The OneRecord API supports the query for and retrieval of medical records. We call that process "Getting Medical Records."
We support getting medical records for one patient at a time. In order to get medical records for the appropriate patient, the requester must either supply patient demographics in order to facilitate a patient matching process - we call this the Demographics Flow; or use pre-established credentials with the source system - we call this the Credentials Flow.
When using patient demographics to establish the patient match, the demographics may be provided directly from the patient if they are the user of the application, or they may be provided from a 3rd party that has demographic information stored for the patient. In the latter, the patient data is stored under a HIPAA covered entity and is also under a consent agreement from the patient that establishes the relationship between the patient and the entity and covers access to the patient's data for HIPAA established purposes of use.
Nationwide networks such as CommonWell Health Alliance and Carequality support this type of flow for obtaining medical records for a patient today. In limited cases FHIR endpoints also support this flow, however this continues to be a developing landscape.
When using pre-established credentials to link to the patient records, the OneRecord API is used to initiate a request following the SMART on FHIR profile of the OAuth2 protocol which redirects from the requesting system to the system where the credentials are provided for authentication. Once the credentials are validated, a token is obtained that will allow for access to retrieve records from the source system.
Updated almost 3 years ago