Orion Health HIE API
Health Information Exchange API for sharing patient information across healthcare organizations.
OpenAPI Specification
openapi: 3.1.0
info:
title: Orion Health HIE API
description: >-
The Orion Health Health Information Exchange (HIE) API enables sharing of
patient health information across healthcare organizations. It provides
capabilities for patient identity matching, document exchange, consent
management, provider directory lookups, and audit logging in compliance
with healthcare interoperability standards. The API supports IHE profiles
including XDS, XCA, and PDQ.
version: 1.0.0
contact:
name: Orion Health API Support
email: apisupport@orionhealth.com
url: https://www.orionhealth.com/support
license:
name: Proprietary
url: https://www.orionhealth.com/terms-of-service
termsOfService: https://www.orionhealth.com/terms-of-service
servers:
- url: https://api.orionhealth.com/hie
description: Production HIE Server
- url: https://sandbox.orionhealth.com/hie
description: Sandbox HIE Server
security:
- oauth2: []
- bearerAuth: []
tags:
- name: Audit
description: Audit log access for compliance
- name: Consent
description: Patient consent management for data sharing
- name: Documents
description: Clinical document exchange and retrieval
- name: Notifications
description: Admission, discharge, and transfer notifications
- name: Patient Identity
description: Patient identity matching and cross-referencing (MPI)
- name: Provider Directory
description: Provider and organization directory lookups
paths:
/patients/match:
post:
operationId: matchPatient
summary: Orion Health Match a patient across organizations
description: >-
Perform patient identity matching across the HIE network using
demographics, identifiers, and probabilistic matching algorithms
to find existing records in the Master Patient Index (MPI).
tags:
- Patient Identity
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/PatientMatchRequest'
responses:
'200':
description: Patient match results
content:
application/json:
schema:
$ref: '#/components/schemas/PatientMatchResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/patients/{patientId}/identifiers:
get:
operationId: getPatientIdentifiers
summary: Orion Health Get patient cross-reference identifiers
description: >-
Retrieve all known identifiers for a patient across participating
organizations in the HIE network.
tags:
- Patient Identity
parameters:
- name: patientId
in: path
required: true
schema:
type: string
- name: organization
in: query
description: Filter by organization
schema:
type: string
responses:
'200':
description: Patient identifiers
content:
application/json:
schema:
$ref: '#/components/schemas/PatientIdentifiers'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/patients/{patientId}/record-locator:
get:
operationId: locatePatientRecords
summary: Orion Health Locate patient records across organizations
description: >-
Query the HIE network to locate clinical records for a patient
across participating organizations. Returns available document
references without retrieving the full documents.
tags:
- Documents
- Patient Identity
parameters:
- name: patientId
in: path
required: true
schema:
type: string
- name: organization
in: query
description: Filter by source organization
schema:
type: string
- name: documentType
in: query
description: Filter by document type
schema:
type: string
enum:
- ccd
- discharge-summary
- progress-note
- lab-report
- radiology-report
- referral
- consult-note
- name: dateFrom
in: query
schema:
type: string
format: date
- name: dateTo
in: query
schema:
type: string
format: date
responses:
'200':
description: Located record references
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/RecordLocatorResult'
total:
type: integer
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/documents:
get:
operationId: searchDocuments
summary: Orion Health Search for clinical documents
description: >-
Search for clinical documents in the HIE document registry
by patient, organization, document type, and date range.
tags:
- Documents
parameters:
- name: patientId
in: query
required: true
schema:
type: string
- name: documentType
in: query
schema:
type: string
enum:
- ccd
- discharge-summary
- progress-note
- lab-report
- radiology-report
- referral
- consult-note
- operative-note
- pathology-report
- name: sourceOrganization
in: query
schema:
type: string
- name: dateFrom
in: query
schema:
type: string
format: date
- name: dateTo
in: query
schema:
type: string
format: date
- name: format
in: query
description: Document format
schema:
type: string
enum:
- cda
- fhir
- pdf
- $ref: '#/components/parameters/PageOffset'
- $ref: '#/components/parameters/PageLimit'
responses:
'200':
description: List of matching documents
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/DocumentMetadata'
pagination:
$ref: '#/components/schemas/Pagination'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: submitDocument
summary: Orion Health Submit a clinical document
description: >-
Submit a clinical document to the HIE document repository for
sharing with other participating organizations.
