Provider System Access API

The Provider System Access API enables healthcare applications to securely access patient data through system-to-system integration without requiring individual patient authentication. This FHIR R4-compliant API supports backend services, bulk data export, and automated healthcare workflows while maintaining strict security and compliance standards.

Overview

This API is designed for healthcare applications that need programmatic access to patient data for population health management, quality reporting, clinical decision support, and other system-level operations. It supports both individual resource access and bulk data export capabilities, making it ideal for analytics platforms, EHR integrations, and automated healthcare workflows.

Key Features

System-Level Authentication - Backend service authentication using OAuth 2.0 Client Credentials
Bulk Data Export - Asynchronous export of large datasets for population health analytics
Real-Time Access - Individual resource queries for immediate data needs
Comprehensive Data Access - Full access to clinical, administrative, and financial data
Regulatory Compliance - Meets CMS Interoperability Rules and ONC certification requirements
Scalable Architecture - Designed for high-volume, automated data exchange

Supported Use Cases

Population Health Management

Access large datasets for population health analytics, risk stratification, and care gap analysis across patient populations.

Quality Measure Reporting

Automate the collection and reporting of quality measures for regulatory compliance and performance improvement initiatives.

EHR-to-EHR Data Exchange

Enable seamless data exchange between different electronic health record systems for care coordination and patient transfers.

Clinical Decision Support

Integrate real-time patient data into clinical decision support systems to improve care quality and safety.

Healthcare Analytics Platforms

Power business intelligence and analytics platforms with comprehensive healthcare data for operational insights.

Research and Development

Support clinical research initiatives with de-identified or authorized patient data for medical research and drug development.

Authentication & Authorization

OAuth 2.0 Client Credentials Grant

This API uses the OAuth 2.0 Client Credentials Grant for system-to-system authentication without requiring individual user login.

Key Components:

System Authentication - Applications authenticate using client credentials or private key JWT
System Scopes - Broad permissions for accessing patient populations
Long-Lived Tokens - Tokens suitable for automated, long-running processes
Audit Logging - Comprehensive logging of all system access for security monitoring

Authentication Methods

Private Key JWT (Recommended):

Enhanced security using asymmetric cryptography
No shared secrets to manage
Supports key rotation and certificate-based authentication

Client Secret:

Traditional client ID and secret authentication
Suitable for secure server environments
Requires secure secret management

Implementation Standards

This API implements multiple healthcare interoperability standards:

Standard	Version	Purpose
FHIR	R4	Healthcare data exchange format
US Core	6.1.0	Core FHIR profiles for US healthcare
Bulk Data	2.0.0	Asynchronous bulk data export
OAuth 2.0	RFC 6749	Authorization framework
SMART Backend Services	1.0	Backend service authorization

Environment Information

Production Environment

Base URL: https://fhir.netsmartcloud.com/provider/system-access/v2/{tenant-id}
Token Endpoint: https://fhir.netsmartcloud.com/auth/{tenant-id}/oauth2/v1/token
Bulk Export: https://fhir.netsmartcloud.com/provider/system-access/v2/{tenant-id}/$export

Preview Environment

Base URL: https://fhirtest.netsmartcloud.com/provider/system-access/v2/{tenant-id}
Token Endpoint: https://fhirtest.netsmartcloud.com/auth/{tenant-id}/oauth2/v1/token
Bulk Export: https://fhirtest.netsmartcloud.com/provider/system-access/v2/{tenant-id}/$export

Getting Started

Prerequisites

CareConnect Tenant Access - Contact Netsmart to obtain your tenant ID
System Application Registration - Register your backend application for system access
FHIR Knowledge - Understanding of FHIR R4 resources and bulk data operations
OAuth 2.0 Implementation - Ability to implement OAuth 2.0 client credentials flow
Security Infrastructure - Secure environment for handling PHI and system credentials

Quick Start Steps

Discover Capabilities - Retrieve the CapabilityStatement to understand supported resources and operations
Configure System Authentication - Set up OAuth 2.0 client credentials flow
Obtain Access Token - Authenticate your system to receive access token
Access FHIR Resources - Make authenticated requests for individual resources or bulk export
Handle Bulk Export - Process asynchronous bulk data export workflows

