User Guide — athenahealth Account for Patient Portal Users
The athenahealth account for Patient Portal users enables patients and their caregivers to access their health and billing information on any Patient Portal powered by athenahealth.
For a demonstration, see this video: Patient Portal Login Upgrade
The athenahealth account for Patient Portal users enables patients and their caregivers to use one email and password to log in to their Patient Portal account at your organization, as well as at other participating organizations. With this universal credential, users can access their health and billing information on any Patient Portal powered by athenahealth.
The athenahealth account provides the following benefits:
- Increases Patient Portal account security. Users select their account recovery option (phone number or security question). The account recovery option is used as a second factor to confirm the user's identity (for example, if the user forgets the password).
- Enables the use of a single set of credentials for Patient Portals and integrated apps (such as Apple Health) for all providers across the athenahealth network. See Enabling patients to use Login with athenahealth to access other health apps.
- Integrates with new apps to grant secure online health record access and expand features and flexibility for patients. See Enabling patients to use Login with athenahealth to access other health apps.
The athenahealth account for Patient Portal users creates a clear distinction between:
- Patient's or caregiver's athenahealth account (email and password).
- Patient's or caregiver's access to your organization's Patient Portal.
Note: Patient Portal users do not need to be patients at your practice.
The athenahealth account exists separate from your organization.
- A patient or caregiver can use the athenahealth account to log on to any Patient Portal powered by athenahealth, as well as to other applications.
Note: Patients and caregivers can manage their athenahealth account from the My profile page of any Patient Portal they use. - Your organization manages a patient's access to your Patient Portal through the patient Quickview in athenaOne.
When you send a patient an email invitation to your Patient Portal, you grant permission for that patient to access your Patient Portal using their athenahealth account. If the patient or caregiver does not have an athenahealth account at that email address, they can create an athenahealth account using the invitation email you sent them.
When you delete a patient's Patient Portal account, you revoke that patient's access to your organization's Patient Portal; you are not deleting the patient's athenahealth account.
An athenahealth account is a universal credential — it does not establish a universal portal. Patients can access each practice's Patient Portal using the landing pages for that practice or from www.athenahealth.com (see Patients can access any of their Patient Portal accounts from www.athenahealth.com).
Patients and other Patient Portal users can log in with the same email and password wherever they see Log in with athenahealth, including the Patient Portals of other healthcare providers that use athenahealth services. New users create their athenahealth account when registering for the Patient Portal at any participating organization.
If a patient or other user already created an athenahealth account through another practice's Patient Portal, that user can log in to your Patient Portal with the credentials established on the other practice's Patient Portal when these conditions are met:
- The email address for the Patient Portal user at your practice matches the email address used to create the athenahealth account at the other practice.
- The Patient Portal user receives a portal invitation email from your practice. This invitation can be sent automatically or manually (practice user sends an email invitation from the Quickview). The invitation links the athenahealth account to the patient chart in your practice.
Note: Without a portal invitation, Patient Portal users receive an error message when they try to log in to your practice's Patient Portal using the Log in with athenahealth button, and they must then formally register using the Sign up link on the Patient Portal landing page.
Before they can access your Patient Portal, users are asked to verify the phone number of record at your practice (if they did not verify this phone number previously when setting up their recovery phone).
Patient Portal users can always edit their athenahealth account information, including their demographics and password, on the Security settings tab of the My profile page.
To access any Patient Portal account at any athenahealth practice, patients can go to the athenahealth public website, www.athenahealth.com, and log in with their Log in with athenahealth email and password. After patients log in, the portal locator page appears, which allows them to choose and access any of their athenahealth Patient Portal accounts. Your practice name appears exactly as it appears on your practice's Patient Portal.
Note: Patients must already be registered for a Patient Portal account at your practice to see your Patient Portal on the portal locator page.
