Developer Resources
The Centers for Medicare and Medicaid Services (CMS) has required that payers of CMS-regulated plans implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) (using Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) Release 4.0.1). This Patient Access API allows patients to easily access their claims and encounter information, including cost (specifically provider remittances and enrollee cost-sharing).
This rule also requires payers of CMS-regulated plans to make provider directory information publicly available via a FHIR-based Provider Directory API.
Necessary Technical Documentation
FHIR
Health Level 7 (HL7) Version 4.0.1 Fast Healthcare Interoperability Resources (FHIR) Release 4, October 30, 2019
FHIR Release 4.0.1 provides the first set of normative FHIR resources. This normative designation means that the future changes will be backward compatible. These resources define the content and structure of core health data, which can be used by developers to build standardized applications.
SMART Implementation Guide / OAuth 2.0
SMART Application Launch Framework Implementation Guide Release 1.0.0, November 13, 2018
SMART on FHIR provides reliable, secure authorization for a variety of app architectures through the use of the OAuth 2.0 standard. This Authorization Guide supports the four use cases defined for Phase 1 of the Argonaut Project. This profile is intended to be used by app developers that need to access FHIR resources by requesting access tokens from OAuth 2.0 compliant authorization servers. The profile defines a method through which an app requests authorization to access a FHIR resource, and then uses that authorization to retrieve the resource.
OAuth 2.0
The OAuth 2.0 Authorization Framework
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
USCDI
United States Core Data for Interoperability (USCDI), June 2025, Version 3.1 (v3.1)
- URL: United States Core Data for Interoperability (USCDI) | Interoperability Standards Platform (ISP)
The USCDI is a standardized set of health data classes and component data elements for nationwide, interoperable health information exchange.
Accessing the BlueCross BlueShield of TN Provider Directory API
| API Category | Security Requirements | API Endpoint(s) | Supporting Documentation |
|---|---|---|---|
| FHIR Capability Statement | Open access | https://api.bcbst.com/r4/providerdirectory/BCBST/metadata | The metadata endpoint provides the CapabilityStatement resource from the FHIR server. |
| Provider Directory API | Open Access | https://api.bcbst.com/r4/providerdirectory/BCBST/Endpoint https://api.bcbst.com/r4/providerdirectory/BCBST/HealthcareService https://api.bcbst.com/r4/providerdirectory/BCBST/InsurancePlan https://api.bcbst.com/r4/providerdirectory/BCBST/Location https://api.bcbst.com/r4/providerdirectory/BCBST/Organization https://api.bcbst.com/r4/providerdirectory/BCBST/OrganizationAffiliation https://api.bcbst.com/r4/providerdirectory/BCBST/Practitioner https://api.bcbst.com/r4/providerdirectory/BCBST/PractitionerRole |
The Provider Directory APIs can be used to create applications to access information about providers and pharmacies. Implementation Guides Supported Profiles |
Swipe to see more
Getting Access to the BlueCross BlueShield of TN Patient Access API
BlueCross BlueShield of Tennessee has created a registration process for third-party app developers who want to connect members through their app. To begin the registration process, please visit the BCBST Developer Portal at https://fdp.edifecsfedcloud.com/#/portal/bcbstn/home.
- Select 'Log in as Developer' to create a new account or login to existing account
- Once logged in, select the 'Applications' tab and click Register Application to request access to sandbox and production Patient Access APIs
- Select 'Register' once required details have been entered
After we've completed registering your application, you will receive an email notification that your Client ID and Client Secret have been issued and are available to access via the portal.
If additional information is needed to complete the registration, you will be contacted at the email address provided within the portal.
USING BRAND ASSETS
Here are some brand assets you may need in your application.
Select the links below to download a ZIP file with the approved BlueCross BlueShield of Tennessee logos and a PDF outlining their correct usage.
Logo usage guidelines
Logo ZIP folderDo you have more questions?
For more information about interoperability for app developers, please visit the CMS webpage about the CMS Patient Access Final Rule.
If you have questions about connecting to the BlueCross FHIR API, please send any questions in an email with a contact name, company name, app title, to BCBST_Interoperability_Support@bcbst.com.
We may be directed to give your application access to patient identifying information that is protected by 42 CFR Part 2 (the federal Confidentiality of Substance Use Disorder Patient Records). By registering with our API, you acknowledge and agree that you have received the prohibition on redisclosure notice that 42 CFR part 2 prohibits unauthorized disclosure of these records.