Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Version: 1.0
Last Updated: 2026-02-16
Source: EHR_PM_PLANNING_BUNDLE.md This document catalogs external (out-of-platform) integrations for EHR and Practice Management: clearinghouses, payer APIs, PDMP, HIE, e-prescribing, and lab. Entries may be Implemented (operational), Blocked (requires external verification or blocked by external requirements), or Planned (specified but not yet implemented).

Quick Reference

Integration TypeStatusKey StandardsSpec
Clearinghouse (EDI)📝 PlannedX12 837P/I, 835, 270/271, 276/277PM-15
Payer ePA📝 PlannedDa Vinci CRD, DTR, PASPM-10
Arizona CSPMP (PDMP)📝 PlannedState API / PMP GatewayCL-17
HIE (Contexture)📝 PlannedC-CDA 2.1, XDS/XCA, ADTCL-12, CL-16
EPCS📝 PlannedNCPDP SCRIPT 2023011CL-06
Lab / LIS📝 PlannedHL7v2, FHIR DiagnosticReportCL-09

Status Legend

  • Implemented - Integrated and operational
  • 🟡 In Progress - Implementation underway
  • ⚠️ Blocked - Requires external verification or is blocked by external requirements (e.g., OAuth app verification, vendor approval)
  • 📝 Planned - Specified; not yet implemented

Catalog

NameTypeStandard / APIStatusSpec ReferenceNotes
Clearinghouse (generic)Clearinghouse / EDIANSI X12 837P, 837I, 835, 270, 271, 276, 277📝 PlannedPM-15Claims submission, remittance, eligibility, claim status
Payer FHIR ePAPayer APIHL7 Da Vinci CRD, DTR, PAS📝 PlannedPM-10CMS-0057-F; payer API requirements Jan 1, 2027
Arizona CSPMP (PDMP)PDMPPMP Gateway / HIE / third-party; state API📝 PlannedCL-17EMR vendor integration deadline Dec 31, 2026; A.R.S. § 36-2606
Contexture (AZ HIE)HIEDirectTrust, C-CDA 2.1, XDS/XCA, ADT📝 PlannedCL-12, CL-16Care coordination, document exchange
Waystar Coverage DetectionCoverage DiscoveryREST/JSON; Waystar Coverage API📝 PlannedPM-60BAA: required (existing Waystar BAA may amend); data classes: PHI (name, DOB, SSN); transport: REST over TLS 1.2+; Phase 1 candidate vendor for self-pay coverage discovery
pVerify Coverage DiscoveryCoverage DiscoveryREST/JSON; pVerify API📝 PlannedPM-60BAA: required (new); data classes: PHI; transport: REST; alternative vendor for adapter pattern
Inovalon Coverage DiscoveryCoverage DiscoverySOAP/REST hybrid📝 PlannedPM-60BAA: required; strong retroactive Medicaid panel; alternative vendor
Apple Push Notification Service (APNs)Push NotificationsHTTP/2 binary protocol📝 PlannedPM-59BAA: not applicable (Apple does not store payload — generic, no-PHI titles only); transport: TLS 1.2+; per HHS HIPAA mobile guidance
Google Firebase Cloud Messaging (FCM)Push NotificationsHTTP/REST📝 PlannedPM-59BAA: required (Google Cloud BAA); transport: TLS 1.2+; no-PHI payloads only
Stripe (Apple Pay / Google Pay)Payments / WalletsPaymentRequest API + Stripe REST📝 PlannedPM-59, PM-45Existing Stripe BAA; PCI SAQ-A scope (tokenized; no PAN handling)
Medplum FHIR Server (or alternative)FHIR R4 / SMART App LaunchFHIR R4, SMART App Launch v2.0.0, US Core 7.0📝 PlannedPM-55Vendor selection pending (Medplum / Aidbox / build-in-house); BAA required for hosted; required for ONC HTI-1 (g)(10) certification
Authentik (or alternative OAuth2 server)OAuth2 / SMARTOAuth2 + Dynamic Client Registration📝 PlannedPM-55Vendor selection pending; required for SMART App Launch dynamic registration
EPCS / Surescriptse-PrescribingSurescripts, NCPDP SCRIPT 2023011📝 PlannedCL-06HTI-4; SCRIPT transition by Dec 31, 2027
RTPBe-PrescribingNCPDP RTPB v13📝 PlannedCL-06Real-Time Prescription Benefit; Base EHR Jan 2028
Lab / LISLabHL7v2, FHIR DiagnosticReport📝 PlannedCL-09Orders and results
Ramp (Spend Management / Corporate Cards)External APIRamp Developer API (OAuth, REST)📝 PlannedFA-30Card transaction sync, ERP sync; optional virtual cards; sandbox via Ramp partnerships
RingCentral (Telephony)Telephony APIRingCentral REST API, Webhooks, Embeddable SDK✅ ImplementedCE-03, CE-14Call tracking, recording, disposition, WebRTC embeddable widget
Twilio (SMS)SMS APITwilio SMS REST API, Webhooks✅ ImplementedCE-08Two-way SMS messaging, TCPA compliance
Gmail APIEmail APIGmail REST API (OAuth 2.0)⚠️ BlockedCE-07Email sync (blocked: requires Google app verification)
Microsoft Graph (Outlook)Email APIMicrosoft Graph Mail API (OAuth 2.0)✅ ImplementedCE-07Email sync for Outlook/Microsoft 365

