- cURL Option 1: This cURL command requires separate Base64 encoding. We have concatenated the Base64 encoding of the ‘Client ID : Secret’ as the argument to the -H flag. Please note that the URL in the Production environment will be different. -
-curl -d "" -X POST "https://sandbox.bcda.cms.gov/auth/token" \
- -H "accept: application/json" \
- -H "authorization: Basic MjQ2MmM5NmItNjQyNy00ZWZiLWFlZDctMTE4ZTIwYzJlOTk3OjhlODdmMGViYzUwZDEwZjFiYzk3MzQzMjlhOTkwMDE3OWI4NGNjZDM5ZTRkMDkyMGI5MDVjYzM1OWNmNmU5NGE2ZTc2MGJiZTNhMDg5MGM3"- cURL Option 2: This cURL command encodes your credentials into Base64. + This command takes advantage of curl’s built-in ability to Base-64 encode your credentials, request, and receive your token in a single step. The authorization in your request header will be substituted with "--user {client_id}:{client_secret}"
curl -d "" -X POST "https://sandbox.bcda.cms.gov/auth/token" \
- --user 2462c96b-6427-4efb-aed7-118e20c2e997:8e87f0ebc50d10f1bc9734329a9900179b84ccd39e4d0920b905cc359cf6e94a6e760bbe3a0890c7 \
+ --user {client_id}:{client_secret} \
-H "accept: application/json"curl -X GET "https://api.bcda.cms.gov/api/v2/attribution_status" \
- -H "accept: application/json" \
- -H "Authorization: Bearer {access_token}"{
diff --git a/_includes/build/bcda_credentials.html b/_includes/build/bcda_credentials.html
index 272130a..57d9e0c 100644
--- a/_includes/build/bcda_credentials.html
+++ b/_includes/build/bcda_credentials.html
@@ -1,22 +1,28 @@
-
- In production, BCDA protects its endpoints with OAuth2 access tokens.
-
+Production credentials authorize your organization's access to the Beneficiary Claims Data API (BCDA). Eligible model entities can manage BCDA credentials by logging into their model-specific system:
+
+ - ACOs in the Medicare Shared Savings Program: Credential delegates can manage and create credentials from ACO Management System (ACO-MS).
+ - REACH ACOs and KCEs or KCF practices in the Kidney Care Choices Model: The following roles can manage and create credentials from 4innovation (4i):
+ - Executive Contact
+ - Entity Primary Contact
+ - Entity Secondary Contact
+ - DUA Requestor
+ - DUA Custodian
+
+
+
+Your registered contact can contact the ACO-MS and 4i help desk to assign these roles.
-
+Create your credentials
+BCDA credentials are formatted as a client ID and secret, which your organization will use every time it requests an authentication token. Production credentials are sensitive information and must be stored securely.
+Create BCDA credentials by visiting the API Credentials page in your model-specific system. Choose the BCDA Credentials tab, then select Create New API Credentials. You'll need to provide a public, static IP address for every system, including vendors, that will access the API (up to 8 IP addresses). It may take up to an hour for the allow list to be updated.
-
-Model Entities Gain Access to BCDA through ACO-MS or 4i
-
+Rotate your credentials
+Your organization's credentials will expire and deactivate after a set period of time. You can rotate BCDA credentials in the API Credentials page to generate a new, active client ID and secret.
+You'll need to rotate credentials every 90 days in 4i or ACO-MS. Once you choose the BCDA Credentials tab, select the rotate icon under the Actions column.
-
-
ACOs in the Medicare Shared Savings Program: Create and manage your organization's BCDA credentials from the ACO Management System.
-REACH ACOs and KCEs or KCFs in the Kidney Care Choices Model: Create and manage your organization's BCDA credentials from the 4i portal.
-When creating new credentials, be prepared to provide the IP address(es) for each system that will make requests to BCDA. It may take up to an hour for the allow list to be updated after the IP address(es) are added.
