Network
#3-in-1 network
Patient health records from everywhere, to anywhere, any time. Flexpa connects to every patient access network: health insurers via CMS-9115, medical record systems via ONC (g)(10), and nationwide exchanges via TEFCA IAS. No patient data left behind.
Largest Coverage: Proven connectivity across all three patient access networks.
Three Network Types: Health insurers (claims data), medical record systems (clinical records), and nationwide exchanges (longitudinal patient history).
Intelligent Routing: Automatic selection of the best source with patient context.
#Network types
Flexpa connects to three patient access networks.
Health insurers
Claims data via CMS-9115
Network:
CMS-9115 federally mandated APIs and proprietary patient portals
Best for:
Longitudinal health & financial data
Medical record systems
Clinical records via ONC (g)(10)
Network:
ONC (g)(10) federally mandated APIs with separate authorizations per facility
Best for:
Targeted facility access
Nationwide exchanges
Longitudinal history via TEFCA IAS
Network:
TEFCA IAS with single authorization discovering records across all matching facilities
Best for:
Multi-facility provider data
#How they compare
Each network is modular and can be initiated separately to support different needs at different lifecycles of a product or workflow.
| Health insurers (CMS-9115) | Medical record systems (ONC g10) | Nationwide exchanges (TEFCA IAS) |
|---|
| Data source | Health insurance payers | Healthcare providers' and facilities' EHR systems | TEFCA Network QHIN Participants. Flexpa is an IAS participant through two QHINs: Kno2 and CommonWell |
| Flexpa Network coverage | 94% of CMS lives and 72% of commercial lives. See directory for details. | ~70% of market via connections through Epic, Cerner, Athena, and more. | 56,000+ facilities nationally. See TEFCA facility directory for details. |
| Best for | Fastest, highest signal, longitudinal health overview. | Supplying additional information on an as-needed basis for a particular facility | A single authorization to get clinical data from multiple facilities |
| Patient authorization mechanism | Insurance portal login | Patient portal login | Identity verification process (via CLEAR or ID.me) |
| Has insurance coverage information? | Yes | No | No |
| Has financial adjudication? | Yes | No | No |
| Has clinical details? | Yes | Yes | Yes |
| Has unstructured doctor's notes? | Sometimes | Yes | Yes |
| Has lab/imaging results? | Sometimes | Yes | Yes |
| Data delay | Within 24 hours of claims adjudication (typically ~5-30 days) | ~24 hours | ~24-72 hours |
#Combining networks
All three networks work seamlessly together within the same Flexpa integration. You can retrieve data from multiple networks for the same patient, with each authorization providing access to a different network.
Data from all networks is accessible through the same FHIR API endpoints. You can distinguish between sources using the meta.source field in FHIR resources or by tracking which authorizations correspond to which networks.
Common patterns:
- Health insurers + Medical record systems: Use insurer data for longitudinal health history and financial information, supplement with medical record systems for detailed clinical documentation from specific facilities.
- Nationwide exchanges + Medical record systems: Use TEFCA for broad nationwide coverage, supplement with individual medical record systems for facilities not yet participating in TEFCA.
- All three networks: Maximum coverage by combining insurer claims, TEFCA nationwide provider records, and targeted individual medical record system connections.
#Health insurers
Health insurers provide claims data with the most comprehensive longitudinal view of a patient's health history. With a single authorization, patients can share both financial and clinical data spanning all their healthcare encounters across multiple providers and facilities.
#Overview
Flexpa connects to health insurers through two pathways:
-
CMS-9115: The CMS Interoperability and Patient Access Final Rule federally mandates all payers to provide Patient Access APIs that allow patients in Medicare, MA, and Medicaid lines of business to access their health data in a standardized FHIR format. This data includes both financial and clinical information.
-
Patient portals: Flexpa's proprietary patient portal integration unlocks access to the same data for employer-sponsored and off-exchange plans that are not required to have Patient Access APIs. This dramatically expands coverage beyond CMS-mandated endpoints.
Flexpa Consent automatically manages the logic for when to route patients to CMS-9115 or to patient portals, ensuring the best possible coverage and user experience.
