The PokitDok API allows you to perform X12 transactions, find healthcare providers, and get information on medical procedure pricing. The PokitDok API enables third party developers at payers, health systems, and digital health companies to easily create new apps to streamline the business of health. The API uses JSON for requests and responses and also allows batch processing of ASC X12 5010 compatible files. All API traffic is encrypted over HTTPS, and authentication is handled with OAuth2.
When you sign up you receive a free test app, as well as a trial app preloaded with $10 of free credits. The test and trial apps each have separate Client IDs and Secrets. Your test app credentials can be used to make unlimited calls to all of our APIs, but the sample data is intended for testing purposes only. This is useful for learning how to access the various endpoints. Your trial app credentials can access all our production data (except our Cash Prices API - more on that later), with $5 worth of credits each for our Data and X12 APIs.
Upgrading to production is easy. Log into your account and select your trial app in the pull- down box on the upper right (it's the one that doesn't say "test"). Then click the link titled "Upgrade for more API credit".
Documentation can be accessed here.
If your system is using the APIs with Protected Health Information (PHI), your system must also be Health Insurance Portability and Accountability Act (HIPAA) compliant. Large healthcare enterprises should already have policies and procedures in place to ensure they're in compliance with HIPAA. If you wish to use the APIs within one of these large organizations, you should treat your use of the API data like you would any of your internal systems. If you're a young company just starting out, you should develop your own policies and procedures for ensuring HIPAA compliance.
Here are a few tips for companies just getting started:
You should always refer to the U.S. Department of Health & Human Services to fully understand Health Information Privacy.
The production environment is all with an Amazon VPC running on dedicated instances. All network communication external to the VPC is encrypted and no ePHI is transmitted to an un-authenticated receiver. All internal VPC traffic is encrypted and all data at rest is stored on encrypted volumes. EDI files in some instances have an additional encryption step using receiver public/private key encryption. All services are configured for fault-tolerance and failover, there is no single-point of failure in the system.
Administrative functions require VPN access with MFA.
Yes, we have a BAA with Amazon.
SSL is terminated on the instances behind the ELB. Layer 4 TCP load-balancing is used at the ELB and Proxy-Protocol is enabled.
PokitDok is connected with national and regional health plans across the US. The following is a list of some of our trading partners:
Version 5010 HIPAA ASC X12 is a set of standards that regulates the electronic transmission of specific healthcare transactions, including eligibility, claim status, referrals and claims. Healthcare providers are required to conform to the new transaction set standards.
The Current Procedural Terminology (CPT) code set is a medical code set maintained by the American Medical Association (AMA) through the CPT Editorial Panel. The CPT code set (copyright protected by the AMA) describes medical, surgical, and diagnostic services. These coding sets are copyrighted, and PokitDok, Inc. has the licensing rights to redistribute these coding sets. CPT coding is similar to ICD-9 and ICD-10 coding except that it identifies the services rendered rather than the diagnosis on the claim.
The International Statistical Classification of Diseases and Related Health Problems, usually called by the short-form name International Classification of Diseases (ICD), is the international standard diagnostic tool for epidemiology, health management and clinical purposes.
Browse to My Account page, select "settings" from the side nav bar to update your contact and billing information.
ePHI is currently stored indefinitely on encrypted long term storage.
All workstations/laptops and backups are encrypted.
Yes, the InfoSec team is made up of representatives from all aspects of the company.
PokitDok has developed a complete set of policies that covers all aspects of security best practices and legal requirements of handling PHI, PII and PCI type data.
The policies cover the charter of the InfoSec team, operations, processes, responsibilities and enforcement. All employees and contractors must sign relevant policies.
Please use the contact form.
Please contact our support team using our contact form.
Please contact us with your contact information and a member of PokitDok's trading partner team will contact you as soon as possible.