In accordance with the Children's Online Privacy Protection Act (COPPA), patients under the age of 13 cannot create self-registered Patient Portal accounts, and you cannot register or invite new Patient Portal users under the age of 13. Existing users under the age of 13 cannot access the Patient Portal using their previous credentials and are instructed to set up family access.
For patients under 13 years old, we recommend that you set up a family access account for a parent or other caregiver to access the patient's health and billing information through the Patient Portal. For information about registering a family member, see To register a patient for the Patient Portal or Patient Information Center in the office and To create a Patient Portal account from an email invitation or notification.
Note: If you delete or change a patient's email and that email was connected to the Patient Portal accounts of other family members, those mappings will need to be re-established under the new email.
The Sign up today link on the Patient Portal landing page enables existing patients to create Patient Portal accounts without an invitation email and enables people who are not already registered in your practice to create a Patient Portal account and register at your practice.
Note: For patients and others to register using the Sign up today link on the Patient Portal landing page, the Portal New Patient Creation Allowed feature must be enabled for your practice.
Patients and non-patients who register using the Sign up today link on the landing page effectively create a legacy Patient Portal account and are then led through the upgrade to an athenahealth account the next time they log in. See To create a Patient Portal account without an invitation email (patients) or To create a Patient Portal account without an invitation email (family members).
Note: New patients who register for your practice on the Patient Portal appear on the Manage Prospective Patients page.
The best way to register patients for the Patient Portal is to register them in your office or to send them an email invitation. These methods are preferred because athenaOne knows who the patient is, who the provider is, and what department the patient is registered in; there's no need to ask the patient to enter any demographic information.
For example, when the patient receives an email invitation, opens it, and clicks Register Now:
- The first factor of authentication is the email itself.
- The second factor is the call or text message that the patient receives to confirm her identity.
Your practice has the patient's email address and phone number, and the patient's identity is confirmed when she responds to a message that the Patient Portal sends to the corresponding device.
When patients register for the Patient Portal on their own
When one of your patients searches the Internet for your practice, finds your website, and decides to register for the Patient Portal on their own (without an email invitation from your practice), no electronic link exists between the patient and your practice. The Patient Portal collects some initial information:
- Is this a patient or a patient's family member?
- Basic demographic information about the patient: first name, last name, gender, DOB, phone number, and email address.
The Patient Portal attempts to match this demographic information to existing patients at your practice by checking the first name, last name, gender, DOB, and either the phone number or email address. Even if this information matches one of your patients in athenaOne, the information constitutes only one factor of authentication, so the Patient Portal cannot tell the user whether it has confirmed that she is a patient at your practice.
Someone could fraudulently enter another person's first name, last name, gender, DOB, and phone number on the Patient Portal in an attempt to "phish" for PHI. The Patient Portal cannot reveal anything, including whether the named person is a patient at the practice, until there is a second factor of authentication, such as confirming the person's identity via phone or text message.
For this reason, the Patient Portal then asks the user to confirm his identity via phone or text message. After the user confirms his identity, the Patient Portal can safely indicate the user's next steps:
- If the user is an existing patient at your practice and enters the correct demographic information, the Patient Portal matches the user to a patient at your practice. This user sets a password and completes the Patient Portal registration without any issues.
- If the user is an existing patient at your practice but enters demographic information that does not match a patient record for your practice in athenaOne, a warning message instructs the user to call your office to resolve the problem. This user should not continue the Patient Portal registration process.
- If the user is a brand new patient, the demographic information she enters will not match any patient record for your practice in athenaOne. The Patient Portal prompts the user to select a provider and location, and then create a password. After the user does this, she is registered as a new patient at your practice, with the correct provider, department, and provider group; the user is also registered for the Patient Portal.
Note: New patients who register for your practice on the Patient Portal appear on the Manage Prospective Patients page.
