844.878.2434 / support@4d-emr.com

Contact

Status

Login

4D EMR Logo

Application Access — Patient Selection API

Documentation per 45 CFR § 170.315(g)(7)

4D EMR Version 6.0 — 4th Dimension EMR, Inc.

Overview

The 4D EMR Public API provides programmatic access for third-party applications to search for and select patients within the system. A requesting application submits patient identifying information (such as name, date of birth, or account number) and receives a unique PatientId that can be used in subsequent API calls to retrieve that patient's clinical and demographic data.

This API fulfills the requirements of 45 CFR § 170.315(g)(7) — Application Access: Patient Selection.

Base URL and Transport Security

All API requests must be made over HTTPS (TLS 1.2 or higher). Unencrypted HTTP requests will be rejected.

Base URL:  https://{your-practice-domain}/api/public

All responses are returned in JSON format (application/json).

Authentication

Every API request must include two authentication headers. These credentials are specific to each practice and can be obtained from the Practice > Integrations section within the 4D EMR application.

Header Required Description
client-id Yes Practice-specific client identifier assigned during integration setup
client-secret Yes Practice-specific secret key assigned during integration setup

If credentials are missing or invalid, the API returns a 401 Unauthorized response with one of the following messages:

  • "Missing credentials" — Required authentication headers were not provided
  • "Invalid credentials" — One or both headers are empty
  • "Invalid client-id or client-secret" — The credentials do not match any registered integration
  • "Invalid client-id" — The client ID is not associated with an active external program

Patient Search — GET /api/public/patients

Searches for patients matching the provided criteria and returns a paged list of results. Each result includes a PatientId that uniquely identifies the patient and can be used in subsequent API calls.

Request Parameters (Query String)

Parameter Type Required Description
firstname string No Patient's first name
lastname string No Patient's last name
birthdate string No Date of birth in YYYY-MM-DD format (e.g., 1985-03-15)
phone string No Patient's phone number
email string No Patient's email address
zipcode string No Patient's ZIP code
accountNumber string No Legacy patient account number
fromModifiedDate string No Minimum modified date filter (YYYY-MM-DDTHH:mm:ss)
toModifiedDate string No Maximum modified date filter (YYYY-MM-DDTHH:mm:ss)
page.skip integer No Number of records to skip for pagination
page.count integer No Maximum records to return (default: 20, max: 1000)
page.needTotalCount boolean No If true, includes total matching record count in response

Example Request

GET /api/public/patients?lastname=Smith&birthdate=1985-03-15&page.count=10 HTTP/1.1
Host: your-practice-domain.com
client-id: your-client-id
client-secret: your-client-secret
Accept: application/json

Response — 200 OK

Returns a PagedResponse object containing an array of PatientModel items:

{
  "TotalCount": 1,
  "Items": [
    {
      "PatientId": 12345,
      "FirstName": "John",
      "LastName": "Smith",
      "MiddleInitial": "A",
      "Gender": "M",
      "DOB": "1985-03-15T00:00:00",
      "Address1": "123 Main St",
      "Address2": "",
      "City": "Las Vegas",
      "State": "NV",
      "ZipCode": "89135",
      "Country": "US",
      "PhonePrimary": "7025551234",
      "Email": "john.smith@email.com",
      "NickName": "",
      "OtherLastName": "",
      "AccountNumber": "ACCT-001",
      "Custom1": "",
      "Custom2": "",
      "Custom3": "",
      "ReferralCategory": "",
      "MarketingSource": "",
      "ProfilePhotoId": 0,
      "CoordinatorId": 0,
      "Providers": [],
      "Status": "Active",
      "CreatedDate": "2020-01-15T09:30:00",
      "ModifiedDate": "2025-06-01T14:22:00"
    }
  ]
}

Get Patient by ID — GET /api/public/patients/{patientId}

Retrieves the full demographic record for a single patient using the PatientId returned from the search endpoint.

Path Parameters

Parameter Type Required Description
patientId integer Yes The unique patient identifier obtained from a search result

Example Request

GET /api/public/patients/12345 HTTP/1.1
Host: your-practice-domain.com
client-id: your-client-id
client-secret: your-client-secret
Accept: application/json

Response — 200 OK

Returns a single PatientModel object (same structure as items in the search response above).

