NAV
request response html javascript ruby

Prescriber Systems API

Last updated: August 31, 2017

Published By:
CoverMyMeds, L.L.C.
Columbus, OH 43215
866-452-5017
www.covermymeds.com

Copyright © 2017 by CoverMyMeds, LLC.

Introduction

This API allows companies offering Electronic Health Record (EHR), stand-alone e-prescribing, or Practice Management Systems (“systems”) to offer a compelling prior authorization solution to their customers. Integrating with the API is straight-forward for both “on-premise” client server applications and browser-based systems. The API uses vanilla web services (REST), and is backed by development libraries that make using it a piece of cake.

Because PA will eventually become a named HIPAA standard, most EHR systems will need to support an electronic PA solution. Some may choose to build this themselves from the raw NCPDP ePA transactions, though this involves an incredible amount of work — our experience over the past five years shows that making ePA worth using in the real world is a monumental task that many will wish to avoid. So that EHR systems can focus on other things, CoverMyMeds’ API offers a number of powerful built-in features.

After completing this integration, your ePA system will:

Workflow

Prior Authorization may be initiated “prospectively” in the doctor’s office, or “retrospectively” after a claim rejection in the pharmacy. The pharmacy industry generally favors moving toward prospective prior authorization, ideally at the point of prescribing. However, because the majority of PAs are initiated retrospectively today, we believe it is important to address both use cases. CoverMyMeds’ Prescriber API allows a clinical system vendor’s product (system) to easily support a paperless process for both workflows.

The core workflow concept in the CoverMyMeds API is a “PA Task List” that is populated by both retrospective pharmacy (rejected claim) transactions and prospective physician (e-prescribing) transactions.

Integration Components

An integration with the CoverMyMeds API can be a quick process, with few components to implement in your system.

User Interface

You will be supporting three user-interface components in your EHR:

  1. A checkbox next to each prescription in your e-prescribing “shopping cart.” This allows the prescriber to start a prior authorization when writing a new prescription. Optionally, you should also consider adding a “Start PA” button next to each existing prescription. Walk through an example e-Prescribing workflow.

  2. A “New PA” form that allows users to start a prior authorization when one was not started during the e-prescribing process. You may see an example New PA Form.

  3. A Task List which displays the PAs that were started from the e-prescribing or New PA form, in addition to the PAs that were started in the pharmacy after your prescriber sent a prescription (most pharmacies are also integrated with CoverMyMeds). The actual requests are worked and managed on a “themed” page served by CoverMyMeds after clicking through the Task List. You may see an example Task List.

You will be supporting a few server-side components:

Webserver

You may run a webserver that allows us to POST changes to each existing PA, and to send new PAs that are initiated by integrated pharmacies. Updates to your existing PAs are provided by our callback service. The URL for your webserver is registered in your Developer Account. Using the Callback service is optional, but strongly suggested as it is the only way to receive prior authorizations from integrated pharmacies.

Token Management

You will store ids and tokens for each prior authorization. A detailed discussion of tokens is available below.

Prescriber

You may choose to automatically register all of your prescribers using our /prescribers/credentials/ resource, or you may wish to allow your prescribers to manage their own preferences. If you allow self-management, you will need a “checkbox” in your “preferences” settings that indicates that the prescriber is using the CoverMyMeds integration. When checked, you should create a /prescriber/credentials/ resource. When unchecked, you should delete the resource.

Mapping the Workflow to the API

There are two ways a PA is created:

  1. A system initiates a prior authorization with POST /requests/.
  2. A pharmacy sends data to CoverMyMeds using our Pharmacy API.

Once created, PAs are worked in the system through the task list. You may keep your task list updated by storing PA data upon creation, and then updating it with the Callback service. Should you choose not to implement the Callback service, you may poll for updated PA information through the GET /requests/ or POST /requests/search/. In either case, you have full control over which users are allowed to access each PA request.

When a user clicks an item in your task list, you may choose to display the CoverMyMeds page for that PA within a frame in your system – with single-sign-on mediated by token-based access control – or you may use /request-pages for full control over look and feel of the request page.

Upon each change in status to a PA (e.g., health plan approval), CoverMyMeds’s Callback service will POST the request data to your server at the URL you have provided in your Developer Account.

The system may also retrieve the latest PA status through the GET /requests/ resource, or for multiple requests through the POST /requests/search/ resource. These URLs may be polled at a reasonable interval (i.e., hourly) for systems that choose not to use the Callback service.

Upon each new PA being created in an integrated pharmacy, CoverMyMeds will use the Callback service to send your system the new PA.

Plans that participate in the ePA process with CoverMyMeds receive electronic PA requests, and provide electronic determinations (approved/denied) – sometimes in real-time.

Plans that do not participate in the ePA process receive a PA request via fax, on their appropriate drug-specific form. Determinations for such “classic” plans are provided directly to the prescriber (outside of the CoverMyMeds workflow), though approval or denial may be recorded directly by the user for posterity.

Quick Start

We will get started by using the API to create prior authorization (PA) requests and display a task list of PAs for your users.

Creating a PA

<!-- create a PA -->
<form method="post" action="https://api.covermymeds.com/requests" id="post_requests_quickstart">
  <label for="first_name">request[patient][first_name]</label>
  <input id="first_name" name="request[patient][first_name]" placeholder="(required)" type="text">
  <label for="last_name">request[patient][last_name]</label>
  <input id="last_name" name="request[patient][last_name]" placeholder="(required)" type="text">
  <label for="date_of_birth">request[patient][date_of_birth]</label>
  <input id="date_of_birth" name="request[patient][date_of_birth]" placeholder="(required)" type="text">
  <label for="state">request[state]</label>
  <input id="state" name="request[state]" placeholder="(required)" type="text" maxlength="2">
  <label for="drug_id">request[prescription][drug_id]</label>
  <input id="drug_id" name="request[prescription][drug_id]" value="094563" type="text">
  <input type="hidden" name="v" value="1">
  <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
  <input type="submit" value="Submit">
</form>

<!-- retrieve a PA -->
<form method="post" action="https://api.covermymeds.com/requests/search" id="post_requests_search_quickstart">
  <label for="requests_token_id">token_ids[]</label>
  <input id="requests_token_id" name="token_ids[]" placeholder="(required)" type="text">
  <input type="hidden" name="v" value="1">
  <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
  <input type="submit" value="Submit">
</form>
// Uncomment <script> tags if needed
// <script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
// <script>
$(function () {
  // Create a PA
  $.ajax({
    method: 'post',
    url: 'https://api.covermymeds.com/requests',
    data: {
      api_id: '1vd9o4427lyi0ccb2uem',
      v: 1,
      request: {
        form_id: 'anthem_ppi',
        state: 'OH',
        patient: {
          first_name: 'Matt',
          last_name: 'Smith',
          date_of_birth: '01/27/1979'
        },
        prescription: {
          drug_id: '131079'
        }
      }
    },
    success: function (data) {
      console.log("Request created! " + JSON.stringify(data));
    }
  });

  // Retrieve a PA
  $.ajax({
    method: 'post',
    url: 'https://api.covermymeds.com/requests/search',
    data: {
      api_id: '1vd9o4427lyi0ccb2uem',
      v: 1,
      token_ids: ['gq9vmqai2mkwewv1y55x']
    },
    success: function (data) {
      console.log("Request search results: " + JSON.stringify(data));
    }
  });
});
// </script>

Create a PA by POSTing to /requests/. Use the code samples or the interactive documentation for the POST /requests resource.

The response includes an id and a tokens[id]. Save these and use them to retrieve the PA later.

Retrieving a PA

GET a PA using the /requests/ resource. You must authenticate your request with a token for the PA.

You can display the PA you created in the CoverMyMeds system by following the link in [requests][tokens][html_url], or you can build your own from a known token value by formatting it like this: https://www.covermymeds.com/request/view/{id}?token_id={access_token}&remote_user[display_name]={display_name}&remote_user[phone_number]={phone_number}&remote_user[fax_number]={fax_number}.

API Overview

REST

This is a REST API, which allows you to use any HTTP client you wish, including your favorite language’s HTTP library, curl, JavaScript, or HTML and a browser. In addition to system integrations, this documentation is built with the API, as are many components of our own website, and our sample EHR application.

The API is designed with intuitive resource-oriented URLs and HTTP response codes to indicate errors. We use built-in HTTP features like HTTP verbs.

Requests to the API are URL-encoded query or form data. This encoding will be handled automatically by most HTTP libraries. For example, jQuery’s AJAX methods take a JavaScript object, and automatically convert it to request data appropriately.

JSON is returned in all responses from the API, including errors.

Versioning

Currently, the API is on version “1”. Without changing the version number we may add additional fields to any response, accept additional fields on any resource, or add enumerated values to an existing field on a resource. Your system should be written to tolerate these changes.

If we need to remove a field, change a data type, or move/rename a field we will increment the version number.

You must specify the version of the API you are using in all requests with the v attribute. Use the interactive documentation to see how this is done.

We will support API versions for at least one year from the next version’s release date. New versions will be announced with an email to the address registered with each Developer Account, and with personal follow-up from your Account Manager if we believe the version of the API you are using needs to be updated.

Development, Testing, and Staging

The base URI for the API is https://api.covermymeds.com. We encourage users to “play around” with our system. There is little you can do that will cause any real harm. Just remember that everything actually works. For example, when you send a fax, it will actually be transmitted. This is usually good, but remember to send faxes to yourself and not a provider or plan.

It is also possible to submit electronic transactions to health plans. To avoid this, you can take advantage of our test payer. You can interact with this payer like any other health plan, but without having to worry about starting a “real” PA. You can find out more about Mock in the Testing section.

CoverMyMeds also provides “always succeeds” and “always fails” fax numbers that you can use for testing:

614-999-9999 # faxes sent to this number will always succeed 614-555-5555 # faxes sent to this number will always fail

Interactive Documentation

The interactive documentation you see to the right of this section is built on our API. You can use the html tab to submit API requests using your browser.

We attempt to make all code, including the HTML forms copy/paste-able into your own file or console. If something doesn’t work after being directly copied, you may need to make a minor modification such as uncommenting a script tag-we try to mark these cases in comments in the code.

If you are having trouble getting something to run, contact us right away! Our job is to make this as easy as possible.

Library Code

You can use our jQuery plugins that allow you to easily build your integration in a browser or browser control in your desktop software. You can see these in use in our sample EHR application.

Ruby

A rubygem is provided at rubygems.org.

Add this line to your application’s Gemfile: gem 'covermymeds-api'

And then execute: bundle

In order to use the gem, you’ll need to register to obtain an api key and secret. To learn more about using the rubygem, please consult the full documentation.

We can also provide bindings for other languages upon request.

Determining When Prior Authorization is Necessary

The question of when prior authorization is required depends on multiple factors, including: the patient’s insurance formulary, whether the patient has already obtained prior authorization for this prescription, and the payer’s level of support of the therapy. Traditionally, systems use the Formulary and Benefit standard to indicate to the prescriber that prior authorization is required, but the standard only describes prior authorization needs at the Group level.

The indicators resource exposes a data analysis algorithm that statistically determines the requirement of prior authorization based on information about a prescription. By leveraging machine-learning and RelayHealth’s RxBenefit Clarity service, it can predict the need for prior authorization to nearly 100% accuracy, given enough information.

Workflow

The /indicators resource provides two endpoints: /indicators, and the /indicators/search.

In the typical e-prescribing workflow, a prescriber will first be presented with a list of drugs that are appropriate to the given diagnosis. One or more of those drugs may be chosen and applied to the prescription order.

The /indicators/search route may be used when displaying a set of drugs to a prescriber from which to choose. Given information about an arbitrary set of drugs, the route returns an indication of whether prior authorization is required for each drug, and whether it is an autostart drug.

The indicators route is to be used when the prescriber has chosen one drug to prescribe. This route will return indicators of whether prior authorization is required, along with co-pay and prescriber messaging.

Autostart

If PA is required, enough information is provided to begin PA, and the drug is determined to be an auto-start prescription, the system responds with “autostart: true”.

RelayHealth RxBenefit Clarity ™ (RBC)

RBC directly queries the PBM for benefit information such as whether PA is required and co-pay amount. By asking the PBM for benefit information directly, the service provides a highly accurate real-time benefit check for the patient.

If sufficient information is supplied (see indicators), then RBC is used for determining the requirements for prior authorization. Otherwise, the /indicators resource uses its machine-learning algorithm to determine whether PA is required for this prescription.

Ux Requirements

There are specific requirements for the user interface when using the RBC information, as detailed below.

Working with Requests

CoverMyMeds connects to dozens of health plans electronically, providing a “compatibility layer” for the provider in the case of plans that do not support electronic connection for ePA.

Workflow Considerations

Creating and Editing Requests

A recommended workflow is to show the user the newly created request with clinical criteria immediately after creating it for administrative staff who want to complete the PA in one sitting.

When a PA is created in the e-prescribing workflow, it is best to let the prescriber know that the PA was created and let it be worked later by
administrative staff, perhaps in a task list.

Task List/Dashboard

It is also recommended to provide users an overview of the prior authorization requests in a dashboard or task list. Keeping a cache of metadata for each request will ensure that the dashboard is quick to display. Update the metadata with each callback to make sure that your system displays the most relevant information.

Creating a PA Request

You use the /requests resource to create a PA request. The API takes patient, prescription, prescriber, and payer information to create the request within the CoverMyMeds system as if it had been typed into the web site directly.

At a minimum, in the request, specify the patient’s first & last name, the patient’s state of residence, and the drug being prescribed. If you supply the patient’s insurance information (BIN, PCN, and GroupID), CoverMyMeds will automatically find the correct set of clinical questions from the payer. If not, the user will be prompted to select the appropriate payer the first time the request is accessed.

The drug may be specified with either the CoverMyMeds drug_id, obtained from a drug search or an NDC code. Most plans will approve requests at the “label name” (drug, strength, form) or an even higher level, so you may pick a “representative” NDC code when submitting your request.

Be sure to specify the patient’s state of residence, as opposed to the prescriber’s state or the state the patient works in. The “state” value is used for associating the patient to the correct payer, and finding the correct set of clinical questions.

Editing & Viewing Prior Authorization Requests

Supporting a great user experience across thousands of health plans’ distinct prior authorization forms, NCPDP ePA transactions, and proprietary integrations presents many user interface challenges.

A fundamental element of the PA request interface is the request page. The request page provides a user interface and workflow tools to allow the user to manage prior authorization requests. However, request pages offer different functionality depending on the form, the payer, and the drug, which makes it difficult to design Ux that manages the workflow within your system.

CoverMyMeds offers two solutions to this problem. The first is to serve the prior authorization request page from the CoverMyMeds server embedded within your user interface, using the /request/view link described below. We encourage you to “theme” the page for your system. Details are included in the Theming section.

For custom integrations with a need to completely control the look and feel, or for desktop and mobile systems, we offer a workflow solution, which renders the pages in a workflow with user interface elements custom to your system, using the request-pages resource.

Choosing a PA item in your Task List should direct your user to the CoverMyMeds request page. CoverMyMeds provides a seamless transition with single-sign-on mediated by the access token and remote_user query string parameters.

You can get a URL to each PA request in [requests][tokens][html_url], or you can build your own from a known token value.

You format a link like this: https://www.covermymeds.com/request/view/{id}?token_id={access_token}&{remote_user}

Here is an actual link to a request.

Tracking Local Users’ Actions with remote_user

remote_user identifies the contact information for the client system’s user accessing the PA. Contact information is saved by CoverMyMeds in the PA’s history, as an audit trail. The remote_user parameter currently supports name, phone, and fax number. Additional values may be added over time.

Below is an example:

https://www.covermymeds.com/request/view/:id?token_id={access_token}&remote_user[display_name]={display_name}&remote_user[phone_number]={phone_number}&remote_user[fax_number]={fax_number}

Here is an actual link with remote user information.

Updating Data in a Request

The only PA request field available to update programmatically is the memo field. The memo field allows client systems to store up to 4000 bytes of client-system-specific information associated with a PA request, such as the database record ID of the patient record associated with the request. When supplied, the contents of the memo field are saved into the PA and returned upon each subsequent GET to /requests/{id}, exactly as they were supplied.

Deleting a Request

PA requests in the CoverMyMeds use a “soft-delete” approach in which PA requests are never really deleted, but rather the tokens associated with a request are deleted.

When a Request changes, the event history is updated and a Callback is enqueued for delivery to the client system.The events array is a time-stamped history of changes to the status of the Request.

When your system receives a callback with a DELETE event in the events array, you should remove the user’s token for the PA from the appropriate user’s task list. The remote_user object associated with the DELETE event contains a copy of the ?remote_user[] attributes that were presented when the user accesed the PA request on the CoverMyMeds portal, to help identify the user who wishes to delete the request.

Events

The events array is a time-stamped history of significant events in the lifecycle of a request. When a significant event occurs, the history is updated on the CoverMyMeds server and a callback is enqueued for delivery to the client system. The callback contains an array called “events”, with one entry for each event in the history of the PA. Events give client systems an audit trail for deletes and unrecoverable transmission failures. Using the event array, the client system can take appropriate action for the event, trigger workflow, and adjust the user’s view.

{
"events": [
    {
      "type":                   "string (values: DELETE | REQUEST_FAX_FAILURE)",
      "time":                   "ISO8601 datetime string",
      "remote_user":            "object"
    }
  ]
}
Event Description
“DELETE” The request has been marked for deletion in the CoverMyMeds system. This can happen when the request is either deleted or archived by a user in the CoverMyMeds portal or through the API. Client systems should record the user who performed the deletion and delete local records of the PA appropriately. See Deleting a Request for more detail.
“REQUEST_FAX_FAILED” Occurs when the transmission to a fax-connected plan has suffered an unrecoverable failure. Faxes are retried several times to account for busy lines, phone system failure, or server errors. After the specified number of retries, the PA is marked as REQUEST_FAX_FAILED and a callback is sent to the client system which created the PA. Client systems must be written to tolerate such failures and allow user intervention to process the PA.

Changing the Theme

<div>
  <img alt="EHR Logo"
   src="http://www.mycompany.com/images/mylogo.png"
   />
</div>

<style type="text/css">
  #custom-theming {
    background-color: "black" !important;
  }
</style>

Client systems may specify the theming that is used on the CoverMyMeds request and related pages with “Custom Theming”, set in your Developer Account.

