Skip to main content

Policies and Best Practices

API access for payers

API access for payers

Find out how payers can register for access to find the resources they need to build APIs to Blue Cross NC members’ clinical data.

Blue Cross and Blue Shield of North Carolina (Blue Cross NC) has developed clear Fast Healthcare Interoperability Resources (FHIR) to allow members to share their clinical data with payers. Payer-to-Payer APIs can be tested in the Sandbox before registration.

Frequently asked questions

Yes. Once approved, Blue Cross NC reserves the right to suspend or terminate your application’s access based on Blue Cross NC security concerns. If your application is suspended or terminated, the application’s owner should log in to the registration portal and communicate with Blue Cross NC to request a review of the status.

As an application vendor, you can create an account and start the registration process from this page.

Blue Cross NC has 10 business days to approve your application from the time registration is submitted with proper information. Once approved, an email will be sent to your address on file within five business days with instructions for obtaining access tokens.

As part of the registration process, Blue Cross NC asks for a contact email and phone number. We will send an email requesting additional information, expecting that your application’s owner will respond. Any additional responses should be updated in the registration portal by the application’s owner.

An email will be sent to the address you list on your registration form with instructions for obtaining authentication tokens.

Approved: The application is approved and is allowed to use Blue Cross NC APIs.

Pending: The application request is submitted and being reviewed by Blue Cross NC.

Suspended: There is an issue with the application's security and how it is interacting with Blue Cross NC infrastructure. Blue Cross NC is blocking the application's access to its APIs.

Terminated: Blue Cross NC has determined that the application's security is an issue to Blue Cross NC. Access has been revoked. To regain access, the application's owner will have to re-register.

We will need you to provide information about your company URL, privacy policy URL, and redirect URL. We will also need you to tell us whether you can meet several technical requirements, including support for OpenID Connect Core 1.0 and OAuth 2.0; your ability to conform to HL7 Technical Standards; and your ability to securely store tokens. We will also want you to tell us whether you adhere to the CARIN Code of Conduct.

We will need you to provide information about your company’s privacy policy, including its provisions for sharing our members' data; its requirements for express consent from our members before their data is accessed exchanged or used; and information on how our members can discontinue your app’s access to their data. We will also need you to tell us whether you can meet several technical requirements, including support for OpenID Connect Core 1.0 and OAuth 2.0; your ability to conform to HL7 Technical Standards; and your ability to securely store tokens. We will also want you to tell us whether your app or your company sells our members' data and whether your app adheres to the CARIN Code of Conduct.

Send an email outlining your issues to Cms-AppRegistration@bcbsnc.com