EHR or Provider Portal

Use this model if your system initiates record retrieval directly within provider-facing workflows, such as intake, chart review, or encounter-based search.

• Queries are triggered during interactive patient sessions or encounters
• OAuth scopes typically include patient360, patient.read, and documentreference.read
• Retrieved data is displayed in the EHR interface, summary view, or patient chart
• Clinical users initiate queries and view documents in real time

HIE or Middleware Platform

Use this model if your organization operates a central system that retrieves data on behalf of multiple downstream sites or providers.

• The platform performs identity matching, enrollment, and record retrieval centrally
• Patient360 tokens are generated and managed by the middleware
• Retrieved data is routed, normalized, or deduplicated before downstream delivery
• Scopes vary by use case but often include patient360 and patient.* access

Payer or Plan System

Use this model if you are accessing records to support risk adjustment, utilization review, or care coordination for a covered population.

• Record retrieval is based on preloaded member rosters or triggered by alerts
• OAuth scopes typically include patient360, documentreference.read, and coverage.read
• Retrieved records are used for HEDIS reporting, chart reviews, or audit preparation
• Queries may be automated, scheduled, or triggered by enrollment feeds

Public Health or Analytics Use Case

Use this model if you are accessing data for population health reporting, research, or surveillance across large cohorts.

• Data is retrieved using asynchronous queries or bulk export jobs
• Record retrieval is non-interactive and must comply with applicable reporting standards
• OAuth scopes depend on the reporting domain and may include patient360, encounter.read, observation.read, and others
• Systems must apply rate limits, pagination, and batching to manage volume