The theme text may contain HTML and inline CSS.

You may include a logo for your EHR system by base64 encoding it as a string and using it as an image source as shown to the right.

If you are not opening a new window for the request page, it may be a good idea to include a “Back to EHR” link (if your system can be addressed by URL).

The theming data is not stored with each request. So remember that if you change it, requests that were created previously will reflect your new theme.

Disabling CoverMyMeds Functionality

<style type="text/css">
  .api-configurable.fax-control     { display: none !important; }
  .api-configurable.email-control   { display: none !important; }
  .api-configurable.delete-control  { display: none !important; }
</style>

You may wish to disable some functionality on the CoverMyMeds request page such as the “Fax” or “Delete” buttons. We provide documented css selectors that you can use in your custom theming for this purpose.

ui-hooks

The “First PA video” and “Chat with CoverMyMeds” sections can also be disabled on request.

Using Request Pages

As an alternative to framing the CoverMyMeds request pages within your UI, we offer a hypermedia API. Using the /request-pages resource, your system can natively follow the PA request workflow, without anticipating details.

The request-pages resource provides the data and actions appropriate to a PA workflow stage, independent of your UI technology, so that the user can work through the entire PA process within your system. Your system uses that information to draw UI for this stage in the workflow. The request-pages resource is designed for web-based, desktop, or mobile applications.

The Request-Pages Loop

To follow the workflow, your system works in a loop, rendering screens based on responses from the server. Each response presents the data and actions possible for the PA in its current state. Users traverse the workflow by invoking the actions returned with each response. The loop ends when the user no longer requests another link.

For each key in the forms property of the request-pages response:

  1. Record the form’s identifier property (e.g. pa_request); it will be used as a reference var form_identifier = request_page.forms.keys[0];
  2. When a question_id property is reached, retrieve its value from data[form_identifier]["some_question_id"], or the question_answer(s) property (if using typed-json)
  3. When a coded_reference property is reached, render the UI with coded reference data obtained by using the ref value in coded_references and performing an HTTP request to the specified endpoint
  4. Apply validations to the form field from the validations property
  5. Render links and submit buttons from the actions property. Executing an action will return another request-pages response to be rendered.

The data property

Example: "data": { "pa_request": { "patient_firstname": "Mark" "drug_name": "Ambien" "office_fax": null ... more fields ... } }

The “data” property holds the answers to the questions for each form or question set in the current PA request page. In the example above, pa_request is a hash of question_id’s and answers for each question in the pa_request form.

The question_sets property

"forms: { "string ref": { "question_sets": [ { "title": "string" "questions": [ { "question_type": "FREE_TEXT" "question_text": "string" "question_id": "string" "default_next_question_id": "string ref" "coded_reference": { "code": "string", "qualifier": "string", "code_system_version": "integer" "id": "string" "ref": "string ref" } flag: "REQUIRED" | "IMPORTANT" | null, "help_text": "string" } ] } ] } }

The question_sets property contains all of the display information required to render a set of questions in your system. For a web-based system, for example, a question set might render as a <fieldset> within a <form>, with the title property used as the <legend>. A question_set may contain one or more questions which correspond to one of several types of question possible.

Coded References

“Coded reference” is the use of an industry standard code system to describe patient information. request-pages supports the use of arbitrary vocabularies by payers in question sets. When a payer sends a coded reference for a question, it is included in the question as the coded_reference property.

The client system should use the coded_reference to retrieve the answer to the question, present it to the prescriber for their review or modification, and place it in the data or question_answer properties, depending on the Content-Type being used.

The provided_coded_references property

Provided coded references help client systems render user interface elements for specific questions. See request-pages for descriptions of provided coded references currently supplied by CoverMyMeds.

In the example below, the CoverMyMeds:form-search:1: coded reference returns a list of forms for a given drug, state, and plan.

"provided_coded_references": [ "CoverMyMeds:form-search:1:": { "href": "https://api.covermymeds.com/forms/?api_id=123ABC&v=1", "method": "GET", "data_fields": [ { "question_id": "form_id", "query_parameter": "q" }, { "question_id": "drug_DDID", "query_parameter": "drug_id" }, { "question_id": "state_id", "query_parameter": "state" } ] } ]

The data_fields array is used to construct a query string, using query_parameter as the key. The value is retrieved from the form field identified by the question_id key.

Each element in the data_fields array describes query string parameters for the URI in the href property. The question_id property gives the name of the element on the page with the value to supply. Put the value from the named element into the query string parameter named by the query_parameter property.

In this example, the full URL for the CoverMyMeds form search would be:

http://api.covermymeds.com/forms?api_id=123ABC&v=1&q=blue&drug_id=12345&state=OH

The validations property

"validations": { "icd9": { "type": "REGEX" "value": "^(V\d{2}(.\d{1,2})?|\d{3}(.\d{1,2})?|E\d{3}(.\d)?)$" "message": "Invalid icd9 code" "html_attributes": null } }

The validations property provides a set of client-side validations that should be applied to the rendered form to help the user complete the PA correctly. Validations are attached to a field by putting the name of the validation in the validations array for a question.

When the html_attributes property is present it provides a set of attributes that can applied to the rendered form to leverage a web browser’s built in validations.

See request-pages for details on these validation types.

The actions property

The actions property lets your system display the correct actions for a PA at any stage of its workflow, without knowing the full set of actions ahead of time. The workflow may vary by health plan and the type of connection (e.g., ePA, proprietary electronic connection, paper form).

The properties of an action give details on how to manipulate the PA for that workflow step.

Submitting each action requires the same authentication as GET /requests/{id}. See the authentication section for details.

"actions": [ { "ref": "pa_request" "title": "Save" "href": "http://www.covermymeds.com/request-pages/XXYYZZ?token_id=adfoi30238b012j" "method": "POST", "display": "DEFAULT" }, { "ref": null "title": "Email" "href": "http://www.covermymeds.com/request-pages/XXYYZZ/email?token_id=adfoi30238b012j" "method": "GET", "display": "DISABLED" }, { "ref": "pa_request" "title": "Send to Plan" "href": "http://www.covermymeds.com/request-pages/XXYYZZ/send_to_plan?token_id=adfoi30238b012j" "method": "POST", "display": "DEFAULT" } ]

Possible Form Elements

Each questions sub-property of the forms property will be rendered as a form element for the user to complete. The table below is a list of possible values for the question_type property:

question_type html corollary
FREE_TEXT <input type="text"/>
CHOICE <select><option></option></select>
DATE <input type="date"/>
NUMERIC <input type="number"/>
STATEMENT <div>
HIDDEN <input type="hidden"/>
FILE <input type="file"/>
CHECKBOX <input type="checkbox"/>
FREE_AREA <textarea/>

All of the questions share these properties:

Some of the question types modify the base question with extra or missing properties. See below for a table of properties and question types.

Property Data Type Description Question Type
question_id string unique identifier for the question within this question_set ALL
question_type string type of question. one of the values to the right ALL
question_text string the question being asked ALL
default_next_question_id string the next question to send the user to after this one is answered ALL
flag enum REQUIRED, IMPORTANT, or null. Hint for UI decoration. FREE_TEXT
CHOICE
DATE
NUMERIC
STATEMENT
FILE
CHECKBOX
FREE_AREA
help_text string String displayed to the user to help them answer the question. For example, “Enter a number between 1 and 10”. FREE_TEXT
CHOICE
DATE
NUMERIC
STATEMENT
FILE
CHECKBOX
FREE_AREA
coded_reference object A system-readable reference to the data being requested in the question for the EHR to supply automatically. FREE_TEXT
CHOICE
DATE
NUMERIC
STATEMENT
FILE
CHECKBOX
FREE_AREA
validations array array of strings referring to elements of the validations property. Validations are applied to the answer to the question. For example, this could point to a regular expression that validates a phone number. FREE_TEXT
CHOICE
NUMERIC
choices array In a CHOICE question, an array of objects representing the choices for the user. CHOICE
select_multiple boolean Indicates whether the user can select more than one choice or exactly one. CHOICE
comparisons array Array of numeric expressions for numeric questions to use for branching. NUMERIC
content_plain string Plain text of the statement. STATEMENT
content_html string HTML fragment representing the text of the statement. Allows formatting of text within the content. STATEMENT
checked_value string The value to submit to the EHR when this checkbox is selected. CHECKBOX
placeholder string Text to display in a FREE_TEXT or FREE_AREA as a prompt to the user. FREE_TEXT
FREE_AREA
question_answer string The answer to the question being asked. Only available in typed+json schema. FREE_TEXT
DATE
NUMERIC
HIDDEN FILE
CHECKBOX
FREE_AREA
question_answers* array The answers to a multiple-select choice question. Only available in typed+json schema. CHOICE (select_multiple:true)

Branching logic

The questions that are presented to the user may depend on their answer to previous questions. Both the NUMERIC and CHOICE question types can have properties that specify the branching logic.

The system may choose to show all the questions at once, or to step the user through one question at a time.

For CHOICE type questions

If not null the next_question_id property for the selected choice should be used to determine the next question to display.

If the next_question_id property is null, the default_next_question_id of the parent CHOICE should be the next question displayed.

For NUMERIC type questions

For NUMERIC type questions the comparisons array may include a list of conditions to select the next question. When next_question_id is null the default_next_question_id should be used.

"comparisons": [ { "type": "SINGLE_COMPARISON" "comparison_operator": "LT" "comparison_value": 5 "next_question_id": null } { "type": "RANGE_COMPARISON" "lower_bound_comparison_value": 5 "lower_bound_comparison_operator": "GT" "upper_bound_comparison_value": 10 "upper_bound_comparison_operator": "LE" "next_question_id": null } ]

STATEMENT type questions

Some forms need to display information only “questions” to the user. These “questions” do not get answers, they are simply displayed as static text.

"questions": [ { "question_type": "STATEMENT" "question_text": "" "content_plain": "This form was displayed because the search terms didn't match a specific Medicare plan or PBM." "content_html": "<p>This form was displayed because the <strong>search terms didn't match a specific Medicare plan or PBM.</strong></p>" "question_id": "reason_displayed" "default_next_question_id": "gender" "help_text": "" } ]

HIDDEN questions

Some forms require information supplied by the system, but not by the user. A HIDDEN question allows the system to send information to the payer, or to CoverMyMeds directly without involving the user.

"questions": [ { "question_type": "HIDDEN", "question_text": "we need some hidden information", "question_id": "hidden_question_1", "default_next_question_id": "reason_displayed", "flag": "IMPORTANT", "question_answer": "Jack Johnson" }

Error Handling in request-pages

Errors may be returned to the system while in its request-pages loop. For simplicity, we use standard HTTP status codes in responses as described in Handling Errors. Clients System implementations are expected to check the HTTP response codes before attempting to process the JSON response.

Callbacks

Callbacks are issued to a Client-System-specific endpoint with each status change to a request (e.g., health plan approval). Callbacks contain the latest known data for a request at the time of sending, formatted identically to the response schema in the requests resource. In this way, systems are guaranteed to receive the most up-to-date status of the request.

To simplify development, callbacks contain the latest known data for a request at the time of sending and a timestamped history of status changes. Client systems are guaranteed to receive callbacks with the most up-to-date status of the request.

While the CoverMyMeds system will make a best-effort to deliver callbacks in order for each change to the PA, due to the asynchronous nature of HTTP, it is possible that callbacks will arrive out of order or states will be skipped.

For example, you may receive a callback generated by the response from a payer before the one generated due to creation of your request.

Using Callbacks

To use the Callback service, implement an HTTP server to which CoverMyMeds may send data each time there is a status change, or when a new PA is created by an integrated pharmacy.

Register your endpoint as a global Callback URL in your Developer Account. If you are supporting multiple on-premise systems, you may register a Developer Account for each web server that will be running, and then use the appropriate api_id in each on-premise installation.

For convenience, you may specify individual delivery_urls for each prescriber NPI (without registering multiple Developer Accounts) as detailed in the /prescribers/ section.

Changes a request trigger asynchronous callbacks to your system. Your web service should return an HTTP status 200 or 201 when you receive the request and process it successfully, and an HTTP status of 500 otherwise. CoverMyMeds’ system will retry delivery of resolvable errors. CoverMyMeds will contact you directly if they are not successfully processed within a reasonable time-frame.

Testing & Debugging

Before you have finished the implementation of your Callback Service, you may wish to use a service like RequestBin for your Callback URL to inspect the callback data.

You will see recent callbacks in your Developer Account. For example, you will be able to see that CoverMyMeds has delivered a Callback and what the HTTP Response code your server provided (if any), which should aid in debugging.

Callback Endpoint Security

You may choose to white-list the CoverMyMeds IP address range (ask CoverMyMeds support for details). Because your callback endpoint should not “give out” information, these security measures are highly recommended to avoid the potential misuse, but are not required.

PA updates and pharmacy PAs

It is essential that your Task List contain the latest status information for each PA, and that you update it with new retrospective PAs initiated by integrated pharmacies.

While it is possible to poll the /requests/ resource each time a user views a Task List, the Callback Service will manage network bandwidth by pushing PA updates to your user without polling our server.

Additionally, the callbacks are the only supported method to receive new pharmacy-initiated PAs in your system (retrospective PAs).

Authentication

Registration

Visit the Developer Account page to register and manage your preferences.

When you register your system, you will be issued an api_id and an api_secret. These values will be used to log into your Developer Account in the future. Because we cannot send you your api_secret over email, and we cannot reset it without breaking your existing integration, there is no convenient method to offer a “password recovery” system. Guard your api_secret carefully.

You can also use your Developer Account to:

Only one developer account per email address is permitted. If the email address you wish to use is already in use, please contact us for assistance.

HTTP Header Based Authorization

For endpoints that require both your api_id and api_secret you can use conventional HTTP Basic authorization:

Authorization: Basic Base64Encode(<your-api_id>:<your-api_secret>)

For example, if your api_id is 123 and your api_secret is abc, your Authorization header value would be:

Basic MTIzOmFiYwo=

For endpoints that only require the token_id to access the PA request we use a variation on HTTP Bearer authorization:

Authorization: Bearer <your-api_id>+<your-token_id>

For example, with an api_id of 123 and a token_id of a1b2c3d4e5, your Authorization header value would be:

Bearer 123+a1b2c3d4e5

Authorization

Every API request requires the api_id for authentication of your requests. If the resource you are accessing could be destructive or involves PHI, additional authorization information is also required.

Authorization is provided by either the api_secret or request tokens. Tokens are used for all /requests/ methods that access existing PAs. The api_secret is used for methods that manage tokens.

CoverMyMeds uses tokens for accessing existing requests as a method of two-factor authentication. Using an API secret alone would expose a set of PA requests to potential compromise. A token for each PA request minimizes the chance that data from multiple PAs could be exposed in bulk. Tokens also can be securely used in a 100% client-side implementation.

Together, the api_secret and tokens are a compound password. Because the api_secret is used across your integration, it should never be exposed to your user. Exposing a token is less problematic because each token references only one PA request — which your user already has seen.

Token-Based Access Control

Many systems have the concept of a user. The user concept is frequently extended to include groups, organizations, and practice locations.

Together, these concepts are used to provision access to health records in your system. Within your system, the relationship between health records and users may be relatively simple, such as a foreign key in the record that points to a user, or it may be complex: managing a many-to-many relationship that includes the user’s department, role in the organization, and other hierarchies. Additional complexity is involved when one considers how user-level changes should modify record access over time. For example, if a new user is added to a record that was previously created, should this user now have access to the record?

The CoverMyMeds API is designed to avoid compromising your carefully designed access controls. By skipping the user concept entirely — using tokens that grant access to their associated PA - CoverMyMeds keeps your system in control of access to health information.

An initial token is created with each new PA through the POST /requests/ resource. The system may create destroy tokens with the /requests/tokens/ resource.

Each PA has have zero or more access tokens at any one time. If a PA does not have any access tokens, it is inaccessible through the API — effectively deleted. To undelete this PA, a new access_token may be created.

Storing Tokens

Tokens should be stored by the system such that they can be used appropriately for any given user context. To take a simple example, imagine that your system has a single user access control scheme. The token management associated with this scheme would be easy—just keep a list of tokens with each user (perhaps all of the system-wide tokens in one table with a foreign key to the user).

Your system will probably be more complicated. You will want to provide access so that nursing and administrative staff can see prior authorizations for their doctors, and everyone can see the work in their workgroup. Remember to think about the three ways that prior authorizations may be created:

  1. By practice office staff, using the New PA Form
  2. By the prescriber, in the e-prescribing workflow
  3. By the pharmacy, associated with a prescriber NPI

The first two usage scenarios involve a user directly. The last usage scenario involves a prescriber that is associated with one or more users. For the first scenario, access tokens should be stored so that they may be retrieved by the other users that share work with the creating user. In the second and third scenario, access tokens should be stored so that they may be retrieved by all users that have access to the prescriber’s data.

Using Tokens

So that you may use client-side code to perform the integration, the /requests/ resource does not require use of the api_secret.

The POST method requires an api_id, but not the token_id because the user already has access to the information they are supplying. The PUT, GET, and DELETE methods require tokens because a user is retrieving or updating information they might not have supplied.

This means that access tokens are effectively passwords. Their security comes from being hard to guess (they are long random strings), and from not revealing them to users that should not be able to see their associated PA.

Each access token is unique for each request (i.e., they aren’t re-used). This makes their use lower risk than typical password-based authentication systems, which could provide access to large volumes of protected health information if they are compromised.

You may choose to actively manage tokens. This is unnecessary unless the tokens are compromised, but you may wish to consider it if you are using tokens in a client-side application. For example, you could regenerate tokens for a particular request if a user of the system shouldn’t have access to the PA request anymore. While low risk, it would be possible that this user had previously recorded the access_token.

