R4 Overview

Schema

All API access is over HTTPS. All data is sent and received in JSON format.

$ curl -i -H "Accept: application/fhir+json" https://fhir-open.cerner.com/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata

Example response:

HTTP/1.1 200 OK
Date: Tue, 26 Mar 2019 15:50:49 GMT
Cache-Control: no-cache
Vary: Origin
X-Request-Id: ecd13b72-4fde-11e9-8674-8b0a57a130fd
Content-Type: application/json+fhir

Example CapabilityStatement response:

{
  "resourceType": "CapabilityStatement",
  "url": "https://<SERVICE Root URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata",
  "name": "OracleHealthCapabilityStatement",
  "title": "Oracle Health Capability Statement",
  "status": "active",
  "publisher": "OracleHealth",
  "date": "2019-03-25",
  "description": "Oracle Health implementation of FHIR on top of Oracle Health AI Application Platform",
  "kind": "instance",
  "implementation": {
    "description": "Oracle Health implementation of FHIR on top of Oracle Health AI Application Platform",
    "url": "https://<SERVICE Root URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d"
  },
  "fhirVersion": "4.0.1",
  "format": [
    "json"
  ],
  "patchFormat": [
    "application/json-patch+json"
  ],
  "...": "Truncated for brevity"
}

Blank fields are omitted.

All timestamps are returned in FHIR standard date or dateTime formats.

Media Types

Oracle Health supports the R4 FHIR standard media type for JSON content:

application/fhir+json

Oracle recommends that you explicitly request this accept type through the Accept header.

Client Errors

The following types of client errors are possible on API calls that receive request bodies:

400 (Bad Request): Failed to send a required query parameter.

HTTP/1.1 400 Bad Request

No supported search parameters provided

401 (Unauthorized): Requested the secure endpoint (non-open) without valid credentials.
```
HTTP/1.1 401 Unauthorized
```
403 (Forbidden): Requested data from an unknown instance or unauthorized instance.
```
HTTP/1.1 403 Forbidden

Tenant not valid or accessible
```
404 (Not Found): Requested a resource that does not exist.
```
HTTP/1.1 404 Not Found
```
406 (Not Acceptable): Requested a media type other than JSON.
```
HTTP/1.1 406 Not Acceptable

Content-Length: 0
```
409 (Conflict Error): Performed an update with an out-of-date version.
```
HTTP/1.1 409 Conflict Error
```
422 (Unprocessable Entity): Performed an add or update with an invalid JSON body.
```
HTTP/1.1 422 Unprocessable Entity
```

Operation Outcomes

An OperationOutcome may be returned to provide more error context.

Retrieve or Search Example

HTTP Status	Cause	Severity	Code
500	Response is missing required field	fatal	required

Create or Update Examples

HTTP Status	Cause	Severity	Code
422	Body contained unsupported fields	error	business-rule
422	Body contained modifier extensions	error	extension
422	Body contained implicit rules	error	not-supported

Handling Required Fields

Missing fields required by HL7 FHIR specification or status field:

{
   "resourceType": "OperationOutcome",
   "issue": [
     {
       "severity": "fatal",
       "code": "required",
       "location": [
         "/f:AllergyIntolerance/f:status"
       ]
     }
   ]
}

Missing HL7 profile fields (DataAbsentReason):

{
  "coding": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/StructureDefinition/data-absent-reason",
          "valueCode": "unknown"
        }
      ]
    }
  ]
}

entered-in-error status (DataAbsentReason):

{
  "coding": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/StructureDefinition/data-absent-reason",
          "valueCode": "masked"
        }
      ]
    }
  ]
}

Missing Coding or CodeableConcept fields with value set:

{
  "coding": [
    {
      "extension": [
        {
          "url": "http://hl7.org/fhir/StructureDefinition/data-absent-reason",
          "valueCode": "unknown"
        }
      ]
    }
  ],
  "text": "Auth (Verified)"
}

Filtered Data for Patient Access

Some fields may be masked as masked or omitted based on persona, error state, or regulations.
Examples: Resources with entered-in-error status, sensitive notes, or proxy restrictions for adolescent records.

General Security Filtering

Access to data may be filtered by encounter or organization security, privileges, or preferences.

HTTP Verbs

GET: Used for retrieving resources.
POST: Used for creating resources.
PUT: Used for updating resources.

HTTP Method Override

If HTTP methods such as PUT or PATCH are not supported, use POST with one of the following options:

_method parameter

$ curl -i -X POST "https://<SERVICE ROOT URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Encounter?_method=patch"

X-HTTP-Method-Override header

$ curl -i -X POST -H "X-HTTP-Method-Override: patch" "https://<SERVICE ROOT URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Encounter"

Note:

When overriding, ensure that data and headers are provided for the specific method.

Authorization

An endpoint secured with OAuth 2.0 is available with support for SMART Applications. See Conformance.rest.security for details.