-
+Revoke your credentials
+You may need to revoke (deactivate) your organization's credentials if they are leaked or compromised. You can create new credentials as a replacement afterward.
+Revoke BCDA credentials in the API Credentials page. Choose the BCDA Credentials tab, then select the delete (x) icon under the Actions column.
+
+If your credentials have been compromised
+Please revoke or rotate your BCDA credentials immediately. Afterward, notify the BCDA team at bcapi@cms.hhs.gov to review recent activity.
diff --git a/_includes/build/bcda_v2.html b/_includes/build/bcda_v2.html
index ef7f8c7..65493a1 100644
--- a/_includes/build/bcda_v2.html
+++ b/_includes/build/bcda_v2.html
@@ -23,15 +23,15 @@
curl -X GET "https://api.bcda.cms.gov/api/v2/Group/all/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--v
+-H "Authorization: Bearer {access_token}" \
+-i
curl -X GET "https://api.bcda.cms.gov/api/v1/Group/all/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--v- Requesting compressed data can help increase your download speed. You can request compressed data files by specifying the `Accept-Encoding: gzip` header in your download requests. + Requesting compressed data can help increase your download speed. You can request compressed data files by specifying the `Accept-Encoding: gzip` header in your download requests. Note that the file downloaded will be a gzip file which you will need to extract into its ndjson format.
curl "https://sandbox.bcda.cms.gov/data/42/afd22dfa-c239-4063-8882-eb2712f9f638.ndjson" \
--H "Authorization: Bearer {access_token}" \
--H "Accept-Encoding: gzip"
+ curl "{output_url}" \
+ -H "Authorization: Bearer {access_token}" \
+ -H "Accept-Encoding: gzip" \
+ --output "your-file-name"
diff --git a/_includes/build/cancelling_jobs.html b/_includes/build/cancelling_jobs.html
index 42d2cc2..4cce62c 100644
--- a/_includes/build/cancelling_jobs.html
+++ b/_includes/build/cancelling_jobs.html
@@ -5,7 +5,7 @@ Step 1: Obtain an Access Token
Step 2: Send a Request to Cancel a Job
Request to Cancel a Job
- DELETE /api/v2/jobs/{jobId}
+ DELETE /api/v2/jobs/{job_id}
Request Headers
Authorization: Bearer {access_token}
diff --git a/_includes/build/requesting_data_all_three.html b/_includes/build/requesting_data_all_three.html
index 80edcbf..c353495 100644
--- a/_includes/build/requesting_data_all_three.html
+++ b/_includes/build/requesting_data_all_three.html
@@ -32,19 +32,22 @@ cURL Commands to start a job
curl -X GET "https://api.bcda.cms.gov/api/v2/Group/all/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"
+ -H "Authorization: Bearer {access_token}" \
+ -i
curl -X GET "https://api.bcda.cms.gov/api/v2/Group/all/\$export?_type=ExplanationOfBenefit,Patient" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"
+ -H "Authorization: Bearer {access_token}" \
+ -i curl -X GET "https://api.bcda.cms.gov/api/v2/Group/all/\$export?_type=Patient" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"429 Too Many RequestsContent-Location: https://api.bcda.cms.gov/api/v2/jobs/42Content-Location: https://api.bcda.cms.gov/api/v2/jobs/{job_id}This operation will start a data export job. We have provided three example requests and three example cURL statements to start a job for:
@@ -85,14 +88,14 @@GET https://api.bcda.cms.gov/api/v2/jobs/42GET https://api.bcda.cms.gov/api/v2/jobs/{job_id}Authorization: Bearer {access_token}
Accept: application/fhir+jsoncurl -X GET "https://api.bcda.cms.gov/api/v2/jobs/42" \
+ curl -X GET "https://api.bcda.cms.gov/api/v2/jobs/{job_id}" \
-H "accept: application/fhir+json" \
-H "Authorization: Bearer {access_token}"
@@ -104,19 +107,19 @@ Response Example: Completed Job
"output": [
{
"type": "ExplanationOfBenefit",
- "url": "https://api.bcda.cms.gov/data/42/afd22dfa-c239-4063-8882-eb2712f9f638.ndjson"
+ "url": "{output_url}"
},
{
"type": "Coverage",
- "url": "https://api.bcda.cms.gov/data/42/f76a0b76-48ed-4033-aad9-d3eec37e7e83.ndjson"
