This page provides information on using the Memorial Hermann Patient Access and Provider Directory APIs defined by the 21st Century Cures Act.
This page provides information on using the Memorial Hermann Patient Access and Provider Directory APIs defined by the 21st Century Cures Act. For more information on these API requirements, please visit the CMS fact sheet here:
Policies and Technology for Interoperability and Burden Reduction | CMS
These APIs are based on:
Health Level 7® (HL7) Fast Healthcare Interoperability Resources (FHIR®) 4.0.1
There are two Memorial Hermann APIs based on the following:
This section provides steps for accessing and authenticating the Memorial Hermann APIs.
To access the Consumer Access API, third party app developers must register your developer account and get your application authorized. To begin registering your developer account, download the "Third Party App Developer Application Form" and follow the instructions within.
The Consumer Access API is secured using OAuth 2.0 using a grant type of Authorization Code. Three things are required to get started:
The Authorization URL is:
In order to begin the authentication, the app needs to send an HTTP POST to the above URL with grant type of Authorization Code and the Client ID and Client Secret included.
The app will be redirected with the option to sign in with EveryDayWell. Please select EveryDayWell, and then the user will be allowed to sign in using their EveryDayWell account.
After entering their username and password, the user will need to click “Allow” for the app to be able to access their data. The app will then be given an authentication code to retrieve an access token.
The URL to obtain the access token is:
The app can then include the access token as a bearer token to read and search data as defined in the rest of this document.
Note: Based on the authentication process, the FHIR Bridge server has context for the identity of the member. The app can run a simple Patient resource read to obtain the member id:
Memorial Hermann API requests using the Consumer Access API make use of patient-specific information which could be exploited by malicious actors resulting in exposure of patient data. For this reason, all Memorial Hermann consumer access/patient transactions are secure, with access limited to authorized individuals.
All FHIR HTTP interactions described in this section are subject to the access and authentication controls defined in the previous section.
All transactions are in a JSON format. When submitting HTTP requests, the following status codes may be returned:
These are the endpoints and resources available with the Consumer Access API.
The base URL for each endpoint is:
The CapabilityStatement resource documents a set of capabilities (behaviors) of a FHIR Server for a particular version of FHIR that may be used as a statement of actual server functionality or a statement of required or desired server implementation.
The Coverage resource is intended to provide the high-level identifiers and descriptors of an insurance plan, typically the information which would appear on an insurance card, which may be used to pay, in part or in whole, for the provision of health care products and services.
The ExplanationOfBenefit (EOB) resource combines key information from a Claim, a ClaimResponse and optional Account information to inform a patient of the goods and services rendered by a provider and the settlement made under the patient's coverage in respect of that Claim. The ExplanationOfBenefit resource may also be used as a resource for data exchange for bulk data analysis, as the resource encompasses Claim, ClaimResponse and Coverage/Eligibility information.
The Patient resource provides demographics and other administrative information about an individual receiving care or other health-related services.
The Practitioner resource provides information about a person with a formal responsibility in the provisioning of healthcare or related services.
The Provider Directory API accesses the Memorial Hermann Provider and Pharmacy Directories. This section describes the FHIR resources and RESTful capabilities that the Provider Directory API supports.
Memorial Hermann's Provider Directory API is an open API, as required by the 21st Century Cures Act, and does not require third-party applications to send consumer identifying information and does not require authentication.
These are the resources and the endpoints available with the Memorial Hermann Provider Directory API.
The private Consumer Access API URLs defined in the previous section can be used to access the Provider Directory Resources.
In addition, the following open base URLs for test and production endpoints are:
The Location resource refers to a practitioner or person for the purpose of achieving some form of action.
Note: When referenced in an ExplanationOfBenefit resource, the logical ID of the Location resource only includes the practitioner ID, not the concatenation of the postal code.
The Organization resource refers to a formally or informally recognized grouping of people or organizations formed for the purpose of achieving some form of collective action. Includes companies, institutions, corporations, departments, community groups, healthcare practice groups, payer/insurer, etc.
Note: When referenced in an ExplanationOfBenefit resource, the logical ID of the Organization resource only includes the organization ID, not the concatenation of the postal code.
The PractitionerRole resource provides a specific set of Roles/Locations/specialties/services that a practitioner may perform at an organization for a period of time.
1 See Appendix 1 for valid codes
Back to top ^