Flexpa
Developer PortalFeedbackContact us

Overview

  • Introduction
  • Patient access
  • What we don't do
  • FAQ
  • Pricing

Guides

Reference

  • Flexpa Link
  • Flexpa API
  • Test mode

About

  • Changelog
  • Support
  • Brand kit
  • Flexpa OS
  • We're hiring

Usage

Understanding your data needs is an important part of leveraging Flexpa for your use case. Do you need patient data only one time, upon authorization? Or do you need ongoing access to a patient's data?

For instance, if you're developing a patient onboarding experience and need their claims history only at that moment, one-time usage would suffice.

However, if you require continuous access, such as a clinical research organization monitoring regular intervals during a study, or an ICHRA or plan administrator ensuring regulatory compliance, multiple usage is the optimal choice. This allows ongoing access to a patient's data without requiring re-authorization each time.

Either way, Flexpa has you covered. During the FlexpaLink.create step you will pass a required usage parameter depending on your desired access timeline. Let's break down each flow, starting with multiple usage.

#Multiple Usage

If you would like your app to have access to refreshed patient data over time, multiple usage is your solution.

The original patient authorization will be kept valid for as long as the payer allows and Flexpa will update the patient's data at least every 24 hours for as long as that authorization is valid.

To use the multiple usage flow:

  1. First, pass the MULTIPLE string to the usage parameter during FlexpaLink.create.
  2. Once the patient completes the Flexpa Link flow, you will receive a public token.
  3. Exchange the public token for both an access_token and a refresh_token during the exchange step.
  4. The access_token is valid for 24 hours and can be used to make unlimited FHIR resource requests for that patient from the Flexpa API.
  5. Once the access_token is expired, use the refresh_token to make a call to our token refresh endpoint, https://api.flexpa.com/link/token, to receive a new access_token and refresh_token. This access_token is valid for another 24 hours.
  6. Use your new access_token to make unlimited FHIR resource requests for that patient from the Flexpa API.

Flexpa will maintain the authorization with the payer's endpoint for as long as the payer allows. During this time you do not need to have the patient re-authorize. If your access_token is expired (which you can check by making a request to the introspect endpoint), simply use your latest refresh_token to obtain a new access_token and get updated (within the last 24 hours) patient data from the Flexpa API.

Note: Multiple usage will incur the auto-update billable event.

Note: Not all payer endpoints are refreshable and support multiple usage. If this is the case, Flexpa will fall back to one-time usage, and you will not incur the auto-update billable event.

#One Time Usage

If your application only needs to access a patient's data within 24 hours of authorization, you would select ONE_TIME usage during FlexpaLink creation.

You will receive a non-refreshable access token that's valid for 24 hours. After the access token expires, Flexpa expunges the patient's data. If you want to access that patient's data again, the patient will need to re-authorize through Flexpa Link.

To use the one-time usage flow:

  1. First, pass the ONE_TIME string to the usage parameter during FlexpaLink.create.
  2. Once the patient completes the Flexpa Link flow, you will receive a public token.
  3. Exchange the public token for an access_token during the exchange step.

Note: You will not receive a refresh_token during the exchange step as you would with multiple usage.

  1. The access_token is valid for 24 hours and can be used to make unlimited FHIR resource requests for that patient from the Flexpa API.
  2. Once the access_token expires, Flexpa expunges the patient's data, and you will no longer be able to make FHIR resource requests to the Flexpa API for that patient.

#FAQ

#How long will Flexpa maintain the authorization for during multiple usage?

Flexpa attempts to maintain the authorization indefinitely or up to the maximum allowable limit for the payer. You can view this under "Token details" in our supported endpoints table.

#I've chosen multiple usage, but I can't access the Flexpa API and my access token is expired. What gives?

For security purposes, each access_token is only valid for 24 hours. Flexpa does continue to maintain the authorization and update the patient's data, however. Simply use your refresh_token to make a call to the token refresh endpoint, to obtain a new access_token and continue to access that patient's data.

#Is multiple usage available for all payers?

Unfortunately, no. While most payers do allow us to refresh the authorization, some do not. You can see a list of payers who do not support a refreshable token by viewing our endpoints page and selecting "Non-refreshable Token" from the dropdown labeled "All token types".

If this is the case, Flexpa will automatically fallback to one-time usage, allowing you to access the patient's data for up to 24 hours. When this happens you will not receive a refresh_token during the exchange step.

#How long is the refresh token valid for?

Each refresh_token is valid for 90 days (7776000 seconds).

Status TwitterGitHub

© 2024 Flexpa. All rights reserved.

On this page
  • Multiple Usage
  • One Time Usage
  • FAQ
  • How long will Flexpa maintain the authorization for during multiple usage?
  • I've chosen multiple usage, but I can't access the Flexpa API and my access token is expired. What gives?
  • Is multiple usage available for all payers?
  • How long is the refresh token valid for?