+ "url": "{output_url}"
},
{
"type": "Patient",
- "url": "https://api.bcda.cms.gov/data/42/f92dcf16-63a2-448e-a12a-3bf677f966ed.ndjson"
+ "url": "{output_url}"
}
],
"error": [],
- "JobID": 42
+ "JobID": {job_id}
}
GET https://api.bcda.cms.gov/data/42/afd22dfa-c239-4063-8882-eb2712f9f638.ndjsonGET {output_url}Authorization: Bearer {access_token}
Accept-Encoding: gzipcurl -X GET "https://api.bcda.cms.gov/data/42/afd22dfa-c239-4063-8882-eb2712f9f638.ndjson" \
+ curl -X GET "{output_url}" \
-H "Accept-Encoding: gzip" \
- -H "Authorization: Bearer {access_token}"
+ -H "Authorization: Bearer {access_token}" \
+ --output "your-file-name"@@ -170,7 +174,7 @@
- The "Accept-Encoding: gzip" header is optional, but will return a significantly smaller (about 30X smaller) file with a faster download speed. Follow our recommended best practices for speeding up downloads. + The "Accept-Encoding: gzip" header is optional, but will return a significantly smaller (about 30X smaller) file with a faster download speed. Follow our recommended best practices for speeding up downloads. Note that the file downloaded will be a gzip file which you will need to extract into its ndjson format.
The response will be the requested data as FHIR resources in NDJSON format. Each file related to a different resource type will appear separately and labeled as to which resource type it contains. Examples of data from each Resource Type are available in the guide to working with BCDA data. diff --git a/_includes/build/requesting_data_runouts.html b/_includes/build/requesting_data_runouts.html index e4c49f1..a198829 100644 --- a/_includes/build/requesting_data_runouts.html +++ b/_includes/build/requesting_data_runouts.html @@ -23,19 +23,22 @@
curl -X GET "https://api.bcda.cms.gov/api/v2/Group/runout/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"curl -X GET "https://api.bcda.cms.gov/api/v2/Group/runout/\$export?_type=ExplanationOfBenefit,Patient" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"curl -X GET "https://api.bcda.cms.gov/api/v2/Group/runout/\$export?_type=Patient" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"202 AcceptedContent-Location: https://api.bcda.cms.gov/api/v2/jobs/42Content-Location: https://api.bcda.cms.gov/api/v2/jobs/{job_id}This operation will start a data export job. We have provided three example requests and three example cURL statements to start a job for:
diff --git a/_includes/build/requesting_filtered_data_since_Group.html b/_includes/build/requesting_filtered_data_since_Group.html index 162807e..be68fcc 100644 --- a/_includes/build/requesting_filtered_data_since_Group.html +++ b/_includes/build/requesting_filtered_data_since_Group.html @@ -20,7 +20,8 @@curl -X GET "https://api.bcda.cms.gov/api/v2/Group/all/\$export?_type=Patient&_since=2020-02-13T08:00:00.000-05:00" \
-H "Accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"202 Accepted429 Too Many RequestsContent-Location: https://api.bcda.cms.gov/api/v2/jobs/42Content-Location: https://api.bcda.cms.gov/api/v2/jobs/{job_id}curl -X GET "https://api.bcda.cms.gov/api/v2/Patient/\$export?_type=Patient&_since=2020-02-13T08:00:00.000-05:00" \
-H "Accept: application/fhir+json" \
-H "Prefer: respond-async" \
- -H "Authorization: Bearer {access_token}"202 Accepted429 Too Many RequestsContent-Location: https://api.bcda.cms.gov/api/v2/jobs/42Content-Location: https://api.bcda.cms.gov/api/v2/jobs/{job_id}Since the Beneficiary Claims Data API (BCDA) shares fully adjudicated Medicare claims data (Part A, B, and D), claims data availability relies on how quickly a claim has been submitted, processed, and approved. Per Section 6404 of the Affordable Care Act, the maximum period for submission of all Medicare Fee-for-Service claims has been reduced to no more than 12 months (1 calendar year) after the date services were furnished. CMS typically receives claims 3-4 weeks after care has been provided. Once received by CMS, it is possible for claims to undergo more than one round of processing to make adjustments, edits, and cancellations. Data will only be available via the API once a claim has been approved. For more details on claims submission and approval timeframes, please review this white paper which outlines the lifecycle of a Medicare claim, as well as timeframes for submission and approval (pages 11, 12, and 22 have details on month-over-month statistics). +
