The following overview provides comprehensive guidance for developers on the process of registering their FHIR (Fast Healthcare Interoperability Resources) application for various EHRs including Veradigm EHR, Altera products: TouchWorks, Sunrise, and Paragon as well as dbMotion. Whether you're developing for one or all of these products, this overview will serve as an invaluable guide to streamline the registration process and facilitate the deployment of your FHIR application.
The Veradigm and Altera FHIR API R4 release is our third FHIR API. We released our first in 2017 to support the MU3 requirement for a patient-facing API based on an open standard, and then soon after we released an R3 (STU3) version for UK clients. Our developers participate in the Argonaut Project and the Da Vinci Project, as well as HL7 FHIR Accelerator Program projects like FHIR at Scale Taskforce (FAST). We also participate in HL7 working groups and HL7 FHIR Connectathons to help advance the maturity and adoption of FHIR domestically and internationally.
Review our terms of use and documentation to begin developing your FHIR integration.
When you register your developer account, accept the User Agreement and provide a valid email address. You’ll receive credentials that you can use to register your applications. If you have questions, reach out to VeradigmConnect@veradigm.com.
Note: The FHIR documentation on this portal applies to the Veradigm and Altera FHIR APIs. For information on Paragon Open API, go here.
The Veradigm and Altera FHIR API is limited to read-only access and not write-backs. For application developers seeking deeper integration with Veradigm and Altera EHRs, Veradigm Connect offers the bidirectional Unity API, enabling both reads and writes. To integrate with Veradigm Practice Management, developers must utilize Unity to read or write patient demographic, appointment, or financial data.
Single Sign-On (SSO) for FHIR R4 is not yet supported within Sunrise and Paragon EHRs. Veradigm EHR version 24.5 or later supports SSO. For app launch capabilities, developers are advised to leverage Unity for earlier versions of Veradigm EHR and Sunrise.
For more information, contact VeradigmConnect@veradigm.com.
Sign up at https://developer.veradigm.com/ to get access to Veradigm and Altera FHIR-enabled APIs and start testing in our sandboxes.
Register your FHIR application to connect to clients and begin testing.
On the FHIR App page, the Licensing Information section was expanded to include both FHIR R2 (DSTU2) and R4 applications. Applications that use the Veradigm and Altera FHIR R4 API must be explicitly licensed for individual client sites. The list of previously configured client sites for the selected application displays.
You can use most API test utilities to test your FHIR application. The Veradigm and Altera FHIR API teams uses Postman to test Patient and User type FHIR applications. Custom utilities can be created to test System type FHIR applications.
Patient and User type FHIR applications authenticate by entering user credentials for the Veradigm or Altera EHR or patient portal (such as AHC or FollowMyHealth). Postman can send requests to these systems to obtain these tokens.
Before attempting to send FHIR requests to the Veradigm or Altera EHR, it is helpful to create an environment file with the following variables.
To create an environment in Postman:
Next, create a request.
Next, obtain a token.
You can now enter an HTTP request and click Send.
Note: Tokens expire after a set amount of time configured by the client. You will need to generate new tokens periodically.
For more information on Postman, see the Postman Support Center or Learning Center.
Instead of entering product credentials to obtain a token, System applications make a direct call to the Token URL. The body of the request must include the following:
private async Task
{
string accessToken = null;
string tokenURL = "[token URL of FHIR auth server]";
string clientID = "[your FHIR app client ID]";
var tokenCode = GenerateJWT(tokenURL, clientID);
var address = new Uri(tokenURL);
using (var handler = new HttpClientHandler())
{
handler.UseCookies = false;
using (var client = new HttpClient(handler))
{
var message = new HttpRequestMessage(HttpMethod.Post, address);
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair
new KeyValuePair
new KeyValuePair
new KeyValuePair
});
message.Content = content;
var httpResponse = await client.SendAsync(message);
var result = await httpResponse.Content.ReadAsStringAsync();
if (httpResponse.IsSuccessStatusCode)
{
var tokenResponse = JObject.Parse(result);
accessToken = tokenResponse.SelectToken("access_token").Value
}
}
}
return accessToken;
}
private string GenerateJWT(string authServerTokenURL, string clientID)
{
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 signingCert = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false)[0];
var jti = CryptoRandom.CreateUniqueId(32);
List
{
new Claim("sub", clientID),
new Claim("jti", jti),
};
var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(claims),
Issuer = clientID,
Audience = authServerTokenURL,
Expires = DateTime.UtcNow.AddMinutes(5),
SigningCredentials = new X509SigningCredentials(signingCert)
};
var token = tokenHandler.CreateJwtSecurityToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
return tokenString;
}