Elderplan Interoperability Third-Party Application Developer User Guide

Overview

To ensure the privacy and security of member data, application developers entering the healthcare interoperability space must adhere to stringent standards. Elderplan Interoperability APIs offer a developer-friendly, standards-based solution that allows third-party application vendors to connect their programs and access Elderplan data.

This document outlines the process for registering third-party applications to connect to the Elderplan FHIR server and access member data.


Registering Third-Party Applications

To connect a third-party application (referred to as “app”) to Elderplan, the vendor must first register and obtain approval from the Elderplan Administrator. Upon approval, the app developer will receive the OAuth token, URL, and client credentials (client ID and secret) necessary to connect the app to the Elderplan FHIR server.

Steps to Register a Third-Party App:

  1. Access the Elderplan App Gallery Developer Portal URL with the appropriate links below and click ‘Get Started’:
  2. Sign Up:
    • If you are a new developer accessing the portal for the first time, click ‘Sign Up’ and provide the necessary details to create a new developer account.
  3. Log In:
    • Once your developer account is created, log in using your credentials.
  4. Enter Developer Account Details:
    • For Registered Business Users: Provide the legal full name, designation, and DUNS (Data Universal Numbering System) number.
    • For Individual Users: Enter your legal name.
  5. Provide Address Details:
    • Complete the registration form with the requested address information.

      For registering a business user
      Registering as a Business User
  6. Dashboard Access:
    • After providing the developer account details, you will be directed to a dashboard where you can register new third-party apps or view the status of existing registrations.
      App Registration Dashboard
  7. Register a New App:
    • Click the ‘Register App’ button and follow these steps:
      • Step 1: Enter the app name.
        Graphic of phone on the left with app registration steps to the right, field for App Name
      • Step 2: Provide details about the app’s supported operating systems, home page URL, privacy policy, terms of service, and OAuth redirect URLs.
        App registration steps graphic with fields for supported operating systems and additional detail fields
      • Step 3: Upload the app icon and provide both a short and long description of the app (mandatory fields).
        App registration progress bar with description fields
      • Step 4: Select the categories and FHIR version that the third-party app supports (mandatory).
        App registration progress bar with category fields
      • Step 5: Specify the required scopes (mandatory), including:
        App registration process with Requested Scopes field
        fhirUser launch launch/patient offline_access online_access openid organization/*.read patient/*.read patient/AllergyIntolerance.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Coverage.read patient/Encounter.read patient/ExplanationOfBenefit.read patient/FamilyMemberHistory.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationAdministration.read patient/MedicationDispense.read patient/MedicationKnowledge.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Practitioner.read patient/PractitionerRole.read patient/Procedure.read profile user/*.read
      • Step 6: Review the legal attestation and submit the form.
        App registration process with Legal Attestation statement and Accept/Decline radio buttons
  8. Approval Process:
    • Once the app is registered, it will be reviewed by the Elderplan Administrator. The status will initially show as ‘Review’. Upon approval, the status will change to ‘Live’.
      9-AppForApproval
  9. IP Allowlisting:
    • As part of the approval process, you must provide a specific range of source IP addresses for Elderplan to allowlist. This ensures that only authorized traffic from your network is permitted. Application registration will be approved only upon receipt of this information. Send the IP addresses to: apisupport@mjhs.org.
  10. Obtaining OIDC Client Details:
    • After approval, log in to the Elderplan developer portal to retrieve the OIDC client details from the registered app. REMINDER: Ensure you perform thorough testing in the Test/Sandbox environment before moving to Production.
    • The dashboard will display all registered apps with their status (Pending/In Review/In Review -> Live/Rejected). Click on the approved app to view the OIDC client details (make sure to copy these details):
      • OIDC Client ID
      • FHIR Endpoint
      • OAuth 2.0 Authorize Endpoint
      • OAuth 2.0 Token Endpoint
    • Use these details to connect your app to the Elderplan FHIR Repository.
  11. Obtaining the API Key:
    • Once the app is approved, the Elderplan Administrator will create a unique API Key for the app and share it with the developer. This API key must be passed as a parameter in the headers of every API request to Elderplan.

      Note: Elderplan has implemented rate limits on API requests to ensure smooth and secure operations. Exceeding the limit may result in failed requests and alerts for further investigation.

Developer Sandbox for Testing Data

To join the developer Test/Sandbox environment, follow these steps to register a sample application and retrieve synthetic data for a sample Patient ID:

  • Log in to the Elderplan Developer Portal (Test/Sandbox):
  • Copy the OIDC Connect Details:
    • Retrieve and configure your app with the following details:
      • OIDC Client ID
      • FHIR Endpoint
      • OAuth 2.0 Authorize Endpoint
      • OAuth 2.0 Token Endpoint

These steps will help you set up and test your application in the sandbox environment using synthetic data. If you have any questions or need further assistance, feel free to reach out.


Reference URL’s:

For more details about Elderplan’s Developer Portal, visit the link below:


Elderplan FHIR URL’s:

Note:  Ensure your app is registered and thoroughly tested in the Test/Sandbox environment before registering it in Production. The Elderplan Administrator will only approve the app in Production if it has been successfully registered and tested in Test/Sandbox.


Support Contact details

If you encounter any issues related to app registration, developer account username/password, or OIDC connection in the test/sandbox/production environments, please email us with the details. We will address and resolve the issues as soon as possible, especially if they are related to the Elderplan FHIR server.