Integration Engine Strategy

Per ehr_pm research: avoid hard dependency on a single integration engine vendor (e.g. Mirth Connect 4.6+ licensing). Prefer:
  • Abstraction layer so EHR does not hard-depend on one engine
  • Standards-first payloads (FHIR, X12, NCPDP, C-CDA) with contract tests
  • Interface catalog (data contracts, endpoints, versioning, monitoring) as a first-class artifact

Decision Tree(s)

Choosing an integration approach:
  1. Is the integration external (clearinghouse, payer, PDMP, HIE, eRx, lab)? → Use this catalog and API Contracts / Event Contracts for in-platform contracts that wrap external APIs.
  2. Is the payload standardized (X12, FHIR, NCPDP)? → Prefer standards-first contracts and abstraction; avoid vendor-specific formats in core.
  3. Does the integration require audit or consent (e.g. PDMP, Part 2)? → Document in spec (CL-17, CL-11) and use platform consent/layers.
  4. Is it real-time (eligibility, claim status) vs batch (837 submission, 835 posting)? → Define SLA, timeout, and retry in API contract.

Pattern Library

  • Abstraction layer: All external calls go through an adapter or edge function; no direct vendor SDK in core. See Integration Engine Strategy.
  • Standards-first contracts: Define request/response shapes using FHIR, X12, or NCPDP types; validate with contract tests before going live.
  • Interface catalog: Each integration has a catalog entry (name, type, standard, status, spec), plus documented endpoints and payload samples (see code examples below).

Common Mistakes

MistakeSymptomFix
Hard dependency on one integration engineVendor lock-in; costly migrationUse abstraction layer; keep engine behind adapter
Non-standard or undocumented payloadsBroken pipelines; hard to debugDefine contracts (FHIR/X12/NCPDP); add examples to catalog
Missing audit for PDMP or Part 2Compliance failureDocument audit requirements in CL-17/CL-11; log query/response IDs only
No versioning or monitoringDowntime or silent failuresAdd version to contracts; health checks and alerting for external endpoints

Pre-Flight Checklist

Before enabling or changing an external integration:
  • Standards: Payload and endpoint match the chosen standard (FHIR R4, X12, NCPDP) and version.
  • Contracts: Request/response schemas and error codes documented in API Contracts or event payload in Event Contracts.
  • Monitoring: Health check and latency/error metrics for the external endpoint; alerts on failure or SLA breach.
  • Versioning: Contract version and external API version documented; upgrade path for breaking changes.
  • Consent/Audit: If PDMP or Part 2–related, consent and audit requirements implemented per CL-17/CL-11.

Data Flow, Authentication & Monitoring (Per Integration)

Each external integration MUST document the following before go-live. Stubs below.

Clearinghouse (PM-15)

  • Data flow: App → Edge function or backend → Clearinghouse (SFTP or API). Outbound: 837P/I, 270, 276, 278. Inbound: 835, 271, 277, 999. Batch and/or real-time per contract.
  • Authentication: TLS 1.2+; credentials (SFTP key or API key) in secrets; no credentials in code.
  • Sandbox/testing: Use clearinghouse test environment; separate config for prod vs test.
  • Error handling: Retry 5xx/network with backoff; rejections (999/277) logged and routed to correction workflow; DLQ for repeated failures.
  • Monitoring: Health check (connectivity + test transaction); latency p95; error rate; alert on SLA breach or connection failure.

Payer ePA (PM-10)

  • Data flow: App → FHIR Da Vinci CRD/DTR/PAS endpoint. Request/response per CMS-0057-F.
  • Authentication: OAuth2 or API key per payer; store in secrets.
  • Sandbox: Payer sandbox for development; document base URLs per environment.
  • Error handling: Retry 429/5xx; return structured error to user; log request_id for support.
  • Monitoring: Latency; success vs denial rate; alert on payer endpoint down.