tags:
- Documents
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DocumentSubmission'
responses:
'201':
description: Document submitted
content:
application/json:
schema:
$ref: '#/components/schemas/DocumentMetadata'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
description: Document validation failed
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
/documents/{documentId}:
get:
operationId: getDocument
summary: Orion Health Retrieve a clinical document
description: >-
Retrieve the full content of a clinical document from the HIE
document repository by its document ID.
tags:
- Documents
parameters:
- name: documentId
in: path
required: true
schema:
type: string
format: uuid
- name: format
in: query
description: Requested document format
schema:
type: string
enum:
- cda
- fhir
- pdf
- original
responses:
'200':
description: Clinical document content
content:
application/json:
schema:
$ref: '#/components/schemas/DocumentContent'
application/xml:
schema:
type: string
description: CDA XML document
application/pdf:
schema:
type: string
format: binary
'401':
$ref: '#/components/responses/Unauthorized'
'403':
description: Consent not on file or access denied
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'404':
$ref: '#/components/responses/NotFound'
/consent:
get:
operationId: searchConsents
summary: Orion Health Search for patient consents
description: >-
Search for patient consent directives governing the sharing
of health information within the HIE network.
tags:
- Consent
parameters:
- name: patientId
in: query
required: true
schema:
type: string
- name: status
in: query
schema:
type: string
enum:
- active
- inactive
- revoked
- expired
- name: purpose
in: query
description: Purpose of use
schema:
type: string
enum:
- treatment
- payment
- operations
- research
- public-health
- $ref: '#/components/parameters/PageOffset'
- $ref: '#/components/parameters/PageLimit'
responses:
'200':
description: List of consent directives
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Consent'
pagination:
$ref: '#/components/schemas/Pagination'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createConsent
summary: Orion Health Create a patient consent directive
description: >-
Record a new patient consent directive specifying permissions
for sharing health information within the HIE network.
tags:
- Consent
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentCreate'
responses:
'201':
description: Consent directive created
content:
application/json:
schema:
$ref: '#/components/schemas/Consent'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/consent/{consentId}:
get:
operationId: getConsent
summary: Orion Health Get a consent directive
description: Retrieve a specific patient consent directive.
tags:
- Consent
parameters:
- name: consentId
in: path
required: true
schema:
type: string
format: uuid
responses:
'200':
description: Consent directive
content:
application/json:
schema:
$ref: '#/components/schemas/Consent'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateConsent
summary: Orion Health Update a consent directive
description: Update an existing patient consent directive.
tags:
- Consent
parameters:
- name: consentId
in: path
required: true
schema:
type: string
format: uuid
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConsentCreate'
responses:
'200':
description: Consent directive updated
content:
application/json:
schema:
$ref: '#/components/schemas/Consent'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/consent/{consentId}/revoke:
post:
operationId: revokeConsent
summary: Orion Health Revoke a consent directive
description: Revoke a patient consent directive, preventing further data sharing.
tags:
- Consent
parameters:
- name: consentId
in: path
required: true
schema:
type: string
format: uuid
requestBody:
content:
application/json:
schema:
type: object
properties:
reason:
type: string
description: Reason for revocation
effectiveDate:
type: string
format: date-time
responses:
'200':
description: Consent revoked
content:
application/json:
schema:
$ref: '#/components/schemas/Consent'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/providers:
get:
operationId: searchProviders
summary: Orion Health Search the provider directory
description: >-
Search the HIE provider directory for healthcare providers
and organizations participating in the exchange network.
tags:
- Provider Directory
parameters:
- name: name
in: query
description: Provider or organization name
schema:
type: string
- name: npi
in: query
description: National Provider Identifier
schema:
type: string
- name: specialty
in: query
description: Provider specialty
schema:
type: string
- name: type
in: query
description: Provider type
schema:
type: string
enum:
- individual
- organization
- name: city
in: query
schema:
type: string
- name: state
in: query
schema:
type: string
- name: active
in: query
schema:
type: boolean
- $ref: '#/components/parameters/PageOffset'
- $ref: '#/components/parameters/PageLimit'
responses:
'200':
description: Provider search results
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Provider'
pagination:
$ref: '#/components/schemas/Pagination'
'401':
$ref: '#/components/responses/Unauthorized'
/providers/{providerId}:
get:
operationId: getProvider
summary: Orion Health Get provider details
description: Retrieve details of a specific provider in the HIE directory.
