Frequently Asked Questions

Fast, easy access to healthcare data is now possible through our modern API platform. Here are some of the most commonly asked questions to help you get started.

What does Particle Health do?

Particle Health develops a user-friendly API that lets healthcare providers get patient records from countless different medical facilities.

Our platform aggregates this data from separate health information networks across the USA, and converts it into multiple formats for compatibility purposes. If you think this is revolutionizing care, you’re right!

We create intuitive experiences for developers, build scalable infrastructure product teams love, and collaborate with innovative leaders launching data driven healthcare solutions. Recent information sharing requirements make our work more achievable, and more important, than ever before.

How does the Particle API work?

Our API is easy to use and only requires a simple set of patient demographic information to query the network. The Particle API has access to the digital medical records of over 270 million unique lives across the United States.

When we successfully match a patient (which happens, on average, over 85% of the time), you can receive data in both mainstream formats: C-CDA and FHIR R4. FHIR is generated through our transformation pipeline and based on the C-CDA documents we receive from EMRs.

To learn more about how Particle works, create a free Portal account, browse our “not-a-blog” showcase, or send an email to go@particlehealth.com!

Do I need BAAs with every provider and hospital system I want to pull data from?

Forget about signing agreements one by one. You only need to complete our single contract and BAA for instant access to every hospital, clinic, practice, and HIE in our network. That’s over 270 million covered lives.

How does the Particle API know where to locate records?

We’ve developed a proprietary record locator service (RLS). Essentially, we use the patient's home location to perform a radius search in conjunction with other heuristics and patient registries that we’re connected to. This RLS allows for an industry-leading success rate in the most efficient (read: fastest) manner.

Who can query with Particle's API?

Anyone with a valid Purpose of Use (PoU) can query the paid, live version of Particle’s API. (And anyone can play with test data for free in Particle’s developer portal!)

To access Particle’s API and query for patient files under the Treatment PoU, you must be a HIPAA-covered entity or hold a BAA with a covered entity. Otherwise, we may require patient consent and authorization before you can query.

Our team is experienced at helping organizations navigate different Purposes of Use. If you’d like to understand what your organization would need to query data, reach out to our team so that we can learn more about how you hope to use the Particle platform!

What is a Purpose of Use?

The Health Insurance Portability and Accountability Act (HIPAA) includes privacy and security rules to ensure health data is only shared for appropriate purposes. HIPAA permits several "Purposes of Use" (PoU) that depend on how patient data is used; these include Treatment, Payment, Operations, Individual Access, and several others.

The PoUs with the highest rate of data return are those that come under the “Treatment” definition. Put simply: these are requests that are initiated by a provider on behalf of their patient, and are used for the purposes of treating that patient. Because the request is going through a provider, the data holders across the networks Particle connects to are much more willing to respond to these requests.

Requests for the purposes of Payment (like claims adjudication) or Individual Access (Jane Doe requesting her own records), for example, are not supported by all health information networks. As such, we’ve prioritized working with groups whose primary use case falls under the Treatment PoU.

Organizations without any Treatment PoU cannot query the live version of Particle’s powerful API. However, patient access, payments, population research, and healthcare operations may be permitted PoUs in the near future, so we encourage you to get in touch if you’re interested and enroll in our beta program for individual access to get the most up-to-date communication on where this stands with the networks.

No matter what PoUs your organization may have, we want you to reach out to Particle to discuss solutions. We're happy to speak with you more about how these PoUs relate to data access, how our customers can use data, and how your use case aligns with each Purpose of Use!

How do I know which Purpose of Use fits my use case?

Talk to us! Before providing access to live patient data, we will work with you to ensure that you can query for the specific data you need in a way that complies with federal and local policies.

Can I test the API on myself?

Good question, but not at this time. Particle’s API is designed for heavily regulated healthcare activities and must correspond to universally accepted principles that you, Particle, and our other health data sources share. Our network is built on trust, and compliance is part of our user agreement.

Do patients need to provide their login information to other patient portals (like Epic MyChart) to access records?

No, our API does not rely on logging into patient portals. If you can provide basic demographic information on your patients - their family name, given name, phone number, and address - we can quickly and reliably pull records without the need for any additional information on the patient.

Is Particle Health secure?

Particle Health has been independently audited to earn SOC 2 Type 2 certification. SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures are written and followed.

Achieving SOC 2 Type 2 means that our systems and internal practices have not only met these demanding standards, but have done so over a consistent period of time.

  • Data at rest is encrypted using Advanced Encryption Standard (AES).
  • Google Cloud provides cryptographic authentication and authorization for all inter-service communications.
  • Mutual TLS is used for authenticating outgoing requests.
  • All PHI is de-identified when used for internal analytics.


Particle sticks to additional best practices, including employee security training, vulnerability monitoring and a bug bounty program. We meet and exceed all legislative requirements regarding access to Protected Health Information, maintaining both the letter and the spirit of these critically important laws. Particle began with developers in mind, and security is in our DNA.

How do I get started?

Reach out to us today! We’ll answer any questions your team has about Particle’s API or healthcare interoperability.

What data can I access via the Particle API?

Our API aggregates a wide range of clinical data, from medications to vitals to diagnoses. Our data set is currently based on the widely used USCDI v2 data standard, which virtually all network participants will have in common.