Arizona CSPMP / PDMP (CL-17)

  • Data flow: App → State PMP Gateway or HIE; query-in-workflow; response stored for audit only (no PII in logs).
  • Authentication: State-issued credentials; certificate or API key per state requirements.
  • Sandbox: State test environment if available.
  • Error handling: Fail closed (do not prescribe without PDMP when required); log query_id only; audit per CL-17.
  • Monitoring: Query success rate; latency; alerts on gateway errors.

Contexture (AZ HIE) (CL-12, CL-16)

  • Data flow: DirectTrust or XDS/XCA; ADT and C-CDA document exchange. Outbound: C-CDA 2.1; Inbound: documents and ADT.
  • Authentication: DirectTrust certificate; enrollment and onboarding per Contexture.
  • Sandbox: HIE test environment.
  • Error handling: Retry transient; log document_id and outcome; no PHI in logs.
  • Monitoring: Submission success; document retrieval latency; certificate expiry alerts.

EPCS / Surescripts (CL-06)

  • Data flow: NCPDP SCRIPT 2023011 to Surescripts; two-factor auth; prescription and status.
  • Authentication: EPCS credentials (hardware or software token); FIPS 140-2 where required.
  • Sandbox: Surescripts test environment.
  • Error handling: Prescription failure returned to user; no retry of invalid sig; audit all attempts.
  • Monitoring: Send success rate; response latency; token/credential expiry.

Lab / LIS (CL-09)

  • Data flow: HL7v2 or FHIR DiagnosticReport; order outbound; results inbound.
  • Authentication: Lab-specific (often VPN or HL7 MLLP with mutual TLS).
  • Sandbox: Lab test environment or mock.
  • Error handling: Retry HL7 NAK; map errors to user message; log order_id only.
  • Monitoring: Order and result throughput; error rate; interface uptime.

Integration Adapter Pattern

All external calls MUST go through an adapter (edge function or server-side module). No direct vendor SDK in core CL/PM UI. Adapter responsibilities:
  • Map internal IDs to external identifiers.
  • Transform request/response to/from standard shapes (FHIR, X12, NCPDP).
  • Apply authentication and retry.
  • Log metrics and errors (no PII/PHI).
  • Support feature-flag or config to switch environments (sandbox vs prod).

Code Examples (Contract / Endpoint / Payload)

Example: FHIR R4 request (EHI export scope).
Label: FHIR patient read – used by CL-16 / PM-12. 
GET /fhir/r4/Patient/{id}
Accept: application/fhir+json
Example: X12 270 eligibility request (simplified).
Label: X12 270 – eligibility request; see PM-02, PM-15. 
ISA*00*          *00*          *ZZ*SENDER         *ZZ*RECEIVER       *260216*1200*^*00501*000000001*0*P*>
GS*HS*SENDER*RECEIVER*20260216*1200*1*X*005010X279A1
ST*270*0001*005010X279A1
BHT*0022*11*REF123*20260216*1200*CH
HL*1*0*20*1
NM1*1P*2*ORG*****PI*12345
...
SE*...
GE*1*1
IEA*1*000000001
Example: NCPDP SCRIPT segment (eRx).
Label: NCPDP SCRIPT – e-prescribing; see CL-06. 
Segment: Prescription (simplified)
- Patient ID, Drug, Sig, Quantity, Refills per NCPDP SCRIPT 2023011

Microsoft 365 Deep Integrations (PF-63)

Status: ✅ Implemented
Spec: PF-63
Catalog: Entra ID (Azure AD) app-only; Graph API for presence, Teams, SharePoint, activity feed.
Last Verified: 2026-02-21
IntegrationAPIEdge FunctionStatus
Teams PresenceGraph Presence API (/users/{id}/presence)entra-employee-presence
Teams Channel MessagingGraph Teams API (/teams/{id}/channels/{id}/messages)entra-teams-notify
SharePoint FilesGraph Drive API (/sites/{id}/drive/items)entra-sharepoint-documents
Teams Activity FeedGraph Teams Activity API (/users/{id}/teamwork/sendActivityNotification)entra-teams-activity
Authentication: Client Credentials flow (app-only) via Entra ID App Registration.
Tenant Isolation: All edge functions enforce verifyOrgAccess() + org-scoped credential lookup.
PHI Controls: OOO message content redacted; no PHI in logs.
Next Review: When CL/PM implementation starts or external contracts are signed.