CareLogic FHIR

Supported Product: CareLogic Enterprise S3 version

Sandbox Base URL: https://api-cert.qualifacts.org/api/fhir/r4

Sandbox Authorization Endpoint: https://integration-cert.qualifacts.org/fhir/smart/authorize

Sandbox Token Endpoint: https://integration-cert.qualifacts.org/fhir/smart/token

Production Base URLs: Download the CareLogic Endpoint Directory FHIR Bundle

Production Authorization Endpoint: https://integration.qualifacts.org/fhir/smart/authorize

Production Token Endpoint: https://integration.qualifacts.org/fhir/smart/token

Terms & Conditions

Complete Terms and Conditions

Fees

No fees are charged to access the API documentation.

At this time, no additional fees will be assessed.

Restrictions

CareLogic FHIR APIs are only available to registered developers.

Production access is limited to Qualifacts customers that have licensed the CareLogic FHIR API functionality.

The CareLogic API uses rate limiting to safeguard against bursts of incoming traffic to help maximize its stability. Users who send many requests in quick succession may see error responses with a 429 status code.

By default, each API key is limited to 1000 requests per minute and 100 requests per second. You can request a higher quota by contacting the CareLogic FHIR API coordinator at CarelogicFHIRAppReg@qualifacts.com.

Obligations

App developers must ensure all electronic protected health information (ePHI) is handled securely and appropriately.

Developers are encouraged to review all applicable state and federal rules including, but not limited to, the related ONC criteria:

• §170.315(d)(1) Authentication, access control, authorization

• §170.315(d)(5) Automatic access time-out

• §170.315(d)(7) End-user device encryption

• §170.315(d)(8) Integrity

• §170.315(d)(12) Encrypt authentication credentials

Registration

Patients

Patients and their authorized representatives must request API access directly from the participating agency.

Developers

Developers must first register to gain access to the sandbox environment.

Step 1: Review the Qualifacts Terms and Conditions.

Step 2: Using the Qualifacts FHIR API Developer Registration form, send the following information to the CareLogic FHIR API coordinator at CareLogicFHIRAppReg@qualifacts.com

Note

By submitting a registration request, you agree to accept and be fully bound by the FHIR API Terms of Use.

• Software Company Name

• Software/Application Name

• Software Company Website URL

• Software Company’s Address (Street, City, State, ZIP, Country)

• Developer/Contact Name

• Contact Phone Number

• Contact Email Address

• Requested Scope(s) (patient, user, system)

  • patient: allows a person (or their authorized representative) access to their own health record

  • user: providers at an agency can access data on the patients they serve

  • system: for Bulk Data Access from CareLogic to another system

• OAuth Callback URL (required for Patient and Provider applications, not needed for System-to-System)

• JWKS URL (required for System-to-System applications, used to extract JSON Web Keys)

• Intended Purpose(s) of Application

• Intended Application User(s)

• Brief Description of the Application

Step 3: Qualifacts registers the developer application.

Step 4: Qualifacts sends you the credentials needed for sandbox access.

Step 5: Test your API in the sandbox.

Step 6: When your API is ready, contact the FHIR API coordinator for production access.

Note

If your app is Provider-facing, or a System-to-System (Bulk FHIR) implementation, the participating agency must also approve production access.

Technical Documentation

API Information

See our Swagger page for API details.

Vendors with production access will be notified of any upcoming changes to the FHIR API via their registered email address.

System Requirements

Apps using the CareLogic FHIR API must be able to:

• Connect via HTTPS with TLS 1.2

• Store the client_id and client_secret for authentication

• Process JSON response files

Authentication

CareLogic FHIR supports SMART App Launch 2.0.0. and uses OAuth 2.0 client_id and client_secret for authentication.

Tokens, including initial refresh tokens, are issued as JSON Web Tokens.

Resources & Scopes

CareLogic FHIR APIs are built to the FHIR® Specification R4.0.1 and US Core Implementation v6.1.0 as published by HL7® and support the following FHIR Resources.

Bulk data request APIs are built to the FHIR Bulk Data Access (Flat FHIR) 1.0.1 specification also published by HL7®.