Since the Beneficiary Claims Data API (BCDA) shares fully adjudicated Medicare claims data (Part A, B, and D), claims data availability relies on how quickly a claim has been submitted, processed, and approved. Per Section 6404 of the Affordable Care Act, the maximum period for submission of all Medicare Fee-for-Service claims has been reduced to no more than 12 months (1 calendar year) after the date services were furnished. CMS typically receives claims 3-4 weeks after care has been provided. Once received by CMS, it is possible for claims to undergo more than one round of processing to make adjustments, edits, and cancellations. Data will only be available via the API once a claim has been approved. For more details on claims submission and approval timeframes, please review this white paper which outlines the lifecycle of a Medicare claim, as well as timeframes for submission and approval (pages 11, 12, and 22 have details on month-over-month statistics).
Once a claim has been submitted, processed, and approved, BCDA receives the data on a weekly cadence, while Claim and Claim Line Feed (CCLF) files receive them monthly. New data is loaded from the CCW every weekend. In the event of a delay, there will be an announcement in the BCDA Google Group with updates on when the data will be refreshed.
diff --git a/_includes/data/how_to_use_bcda_data.html b/_includes/data/how_to_use_bcda_data.html index f78cfe2..9b19d25 100644 --- a/_includes/data/how_to_use_bcda_data.html +++ b/_includes/data/how_to_use_bcda_data.html @@ -4,9 +4,9 @@For adjudicated claims, BCDA serves data according to the bulk FHIR specification using three FHIR resources: ExplanationOfBenefit (EOB), Patient, and Coverage. This means that your claims data will be delivered through three FHIR resource types rather than 12 CCLF files.
For partially adjudicated claims two FHIR resources are available to REACH ACOs: Claim and ClaimResponse.
diff --git a/_includes/guide/bcda_v2.html b/_includes/guide/bcda_v2.html index 201e7f0..304bd6e 100644 --- a/_includes/guide/bcda_v2.html +++ b/_includes/guide/bcda_v2.html @@ -23,15 +23,15 @@curl -X GET "https://sandbox.bcda.cms.gov/api/v2/Group/all/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--vcurl -X GET "https://sandbox.bcda.cms.gov/api/v1/Group/all/\$export" \
-H "accept: application/fhir+json" \
-H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--v{
-"access_token": "eyJhbGciOiJSUzUxMiIsInR5c...",
+"access_token": "{access_token}",
"token_type":"bearer"
}- In this example, we requested data from the /Patient endpoint with no date filter (no _since parameter) and no specified resource type (no _type parameter). We included the long string of characters from the previous step (our access token) in the authorization header (-H "Authorization: Bearer "). Notice that we needed to include the word "Bearer" followed by a space before the access token. We also added "-v" in order to see the Job ID. + In this example, we requested data from the /Patient endpoint with no date filter (no _since parameter) and no specified resource type (no _type parameter). We included the long string of characters from the previous step (our access token) in the authorization header (-H "Authorization: Bearer "). Notice that we needed to include the word "Bearer" followed by a space before the access token. We also added "-i" in order to see the Job ID.
