While everyone can continue to use the Patient Portal to access their patient data in an easy to use interface, our technology platform, athenahealth, now offers the additional option to access the same patient record data via a back-end data protocol called an application program interface (or “API”). This enables an application of your choice, such as Apple Health, to access and present your health data to you outside of the Patient Portal. No action is needed to continue to access your information on the Patient Portal, but we wanted to make you aware that this is an option.
We take the protection of your data seriously, so no patient data will ever be shared with an application without the patient’s explicit knowledge and consent. If the application you would like to use is already connected with our practice and athenahealth, such as Apple Health, you will be prompted to log in using the same credentials as the patient portal and consent to sharing your data. Your health information will then be accessible to that application via API. You can revoke that access at any time.
If you would like to use an application that is not yet connected or build your own application, the application developer must integrate to athenahealth’s technical specifications to ensure we can securely grant it access to patient health information. To enable patient health record applications, athenahealth utilizes the “SMART on FHIR” healthcare protocol, a variant of OAuth 2.0 or “3-leg OAuth” widely accepted in the security industry. Like a safety deposit box, this protocol requires two keys: (1) that proves the application is known and trusted and (2) that the patient has logged in and granted access. Only with both keys do we allow an application to access your data. Applications can register for access to athenahealth’s APIs and sandbox
Posted on December 23, 2019