USCDI is defined by ONC (the federal agency which coordinates interoperability) and is meant to encompass all clinical data points that holders of medical data are required to share. ONC regularly expands the scope of this data set as interoperability efforts gain increased national traction.

What type of files will I get back?

The Particle API will return a range of CDA documents. The most common ones we find are: Continuity of Care Documents, Office Visit Summaries, Lab Orders, Refill Orders, and Doctor Notes.
 
These documents include robust clinical information such as allergies, immunizations, and vitals. They come from sources like hospitals, specialists, and ambulatory facilities.

Additionally, we’ve developed a data transformation pipeline that converts the CDA documents that we receive from the EMRs into FHIR R4, which gives our clients additional control over which data to use and how to use it. For example, using FHIR you could just download medications from the last two years instead of a full medical record.

What's the difference between C-CDA and FHIR documents?

Your test results, visit notes, and vital signs are all clinical documents. FHIR and C-CDA are the two primary data formats used to electronically share these medical records.

C-CDA documents need specialized parsing to extract individual data points from patient records. FHIR documents are easier to query for specific aspects of patient encounters. Particle’s developer tools can convert C-CDA documents into the FHIR format.

What is FHIR?

Fast Health Interoperability Resources (FHIR) is the newest generation of electronic health record exchange. It’s an open source format overseen by HL7, the same organization that developed the widely-used C-CDA standard. Unlike C-CDA, the FHIR format has a foundation in modern web standards like JSON and RESTful architecture.

All exchangeable content in the FHIR standard is contained in a resource. Instead of sharing a patient’s fixed XML record with everyone who requests it, FHIR lets organizations request targeted, relevant resources. Federal guidelines increasingly require the use of FHIR in health IT.

We’re excited to help organizations discover FHIR. Our engineering team has a great deal of FHIR experience to share, and our API makes it easy for organizations to integrate with this format. Learn more about FHIR here or check out our API reference documents.

Can I pull data from outside of the US?

No. We’re specializing in United States healthcare data at this time.

What is your success rate in finding a patient's data?

We typically find data on at least 85% of patients entered into our API, though some customers have seen success rates approaching 95%. On average, we return about 95 files for every patient that we locate!

We pride ourselves in having a best-in-class solution for quickly and accurately finding healthcare data, which covers about 270 million patient lives across the US (and more every day!).

Do I need to know the doctor or facility I want to find my patient's records from?

No! Our proprietary record locator service (RLS) searches for your patients’ records across many endpoints. Our amazing API doesn’t need to ask you where a patient has received care.

What type of authorization frameworks does Particle's API use?

Particle’s API uses the Client Credentials Flow of the OAuth 2.0 Authorization Framework. The Client Credentials flow is a widely adopted authorization flow used primarily for system-to-system communication. Organization-controlled service accounts, or verified users of an organization, use generated client credentials to retrieve a JSON Web Token which allows scoped access to Particle’s APIs.

How do you handle patient matching?

Particle Health currently does not attempt to match patients before receiving a query request. Patient matching is handled by either one of the centralized network entities we connect to, or whichever individual organization is the original source of the data. Each organization in our network may thus have its own criteria and threshold for what constitutes a safe and accurate patient match.

The best way to get a patient match and pull the associated data is to submit as much valid demographic data as you have during your initial query. Particle Health is very involved in patient matching optimization efforts with our network partners, and our team will work with you to determine how you can optimize your results.

How can I get started??

Reach out to us today! We’ll answer any questions your team has about Particle’s API or healthcare interoperability.

How long does it take to implement the Particle API?

Our API is simple and straightforward. As soon as a partnership agreement is in place between you and the Particle team, production querying can begin immediately!

Our client success experts will help map out your optimal integration path. We’ll ask which data points are most important to you, and how you plan to use patient data.

Developers can get a head start today by logging into our Developer Portal for hands-on experience with our API.

Once testing begins, we’ve seen full implementations take anywhere from a couple of weeks to several months. It all depends on your use case, team, and planning timeline (including sprints and roadmap expectations).

What information is required to query a patient's data?

You'll need a patient's:

  • First & Last Name
  • Date of Birth
  • ZIP Code
  • Gender
  • Street Address (optional, but recommended)

Optional fields that can increate match percentage includes:

  • Phone Number
  • Email Address
  • SSN
Should I include the patient’s full address when querying?

Yes. The patient’s address will increase the chance of a successful match.

What is the purpose of the NPI, and is it required?

The National Provider Identifier is used for tracking purposes to help us and our networks understand who is querying for patient data. It is not required, but if available, using an NPI can be quite helpful in the case of an audit.

How do I achieve the highest success rate in finding data for my patients?

The more data you submit in the initial POST of demographic information, the better. Including the patient’s street address and phone number can also significantly increase the likelihood of finding a match.

What is the best way to view C-CDA documents?

Most EHR solutions have native C-CDA viewers as a requirement of Meaningful Use. If you don’t have access to these viewers, we host a secure C-CDA viewer within our customer portal that is free to use and is built using this open source viewer.

Who should be involved in our implementation?

We generally recommend that both business and technical stakeholders be involved in the scoping and
implementation process. This could include your:

  • Product Manager
  • Business Analyst
  • Software Engineer(s)
  • Data Scientist(s)
  • Strategy & Operations Lead
How do I get started???

Reach out to us today! We’ll answer any questions your team has about Particle’s API or healthcare interoperability.