Most EHR integration guides start and end with the big hospital systems -- Epic, Cerner, Allscripts. And if you are building software that lives inside a health system, that is exactly where you should focus. But the reality is that a significant and growing segment of health tech startups are not building for hospitals. They are building for independent practitioners, small group practices, telehealth startups, and wellness clinics. If that describes your product, the EHR systems you actually need to integrate with are practice management platforms like Healthie, Jane App, DrChrono, Athenahealth, and PracticeQ.
These platforms have fundamentally different APIs, capabilities, authentication models, and constraints than hospital EHRs. The integration patterns that work for Epic's FHIR endpoints will not translate cleanly to a GraphQL-based Healthie integration or a partnership-gated Jane App API. This guide walks through the practical, technical reality of building EHR API integrations against practice management platforms -- platform by platform, pattern by pattern.
Hospital EHR APIs vs Practice Management APIs: Know Which World You Are In
Before writing a single line of integration code, you need to understand which ecosystem you are operating in. Hospital EHRs and practice management platforms are different animals, and confusing the two leads to misscoped projects and blown timelines.
Hospital EHRs (Epic, Cerner, Allscripts)
Hospital EHR integrations are built on the FHIR (Fast Healthcare Interoperability Resources) standard. The APIs are well-documented and increasingly standardized, but the onboarding process is heavy. Epic requires you to go through App Orchard (now the Epic on FHIR program), complete a vendor certification process, pass security reviews, and often wait months before you can access production data. Cerner (now Oracle Health) has a similar process through its Code Console. Allscripts requires a partnership agreement.
These integrations are standardized but slow. Expect 3 to 6 months from first API call to production deployment, and budget for dedicated compliance resources throughout.
For a deeper dive into hospital EHR integration patterns, including FHIR resource mapping and HL7 v2 considerations, read our EHR Integration Development Guide.
Practice Management APIs (Healthie, Jane App, DrChrono)
Practice management platform APIs are faster to integrate, more flexible, and less standardized. Most offer REST or GraphQL APIs with straightforward authentication (API keys or OAuth 2.0). You can typically get sandbox access within days and ship a working integration within weeks.
The tradeoff is that every platform uses its own data model, its own terminology, and its own quirks. There is no shared standard like FHIR across these platforms -- at least not yet. Patient records, appointment statuses, clinical note structures, and billing fields all differ from platform to platform. You will spend less time on certification and more time on data normalization.
The Key Differences at a Glance
| Factor | Hospital EHRs | Practice Management APIs |
|---|---|---|
| API Standard | FHIR R4, HL7 v2 | REST, GraphQL (proprietary) |
| Onboarding Time | 3-6 months | 1-4 weeks |
| Certification Required | Yes (App Orchard, Code Console) | Varies (some require partnership) |
| Data Model | Standardized (FHIR resources) | Proprietary per platform |
| Sandbox Access | Requires application | Usually immediate or fast |
| Webhook Support | Limited, varies | Platform-dependent |
| Typical Integration Cost | $50K-150K+ | $10K-40K per platform |
Know which world you are operating in before you scope a single sprint.
Platform-by-Platform Integration Guide
Healthie API
Healthie has positioned itself as the API-first practice management platform, and it delivers on that promise better than most competitors. The API is GraphQL-based, which gives you fine-grained control over exactly which data you query and mutate.
API Architecture: GraphQL with a single endpoint. Queries and mutations cover appointments, patients (referred to as "users" in their data model), charting, forms, goals, billing, insurance, and documents. The Healthie+ API infrastructure is their real differentiator for health tech companies building on top of the platform.
Authentication: API keys for server-to-server communication, OAuth 2.0 for user-facing integrations. API keys are scoped to an organization and provide broad access, so secure them accordingly.
Webhooks: Healthie supports webhooks for real-time event notifications -- appointment created, patient updated, form completed, and more. This is a significant advantage over platforms that require polling. Design your integration around webhooks first and use API queries for backfill or reconciliation.