General Scopes

launch
profile
fhirUser
openid
online_access
offline_access

Patient Scopes

patient/Account.read
patient/Account.rs
patient/AllergyIntolerance.crus
patient/AllergyIntolerance.read
patient/AllergyIntolerance.write
patient/Appointment.crus
patient/Appointment.read
patient/Appointment.write
patient/Basic.c
patient/Basic.write
patient/Binary.r
patient/Binary.read
patient/CarePlan.read
patient/CarePlan.rs
patient/CareTeam.read
patient/CareTeam.rs
patient/ChargeItem.crs
patient/ChargeItem.read
patient/ChargeItem.write
patient/Communication.crus
patient/Communication.read
patient/Communication.write
patient/Condition.crus
patient/Condition.read
patient/Condition.write
patient/Consent.read
patient/Consent.rs
patient/Coverage.cruds
patient/Coverage.read
patient/Coverage.write
patient/Device.read
patient/Device.rs
patient/DiagnosticReport.crs
patient/DiagnosticReport.read
patient/DocumentReference.crus
patient/DocumentReference.read
patient/DocumentReference.write
patient/Encounter.crus
patient/Encounter.read
patient/Encounter.write
patient/FamilyMemberHistory.crus
patient/FamilyMemberHistory.read
patient/FamilyMemberHistory.write
patient/Goal.read
patient/Goal.rs
patient/Immunization.crus
patient/Immunization.read
patient/Immunization.write
patient/InsurancePlan.read
patient/InsurancePlan.rs
patient/Media.r
patient/Media.read
patient/MedicationAdministration.read
patient/MedicationAdministration.rs
patient/MedicationDispense.read
patient/MedicationDispense.rs
patient/MedicationRequest.crus
patient/MedicationRequest.read
patient/MedicationRequest.write
patient/NutritionOrder.read
patient/NutritionOrder.rs
patient/Observation.crus
patient/Observation.read
patient/Observation.write
patient/Patient.crus
patient/Patient.read
patient/Patient.write
patient/Person.read
patient/Person.rs
patient/Procedure.crs
patient/Procedure.read
patient/Procedure.write
patient/Provenance.crs
patient/Provenance.read
patient/Provenance.write
patient/Questionnaire.read
patient/Questionnaire.rs
patient/QuestionnaireResponse.read
patient/QuestionnaireResponse.rus
patient/QuestionnaireResponse.write
patient/RelatedPerson.crus
patient/RelatedPerson.read
patient/RelatedPerson.write
patient/Schedule.read
patient/Schedule.rs
patient/ServiceRequest.read
patient/ServiceRequest.rs
patient/Slot.read
patient/Slot.rus
patient/Slot.write
patient/Specimen.read
patient/Specimen.rs

System Scopes

system/Account.read
system/Account.rs
system/AllergyIntolerance.crus
system/AllergyIntolerance.read
system/AllergyIntolerance.write
system/Appointment.crus
system/Appointment.read
system/Appointment.write
system/Basic.c
system/Basic.write
system/Binary.r
system/Binary.read
system/CarePlan.read
system/CarePlan.rs
system/CareTeam.read
system/CareTeam.rs
system/ChargeItem.crs
system/ChargeItem.read
system/ChargeItem.write
system/Communication.crus
system/Communication.read
system/Communication.write
system/Condition.crus
system/Condition.read
system/Condition.write
system/Consent.read
system/Consent.rs
system/Coverage.cruds
system/Coverage.read
system/Coverage.write
system/Device.read
system/Device.rs
system/DiagnosticReport.crs
system/DiagnosticReport.read
system/DocumentReference.crus
system/DocumentReference.read
system/DocumentReference.write
system/Encounter.crus
system/Encounter.read
system/Encounter.write
system/FamilyMemberHistory.crus
system/FamilyMemberHistory.read
system/FamilyMemberHistory.write
system/FinancialTransaction.c
system/FinancialTransaction.write
system/Goal.read
system/Goal.rs
system/Immunization.crus
system/Immunization.read
system/Immunization.write
system/InsurancePlan.read
system/InsurancePlan.rs
system/Location.read
system/Location.rs
system/Media.r
system/Media.read
system/MedicationAdministration.read
system/MedicationAdministration.rs
system/MedicationDispense.read
system/MedicationDispense.rs
system/MedicationRequest.crus
system/MedicationRequest.read
system/MedicationRequest.write
system/NutritionOrder.read
system/NutritionOrder.rs
system/Observation.crus
system/Observation.read
system/Observation.crs
system/Observation.write
system/Organization.read
system/Organization.write
system/Patient.crus
system/Patient.read
system/Patient.write
system/Person.read
system/Person.rs
system/Practitioner.crs
system/Practitioner.read
system/Practitioner.write
system/Procedure.crs
system/Procedure.read
system/Procedure.write
system/Provenance.crs
system/Provenance.read
system/Provenance.write
system/Questionnaire.read
system/Questionnaire.rs
system/QuestionnaireResponse.read
system/QuestionnaireResponse.rus
system/QuestionnaireResponse.write
system/RelatedPerson.crus
system/RelatedPerson.read
system/RelatedPerson.write
system/Schedule.read
system/Schedule.rs
system/ServiceRequest.read
system/ServiceRequest.rs
system/Slot.read
system/Slot.rus
system/Slot.write
system/Specimen.read
system/Specimen.rs

