Interoperability APIs
For Third-Party App Developers
The following information and instructions are for third-party app developers who wish to be approved by Quartz for use by its members to retrieve their health data. Instructions are included here for both the Provider Directory and Patient Access APIs.
FHIR Provider Directory API
As mandated by the Centers for Medicare and Medicaid Services, the Quartz FHIR Provider Directory API meets the FHIR specification as outlined in the Da Vinci PDEX Plan-Net Implementation Guide and conforms to the technical standard for data exchange via secure API. The mandate requires this information to be publicly available. If you have questions, please refer to the Da Vinci PDEX Plan-Net Implementation Guide, as our organization does not support developer-specific questions.
| 1. | To access Quartz’s FHIR-compliant Provider Directory API for Quartz, you must first request and obtain a public token from our token service at: quartzfhir.healthsparq.com/api/healthsparq-public-login-service/v1/token. Make sure to include the required metadata and header information to the endpoint. The insurerCode and brandCode provided below will request a new Quartz provider directory token. Each requested token will expire after 15 minutes. No authentication is required because this is a public token. This is a deviation from the JOT methodology because we don’t use a client and secret; it’s simply passing a public token request. There is no need to pass the token as an authenticated bearer token. It needs to be passed as a subject token inside the header section of your request. For Quartz, pass the following for medical and pharmacy provider directory: curl –location –request POST ‘https://quartzfhir.healthsparq.com/api/healthsparq-public-login-service/v1/token’ \ –header ‘Content-Type: application/json’ \ –data-raw ‘{ “city”:””, “state”:””, “postalCode”:””, “country”:””, “insurerCode”:”QUARTZ_I”, “brandCode”:”QUARTZ”, “alphaPrefix”:””, “bcbsaProductId”:””, “productCode”:”” }’ |
| 2. | Include the following required FHIR Provider Call Required Headers: curl –location –request POST ‘http://quartzfhir.healthsparq.com/api/provider-fhir-service/v1/fhir’ –header ‘Accept: application/json’ \ –header ‘Content-Type: application/json’ \ –header ‘Subject-Token: (the public token obtained above) |
| 3. | In accordance with Da Vinci PDEX Plan-Net Implementation Guide, we recommend querying the metadata endpoint first to generate a capability statement for our API before querying any other data. |
| 4. | Technical API Swagger and documentation for FHIR Provider Directory API is publicly accessible at https://developers.healthsparq.com/swagger/provider-fhir-service/provider-fhir-service/v2/api-docs |
FHIR Patient Access API
To access Quartz’s FHIR-compliant Patient Access API, see below.
The registration process will include the following:
| 1. | Registration: you must first register your application. Quartz will verify your application before granting you access to our registration processes. Valid contact information, including names, must be provided when registering. |
| 2. | Application: The application will include registration and attestation. Complete all areas of the registration. The attestation will consist of several yes/no questions to determine and confirm alignment with the CARIN Trust Framework and Code of Conduct. |
| 3. | Review: We will review your application within 14 business days of receipt of your submission whenever possible, but the time frame may exceed 14 days based on the volume of requests and requests for additional information. |
| 4. | Decision: Once we have reviewed your application, we will provide an email response to the email address noted in the application. Upon confirmation of completion of your application, Quartz will register your app and send you an email with your credentials. |
| 5. | Quartz’s API conforms to the FHIR HL7 CARIN Blue Button implementation guide (IG) available at http://build.fhir.org/ig/HL7/carin-bb/ per the standard IG. |
| 6. | Technical API Swagger and documentation for FHIR Patient Access API is publicly accessible at: Capability Statements and Swagger Documents: https://api-qtz-prd.safhir.io/v1/api FHIR Patient Access API Swagger: https://api-qtz-prd.safhir.io/v1/api/carin-bb/docs https://api-qtz-prd.safhir.io/v1/api/uscore/docs https://api-qtz-prd.safhir.io/v1/api/secure-formulary/docs FHIR Patient Access API Documentation: Capability Statement: https://api-qtz-prd.safhir.io/v1/api/carin-bb/metadata Capability Statement: https://api-qtz-prd.safhir.io/v1/api/uscore/metadata Capability Statement: https://api-qtz-prd.safhir.io/v1/api/secure-formulary/metadata Open API Specification: https://api-qtz-prd.safhir.io/v1/api/carin-bb/openapi.json Open API Specification: https://api-qtz-prd.safhir.io/v1/api/uscore/openapi.json Open API Specification: https://api-qtz-prd.safhir.io/v1/api/secure-formulary/openapi.json |
Branding Guidelines
Quartz Marketing will provide logos, branding guidelines, and formatting specifications upon receipt of a request submitted to dl-websitefeedback.