#Coverage by plan type
Flexpa's combined approach delivers industry-leading coverage across all major plan types:
| Plan type | Coverage | Lives covered |
|---|
| Medicare FFS | 100% | 27,790,912 |
| Medicare Advantage | 94.95% | 37,343,098 |
| Medicaid | 91.77% | 69,756,444 |
| Dual Eligibles | 96.80% | 6,227,904 |
| ACA On-Exchange | 95.17% | 22,242,758 |
| ACA Off-Exchange | 47.15% | 1,178,384 |
| Employer/Group | 72.78% | 125,773,952 |
| CHIP | 48.18% | 1,733,269 |
Total network coverage: 83% of all US lives (301+ million covered)
- CMS Lives: 94% coverage (165+ million)
- Commercial: 72% coverage (126+ million)
- VA: 100% coverage (9+ million)
#CMS-9115 data strengths
Longitudinal financial data: Claims provide detailed financial adjudication of all past encounters, including insurance coverage information and out-of-pocket costs. This is the only source for complete financial healthcare data.
High-signal medications: Unlike medical record systems that show what was prescribed, insurer data shows what medications were actually picked up from pharmacies, providing a more accurate picture of medication adherence.
Cross-facility overview: A single insurer authorization provides data across all doctors, facilities, and encounters covered under that insurance plan, eliminating the need for multiple facility-specific authorizations.
#Data particularities
#Patient portal session timeout
Patient portal authorizations have a 10-hour timeout on Flexpa's side. If the session expires, the onExit callback will be triggered with a connection timeout error.
#Patient portal data limitations
Patient portal connections for commercial/employer plans have specific limitations:
- The following clinical data elements are not available for commercial/employer claims outside of CMS 9115-F
- Diagnosis codes
- Allergies
- Limited or no unstructured clinical notes
- Limited or no lab/imaging results
- Institutional claim sub-types (inpatient vs. outpatient) are not available, resulting in "unknown" values for fields like
subType.code
- Procedure codes are still accessible through
ExplanationOfBenefit.item.productOrService which contains applicable CPT codes, even when institutional-specific procedure fields may be absent
#Data masking and privacy
Some data may be marked as "masked" when a payer has determined the information is too sensitive to share. This typically occurs for:
- Substance use disorder treatment (protected under 42 CFR Part 2)
- Mental health services
- Other sensitive healthcare services covered by federal or state privacy regulations
When you see a data-absent reason of "masked," it indicates the payer has applied privacy protections to that specific data element.
#Optional fields and missing data
FHIR defines many fields as optional, and payers don't always provide all available data elements. When a field is required by FHIR but the underlying data is unavailable, you'll see data-absent indicators such as:
"masked" - Data exists but is privacy-protected"unknown" - Data is not available from the payer's system- Field absence - The data element was not provided
These variations are normal and expected. Your application should be designed to handle missing or masked data gracefully, particularly when working with patient portal connections to commercial plans.
#Syncing dependents
Dependent syncing behavior differs between CMS 9115-F and patient portals:
#CMS 9115-F
One authorization per plan member. During the authorization flow, the patient can choose which plan member to authorize (self or a dependent). To access multiple members' data, the patient must complete separate authorization flows for each member.
#Patient portals
When the authorizing user is the subscriber or a delegate of the subscriber on the plan, the patient portal integration automatically syncs data for all dependents and creates separate Patient resources for each. When the dependent is the authorizing user, they only see their own information.
- Subscriber or delegate login: Retrieves data for all dependents on the plan
- Dependent login: Retrieves only that dependent's data
For patient portal authorizations with multiple dependents, use the /fhir/Patient endpoint to iterate over all patients retrieved, rather than assuming a single patient per authorization. The related API differences are:
- $everything operation:
The
$everything operation must map through all patients in the authorization. Patient references may appear as contained resources rather than standalone Patient resources.
# Retrieve all data for all patients in an authorization
GET /fhir/Patient/$everything
- $expunge operation:
The
$expunge operation respects the same authorization scheme with regards to the authorizing user and dependents.
# Expunge all data for an authorization
POST /fhir/$expunge
#Nationwide exchanges
Flexpa is an Individual Access Services (IAS) Provider on TEFCA (Trusted Exchange Framework and Common Agreement), enabling nationwide patient record discovery and clinical document retrieval across participating health information networks.
#Overview
TEFCA is the national framework for health information exchange established by the 21st Century Cures Act. It enables nationwide patient record discovery across 56,000+ facilities through a network of Qualified Health Information Networks (QHINs).
Flexpa participates in TEFCA as an IAS provider through partnerships with Kno2 and CommonWell as our QHIN providers. We discover patient records nationwide, retrieve clinical documents, and wrap them in FHIR DocumentReference resources for seamless integration with your existing workflows.
