CareSource Interoperability Overview
CareSource’s Interoperability APIs are developer friendly, FHIR based APIs that enable third-party application and vendors to connect their applications to CareSource patient and provider information.
Interoperability APIs enable CareSource members to consent to have their data shared with a third-party application of their choosing. These APIs also enable third-party application owners to connect to provider and pharmacy directories or publicly available data.
CareSource’s APIs support the technology and functionality below:
- Developer ability to register a member-facing applications
- Members to provide consent to an application for access their data within scope
- Use the HL7 FHIR (Fast Healthcare Interoperability Resource) for patient and publicly available provider data
- Use of OAuth 2.0 or Open ID for authorization flows to support for member authorization
Authorization / Authentication:
To use the CareSource interoperability APIs a developer must register their application or portal through emailing or Interoperability group [firstname.lastname@example.org]. During this process you will be required to complete a questionnaire about the purpose of your applications purpose and business details.
Once registered and application and point of contact is given a client ID and a client secret. The secret should only be used if it can be kept confidential, such as communication between your server and the CareSource interoperability APIs. For insecure implementations.
CareSource supports non-authenticated public directory endpoints, these will still require application registration. Please see resources documentation in the Swagger docs for additional information.
- Patient Access API CRT Environment Swagger Information
- Patient Access API Production Environment Swagger Information
- Provider Directory API CRT Environment Swagger Information
- Provider Directory API Production Environment Swagger Information
Supported Implementation Guides
CareSource supports the following implementation guides
Production application with a need to access Public APIs (formulary, provider directory and pharmacy directory) will still require registration but will be automatically approved. Production application requests for Patient Access APIs will require review from our security and compliance team prior to approving access. Our security and compliance team will reach out with any questions during this review process.
Authorization server launch URL documentation is shared after successful organization registration and approval.
Member revokes access: A member may revoke access to your application via their member portal using base level information sharing consent (opt in or opt out). When you encounter an invalid token indicating a member has revoked access, you should make a reasonable attempt to handle that case making it easy for the member to understand what is happening with their data.
Inquire about access to CareSource Patient Access, Provider Directory, or Payer to Payer Data Exchange APIs as part of the Interoperability and Patient Access final rule (CMS-9115-F) from the Centers for Medicare & Medicaid Services, please send an email with your contact information to email@example.com.