Usage patterns
Understanding your data needs is an important part of leveraging Flexpa for your use case. Do you need patient data only one time, upon authorization? Or do you need ongoing access to a patient's data?
For instance, if you're developing a patient onboarding experience and need their claims history only at that moment, one-time usage would suffice.
However, if you require continuous access, such as a clinical research organization monitoring regular intervals during a study, or an ICHRA or plan administrator ensuring regulatory compliance, multiple usage is the optimal choice. This allows ongoing access to a patient's data without requiring re-authorization each time.
Either way, Flexpa has you covered. During the FlexpaLink.create step you will pass a required usage
parameter depending on your desired access timeline. Let's break down each flow, starting with multiple usage.
#Multiple Usage
If you would like your app to have access to refreshed patient data over time, multiple usage is your solution.
The original patient authorization will be kept valid for as long as the payer allows and Flexpa will update the patient's data at least every 24 hours for as long as that authorization is valid.
To use the multiple usage flow:
- First, pass the
MULTIPLE
string to the usage
parameter during FlexpaLink.create.
- Once the patient completes the Flexpa Link flow, you will receive a public token.
- Exchange the public token for both an
access_token
and a refresh_token
during the exchange step.
- The
access_token
is valid for 24 hours and can be used to make unlimited FHIR resource requests for that patient from the Flexpa API.
- Once the
access_token
is expired, use the refresh_token
to make a call to our token refresh endpoint, https://api.flexpa.com/link/token
, to receive a new access_token
and refresh_token
. This access_token
is valid for another 24 hours.
- Use your new
access_token
to make unlimited FHIR resource requests for that patient from the Flexpa API.
Flexpa will maintain the authorization with the payer's endpoint for as long as the payer allows. During this time you do not need to have the patient re-authorize. If your access_token
is expired (which you can check by making a request to the introspect endpoint), simply use your latest refresh_token
to obtain a new access_token
and get updated (within the last 24 hours) patient data from the Flexpa API.
Note: Not all payer endpoints are refreshable and support multiple usage. If this is the case, Flexpa will fall back to one-time usage, and you will not incur the auto-update billable event.
#One Time Usage
If your application only needs to access a patient's data within 24 hours of authorization, you would select ONE_TIME
usage during FlexpaLink
creation.
You will receive a non-refreshable access token that's valid for 24 hours. After the access token expires, Flexpa expunges the patient's data. If you want to access that patient's data again, the patient will need to re-authorize through Flexpa Link.
To use the one-time usage flow:
- First, pass the
ONE_TIME
string to the usage
parameter during FlexpaLink.create.
- Once the patient completes the Flexpa Link flow, you will receive a public token.
- Exchange the public token for an
access_token
during the exchange step.
Note: You will not receive a refresh_token
during the exchange step as you would with multiple usage.
- The
access_token
is valid for 24 hours and can be used to make unlimited FHIR resource requests for that patient from the Flexpa API.
- Once the
access_token
expires, Flexpa expunges the patient's data, and you will no longer be able to make FHIR resource requests to the Flexpa API for that patient.
#FAQ
#How long will Flexpa maintain the authorization for during multiple usage?
Flexpa attempts to maintain the authorization indefinitely or up to the maximum allowable limit for the payer. You can view this under "Token details" in our supported endpoints table.
#I've chosen multiple usage, but I can't access the Flexpa API and my access token is expired. What gives?
For security purposes, each access_token
is only valid for 24 hours. Flexpa does continue to maintain the authorization and update the patient's data, however. Simply use your refresh_token
to make a call to the token refresh endpoint, to obtain a new access_token
and continue to access that patient's data.
#Is multiple usage available for all payers?
Unfortunately, no. While most payers do allow us to refresh the authorization, some do not. You can see a list of payers who do not support a refreshable token by viewing our endpoints page and selecting "Non-refreshable Token" from the dropdown labeled "All token types".
If this is the case, Flexpa will automatically fallback to one-time usage, allowing you to access the patient's data for up to 24 hours. When this happens you will not receive a refresh_token
during the exchange step.
#How long is the refresh token valid for?
Each refresh_token
is valid for 90 days (7776000 seconds).