To use the Patient Portal, patients must use a computer or mobile device with one of these supported browsers:
- Google Chrome
- Microsoft Edge (for Windows 7, Windows 8/8.1, Windows 10, and Windows 11)
- Mozilla Firefox
- Safari (for Apple devices only)
Patients who attempt to use an unsupported browser (such as Internet Explorer) to access the Patient Portal receive a message with links to download a supported browser. If patients ask you about these messages, please encourage them to upgrade to a supported browser using the links displayed in the alerts.
Note: To use the Log in to Portal as Patient option on the Quickview, practice staff must also use a supported browser (not Internet Explorer).
To assist a patient or other Patient Portal user, you need to know whether the user is already registered for the Patient Portal. The following instructions help you assist patients who already have Patient Portal accounts and patients who are not yet registered for the Patient Portal.
Note: For information about how to diagnose and resolve problems with login, registration, password reset, and account reset workflows, see Troubleshooting Patient Portal login problems.
Important: To comply with the Children's Online Privacy Protection Act (COPPA), patients under the age of 13 cannot create self-registered Patient Portal accounts, and you cannot register or invite new Patient Portal users under the age of 13. For patients under 13 years old, we recommend that you set up a family access account for a parent or other caregiver to access the patient's health and billing information through the Patient Portal.
Patients and family members can register for the Patient Portal in several ways:
- Patient Portal email invitation
- Notification email, such as an appointment reminder or notice that a lab result has been published to the Patient Portal
- During an office visit (see To register a patient for the Patient Portal or Patient Information Center in the office)
Patients and family members are prompted to create an athenahealth account when they register for the Patient Portal.
Following are instructions for a patient or family member who is creating a Patient Portal account for the first time from an email invitation or an athenaCommunicator notification email.
- Click the Patient Portal link in the email.
In a Patient Portal invitation email, the link is Create My Account. In a lab result email, the link is View Results.
The Create your new password page appears. - Confirm your email address and enter your password twice. After you review the Terms and Conditions and the Privacy Policy, check the box and click Create account.
You are prompted to select a security option to protect your account. This one-time setup enables you to confirm your identity in the future if you forget your password. - Select a security option and then click the Setup button below that option.
- Text me (recommended) — Receive a verification code by text message.
- Call me — Receive a verification code by phone call.
Note: Select this option if you entered the number of a landline phone. - Security Question — Select a security question from a list of questions.
- If you selected Text me or Call me:
- Enter your phone number and then click Send code (for text message) or Call (for phone call).
The verification code is sent to your phone. - Enter the verification code you received by text message or phone call, and then click Verify.
- If you selected Security Question, select a question from the list, enter the answer, and then click Save.
Important: If you enter any spaces or special characters (such as punctuation marks or underscores) in your answer, you will need to enter the same spaces and special characters in the future. The athenahealth account does not distinguish uppercase letters from lowercase letters. - If you set up a security question, or if you entered a recovery phone number that differs from the phone number in your patient record, you must verify access to the phone number on file with your healthcare provider.
Note for practice users: If the user is the patient, the phone number of record is the phone number in the patient's Quickview. If the user is not the patient, the phone number is recorded on the Portal Accounts page in the entry for the patient.- Select Text or Call to receive a verification code at the phone number displayed in the message.
- Enter the verification code you received by text message or phone call, and then click Verify.
- If you initiated your Patient Portal registration from a lab result email or during the online check-in workflow, you may see the Choose your patient relationship page. This page asks whether you are the patient or another person (family member or guardian) who manages the patient's account.
- Click I am <patient_name> or I manage <patient_name>'s account.
- If you click I manage <patient_name>'s account, you must enter your name, email address, and date of birth. This information is associated with your athenahealth account.
- Click Continue.
A confirmation page appears. - On the confirmation page, click Continue.
The home page of your Patient Portal appears.
Note: When you log on to the Patient Portal in the future, you will need to enter only your email address and password.
Note for practice users: If the patient or family member selects phone verification (text or phone call), the phone number entered here is managed independently from the patient phone of record found on the Quickview and Patient Registration pages.
