Payer System Access API

The Payer System Access API enables healthcare applications to securely access member data through system-to-system integration without requiring individual member authentication. This FHIR R4-compliant API supports backend services, bulk data export, and automated healthcare workflows while maintaining strict security and compliance standards for payer organizations.

Overview

This API is designed for healthcare applications that need programmatic access to member data for population health management, quality reporting, risk adjustment, and other system-level operations. It supports both individual resource access and bulk data export capabilities, making it ideal for analytics platforms, payer-to-payer integrations, and automated healthcare workflows.

Key Features

System-Level Authentication - Backend service authentication using OAuth 2.0 Client Credentials
Bulk Data Export - Asynchronous export of large datasets for population health analytics
Real-Time Access - Individual resource queries for immediate data needs
Comprehensive Member Data - Full access to clinical, administrative, and financial data
Regulatory Compliance - Meets CMS Interoperability Rules and ONC certification requirements
Scalable Architecture - Designed for high-volume, automated data exchange

Supported Use Cases

Population Health Management

Access large datasets for population health analytics, risk stratification, and care gap analysis across member populations.

Quality Measure Reporting

Automate the collection and reporting of quality measures for regulatory compliance and performance improvement initiatives.

Payer-to-Payer Data Exchange

Enable seamless data exchange between different health plans for member transitions and care coordination.

Risk Adjustment and Analytics

Support risk adjustment programs with comprehensive member data for accurate risk scoring and payment calculations.

Claims and Benefits Analytics

Power business intelligence platforms with member claims, benefits utilization, and cost analysis data.

Regulatory Reporting

Support regulatory compliance initiatives with automated data collection and reporting capabilities.

Authentication & Authorization

OAuth 2.0 Client Credentials Grant

This API uses the OAuth 2.0 Client Credentials Grant for system-to-system authentication without requiring individual user login.

Key Components:

System Authentication - Applications authenticate using client credentials or private key JWT
System Scopes - Broad permissions for accessing member populations
Long-Lived Tokens - Tokens suitable for automated, long-running processes
Audit Logging - Comprehensive logging of all system access for security monitoring

Authentication Methods

Private Key JWT (Recommended):

Enhanced security using asymmetric cryptography
No shared secrets to manage
Supports key rotation and certificate-based authentication

Client Secret:

Traditional client ID and secret authentication
Suitable for secure server environments
Requires secure secret management

Implementation Standards

This API implements multiple healthcare interoperability standards:

Standard	Version	Purpose
FHIR	R4	Healthcare data exchange format
US Core	6.1.0	Core FHIR profiles for US healthcare
Bulk Data	2.0.0	Asynchronous bulk data export
OAuth 2.0	RFC 6749	Authorization framework
SMART Backend Services	1.0	Backend service authorization

Environment Information

Production Environment

Base URL: https://fhir.netsmartcloud.com/payer/system-access/v2/{tenant-id}
Token Endpoint: https://fhir.netsmartcloud.com/auth/{tenant-id}/oauth2/v1/token
Bulk Export: https://fhir.netsmartcloud.com/payer/system-access/v2/{tenant-id}/$export

Preview Environment

Base URL: https://fhirtest.netsmartcloud.com/payer/system-access/v2/{tenant-id}
Token Endpoint: https://fhirtest.netsmartcloud.com/auth/{tenant-id}/oauth2/v1/token
Bulk Export: https://fhirtest.netsmartcloud.com/payer/system-access/v2/{tenant-id}/$export

Getting Started

Prerequisites

CareConnect Tenant Access - Contact Netsmart to obtain your tenant ID
System Application Registration - Register your backend application for system access
FHIR Knowledge - Understanding of FHIR R4 resources and bulk data operations
OAuth 2.0 Implementation - Ability to implement OAuth 2.0 client credentials flow
Security Infrastructure - Secure environment for handling PHI and system credentials

Quick Start Steps

Discover Capabilities - Retrieve the CapabilityStatement to understand supported resources and operations
Configure System Authentication - Set up OAuth 2.0 client credentials flow
Obtain Access Token - Authenticate your system to receive access token
Access FHIR Resources - Make authenticated requests for individual resources or bulk export
Handle Bulk Export - Process asynchronous bulk data export workflows

Example: Get CapabilityStatement

GET https://fhir.netsmartcloud.com/payer/system-access/v2/{tenant-id}/metadata
Accept: application/fhir+json

