted and the patient's credentials have been obtained, organizations can use OneRecord API to search for and retrieve the patient's medical records in the appropriate format for their system. For FHIR, the API returns data in R4 format, which is the most common and usable data format for FHIR-based networks. For IHE-based networks, the document format is typically CCDA.

While OneRecord does offer tools to format and organize data in special cases, it's ultimately up to the organization to handle the processing of the returned data. Additionally, since OneRecord API does not store any PHI data returned through the API, there's no built-in tool for de-duplicating data already fetched from past searches. OneRecord recommends that organizations plan for this in their solutions. However, OneRecord does use a tool for this in the OneRecord consumer app, and are working toward offering this tool to OneRecord API customers in the future.

How to Proceed

If you are considering using OneRecord API for your healthcare data needs, it is recommended to start with the Getting Started guide for Developers. This guide provides an overview of the components of a OneRecord API customer account, and explains how to authenticate your access to OneRecord API. It also guides you on which networks you'll need to query and contains links to the appropriate guide pages for each. Once you have reviewed the guide and determined that OneRecord API is right for your plans, you can sign up for an account and begin planning your integration.