MD Logic API Specifications

Version 1.0 Release Date: 9/25/2017

INTRODUCTION

The MD Logic API (Application Programming Interface) is a web service that exposes a set of methods for accessing patient data stored in an MD Logic EHR System. The MD Logic API is a RESTful service which is implemented using the HTTP protocol and returns JSON formatted data that is logically structured according to the Fast Healthcare Interoperability Resources (FHIR) specification. The patient data available to an API client application is specified by the Common Clinical Data Set (CCDS) as documented by the ONC and is logically organized into 15 data categories which may be retrieved in whole or in parts. The API also supports retrieving a Continuity of Care Document (CCD) for a patient. This document is a patient summary often used in transitions of care and is formatted as XML according to the HL7 CCD specifications.

REQUIREMENTS

Client applications developed to use the MD Logic API must be compliant with HTTP standards, FHIR specifications, JSON data formatting specifications and require a signed Terms of Use agreement with MD Logic Inc.

End users wishing to use a client application leveraging the MD Logic API must have credentials (username and password) in order to log in and access patient data. End user credentials are granted to users by providers in MD Logic following a formal request and acceptance by the provider.

CONFIGURATION

Client applications developed to use the API do not require being registered in advance with MD Logic. However, in order to use the API features, the application must successfully login into the API with valid user credentials entered by the end user of the client application. The application itself needs only an internet connection, the URL of the API, the user’s credentials, and the ability to process the API FHIR responses.

End user credentials are created and maintained by providers in MD Logic. A user’s credentials can be configured to limit data access to a particular patient, a list of designated patients or all patients in the practice.

SECURITY

The MD Logic API is hosted on a web server using a trusted connection (SSL). This ensures that all patient information is transferred using high level encryption. All accesses of patient information are audited by the MD Logic EHR.

API FUNCTIONS

Login

This function attempts to authenticate the user’s credentials. If the user’s credentials are successfully authenticated, then a session is started and a unique “OAuth 2” session token is generated. This session token is required in all subsequent API calls to identify the end user and their access privileges. The user remains logged into the API for the duration of the session until the Logout function is called or the session is terminated due to an activity timeout.

Http Method: Post

Headers:

Content-Type: application/x-www-form-urlencoded

Body Content:

Property Type

UserName string
Password string

Url Parameters: None

Url Syntax:

https://mdlogicapi.com/fhir/Login

Return Values:

HTTP Status Code: 200 for success, otherwise an error code

access_token: Session token that identifies user’s session (e.g. e8bb6981-8375-4b72-bfea-47127569e00a)

token_type: Bearer

expires_in: Time in seconds

Error Conditions:

HTTP Status Code	Message	Scenario
400 (Bad Request)	The User Name or password is incorrect	Entered invalid username or password
400 (Bad Request)	Unsupported_grant_type	Indicates grant_type or HTTP method is invalid
404 (Not Found)	No HTTP resource found that matches the request URL	Indicates required data is missing or contains invalid request

Get Patient

This method searches for patients matching the provided input parameters and returns a list of matching patients. The patients returned are limited to the list of accessible patients set up by the practice provider for that end user of the client application. Each Patient Resource returned contains an ID field (Patient Token) which uniquely identifies the patient. This Patient Token is needed throughout the remainder of the session in order to use the Get Patient Data function.

Http Method: Get

Headers:

Content-Type: application/json

Authorization: Bearer 6364e90c-7a02-4455-ab15-541daa65fca6 (Session Token)

Url Parameters:

Name Type Case-Sensitive Optional

Firstname string No Yes

Lastname string No No

Url Syntax:

https://mdlogicapi.com/fhir/Patient?Parameter₁=Value₁{&Parameter_n=Value_n_…}

https://mdlogicapi.com/fhir/Patient?Lastname=Newman

https://mdlogicapi.com/fhir/Patient?Lastname=Newman&Firstname=Alice

Return Values:

The Get Patient method returns a list of Patient Resources matching the given input parameters. The patient data is structurally formatted as FHIR Patient objects using JSON data format. For patient resource data structure details refer to the Patient resource on HL7.org.

Error Conditions:

HTTP Status Code	Message	Scenario
401 (Unauthorized)	Authorization has been denied for this request	Invalid session token, user is not logged in, or session has expired
404 (Not Found)	No HTTP resource found that matches the request URL	Indicates required data is missing or contains invalid request
405 (Method Not Allowed)	The requested resource does not support HTTP method	Indicates HTTP method is invalid

Get Patient Data

This function retrieves patient data for the patient identified by the PatientID parameter in the URL. The type and quantity of data returned is controlled by the DataCategory parameter. Data can also be filtered by date if the StartDate and EndDate parameters are included in the URL.