Example: Bulk Data Export

GET https://fhir.netsmartcloud.com/payer/system-access/v2/{tenant-id}/$export
Authorization: Bearer {access_token}
Accept: application/fhir+json
Prefer: respond-async

Supported FHIR Resources

This API provides access to the same comprehensive set of FHIR resources as outlined in the Payer APIs overview, organized by category:

Base Resources - Member demographics and provider information
Clinical Resources - Conditions, procedures, observations, and medications
Workflow Resources - Encounters, care plans, and service requests
Financial Resources - Coverage and explanation of benefits
Specialized Resources - Documents, devices, and audit trails

For detailed information about each resource, including supported operations and search parameters, start with the CapabilityStatement to discover what's actually supported by this API.

Bulk Data Export

Export Operations

Group-Level Export:

Export data for specific member populations
Supports cohort-based analytics and reporting
Ideal for quality measure calculations and risk adjustment

Export Workflow

Initiate Export - Submit export request with desired parameters
Poll Status - Monitor export job progress using provided status URL
Download Files - Retrieve completed export files from secure URLs
Process Data - Import and process exported FHIR resources

Payer-Specific Features

Claims and Benefits Data

Access comprehensive claims and benefits information:

Historical claims data
Explanation of benefits records
Cost-sharing and payment details
Provider reimbursement information

Coverage Analytics

Retrieve coverage and enrollment data:

Member enrollment periods
Benefit plan details
Network participation
Cost-sharing structures

Population Health Insights

Support population health initiatives:

Member risk stratification
Care gap identification
Quality measure tracking
Outcome analytics

Security & Compliance

System Security

Secure Authentication - Private key JWT or client secret authentication
Access Controls - System-level permissions and audit logging
Data Encryption - All data transmitted over HTTPS/TLS
Network Security - IP whitelisting and secure network configurations

HIPAA Compliance

Business Associate Agreements - Required for all system integrations
Administrative Safeguards - System access controls and user management
Physical Safeguards - Secure data centers and infrastructure
Technical Safeguards - Encryption, audit logs, and access monitoring

Audit and Monitoring

Access Logging - Comprehensive logs of all system access
Performance Monitoring - API usage and performance metrics
Security Monitoring - Anomaly detection and security alerts
Compliance Reporting - Regular compliance and usage reports

Error Handling

The API follows FHIR and OAuth 2.0 standards for error responses. Common error scenarios include:

Authentication Errors - Invalid credentials or expired tokens
Authorization Errors - Insufficient system permissions
Resource Errors - Invalid resource requests or parameters
Export Errors - Bulk export job failures or timeouts
Rate Limiting - API usage limits exceeded

For detailed error codes and troubleshooting guidance, see the Error Handling documentation.

Support Resources

Authentication Guide - Detailed OAuth 2.0 implementation
System Access Tutorial - Step-by-step Postman guide
Bulk Data Tutorial - Bulk export walkthrough
Error Handling - Troubleshooting and error resolution
Technical Support - Contact Netsmart for integration assistance

Next Steps

Ready to start building? Here's what to do next:

Review CapabilityStatement - Discover supported resources and operations
Set Up Authentication - Implement OAuth 2.0 client credentials flow
Try the Tutorial - Follow our Postman guide
Explore Bulk Export - Learn bulk data workflows
Test Integration - Use the preview environment to validate your implementation

This API enables powerful system-level healthcare integrations while maintaining the highest standards of security, compliance, and performance. Contact Netsmart support for assistance with your integration.

Overview​

Key Features​

Supported Use Cases​

Population Health Management​

Quality Measure Reporting​

Payer-to-Payer Data Exchange​

Risk Adjustment and Analytics​

Claims and Benefits Analytics​

Regulatory Reporting​

Authentication & Authorization​

OAuth 2.0 Client Credentials Grant​

Authentication Methods​

Implementation Standards​

Environment Information​

Production Environment​

Preview Environment​

Getting Started​

Prerequisites​

Quick Start Steps​

Example: Get CapabilityStatement​

Example: Bulk Data Export​

Supported FHIR Resources​

Bulk Data Export​

Export Operations​

Export Workflow​

Payer-Specific Features​

Claims and Benefits Data​

Coverage Analytics​

Population Health Insights​

Security & Compliance​

System Security​

HIPAA Compliance​

Audit and Monitoring​

Error Handling​

Support Resources​

Next Steps​