1upHealth provides a common RESTful API across 10,000+ health centers (our network) with more added each month. This API fully supports FHIR and provides rich programmatic access to electronic medical record data for patients and the companies and institutions who serve them. The available data includes patient demographics, labs, medications, observations, procedures, allergies, and much more.
The 1upHealth platform is HIPAA compliant and in use by some of the largest hospital systems. You can get started for free with our developer tier.
Register as a 1upHealth developer by clicking on "Get API Keys". This link can be found on top right corner, throughout our website.
After clicking on "Get API keys" link, you will be taken to a login page where you can either login or sign up.
Provide us with your email, username, and a strong password, then simply click on sign up button at the end.
Confirm the email address that you provided by clicking on the link in the email sent to you by 1upHealth.
You can go to the login page by clicking on the "Get API Keys". After logging in, you will be taken to your dashboard. Now click on "ADD YOUR FIRST APPLICATION".
Now enter name of your application and OAuth2 redirect URL (root url of your application) then click on "SAVE".
If you are just testing, you can leave as "http://localhost:8000"
Now you will be shown your application details. Make sure you save your clientid and secret (keep it safe and secure, you won’t be able to see it again).
You can follow the steps below to test our API via curl commands, or you can Download our Postman collection here
For each user, the 'code' variable is the OAuth2 access code. You will exchange the 'code' to get the OAuth2 access token. The access_token and refresh_token will be used to gain access to the user's data. Keep secure.
If you need to generate a new ‘code’ for a user that you created previously:
Here is the user flow (OAuth2).
1) Created new user (akuafo100), receive user code. If needed, generate a new code:
2) Exchange user code for bearer token (and refresh token).
3) Create FHIR resources and associate with the user, using the user's token. For example, create a Patient resource, and give the user a name, gender, and age. You get to define your own ID value for the resource.
4) Query the user resource for Patient that you just created by using its ID and the user token. You’ll only see basic data with this endpoint. Once you add a health system EHR, you’ll query other endpoints to get more data.
1) Send the user to the website to login
Modify this URL:
In the URL:
For example, to add data from an Epic EHR to the user's account, you can use this URL:
Then, login into EPIC with sample credentials (fhirjason / epicepic1):
After authenticating, the browser first gets redirected to 1upHealth. 1upHealth will be given an access token for that user. 1upHealth will begin collecting data from that provider.
Then, the browser is redirected to the URL you provided as the app's URL [you do not need to retrieve any variables, 1up has already collected them]
Data will automatically flow into 1upHealth and will be synchronized within a 2 minute time frame.
EHR (clinical data) will be stored as their native FHIR resources.
You can now retrieve data. In each request, you must include the user’s access token as an API header.
For example, retrieve patient demographics:
When developers are using 1upHealth for system level access with direct provider connectivity (not patient by patient), 1 user equals 1 provider, health system or clinic. So in this case the 1upHealth user would have hundreds or thousands of patients.
The user can preload any set of patients and associated data before connecting to a health system. Connecting to a health system will pull in all historical data and push it into the user's permissions. If a direct provider integration is made all historical data will be pulled in to begin with and pushed to the users permissions.
The user is still able to make standard FHIR queries. For example to get a list of patients coming into an office the user could query against this url
For information on write backs to the EHR please click here