Wait for it...


Documentation, Tools, Sample Code, etc.


If you're developing a client application that will query HL7 FHIR® data sources enabled by EMR Direct Interoperability Engine, please refer to the following resources:

FHIR STU3 API Documentation

FHIR R4 API Documentation (Coming Soon!)

API Terms of Use

API Management Platform for Direct Messaging & FHIR

Data holders, register for a complimentary Developer account to view documentation & sample code you can use to easily enable Direct Messaging or HL7 FHIR services in your Health IT application. Includes a test Direct address & FHIR endpoint, email-based support, ETT and Inferno testing guides--everything that's needed for successful certification testing with EMR Direct services.

Interoperability Engine

Drummond Certified 2015 Edition Module


A knowledge base for Health IT Developers

FHIR Client App Developers

Consumer-facing Apps

Applications that will rely on a patient's credentials assigned by the health system where data access is requested (for example, patient portal credentials used by patients for access to health data one patient at a time) can register at the EMR Direct website to obtain a client ID and secret and become listed in this App Gallery. In this case, let us know you require a "Client ID and Secret for Patient Access" when registering your app to use it with authorization code flow according to the SMART App Launch framework. The resulting client ID can then be used at any EMR Direct-supported FHIR endpoint.

Business-to-Business Apps

Apps intending to make Bulk Data requests or that will access data for professional purposes can register your app the same way and will also be listed on the App Studio site, but will want to instead let us know you require a "Digital certificate for a UDAP FHIR client workflow" when registering on the EMR Direct website; the UDAP certificate can then be used in UDAP JWT-Based Client Authentication at any EMR Direct-supported FHIR R4 endpoint or a FHIR STU3 endpoint that has elected to enable client credentials grant, and for which the data holder authorizes access. In either case, the data holder must also authorize the app itself.

App Onboarding Process Overview

Requirements for Client Registration

Register as a FHIR Client App developer for access to a UDAP trusted app certificate or client ID and secret.

Connecting to a FHIR Datasource

Determining the baseOAuthURL

FHIR Endpoint Directory (Coming Soon!)

Branding Guidelines (Coming Soon!)

Additional Questions? Visit the HealthToGo FHIR developer group or UDAP Community group


Test Your FHIR or Direct Messaging App

HealthToGo Sandbox

The HealthToGo Sandbox client application is available to registered Developers who are testing their own implementation of Interop Engine phiQuery (EMR Direct's software for enabling HL7 FHIR services) or who are evaluating UDAP FHIR ecosystem server certificates issued by EMR Direct.

phiQuery integrators use the HealthToGo Sandbox as their test harness to demonstrate to the testing labs how their software uses Interop Engine to meet the ONC 2015 Edition Application Access APIs certification criteria g.7-9. HealthToGo Sandbox can also be used to independently test Interop Engine 2021 FHIR services, however proctored Cures Update certification testing uses the Inferno test tool.

Interoperability Engine

Register for an EMR Direct Developer account to enable Direct or HL7 FHIR services you can test with the sandboxes listed here, the Edge Test Tool (ETT) or Inferno and your own no-PHI test data.

We also currently support several pilot programs evaluating advanced use cases like the FAST Security model leveraging UDAP and digital certificates to enable a trusted FHIR ecosystem, using Direct for records requests from the Social Security Administration and others, using the HEART profiles for UMA, OAuth, and OpenID to facilitate grant management, and other use cases for improving workflows through Context-enabled Direct Messaging, for example Patient Event Notifications via Direct.

phiMail Web

For testing Direct Messaging applications built with phiMail, a sandbox version of our web-based Direct Messaging service is also available:

phiMail Web Sandbox

If you're preparing to certify your health IT through a test lab using phiMail, be sure to request a current version of our documentation for use with the testing tools.


Featured apps & case studies


Best practices & other noteworthy topics
Tiered OAuth

If OAuth Servers Could Talk...

The Open API economy is enjoying a great deal of success in health data democratization. The government declared that we should enable Open APIs, so we built them. Then, lo and behold, several developers (most noteworthy Apple) built client applications and...

Transactional Authorization for FHIR

Transactional Authorization for FHIR

In some workflows, it may be necessary to have the user specifically authorize a FHIR transaction or even re-authenticate to complete the transaction. We have worked out a workflow that we call “transactional authorization” to address this that leverages the concept of scopes...

Disrupting Health IT Tweet

Where Were You When Health IT Was Being Disrupted?

For those who haven't been in a mountaintop dojo reading Health IT regulations the last few years (see tweet above or here), I'm happy to share that patient health data is now available to authorized parties about as conveniently as...

Using Digital Certificates with FHIR

Using Digital Certificates with FHIR

There has been substantial effort over the last few years to deploy digital tools to the healthcare setting, so that medical records are more computable both in-place and when shared (think decision support for now, evolving to advanced data processing tools, enabled with artificial intelligence)...

Trusted Exchange Framework

What's a Trusted Exchange Framework and why do we need one?

Somewhere at the crossroads of actual information blocking (or, more likely, accidental information throttling) and use of entirely-appropriate, high security constraints, usability and data access have suffered and medical tests are being duplicated...