Rate Limits: 60 requests per minute per API key. This is generous enough for most real-time use cases but will require batching strategies if you are doing bulk data migrations or nightly syncs across large patient populations.
Gotchas to Watch For:
- The GraphQL schema is extensive but has some undocumented edge cases around calendar availability and recurring appointment series
- Pricing scales with the number of practitioners on the account, which affects how you model multi-tenant integrations
- Patient charting data has a nested structure that can require multiple queries to fully resolve
- Webhook delivery is not guaranteed exactly once -- build idempotent handlers
Jane App API
Jane App dominates the allied health space -- physiotherapy, chiropractic, massage therapy, and similar clinic types. Its API is REST-based and focused on the core clinic management workflow: scheduling, billing, charting, and patient management.
API Architecture: RESTful JSON API. Resources include patients, appointments, practitioners, invoices, and products. The data model is clean and maps closely to how clinics actually think about their operations.
Authentication: API access requires partnership approval from Jane. This is not a self-serve developer portal situation. You will need to make a business case for your integration and go through a review process before receiving credentials.
Data Model: Patients, appointments, practitioners, invoices, and chart entries are the primary entities. Appointment statuses follow a clinic-centric model (booked, arrived, completed, cancelled). Insurance and billing data is structured around Canadian and US clinic billing workflows.
Gotchas to Watch For:
- Limited webhook support means you will likely need to implement polling for many data synchronization use cases
- API documentation is sparse compared to Healthie or DrChrono -- expect to do some exploratory work during integration
- Jane is heavily optimized for in-person clinic workflows, so telehealth-specific fields may be limited
- The partnership approval process can add 2-4 weeks to your integration timeline before you write any code
DrChrono API
DrChrono (now part of EverHealth) offers one of the more comprehensive APIs in the practice management space. It covers scheduling, clinical data, billing (including claim submission), and prescriptions. For teams building add-on products for small to mid-size practices, DrChrono's marketplace model provides a built-in distribution channel.
API Architecture: REST API with FHIR R4 support emerging for certain clinical data endpoints. This hybrid approach means you can use FHIR resources where available while falling back to proprietary REST endpoints for platform-specific features.
Authentication: OAuth 2.0 with authorization code flow. Marketplace listing is required if you want to distribute your integration to DrChrono customers, which adds a review and approval step.
Key Capabilities:
- Scheduling with support for complex availability rules and multi-provider calendars
- Clinical data including patient demographics, allergies, medications, vitals, and clinical notes
- Billing with claim submission, ERA processing, and payment tracking
- E-prescribing integration (which is notable -- many practice management APIs do not expose prescription workflows). For more on this topic, see our E-Prescribing Integration Guide.
Gotchas to Watch For:
- The transition from proprietary REST to FHIR is ongoing, so you may encounter inconsistencies between the two API surfaces
- Rate limits vary by endpoint and plan tier
- Marketplace review can take several weeks and requires demo-ready integration
Athenahealth API
Athenahealth sits at the intersection of practice management and enterprise EHR. It serves a broader range of practice sizes than Healthie or Jane App, from small practices up to large physician groups. The API is enterprise-grade with strong coverage across scheduling, orders, results, clinical documents, and billing.
API Architecture: REST API with comprehensive endpoint coverage. The More Than Certified program is athenahealth's integration certification process, and completing it unlocks access to the athenahealth Marketplace.
Authentication: OAuth 2.0 with client credentials and authorization code flows. Certification is required for production access. The sandbox environment is accessible for development, but production deployment requires passing athenahealth's security and functionality review.
