Would presume this is going to use the API defined by Argonaut (http://argonautwiki.hl7.org/index.php?title=Main_Page) which is interesting as the INTEROPen Care Connect API has very similar API’s.
I’ve created a web app which uses the Care Connect Reference Implementation and you can see from the screenshot the similarities.
The API is pretty straightforward, to get a list of encounters the app uses this URL to return a JSON Bundle:
GET http://yellow.testlab.nhs.uk/careconnect-ri/STU3/Encounter?patient=1172
and likewise to get a list of Conditions
GET http://yellow.testlab.nhs.uk/careconnect-ri/STU3/Condition?patient=1172
If you want to explore the API you can use the explorer app here: http://yellow.testlab.nhs.uk/
Apple may not retrieve data that way. I’m using several calls to get the patient data but I could use FHIR operations like $everything to return all data but that’s has issues with large records (and not IG friendly - I should only get data I want to use, etc). FHIR has other options such as _revinclude which I used to retrieve the encounter information above
GET http://yellow.testlab.nhs.uk/careconnect-ri/STU3/Encounter?_id=1379&_revinclude=*
This returns all resources that reference the Encounter or in other words it shows what information was recorded during the visit. (The id of 1379 was returned in the earlier Encounter call http://yellow.testlab.nhs.uk/careconnect-ri/STU3/Encounter?patient=1172 )
I am ignoring the security in my example url’s but my web app is secured/authorised using SMART ON FHIR protocol (which implements OAuth2). I don’t know how apple intends to secure the data access but I’m wondering if Apple are considering User Mananged Access -
OAuth2 which could put patient consent on the IPhone? p.s their is a health version of OAuth2 UMA called Heart