• AllergyIntolerance _{search-type, read}

  • US Core AllergyIntolerance Profile _{USCDI v3}

• CarePlan _{search-type, read}

  • US Core CarePlan Profile _{USCDI v3}

• CareTeam _{search-type, read}

  • US Core CareTeam Profile _{USCDI v3}

• Condition _{search-type, read}

  • US Core Condition Encounter Diagnosis Profile _{USCDI v3}

  • US Core Condition Problems and Health Concerns Profile _{USCDI v3}

• Coverage _{search-type, read}

  • US Core Coverage Profile _{USCDI v3}

• Device _{search-type, read}

  • US Core Implantable Device Profile _{USCDI v3}

• DiagnosticReport _{search-type, read}

  • US Core DiagnosticReport Profile for Laboratory Results Reporting _{USCDI v3}

  • US Core DiagnosticReport Profile for Report and Note Exchange _{USCDI v3}

• DocumentReference _{search-type, read}

  • US Core DocumentReference Profile _{USCDI v3}

• Encounter _{search-type, read}

  • US Core Encounter Profile _{USCDI v3}

• Goal _{search-type, read}

  • US Core Goal Profile _{USCDI v3}

• Immunization _{search-type, read}

  • US Core Immunization Profile _{USCDI v3}

• Location _{search-type, read}

  • US Core Location Profile _{USCDI v3}

• Medication _read

  • US Core Medication Profile _{USCDI v3}

• MedicationDispense _{search-type, read}

  • US Core MedicationDispense Profile _{USCDI v3}

• MedicationRequest _{search-type, read}

  • US Core MedicationRequest Profile _{USCDI v3}

• Observation _{search-type, read}

  • US Core Observation Clinical Test Result Profile _{USCDI v3}

    • US Core Laboratory Result Observation Profile _{USCDI v3}

  • US Core Observation Occupation Profile _{USCDI v3}

  • US Core Observation Pregnancy Intent Profile _{USCDI v3}

  • US Core Observation Pregnancy Status Profile _{USCDI v3}

  • US Core Observation Screening Assessment Profile _{USCDI v3}

  • US Core Observation Sexual Orientation Profile _{USCDI v3}

  • US Core Simple Observation Profile _{USCDI v3}

  • US Core Smoking Status Observation Profile _{USCDI v3}

  • US Core Vital Signs Profile _{USCDI v3}

    • US Core Pediatric Head Occipital-frontal Circumference Percentile Profile _{USCDI v3}

    • US Core Pediatric BMI for Age Observation Profile _{USCDI v3}

    • US Core Pediatric Weight for Height Observation Profile _{USCDI v3}

    • US Core Blood Pressure Profile _{USCDI v3}

    • US Core BMI Profile _{USCDI v3}

    • US Core Body Height Profile _{USCDI v3}

    • US Core Body Temperature Profile _{USCDI v3}

    • US Core Body Weight Profile _{USCDI v3}

    • US Core Head Circumference Profile _{USCDI v3}

    • US Core Heart Rate Profile _{USCDI v3}

    • US Core Pulse Oximetry Profile _{USCDI v3}

    • US Core Respiratory Rate Profile _{USCDI v3}

• Organization _{search-type, read}

  • US Core Organization Profile _{USCDI v3}

• Patient _{search-type, read}

  • US Core Patient Profile _{USCDI v3}

• Practitioner _{search-type, read}

  • US Core Practitioner Profile _{USCDI v3}

• PractitionerRole _{search-type, read}

  • US Core PractitionerRole Profile _{USCDI v3}

• Procedure _{search-type, read}

  • US Core Procedure Profile_{USCDI v3}

• Provenance _read

  • US Core Provenance Profile _{USCDI v3}

• QuestionnaireResponse _{search-type, read}

  • US Core QuestionnaireResponse Profile _{USCDI v3}

• RelatedPerson _{search-type, read}

  • US Core RelatedPerson Profile _{USCDI v3}

• ServiceRequest _read

  • US Core ServiceRequest Profile _{USCDI v3}

• Specimen _read

  • US Core Specimen Profile _{USCDI v3}

Common Error Codes

Qualifacts makes every effort to ensure the CareLogic FHIR API works correctly every time. If there is an issue, the CareLogic FHIR API will return standard HTTP error codes.

The most common errors you could encounter are listed below.

Client Errors

Code
400	Bad Request	The server cannot process the request due to an apparent client error.
401	Unauthorized	The required authentication failed or was not provided.
403	Forbidden	A valid request was received, but refused by the server. Typically, this is due to the user not having the necessary permissions for the specified resource.
404	Not Found	The requested resource could not be found.
408	Request Timeout	The server timed out waiting for the request.
429	Too Many Requests	Too many requests have been sent in a given time period.

• Check your API request for misspellings and other incorrect syntax.

• Make sure the request has a valid token and matches the request - for example, the token was for a patient at ABC Org, but the request was sent to XYZ Org.

• Compare the request with the list of supported FHIR resources and scopes.

Server Errors

Code
500	Internal Server Error	A generic error message for an unexpected condition.
502	Bad Gateway	The gateway/proxy server received an invalid response from the upstream server.
503	Service Unavailable	The server cannot handle the request, typically because it is overloaded or down for maintenance.
504	Gateway Timeout	The gateway/proxy server did not receive a timely response from the upstream server.

• In case of a server error, first wait a few minutes before sending another request.

• If the issue persists, please notify the CareLogic FHIR API coordinator at CarelogicFHIRAppReg@qualifacts.com