PatientModel Schema

The following fields are returned for each patient record:

Field Type Description
PatientId integer Unique patient identifier (primary key)
FirstName string Patient's first name
LastName string Patient's last name
MiddleInitial string Patient's middle initial
NickName string Patient's preferred name
OtherLastName string Alternate / maiden last name
Gender string Patient gender (M or F)
DOB datetime Date of birth (ISO 8601 format)
Address1 string Street address line 1
Address2 string Street address line 2
City string City
State string Two-letter state abbreviation (e.g., NV)
ZipCode string 5-digit ZIP code
Country string Country code
PhonePrimary string Primary phone number
Email string Email address
AccountNumber string Legacy patient account number
Custom1 string Practice-defined custom field 1
Custom2 string Practice-defined custom field 2
Custom3 string Practice-defined custom field 3
ProfilePhotoId integer ID of the patient's profile photo (0 if none)
CoordinatorId integer Assigned coordinator (provider or staff) ID
Providers array Array of associated provider references
ReferralCategory string Referral category name
MarketingSource string Marketing/referral source name
Status string Patient status (e.g., Active)
CreatedDate datetime Date/time the patient record was created (ISO 8601)
ModifiedDate datetime Date/time the patient record was last modified (ISO 8601)

Additional Patient Endpoints

Once a PatientId has been obtained, the following endpoints are available to retrieve additional patient data:

Method Endpoint Description
GET /api/public/patients/{patientId}/medicalHistory Returns the patient's medical history including conditions, surgeries, allergies, and medications
GET /api/public/patients/added Returns patients added within a date range (beginDate, endDate required)
GET /api/public/patients/modified Returns patients modified within a date range (beginDate, endDate required)
GET /api/public/patients/lastseen Returns patients last seen within a date range (beginDate, endDate required)
POST /api/public/patients/create Creates a new patient record and returns the assigned PatientId
POST /api/public/patients/edit Updates an existing patient record (requires PatientId in request body)

PatientMedicalHistoryModel Schema

Returned by GET /api/public/patients/{patientId}/medicalHistory:

Field Type Description
PatientId integer Unique patient identifier
Conditions array List of the patient's medical conditions
Surgeries array List of the patient's surgical history
Allergies array List of the patient's known allergies
Medications array List of the patient's current medications

Error Handling

The API uses standard HTTP status codes to indicate success or failure:

Status Code Meaning Description
200 OK Success The request completed successfully and data is returned in the response body
400 Bad Request Validation Error The request contains invalid parameters (e.g., malformed date format)
401 Unauthorized Authentication Failure Missing, empty, or invalid client-id / client-secret headers
403 Forbidden Permission Denied The authenticated client does not have permission to access the requested resource
404 Not Found Resource Not Found The specified patientId does not exist
500 Internal Server Error Server Error An unexpected error occurred on the server

Implementation Requirements for Third-Party Applications

To integrate with the 4D EMR Patient Selection API, a third-party application must:

  1. Obtain credentials — Contact the practice administrator to obtain a client-id and client-secret from the Practice > Integrations section of 4D EMR.
  2. Use HTTPS — All requests must be made over a TLS-secured connection. HTTP requests are not accepted.
  3. Include authentication headers — Every request must include the client-id and client-secret headers.
  4. Search for patients — Use GET /api/public/patients with at least one search parameter to locate a patient.
  5. Use the PatientId — Extract the PatientId from the search response to make subsequent requests for that patient's data.
  6. Handle pagination — For large result sets, use the page.skip and page.count parameters to iterate through results.
  7. Accept JSON responses — All responses are returned as application/json. Set the Accept header accordingly.

Terms of Use

Use of the 4D EMR Public API is subject to the following terms:

  • API access is granted on a per-practice basis. Credentials must not be shared across practices or organizations.
  • All data accessed through the API is protected health information (PHI) subject to HIPAA regulations. The consuming application must maintain appropriate safeguards.
  • API credentials should be stored securely and never exposed in client-side code, URLs, or public repositories.
  • Rate limiting may be applied to protect system performance. Applications should implement appropriate retry logic with exponential backoff.
  • 4th Dimension EMR, Inc. reserves the right to revoke API access if terms are violated or if access poses a security risk.
  • API documentation is maintained at this URL and reflects the most current version of the API. Changes to the API will be reflected in updated documentation.

4th Dimension EMR, Inc.

10300 W Charleston Blvd, Suite 13-146, Las Vegas, NV 89135

Phone: (844) 878-2434

Email: support@4d-emr.com

Website: https://4d-emr.com

4D EMR is the next evolution of practice management and EMR software.

Stay Updated

Get the latest news from 4D EMR

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC–ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services

Quick links

HomeAbout UsPartnershipsTestimonialsNewsRequest a Demo

Features

Electronic Medical RecordsPractice ManagementPOS & Payment ProcessingPatient EngagementReporting & AnalyticsPhoto Management & Tools

Contact

info@4d-emr.com
844.878.2434
Topbar FacebookTiopbar Linkedin
Footer Call Icon

Call Anytime

844.878.2434

© 2022-2026 4th Dimension EMR Inc

Legal
Privacy Policy
Log In