Http Method: Get

Url Parameters:

Name Type Case-Sensitive Optional Value(s)_____________

DataCategory string Yes No See Appendix A

PatientID string No No Patient ID from Get Patient

StartDate string No Yes

EndDate string No Yes

Url Syntax:

https://mdlogicapi.com/fhir/v1/Patient?DataCategory=Category₁{,Category_n}&PatientID=Value

Examples:

Retrieve “Patient Name” and “Problem List” for patient with PatientID = 72075

https://mdlogicapi.com/fhir/v1/Patient?DataCategory=PatientName,Problem&PatientID=72075

Retrieve All Patient Data for patient with PatientID = 72075 (includes all category resources and a CCD)

https://mdlogicapi.com/fhir/v1/Patient?DataCategory=AllData&PatientID=72075

Retrieve a “CCD” (Continuity of Care Document) for patient with PatientID = 72075

https://mdlogicapi.com/fhir/v1/DocumentReference?DataCategory=CCDA&PatientID=72075

Retrieve all encounters for patient with PatientID = 72075 between 1/1/2000 and 1/1/2012

https://mdlogicapi.com/fhir/v1/Encounter?DataCategory=Encounter&PatientID=72075&StartDate=01/01/2000%2012:00%20AM&EndDate=01/01/2012%2012:00%20AM

Return Values:

The Get Patient Data method returns a list of FHIR Resources for the patient identified by the PatientID input parameter. The resources returned are constrained by the DataCategory, StartDate, and EndDate parameters. The data is structurally formatted as FHIR Resources using JSON data format. For structure details of Patient resources and other FHIR resources refer to Appendix A.

Error Conditions:

HTTP Status Code	Message	Scenario
400 (Bad Request)	Unknown DataCategory. DataCategories are case sensitive.	Indicates DataCategory value is invalid
400 (Bad Request)	Unknown FHIR resource. ResourceTypes are case sensitive	Indicates ResourceType is invalid
401 (Unauthorized)	Authorization has been denied for this request	Indicates invalid Token, session expired, or the user is not logged in
404 (Not Found)	No HTTP resource found that matches the request URL	Indicates required data is missing or contains an invalid request
405 (Method Not Allowed)	The requested resource does not support HTTP method	Indicates HTTP method is invalid

LogOut

This function terminates the API session and deletes the associated Session Token. The user will no longer have permission to access any API functions except for LogIn.

Http Method: Delete

Parameters: None

Eg: https://mdlogicapi.com/fhir/v1/logout

Return Values:

HTTP Status Code : 200

Message: You have Signed Out

Error Conditions:

HTTP Status Code	Message	Scenario
404 (Not Found)	No HTTP Response was found matches the Request URL	Indicates required data is missing or contains invalid request
405 (Method Not Allowed)	The requested resource does not support HTTP method	Indicates HTTP method is invalid

APPENDIX A

Patient Data Categories

Data Categories	FHIR Resource	Resource Reference
Patient Demographics including Race/Ethnicity	Patient	Refer to Patient resource on HL7.org
Encounter	Encounter	Refer to Encounter resource on HL7.org
Problem	Condition	Refer to Condition resource on HL7.org
Procedures	Procedure	Refer to Procedure resource on HL7.org
careTeam	Practitioner	Refer to Practitioner resource on HL7.org
Medications	MedicationStatement	Refer to MedicationStatement resource on HL7.org
MedicationAllergies	AllergyIntolerance	Refer to AllergyIntolerance resource on HL7.org
Immunizations	Immunization	Refer to Immunization resource on HL7.org
Goals	Goal	Refer to Goal resource on HL7.org
CarePlan	CarePlan	Refer to CarePlan resource on HL7.org
VitalSigns	Observation	Refer to Observation resource on HL7.org
SmokingStatus	Observation	Refer to Observation resource on HL7.org
LabTests	DiagnosticOrder	Refer to DiagnosticOrder resource on HL7.org
LabResults	Observation	Refer to Observation resource on HL7.org
UniqueDeviceIds	device	Refer to Device resource on HL7.org
Assessment	ClinicalImpression	Refer to ClinicalImpression resource on HL7.org
ReasonforReferral	ReferralRequest	Refer to ReferralRequest resource on HL7.org
HealthConcerns	Condition	Refer to Condition resource on HL7.org
FunctionalStatus	Condition	Refer to Condition resource on HL7.org
CognitiveStatus	Condition	Refer to Condition resource on HL7.org

