Developer Resources

The Centers for Medicare and Medicaid Services (CMS) has required that payers of CMS-regulated plans implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) (using Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) Release 4.0.1). This Patient Access API allows patients to easily access their claims and encounter information, including cost (specifically provider remittances and enrollee cost-sharing).

This rule also requires payers of CMS-regulated plans to make provider directory information publicly available via a FHIR-based Provider Directory API.

Necessary Technical Documentation

FHIR

Health Level 7 (HL7) Version 4.0.1 Fast Healthcare Interoperability Resources (FHIR) Release 4, October 30, 2019

FHIR Release 4.0.1 provides the first set of normative FHIR resources. This normative designation means that the future changes will be backward compatible. These resources define the content and structure of core health data, which can be used by developers to build standardized applications.

SMART Implementation Guide / OAuth 2.0

SMART Application Launch Framework Implementation Guide Release 1.0.0, November 13, 2018

SMART on FHIR provides reliable, secure authorization for a variety of app architectures through the use of the OAuth 2.0 standard. This Authorization Guide supports the four use cases defined for Phase 1 of the Argonaut Project. This profile is intended to be used by app developers that need to access FHIR resources by requesting access tokens from OAuth 2.0 compliant authorization servers. The profile defines a method through which an app requests authorization to access a FHIR resource, and then uses that authorization to retrieve the resource.

OAuth 2.0

The OAuth 2.0 Authorization Framework

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

USCDI

United States Core Data for Interoperability (USCDI), June 2025, Version 3.1 (v3.1)

The USCDI is a standardized set of health data classes and component data elements for nationwide, interoperable health information exchange.

Accessing the BlueCross BlueShield of TN Provider Directory API

API Category Security Requirements API Endpoint(s) Supporting Documentation
FHIR Capability Statement Open access https://api.bcbst.com/r4/providerdirectory/BCBST/metadata The metadata endpoint provides the CapabilityStatement resource from the FHIR server.
Provider Directory API Open Access https://api.bcbst.com/r4/providerdirectory/BCBST/Endpoint
https://api.bcbst.com/r4/providerdirectory/BCBST/HealthcareService
https://api.bcbst.com/r4/providerdirectory/BCBST/InsurancePlan
https://api.bcbst.com/r4/providerdirectory/BCBST/Location
https://api.bcbst.com/r4/providerdirectory/BCBST/Organization
https://api.bcbst.com/r4/providerdirectory/BCBST/OrganizationAffiliation
https://api.bcbst.com/r4/providerdirectory/BCBST/Practitioner
https://api.bcbst.com/r4/providerdirectory/BCBST/PractitionerRole

The Provider Directory APIs can be used to create applications to access information about providers and pharmacies.

Implementation Guides Supported Profiles

Swipe to see more

Swipe Icon

Getting Access to the BlueCross BlueShield of TN Patient Access API

BlueCross BlueShield of Tennessee has created a registration process for third-party app developers who want to connect members through their app. To begin the registration process, please visit the BCBST Developer Portal at https://fdp.edifecsfedcloud.com/#/portal/bcbstn/home.

  • Select 'Log in as Developer' to create a new account or login to existing account
  • Once logged in, select the 'Applications' tab and click Register Application to request access to sandbox and production Patient Access APIs
  • Select 'Register' once required details have been entered

After we've completed registering your application, you will receive an email notification that your Client ID and Client Secret have been issued and are available to access via the portal.

If additional information is needed to complete the registration, you will be contacted at the email address provided within the portal.

 

USING BRAND ASSETS

Here are some brand assets you may need in your application.

 

Select the links below to download a ZIP file with the approved BlueCross BlueShield of Tennessee logos and a PDF outlining their correct usage.

Do you have more questions?

For more information about interoperability for app developers, please visit the CMS webpage about the CMS Patient Access Final Rule.

If you have questions about connecting to the BlueCross FHIR API, please send any questions in an email with a contact name, company name, app title, to BCBST_Interoperability_Support@bcbst.com.

We may be directed to give your application access to patient identifying information that is protected by 42 CFR Part 2 (the federal Confidentiality of Substance Use Disorder Patient Records). By registering with our API, you acknowledge and agree that you have received the prohibition on redisclosure notice that 42 CFR part 2 prohibits unauthorized disclosure of these records.