/requests/ Authentication & Authorization

method authentication
POST /requests/ api_id
only standard api_id authentication required, because we are creating a request that the user already has access to
GET /requests/ tokens
use a singular token_id
DELETE /requests/ tokens
POST /requests/search/ tokens
one or more token_ids
POST /requests/tokens/ api_secret
existing tokens aren’t a valid authentication mechanism to create new tokens for a request because tokens are their own resource
DELETE /requests/tokens/{id}/ api_secret
the api_secret ensures that users have access before deleting requests

Handling Errors

{
"errors":[
  {
  "code":401001,
  "message":"Unauthenticated: Please provide your api_id.",
  "debug":"An api_id is required, but no api_secret is required for this action."
  }]
}

It is important that your application handle errors responsibly. This generally means not failing silently, logging problems in your system, and showing good error messages to users.

Server Errors

To make handling errors as easy as possible, CoverMyMeds API uses real HTTP error codes, and returns a JSON object for each error. One or more errors may be returned. Each message should be displayed to the user, whereas debug information is for development staff.

It is possible, particularly when starting an integration project, that a request made to CoverMyMeds’ server will be so far from what is expected that the error message isn’t useful, or that you receive frequent 500 (Internal Server Errors). Please contact CoverMyMeds’ support to set up a live session with one of CoverMyMeds’ developers to watch your requests and help sort these problems out quickly.

Error Code Meaning
301 Moved permanently – the request-page is no longer found at this address (this error should be rare)
302 Found – you are being redirected because the operation completed and your response is coming from a new location
303 Found – same as a 302, but your system should switch the verb to “GET” when redirecting to the new URI
305 Use Proxy – repeat the request, using the proxy specified in the Location field of the response header
307 Temporary Redirect – the resource requested is temporarily available at a new location. system should re-issue to the new URI.
400 Bad Request
401 Unauthorized – The api_id and/or api_secret is missing or incorrect. See debug info in error message.
404 Not Found – The requested resource does not exist, or your request was missing required fields.
405 Method Not Allowed – You tried to access a resource with an unsupported method.
500 Internal Server Error – We had a problem processing your request. This may be a problem on our server, or it may be a badly formatted or incorrect request that we couldn’t process. Please contact us for help resolving this issue.
503 Service Unavailable – We’re temporarily offline for maintenance. Please try again later.

System Status

{
  "now":"1390452622",
  "status":"ok",
  "app_name":"requests_api",
  "version":"212aad2822869ff4fb88fac137224da991d485bb",
  "database":"true"
}

CoverMyMeds is fanatical about keeping our systems running, and you can expect API uptime to match or exceed the best “write-heavy” internet services (e.g., Gmail, Office 360, Salesforce, but not quite as high as Google Search). This means somewhere between three and four nines of availability.

Dashboard and Programmatic Monitoring

To promote transparency, we publish an Uptime Dashboard which shows realtime status information and historical uptime data.

You may also programmatically monitor each API resource by using its /_ping/ route. Should you wish to do this, the most important resource to monitor is https://api.covermymeds.com/requests/_ping. A status of ok indicates that systems are up. Anything else indicates a possible problem.

Testing the CoverMyMeds Integration

Setup

CoverMyMeds provides a test payer called Mock that you can send requests to and receive responses from. The test payer is configurable via the question sets it sends, and can be told exactly what status the response should have, so that you can test all use cases.

Test Payers

When you are first starting your PA request, you will be asked for the patient, prescriber, patient’s state, medication, and the payer. These last three items – patient state, medication, and payer – are what are used to identify the questions sets you see and the payer who receives the request.

The Mock payer (also called “Pseudo”) is referenced with the BIN, PCN, and Group numbers:

There are several forms associated with the mock payer, depending on the drug that is being prescribed:

Prescribed Drug Question Set/Form Returned
Spironolactone (NDC: 18837027430) Pseudo PBM 4-part
Wellbutrin (NDC: 00173017855) Pseudo Classic Test Form (no ePA)

In addition, the CoverMyMeds Central payer will be used for one test case:

Using the drug NEXium (NDC: 00186502031) will give you back the CoverMyMeds Central Demo Form. (You will use this form in test case 7.)

Interacting with the Mock payer

Every question set you receive from Mock will contain one or two “workflow” questions at the end. Generally, you will be asked whether you want a second round of questions, and/or what outcome you want for the request. Answering these questions is what notifies Mock of what kind of response to send back, so that you can control the expectations of any testing you do.

Workflows

There are a variety of workflows supported by CoverMyMeds, and each of them can be started using different state/medication/payer information.

Standard ePA workflow

STATE: any MEDICATION: Spironolactone (NDC: 18837027430) PAYER: pseudo

Classic fax-based workflow

STATE: any MEDICATION: Omeprazole (NDC: 00093521001) PAYER: pseudo

Form with file attachments

STATE: any MEDICATION: Moxifloxacin Hcl (NDC: 00093738756) PAYER: pseudo

Test Plan

CoverMyMeds recommends passing the following tests before going live:

Test 1: Happy Path

Create a new PA Request for Spironolactone and the pseudo payer, and send it to the plan. You should receive back a question set.

Answer the questions however you wish, except for the following: Select the next step in the workflow. Approve PA

Send this request. You should receive back notification that your PA was completed favorably.

Test 2: Sad Path

Create a new PA Request for Spironolactone and the pseudo payer, and send it to the plan. You should receive back a question set.

Answer the questions however you wish, except for the following: Select the next step in the workflow. Deny PA

Send this request. You should receive back notification that your PA was completed unfavorably.

Test 3: Question Loop

Create a new PA Request for Spironolactone and the pseudo payer, and send it to the plan. You should receive back a question set.

Answer the questions however you wish, except for the following: Select the next step in the workflow. Keep PA open

A new question will become visible. Answer it: Select the open workflow: Send back another round of questions

Send this request. You should receive back a second question set.

Answer the new questions however you wish, including the determination question at the end.

Send this request. You should receive back notification that your PA was completed according to the determination you requested.

Test 4: Closed Response / No determination

Create a new PA Request for Spironolactone and the pseudo payer, and send it to the plan. You should receive back a question set.

Answer the questions however you wish, except for the following: Select the next step in the workflow. Close PA

A new question will become visible. Answer it: Select the closed reason: Patient no longer covered

Send this request. You should receive back notification that your PA was closed (no determination). Verify that you can view the PA Note, and that it says “Patient no longer covered”

Test 5: Cancel a Request

Create a new PA Request for Spironolactone and the pseudo payer, and send it to the plan. You should receive back a question set.

Rather than answering the questions, try to cancel or delete your current PA. You should receive notification that your PA was successfully cancelled.

Test 6: Faxed PA

Create a new PA Request for Omeprazole and the pseudo payer. You should see a question set.

Answer the questions however you like, and send to plan. When it asks you to enter a fax number, enter the auto-success number (614-999-9999). Verify it sent successfully. You will not get a determination back for this PA, since this request does not go to our test payer.

Test 7: File Attachments

Create a new PA Request for Moxifloxacin and the pseudo payer. You should see a question set.

Answer the questions however you wish, except for the following: Select the next step in the workflow.: Approve PA Upload any supporting documentation below. Must be .jpg, .pdf, .png, or .tif file format.: The answer is not important, but underneath it is a file attachment field. Select a file (PDF, JPG, PNG, or TIF) and attach it to this request.

Send this request. You should receive back notification that your PA was completed favorably.

Test 8: Ineligible for PA

Create a new PA Request for Spironolactone and the pseudo payer, but change the patient first name to ‘Invalid’. Send it to the plan. You should receive back notification that a PA is either not needed or not allowed.

Test 9: Retrospective PA

  1. Register for a CoverMyMeds username at CoverMyMeds
  2. Register a prescriber’s NPI using the /prescribers/credentials resource.
  3. Navigate to https://claim-test.herokuapp.com to submit a claim to the claims server for your registered prescriber.
  4. Fill out the form as follows:

    Environment Choose production
    CoverMyMeds Username Your CoverMyMeds username from Step 1
    CoverMyMeds Password Your CoverMyMeds password from Step 1
    Prescription To test with our fake payer, you can use the drug and payer that are already filled in
    Patient Enter the patient’s information as it appears in the EHR
    Prescriber Enter the information for the prescriber you registered in step 2
  5. Click “Submit”

You should receive notification that a new PA Request has been started for one of you patients. Open the request and complete the Happy Path workflow above.

Testing the Indicators API

There are four possible results from a call to the Indicators resource:

  1. A drug that does not require prior authorization (PA).
  2. A drug that requires PA and you should allow the physician to initiate PA.
  3. A drug that both requires PA and should be started on behalf of the physician (autostart).
  4. Unable to determine a prediction.

All four scenarios should be tested. You can use the following data:

Scenario Name Drug DDID Drug NDC BIN PCN Group ID predicted pa_required? autostart?
1 Quillivant 177042 24478019010 773836 MOCKPBM ABC1 true false false
N/A* 123456 12345678900 111111 norequire noautostart true false false
2 Spironolactone 020103 68115066000 773836 MOCKPBM ABC1 true true false
Wellbutrin 023872 00173017855 773836 MOCKPBM ABC1 true true false
Lamictal 015150 00173064255 773836 MOCKPBM ABC1 true true false
Moxifloxacin 017429 00093738756 773836 MOCKPBM ABC1 true true false
Omeprazole 019050 00093521001 773836 MOCKPBM ABC1 true true false
Pancuronium Bromide 019754 N/A 773836 MOCKPBM ABC1 true true false
N/A* 123456 12345678900 111111 require noautostart true true false
3 Nexium 070046 68258499903 111111 SAMP001 NOTREAL true true true
Suboxone 258890 N/A 773836 MOCKPBM ABC1 true true true
N/A* 123456 12345678900 111111 require autostart true true true
4 N/A* 123456 12345678900 999999 norequire noautostart false false false

Going Live

When the integration is nearing completion, we’ll assign an Account Manager to make sure you and your customers have direct access to our operations staff. Your Account Manager will provide:

Checklist

You’ll know you are ready to go live when you can complete our Go Live Checklist.

Item Complete? Note
Ability to create a PA from eRx? Y / N
New PA form for admin users? Y / N
Task List with Filter/Sort/Search? Y / N
Prescriber NPI credentialing? Y / N
Callback System? Y / N Remember to update to your prod URL upon go-live
Errors handled properly? Y / N
Using own api_key and api_secret? Y / N Get new api_key and secret when you go to prod
Sending api_secret in auth header? Y / N
Discussed rollout plan with CoverMyMeds? Y / N We may disable API accounts that go into production without completing this step.
Provided CoverMyMeds with demo account to your system? Y / N This allows us to take screenprints for support staff
Exchanged support contacts with CoverMyMeds? Y / N
Executed mutual subcontract BAA? Y / N

Getting Help

1-866-452-5017
Mon - Friday: 8:00AM - 11:00PM EST
Saturday: 8:00AM - 3:00PM EST

It will greatly simplify your integration if you understand how the CoverMyMeds website system works, since you are reproducing its functionality in your application. You should create a CoverMyMeds account to explore how PAs work. You should also make sure to check out the EHR Demo Application.

CoverMyMeds provides complete technical assistance during the integration. Questions may be sent to epa-api-support@covermymeds.com or to your dedicated support engineer. You may also call us for immediate help, although our general support staff are not always able to answer development-related questions.

Once you are assigned an engineer, you will have a project portal for direct communication. We can also arrange onsite integration sprints or remote pair programming with your developers.

We welcome your suggestions for improving the API. If you have a feature request or need to do something differently than how it is supported by the API, please get in touch and we can accommodate most requests.

HIPAA and Security

Overview

CoverMyMeds deploys a set of Policies and Procedures, together with Technical, Physical, and Administrative Safeguards to maintain compliance with the HIPAA Privacy Rule, Security Rule, Transactions and Code Sets Rule, and their implementing regulations.

For our users who are Covered Entities (e.g., providers, plans, or PBMs), CoverMyMeds functions as a Business Associate. In some situations, we may also function as a Health Care Clearinghouse (a type of Covered Entity). For example, we meet this definition when health care providers use a system that integrates with us, such as using this API, or when we communicate with the plan or PBM using the ePA standard.

CoverMyMeds also publishes a Privacy Policy and Terms of Service. These materials may be found in our online Privacy Center.

Because our service is used as part of a health care provider’s Treatment and Operations functions, and because we do not sell data or otherwise invoke the requirements, we are not generally required to obtain Patient Authorization or Consent.

Business Associate Agreement

CoverMyMeds uses a standard Business Associate Agreement with most providers, and may execute customized Business Associate Agreements with large health systems, pharmacies, and plans or PBMs (payers).

Integrating Systems will execute a Mutual Subcontract Business Associate Agreement with CoverMyMeds. This document obligates both parties to terms of the Business Associate Agreement, and allows data to be exchanged between the parties.

You may begin your integration without the final execution of the Mutual Subcontract Business Associate Agreement, but this agreement should be in place before any actual PHI is exchanged. In the interim, it is acceptable to use “mock” test data.

Controls and Security Assessments

Security and privacy compliance is a cornerstone of our business. We maintain an active internal program, and employ professional third-party auditors to evaluate our effectiveness.

Our programs have also been evaluated and assessed by many of the largest hospital systems, pharmacy chains, health plans and PBMs in the industry. We welcome our system partners to conduct their own assessment, including security audits, onsite site reviews, and other measures.

API Reference

Datatypes

For the purposes of this documentation, datatypes have been simplified. All return values in JSON are strings, but the formats of those strings will vary and will translate into corresponding datatypes for your language.

Please refer to the below table for specfic examples of datatypes, and values for enumerated values. In the “Datatype” column, uppercase names indicate enumerated values, while lowercase indicate data formats.

Datatype Meaning/Value Example
[ ] zero or more elements in an array [“string”]
{ } a key-value hash or object { “name”: “harold” }
string up to 2000 alphanumeric characters “to be or not to be”
boolean “true” or “false” “true”
integer whole number, base-10 “100”
decimal decimal number “200.5”
date format: MM/DD/YYYY “05/12/1973”
datetime ISO8601 formatted date & time “2015-10-18 13:12:44 -400”
phone 10-digit phone number, only digits “6145551212”
zip 5 or 9-digit zip code with hyphen “43215-4032”
url Uniform Resource Locator “https://api.covermymeds.com/requests/ABC123”
email email address formatted internet-style “test@example.com”
html HTML fragment as a string
  • example
  • bin 6-digit BIN from ASC X12 271 response “003858”
    npi 10-digit National Prescriber ID “1234567890”
    ndc National Drug Code, 11-digits “00591571501”
    ncpdp id 7-digit NCPDP pharmacy identifier “1234567”
    ddid Medispan ID for the drug. 6 digits. “001153”
    person code 3-digit code assigned to a specific person within a family “001”
    dea number 2 letters, 6 numbers, and 1 check digit assigned to a provider “FA1234567”
    medical record id number patient medical record identification number (up to 35 characters) “A1234121B”
    order id prescription order id (up to 35 characters) “343B9102”

    Enumerations

    Refer to this table for the values possible for each of the enumerations in the schemas for the requests and responses from the API resources.

    Name Description Example
    ICD9 ICD Code, Version 9 “A17.0”
    ICD10 ICD Code, Version 9 “200.6”
    STATE US state, 2-digit abbreviation “OH”
    GENDER lowercase “m”, “f”, or “u” (unspecified) “m”
    STATUS status of the PA request “Question Response”
    OUTCOME outcome of the completed PA “Favorable”
    FREQUENCY frequency of the medication to be taken “BiD”
    QUANT_UM Quantity Unit of measure code “C48473”
    DOSE Dose Unit of Measure “PACK”
    DOSE_NAME Name of Dose unit of measure “packets”
    STRENGTH_UM Strength Unit of Measure “MG”
    ROUTE_ADMIN SNOMED CT Code “OR”
    EVENT identifier of event “DELETE”
    METHOD HTTP METHOD “POST”
    CRED_STATUS “IN_PROCESS” or “CREDENTIALED” “CREDENTIALED”
    OPERATOR “LT”, “GT”, “EQ”, “LE”, “GE”, “NE” “LT”
    FLAG “REQUIRED”, “IMPORTANT” “REQUIRED”
    DISPLAY “DEFAULT”, “DISABLED” “DEFAULT”
    PATIENT_RELATIONSHIP_CODE “0” (Not Specified) or “1” (Cardholder) or “2” (Spouse) or “3” (Child) or “4” (Other) “1”

    Workflow Status

    There are two types of requests managed by CoverMyMeds: true ePA and classic PA. True ePA requests are those which follow the workflow defined by the NCPDP SCRIPT specification, while classic PA requests are those with payers who have not yet adopted the standard.

    While the API does its best to mask the distinction between ePA and classic PA, differences in the workflow are reflected in the workflow_status property. The is_epa flag on a request indicates which workflow applies. plan_outcome indicates the determination of the PA, when applicable.

    ePA Workflow Status

    Status Outcome Meaning
    New null The PA has been created in CoverMyMeds, but not yet sent to the plan.
    PA Request null A PA request was sent to the plan.
    PA Response Favorable The PA was approved by the plan.
    PA Response Unfavorable The PA was denied by the plan.
    PA Response Pending The plan requires additional information in order to reach a determination.
    Question Request null A PA initiation request was sent to the plan.
    Question Response Favorable The plan approved the PA.
    Question Response Unfavorable The plan denied the PA.
    Question Response N/A PA was not required for this patient.
    Question Response null A question set is ready for an answer
    Appeal Request null An appeal request was sent to the plan.
    Appeal Response Favorable The PA appeal has been approved by the plan.
    Appeal Response Unfavorable The PA appeal has been denied by the plan.
    Appeal Response Pending The plan requires additional information in order to reach a determination
    Cancel Request Sent null A request to cancel the PA was sent, but the plan has not yet acknowledged the cancellation.
    Provider Cancel Cancelled The plan acknowledged the cancellation of the PA request.
    Archived Favorable The PA was approved by the plan and is now archived.
    Archived Unfavorable The PA was denied by the plan and is now archived.
    Archived Pending The plan requested additional information, but the PA was archived before a determination was reached.
    Archived Cancelled The PA was cancelled and is now archived.
    Archived Unknown No determination was made on the PA and the PA is now archived.
    Archived Unsent Therapy was changed or for some other reason the PA was archived without being sent to the plan.
    Expired null The question set has expired.
    Failure null There was an unrecoverable failure in processing the ePA.

