Introduction
Fast Healthcare Interoperability Resources, or FHIR, is a standard way of defining an API for healthcare resources. More information can be found at the FHIR website.
The Allscripts FHIR API is based on DSTU 2, or version 1.0.2, of the FHIR standard. The Allscripts FHIR API uses the Data Access Framework (DAF) profile that was originally developed for Meaningful Use 2 by ONC. Updates and definitions for use of DAF for Meaningful Use 3 can be found on the Argonaut Wiki.
The Allscripts FHIR API is a RESTful implementation for an API. At a high level this means several things.
- FHIR is resource-based. The resources are healthcare or related resources, for example patient or medication. All resources have an identifier that can be used to access or reference them.
- FHIR resources are accessed through HTTP and use the HTTP verbs. For example, to retrieve a resource you do a
GET, to update a resource you do aPOST, and so forth.
The following call will retrieve a patient with ID 123:
GET http://FHIR.server/patient/123
Examples of FHIR resources are Patient or Immunization.
Resources have three parts:
- Extensions
- Narrative
- Defined structured data
Resources can reference other resources.
Resources are independent. You don’t need other resources to correctly interpret a resource. Resources reference each other extensively to form a web of information. You need to resolve references to fully understand the data. A reference is relative to a server based URL.
<Procedure xmlns="http://hl7.org/fhir">
<subject>
<reference value="Patient/23"/>
</subject>
All resources carry an HTML representation of their content to ensure clinical safety in the case that the receiver does not understand the content.
Security
Like many RESTful APIs, the Allscripts FHIR API uses OAuth 2 for security. This means that when making calls to any resource with the Allscripts FHIR API, you must pass a Bearer token. This token is passed in the Authorization Header.
Authorization: Bearer 123.456.7890
To obtain a Bearer token, you must call an Authorization Server. The authorization server typically exposes two endpoints:
authorize: typically used to confirm the user’s credentialstoken: used to obtain the Bearer token
As per the FHIR specification, the Allscripts FHIR API supports both JSON and XML. However, for simplicity, we limit our examples to JSON.