#QHINs and network connectivity
Flexpa uses Kno2 and CommonWell as our Qualified Health Information Network (QHIN) providers. Both QHINs connect across the TEFCA network, enabling nationwide patient record discovery and document retrieval.
TEFCA support is currently in development and prioritizes adopters of the CMS Aligned Networks pledge. Contact partnerships@flexpa.com to enable TEFCA for your application.
#TEFCA strengths
Superior patient experience: TEFCA provides access to data from multiple facilities with a single authorization and identity verification. Patients complete one IAL2 identity verification (via CLEAR or ID.me) and receive records from all matching facilities nationwide, eliminating the need for separate logins to each provider portal.
Nationwide coverage: With 56,000+ facilities participating, TEFCA provides the broadest network for clinical data from medical record systems. This includes hospitals, clinics, imaging centers, and other care facilities across all 50 states.
Comprehensive clinical documentation: TEFCA returns complete C-CDA clinical documents including unstructured notes, detailed lab and imaging results, and the full clinical record maintained by each facility.
#Patient Identity Verification
When a patient initiates a TEFCA connection, they first verify their identity using an identity provider. This identity verification establishes their demographic information including name, date of birth, and address to ensure proper authentication and authorization for nationwide health information exchange. Flexpa then queries the TEFCA network using this verified information to find patient matches across participating facilities nationwide. When matches are found, clinical documents are retrieved from those facilities.
#Supported credentials providers
Flexpa currently supports CLEAR and ID.me as IAL2-compliant identity providers. Both providers meet NIST Identity Assurance Level 2 requirements for TEFCA connections. The identity provider selection is randomized in the Flexpa Link interface to prevent selection bias. By supporting both CLEAR and ID.me, Flexpa maximizes the chances that a patient has already completed identity verification with one of these providers.
For users with existing CLEAR or ID.me accounts, verification typically takes less than a minute. First-time users creating new accounts should expect 3-7 minutes to complete the full identity verification process, which includes uploading a government-issued ID and completing identity checks. Initial identity verification is a one-time process.
#Use with Flexpa Consent SDK
When using TEFCA, Flexpa Consent displays a specialized consent screen that explains the TEFCA network and nationwide record access, shows which identity provider will be used for verification, requires explicit patient consent before proceeding, and references both your application's privacy policy and Flexpa's privacy policies.
Enable TEFCA in Flexpa Consent by setting the _ial2Mode option. From a developer perspective, TEFCA uses the same integration as other data sources, with FHIR resources returned via the standard Flexpa API.
The patient experience follows the standard flow:
- Select: Patient chooses TEFCA for provider data
- Consent: Patient reviews and consents to nationwide record discovery
- Authorize: Patient verifies identity via CLEAR or ID.me
- Sync: Flexpa discovers and retrieves records from matching facilities
First-time users will need to create an account with their chosen provider (typically 3-7 minutes), upload a government-issued ID, complete identity verification, and consent to record access.
import { FlexpaLink } from '@flexpa/link';
const link = FlexpaLink.create({
publishableKey: 'pk_test_...',
user: {
externalId: 'usr_1234'
},
usage: 'ONE_TIME',
_ial2Mode: true, // Enable TEFCA IAL2 flow
onSuccess: (publicToken) => {
// Exchange token for access token
exchangeTokenForAccessToken(publicToken);
},
});
link.open();
QHINs return clinical documents in C-CDA (Consolidated Clinical Document Architecture) XML format. Flexpa currently wraps these documents as FHIR R4 DocumentReference resources and is actively developing capabilities to convert them to structured FHIR resources.
Supported document types include:
#DocumentReference API
TEFCA documents are available as FHIR DocumentReference resources through the standard Flexpa API endpoints. Each DocumentReference wraps a C-CDA document with metadata including the facility name (organization that created the document), author (provider who authored it), document type (LOINC-coded classification), creation date, and a unique persistent identifier.
The C-CDA document content is base64-encoded in the content[0].attachment.data field. Decode this field to access the full XML document for parsing or processing.
TEFCA records are accessible through the same FHIR API endpoints as payer data. DocumentReference resources from TEFCA will be returned in standard /fhir/DocumentReference queries. The custodian field identifies the facility that created the document, allowing applications to distinguish between different data sources.