User Scopes

user/Account.read
user/Account.rs
user/AllergyIntolerance.crus
user/AllergyIntolerance.read
user/AllergyIntolerance.write
user/Appointment.crus
user/Appointment.read
user/Appointment.write
user/Basic.c
user/Basic.write
user/Binary.r
user/Binary.read
user/CarePlan.read
user/CarePlan.rs
user/CareTeam.read
user/CareTeam.rs
user/ChargeItem.crs
user/ChargeItem.read
user/ChargeItem.write
user/Communication.crus
user/Communication.read
user/Communication.write
user/Condition.crus
user/Condition.read
user/Condition.write
user/Consent.read
user/Consent.rs
user/Coverage.cruds
user/Coverage.read
user/Coverage.write
user/Device.read
user/Device.rs
user/DiagnosticReport.crs
user/DiagnosticReport.read
user/DocumentReference.crus
user/DocumentReference.read
user/DocumentReference.write
user/Encounter.crus
user/Encounter.read
user/Encounter.write
user/FamilyMemberHistory.crus
user/FamilyMemberHistory.read
user/FamilyMemberHistory.write
user/Goal.read
user/Goal.rs
user/Immunization.crus
user/Immunization.read
user/Immunization.write
user/InsurancePlan.read
user/InsurancePlan.rs
user/Location.read
user/Location.rs
user/Media.r
user/Media.read
user/MedicationAdministration.read
user/MedicationAdministration.rs
user/MedicationDispense.read
user/MedicationDispense.rs
user/MedicationRequest.crus
user/MedicationRequest.read
user/MedicationRequest.write
user/NutritionOrder.read
user/NutritionOrder.rs
user/Observation.crus
user/Observation.read
user/Observation.write
user/Organization.crs
user/Organization.read
user/Organization.write
user/Patient.crus
user/Patient.read
user/Patient.write
user/Person.read
user/Person.rs
user/Practitioner.crs
user/Practitioner.read
user/Practitioner.write
user/Procedure.crs
user/Procedure.read
user/Procedure.write
user/Provenance.crs
user/Provenance.read
user/Provenance.write
user/Questionnaire.read
user/Questionnaire.rs
user/QuestionnaireResponse.read
user/QuestionnaireResponse.rus
user/QuestionnaireResponse.write
user/RelatedPerson.crus
user/RelatedPerson.read
user/RelatedPerson.write
user/Schedule.read
user/Schedule.rs
user/ServiceRequest.read
user/ServiceRequest.rs
user/Slot.read
user/Slot.rus
user/Slot.write
user/Specimen.read
user/Specimen.rs

Each resource interaction documents the type of authentication required. See Authorization Framework for details.

Pagination

Pagination links are included in a Bundle if more items are returned than the page size.

Note:

Follow the provided link values instead of constructing your own URLs.

{
  "resourceType": "Bundle",
  "id": "f22ca456-19a7-45ce-8586-0079495783ef",
  "type": "searchset",
  "link": [
    {
      "relation": "self",
      "url": "https://<SERVICE Root URL>>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation?subject%3APatient=12742400&_count=50"
    },
    {
      "relation": "next",
      "url": "https://<SERVICE Root URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/Observation?subject%3APatient=12742400&pageContext=35d95fe0-03bf-426c-bc35-2533f7fde4eb&direction=NEXT"
    }
  ]
}

Relation Values

self: Shows URL of the current page of results.
next: Shows URL of the immediate next page of results.
previous: If paging, shows the URL of the previous page of results.

Concurrency

Search result freshness is only guaranteed at the time of search.
Paging may result in duplicate resource IDs; filter and display only the latest version per resource ID to avoid misrepresentation.

Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) is supported for AJAX requests from any origin.

Request (GET Origin):

$ curl -X GET -i -H "Origin: http://example.com" https://<SERVICE Root URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata

Response:

HTTP/1.1 200 OK
Access-Control-Allow-Methods: DELETE, GET, POST, PUT, PATCH, OPTIONS, HEAD
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Content-Location, Location, X-Request-Id, WWW-Authenticate, Date
Access-Control-Max-Age: 0

Request (GET CORS Preflight):

$ curl -X OPTIONS -i -H "Origin: http://example.com" -H "Access-Control-Request-Headers: authorization,content-type" -H "Access-Control-Request-Method: GET" https://<SERVICE Root URL>/r4/ec2458f2-1e24-41c8-b71b-0e701af7583d/metadata

Response:

HTTP/1.1 200 OK
Access-Control-Allow-Methods: DELETE, GET, POST, PUT, PATCH, OPTIONS, HEAD
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Content-Location, Location, X-Request-Id, WWW-Authenticate, Date
Access-Control-Max-Age: 0
Access-Control-Allow-Headers: authorization, content-type