Reference Guides for API, FHIR Resources, and Developers

FHIR RESTful API : https://www.hl7.org/fhir/http.html

Details of each FHIR Resource: https://www.hl7.org/fhir/resourcelist.html

Data types supported in FHIR: https://www.hl7.org/fhir/datatypes.html

Developers guide to accessing FHIR: https://www.hl7.org/fhir/overview-dev.html

Get started with MD Logic API

Name *

Email *

Phone *

Organization

Comments *

MD Logic API License Agreement

Last Updated: 12-1-2017

By accessing or using the MD Logic API you accept the terms of this MD Logic API License Agreement (the "Agreement"). In this Agreement, "MD Logic API" means MD Logic, Inc., "You" (including "Your") means you, and the "parties" refer to MD Logic, Inc. and You.

1. Definitions

1.1. "API Key": The secret key required to access the API.

1.2. "Application": Any application that You develop using the MD Logic API to use, search, display, download, and/or modify the MD Logic Content.

1.3. "Developer Tools": The tools, documentation, and other content available on the MD Logic other than the MD Logic API.

1.4. "End User": A user of Your Application that uses the MD Logic API.

1.5. "End User Credentials": An End Users' name, email address, phone number, and organization name.

1.6. " MD Logic API": The MD Logic API (Application Programming Interface) is a REST-based interface that allows third parties to retrieve data from MD Logic hosted servers in a secure and standardized fashion. With proper End User authentication, MD Logic provides access to various features of the MD Logic API, including the ability to search and retrieve our MD Logic Content.

1.7. "MD Logic Content": All Clinical Decision Support Order Sets and Plans of Care content and data associated with such content hosted on MD Logic servers and made available by MD Logic for use by developers.

1.8. "MD Logic Marks" mean the MD Logic, which are U.S. registered trademarks of MD Logic, Inc.

1.9. "MD Logic Website": The website located at www.mdlogic.com.

2. License

2.1. Grant of License
Subject to Your compliance with this Agreement, MD Logic grants You a revocable, limited, worldwide, non-exclusive license to use the MD Logic API. MD Logic may revoke this license at any time for any reason. MD Logic may also limit calls from Your Application at any time for any reason.

2.2. License Restrictions

2.2.1. You must obtain End Users' express consent before exposing Your Application to them.

2.2.2. You will only authenticate End Users using one of our provided authentication methods.

2.2.3. You must apply for an API Key in order to access the API. You will keep the API Key confidential and not disclose them to third parties including End Users. MD Logic reserves the right to change Access Keys at any time.

2.2.4. You will comply with all laws, MD Logic Terms of Service, and MD Logic Privacy Policy.

2.2.5. You will not mislead End Users.

2.2.6. You will not display advertisements within the Application (e.g., pre- or post-roll ads, flash overlay ads, etc.) without MD Logic’s prior written consent.

2.2.7. You will not charge End Users a fee for using your Application without MD Logic’s prior written consent.

2.2.8. You will not represent that MD Logic has approved Your Application without MD Logic’s prior written consent, nor will you suggest that you or your Application is affiliated with MD Logic.

2.2.9. You comply with MD Logic’s then-current API Best Practices

2.2.10. You will make it easy for End Users to disconnect from Your Application.

2.2.11. You will not reverse engineer or decompile the MD Logic API.

2.2.12. You will not crawl or data mine MD Logic Content without MD Logic’s prior written consent.

2.2.13. You will not introduce viruses, worms, Trojan Horses, etc. through the Application.

2.2.14. You will only request, use, and retain MD Logic Content as necessary to operate, optimize, and modify Your Application.

2.2.15. You will not make API calls exceeding a reasonable amount per day.

2.2.16. You will immediately forward to us any notices or claims alleging that the MD Logic

Content infringes the proprietary rights of any third party, including claims made pursuant to the Digital Millennium Copyright Act.

2.2.17. You are responsible for ensuring that each End User is informed of, and abides by, the
terms and conditions of this Agreement.

2.2.18. Upon request by MD Logic, you will ideate regarding potential use cases for MD Logic
Content and share suggestions with MD Logic.

3. Intellectual Property

3.1. As between MD Logic and you, (a) MD Logic owns the MD Logic API, the MD Logic Content, the MD Logic Marks, the MD Logic Website; and (b) You own Your Application. Except as expressly set forth in this Agreement, neither party transfers any right, title, or interest in or to its intellectual property.