    Classic PA Workflow Status

    Status Outcome Meaning
    New null The PA was created in CoverMyMeds, but not yet sent to the plan.
    Shared null The PA was sent to another user.
    Shared \ Accessed Online null The PA was viewed by the user it was shared with.
    Sent to Plan null The PA was sent to the plan. No information received back yet.
    Sent to Plan Favorable The PA was approved.
    Sent to Plan Unfavorable The PA was declined.
    Sent to Plan Pending The plan requested additional information to make the determination.
    Sent to Plan Unknown No determination was made on the PA. See reason_from_plan on the request for information as to why.
    Archived Favorable The PA was approved by the plan.
    Archived Unfavorable The PA was declined by the plan.
    Archived Pending The plan requested additional information.
    Archived Cancelled The PA was successfully canceled.
    Archived Unknown No determination was made on the PA.
    Appealed Favorable The PA was appealed by the user and approved by the plan.
    Appealed Unfavorable The PA was appealed by the user and denied by the plan.
    Appealed Pending The PA was appealed by the user, but the plan has requested more information.
    Appealed Cancelled The user cancelled the appeal.
    Appealed Unknown The user has created an appeal, but a determination has not been reached
    Archived Unsent Therapy was changed or for some other reason the PA was archived without being sent to the plan.

    Outcomes

    Value Meaning
    Favorable The PA was approved by the plan.
    Unfavorable The PA was denied by the plan.
    Cancelled The PA was successfully cancelled.
    Pending The plan needs more information in order to make a determination.
    Unknown No determination was made.
    Unsent The PA was archived before being sent to the plan.
    N/A PA was not required for this patient by the plan.
    null The PA has yet to be sent to the plan, or is not in a state to have a valid outcome.

    /requests/

    The /requests/ resource is the workhorse of the API. It creates new prior authorizations (POST /requests/), retrieves a single PA (GET /requests/), and retrieves multiple PAs for use in your Task List or other bulk operations (POST /requests/search/).

    For convenience, the HTTP response format is the same across POST /requests/ and GET /requests/:id resources, and the Callback system. The GET /requests/:token_ids[] resource uses an abbreviated response format for speed.

    POST /requests/

    <form method="post" action="https://api.covermymeds.com/requests?v=1" id="post_requests">
      <label for="requests_first_name">request[patient][first_name]</label>
      <input id="requests_first_name" name="request[patient][first_name]" placeholder="(required)" type="text">
      <label for="requests_last_name">request[patient][last_name]</label>
      <input id="requests_last_name" name="request[patient][last_name]" placeholder="(required)" type="text">
      <label for="requests_date_of_birth">request[patient][date_of_birth]</label>
      <input id="requests_date_of_birth" name="request[patient][date_of_birth]" placeholder="(required)" type="text">
      <label for="requests_state">request[state]</label>
      <input id="requests_state" name="request[state]" placeholder="(required)" type="text" maxlength="2">
      <label for="requests_drug_id">request[prescription][drug_id]</label>
      <input id="requests_drug_id" name="request[prescription][drug_id]" value="094563" type="text">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/requests?v=1',
        data: {
          request: {
            form_id: 'anthem_ppi',
            state: 'OH',
            patient: {
              first_name: 'Matt',
              last_name: 'Smith',
              date_of_birth: '01/27/1979'
            },
            prescription: {
              drug_id: '131079'
            }
          }
        },
        beforeSend: function (xhr, settings) {
            if (!options.url) {
              xhr.setRequestHeader('Authorization',
                'Basic ' + Base64.encode('1vd9o4427lyi0ccb2uem' + ':x-no-pass'));
            }
        },
        success: function (data) {
          console.log("Request created! " + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    
    new_request = client.request_data
    new_request.patient.first_name = 'John'
    
    request = client.create_request new_request
    request.patient.first_name # => 'John'
    
    POST /requests?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    Content-Type: application/json
    {
      "remote_user": {
        "display_name" : "string",
        "phone_number" : "string",
        "fax_number"   : "string"
      },
      "request": {
        "urgent":                     "boolean",
        "form_id":                    "string",
        "state":                      "STATE",
        "memo":                       "string",
        "patient": {
          "first_name":               "required string",
          "middle_name":              "string",
          "last_name":                "required string",
          "date_of_birth":            "date",
          "gender":                   "GENDER",
          "email":                    "EMAIL",
          "member_id":                "string",
          "pbm_member_id":            "string",
          "phone_number":             "string",
          "person_code"               "person code",
          "relationship_code":        "PATIENT_RELATIONSHIP_CODE",
          "medical_record_id_number": "medical record id number",
          "address": {
            "street_1":               "string",
            "street_2":               "string",
            "city":                   "string",
            "state":                  "STATE",
            "zip":                    "zip"
          }
        },
        "payer": {
          "form_search_text":         "string",
          "bin":                      "bin",
          "pcn":                      "string",
          "group_id":                 "string",
          "medical_benefit_name":     "string",
          "drug_benefit_name":        "string",
          "info_source_id":           "string"
        },
        "prescriber": {
          "npi":                      "npi",
          "dea_number":               "dea number",
          "first_name":               "string",
          "last_name":                "string",
          "clinic_name":              "string",
          "specialty":                "string",
          "fax_number":               "phone",
          "phone_number":             "phone",
          "address": {
            "street_1":               "string",
            "street_2":               "string",
            "city":                   "string",
            "state":                  "STATE",
            "zip":                    "zip"
          }
        },
        "prescription": {
          "drug_id":                  "required ndc or ddid",
          "order_id":                 "order id",
          "ndc":                      "decimal",
          "prescription_reference":   "string",
          "name":                     "string",
          "strength":                 "string",
          "frequency":                "FREQUENCY",
          "refills":                  "integer",
          "dispense_as_written":      "boolean",
          "quantity":                 "decimal",
          "days_supply":              "decimal",
          "quantity_unit_of_measure": "string",
          "rationale":                "string"
        },
        "pharmacy": {
          "npi":                   "npi",
          "ncpdpid":               "string",
          "name":                  "string",
          "fax_number":            "phone",
          "phone_number":          "phone",
          "address": {
            "street_1":            "string",
            "street_2":            "string",
            "city":                "string",
            "state":               "STATE",
            "zip":                 "zip"
          }
        },
        "enumerated_fields": {
          "icd9_0":                "ICD9",
          "icd9_1":                "ICD9",
          "icd9_2":                "ICD9",
          "icd10_0":               "ICD10",
          "icd10_1":               "ICD10",
          "icd10_2":               "ICD10",
          "failed_med_0":          "ndc or ddid",
          "failed_med_1":          "ndc or ddid",
          "failed_med_2":          "ndc or ddid",
          "failed_med_3":          "ndc or ddid",
          "failed_med_4":          "ndc or ddid",
          "failed_med_5":          "ndc or ddid",
          "failed_med_6":          "ndc or ddid",
          "failed_med_7":          "ndc or ddid",
          "failed_med_8":          "ndc or ddid",
          "failed_med_9":          "ndc or ddid"
        }
      }
    }
    
    {
      "request": {
        "id":               "string",
        "api_id":           "string",
        "is_stale":         "boolean",
        "href":             "url",
        "html_url":         "url",
        "pdf_url":          "url",
        "thumbnail_urls":   ["url"],
        "workflow_status":  "STATUS",
        "plan_outcome":     "OUTCOME",
        "authorization_period": {
          "effective_date":     "datetime",
          "expiration_date":    "datetime"
        },
        "response_code":        "string",
        "response_from_plan":   "string",
        "attachments_included": "boolean",
        "is_epa":               "boolean",
        "is_appeal":            "boolean",
        "is_renewal":           "boolean",
        "urgent":               "boolean",
        "form_id":              "string",
        "original_form_id":     "string",
        "state":                "STATE",
        "memo":                 "string",
        "created_at":           "datetime",
        "patient": {
          "first_name":         "string",
          "middle_name":        "string",
          "last_name":          "string",
          "date_of_birth":      "date",
          "gender":             "GENDER",
          "email":              "email",
          "member_id":          "string",
          "pbm_member_id":      "string",
          "phone_number":       "phone",
          "person_code":        "person code",
          "relationship_code":  "PATIENT_RELATIONSHIP_CODE",
          "medical_record_id_number": "medical record id number",
          "address": {
            "street_1":         "string",
            "street_2":         "string",
            "city":             "string",
            "state":            "STATE",
            "zip":              "zip"
          }
        },
        "payer": {
          "form_search_text":     "string",
          "bin":                  "bin",
          "pcn":                  "string",
          "group_id":             "string",
          "medical_benefit_name": "string",
          "drug_benefit_name":    "string",
          "info_source_id":       "string"
        },
        "prescriber": {
          "npi":          "npi",
          "dea_number":   "dea number",
          "first_name":   "string",
          "last_name":    "string",
          "clinic_name":  "string",
          "display_name": "string",
          "specialty":    "string",
          "address": {
            "street_1":   "string",
            "street_2":   "string",
            "city":       "string",
            "state":      "STATE",
            "zip":        "zip"
          },
          "fax_number":   "phone",
          "phone_number": "phone"
        },
        "prescription": {
          "drug_id":                  "ddid",
          "order_id":                 "order id",
          "ndc":                      "ndc",
          "name":                     "string",
          "strength":                 "string",
          "frequency":                "FREQUENCY",
          "refills":                  "integer",
          "dispense_as_written":      "boolean",
          "quantity":                 "decimal",
          "days_supply":              "integer",
          "quantity_unit_of_measure": "QUANTITY_UNIT_OF_MEASURE",
          "rationale":                "string",
          "prescription_reference":   "string",
          "date_of_service":          "date"
        },
        "pharmacy": {
          "name":         "string",
          "phone_number": "phone",
          "npi":          "npi or NCPDP ID",
          "ncpdpid":      "NCPDP ID"
        },
        "enumerated_fields": {
          "icd9_0":       "ICD9",
          "icd9_1":       "ICD9",
          "icd9_2":       "ICD9",
          "icd10_0":      "ICD10",
          "icd10_1":      "ICD10",
          "icd10_2":      "ICD10",
          "failed_med_0": "ndc or ddid",
          "failed_med_1": "ndc or ddid",
          "failed_med_2": "ndc or ddid",
          "failed_med_3": "ndc or ddid",
          "failed_med_4": "ndc or ddid",
          "failed_med_5": "ndc or ddid",
          "failed_med_6": "ndc or ddid",
          "failed_med_7": "ndc or ddid",
          "failed_med_8": "ndc or ddid",
          "failed_med_9": "ndc or ddid"
        },
        "tokens": [{
          "id":         "string",
          "request_id": "string",
          "href":       "url",
          "html_url":   "url",
          "pdf_url":    "url"
        }],
        "events": [{
          "type":       "EVENT",
          "time":       "datetime",
          "remote_user": {
            "first_name"  : "string",
            "last_name"   : "string",
            "user_id"     : "string",
            "phone_number": "phone",
            "fax_number":   "phone"
          }
        }],
        "associated_requests": {
          "appeals": [{
            "id":   "string",
            "href": "url"
          }],
          "renewals": [{
            "id":   "string",
            "href": "url"
          }],
          "request_being_appealed": {
            "id":   "string",
            "href": "url"
          },
          "request_being_renewed":  {
            "id":   "string",
            "href": "url"
          }
        }
      }
    }
    

    Use the POST method to create a new prior authorization request. The HTTP response contains a link to the prior authorization and metadata about the request, including the new PA id and tokens, which should be saved in your system, and managed to provide appropriate access to the PA in the future. See the Authentication section for a detailed discussion of the use of token and ID for authorization to the request. Click the buttons above to show the HTTP Request and Response schemas.

    The response schema for this resource is identical to that of the GET /requests/ and POST /requests/search/ resources.

    GET /requests/{token_ids[]}

    <form method="GET" action="https://api.covermymeds.com/requests/" id="get_requests_tokens">
      <label for="get_requests_tokens_token_id_1">token_id[]</label>
      <input id="get_requests_tokens_token_id_1" name="token_ids[]" type="text" value="gq9vmqai2mkwewv1y55x">
      <!-- Add as many additional IDs as you want -->
      <!-- <label for="post_requests_tokens_token_id_2">token_ids[]</label> -->
      <!-- <input id="post_requests_tokens_token_id_2" name="token_ids[]" placeholder="(required)" type="text"> -->
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/requests/',
        data: {
          api_id: '1vd9o4427lyi0ccb2uem',
          v: 1,
          token_ids: ['gq9vmqai2mkwewv1y55x']
        },
        success: function (data) {
          console.log("Request search results: " + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /requests?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    Content-Type: application/json
    {
      "token_ids": ["string", "string", ...]
    }
    
    {
    "requests": [
        "request": {
          "id":                         "string",
          "thumbnail_urls":             ["url"],
          "workflow_status":            "STATUS",
          "plan_outcome":               "OUTCOME",
          "is_epa":                     "boolean",
          "state":                      "string",
          "memo":                       "string",
          "created_at":                 "datetime",
          "patient": {
            "first_name":               "string",
            "last_name":                "string",
            "person_code":              "person code",
            "relationship_code":        "PATIENT_RELATIONSHIP_CODE",
            "medical_record_id_number": "medical record id number",
          },
          "prescriber": {
            "npi":                "npi",
            "dea_number":         "dea number",
            "first_name":         "string",
            "last_name":          "string"
          },
          "prescription": {
            "name":               "string",
            "order_id":           "order id",
          },
          "tokens": [
            {
                "id":             "string",
                "request_id":     "string",
                "href":           "url",
                "html_url":       "url",
                "pdf_url":        "url",
                "thumbnail_url":  "url"
            }
          ]
        }
      ]
    }
    

    Use this method to return a list of prior authorizations to populate your dashboard, or similar other bulk request viewing.

    Because this data is lightweight, filtering and pagination are not supported by the server resource. If you are implementing your own dashboard, it is important to provide search and filtering from your client application. Our dashboard JavaScript component can handle this for you.

    GET /requests/{id}

    <form method="get" action="https://api.covermymeds.com/requests/" id="get_requests">
      <label for="get_request_id">id</label>
      <input id="get_request_id" type="text" value="PF6FK9">
      <label for="get_request_token_id">token_id</label>
      <input id="get_request_token_id" name="token_id" type="text" value="gq9vmqai2mkwewv1y55x">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our
      // interactive documentation because the ID is a user-provided value.
      // This Javascript dynamically appends the request ID value to the form URL
      // when the form is submitted. You will likely not need this code in your
      // application.
      (function () {
        document.getElementById('get_requests').addEventListener('submit', function (event) {
          var form = event.target,
              token_id = document.getElementById('get_request_id').value;
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/requests/')+"/requests/".length);
              // Append the token ID to the API URL
              form.action += token_id;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var id = 'PF6FK9',
          token_id = 'gq9vmqai2mkwewv1y55x';
    
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/requests/' + id,
        data: {
          token_id: token_id,
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Request results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    # Get a single request
    token_id = 'gq9vmqai2mkwewv1y55x'
    request = client.get_request(token_id)
    
    # Get many requests
    other_token_id = 'Bg7vmqay2mkwewv1y33x'
    requests = client.get_requests([token_id, other_token_id])
    requests # => array of requests
    
    GET /requests/{request_id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer {api_id}+{token_id}
    {
      "remote_user": {
        "display_name" : "string",
        "phone_number" : "phone",
        "fax_number"   : "phone"
      }
    }
    
    See the schema for POST /requests
    

    Use this method to retrieve information about a PA that already exists.

    The response schema for this resource is identical to that of the POST /requests/ resource.

    If you wish to display a returned PA to the user, you can display it on the CoverMyMeds website as described in the Using /requests section.

    PUT /requests/{id}

    <form method="put" action="https://api.covermymeds.com/requests/" id="put_requests">
      <label for="put_request_id">id</label>
      <input id="put_request_id" type="text" value="PF6FK9"/>
      <label for="put_request_token_id">token_id</label>
      <input id="put_request_token_id" type="text" name="token_id" value="gq9vmqai2mkwewv1y55x"/>
      <label for="put_request_memo">memo</label>
      <input id="put_request_memo" type="text" name="request[memo]" value="system-specific information"/>
      <input type="hidden" name="remote_user[display_name]" value="Jack B. Quick">
      <input type="hidden" name="remote_user[phone_number]" value="6145551212">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <!-- This tells our server that we actually want this request to be put rather than POST -->
      <input type="hidden" name="_method" value="put">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API requires a token ID in the URL, which is problematic in our
      // interactive documentation because the ID is a user-provided value.
      // This Javascript dynamically appends the request ID value to the form URL
      // when the form is submitted. You will likely not need this code in your
      // application.
      (function () {
        document.getElementById('put_requests').addEventListener('submit', function (event) {
          var form = event.target,
              request_id = document.getElementById('put_request_id').value;
          // Append the token ID to the API URL if it's not there already
          if (form.action.indexOf(request_id) === -1) {
            form.action = 'https://api.covermymeds.com/requests/' + request_id;
          }
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var id = 'PF6FK9',
          token_id = 'gq9vmqai2mkwewv1y55x',
          remote_user = {
            "user": {
              "display_name":"Jack B Quick"
            }
          };
    
      $.ajax({
        method: 'put',
        url: 'https://api.covermymeds.com/requests/' + id,
        data: {
          token_id: token_id,
          remote_user: remote_user,
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem',
          request: {
            memo: "{\"data\":\"up to 4000 characters of client information\"}"
          }
        },
        success: function (data) {
          console.log('Request results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    PUT /requests/{id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer {api_id}+{token_id}
    Content-Type: application/json
    (same as the request body for POST /requests)
    
    "204 No Content"
    

    Use the PUT method to update values of an existing PA request. All properties on the request are ignored except for the memo field, but CoverMyMeds reserves the right to change this in the future.

    The schema for the body of the request is the same as POST /requests.

    The memo field is a special field for client systems to store client-specific information associated with a PA request, such as the database record ID of the patient record associated with the request. When supplied, the contents of the memo field are saved into the PA and returned on each subsequent GET /requests/{id}. Up to 4000 bytes of information can be stored. The text will not be parsed or interpreted in any way on the CoverMyMeds server.