Key Capabilities:
- Scheduling with complex availability, waitlist management, and patient self-scheduling hooks
- Clinical data with full chart access, orders, results, and document management
- Revenue cycle management including claim submission, denial tracking, and payment posting
- Patient communication hooks for appointment reminders and messaging
Gotchas to Watch For:
- The certification process is thorough -- budget 4-8 weeks for the More Than Certified review
- API responses can include deeply nested objects that require careful parsing
- Rate limits are enforced per practice and per integration, not globally
- Athenahealth's data model uses internal IDs heavily, so mapping to external systems requires a robust ID cross-reference layer
PracticeQ and IntakeQ APIs
PracticeQ (formerly IntakeQ for some features) is growing rapidly in the wellness, nutrition, and functional medicine space. The API is focused on intake forms, scheduling, and practice management -- a narrower surface area than Healthie or DrChrono, but well-suited for products that need to integrate with the patient onboarding and scheduling workflow.
API Architecture: REST API with JSON payloads. Endpoints cover intake forms, appointments, clients, practitioners, and invoices.
Authentication: API key-based authentication. Simple to implement, fast to get started.
Gotchas to Watch For:
- The API surface is more limited than the platforms listed above -- complex clinical data workflows may not be supported
- Webhook support is basic but functional for common events (form submitted, appointment booked)
- Growing quickly, so API capabilities may expand, but current documentation may lag behind available features
Common Integration Patterns
Regardless of which platform you are integrating with, the same architectural patterns recur. Getting these right from the start prevents painful rewrites later.
Patient Sync
Bi-directional patient demographic sync is the most common and most deceptively complex integration pattern. You need to keep patient records consistent between your platform and the practice management system, which means handling:
- Duplicate detection: Patients may already exist in both systems. Match on name + date of birth + contact information, not just a single field.
- Merge conflicts: When both systems update the same patient record, you need a conflict resolution strategy. Designate one system as the master record source for each field type, or timestamp-based last-write-wins.
- Master record designation: Decide upfront whether the practice management platform or your system is the source of truth for demographics, clinical data, and billing information. Document this decision and enforce it in your sync logic.
Appointment Sync
Calendar integration sounds simple until you encounter timezone conversion across multi-location practices, recurring appointment series with exceptions, cancellation and reschedule propagation, and provider availability rules that differ between platforms.
Build your appointment sync layer with these considerations:
- Store all times in UTC internally and convert to local time at the display layer
- Handle recurring appointments as individual instances, not series objects, unless the target platform explicitly supports series
- Propagate cancellations bidirectionally with configurable delay to prevent race conditions
- Map appointment statuses explicitly -- "booked" in one system may not mean the same thing as "scheduled" in another
Clinical Data Passback
After a telehealth visit, assessment, or patient interaction in your platform, you often need to push notes, vitals, or results back into the practice management system's chart. This is where data format differences become painful.
- CCDA (Consolidated Clinical Document Architecture) is the standard document format for hospital EHRs, but most practice management platforms do not accept CCDA documents through their APIs
- FHIR resources are increasingly supported by DrChrono and athenahealth but not yet by Healthie or Jane App
- Platform-native formats: Most practice management APIs expect clinical data in their proprietary JSON structure, so you will need platform-specific serializers
For platforms that support HIPAA-compliant data exchange, ensure your clinical data passback includes proper audit logging and encryption in transit.
Webhook-Driven vs Polling Architecture
Your integration architecture depends heavily on what the target platform supports:
- Webhook-driven (Healthie, DrChrono, athenahealth): Register webhook endpoints for the events you care about, validate webhook signatures, and process events asynchronously through a queue. This is the preferred pattern -- it is real-time, efficient, and reduces API call volume.
- Polling-based (Jane App, some PracticeQ endpoints): Set up scheduled jobs that query for changes since the last sync. Use cursor-based pagination and store watermarks to avoid re-processing. Poll frequency is a tradeoff between data freshness and API rate limits.
- Hybrid: Many production integrations use webhooks for real-time events and polling as a reconciliation layer to catch any events that webhooks missed.
Error Handling and Resilience
EHR APIs fail. Network timeouts, rate limit errors, authentication token expiry, and temporary service outages are not edge cases -- they are regular operating conditions. Build for them:
- Retry queues: Failed API calls go into a retry queue with exponential backoff. Three retries with increasing delays (1 second, 10 seconds, 60 seconds) handles most transient failures.
