View Categories

Application Access – Patient Selection

2 min read

Table of Contents

§170.315(g)(7) Application Access – Patient Selection #

Product Name: Legend EHR, LLC

Version: 5.3

Certification Criterion:170.315(g)(7) Application access – patient selection

Conformance Method:The health IT conforms with the §170.315(g)(7) Application access – patient selection requirements.

Overview #

This document describes how the LegendEHR FHIR-based API supports the requirements of §170.315(g)(7) — Application Access: Patient Selection — under the ONC Health IT Certification Program.

LegendEHR provides patient selection functionality via FHIR R4 APIs hosted on AWS HealthLake. These APIs enable third-party applications to query and retrieve patient data in compliance with USCDI v3 and SMART on FHIR authorization.

2. Base FHIR Endpoint #

Base URL (example): #

https://healthlake.us-east-1.amazonaws.com/datastore/1234/r4

3. Patient Resource Access #

Applications can retrieve or search for patients using standard FHIR RESTful operations:

Example: Retrieve a specific patient

GET [base]/Patient/{id}

Example: Search for a patient by name or identifier

GET [base]/Patient?name=Robert

GET [base]/Patient?identifier=12345

Each request returns a FHIR Patient resource conformant with US Core Patient Profile (US Core v6.1.0 / FHIR R4).

4. Authentication & Authorization #

LegendEHR uses SMART on FHIR (OAuth 2.0) for authentication and authorization, integrating with AWS Cognito as the Authorization Server.
The following endpoints are used:

  • Authorization Endpoint:
    https://healthlakeoauth.auth.us-east-1.amazoncognito.com/oauth2/authorize
  • Token Endpoint:
    https://healthlakeoauth.auth.us-east-1.amazoncognito.com/oauth2/token

Applications must obtain valid access tokens before making FHIR API calls.

5. Supported FHIR Operations #

Resource Interaction Description

Patient

 read Retrieve patient details
Patient search Search for patients by demographic parameters
Patient history Retrieve version history for a patient record

6. Example Response #

{

“resourceType”: “Patient”,

“id”: “fd05852e1f0c147dcf212e91372aee1d”,

“name”: [

{

“given”: [“Robert”],

“family”: “Smith”

}

],

“gender”: “male”,

“birthDate”: “1946-11-04”

}

7. Compliance Statement #

LegendEHR attests that its FHIR API conforms with §170.315(g)(7) by enabling authenticated third-party applications to:

  • Select and retrieve a single patient record,
  • Query using patient identifiers or demographics,
  • Access only authorized patient data through SMART on FHIR.

8. Versioning and Contact #

Product: Legend EHR, LLC v5.3
FHIR Version: R4
US Core Implementation: v6.1.0 (aligned with USCDI v3)
Contact: support@legendehr.com

What are your Feelings

Powered by BetterDocs