Example: Get CapabilityStatement

GET https://fhir.netsmartcloud.com/provider/system-access/v2/{tenant-id}/metadata
Accept: application/fhir+json

Example: Bulk Data Export

GET https://fhir.netsmartcloud.com/provider/system-access/v2/{tenant-id}/$export
Authorization: Bearer {access_token}
Accept: application/fhir+json
Prefer: respond-async

Supported FHIR Resources

This API provides access to the same comprehensive set of FHIR resources as outlined in the Provider APIs overview, organized by category:

Base Resources - Patient demographics and provider information
Clinical Resources - Conditions, procedures, observations, and medications
Workflow Resources - Encounters, care plans, and service requests
Financial Resources - Insurance coverage information
Specialized Resources - Documents, devices, and audit trails

For detailed information about each resource, including supported operations and search parameters, start with the CapabilityStatement to discover what's actually supported by this API.

Bulk Data Export

Export Operations

Group-Level Export:

Export data for specific patient populations
Supports cohort-based analytics and reporting
Ideal for quality measure calculations

Export Workflow

Initiate Export - Submit export request with desired parameters
Poll Status - Monitor export job progress using provided status URL
Download Files - Retrieve completed export files from secure URLs
Process Data - Import and process exported FHIR resources

Security & Compliance

System Security

Secure Authentication - Private key JWT or client secret authentication
Access Controls - System-level permissions and audit logging
Data Encryption - All data transmitted over HTTPS/TLS
Network Security - IP whitelisting and secure network configurations

HIPAA Compliance

Business Associate Agreements - Required for all system integrations
Administrative Safeguards - System access controls and user management
Physical Safeguards - Secure data centers and infrastructure
Technical Safeguards - Encryption, audit logs, and access monitoring

Audit and Monitoring

Access Logging - Comprehensive logs of all system access
Performance Monitoring - API usage and performance metrics
Security Monitoring - Anomaly detection and security alerts
Compliance Reporting - Regular compliance and usage reports

Error Handling

The API follows FHIR and OAuth 2.0 standards for error responses. Common error scenarios include:

Authentication Errors - Invalid credentials or expired tokens
Authorization Errors - Insufficient system permissions
Resource Errors - Invalid resource requests or parameters
Export Errors - Bulk export job failures or timeouts
Rate Limiting - API usage limits exceeded

For detailed error codes and troubleshooting guidance, see the Error Handling documentation.

Support Resources

Authentication Guide - Detailed OAuth 2.0 implementation
System Access Tutorial - Step-by-step Postman guide
Bulk Data Tutorial - Bulk export walkthrough
Error Handling - Troubleshooting and error resolution
Technical Support - Contact Netsmart for integration assistance

Next Steps

Ready to start building? Here's what to do next:

Review CapabilityStatement - Discover supported resources and operations
Set Up Authentication - Implement OAuth 2.0 client credentials flow
Try the Tutorial - Follow our Postman guide
Explore Bulk Export - Learn bulk data workflows
Test Integration - Use the preview environment to validate your implementation

This API enables powerful system-level healthcare integrations while maintaining the highest standards of security, compliance, and performance. Contact Netsmart support for assistance with your integration.

Overview​

Key Features​

Supported Use Cases​

Population Health Management​

Quality Measure Reporting​

EHR-to-EHR Data Exchange​

Clinical Decision Support​

Healthcare Analytics Platforms​

Research and Development​

Authentication & Authorization​

OAuth 2.0 Client Credentials Grant​

Authentication Methods​

Implementation Standards​

Environment Information​

Production Environment​

Preview Environment​

Getting Started​

Prerequisites​

Quick Start Steps​

Example: Get CapabilityStatement​

Example: Bulk Data Export​

Supported FHIR Resources​

Bulk Data Export​

Export Operations​

Export Workflow​

Security & Compliance​

System Security​

HIPAA Compliance​

Audit and Monitoring​

Error Handling​

Support Resources​

Next Steps​