- Dead letter processing: After retries are exhausted, failed operations land in a dead letter queue for manual review. Include the full request payload, error response, and timestamp.
- Admin notification: Alert your operations team when sync failures exceed a threshold. A single failed appointment sync is noise. Fifty failed syncs in an hour is a platform outage.
- Idempotency: Every write operation should be idempotent. If a webhook fires twice or a retry succeeds after the original request already went through, the result should be the same.
Authentication and Security
Every practice management API handles authentication differently, but the security requirements are consistent across all of them.
OAuth 2.0 Flows
Most platforms support OAuth 2.0 with two primary flows:
- Authorization code flow: For integrations where a user (practitioner or admin) authorizes your application to access their data. This is the standard for marketplace-listed integrations.
- Client credentials flow: For server-to-server integrations where your application accesses data on behalf of the organization without user interaction. Used for background sync jobs and automated workflows.
Token Management
- Store refresh tokens encrypted at rest -- never in plaintext, never in client-side storage
- Implement proactive token refresh: Do not wait for a 401 response to refresh. Track token expiry and refresh 5-10 minutes before expiration.
- Handle refresh token rotation: Some platforms rotate refresh tokens on each use. Your token storage must support atomic updates to prevent race conditions in multi-threaded environments.
HIPAA Requirements for API Integrations
If you are handling Protected Health Information (PHI) through these APIs -- and you almost certainly are -- HIPAA compliance is non-negotiable:
- Encrypt all tokens and credentials at rest using AES-256 or equivalent
- Log all API access with timestamps, endpoints called, data accessed, and the identity of the requesting user or service
- Execute a Business Associate Agreement (BAA) with each platform you integrate with before accessing any production patient data
- Implement access controls so that API credentials are scoped to the minimum necessary data for your integration's function
- Audit trail: Every create, read, update, and delete operation against patient data must be logged and retained per your BAA terms
Data Model Challenges: Building a Normalization Layer
This is where most integration projects underestimate the work involved. No two practice management platforms use the same data model, and the differences are not cosmetic.
Patient Identity
- Healthie uses "users" with integer IDs
- Jane App uses "patients" with UUID-based identifiers
- DrChrono uses "patients" with integer IDs
- Athenahealth uses "patients" with practice-scoped integer IDs
You need a cross-reference table that maps your internal patient ID to each platform's native ID. Do not try to use one platform's ID as your canonical identifier.
Appointment Status Mapping
| Your System | Healthie | Jane App | DrChrono | Athenahealth |
|---|---|---|---|---|
| Scheduled | Confirmed | Booked | Scheduled | Booked |
| Checked In | Checked In | Arrived | Arrived | Checked In |
| In Progress | (no equivalent) | (no equivalent) | In Session | In Room |
| Completed | Occurred | Completed | Complete | Checked Out |
| Cancelled | Cancelled | Cancelled | Cancelled | Cancelled |
| No Show | No Show | No Show | No Show | No Show |
Build an explicit status mapping configuration for each platform. Do not try to infer mappings at runtime.
Insurance and Billing Data
Insurance data representation is wildly inconsistent across platforms. Some store insurance as a flat set of fields on the patient record, others use separate insurance policy objects linked to patients. Claim submission workflows, copay tracking, and superbill generation all differ.
Build a normalization layer: Your internal data model should be platform-agnostic, with adapter modules per integration that translate between your model and the platform's native format. This is the most important architectural decision you will make. Every integration you add after the first one becomes dramatically cheaper if your normalization layer is solid.
Cost of Integration: What to Budget
EHR API integration costs vary based on platform complexity, the depth of data you need to exchange, and how many platforms you need to support.
