RESTful FHIR APIs, built to multiple versions of the standard, allow access to USCDI clinical data in an interoperable and standard format. 

A person using a computer in a healthcare setting

athenahealth offers RESTful FHIR APIs for interoperable use of our healthcare data using the open standards developed by HL7. While these standardized APIs often cover similar data types as our  athenaOne APIs, the FHIR standard format allows for easier data processing and exchange through common off-the-shelf frameworks which support the FHIR data model. 

Additionally, our FHIR APIs are built to fully support both 2-legged and 3-legged OAuth mechanisms, allowing app developers to seamlessly build either system-to-system or user facing application flows respectfully. 

Our FHIR APIs are built to multiple versions of the standard:  

For capabilities supported in our FHIR implementation, refer to each endpoint’s API reference page. 

We recommend all new projects to use the latest FHIR R4 release of FHIR APIs, as these will be the best supported FHIR version that athenahealth offers. However, athenahealth plans to continue supporting both FHIR R4 and FHIR DSTU2 for the foreseeable future. 

Each FHIR API documentation page will show which OAuth scopes are accepted to access the API, using the v1 SMART on FHIR scope convention. These accepted scopes will show what types of application access models work with the API, for example: 

  • system scope: Allows access from 2-legged OAuth applications in a system-to-system access pattern (no user involved) 
  • user scope: Allows access from a 3-legged OAuth application with an athenaOne user logged in (e.g., practice clinician or staff) 
  • patient scope: Allows access from a 3-legged OAuth application with a patient portal user logged in. This could be a patient accessing their own patient records, or another portal user with delegate access to that patient (eg: A parent accessing their child’s patient records). 

For additional information on OAuth scopes and 2-legged vs 3-legged access patterns, refer to our Authorization Overview guide.

Many of our FHIR endpoints are Certified APIs, which athenahealth offers free of charge to our customers and partners. Learn more about Certified API access here.  

Was this information helpful? Yes | No Thank you for your feedback! What went wrong? Incomplete or incorrect information | Irrelevant Content | Others

On this Page