    DELETE /requests/{id}

    <form method="delete" action="https://api.covermymeds.com/requests/" id="delete_requests">
      <label for="delete_request_id">id</label>
      <input id="delete_request_id" type="text" value="PF6FK9"/>
      <label for="delete_request_token_id">token_id</label>
      <input id="delete_request_token_id" type="text" name="token_id" value="gq9vmqai2mkwewv1y55x"/>
      <label for="remote_user_username">remote_user[display_name]</label>
      <input id="remote_user_username" name="remote_user[display_name]" value="Jack B Quick" type="text"/>
      <label for="remote_user_phone">remote_user[phone_number]</label>
      <input id="remote_user_phone" name="remote_user[phone_number]" value="6145555555" type="text"/>
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <!-- This tells our server that we actually want this request to be DELETE rather than POST -->
      <input type="hidden" name="_method" value="delete">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API requires a token ID in the URL, which is problematic in our
      // interactive documentation because the ID is a user-provided value.
      // This Javascript dynamically appends the request ID value to the form URL
      // when the form is submitted. You will likely not need this code in your
      // application.
      (function () {
        document.getElementById('delete_requests').addEventListener('submit', function (event) {
          var form = event.target,
              request_id = document.getElementById('delete_request_id').value;
          // Append the token ID to the API URL if it's not there already
          if (form.action.indexOf(request_id) === -1) {
            form.action = 'https://api.covermymeds.com/requests/' + request_id;
          }
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var id = 'PF6FK9',
          token_id = 'gq9vmqai2mkwewv1y55x',
          remote_user = {
            "display_name":"Jack"
          };
    
      $.ajax({
        method: 'delete',
        url: 'https://api.covermymeds.com/requests/' + id,
        data: {
          token_id: token_id,
          remote_user: remote_user,
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Request results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    DELETE /requests/{id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer {api_id}+{token_id}
    Content-Type: application/json
    {
      // at least 1 of the below attributes is required
      "remote_user": {
        "display_name" : "string",
        "phone_number" : "phone",
        "fax_number"   : "phone"
      },
      "token_id": "string"
    }
    
    "204 No Content"
    

    Use this method to delete a request from the CoverMyMeds system. Deleting a request is different from deleting tokens: systems who created the request have access even without tokens. Once a request is deleted, however, it is removed from the system in a soft-delete, and all access is revoked.

    /requests/tokens/

    The /requests/tokens/ resource is provided for managing authentication tokens for each request. Note that tokens are an actual resource, not just an attribute of each request. This means they have their own API at /requests/tokens/ with verbs to provide CRUD services for them. This also means referring to requests in the /requests/tokens/ resource is different than you might otherwise expect. Here, a request id is called a request_id. Use the buttons to expose the request and response schemas to understand the naming convention.

    POST /requests/tokens/

    <form method="post" action="https://api.covermymeds.com/requests/tokens/" id="post_requests_tokens">
      <label for="token_id_1">request_ids[]</label>
      <input id="token_id_1" name="request_ids[]" placeholder="(required)" type="text">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/requests/tokens',
        data: {
          request_ids: ['GA3MW8'],
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Token created! ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    request_id = 'GA3MW8'
    client.create_access_token(request_id)
    
    POST /requests/tokens?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    Content-Type: application/json
    {
      "request_ids": ["string", ...]
    }
    
    {
      "tokens":  [
        {
          "id":                 "string",
          "request_id":         "string",
          "href":               "url",
          "html_url":           "url",
          "pdf_url":            "url"
        }
      ]
    }
    

    Each PA may have zero, one, or more tokens. Use this resource to create new tokens for a PA request. You may wish to create multiple tokens for a request so that you can assign a unique token for each user that will view a request, or to regenerate tokens if you believe they may have been compromised.

    DELETE /requests/tokens/{id}/

    <form method="post" action="https://api.covermymeds.com/requests/tokens/" id="delete_requests_tokens">
      <label for="delete_token_id">id</label>
      <input id="delete_token_id" name="id" placeholder="(required)" type="text">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <!-- This tells our server that we actually want this request to be DELETE rather than POST -->
      <input type="hidden" name="_method" value="delete">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a token ID in the URL,
      // which is problematic in our interactive documentation
      // because the ID is a user-provided value.
      // This Javascript dynamically appends the token
      // ID value to the form URL when the form is submitted.
      // You will likely not need this code in your application.
      (function () {
        document.getElementById('delete_requests_tokens').addEventListener('submit', function (event) {
          var form = event.target;
    
          // Append the token ID to the API URL
          form.action = "https://api.covermymeds.com/requests/tokens/"+document.getElementById('delete_token_id').value;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var tokenId = 'eyu6thc8oy9upcop04k1';
      $.ajax({
        method: 'delete',
        url: 'https://api.covermymeds.com/requests/tokens/' + tokenId,
        data: {
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Token deleted successfully.');
        }
      });
    });
    // </script>
    
    DELETE /requests/tokens/{token_id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    204 No Content
    

    Use this resource to delete tokens for a PA request. You may wish to do this if a user that has previously seen a request should no longer have access to it. A PA request is effectively deleted for your users when you remove all of the tokens to which it is associated.

    /request-pages/

    To use the request-pages resource:

    1. Create a new PA request with POST /requests/
    2. Using the tokens and id attributes from the response, make a GET request to request-pages/{id}
    3. If there is not an error in the response, render the request-pages response in the system (for example, in HTML), including the actions a user can take with the request.
    4. When users invoke an action, the server will return a new request-page. Loop back to step 3.

    GET /request-pages/{id} (for web-based systems)

    <form method="get" action="https://api.covermymeds.com/request-pages/" id="get_request_pages">
      <label for="get_request_pages_id">id</label>
      <input id="get_request_pages_id" type="text" value="PF6FK9">
      <label for="get_request_token_id">token_id</label>
      <input id="get_request_token_id" name="token_id" type="text" value="gq9vmqai2mkwewv1y55x">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the request ID value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_request_pages').addEventListener('submit', function (event) {
          var form = event.target,
              request_id = document.getElementById('get_request_pages_id').value;
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/request-pages/')+"/request-pages/".length);
              // Append the PARequest ID to the API URL
              form.action += request_id;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var id = 'PF6FK9',
          token_id = 'gq9vmqai2mkwewv1y55x';
    
      $.ajax({
        method: 'get',
        accepts: 'application/json'
        url: 'https://api.covermymeds.com/request-pages/' + id,
        data: {
          token_id: token_id,
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Request results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    
    request_page = client.get_request_page('NT5HL9','nhe44fu4g22upqqgstea')
    request_page.keys # => values corresponding to a request page
    
    Or to save remote_user attributes to the request audit trail:
    request_page = client.get_request_page('NT5HL9','nhe44fu4g22upqqgstea', { remote_user_key: 'remote_user_value' })
    request_page.keys # => values corresponding to a request page
    
    GET /request-pages/{id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+{token_id}'
    Accept: application/json
    
    {
      "data": {
        "pa_request": {
          "key": "value"
        }
      },
      "forms": {
        "pa_request": {
          "question_sets": [{
            "title": "string",
            "questions": [{
              "question_type": "FREE_TEXT",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "help_text": "string",
              "placeholder": "string",
              "flag": "FLAG",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "CHOICE",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "choices": [{
                "choice_id": "string",
                "choice_text": "string",
                "additional_free_text_indicator": "string",
                "next_question_id": "string"
              }],
              "select_multiple": "boolean",
              "flag": "FLAG",
              "help_text": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "DATE",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "NUMERIC",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              },
              "conditions": [{
                "type": "SINGLE_COMPARISON",
                "comparison_operator": "OPERATOR",
                "comparison_value": "integer",
                "next_question_id": "string"
              },
              {
                "type": "RANGE_COMPARISON",
                "lower_bound_comparison_value": "integer",
                "lower_bound_comparison_operator": "OPERATOR",
                "upper_bound_comparison_value": "integer",
                "upper_bound_comparison_operator": "OPERATOR",
                "next_question_id": "string"
              }]
            },
            {
              "question_type": "STATEMENT",
              "question_text": "string",
              "question_id": "string",
              "content_plain": "string",
              "content_html": "string",
              "help_text": "string",
              "default_next_question_id": "string",
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "HIDDEN",
              "question_text": "string",
              "question_id": "string"
            },
            {
              "question_type": "FILE",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "CHECKBOX",
              "question_text": "string",
              "question_id": "string",
              "checked_value": "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            },
            {
              "question_type": "FREE_AREA",
              "question_text": "string",
              "question_id": "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text": "string",
              "placeholder": "string",
              "validations": ["string"],
              "coded_reference": {
                "code": "string",
                "qualifier": "string",
                "code_system_version": "string",
                "id": "string",
                "ref": "string"
              }
            }]
          }]
        }
      },
      "provided_coded_references": {
        "string (identifier, e.g. 'ICD:9:1:')": {  
          "href":   "string",
          "method": "METHOD",
          "data_fields": [{
            "question_id":      "string",
            "query_parameter":  "string"
          }]
        }
      },
      "validations": {
        "string (identifier of validation)": {
          "type":     "REGEX | BYTE_LIMIT | MIME_TYPE",
          "value":    "string",
          "message":  "string",
          "html_attributes": "string"
        }
      },
      "actions": [{
        "ref": "string",
        "title": "string",
        "href": "string",
        "method": "string",
        "display": "DISPLAY"
      }]
    }
    

    /request-pages/{id} is the starting point for a series of RESTful interactions in which each resource includes URLs for possible next states. Normal state transitions include things like "Save”, “Send to Plan” and “Archive,” but also exceptions like “Choose your form” (to handle user input to determine the correct PA recipient) and error handling actions.

    Only the GET verb is provided for the /request-pages/ resource. There are no PUT, POST, or DELETE verbs for this resource – all data manipulation occurs through the HyperMedia interactions.

    GET /request-pages/{id} (for client-server systems)

    <form method="get" action="https://api.covermymeds.com/request-pages/" id="get_request_pages_cs">
      <label for="get_request_pages_cs_id">id</label>
      <input id="get_request_pages_cs_id" type="text" value="PF6FK9">
      <label for="get_request_token_cs_id">token_id</label>
      <input id="get_request_token_cs_id" name="token_id" type="text" value="gq9vmqai2mkwewv1y55x">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the request ID value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_request_pages_cs').addEventListener('submit', function (event) {
          var form = event.target,
              token_id = document.getElementById('get_request_pages_cs_id').value;
    
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/request-pages/')+"/request-pages/".length);
              // Append the form ID to the API URL
              form.action += token_id+".typed_json";
    
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var id = 'PF6FK9',
          token_id = 'gq9vmqai2mkwewv1y55x';
    
      $.ajax({
        method: 'get',
        accepts: 'application/typed+json',
        url: 'https://api.covermymeds.com/request-pages/' + id,
        data: {
          token_id: token_id,
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Request results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /request-pages/{id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+{token_id}'
    Accept: application/typed+json
    
    {
      "request_page": {
        "forms": [{
          "identifier": "string",
          "question_sets": [{
            "title": "string",
            "questions": [{
              "question_type": "FREE_TEXT",
              "question_text": "string",
              "question_id":  "string",
              "default_next_question_id": "string",
              "help_text":    "string",
              "coded_reference": {
                "code":       "string",
                "qualifier":  "string",
                "code_system_version": "string",
                "id":         "string",
                "ref":        "string"
              },
              "validations":      ["string"],
              "placeholder":      "string",
              "flag":             "FLAG",
              "question_answer":  "string"
            },
            {
              "question_type":        "CHOICE",
              "question_text":        "string",
              "question_id":          "string",
              "default_next_question_id": "string",
              "choices": [{
                  "choice_id":        "string",
                  "choice_text":      "string",
                  "additional_free_text_indicator": "string",
                  "next_question_id": "string"
              }],
              "select_multiple":    "boolean",
              "flag":               "FLAG",
              "help_text":          "string",
              "validations":        ["string"],
              "question_answers":   ["string"],
              "coded_reference": {
                "code":             "string",
                "qualifier":        "string",
                "code_system_version": "string",
                "id":               "string",
                "ref":              "string"
              }
            },
            {
              "question_type":  "DATE",
              "question_text":  "string",
              "question_id":    "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text":      "string",
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string",
                "ref":          "string"
              },
              "question_answer": "datetime"
            },
            {
              "question_type":  "NUMERIC",
              "question_text":  "string",
              "question_id":    "string",
              "default_next_question_id": "string",
              "flag": "FLAG",
              "help_text":      "string",
              "validations":    ["string"],
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string",
                "ref":          "string"
              },
              "comparisons": [{
                "type":                 "SINGLE_COMPARISON",
                "comparison_operator":  "OPERATOR",
                "comparison_value":     "integer",
                "next_question_id":     "string"
              },
              {
                "type": "RANGE_COMPARISON",
                "lower_bound_comparison_value":     "integer",
                "lower_bound_comparison_operator":  "OPERATOR",
                "upper_bound_comparison_value":     "integer",
                "upper_bound_comparison_operator":  "OPERATOR",
                "next_question_id":                 "string"
              }],
              "question_answer": "integer"
            },
            {
              "question_type":  "STATEMENT",
              "question_text":  "string",
              "question_id":    "string",
              "content_plain":  "string",
              "content_html":   "html",
              "help_text":      "string",
              "flag":           "FLAG",
              "question_answer": "string",
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string",
                "ref":          "string"
              }
            },
            {
              "question_type":    "HIDDEN",
              "question_text":    "string",
              "question_id":      "string",
              "default_next_question_id": "string",
              "question_answer":  "string"
            },
            {
              "question_type":  "FILE",
              "question_text":  "string",
              "question_id":    "string",
              "default_next_question_id": "string",
              "flag":           "FLAG",
              "help_text":      "string",
              "question_answer": "string",
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string",
                "ref":          "string"
              }
            },
            {
              "question_type":  "CHECKBOX",
              "question_text":  "string",
              "question_id":    "string",
              "default_next_question_id": "string",
              "flag":           "FLAG",
              "help_text":      "string",
              "question_answer": "string",
              "checked_value":  "string",
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string",
                "ref":          "string"
              }
            },
            {
              "question_type":  "FREE_AREA",
              "question_text":  "string",
              "question_id":    "string",
              "default_next_question_id": "string",
              "coded_reference": {
                "code":         "string",
                "qualifier":    "string",
                "code_system_version": "string",
                "id":           "string"
                "ref":          "string"
              },
              "flag":           "FLAG",
              "help_text":      "string",
              "placeholder":    "string",
              "question_answer": "string"
            }]
          }]
        }],
        "actions": [{
          "ref":      "string",
          "title":    "string",
          "href":     "url",
          "method":   "string",
          "display":  "DISPLAY"
        }],
        "provided_coded_references": [{
          "identifier": "string",
          "href":       "url",
          "method":     "METHOD",
          "data_fields": [{
            "question_id":      "string",
            "query_parameter":  "string"
          }]
        }],
        "validations": [{
          "identifier":       "string",
          "type":             "REGEX | BYTE_LIMIT | MIME_TYPE",
          "value":            "string",
          "message":          "string",
          "html_attributes":  "string"
        }]
      }
    }
    

    For client-server systems, typically written in a statically typed language like Java or C#, the schema is designed conform to language data types. The same question types are represented, but the answers to each question are included within the question element, and property names are held static.

    List of Provided Coded References

    There are currently three coded reference systems provided by CoverMyMeds: prior-auth-header, signature-pad, error and form-search. Use of coded references within a client system is optional, but client systems must ignore coded reference types which they do not support. Provided coded references enhance the functionality of client systems when rendering request pages.

    prior-auth-header

    The prior-auth-header coded reference indicates a statement question that is to be used as the human-readable header for a request page. When this coded reference is used, the content_html and content_plain elements of the attached statement question will contain a description of the name, status, and drug used on the current PA request.

    "coded_reference": { "qualifier": "CoverMyMeds", "code": "prior-auth-header", "ref": "CoverMyMeds:prior-auth-header:1:", "code_system_version": "1", "id": null }

    Below is the schema of the content_html property. Client systems should style the content appropriately to match the look and feel of the system.

    <table> <tbody> <tr> <td rowspan="3"> <img src="(link to thumbnail)"/> </td> <td>Status: (status of PA)</td> </tr> <tr> <td>Drug: (name and strength of drug)</td> </tr> <tr> <td>Form: (name of form)</td> </tr> </tbody> </table>

    signature-pad

    The signature pad reference indicates a question which captures a physician’s physical signature. See the demo app for a javascript implementation of a jquery widget supporting the signature-pad coded reference.

    "coded_reference": { "qualifier": "CoverMyMeds", "code": "signature-pad", "code_system_version": "1", "id": null, "ref": "CoverMyMeds:signature-pad:1:" }

    The data submitted to CoverMyMeds can consist of a text string or a JSON array which describes pen strokes. In the case of a text string, the text submitted will be rendered in a standard font on any forms that require a signature. In the case of a JSON array, each element contains a flag indicating whether it is a new stroke, and the (x,y) coordinates of the pixel in the format: [[isNewStroke, x, y]], for example, [[1, 35, 100],[0,37,101],[0,38,102],[1,100,354]].

    error

    The error coded reference indicates that the question is an error statement which can be rendered for the user. The error responses are generally errors that are returned from the plan and indicate a problem with verifying the patient’s eligibility. These questions do not require any special handling, however the coded reference is supplied so that special syling may be used to distinguish this statement as an error. The error statements will always be displayed at the top of the list of questions, after the header.

    "coded_reference": { "qualifier": "CoverMyMeds", "code": "error", "ref": "CoverMyMeds:error:1:", "code_system_version": "1", "id": null }

    The form-search coded reference indicates that the question to which it is attached can use a type-ahead search of CoverMyMeds’ forms library. To use the form-search reference, supply the state, drug_id, and search terms to the URI referenced in the href parameter.

    See The Provided Coded References Property for general use of provided coded references.

    The query string parameter “q” will have the value supplied by the form_id element. The query string parameter drug_id will have the value of the question drug_DDID.

    Client systems then parse the results of the form search to supply the answer to the question in the request-page.

    "coded_reference": { "qualifier": "CoverMyMeds", "code": "form-search", "code_system_version": "1", "id": null, "ref": "CoverMyMeds:form-search:1:" }

    "provided_coded_references": [ "CoverMyMeds:form-search:1:": { "href": "https://api.covermymeds.com/forms/?api_id={api_id}&v=1", "method": "GET", "data_fields": [ { "question_id": "form_id", "query_parameter": "q" }, { "question_id": "drug_DDID", "query_parameter": "drug_id" }, { "question_id": "state_id", "query_parameter": "state" } ] } ]

    List of Validations

    CoverMyMeds implements three validation types: REGEX, BYTE_LIMIT, and MIME_TYPES. REGEX can be used to apply a regular expression to a field so that it matches the proper format. BYTE_LIMIT and MIME_TYPES specify the maximum allowable size of a file and the acceptable file types, respectively, for file upload questions.

