Overview

The 4D EMR Public API provides programmatic access for third-party applications to search for and select patients within the system. A requesting application submits patient identifying information (such as name, date of birth, or account number) and receives a unique PatientId that can be used in subsequent API calls to retrieve that patient's clinical and demographic data.

This API fulfills the requirements of 45 CFR § 170.315(g)(7) — Application Access: Patient Selection.

Base URL and Transport Security

All API requests must be made over HTTPS (TLS 1.2 or higher). Unencrypted HTTP requests will be rejected.

Base URL:  https://{your-practice-domain}/api/public

All responses are returned in JSON format (application/json).

Patient Search — GET /api/public/patients

Searches for patients matching the provided criteria and returns a paged list of results. Each result includes a PatientId that uniquely identifies the patient and can be used in subsequent API calls.

Request Parameters (Query String)

Example Request

GET /api/public/patients?lastname=Smith&birthdate=1985-03-15&page.count=10 HTTP/1.1
Host: your-practice-domain.com
client-id: your-client-id
client-secret: your-client-secret
Accept: application/json

Response — 200 OK

Returns a PagedResponse object containing an array of PatientModel items:

{
  "TotalCount": 1,
  "Items": [
    {
      "PatientId": 12345,
      "FirstName": "John",
      "LastName": "Smith",
      "MiddleInitial": "A",
      "Gender": "M",
      "DOB": "1985-03-15T00:00:00",
      "Address1": "123 Main St",
      "Address2": "",
      "City": "Las Vegas",
      "State": "NV",
      "ZipCode": "89135",
      "Country": "US",
      "PhonePrimary": "7025551234",
      "Email": "john.smith@email.com",
      "NickName": "",
      "OtherLastName": "",
      "AccountNumber": "ACCT-001",
      "Custom1": "",
      "Custom2": "",
      "Custom3": "",
      "ReferralCategory": "",
      "MarketingSource": "",
      "ProfilePhotoId": 0,
      "CoordinatorId": 0,
      "Providers": [],
      "Status": "Active",
      "CreatedDate": "2020-01-15T09:30:00",
      "ModifiedDate": "2025-06-01T14:22:00"
    }
  ]
}

Get Patient by ID — GET /api/public/patients/{patientId}

Retrieves the full demographic record for a single patient using the PatientId returned from the search endpoint.

Path Parameters

Example Request

GET /api/public/patients/12345 HTTP/1.1
Host: your-practice-domain.com
client-id: your-client-id
client-secret: your-client-secret
Accept: application/json

Response — 200 OK

Returns a single PatientModel object (same structure as items in the search response above).

PatientModel Schema

The following fields are returned for each patient record:

Additional Patient Endpoints

Once a PatientId has been obtained, the following endpoints are available to retrieve additional patient data:

PatientMedicalHistoryModel Schema

Returned by GET /api/public/patients/{patientId}/medicalHistory:

Error Handling

The API uses standard HTTP status codes to indicate success or failure:

Terms of Use

Use of the 4D EMR Public API is subject to the following terms:

• API access is granted on a per-practice basis. Credentials must not be shared across practices or organizations.
• All data accessed through the API is protected health information (PHI) subject to HIPAA regulations. The consuming application must maintain appropriate safeguards.
• API credentials should be stored securely and never exposed in client-side code, URLs, or public repositories.
• Rate limiting may be applied to protect system performance. Applications should implement appropriate retry logic with exponential backoff.
• 4th Dimension EMR, Inc. reserves the right to revoke API access if terms are violated or if access poses a security risk.
• API documentation is maintained at this URL and reflects the most current version of the API. Changes to the API will be reflected in updated documentation.