Single Platform Integration
- Development: $10,000 to $30,000, depending on the number of data flows (patient sync only vs. full scheduling + clinical + billing)
- Certification/approval: $0 to $5,000 (some platforms charge for marketplace listing or certification review)
- Annual maintenance: $5,000 to $10,000 for API versioning updates, bug fixes, and monitoring
- Timeline: 4 to 8 weeks for a standard integration
Multi-Platform Integration Layer
- Development: $40,000 to $100,000 for the normalization layer plus 3-5 platform adapters
- Annual maintenance: $15,000 to $30,000 as platforms update their APIs and you onboard new integrations
- Timeline: 3 to 6 months for the initial platform set
API Access Fees
- Healthie: Included with Healthie+ plans; standard plans have API access at no additional cost
- Jane App: No published API fees, but partnership agreement may include terms
- DrChrono: Included with provider plans; marketplace listing fees may apply
- Athenahealth: API access included; More Than Certified program has no direct fee but requires engineering investment
- PracticeQ/IntakeQ: API access included with business plans
Pricing Implications for Your SaaS
Factor integration costs into your SaaS pricing model. If you support 5 practice management platforms and each costs $7,000 per year to maintain, that is $35,000 annually in integration overhead before you write a line of product code. Your pricing needs to reflect that reality, especially if integration is a core value proposition.
For a broader view of healthcare software development costs, including telemedicine platform development, factor API integration as a line item in your build-vs-buy analysis.
Frequently Asked Questions
What is the difference between EHR and practice management software?
An EHR (Electronic Health Record) system is primarily focused on clinical documentation -- patient charts, medical histories, diagnoses, treatment plans, lab results, and prescriptions. Practice management software handles the operational side of running a healthcare practice: scheduling, billing, insurance claims, patient intake, and business reporting. In practice, many platforms blur this line. Hospital EHRs like Epic include practice management features, and practice management platforms like Healthie and DrChrono include clinical charting capabilities. The distinction matters for API integration because practice management APIs tend to emphasize scheduling and billing workflows, while hospital EHR APIs prioritize clinical data exchange through standards like FHIR.
How long does EHR API integration take?
For practice management platforms (Healthie, Jane App, DrChrono), a single-platform integration typically takes 4 to 8 weeks from sandbox access to production deployment. This includes API exploration, data model mapping, development, testing, and certification where required. For hospital EHRs (Epic, Cerner), add 3 to 6 months for the certification and approval process before development begins. Multi-platform integration layers that support 3 or more platforms take 3 to 6 months for the initial build. The biggest variable is not development time -- it is the approval and certification process, which is entirely outside your control.
Do I need a BAA to integrate with a practice management platform?
Yes. If your integration accesses, transmits, or stores Protected Health Information (PHI) -- which includes patient names, dates of birth, appointment details, clinical notes, and billing information -- you are a Business Associate under HIPAA. You need a signed Business Associate Agreement with every practice management platform you integrate with before accessing production patient data. Most platforms (Healthie, DrChrono, athenahealth) have standard BAAs available as part of their API partnership process. Do not skip this step. Operating without a BAA exposes your company to HIPAA penalties of up to $1.5 million per violation category, regardless of whether a breach actually occurs.
Choosing the Right Integration Strategy
The right approach depends on where your product sits in the market:
- Single-platform play: If your product is purpose-built for Healthie customers or Jane App clinics, invest deeply in one integration. Make it bulletproof and use it as a competitive advantage.
- Multi-platform strategy: If your product serves diverse practice types, invest upfront in a normalization layer with platform adapters. The first integration will take longer, but each subsequent one becomes faster and cheaper.
- Platform-agnostic via standards: If your data exchange is primarily clinical (documents, results, vitals), lean on FHIR where supported and CCDA as a fallback. This limits which platforms you can integrate with today but positions you well as more platforms adopt FHIR.
Whatever you choose, do not build integrations as an afterthought. API integration architecture decisions made in month one will either accelerate or constrain your product for years.
Next Steps
Building a product that integrates with practice management platforms? We have built integrations with Healthie, Jane App, and other healthcare APIs, and we understand the technical and compliance requirements that come with handling patient data across systems.
Whether you need a single-platform integration or a multi-platform interoperability layer, we can help you scope it, architect it, and ship it without the compliance landmines.
Schedule a free consultation to discuss your integration architecture.