    "validations": { "4eb6580445ed26024e6f3fb73e9ea597297bfe8b": { "type": "REGEX", "value": "^(0?[1-9]|1[012])/(0?[1-9]|[12][0-9]|3[01])/((19|20)\d\d)$", "message": null, "html_attributes": null }, "5240c74ad06c8227f9e48b519ce5f13a57fb842b": { "type": "REGEX", "value": "^([0-9]{3}-[0-9]{3}-[0-9]{4}( x[0-9]{1,5})?)?$", "message": null, "html_attributes": null }, "0cccb93cd37762b6ccee22fc655099592ce754dd": { "type": "REGEX", "value": "^\d{10}$", "message": null, "html_attributes": null }, "0a29765c2d77d2686fbdc2e79a270209d3f0641e": { "type": "REGEX", "value": "^[0-9]{3}-[0-9]{3}-[0-9]{4}( x[0-9]{1,5})?$", "message": null, "html_attributes": null }, "600a7ffe64bc6d088d473e785d8cc0f1930b125c": { "type": "REGEX", "value": "^\d*$"", "message": null, "html_attributes": null }, "8ebe39154b9e571facf10124f92972568f5735c5": { "type": "REGEX", "value": "^\d+$", "message": null, "html_attributes": null }, "b69d748f81bf59413e49efb78008e3dc18614eb7": { "type": "REGEX", "value": "^\d+$", "message": null, "html_attributes": null }, "f2f6cc605cfa7d9960ef1c2669c2a2dcd10fa114": { "type": "REGEX", "value": "^((0?[1-9]|1[012])/(0?[1-9]|[12][0-9]|3[01])/((19|20)\d\d))?$", "message": null, "html_attributes": null }, "27aa0b72bc0526aef046084100c80dfedbd06a11": { "type": "REGEX", "value": "\S+", "message": null, "html_attributes": null }, "016ad8f4b43d3939af2b6d57913a2f812f556206": { "type": "REGEX", "value": ""^[A-Z]{1}\d{5}$"", "message": null, "html_attributes": null }, "file_size": { "type": "BYTE_LIMIT", "value": 10485760, "message": "File size must be less than 10MB.", "html_attributes": null }, "file_type": { "type": "MIME_TYPES", "value": [ "image/jpeg", "image/tiff", "image/png", "application/pdf" ], "message": "Allowed types: .pdf, .jpg, .png, or .tif", "html_attributes": null } }

    The REGEX validations are described in the table below.

    id type regex message
    600a7ffe64bc6d088d473e785d8cc0f1930b125c integer ^\d*$“ Whole number. Example: 1
    8ebe39154b9e571facf10124f92972568f5735c5 integer required ”^\d+$“ Whole number. Example: 1 (required)
    b69d748f81bf59413e49efb78008e3dc18614eb7 number required ”^[-+]?([0-9]+(.[0-9]+)?|.[0-9]+)$“ Decimal number. Example 1.0 (required)
    f2f6cc605cfa7d9960ef1c2669c2a2dcd10fa114 date ^((0?[1-9]|1[012])/(0?[1-9]|[12][0-9]|3[01])/((19|20)\d\d))?$ Date. Example: (mask)
    4eb6580445ed26024e6f3fb73e9ea597297bfe8b date required ^(0?[1-9]|1[012])/(0?[1-9]|[12][0-9]&#124;3[01])/((19|20)\d\d)$ Date. Example: (mask) (required)
    5240c74ad06c8227f9e48b519ce5f13a57fb842b phone ^([0-9]{3}-[0-9]{3}-[0-9]{4}( x[0-9]{1,5})?)?$ US phone number. Example: (999-999-9999)
    0a29765c2d77d2686fbdc2e79a270209d3f0641e phone required ^[0-9]{3}-[0-9]{3}-[0-9]{4}( x[0-9]{1,5})?$ US Phone number. Example (mask) (required)
    0cccb93cd37762b6ccee22fc655099592ce754dd NPI ^\d{10}$ 10-digit NPI
    27aa0b72bc0526aef046084100c80dfedbd06a11 alphanumeric, required, non-spaces \S+ Text (no spaces). Example: John
    016ad8f4b43d3939af2b6d57913a2f812f556206 UPIN ”^[A-Z]{1}\d{5}$“ Unique Physician Identification Number. Example A12345.

    /indicators/

    The indicators resource returns information of whether PA is required for a given insurance plan and prescription.

    If CoverMyMeds determines to a high degree that prior authorization is required, the resource returns pa_required: true. If PA is required and enough information is provided to begin PA, the system responds with autostart: true.

    The response includes several indicators: pa_required, autostart, and copay_amt. If autostart is true, the response will also include information about the Request that was initiated. Request information uses the same schema as the response to a POST /requests resource call. Additionally, the response may include sponsored_message, message, and drug_substitution_performed.

    Request Required Parameters

    Parameter Type Description
    Payer
    bin bin BIN of the payer
    pcn string PCN for the patient’s drug benefit plan (not required if group_id is specified)
    group_id string RxGroup of the patient’s drug benefit plan (not required if PCN is supplied)
    Patient
    member_id string ID number of the patient in the drug benfit plan
    first_name string
    last_name string
    zip zip
    gender GENDER patient’s sex (’m’, ‘f’, or 'u’)
    date_of_birth date MM/DD/CCYY formatted
    person_code person code 3-digit code assigned to a specific person within a family
    relationship_code PATIENT_RELATIONSHIP_CODE “0” (Not Specified) or “1” (Cardholder) or “2” (Spouse) or “3” (Child) or “4” (Other)
    medical_record_id_number medical record id number patient medical record identification number (up to 35 characters)
    Prescriber
    npi npi 10-digit National Prescriber ID
    dea_number dea number 2 letters, 6 numbers, and 1 check digit assigned to a provider
    last_name string
    street_1 string
    city string
    state string
    zip zip
    Prescription
    drug_id ndc 11-digit code of drug being prescribed
    order_id order id prescription order id (up to 35 characters)
    Pharmacy
    npi npi NCPDP number assigned to the pharmacy

    Request Additional Parameters

    Parameter Type Description
    rxnorm string 0-15 digit code for drug classes. Used with the RBC Service

    Response Additional Parameters

    Parameter Type Description
    pa_required boolean indicates whether PA is required or not (same as current indicators resource)
    autostart boolean indicates whether EHR should start PA automatically (same as current indicators resource)
    copay_amt decimal amount of copay for specified drug
    predicted boolean true when the indicator was found in the database or RxBC was used to get information about the prescription, false otherwise
    message string text about the prescription supplied from RelayHealth
    sponsored_message string information about the prescription from the drug sponsor
    drug_substitution_performed boolean indicates whether or not the information supplied is for the prescription as written, or for a generic substitution.
    prediction_id string unique prediction identifier

    POST /indicators/

    <form method="post" action="https://api.covermymeds.com/indicators" id="post_indicators">
      <label for="indicators_state">state</label>
      <input id="indicators_state" name="patient[address][state]" placeholder="(optional)" type="text" value="OH">
      <label for="indicators_person_code">person_code</label>
      <input id="indicators_person_code" name="patient[person_code]" placeholder="('001,' '002', etc.)" type="text" value="001">
      <label for="indicators_relationship_code">relationship_code</label>
      <input id="indicators_relationship_code" name="patient[relationship_code]" placeholder="('0', '1', '2', '3', or '4')" type="text" value="1">
      <label for="indicators_medical_record_id_number">medical_record_id_number</label>
      <input id="indicators_medical_record_id_number" name="patient[medical_record_id_number]" placeholder="(optional)" type="text" value="AB23213FD">
      <label for="indicators_bin">bin</label>
      <input id="indicators_bin" name="payer[bin]" placeholder="(optional)" type="text" value="015581">
      <label for="indicators_pcn">pcn</label>
      <input id="indicators_pcn" name="payer[pcn]" placeholder="(optional)" type="text" value="03200000">
      <label for="indicators_group_id">group_id</label>
      <input id="indicators_group_id" name="payer[group_id]" placeholder="(optional)" type="text" value="P5347">
      <label for="indicators_drug_id">drug_id</label>
      <input id="indicators_drug_id" name="prescription[drug_id]" placeholder="(NDC or DDID)" type="text" value="182448">
      <label for="indicators_order_id">order_id</label>
      <input id="indicators_order_id" name="prescription[order_id]" placeholder="(optional)" type="text" value="1232ABC42">
      <input id="indicators_dea_number" name="prescriber[dea_number]" placeholder="(optional)" type="text" value="FA1234567">
      <label for="indicators_dea_number">prescriber_dea_number</label>
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/indicators',
        data: {
          "patient": {
            "first_name":"Jack",
            "last_name":"Quick",
            "member_id":"00030202201",
            "person_code":"001",
            "relationship_code":"1",
            "medical_record_id_number":"AB23213FD",
            "address": {
              "city":"Columbus",
              "state":"OH",
              "zip":"43210"
            }
          },
          "payer": {
            "bin":"015581",
            "pcn":"03200000",
            "group_id":"P5347"
          },
          "prescriber": {
            "npi": "9876543210",
            "dea_number":"FA1234567",
            "first_name": "Jack",
            "last_name": "Dempsey",
            "specialty": "pediatrics",
            "clinic_name": "The Clinic on the Hill",
            "address": {
              "street_1": "1234 Hill St.",
              "street_2": "string",
              "city": "Springfield",
              "state": "OH",
              "zip": "42431"
            },
            "fax_number": "6149999999",
            "phone_number": "6145551212"
          },
          "pharmacy": {
            "npi": "9876543210"
          },
          "prescription": {
            "drug_id":"182448",
            "order_id":"1232ABC42"
          },
          "v": 1,
          "api_id": "1vd9o4427lyi0ccb2uem"
        },
        success: function (data) {
          console.log('Indicators results: ' +
            JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    prescriptions = [{ drug_id: "182448" }]
    patient = {
      first_name:   "Jack",
        last_name:  "Quick",
        member_id:  "00030202201",
        person_code: "001",
        relationship_code: "1",
        medical_record_id_number: "AB23213FD"
        address: {
          city:     "Columbus",
          state:    "OH",
          zip:      "43210"
        }
    }
    payer = {
      bin:       "015581",
      pcn:       "03200000",
      group_id:  "P5347"
    }
    
    response = client.post_indicators(prescriptions, patient, payer)
    response.pa_required # "true"
    response.autostart # "true"
    
    POST /indicators?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    Content-Type: application/json
    {
      "patient": {
        "first_name":                "required string",
        "middle_name":               "string",
        "last_name":                 "required string",
        "date_of_birth":             "required string",
        "gender":                    "required GENDER",
        "email":                     "EMAIL",
        "member_id":                 "required string",
        "pbm_member_id":             "string",
        "phone_number":              "string",
        "person_code"                "required person code",
        "relationship_code":         "required PATIENT_RELATIONSHIP_CODE",
        "medical_record_id_number":  "medical record id number",
        "address": {
          "street_1":                "string",
          "street_2":                "string",
          "city":                    "string",
          "state":                   "STATE",
          "zip":                     "zip"
        }
      },
      "payer": {
        "form_search_text":          "string",
        "bin":                       "required bin",
        "pcn":                       "required string",
        "group_id":                  "required string",
        "medical_benefit_name":      "string",
        "drug_benefit_name":         "string"
      },
      "prescriber": {
        "npi":                       "required npi",
        "dea_number":                "dea number",
        "first_name":                "string",
        "last_name":                 "required string",
        "clinic_name":               "string",
        "specialty":                 "string",
        "fax_number":                "phone",
        "phone_number":              "phone",
        "address": {
          "street_1":                "required string",
          "street_2":                "string",
          "city":                    "required string",
          "state":                   "STATE",
          "zip":                     "zip"
        }
      },
      "prescription": {
        "drug_id":                   "required ndc or ddid",
        "order_id":                  "order id",
        "name":                      "string",
        "strength":                  "string",
        "frequency":                 "FREQUENCY",
        "refills":                   "integer",
        "dispense_as_written":       "boolean",
        "quantity":                  "decimal",
        "days_supply":               "integer",
        "quantity_unit_of_measure":  "string",
        "rationale":                 "string"
      },
      "pharmacy": {
        "npi":                       "required ncpdp or npi"
        "name":                      "string",
        "fax_number":                "phone",
        "phone_number":              "phone",
        "address": {
          "street_1":                "string",
          "street_2":                "string",
          "city":                    "string",
          "state":                   "STATE",
          "zip":                     "zip"
        }
      },
      "rxnorm":                      "rxnorm"
    }
    
    {
      "indicator": {
        "request" :  {
          // (if request created)
          // (request is same as response from POST /requests)
        },
        "patient": {
          "first_name":               "string",
          "middle_name":              "string",
          "last_name":                "string",
          "date_of_birth":            "string",
          "gender":                   "GENDER",
          "email":                    "EMAIL",
          "member_id":                "string",
          "pbm_member_id":            "string",
          "phone_number":             "string",
          "person_code":              "string",
          "relationship_code":        "string",
          "medical_record_id_number": "medical record id number",
          "address": {
            "street_1":               "string",
            "street_2":               "string",
            "city":                   "string",
            "state":                  "STATE",
            "zip":                    "zip"
          }
        },
        "payer": {
          "form_search_text":         "string",
          "bin":                      "bin",
          "pcn":                      "string",
          "group_id":                 "string",
          "medical_benefit_name":     "string",
          "drug_benefit_name":        "string"
        },
        "prescriber": {
          "npi":                      "npi",
          "dea_number":               "dea number",
          "first_name":               "string",
          "last_name":                "string",
          "clinic_name":              "string",
          "specialty":                "string",
          "fax_number":               "phone",
          "phone_number":             "phone",
          "address": {
            "street_1":               "string",
            "street_2":               "string",
            "city":                   "string",
            "state":                  "STATE",
            "zip":                    "zip"
          }
        },
        "prescription": {
          "drug_id":                  "ndc or ddid",
          "order_id":                 "order id",
          "name":                     "string",
          "strength":                 "string",
          "frequency":                "FREQUENCY",
          "refills":                  "integer",
          "dispense_as_written":      "boolean",
          "quantity":                 "decimal",
          "days_supply":              "integer",
          "quantity_unit_of_measure": "string",
          "rationale":                "string",
          "pa_required":              "boolean",
          "autostart":                "boolean",
          "predicted":                "boolean",
          "message":                  "string",
          "sponsored_message":        "string",
          "copay_amt":                "decimal",
          "drug_substitution_performed": "boolean"
        },
        "pharmacy": {
          "npi":                      "ncpdp or npi",
          "name":                     "string",
          "fax_number":               "phone",
          "phone_number":             "phone",
          "address": {
            "street_1":               "string",
            "street_2":               "string",
            "city":                   "string",
            "state":                  "STATE",
            "zip":                    "zip"
          }
        },
        "prediction_id":              "string"
      }
    }
    

    The POST /indicators endpoint is to be used in the prescribing workflow after the physician has chosen the drug to be prescribed. The indicators service will return indication of whether PA is required and autostart.

    In the response:

    POST /indicators/search

    <form method="post" action="https://api.covermymeds.com/indicators/search" id="post_indicators_search">
      <label for="indicators_search_state">state</label>
      <input id="indicators_search_state" name="patient[address][state]" placeholder="(optional)" type="text" value="OH"/>
      <label for="indicators_search_bin">bin</label>
      <input id="indicators_search_bin" name="payer[bin]" placeholder="(optional)" type="text" value="015581">
      <label for="indicators_search_pcn">pcn</label>
      <input id="indicators_search_pcn" name="payer[pcn]" placeholder="(optional)" type="text" value="03200000">
      <label for="indicators_search_group_id">group_id</label>
      <input id="indicators_search_group_id" name="payer[group_id]" placeholder="(optional)" type="text" value="P5347">
      <label for="indicators_search_drug_id_1">drug_id_1</label>
      <input id="indicators_search_drug_id_1" name="prescriptions[][drug_id]" placeholder="(NDC or DDID)" type="text" value="182448">
      <label for="indicators_search_drug_id_2">drug_id_2</label>
      <input id="indicators_search_drug_id_2" name="prescriptions[][drug_id]" placeholder="(NDC or DDID)" type="text" value="">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/indicators/search',
        data: {
          "patient": {
            "first_name":"Jack",
            "last_name":"Quick",
            "member_id":"00030202201",
            "pbm_member_id": "X%943958723%3934933%ABS0939XX",
            "address": {
              "city":"Columbus",
              "state":"OH",
              "zip":"43210"
            }
          },
          "payer": {
            "bin":"015581",
            "pcn":"03200000",
            "group_id":"P5347"
          },
          "prescriptions": [{
            "drug_id":"182448"
          }],
          "v": 1,
          "api_id": "1vd9o4427lyi0ccb2uem"
        },
        success: function (data) {
          console.log('Indicators results: ' +
            JSON.stringify(data));
        }
      });
    });
    // </script>
    
    POST /indicators/search?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    Content-Type: application/json
    {
      "patient": {
        "first_name":            "required string",
        "middle_name":           "string",
        "last_name":             "required string",
        "date_of_birth":         "required string",
        "gender":                "required GENDER",
        "email":                 "EMAIL",
        "member_id":             "required string",
        "pbm_member_id":         "string",
        "phone_number":          "string",
        "address": {
          "street_1":            "string",
          "street_2":            "string",
          "city":                "string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "payer": {
        "form_search_text":      "string",
        "bin":                   "required bin",
        "pcn":                   "required string",
        "group_id":              "required string",
        "medical_benefit_name":  "string",
        "drug_benefit_name":     "string"
      },
      "prescriber": {
        "npi":                   "required npi",
        "first_name":            "string",
        "last_name":             "required string",
        "clinic_name":           "string",
        "specialty":             "string",
        "fax_number":            "phone",
        "phone_number":          "phone",
        "address": {
          "street_1":            "required string",
          "street_2":            "string",
          "city":                "required string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "pharmacy": {
        "npi":                   "required ncpdp or npi"
        "name":                  "string",
        "fax_number":            "phone",
        "phone_number":          "phone",
        "address": {
          "street_1":            "string",
          "street_2":            "string",
          "city":                "string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "prescriptions": [{
        "drug_id":                  "required ndc or ddid (max 5 if using ddids)",
        "name":                     "string",
        "strength":                 "string",
        "frequency":                "FREQUENCY",
        "refills":                  "integer",
        "dispense_as_written":      "boolean",
        "quantity":                 "decimal",
        "days_supply":              "integer",
        "quantity_unit_of_measure": "string",
        "rationale":                "string"
      }],
      "rxnorm":                     "rxnorm"
    }
    
