How To Sign Up
Providers need to follow this checklist in order to start contributing to this database. Please note: Every facility must sign up for a unique account. This means that EHRs must sign up for a new account for each facility they wish to upload data for.
Once properly completed and approved, you will be provided with credentials to upload data into this system.
Changes from V1
1) FoRSE Demographic Information Form V2 is Required
- There is a NEW version of the FoRSE Demographic Information Form with instrumentId B3RH.
- The new FoRSE Demographic Information Form V2 MUST be submitted and accepted before submitting any other survey on behalf of the client.
- Any survey submitted to NAATP API without a corresponding Demographic Information Form for the same clientId will be rejected.
2) You MUST submit an answer for ALL questions
- A survey will be rejected if it does not contain at least one answer for every question.
- Some questions have a "Not Answered" (or similar verbiage) option. If the question does not contain that option, and the client has not answered the question, then the entire survey will be rejected.
3) The new variable completedWhile is required to be included with every survey submission
-
inTreatment: the survey was taken while the client was in treatmentWhen completedWhile = inTreatment, daysFromAdmit MUST be an integer >= -14, and daysFromDischarge MUST be -99
-
postDischarge: the survey was taken on or after the day the client completed treatmentWhen completedWhile = postDischarge, daysFromDischarge MUST be an integer >= -14, and daysFromAdmit MUST be -99
Connecting to the API
- All data must be POSTed with JSON encoded variables. Ensure the header includes Content-Type: application/json.
- Every connection must include these variables:
- facilityId: The id we supply you which identifies the facility .
- apiDate: The Current UTC Unix Timestamp (must be +/- 30 minutes of actual UTC time)
- apiSignature: SHA256 Hash the current UTC Unix Timestamp concatenated with FACILITY_ID using the SECRET_KEY (output is always lower case)
javascript Postman pre-request script
const FACILITY_ID = 'ABCDEFG';
const SECRET_KEY = 'a1b.....x9z';
const apiDate = parseInt(new Date().getTime() / 1000).toString();
const apiSignature = CryptoJS.HmacSHA256(apiDate + FACILITY_ID, SECRET_KEY).toString();
pm.environment.set("facilityId", FACILITY_ID);
pm.environment.set("apiDate", apiDate);
pm.environment.set("apiSignature", apiSignature);
php
define('FACILITY_ID', "ABCDEFG");
define('SECRET_KEY', "a1b.....x9z");
$apiDate = gmdate( time() );
$vars = [
'facilityId' => FACILITY_ID,
'apiDate' => $apiDate,
'apiSignature' => hash_hmac('sha256', $apiDate . FACILITY_ID, SECRET_KEY),
'clientId' => 'Q8qo5w8Wn12RI3FfDBpNA3FEa',
'firstName' => 'Adem',
];
$postFields = json_encode( $vars );
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://naatpdata.com/v2/api/surveys.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields );
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json'] );
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$return_data = curl_exec($ch);
C#
private (string, string) CreateApiSignature(string facilityId, string sharedSecret) {
string apiDate = (DateTimeOffset.UtcNow.ToUnixTimeMilliseconds() / 1000).ToString();
byte[] messageBytes = Encoding.ASCII.GetBytes(apiDate + facilityId);
byte[] keyBytes = Encoding.ASCII.GetBytes(sharedSecret);
byte[] hashValue;
using (HMACSHA256 hmac = new HMACSHA256(keyBytes)){
hashValue = hmac.ComputeHash(messageBytes);
}
string apiSignature = string.Concat(hashValue.Select(b => b.ToString("x2")));
return (apiSignature, apiDate);
}
Reply from API
Responses will be a JSON array and always include status and status_msg:
[
status: 'string', // success|fail
status_msg: 'string', // reason for failure
]
Important Variables
- clientId varChar(64) utf_bin Case Sensitive variable is how your EHR communicates with FoRSE.
- It must remain static to this human at this episode of care / entire stay in perpetuity.
- It must be unique from all other Clients within the Facility ( ideally unique within ALL of your facilities ) and unique from all of this human's prior and future stays.
- It must be unique for every episode of care. Re-Admitted Clients must receive a new clientId.
- Specifically DO NOT use patient names, dates, Social Security Numbers, Insurance Ids, any other PHI, or any other ID which has any external relevance or can be used to re-identify a patient.
- We encourage your EHR to generate a unique 64(max) character clientId solely for use as communication between FoRSE and your EHR, so long as your EHR permanently retains it and follows the requirements above. Do not use MRN's, SSNs, or any PHI.
Deleting Data
If you wish to change or remove any data submitted by your organization, please contact Annie Peters, PhD, at apeters@naatp.org