Get Documents
GET /fhir/DocumentReference
Authorization: Bearer {access_token}
Filter by Type
GET /fhir/DocumentReference?type=http://loinc.org|34133-9
Decode Content
const documentData = entry.resource.content[0].attachment.data;
const ccda = atob(documentData); // Decode base64
// Parse XML or process as needed
#Interoperability standards
Flexpa implements the XCPD (Cross-Community Patient Discovery) ITI-55 profile for patient matching and the XCA (Cross-Community Access) ITI-18 (Document Query) and ITI-43 (Document Retrieve) profiles for document query and retrieval. Patient authentication uses IAL2 OIDC-based identity verification with demographic claims, while document metadata follows the IHE XDS-b standard.
#When no records are found
When no patient matches are found across the TEFCA network, the API will return an empty result set. This can occur if the patient has never received care at TEFCA-participating facilities or if their demographic information doesn't match records in the network. In test mode, Flexpa-managed fixtures are always returned regardless of QHIN matches.
#Medical record systems
ONC (g)(10) federally mandated APIs provide direct access to individual provider and hospital EHR systems. These APIs enable patients to retrieve their clinical records from specific healthcare facilities where they've received care.
#Overview
The ONC Cures Act Final Rule requires healthcare providers to make patient data available through standardized FHIR APIs. Also known as the "Patient Access API" requirement for providers, ONC (g)(10) mandates that providers give patients API-based access to their electronic health information.
Flexpa connects to medical record systems from Epic, Cerner, Athena, and other major EHR vendors, providing coverage to approximately 70% of the healthcare market.
#ONC (g)(10) strengths
Facility-specific detail: Medical record systems give access to the most complete clinical documentation for a specific facility, including comprehensive lab and imaging results, unstructured clinical notes, and the full care record maintained by that facility's EHR system.
Direct from source: Data comes directly from the facility's EHR system, providing the most current and detailed view of care delivered at that facility.
Supplement insurer data: Medical record systems are ideal for filling in clinical details that may be limited in insurer data, such as detailed lab results, imaging reports, and clinical notes from specific encounters.
#How it Works
When a patient initiates a provider connection through Flexpa Consent, they select a healthcare facility from available options. The patient is then redirected to their provider's patient portal where they authenticate using their existing portal credentials. After successful authentication, the patient authorizes your application to access their health records. Flexpa retrieves the authorized FHIR resources and makes them available through the standard Flexpa API endpoints.
#Facility Selection
Provider access requires specifying an endpoint ID during the authorization flow. Endpoint IDs are unique identifiers corresponding to specific EHR deployments at healthcare organizations.
Endpoint IDs are UUID-format identifiers unique to each EHR system deployment. Endpoint IDs are currently provided on request. Contact partnerships@flexpa.com to obtain endpoint IDs for your target healthcare organizations. A self-service facility directory is under development.
#Use with Flexpa Consent SDK
Enable provider APIs in Flexpa Consent by configuring the appropriate option. From a developer perspective, provider APIs use the same integration as other data sources, with FHIR resources returned via the standard Flexpa API.
The patient experience follows the standard flow:
- Select: Patient searches for and selects their healthcare facility
- Consent: Patient reviews and consents to data sharing
- Authorize: Patient verifies identity via CLEAR or ID.me, then logs in to the facility's patient portal
- Sync: Flexpa retrieves and standardizes the data
The exact configuration parameter for enabling provider APIs is being finalized. Check with your Flexpa account manager for the current implementation.
import { FlexpaLink } from '@flexpa/link';
const link = FlexpaLink.create({
publishableKey: 'pk_test_...',
user: {
externalId: 'usr_1234'
},
usage: 'ONE_TIME',
_ial2Mode: true, // Enable IAL2 flow for provider APIs
onSuccess: (publicToken) => {
// Exchange token for access token
exchangeTokenForAccessToken(publicToken);
},
});
link.open();
#Relation to TEFCA
TEFCA provides access to the same type of clinical data from medical record systems as individual ONC (g)(10) APIs, but with a superior patient experience. The key differences:
| TEFCA IAS | ONC (g)(10) |
|---|
| Coverage scope | Single authorization for records from 56,000+ facilities nationwide | Direct connection to specific facility EHR systems |
| Authorization | One identity verification retrieves data from all matching facilities | Separate authorization required for each facility |
| Patient discovery | Nationwide patient discovery and matching across facilities | Patient must know which specific facility to connect to |
When to use ONC (g)(10): Use ONC (g)(10) when you need data from a specific facility, when the facility is not yet part of the TEFCA network, or when you want to supplement insurer data with detailed records from a known facility. In most cases, TEFCA is the preferred approach for medical record system data due to the dramatically improved patient experience. However, ONC (g)(10) remains valuable for accessing specific facilities or supplementing data from other sources.