    Expires: Ddd, dd Mmm yyyy hh:mm:ss GMT
    Cache-Control: private, max-age=180
    {
      "patient": {
        "first_name":            "string",
        "middle_name":           "string",
        "last_name":             "string",
        "date_of_birth":         "date",
        "gender":                "GENDER",
        "email":                 "EMAIL",
        "member_id":             "string",
        "pbm_member_id":         "string",
        "phone_number":          "string",
        "address": {
          "street_1":            "string",
          "street_2":            "string",
          "city":                "string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "payer": {
        "form_search_text":      "string",
        "bin":                   "bin",
        "pcn":                   "string",
        "group_id":              "string",
        "medical_benefit_name":  "string",
        "drug_benefit_name":     "string"
      },
      "prescriber": {
        "npi":                   "npi",
        "first_name":            "string",
        "last_name":             "string",
        "clinic_name":           "string",
        "specialty":             "string",
        "fax_number":            "phone",
        "phone_number":          "phone",
        "address": {
          "street_1":            "string",
          "street_2":            "string",
          "city":                "string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "pharmacy": {
        "npi":                   "ncpdp or npi",
        "name":                  "string",
        "fax_number":            "phone",
        "phone_number":          "phone",
        "address": {
          "street_1":            "string",
          "street_2":            "string",
          "city":                "string",
          "state":               "STATE",
          "zip":                 "zip"
        }
      },
      "prescriptions": [{
        "drug_id":                  "required ndc or ddid",
        "name":                     "string",
        "strength":                 "string",
        "frequency":                "FREQUENCY",
        "refills":                  "integer",
        "dispense_as_written":      "boolean",
        "quantity":                 "decimal",
        "days_supply":              "integer",
        "quantity_unit_of_measure": "string",
        "rationale":                "string",
        "pa_required":              "boolean",
        "autostart":                "boolean",
        "predicted":                "boolean"
      }]
    }
    

    The indicators/search endpoint provides your system the ability to check if prior authorization is required for multiple drugs in one API call. This allows for decision support within the e-prescribing workflow with respect to prior authorization requirements.

    Given information about the patient, prescriber, payer, pharmacy, and one or more drugs, the resource returns pa_required and autostart as in POST /indicators.

    Please be aware that when using DDID as the drug id, a maximum of 5 prescriptions may be submitted per search request. To search for more prescriptions in a single request, use NDC instead.

    For each drug in the response:

    /forms/

    GET /forms/

    <form method="get" action="https://api.covermymeds.com/forms" id="get_forms">
      <label for="forms_query">q</label>
      <input id="forms_query" name="q" placeholder="(required)" type="text">
      <label for="forms_bin">bin</label>
      <input id="forms_bin" name="bin" placeholder="(required)" type="text">
      <label for="forms_pcn">pcn</label>
      <input id="forms_pcn" name="pcn" placeholder="(required)" type="text">
      <label for="forms_group_id">group_id</label>
      <input id="forms_group_id" name="group_id" placeholder="(required)" type="text">
      <label for="forms_drug_id">drug_id</label>
      <input id="forms_drug_id" name="drug_id" type="text" value="143562">
      <label for="forms_state">state</label>
      <input id="forms_state" name="state" placeholder="(required)" type="text" maxlength="2">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/forms',
        data: {
          q: 'bcbs',
          state: 'OH',
          drug_id: '064691',
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Form search results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    q = 'bcbs'
    drug_id = '064691'
    state = 'OH'
    
    forms = client.form_search(q, drug_id, state)
    forms.first.form_id # 'medco_general_pa_form_21039'
    
    GET /forms?v=1&drug_id={drug_id}&state={state}&q={search+terms} HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    
    GET /forms?v=1&drug_id={drug_id}&state={state}&bin={bin}&pcn={pcn}&group_id={rxgroup}&threshold={number} HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    
    {
      "forms": [
        {
          "id":               "integer",
          "href":             "url",
          "name":             "string",
          "description":      "string",
          "directions":       "string",
          "request_form_id":  "string",
          "thumbnail_url":    "url",
          "is_epa":           "boolean",
          "contact_name":     "string",
          "contact_phone":    "phone",
          "contact_fax":      "phone",
          "score":            "decimal",
          "active":           "boolean",
          "is_enrollment":    "boolean"
        }
      ]
    }
    

    When you create a new PA through the POST /requests/ resource, you may specify the form_id, or you may leave it blank so that the user may pick the form through CoverMyMeds’s form search dialog, presented when the user first visits the PA request.

    The GET /forms/ resource allows you to implement a form search so the user may pick the appropriate prior authorization “form” for their request, allowing the system to specify a form_id when creating a request. The /forms/ resource works with both “paper” forms, and electronic prior authorization (ePA) requests.

    The GET method takes these parameters:

    The general “q” form search identifies matches based on the drug, the state, and a text query. The text query is processed against our data for plan names, PBM names, form names, BIN, PCN, Group ID, and CMS Contract IDs. The result is a “scored” list of the most appropriate forms for the request. The top result is the best match based on the criteria.

    If the bin, pcn, or group_id parameters are present, the /forms resource performs a structured search. In general, if your client system knows the BIN, PCN, and RxGroup of the patient, the structured search will give much more accurate results. If the search terms are sparse or free-text, then the general “q” search will provide more accurate results.

    As a rule of thumb, it is best to include the form search as part of interactions that are conducted by administrative staff, such as the New PA Form, and to skip the search during the e-prescribing workflow.

    We publish a jQuery plugin that allows you to implement a type-ahead search with very little effort.

    GET /forms/{id}

    <form method="get" action="https://api.covermymeds.com/forms/" id="get_form">
      <label for="get_form_id">id</label>
      <input id="get_form_id" placeholder="(required)" type="text" value="medco_general_pa_form_21039">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the request ID value to the form URL when the form is submitted.  You will likely not need this code in your application.
      (function () {
        document.getElementById('get_form').addEventListener('submit', function (event) {
          var form = event.target,
              id = document.getElementById('get_form_id').value;
    
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/forms/')+"/forms/".length);
              // Append the form ID to the API URL
              form.action += id;
    
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/forms',
        data: {
          id: 'medco_general_pa_form_21039',
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Form search results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    form_id = 'medco_general_pa_form_21039'
    
    form = client.get_form(form_id)
    form.name # Form Name
    
    GET /forms/{id}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    
    {
      "form": {
        "id":             "integer",
        "href":           "url",
        "name":           "string",
        "description":    "string",
        "directions":     "string",
        "request_form_id": "string",
        "thumbnail_url":  "string",
        "is_epa":         "boolean",
        "contact_name":   "string",
        "contact_phone":  "phone",
        "contact_fax":    "phone",
        "active":         "boolean",
        "score" :         "decimal",
        "is_enrollment":  "boolean"
      }
    }
    

    The GET /forms/ resource retrieves detailed information about a specific form, including the payer contact information, whether or not it is an ePA form, and a long-text description of the form.

    /drugs/

    GET /drugs/

    <form method="get" action="https://api.covermymeds.com/drugs" id="get_drugs">
      <label for="drugs_query">q</label>
      <input id="drugs_query" name="q" placeholder="(required)" type="text">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/drugs',
        data: {
          q: 'xanax',
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Drug search results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    search_term = 'xanax'
    
    drugs = client.drug_search(search_term)
    drugs.first.name # 'Xanax'
    
    GET /drugs?v=1&q={search+terms} HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    
    {
      "drugs": [{
        "id":                       "ddid",
        "gpi":                      "string",
        "sort_group":               "string",
        "sort_order":               "string",
        "name":                     "string",
        "route_of_administration":  "ROUTE_ADMIN",
        "dosage_form":              "DOSE",
        "strength":                 "integer",
        "strength_unit_of_measure": "STRENGTH_UM",
        "full_name":                "string",
        "href":                     "url",
        "representative_ndc":       "ndc"
      }]
    }
    

    You must specify the request[prescription][drug_id] when a new PA is created through the POST /requests/ resource. Optionally, you may also include quantity and days supply, values which are usually required in the prior authorization submission to the plan.

    The GET /drugs/ resource allows you to implement a drug search so the user can pick a drug for their request. When a drug is picked, you get our internal drug id. Partial and full drug names are supported. For example, click here for a search for “Nex”.

    You can use the /drugs/ resource to implement a “type-ahead” search. We publish a jQuery plugin that allows you to do this with very little effort.

    GET /drugs/{drug_id}

    <form method="get" action="https://api.covermymeds.com/drugs" id="get_drug">
      <label for='get_drug_id'>NDC or CoverMyMeds Drug Number</label>
      <input type="text" id="get_drug_id" name="drug_number" value=""/>
      <input type="hidden" name="v" value="1"/>
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem"/>
      <input type="submit" value="Submit"/>
    </form>
    
    <script>
      // The API URL requires a drug ID, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the drug ID value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_drug').addEventListener('submit', function (event) {
          var form = event.target,
              drug_id = document.getElementById('get_drug_id').value;
    
          // reset form for when this is submitted multiple times
          form.action = "https://api.covermymeds.com/drugs";
    
          // Append the token ID to the API URL if it's not there already
          if (form.action.indexOf(drug_id) === -1) {
            form.action += "/" + drug_id;
          }
        }, true);
      }());
    </script>
    
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var drug_id = document.getElementById('get_drug_id').value;
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/drugs/'+drug_id,
        data: {
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem'
        },
        success: function (data) {
          console.log('Drug search results: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    drug_id = 123
    
    drug = client.get_drug(drug_id)
    drug.name # Xanax
    
    GET /drugs/{drug_id}/?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Bearer '{api_id}+x-no-pass'
    
    {
      "drug": {
        "id":                       "ddid",
        "gpi":                      "string",
        "sort_group":               "string",
        "sort_order":               "string",
        "name":                     "string",
        "route_of_administration":  "ROUTE_ADMIN",
        "dosage_form":              "DOSE",
        "strength":                 "integer",
        "strength_unit_of_measure": "STRENGTH_UM",
        "full_name":                "string",
        "href":                     "url",
        "representative_ndc":       "ndc"
      }
    }
    

    This API allows a system to get information about a particular drug in the CoverMyMeds database, including the internal CoverMyMeds code or the NDC code for that drug.

    drug_id may be an NDC code (9 or 11 digit), or CoverMyMeds’s internal drug_id returned from the GET /drugs/ resource. Submitting an NDC is really just syntactic sugar — we will convert the NDC code you submitted to our internal identifier when we create the request.

    Submitting an NDC code is advantageous when you are initiating the request from the e-prescribing workflow where the user has already “picked” a drug in your system, and you know the NDC code. The /drugs/ resource is a good way to show a type-ahead search, such as you will need in the New PA form, so using CoverMyMeds’s internal drug_id can be convenient here.

    /prescribers/

    The Prescriber resource allows client systems to claim prior authorization requests started at a pharmacy for a specified NPI.

    Most pharmacies in the United States use the CoverMyMeds system to initiate a PA after each claim rejection in their pharmacy. CoverMyMeds pushes these prior authorizations to the right place based on a credentialing process that maps prescriber NPIs to integrated EHRs or CoverMyMeds user accounts.

    Doing this push involves mapping the Prescriber NPI field in the rejected pharmacy claim to a flag that tells the CoverMyMeds system that claim rejections for the given Prescriber NPI should be available in the client system.

    Upon a PA being initiated by a pharmacy, CoverMyMeds will deliver the transaction through the Callback system. For each pharmacy-initiated PA, CoverMyMeds will make an HTTP request to the URL configured for the prescriber NPI, notifying the client system that a pharmacy-initiated PA was created.

    When delivered, client systems should store the PA data, including the id, tokens, and prescriber_npi to be shared with the appropriate prescribers. Generally, pharmacy-initiated PAs should show up in the same task lists as system-initiated PAs.

    The /prescribers/ resource allows client systems to create, read, update and delete records in our system that map NPI numbers to delivery_urls.

    To support on-premise systems, client systems may specify a different URL for each NPI, or use the same URL for all. To use the same URL, simply submit a constant value for the delivery_url attribute in POST /prescribers/credentials/.

    Requesting a new credential is a matter of POSTing the user’s NPI along with an array of fax numbers verified by the client system to be accessible to the user. CoverMyMeds will use this information to run a security process to validate the credential request. Some manual steps may be taken, including contacting the user, such as in the common occurrence that the user and NPI already exist in CoverMyMeds. These manual processes are usually complete in less than 24 hours. To speed the validation of the NPI, client systems can supply a contact hint that includes the prescriber’s email address, practice name, address, and phone number.

    To show pharmacy-initiated requests to the correct users, the client system is responsible for maintaining a map of credentialed NPIs to its users, and in turn, its users to prior authorization requests.

    POST /prescribers/credentials/

    <form method="post" action="https://api.covermymeds.com/prescribers/credentials/" id="post_prescribers_credentials">
      <label for="npi_1">credential[npi]</label>
      <input id="npi_1" name="credential[npi]" placeholder="(required)" type="text" value="9876543210"/>
      <label for="callback_url_1">credential[callback_url]</label>
      <input id="callback_url_1" name="credential[callback_url]" type="text"/>
      <label for="callback_verb_1">credential[callback_verb]</label>
      <input id="callback_verb_1" name="credential[callback_verb]" type="text"/>
      <label for="fax_numbers_1">credential[fax_numbers][]</label>
      <input id="fax_numbers_1" name="credential[fax_numbers][]" placeholder="(required)" type="text" value="6144444444"/>
      <label for="fax_numbers_2">credential[fax_numbers][]</label>
      <input id="fax_numbers_2" name="credential[fax_numbers][]" placeholder="(optional extra numbers)" type="text">
      <label for="contact_hint_email">credential[contact_hint][email]</label>
      <input id="contact_hint_email" name="credential[contact_hint][email]" placeholder="(optional)" type="text"/>
      <label for="contact_hint_practice_phone">credential[contact_hint][practice][phone]</label>
      <input id="contact_hint_practice_phone" name="credential[contact_hint][practice][phone_number]" placeholder="(optional)" type="text"/>
      <label for="contact_hint_practice_name">credential[contact_hint][practice][name]</label>
      <input id="contact_hint_email" name="credential[contact_hint][practice][name]" placeholder="(optional)" type="text"/>
      <!-- Add as many additional fax numbers as you want -->
      <!-- <label for="fax_numbers_3">credential[fax_numbers][]</label> -->
      <!-- <input id="fax_numbers_3" name="credential[fax_numbers][]" placeholder="(required)" type="text"> -->
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/prescribers/credentials/',
        data: {
          v: 1,
          credential: {
            npi: '9876543210',
            callback_url: 'http://example.com',
            callback_verb: 'post',
            fax_numbers: ['555-555-5555', '444-444-4444'],
            contact_hint: {'email':'drspock@example.com'}
          },
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    npi = '9876543210'
    callback_url = 'http://example.com'
    callback_verb = 'post'
    fax_numbers = ['555-555-5555', '444-444-4444']
    contact_hint = {'email':'drspock@example.com'}
    
    response = client.create_credential(npi, callback_url, callback_verb, fax_numbers, contact_hint)
    response.status # 'IN_PROCESS'
    
    POST /prescribers/credentials?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api+id}:{api_secret})
    Content-Type: application/json
    {
      "credential": {
        "npi":                    "npi",
        "callback_url":           "url",
        "callback_verb":          "METHOD",
        "fax_numbers":            ["phone", ...],
        "contact_hint": {
          "email":                "email",
          "full_name":            "string",
          "practice": {
            "name":               "string",
            "phone_number":       "phone",
            "address": {
              "street_1":            "string",
              "street_2":            "string",
              "city":                "string",
              "state":               "STATE",
              "zip":                 "zip"
            }
          }
        }
      }
    }
    
    {
      "credential": {
        "href":           "url",
        "api_consumer":   "string",
        "api_id":         "string",
        "npi":            "npi",
        "delivery_url":   "url",
        "status":         "CRED_STATUS",
        "fax_numbers":    ["phone", ...],
        "contact_hint":   "string"
        }
    }
    

    Use POST /prescribers/credentials/ to create a new NPI mapping in our system.

    Client systems should specify a contact hint that CoverMyMeds can use to contact the provider directly to verify her identity. The contact_hint property is a free-form JSON object, with as much information as possible to speed in identifying the prescriber and notifying them of verification. The contact_hint is returned as a JSON string in the response.

    Upon a new prescriber-credential being created, CoverMyMeds will contact the associated prescriber and will confirm that they wish to have data delivered to the client system.

    If the prescriber credential already exists, the list of fax numbers will be merged with the fax numbers in the existing credential, and information about the credential will be returned in the response.

    GET /prescribers/credentials/

    <form method="get" action="https://api.covermymeds.com/prescribers/credentials/" id="get_prescribers_credentials">
      <label for="npi_2">npi</label>
      <input id="npi_2" name="npi" placeholder="(required)" type="text">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_prescribers_credentials').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('npi_2').value;
    
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/credentials/')+"/credentials/".length);
              // Append the form ID to the API URL
              form.action += npi;
    
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
    
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/prescribers/credentials/' + npi,
        data: {
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /prescribers/credentials/{npi}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    {
      "credential": {
        "href":           "url",
        "api_consumer":   "string",
        "api_id":         "string",
        "npi":            "npi",
        "delivery_url":   "url",
        "status":         "CRED_STATUS",
        "fax_numbers":    ["phone", ...]
      }
    }
    

    Use GET /prescribers/credentials/ to retrieve information about a prescriber-credential.