If a patient or other user forgets his Patient Portal password, you can send an email with a password reset link.
- Display the patient's Quickview.
- Scroll down to the Contact Details & People with Portal Access section.
- Locate the name of the patient or the name of a Patient Portal user who is not the patient.
- Click More actions and then click Send password reset email.
When the patient or family member receives the email, that person resets the Patient Portal password as described in the following steps.
Following are instructions for a patient who needs to reset her athenahealth login password. If you sent the user a password reset email, the user opens the email and clicks Reset Password (see step 4).
- Display the Patient Portal login page.
- Click the Forgot your password? link.
The Forgot Password page opens. - Enter the email address that you use to log on to the Patient Portal and click Email me.
athenaOne sends the password reset email. - Open the email and click Reset Password.
The Create your new password page opens. - Enter your new password twice and then click Save and continue to confirm it.
You are asked to verify your identity using the security option you created when you first set up your athenahealth login. - If you set up text messaging as your security option, the following message appears:
Note: If the phone number shown in the message is not correct — for example, if the phone was lost or discarded — click Cannot verify? Reset your account and see To reset your Patient Portal account. - Click Send code.
Note: If you do not receive the code within 5 minutes, make sure that the phone number shown in the message is correct. If you're using a mobile phone, try restarting the phone (make sure that you have cellular reception) and then click Send code again. - When you receive the security code on your phone, enter it in the space provided and then click Verify.
- If you selected a security question when you set up your security option, the following page appears:
- Enter the answer to your security question.
Note: The athenahealth account does not distinguish uppercase letters from lowercase letters, but you must enter any spaces or special characters that you included when you created the answer. - Click Verify.
- After you verify your identity, the Patient Portal home page opens.
If a patient or other user cannot use the security option created to log on to the Patient Portal — for example, the user loses access to the recovery phone or forgets the answer to the security question — that user must reset the Patient Portal account.
Note: The security option is not saved in athenaOne and is controlled exclusively by the patient or family member. Providers and other practice users are unable to change the security option because the user's athenahealth account may be linked to other providers and applications outside your organization.
You can provide the following instructions to Patient Portal users to help them with the account reset process. The Patient Portal user will re-create her athenahealth login profile and Patient Portal account.
Note: If you sent the user a password reset email, the user opens the email and clicks Reset Password (see step 3).
- Click the Forgot your password? link on the Patient Portal landing page.
The Forgot Password page opens. - Enter the email address associated with your Patient Portal account and click Email me.
athenaOne sends the password reset email. - Open the email and click Reset Password.
The Create your new password page opens. - Enter your new password twice and then click Save and continue to confirm it.
You are asked to verify your identity using the security option you created when you first set up your athenahealth login. - If you set up text messaging as your security option, the following message appears:
- If you set up an answer to a security question, the following message appears:
- If the phone number shown in the message is not correct — for example, if the phone was lost or discarded — or if you cannot remember the answer to the security question, click Cannot verify? Reset your account.
A warning message appears. - To delete your existing account and create a new one, click Reset My Account.
Note: The account reset can take up to a minute to complete. You cannot click the Reset My Account button during this time.
After your new Patient Portal account is created, the Create your new password page appears. - Confirm your email address and enter your password twice. After you review the Terms and Conditions and the Privacy Policy, check the box and click Create account.
You are prompted to select a security option to protect your account. This one-time setup enables you to confirm your identity in the future if you forget your password. - Create your security option and finish creating your account, as described in To create a Patient Portal account from an email invitation or notification (begin at step 3).
The Patient Portal landing page for your organization should include the button, which replaces the email and password fields.
If an existing Patient Portal user (patient or caregiver) does not see the button, ask the user to clear the browser cache and re-enter the URL of the Patient Portal landing page.
Note: Attempting to log on to the Patient Portal using the email and password fields may cause unexpected behavior.