tags:
- Provider Directory
parameters:
- name: providerId
in: path
required: true
schema:
type: string
responses:
'200':
description: Provider details
content:
application/json:
schema:
$ref: '#/components/schemas/Provider'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/notifications:
get:
operationId: listNotifications
summary: Orion Health List ADT notifications
description: >-
Retrieve admission, discharge, and transfer (ADT) notifications
for subscribed patients and organizations.
tags:
- Notifications
parameters:
- name: patientId
in: query
schema:
type: string
- name: type
in: query
schema:
type: string
enum:
- admission
- discharge
- transfer
- registration
- name: organization
in: query
schema:
type: string
- name: dateFrom
in: query
schema:
type: string
format: date-time
- name: dateTo
in: query
schema:
type: string
format: date-time
- name: status
in: query
schema:
type: string
enum:
- pending
- delivered
- read
- failed
- $ref: '#/components/parameters/PageOffset'
- $ref: '#/components/parameters/PageLimit'
responses:
'200':
description: List of notifications
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Notification'
pagination:
$ref: '#/components/schemas/Pagination'
'401':
$ref: '#/components/responses/Unauthorized'
/notifications/subscriptions:
get:
operationId: listNotificationSubscriptions
summary: Orion Health List notification subscriptions
description: Retrieve current ADT notification subscriptions.
tags:
- Notifications
responses:
'200':
description: List of subscriptions
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/NotificationSubscription'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createNotificationSubscription
summary: Orion Health Create a notification subscription
description: >-
Subscribe to ADT notifications for specific patients, organizations,
or event types.
tags:
- Notifications
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationSubscriptionCreate'
responses:
'201':
description: Subscription created
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationSubscription'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
/audit-logs:
get:
operationId: searchAuditLogs
summary: Orion Health Search audit logs
description: >-
Search audit logs for data access and exchange events within the
HIE network for compliance and accountability purposes.
tags:
- Audit
parameters:
- name: patientId
in: query
schema:
type: string
- name: userId
in: query
schema:
type: string
- name: action
in: query
schema:
type: string
enum:
- query
- retrieve
- submit
- update
- consent-change
- name: dateFrom
in: query
schema:
type: string
format: date-time
- name: dateTo
in: query
schema:
type: string
format: date-time
- name: outcome
in: query
schema:
type: string
enum:
- success
- failure
- denied
- $ref: '#/components/parameters/PageOffset'
- $ref: '#/components/parameters/PageLimit'
responses:
'200':
description: Audit log entries
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/AuditLogEntry'
pagination:
$ref: '#/components/schemas/Pagination'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
description: Insufficient permissions for audit access
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
components:
securitySchemes:
oauth2:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://auth.orionhealth.com/oauth2/token
scopes:
hie:patient-query: Query patient identity
hie:document-read: Retrieve documents
hie:document-write: Submit documents
hie:consent-read: Read consent directives
hie:consent-write: Manage consent directives
hie:provider-read: Query provider directory
hie:notification-read: Read notifications
hie:notification-manage: Manage notification subscriptions
hie:audit-read: Read audit logs
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
parameters:
PageOffset:
name: offset
in: query
description: Number of items to skip
schema:
type: integer
minimum: 0
default: 0
PageLimit:
name: limit
in: query
description: Maximum number of items to return
schema:
type: integer
minimum: 1
maximum: 100
default: 20
schemas:
PatientMatchRequest:
type: object
properties:
familyName:
type: string
givenName:
type: string
dateOfBirth:
type: string
format: date
gender:
type: string
enum:
- male
- female
- other
- unknown
identifier:
type: object
properties:
system:
type: string
description: Identifier system (e.g., MRN namespace)
value:
type: string
ssn:
type: string
description: Last four digits of SSN for matching
address:
type: object
properties:
line:
type: string
city:
type: string
state:
type: string
postalCode:
type: string
phone:
type: string
matchThreshold:
type: number