    DELETE /prescribers/credentials/

    <form method="post" action="https://api.covermymeds.com/prescribers/credentials/" id="delete_prescribers_credentials">
      <label for="npi_3">npi</label>
      <input id="npi_3" name="npi" placeholder="(required)" type="text">
      <input type="hidden" name="v" value="1">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <!-- This tells our server that we actually want this request to be DELETE rather than POST -->
      <input type="hidden" name="_method" value="delete">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the request ID value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('delete_prescribers_credentials').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('npi_3').value;
    
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/credentials/')+"/credentials/".length);
              // Append the form ID to the API URL
              form.action += npi;
    
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
    
      $.ajax({
        method: 'delete',
        url: 'https://api.covermymeds.com/prescribers/credentials/' + npi,
        data: {
          v: 1,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Credential successfully deleted.');
        }
      });
    });
    // </script>
    
    client = CoverMyApi::Client.new(your_api_id, your_api_secret)
    npi = '9876543210'
    
    response = client.delete_credential(npi)
    response # nil
    
    DELETE /prescribers/credentials/{npi}?v=1 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    204 No Content
    

    Use DELETE /prescribers/credentials/ to unlink a prescriber-credential. Once run, pharmacy-initiated transactions for the NPI will not be sent to the delivery_url. This is equivalent to “deleting” a prescriber record, and should be performed when a prescriber is deprovisioned from the client system.

    /prescribers?v=2

    The Prescriber resource allows client systems to claim prior authorization requests started at a pharmacy for a specified NPI.

    Most pharmacies in the United States use the CoverMyMeds system to initiate a PA after each claim rejection in their pharmacy. CoverMyMeds pushes these prior authorizations to the right place based on a credentialing process that maps prescriber NPIs to integrated EHRs or CoverMyMeds user accounts.

    Doing this push involves mapping the Prescriber NPI field in the rejected pharmacy claim to a flag that tells the CoverMyMeds system that claim rejections for the given Prescriber NPI should be available in the client system.

    Upon a PA being initiated by a pharmacy, CoverMyMeds will deliver the transaction through the Callback system. For each pharmacy-initiated PA, CoverMyMeds will make an HTTP request to the URL configured for the prescriber NPI, notifying the client system that a pharmacy-initiated PA was created.

    When delivered, client systems should store the PA data, including the id, tokens, and prescriber_npi to be shared with the appropriate prescribers. Generally, pharmacy-initiated PAs should show up in the same task lists as system-initiated PAs.

    The /prescribers/ resource allows client systems to create, read, update and delete records in our system that map NPI numbers to a callback_url.

    It is important to note that pharmacy-initiated PAs are pushed to URLs that are specified with each prescriber credential. These URLs may be identical to the Callback URL specified in the Developer Account but they do not need to be.

    To support on-premise systems, client systems may specify a different URL for each fax number, or use the same URL for all. To use the same URL, simply submit a constant value for the callback_url attribute in POST /prescribers/:npi/fax_numbers.

    Requesting a new credential is a matter of sending a POST request with the user’s NPI along with an array of fax number objects verified by the client system to be accessible to the user. CoverMyMeds will use this information to run a security process to validate the credential request. Some manual steps may be taken, including contacting the user, such as in the common occurrence that the user and NPI already exist in CoverMyMeds. These manual processes are usually complete in less than 24 hours. To speed the validation of the NPI, client systems can supply a memo that includes the prescriber’s email address, practice name, address, and phone number.

    To show pharmacy-initiated requests to the correct users, the client system is responsible for maintaining a map of credentialed NPIs to its users, and in turn, its users to prior authorization requests.

    POST /prescribers?v=2

    <form method="post" action="https://api.covermymeds.com/prescribers" id="post_prescribers_credentials_v2">
      <label for="npi_1">credential[npi]</label>
      <input id="npi_1" name="credential[npi]" placeholder="(required)" type="text" value="9876543210"/>
      <label for="memo_1">credential[memo]</label>
      <input id="memo_1" name="credential[memo]" placeholder="(required)" type="text" value="memo"/>
      <label for="fax_numbers_1_number_1">credential[fax_numbers][0][number]</label>
      <input id="fax_numbers_1_number_1" name="credential[fax_numbers][][number]" placeholder="(required)" type="text" value="16144444444"/>
      <label for="fax_numbers_1_callback_url_1">credential[fax_numbers][0][callback_url]</label>
      <input id="fax_numbers_1_callback_url_1" name="credential[fax_numbers][][callback_url]" placeholder="(required)" type="text" value="http://example.com"/>
      <label for="fax_numbers_1_callback_verb_1">credential[fax_numbers][0][callback_verb]</label>
      <input id="fax_numbers_1_callback_verb_1" name="credential[fax_numbers][][callback_verb]" placeholder="(required)" type="text" value="POST"/>
      <label for="fax_numbers_1_notify_via_fax_1">credential[fax_numbers][0][notify_via_fax]</label>
      <input id="fax_numbers_1_notify_via_fax_1" name="credential[fax_numbers][][notify_via_fax]" placeholder="(required)" type="text" value="false"/>
      <label for="fax_numbers_1_number_2">credential[fax_numbers][1][number]</label>
      <input id="fax_numbers_1_number_2" name="credential[fax_numbers][][number]" placeholder="(required)" type="text" value="16144444445"/>
      <label for="fax_numbers_1_callback_url_2">credential[fax_numbers][1][callback_url]</label>
      <input id="fax_numbers_1_callback_url_2" name="credential[fax_numbers][][callback_url]" placeholder="(required)" type="text" value="http://example.com"/>
      <label for="fax_numbers_1_callback_verb_2">credential[fax_numbers][1][callback_verb]</label>
      <input id="fax_numbers_1_callback_verb_2" name="credential[fax_numbers][][callback_verb]" placeholder="(required)" type="text" value="POST"/>
      <label for="fax_numbers_1_notify_via_fax_2">credential[fax_numbers][1][notify_via_fax]</label>
      <input id="fax_numbers_1_notify_via_fax_2" name="credential[fax_numbers][][notify_via_fax]" placeholder="(required)" type="text" value="false"/>
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      $.ajax({
        method: 'post',
        url: 'https://api.covermymeds.com/prescribers',
        data: {
          v: 1,
          credential: {
            npi: '9876543210',
            memo: 'This is a memo',
            fax_numbers: {
              callback_url: 'http://example.com',
              callback_verb: 'post',
              number: '1-555-555-5555',
              notify_via_fax: false
            }
            contact_hint: {'email':'drspock@example.com'}
          },
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    POST /prescribers/credentials?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api+id}:{api_secret})
    Content-Type: application/json
    {
      "credential": {
        "npi": "required npi",
        "memo": "string",
        "fax_numbers": [
          {
            "number": "required phone",
            "callback_url": "required url",
            "callback_verb": "required METHOD",
            "notify_via_fax": "boolean"
          }
        ]
      }
    }
    
    {
      "credential": {
        "href": "url",
        "api_consumer": "string",
        "api_id": "string",
        "npi": "npi",
        "status": "CREDENTIAL_STATUS",
        "memo": "string",
        "fax_numbers": [
          {
            "number": "phone", // only numbers, prefixed with "1"
            "callback_url": "url",
            "callback_verb": "METHOD",
            "notify_via_fax": "boolean"
          }
        ]
      }
    }
    

    Use POST /prescribers?v=2 to create a new NPI mapping in CoverMyMeds’ system.

    The callback_url and callback_verb elements of the request associate a particular callback URL with the fax number. When a retrospective PA is created on CoverMyMeds for the provider specified by the NPI, with a fax number matching the registration, a notification will be sent to the URL specified by callback_url.

    The fax_numbers property is an array of objects that contain a the actual fax number, the callback URL and verb associated with it, and a fax notification setting.

    The notify_via_fax parameter allows client systems to register providers to receive notification of the PA as a fax in addition to the JSON notification. Setting the value to “false” will prevent fax notifications from being sent to the provider. If not provided, the default is “true”.

    Client systems can specify descriptive text in the registration, in the memo field. For example, the provider’s name, office, and contact phone number will help to contact the provider in the event that CoverMyMeds needs to verify delivery of retrospective PA notifications.

    If the prescriber credential and fax number combination already exists, an error is returned indicating that the number is already taken for registration for your API key.

    GET /prescribers/{npi}?v=2

    <form method="get" action="https://api.covermymeds.com/prescribers/" id="get_prescribers_credentials_v2">
      <label for="retro_npi_2">npi</label>
      <input id="retro_npi_2" name="npi" placeholder="(required)" type="text" value="9876543210">
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_prescribers_credentials_v2').addEventListener('submit', function (event) {
          var form = event.target,
          npi = document.getElementById('retro_npi_2').value;
          //Remove the last value before we put the new one on the URL
          form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
          // Append the form ID to the API URL
          form.action += npi;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
    
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/prescribers/' + npi,
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /prescribers/{npi}?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    {
      "credential": {
        "href": "url",
        "api_consumer": "string",
        "api_id": "string",
        "npi": "npi",
        "status": "CREDENTIAL_STATUS",
        "memo": "string",
        "fax_numbers": [
          {
            "number": "phone", // only numbers, prefixed with "1"
            "callback_url": "url",
            "callback_verb": "METHOD",
            "notify_via_fax": "boolean"
          }
        ]
      }
    }
    

    Use GET /prescribers?v=2 to retrieve information about a registered prescriber credential.

    DELETE /prescribers/{npi}?v=2

    DELETE /prescribers/{npi}?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    <form method="post" action="https://api.covermymeds.com/prescribers/" id="delete_prescribers_credentials_v2">
      <label for="retro_npi_3">npi</label>
      <input id="retro_npi_3" name="npi" placeholder="(required)" type="text" value="9876543210">
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <!-- This tells our server that we actually want this request to be DELETE rather than POST -->
      <input type="hidden" name="_method" value="delete">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a request ID in the URL, which is problematic in our interactive documentation because the ID is a user-provided value. This Javascript dynamically appends the request ID value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('delete_prescribers_credentials_v2').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('retro_npi_3').value;
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
              // Append the form ID to the API URL
              form.action += npi;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
    
      $.ajax({
        method: 'delete',
        url: 'https://api.covermymeds.com/prescribers/' + npi,
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Credential successfully deleted.');
        }
      });
    });
    // </script>
    
    204 No Content
    

    Use DELETE /prescribers/{npi}?v=2 to unregister a prescriber from CoverMyMeds’ system. Once run, pharmacy-initiated transactions for the NPI will not be sent to the callback_url. This is equivalent to “deleting” a prescriber record, and should be performed when a prescriber is deprovisioned from the client system.

    GET /prescribers/{npi}/fax_numbers?v=2

    <form method="get" action="https://api.covermymeds.com/prescribers/fax_numbers" id="get_prescribers_fax_numbers_v2">
      <label for="retro_npi_4">npi</label>
      <input id="retro_npi_4" name="npi" placeholder="(required)" type="text" value="9876543210">
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_prescribers_fax_numbers_v2').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('retro_npi_4').value;
              //Remove the last value before we put the new one on the URL
              form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
              // Append the form ID to the API UR
              form.action += npi + '/fax_numbers';
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
    
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/prescribers/' + npi + '/fax_numbers',
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /prescribers/{npi}/fax_numbers?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    Content-Type: application/json
    
    {
      "fax_numbers": [
        {
          "number": "phone",
          "callback_url": "url",
          "callback_verb": "METHOD",
          "notify_via_fax": boolean
        }
      ]
    }
    

    The GET /prescribers/{npi}/fax_numbers?v=2 route returns an array of the fax numbers registered for retrospective PA notification and their associated configuration.

    GET /prescribers/{npi}/fax_numbers/{fax_number}?v=2

    <form method="get" action="https://api.covermymeds.com/prescribers/fax_numbers" id="get_prescribers_fax_number_v2">
      <label for="retro_npi_5">npi</label>
      <input id="retro_npi_5" name="npi" placeholder="(required)" type="text" value="9876543210">
      <label for="retro_fax_number_2">number</label>
      <input id="retro_fax_number_2" name="number" placeholder="(required)" type="text" value="16144444445">
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('get_prescribers_fax_number_v2').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('retro_npi_5').value,
              fax_number = document.getElementById('retro_fax_number_2').value;
              //Remove the last value before we put the npi
              form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
              // Append the form ID to the API URL
              form.action += npi + '/fax_numbers/' + fax_number;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
      var fax_number = '16144444444'
    
      $.ajax({
        method: 'get',
        url: 'https://api.covermymeds.com/prescribers/' + npi + '/fax_numbers/' + fax_number,
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    GET /prescribers/{npi}/fax_numbers/{fax_number}?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    Content-Type: application/json
    
    {
      "fax_number": {
        "number": "phone",
        "callback_url": "url",
        "callback_verb": "METHOD",
        "notify_via_fax": boolean
      }
    }
    

    Use the GET /prescribers/{npi}/fax_numbers/{fax_number}?v=2 route to fetch registration information for one (NPI, fax) combination, including the callback_url and callback_verb.

    PUT /prescribers/{npi}/fax_numbers/{fax_number}?v=2

    <form method="put" action="https://api.covermymeds.com/prescribers/fax_numbers" id="put_prescribers_fax_number_v2">
      <label for="retro_npi_6">npi</label>
      <input id="retro_npi_6" name="npi" placeholder="(required)" type="text" value="9876543210">
      <label for="fax_numbers_3_number">fax_number[number]</label>
      <input id="fax_numbers_3_number" name="fax_number[number]" placeholder="(required)" type="text" value="16144444444"/>
      <label for="fax_numbers_3_callback_url">fax_number[callback_url]</label>
      <input id="fax_numbers_3_callback_url" name="fax_number[callback_url]" type="text" value="http://example.com"/>
      <label for="fax_numbers_3_callback_verb">fax_number[callback_verb]</label>
      <input id="fax_numbers_3_callback_verb" name="fax_number[callback_verb]" type="text" value="POST"/>
      <label for="fax_numbers_3_notify_via_fax">fax_number[notify_via_fax]</label>
      <input id="fax_numbers_3_notify_via_fax" name="fax_number[notify_via_fax]" type="text" value="false"/>
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('put_prescribers_fax_number_v2').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('retro_npi_6').value,
              fax_number = document.getElementById('fax_numbers_3_number').value;
              //Remove the last value before we put the npi
              form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
              // Append the form ID to the API URL
              form.action += npi + '/fax_numbers/' + fax_number
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
      var fax_number = '16144444444'
    
      $.ajax({
        method: 'put',
        url: 'https://api.covermymeds.com/prescribers/' + npi + '/fax_numbers/' + fax_number,
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu',
          callback_url: 'http://example.com',
          callback_verb: 'POST',
          notify_via_fax: 'true'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    PUT /prescribers/{npi}/fax_numbers/{fax_number}?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    Content-Type: application/json
    {
        "fax_number": {
            "callback_url": "https://demo-ehr-rails.herokuapp.com/callbacks",
            "callback_verb": "POST",
            "notify_via_fax": "true"
        }
    }
    
    {
      "credential": {
        "href": "url",
        "api_consumer": "string",
        "api_id": "string",
        "npi": "npi",
        "status": "CREDENTIAL_STATUS",
        "memo": "string",
        "fax_numbers": [
          {
            "number": "phone", // only numbers, prefixed with "1"
            "callback_url": "url",
            "callback_verb": "METHOD",
            "notify_via_fax": "boolean"
          }
        ]
      }
    }
    

    Use this endpoint to modify the callback_url or callback_verb for one of a prescriber’s previously registered fax numbers.

    DELETE /prescribers/{npi}/fax_numbers/{fax_number}?v=2

    <form method="delete" action="https://api.covermymeds.com/prescribers/fax_numbers" id="delete_prescribers_fax_number_v2">
      <label for="retro_npi_7">npi</label>
      <input id="retro_npi_7" name="npi" placeholder="(required)" type="text" value="9876543210">
      <label for="retro_fax_number_4">fax_number</label>
      <input id="retro_fax_number_4" name="number" placeholder="(required)" type="text" value="16144444444">
      <input type="hidden" name="v" value="2">
      <input type="hidden" name="api_id" value="1vd9o4427lyi0ccb2uem">
      <input type="hidden" name="api_secret" value="q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu">
      <input type="submit" value="Submit">
    </form>
    
    <script>
      // The API URL requires a NPI in the URL, which is problematic in our interactive documentation because the NPI is a user-provided value. This Javascript dynamically appends the NPI value to the form URL when the form is submitted. You will likely not need this code in your application.
      (function () {
        document.getElementById('delete_prescribers_fax_number_v2').addEventListener('submit', function (event) {
          var form = event.target,
              npi = document.getElementById('retro_npi_7').value,
              fax_number = document.getElementById('retro_fax_number_4').value;
              //Remove the last value before we put the npi
              form.action = form.action.substring(0, form.action.indexOf('/prescribers/')+"/prescribers/".length);
              // Append the form ID to the API URL
              form.action += npi + '/fax_numbers/' + fax_number;
        }, true);
      }());
    </script>
    
    // Uncomment <script> tags if needed
    // <script src="https://code.jquery.com/jquery-1.11.0.min.js"></script>
    // <script>
    $(function () {
      var npi = '9876543210';
      var fax_number = '16144444444'
    
      $.ajax({
        method: 'delete',
        url: 'https://api.covermymeds.com/prescribers/' + npi + '/fax_numbers/' + fax_number,
        data: {
          v: 2,
          api_id: '1vd9o4427lyi0ccb2uem',
          api_secret: 'q4trxd3rj8w38qfykqn-l9zcmxxlnibzwciof6pu'
        },
        success: function (data) {
          console.log('Response: ' + JSON.stringify(data));
        }
      });
    });
    // </script>
    
    DELETE /prescribers/{npi}/fax_numbers/{fax_number}?v=2 HTTP/1.1
    Host: api.covermymeds.com
    Authorization: Basic Base64Encode({api_id}:{api_secret})
    
    204 No Content
    

    Use DELETE /prescribers/{npi}/fax_numbers/{fax_number}?v=2 to unregister a prescriber’s specific fax number from CoverMyMeds’ system. Once run, pharmacy-initiated transactions for the NPI at that fax number will not be sent to the callback_url associated with that fax number. This is equivalent to “deleting” a prescriber record, and should be performed when a prescriber fax number is no longer valid.