curl -X GET "https://sandbox.bcda.cms.gov/api/v2/Group/all/\$export" \
--H "accept: application/fhir+json" \
--H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--v
-@@ -125,7 +124,7 @@
202 Accepted
-Content-Location: https://sandbox.bcda.cms.gov/api/v2/jobs/42
+Content-Location: https://sandbox.bcda.cms.gov/api/v2/jobs/{job_id}
curl -X GET "https://sandbox.bcda.cms.gov/api/v2/jobs/42" \
--H "accept: application/fhir+json" \
--H "Authorization: Bearer {access_token}"
-curl -X GET "https://sandbox.bcda.cms.gov/api/v2/jobs/{job_id}" \
+ -H "accept: application/fhir+json" \
+ -H "Authorization: Bearer {access_token}"curl "https://sandbox.bcda.cms.gov/data/42/afd22dfa-c239-4063-8882-eb2712f9f638.ndjson" \
--H "Authorization: Bearer {access_token}" \
--H "Accept-Encoding: gzip"
+curl "{output_url}" \
+ -H "Authorization: Bearer {access_token}" \
+ -H "Accept-Encoding: gzip" \
+ --output "your-file-name"
Response Example after Downloading the Data
diff --git a/_includes/guide/type_parameter.html b/_includes/guide/type_parameter.html
index 71454e4..a6223fa 100644
--- a/_includes/guide/type_parameter.html
+++ b/_includes/guide/type_parameter.html
@@ -1,5 +1,5 @@
- The _type parameter allows you to request different Resource Types from the API. Instead of receiving data from all three Resource Types when no _type parameter is specified, you will be able to use the _type parameter to submit one or more Resource Types. The API will then produce data from the specified Resource Types.
+ The _type parameter allows you to request different Resource Types from the API. Instead of receiving data from all Resource Types when no _type parameter is specified, you will be able to use the _type parameter to submit one or more Resource Types. The API will then produce data from the specified Resource Types.
diff --git a/_includes/partial/faq.html b/_includes/partial/faq.html
index cd0bf3f..518ee1f 100644
--- a/_includes/partial/faq.html
+++ b/_includes/partial/faq.html
@@ -59,11 +59,10 @@
Access to the Claim and ClaimResponse resources is handled within BCDA on a per ACO (Accountable Care Organization) ID level. There are no required changes to credentials for those REACH ACOs who would like access to the V2 endpoint. The BCDA V2 service supports the same functionality as V1 API endpoints in both the sandbox and production API environments. All V2 endpoints should work as described in the existing BCDA documentation. To transition from V1 to your BCDA V2 endpoints, replace ‘v1’ in the API call URLs with ‘v2’, as in the cURL example below:
curl -X GET "https://sandbox.bcda.cms.gov/api/v1/Patient/\$export" \
--H "accept: application/fhir+json" \
--H "Prefer: respond-async" \
--H "Authorization: Bearer {access_token}" \
--v
-
+ -H "accept: application/fhir+json" \
+ -H "Prefer: respond-async" \
+ -H "Authorization: Bearer {access_token}" \
+ -iIn Medicare Fee-for-Service (FFS), in the timeline of a supplier order and partially adjudicated data, there is no pre-authorization information available. In BCDA, we only see partially adjudicated claims for actual claims, not for the pre-authorization type or a pre-determination type. diff --git a/_updates/2024-11-18.html b/_updates/2024-11-18.html new file mode 100644 index 0000000..022a4e3 --- /dev/null +++ b/_updates/2024-11-18.html @@ -0,0 +1,14 @@ +--- +--- +
The BCDA team has updated our guidance for model entities managing their BCDA credentials in 4i and ACO-MS. Please visit Manage your BCDA Credentials for model specific instructions on how to manage and create BCDA credentials for your organization.
+No action is required for BCDA users, but we hope the updated guidance is helpful!
+