Developer FAQs

What is the PokitDok Platform API?

The PokitDok API allows you to perform X12 transactions, find healthcare providers, and get information on medical procedure pricing. The PokitDok API enables third party developers at payers, health systems, and digital health companies to easily create new apps to streamline the business of health. The API uses JSON for requests and responses and also allows batch processing of ASC X12 5010 compatible files. All API traffic is encrypted over HTTPS, and authentication is handled with OAuth2.

How do I start using the PokitDok Platform API?

When you sign up you receive a free test app, as well as a trial app preloaded with $10 of free credits. The test and trial apps each have separate Client IDs and Secrets. Your test app credentials can be used to make unlimited calls to all of our APIs, but the sample data is intended for testing purposes only. This is useful for learning how to access the various endpoints. Your trial app credentials can access all our production data (except our Cash Prices API - more on that later), with $5 worth of credits each for our Data and X12 APIs.

How do I upgrade my trial app to production?

Upgrading to production is easy. Log into your account and select your trial app in the pull- down box on the upper right (it's the one that doesn't say "test"). Then click the link titled "Upgrade for more API credit".

Where can I access PokitDok's API documentation?

Documentation can be accessed here.

Is PokitDok HIPAA compliant?


If your system is using the APIs with Protected Health Information (PHI), your system must also be Health Insurance Portability and Accountability Act (HIPAA) compliant. Large healthcare enterprises should already have policies and procedures in place to ensure they're in compliance with HIPAA. If you wish to use the APIs within one of these large organizations, you should treat your use of the API data like you would any of your internal systems. If you're a young company just starting out, you should develop your own policies and procedures for ensuring HIPAA compliance.

Here are a few tips for companies just getting started:

  • Put someone in charge who is accountable and follows-through on all activities related to HIPAA compliance and data security
  • Keep Protected Health Information (PHI) secure and private.
  • Encrypt data on disk.
  • Encrypt data transmitted over the network.
  • Use principle of least privilege.
  • Set up office policy, implementation procedures and training for your staff.
  • Inform patients of their rights and support those rights.

You should always refer to the U.S. Department of Health & Human Services to fully understand Health Information Privacy.

What is Pokitdok’s production infrastructure environment like?

The production environment is all with an Amazon VPC running on dedicated instances. All network communication external to the VPC is encrypted and no ePHI is transmitted to an un-authenticated receiver. All internal VPC traffic is encrypted and all data at rest is stored on encrypted volumes. EDI files in some instances have an additional encryption step using receiver public/private key encryption. All services are configured for fault-tolerance and failover, there is no single-point of failure in the system.

Administrative functions require VPN access with MFA.

We see that Pokitdok uses AWS for hosting. Is a BAA in place with Amazon?

Yes, we have a BAA with Amazon.

We also see that Pokitdok uses Amazon’s Elastic Load Balancers. Is all TLS traffic passed as TCP*?

SSL is terminated on the instances behind the ELB. Layer 4 TCP load-balancing is used at the ELB and Proxy-Protocol is enabled.

* i.e. the Pokitdok certifcates are NOT loaded into the ELB configuration

With which health plans can we process transactions via your API?

PokitDok is connected with national and regional health plans across the US. The following is a list of some of our trading partners:

  • Anthem BCBS
  • Aetna
  • Blue Cross and Blue Shield
  • Cigna
  • Harvard Pilgrim Healthcare
  • Premera Blue Cross
  • United HealthCare

A complete list of active trading partners is available. Our trading partners may change from time to time with or without notice to you. A trading partners API endpoint is available as well.

What is Version 5010 of the X12 HIPAA Transaction and Code Set Standards?

Version 5010 HIPAA ASC X12 is a set of standards that regulates the electronic transmission of specific healthcare transactions, including eligibility, claim status, referrals and claims. Healthcare providers are required to conform to the new transaction set standards.

What are CPT Codes?

The Current Procedural Terminology (CPT) code set is a medical code set maintained by the American Medical Association (AMA) through the CPT Editorial Panel. The CPT code set (copyright protected by the AMA) describes medical, surgical, and diagnostic services. These coding sets are copyrighted, and PokitDok, Inc. has the licensing rights to redistribute these coding sets. CPT coding is similar to ICD-9 and ICD-10 coding except that it identifies the services rendered rather than the diagnosis on the claim.

What are ICD-9 and ICD-10 codes?

The International Statistical Classification of Diseases and Related Health Problems, usually called by the short-form name International Classification of Diseases (ICD), is the international standard diagnostic tool for epidemiology, health management and clinical purposes.

How do I update my billing address or contact information?

Browse to My Account page, select "settings" from the side nav bar to update your contact and billing information.

Are AWS Dedicated Instances used for all servers moving or storing ePHI?


Is ePHI stored indefinitely?

ePHI is currently stored indefinitely on encrypted long term storage.

Are all employee devices (workstations, laptops, tablets, mobile phones) encrypted?

All workstations/laptops and backups are encrypted.

Does Pokitdok have a security officer, and/or a privacy officer?

Yes, the InfoSec team is made up of representatives from all aspects of the company.

What are the internal company policies that insure HIPAA / HITECH / Omnibus Rule compliance at Pokitdok?

PokitDok has developed a complete set of policies that covers all aspects of security best practices and legal requirements of handling PHI, PII and PCI type data.

The policies cover the charter of the InfoSec team, operations, processes, responsibilities and enforcement. All employees and contractors must sign relevant policies.

How do I contact PokitDok's support team or submit a privacy/HIPAA complaint?

Please use the contact form.

How do I get access to your cash prices database?

Please contact our support team using our contact form.

I am a Payer; how do I set up a direct connection with PokitDok?

Please contact us with your contact information and a member of PokitDok's trading partner team will contact you as soon as possible.