Interoperability APIs
For Third-Party App Developers
The following information and instructions are for third-party app developers who wish to be approved by Quartz for use by its members to retrieve their health data. Instructions are included here for both the Provider Directory and Patient Access APIs.
Quartz Health Solutions, Inc. allows patients to access their formulary, clinical, and claims data via industry standard FHIR APIs. This data is available via the set of FHIR API servers listed below:
|
Data Type
|
FHIR Server Base URL
|
API Documentation
|
|---|---|---|
|
Formulary Data |
https://apps.quartzbenefits.com/drugformulary/api/search |
|
|
Pharmacy Claims*, Medical Claims |
https://epicproxy.hosp.wisc.edu/FhirProxy/UWHEALTH/api/FHIR/R4 |
*We are currently experiencing a temporary issue affecting certain pharmacy claims from 2024 and 2025. As a result, some of the pharmacy data may not be available through the Patient Access API at this time. Please note this does not affect medical claims or pharmacy claims data from years prior to 2024. We appreciate your patience as we work to resolve the issue and restore full access to the affected pharmacy claims data as quickly as possible.
Access to these APIs is managed by a single OAuth 2.0 authorization server. This allows a patient to authorize your application once for all data managed by Quartz Health Solutions, Inc., regardless of which API server contains the data. In OAuth 2.0 terms, this is using a single access token for two “audiences”.
As an app developer, you have two options for connecting your app to these API servers:
[Preferred] Support one-time authorization for all data managed by Quartz Health Solutions, Inc.
This option provides for an improved patient experience, as the patient only needs to authorize your app once to allow your app to download data from both API servers. However, this does require your app to specifically support multiple API servers associated with a single authorization server.
To implement this option, your app should use the SMART on FHIR Standalone Launch sequence. The patient can authorize your app to access their data managed by Quartz Health Solutions, Inc. Your app will be issued an access token granting access to the data authorized by the patient. Your app can use that access token to perform API calls against all API servers associated with Quartz Health Solutions, Inc.
App Development Steps
- Register your application on https://fhir.epic.com/.
- This registration will apply to all API servers.
- Register scopes for all APIs you want to access from any API server.
- Implement the SMART on FHIR Standalone Launch flow in your app.
- Load the API server endpoints you intend to connect to. You can select from the endpoints listed on https://open.epic.com/MyApps/Endpoints and the non-Epic endpoints listed above.
Note: For the convenience of the patient, you may want to group endpoints from the same organization in to one UI selection element. For example, the patient would see a UI element to connect to Quartz Health Solutions, Inc., but your app would have a behind-the-scenes relationship between the patient-visible Quartz Health Solutions, Inc. and the list of API endpoints you will query for data.
Run-time Data Access Steps
- Present the patient with the endpoints or organization they want to download their data from.
- Initiate the SMART on FHIR Standalone Launch flow with the OAuth2 authorization server associated with the endpoint.
- Perform API requests against each API server associated with the organization.
- Use the same access token issued during the Standalone Launch flow for both API servers.
- Use the same patient FHIR ID communicated during the Standalone Launch flow for both API servers.
[Discouraged] Require per-API server authorization.
This option provides a suboptimal user experience, as the patient must authorize your app for each API server independently.
To implement this option, your app would initiate the SMART on FHIR Standalone Launch flow once for each API server.