description: Minimum match confidence score (0-1)
default: 0.85
PatientMatchResponse:
type: object
properties:
matches:
type: array
items:
type: object
properties:
patientId:
type: string
confidence:
type: number
description: Match confidence score (0-1)
matchGrade:
type: string
enum:
- certain
- probable
- possible
- no-match
identifiers:
type: array
items:
type: object
properties:
system:
type: string
value:
type: string
organization:
type: string
demographics:
type: object
properties:
familyName:
type: string
givenName:
type: string
dateOfBirth:
type: string
format: date
gender:
type: string
totalMatches:
type: integer
PatientIdentifiers:
type: object
properties:
patientId:
type: string
identifiers:
type: array
items:
type: object
properties:
system:
type: string
value:
type: string
organization:
type: string
organizationName:
type: string
assigningAuthority:
type: string
active:
type: boolean
RecordLocatorResult:
type: object
properties:
documentId:
type: string
format: uuid
documentType:
type: string
title:
type: string
sourceOrganization:
type: string
sourceOrganizationName:
type: string
authorName:
type: string
createdDate:
type: string
format: date-time
format:
type: string
size:
type: integer
description: Document size in bytes
availableFormats:
type: array
items:
type: string
DocumentMetadata:
type: object
properties:
id:
type: string
format: uuid
patientId:
type: string
documentType:
type: string
title:
type: string
sourceOrganization:
type: string
sourceOrganizationName:
type: string
authorName:
type: string
authorSpecialty:
type: string
createdDate:
type: string
format: date-time
submittedDate:
type: string
format: date-time
format:
type: string
mimeType:
type: string
size:
type: integer
hash:
type: string
description: SHA-256 hash of the document content
status:
type: string
enum:
- available
- deprecated
- deleted
DocumentSubmission:
type: object
required:
- patientId
- documentType
- content
properties:
patientId:
type: string
documentType:
type: string
enum:
- ccd
- discharge-summary
- progress-note
- lab-report
- radiology-report
- referral
- consult-note
- operative-note
- pathology-report
title:
type: string
format:
type: string
enum:
- cda
- fhir-bundle
- pdf
content:
type: string
description: Base64-encoded document content
metadata:
type: object
properties:
authorName:
type: string
authorSpecialty:
type: string
encounterDate:
type: string
format: date-time
confidentialityCode:
type: string
enum:
- normal
- restricted
- very-restricted
DocumentContent:
type: object
properties:
id:
type: string
format: uuid
metadata:
$ref: '#/components/schemas/DocumentMetadata'
content:
type: string
description: Base64-encoded document content
format:
type: string
Consent:
type: object
properties:
id:
type: string
format: uuid
patientId:
type: string
status:
type: string
enum:
- active
- inactive
- revoked
- expired
scope:
type: string
enum:
- opt-in
- opt-out
purposes:
type: array
items:
type: string
enum:
- treatment
- payment
- operations
- research
- public-health
grantedOrganizations:
type: array
items:
type: string
description: Organizations allowed to access data (opt-in)
deniedOrganizations:
type: array
items:
type: string
description: Organizations denied access (opt-out)
documentTypes:
type: array
items:
type: string
description: Document types covered by consent
effectiveDate:
type: string
format: date-time
expirationDate:
type: string
format: date-time
createdAt:
type: string
format: date-time
updatedAt:
type: string
format: date-time
ConsentCreate:
type: object
required:
- patientId
- scope
- purposes
properties:
patientId:
type: string
scope:
type: string
enum:
- opt-in
- opt-out
purposes:
type: array
items:
type: string
enum:
- treatment
- payment
- operations
- research
- public-health
grantedOrganizations:
type: array
items:
type: string
deniedOrganizations:
type: array
items:
type: string
documentTypes:
type: array
items:
type: string
effectiveDate:
type: string
format: date-time
expirationDate:
type: string
format: date-time
Provider:
type: object
properties:
id:
type: string
type:
type: string
enum:
- individual
- organization
npi:
type: string
name:
type: string
specialty:
type: string
organization:
type: string
address:
type: object
properties:
line:
type: array
items:
type: string
city:
type: string
state:
type: string
postalCode:
type: string
phone:
type: string
fax:
type: string
email:
type: string
active:
type: boolean
supportedTransactions:
type: array
items:
type: string
enum:
- xds-query
- xds-retrieve
- xds
# --- truncated at 32 KB (36 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/orion/refs/heads/main/openapi/orion-hie-openapi.yml