Supercharge your app with Medicaid Direct data
The Medicaid Connect site is your gateway to using the data of NC Medicaid Direct beneficiaries in your app. Use our Patient Access API, tools, and documentation to build awesome tools that improve the lives of our state's beneficiaries.
Why use North Carolina Medicaid Connect?
Access to Beneficiary Healthcare Data
The Interoperability and Patient Access Rule ensures that beneficiaries can access their health data easily and securely. Our Patient Access APIs, built on the FHIR (Fast Healthcare Interoperability Resources) standard, provide you with the tools to make this possible. Our APIs provide access to beneficiary, administrative, and limited clinical data using the latest industry standards.
Robust and Secure Development Support
We provide developers with access to our sandbox environment to test applications using mock data. Once an application is ready to access real beneficiary data, we guide the developers through the requirements and application for production access.
We provide guidance on how a developer may adhere to industry security guidelines - this helps ensure that your applications can protect beneficiary data from unauthorized access, use, or disclosure.
Comprehensive Resources and Support
Our API documentation is designed to be clear and comprehensive, guiding you through every step of the integration process. If you encounter technical issues during your development, we maintain a community where you may ask questions, identify issues, and get support.
Innovate and Transform Healthcare
Create applications that give beneficiaries control over their health data, enabling them to make informed decisions about their care, share their data across providers and insurers, and find new ways to help them live healthier lives.
Onboarding and Registration
Obtain Your North Carolina Identity Service (NCID) credentials
- Visit the NCID website and follow the instructions to create your account.
Register on the Developer Portal
- Complete the registration process on our portal, and provide necessary information, including (if applicable) your organization's details and contact information.
- Verify your identity through the online identity proofing process - our process uses an IAL2-based verification process.
Access the APIs
- Sandbox Environment: Fill out the developer questionnaire to gain access to the sandbox environment. Test and refine your application using mock data.
- Production Environment: Once your application is tested and compliant, apply for production access. Receive credentials to integrate with real patient data.
Accessing Beneficiary Data
Sandbox Environment
The sandbox environment allows you to test and develop your applications using mock data. Here's how to get access
- Complete the Medicaid Connect registration process.
- Fill out the developer questionnaire to help us understand your needs and use cases.
- We will review your questionnaire, and upon approval provide access to the sandbox environment.
- Access our developer documentation and tools to better understand how to interact with the Patient Access APIs.
Production Environment
- Once you have thoroughly tested your application in the sandbox environment, you can apply for access to the production environment
- Ensure your application complies with NC Medicaid security and privacy standards.
- Submit your application for review.
- Once approved, you'll receive credentials to access the production APIs.
Technical Resources
API Specifications
Our APIs are built on the FHIR (Fast Healthcare Interoperability Resources) standard, ensuring secure and standardized data exchange. Detailed documentation is available to guide you through the integration process:
Patient Access API Documentation: https://www.cms.gov/Regulations-and-Guidance/Guidance/Interoperability/index- FHIR Standards Overview: https://www.hl7.org/fhir/overview.html
- SMART on FHIR: https://smarthealthit.org/
Tutorials and Learning Resources
- What is FHIR?: https://www.healthit.gov/sites/default/files/2019-08/ONCFHIRFSWhatIsFHIR.pdf
- An Introduction to FHIR: https://www.healthit.gov/sites/default/files/2019-08/ONCFHIRFSWhatIsFHIR.pdf
- FHIR Training Calendar: https://www.hl7.org/training/calendar.cfm
- FHIR Confluence Home Page: https://confluence.hl7.org/display/FHIR
- OAuth Simplified: https://www.oauth.com/
Specifications
- FHIR Specification: https://www.hl7.org/fhir/index.html
- CARIN Implementation Guide (Blue Button V2): https://www.hl7.org/fhir/us/carin-bb/
- OAuth 2.0 Specifications: https://oauth.net/specs/
Regulations
- CMS Best Practices for Payers and App Developers: https://www.cms.gov/files/document/best-practices-payers-and-app-developersupdated21023.pdf
- HIPAA Resources for Mobile Health Apps Developers: https://www.hhs.gov/hipaa/for-professionals/special-topics/health-apps/index.html
- FTC Mobile Health App Interactive Tool: https://www.ftc.gov/business-guidance/resources/mobile-health-apps-interactive-tool
Best Practices
1. Understand your Users and their Experience
If your application is using the Patient Access API, your user is most likely going to be the patient (or beneficiary) themselves. Patients may want access to use your mobile app for any number of reasons; to better track their health, understand and manage medical conditions, coordinate their care, or even receive care through a service such as telehealth. Your application should be intuitive, with a clean and easily navigable interface. You should use familiar or standard iconography, and simple easily understood language. Some of the best apps help take complicated medical concepts and break them down in simple language for users. You should focus on accessibility, as users of your app may suffer from a disability that impairs their ability to use the user interface. Consider reviewing the Web Content Accessibility Guidelines as a guide to designing an app for everyone.