#Network API
Explore organizations and endpoints across our payer and provider networks using the Network API. This API provides programmatic access to information about available data sources, their capabilities, and current status.
GEThttps://api.flexpa.com/organizations
An organization is a payer, provider, or vendor entity that operates an Endpoint.
This API returns data also available in our Endpoint Directory.
Response fields
- namestring
The name of the organization
- idstring
The id that Flexpa uses to identify this organization
- notestring
The note is used to detail whether the organization supports just CMS plans or all plans (including commercial lives)
- typestring
The type details whether the organization is a payer, a provider, a vendor, or another type of entity.
curl https://api.flexpa.com/organizations \
-H 'Content-Type: application/json'
Response
[
{
"name": "SCAN Health Plan",
"id": "a4212073-f832-483c-8fd0-706f97fe3d8e",
"note": "CMS plans",
"type": "PAYER"
},
{
"name": "Blue Cross and Blue Shield of North Carolina",
"id": "12db2e9e-26f5-4ee6-b705-29ee9349f653",
"note": "CMS plans",
"type": "PAYER"
},
...
]
GEThttps://api.flexpa.com/endpoints
Endpoints are individual FHIR REST API servers in Flexpa's network created and maintained by payers. They are used to access patient data.
This API returns data also available on our endpoint directory.
Response fields
- namestring
The name attribute is a human-readable unique identifier for the endpoint. This attribute is subject to change, so we recommend using the id attribute as a static identifier.
- idstring
The id that Flexpa uses to identify this endpoint
- modestring
The mode is used to detail whether the endpoint is for test or live mode
- labelarray
The label is a human-readable name for the endpoint. This is often equivalent to the payer name, but may be a brand level name if the payer has multiple brands.
- refreshableboolean
The refreshable is boolean that indicates whether the endpoint supports refreshing an authorization without the original user present. If you attempt to use MULTIPLE as your intended usage for a non-refreshable endpoint we will still complete the authorization but only one time. That authorization cannot be refresh without further user interaction.
- maxAuthPeriodnumber
The maxAuthPeriod represents the maximum time (in seconds) for which an endpoint will allow a user to keep an application authorized to it. After this period elapses, the user is required to re-authorize. A 0 indicates that the endpoint can be authorized indefinitely. If the endpoint is refreshable, a null suggests that this value is unknown to Flexpa.
- statusenum
The status is an enumerated list of values:
CONNECTED
The endpoint is connected and available for use.
IN_PROGRESS
The endpoint is currently being implemented and not yet available.
BROKEN
The endpoint is experiencing issues and not currently available.
UNKNOWN
The endpoint has an unknown or undetermined status.
UNAVAILABLE
The endpoint is not yet implemented and not available for use.
- resourcesarray
resources is an array of FHIR resources supported by the endpoint
- organizationobject
The organization is a JSON object that shows the ID and name of the payer associated with the endpoint.
curl https://api.flexpa.com/endpoints \
-H 'Content-Type: application/json'
Response
[
{
"name": "san-francisco-health-plan-test",
"id": "46062592-1111-4a06-8974-da9589119238",
"mode": "TEST",
"label": ["San Francisco Health Plan"],
"refreshable": false,
"status": "CONNECTED",
"resources": [
"Account",
"ActivityDefinition",
"AdverseEvent",
"AllergyIntolerance",
"Appointment",
...
],
"organization": {
"id": "de83b67b-b176-49ef-b83d-8f8edcd45761",
"name": "San Francisco Health Plan (SFHP)"
}
},
{
"name": "village-care-max-test",
"id": "5c34e5d2-bb46-42d3-a1ce-9b9d2d1fec26",
"mode": "TEST",
"label": ["VillageCareMAX"],
"status": "CONNECTED",
"refreshable": false,
"refreshValidFor": 86400,
"maxAuthPeriod": 31536000,
"resources": [
"AccessPolicy",
"Account",
"ActivityDefinition",
"AdverseEvent",
"AidboxConfig",
...
],
"organization": {
"id": "603889da-dc1e-4f67-b0cf-04d76edc2dcf",
"name": "Horizon Blue Cross Blue Shield of New Jersey"
}
}
...
]