The password reset workflow is the go-to troubleshooting option for users unable to access their Patient Portal.
Important: If a user is having difficulty with his password or security option, do not delete the user's Patient Portal account and send a new email invitation to the Patient Portal at the same email address. This action breaks the link between the user's athenahealth account and your organization's Patient Portal and does not reset the user's password or security options.
When assisting patients with Patient Portal login questions, follow these guidelines.
- If the patient forgets his password, use the password reset workflow (see To reset your Patient Portal password).
- Practice users can click Send password reset email on the Quickview.
- Patients and other users can click the Forgot your password? link at the bottom of the login screen.
- Verify the identity of the patient (or family member) before you make changes to the user's email or phone number and before you register a user for your Patient Portal in the office. You can request one or more of these identifying pieces of information: physical address, date of birth, or Social Security number.
- If the patient or family member used the phone number in athenaOne as the recovery phone number for the Patient Portal but the user no longer has access to that phone number, update the phone number on the Quickview (for patients) or on the Portal Accounts page (for non-patients).
- If the patient or family member cannot reset the password and that person is present in your office, re-register the user in the office (see To register a patient for the Patient Portal or Patient Information Center in the office). The user creates a new password and security option.
Note: In-office registration should be completed in person by the patient or family member. Do not use in-office registration methods for remote troubleshooting.
The password reset workflow is the go-to troubleshooting option for users unable to access their Patient Portal. To make sure that the user can reset the password, verify the following items with the patient or family member:
- Email address associated with the Patient Portal account
- Security option (recovery phone number or answer to a security question)
- Phone number associated with the Patient Portal account
On the patient Quickview, scroll down to the Contact Details & People with Portal Access section and confirm with the user that the email address displayed is correct.
- If the patient no longer has access to the email address in the Contact Details & People with Portal Access section, click Edit and edit the patient's email address.
- If a user other than the patient has a different email address, click Edit and edit the user's email address.
Important
When you update the email address for an existing Patient Portal user:
- athenaOne automatically sends a Patient Portal invitation email to the new email address.
- Patient or family member will need to re-register for your Patient Portal at the new email address.
- Patient or family member will not be able to access your Patient Portal using the athenahealth account associated with the old email address.
When a patient or caregiver creates an athenahealth account, the user specifies a security option — either a recovery phone number or the answer to a security question. (The user selects the recovery option during initial account creation or when the user upgrades an existing Patient Portal account.)
If a user is trying to reset the password for her athenahealth account and either no longer has access to the recovery phone or forgets the answer to the security question, the user can click the Cannot verify? Reset your account link at the bottom of the page. See the instructions in To reset your Patient Portal account.
Note: The security option is not saved in athenaOne and is controlled exclusively by the patient or family member. Providers and other practice users cannot change the security option because the user's athenahealth account may be linked to other providers and applications outside your organization.
The patient's phone number on the Quickview is used to confirm access to your organization's Patient Portal. If a patient or family member chooses to set up a recovery phone when she creates her athenahealth account, the recovery phone number is managed separately from the patient phone number that is managed in the patient Quickview.
If the recovery phone number does not match the phone number on the patient Quickview, the Patient Portal user is asked to verify the phone number of record (that is, the phone number on the patient Quickview) only during initial athenahealth account creation.
Note: Users who configured the phone number of record as the recovery phone bypass this step.
If the patient or other Patient Portal user no longer has access to the phone number of record, the user must contact your organization to update the phone number on the Quickview. If the phone number of record is also the recovery phone number, the user will be unable to update a forgotten password.
Developers in your organization can activate or build patient health apps that use the Log in with athenahealth feature to allow patients to log in to the app with the same credentials they use to access their Patient Portal. Patients who are registered for the Patient Portal can use their existing email and password to log in to new health apps that support the Log in with athenahealth feature; these apps have a blue or white Log in with athenahealth button or a login screen with the athenahealth logo.