2. Establish a Privacy Policy and Terms of Service
As part of your application for production access, NC Medicaid will review your privacy policy and terms of service. These documents must be easy for your users to read and understand, and must cover:
- How your application collects and shares data
- Any use of anonymized data
- What happens to user data if they revoke access or remove their account
- Your application’s approach to closed or removed accounts
- Any third parties you work with, plan to share data with, and what data you plan to share
- How you will notify other users if you are subject to a data breach
Your terms of service may not contradict any of the details of your privacy policy. If you change the terms of service of your application, you must notify NC Medicaid.
3. Prioritize Security
If your app is not appropriately securing data, it could be lost or stolen, which at a minimum would cause users to lose trust in your app, and at worst be used to harm the user. You must focus on encrypting your data both at rest and in transit using industry standard practices, such as FIPS 140-3 Cryptography. Keep your app patched and up to date and consider following the security best practices shared by the Open Worldwide Application Security Project (OWASP).
4. Identify and Comply with any Regulations
Even though when a beneficiary accesses their own data using a third-party app HIPAA protections do not apply, that does not mean that other features of your app aren’t covered by HIPAA, or that your app isn’t subject to other regulations. By virtue of storing health data, your organization is still subject to the FTC’s Health Breach Notification Rule. Depending on how and where your app operates, several laws could apply, the most common of which are the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS).
5. Follow Good Engineering Practices
Using good engineering practices and writing well-structured and documented code will ensure that your app can be maintained well into the future. The 12-factor app provides a good outline of common engineering principles. Code should be well tested, using a variety of testing techniques (unit, end-to-end, integration, user acceptance, etc.). Automating test cases using Continuous Integration tools, and integrating tools for automatic code formatting and code coverage will ensure your app is functioning as expected as you build and maintain it.
6. Stay up to date with Industry Trends
Healthcare Information Technology (IT) is constantly evolving; the federal government continues to push for increased interoperability between providers, and access for patients. By staying up to date on the latest developments, you can keep your app, or any future apps, current by integrating new features and data, and benefiting from the latest industry advances. Pay attention to the activities of the Office of the National Coordinator for Health IT (ONC), and Center for Medicare and Medicaid Services (CMS); these agencies drive much of the United State’s Health IT policy.
Frequently Asked Questions
Support and Resources
Community Support
NC Medicaid's technology partner, Amida Technology Solutions, Inc. operates a community forum where you may post any technical questions and get a response from either one of Amida's team members, or a member of the community. Join the Google Group.
Technical Support
To report any technical or operational issues with the Medicaid Connect Solution, real or suspected, please contact the NCDIT Support Desk. They will ensure that your inquiry is routed and escalated appropriately.
Other Support
If you have a general inquiry regarding the Medicaid Connect Solution, or the program overall, please Contact NCDHHS.