Utah Medicaid Vendor Service - Patient Access API

API Overview

Utah Medicaid's patient access API introduces a secure, client driven, data connection between Medicaid and a client's chosen third-party application. The API conforms to CMS's standards found in HL7® FHIR®, CARIN Blue Button®, and along with Common Payer Consumer Data Set (CPCDS).

Capability Statement

Developers, for the capability statement please reference https://fp.medicaid.utah.gov/ProviderClient/metadata .

The capability statement outlines versions, authorizations, resources, profiles, interactions, search parameters, and end points.

Getting Started

In order to access the API, application owners will need to register their PHR application by completing the form found on the PHR App Registration page.

Authorize URL Format:

https://login.dts.utah.gov:443/sso/oauth2/authorize?client_id={your_client_id}&redirect_uri={your_redirect_url}&response_type=code

Getting Access Token:

HTTP Method: POST

URL: https://login.dts.utah.gov:443/sso/oauth2/access_token

HTTP Headers:

Header name	Value
content-type	application/json
accept	application/json
authorization	Basic base 64({client_id}:{client_secret})

HTTP Body:

Field name	Value
code	{oauth code}
grant_type	authorization_code
redirect_url	{your_redirect_uri}

Resources

The API supports the following resources:

Resource	URL
Coverage	https://fp.medicaid.utah.gov/ProviderClient/Coverage , opens in a new tab
Endpoint	https://fp.medicaid.utah.gov/ProviderClient/Endpoint , opens in a new tab
ExplanationOfBenefit	https://fp.medicaid.utah.gov/ProviderClient/ExplanationOfBenefit , opens in a new tab
HealthcareService	https://fp.medicaid.utah.gov/ProviderClient/HealthcareService , opens in a new tab
InsurancePlan	https://fp.medicaid.utah.gov/ProviderClient/InsurancePlan , opens in a new tab
Location	https://fp.medicaid.utah.gov/ProviderClient/Location , opens in a new tab
Metadata	https://fp.medicaid.utah.gov/ProviderClient/metadata , opens in a new tab
OperationDefinition	https://fp.medicaid.utah.gov/ProviderClient/OperationDefinition , opens in a new tab
Organization	https://fp.medicaid.utah.gov/ProviderClient/Organization , opens in a new tab
OrganizationAffiliation	https://fp.medicaid.utah.gov/ProviderClient/OrganizationAffiliation , opens in a new tab
Patient	https://fp.medicaid.utah.gov/ProviderClient/Patient , opens in a new tab
Practitioner	https://fp.medicaid.utah.gov/ProviderClient/Practitioner , opens in a new tab
PractitionerRole	https://fp.medicaid.utah.gov/ProviderClient/PractitionerRole , opens in a new tab
RelatedPerson	https://fp.medicaid.utah.gov/ProviderClient/RelatedPerson , opens in a new tab
StructureDefinition	https://fp.medicaid.utah.gov/ProviderClient/StructureDefinition , opens in a new tab

Request Headers:

All API resource requests require the following headers:

Header name	Value
content-type	application/json
accept	application/json
authorization	Bearer {ACCESS_TOKEN}

Regulatory Information

Resource	URL
CARIN Alliance Code of Conduct	https://www.carinalliance.com/our-work/trust-frameworkand-code-of-conduct/ , opens in a new tab
CMS Best Practices for Payers and App Developers	https://www.cms.gov/files/document/best-practices-payers-and-app-developers.pdf , opens in a new tab
CMS Regulations and Guidelines	https://www.cms.gov/Regulations-andGuidance/Guidance/Interoperability/index , opens in a new tab
Privacy, Security, and HIPAA	https://www.healthit.gov/topic/privacy-security-and-hipaa , opens in a new tab
ONC Model Privacy Notice	https://www.healthit.gov/topic/privacy-security-and-hipaa/model-privacy-notice-mpn , opens in a new tab