Note: Your organization may need to comply with patient requests to connect such apps per federal regulations regarding information blocking.
- Practices can browse and activate apps that support the Log in with athenahealth feature for their patients through the athenahealth Marketplace (display the Patient Tools > Personal Health Record (PHR) category).
Note: Patients cannot access their health information from a practice through one of the Marketplace patient apps unless that app has been activated by the practice. - Developers can incorporate the Log in with athenahealth feature into their patient app, and practices can build custom workflows for their patients using APIs available through the athenahealth Developer Portal.
Note: To develop your own patient app using Log in with athenahealth, contact the CSC to submit your integration request from athenaOne > Support > Success Community > Contact Client Support Center. See the athenahealth Developer Portal for guidance on registering an app to use athenahealth APIs, as well as documentation and sample code for incorporating Login with athenahealth.
The ability to incorporate the optional Log in with athenahealth feature into patient health apps has no effect on athenaOne workflows. Practice staff can still invite and register a patient or caregiver to access a practice's Patient Portal from the patient Quickview in athenaOne. (Upon registering, patients and caregivers must create an athenahealth account if they don't yet have one.)
Important: When a person is granted access to a patient record through the Patient Portal, that person can also access the same patient record through any other app activated by your practice that uses the Log in with athenahealth feature.
Patient apps that support the Log in with athenahealth feature are either apps for SMART on FHIR or apps that use the Log in with athenahealth feature for authentication only. These categories determine what patient information an app can access and under what conditions.
Some patient apps use the Log in with athenahealth feature solely for authentication to verify a user's identity and identify all patient records associated with the user; the app uses this information to tailor the app experience to that user. These apps bypass athenahealth checks for authorization and user consent and therefore must be developed and offered by a practice (or their business associate) for their own patients. These apps can use athenahealth read or write APIs for functions such as scheduling appointments, ordering prescription refills, or reviewing insurance claims.
The login experience for patient apps that use Log in with athenahealth for authentication only is the same as for the Patient Portal, including the ability to directly register an athenahealth account through the app (if the app developer chooses to support account registration).
SMART on FHIR (pronounced "fire") is a healthcare interoperability standard supported by the U.S. Office of the National Coordinator (ONC) to enable safe and secure access to online health information. The SMART on FHIR specification spans user authentication (verifying a user's identity) and authorization (verifying what the user and app can access), both of which are handled by Log in with athenahealth. Patient apps that use Log in with athenahealth for SMART on FHIR prompt users upon login for consent to retrieve their health information from athenahealth certified APIs, which provide read-only access to the same clinical information visible to patients through the Patient Portal.
The login experience for patient SMART on FHIR apps adds two pages that are not used for login to the Patient Portal: a page for specifying a patient record to access and a page for granting consent. A Privacy Settings page for patient SMART on FHIR apps can be accessed through the athenahealth Profile.
Important: Users cannot create an athenahealth account from within patient SMART on FHIR apps and must register first to a practice's Patient Portal before they can use one of these apps to retrieve their records from that practice.
athenahealth prevents patient apps for SMART on FHIR from accessing any patient information except for that of individual users who logged in and provided consent through the app. Users can view and revoke their consent for an app at any time through their athenahealth account settings.
Upon logging in to a patient SMART on FHIR app, a user whose athenahealth account has access to multiple patient records must select a single patient record for retrieval (users with access to only one patient record do not see this page). Per SMART on FHIR specifications, users with access to multiple patient records can select only one health record at a time to access through an app; these users are prompted to specify a single record to access when they log in. For example, a parent with access to their own patient record and to their child's record must choose one record. For this reason, patient SMART on FHIR apps may support repeated logins to let users specify and retrieve additional records linked to the user's athenahealth account.
Note: Patient records belonging to the user who logged in to the app say "(you)" next to that user's name. Users can click the Help link at the bottom of this page for guidance on any issues they encounter on this page, such as records not appearing or records labeled "(you)" incorrectly.