3.2. Subject to your compliance with the terms of this Agreement, MD Logic hereby grants You a limited, non-exclusive, revocable license to use the MD Logic Marks for descriptive purposes in connection with Your Application, provided, however, that you may not use the MD Logic Marks in the name or logo of Your Application (i.e., you may not call your Application a "MD Logic application") without MD Logic’s prior written consent.

3.3. You grant MD Logic a limited, non-exclusive license to use Your name, logo, and trademarks for the purpose of listing or featuring Your Application on the MD Logic Website. You further grant MD Logic permission to link to Your Application. The foregoing rights shall not be deemed obligations by MD Logic to promote your Application in any way.

3.4. MD Logic reserves the right to develop applications and services that are similar to Your Application.

4. Term and Termination

This Agreement will continue for as long as you operate an Application or until MD Logic terminates this Agreement, whichever comes first. MD Logic may terminate this Agreement at any time for any reason with or without notice. The following provisions will survive any termination or expiration of this Agreement: Sections 1, 3.1, 3.4, and 5 through 9. Upon termination, you will no longer have access to the API.

5. Representations and Warranties

You represent and warrant that (a) you have the right and authority to enter into and perform this Agreement; (b) you will not be breaching any agreement with a third party by entering into this Agreement; and (c) Your Application will not infringe any third party's intellectual property rights.

6. Indemnification

You will indemnify, defend, and hold MD Logic harmless from and against any losses (including attorneys' fees) from any third party claims arising out of any breach by You of any term of this Agreement.

7. Warranty Disclaimer and Limitation of Liability

MD Logic provides the MD Logic API and the MD Logic Content on an "AS IS" basis and makes no warranties, express, implied, or statutory, including, without limitation, warranties of merchantability, non-infringement, and fitness for a particular purpose. In no event shall MD Logic be liable for (a) any indirect, incidental, consequential, punitive, or special damages, even if it has been advised of the possibility of such damages; or (b) damages exceeding U.S. $10,000.00.

8. Technical Support and Implementation

MD Logic will provide reasonable technical support with respect to the MD Logic API to You via MD Logic's customer support at support@mdlogic.com , available Monday through Friday, 8:00am – 7:00pm EST, excluding holidays.

Payments

8.1. Fees
No cash consideration is provided by either party hereunder. The parties are entering into this
Agreement in anticipation of the goodwill they expect to accrue.

9. Governing Law; Choice of Forum; Waiver of Jury Trial

This Agreement shall be governed by the laws of the State of Georgia without regard to conflicts of law principles, and each party irrevocably consents to the exclusive jurisdiction and venue in the state and federal courts located in Gwinnett County, Georgia. Each party irrevocably and unconditionally waives any and all rights to a jury trial in respect of any action arising out of or relating to this Agreement.

10. Miscellaneous

Each party is an independent contractor of the other and neither is an employee, agent, partner, or joint venture participant of the other. No delay or failure on the part of MD Logic in the exercise of any right under this Agreement or any law shall operate as a waiver of such right. In the event a court finds any term of this Agreement unenforceable, that term will be enforced to the maximum extent permissible and the remainder of this Agreement will remain in full force and effect. This Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof. This Agreement shall be binding upon and inure to the benefit of the parties' permitted successors and assigns. Nothing in this Agreement, express or implied, is intended to or shall confer any rights on any entity other than the parties. This Agreement may be modified by MD Logic at any time by posting a new version of the www.mdlogic.com.

API Documentation

INTRODUCTION

REQUIREMENTS

CONFIGURATION

SECURITY

API FUNCTIONS

Login

Http Method: Post

Headers:

Body Content:

Url Parameters: None

Url Syntax:

Return Values:

Error Conditions:

Get Patient

Http Method: Get

Headers:

Url Parameters:

Url Syntax:

Return Values:

Error Conditions:

Get Patient Data

Http Method: Get

Url Parameters:

Url Syntax:

Return Values:

Error Conditions:

LogOut

Http Method: Delete

Parameters: None

Return Values:

Error Conditions:

APPENDIX A

Patient Data Categories

Reference Guides for API, FHIR Resources, and Developers

Get started with MD Logic API

MD Logic API License Agreement

1. Definitions

2. License

3. Intellectual Property

4. Term and Termination

5. Representations and Warranties

6. Indemnification

7. Warranty Disclaimer and Limitation of Liability

8. Technical Support and Implementation

Payments

9. Governing Law; Choice of Forum; Waiver of Jury Trial

10. Miscellaneous