The last page that users may encounter upon login to a patient SMART on FHIR app is a consent page that lists the clinical resources (such as allergies, immunizations, medications) for which the app is requesting access. Patient SMART on FHIR apps cannot access any user's health information from athenaOne unless the user grants consent by clicking Allow Access on this page.
Upon receiving a user's consent, an app can download the information listed in the consent request from the specified health record. Users are not prompted again for their consent upon subsequent logins to the app unless the user revoked any previous consent or unless the app is requesting access to new resources not included in its initial request.
Users who choose to deny consent by clicking Don't Allow are redirected back to the app. Some apps may then allow the user to proceed without requiring the user to share their information, but other apps may not be able to function without the requested information and will return the user to the app's login screen.
Users provide consent at the app level. Therefore, their consent is recorded and automatically applied to any other records that the user accesses through the app in the future, including records not belonging to the user (for example, the user's child or spouse). However, apps do not automatically gain access to all records associated with a user's account upon consent: The app is not made aware of and cannot access a user's other records unless the user logs in and selects each of those records to access.
At any time, users can revoke their consent for an app to access any of their records by editing their athenahealth account privacy settings. Patients who have given other users access to their records (for example, to their parent or spouse) can also nullify consents that those users give to patient SMART on FHIR apps by removing those users' family access to the Patient Portal or asking the practice to do so.
Users can click the Help link to learn more about managing their consent to apps accessing their health information (see Patient-facing help content: Login with athenahealth for SMART on FHIR). Users are advised that they are under no obligation to permit an app to access their health information and do so at their own risk in accordance with that app's terms of use.
Users who granted their consent to patient SMART on FHIR apps to access their health information can view and manage these consents by navigating to their athenahealth Profile and clicking Edit under Privacy Settings. On the Privacy Settings page, users can see a list of their apps and the clinical resources that those apps can access — that is, the user gave consent for the apps to access those resources.
Users can revoke consent for an individual app or clinical resource by removing the check mark from the corresponding check box and clicking Save changes. Changes made to consents limit an app's access only from the time that the user saves the changes. The app may still retain any health information for the user that was previously downloaded to the app, subject to the app's terms of use.
Note: Users should review the app's terms of use or contact the app developer or support team if they have questions about how the app stores and uses their health information.
Developers for practices that want to incorporate the Log in with athenahealth feature into their patient health app — including practices that want to build custom workflows for their patients using APIs available through the athenahealth Developer Portal — should consult these resources:
- athenahealth Developer Portal
- Welcome to APIs at athenahealth
- athenahealth certified APIs
- Login with athenahealth developer documentation and sample code
- Patient-facing help content: Login with athenahealth for SMART on FHIR
- Patient-facing help content: Login with athenahealth for authentication only
- athenahealth Profile
For patients to use health apps that include the optional Log in with athenahealth feature for authentication, your organization must activate the app.
- Browse the available patient apps on the athenahealth Marketplace (display the Patient Tools > Personal Health Record (PHR) category).
- Select an app to display its overview page.
- Click the Get Started Now button on the app's tile and complete the form.
Your form submission notifies athenahealth to activate the app and also generates an email that is sent to the app developer to coordinate any additional steps required to use the app.
Federal law and app activation
Federal law may require practices to comply with patient requests for app activation. Per the 21st Century Cures Act Final Rule, patients are entitled to access their health information through an app of their choice conforming to the technical specifications of the EHR's APIs. Apps that incorporate patient Log in with athenahealth for SMART on FHIR and that use athenahealth certified APIs meet this criterion.
Practices are responsible for fielding such requests from their patients and deciding for each app whether to enable the app for patient use or decline the request under the Cures Act's permitted information blocking exceptions. If a patient requests an app that is not listed on the athenahealth Marketplace, practices should contact the app developer directly to request that they register their app with the athenahealth Developer Portal and become listed on the Marketplace.