athenahealth

athenahealth has a large proprietary API surface covering clinical, scheduling, and billing workflows. Multiple write-back patterns are described in vendor materials (e.g., athenaOne APIs, SMART launch, document upload), depending on endpoint and access tier. The push-based event system is still in alpha.

Medium complexitySelf-serveProprietary RESTFHIR R4C-CDA

FHIR Version

R4 (US Core STU3.1.1)

Rate Limit

Not published — enforced via 403

Sandbox

Yes — auto-provisioned on app creation

ONC Certified

Yes

Capability Matrix

Capability	Read	Write
Patients	Via FHIR or proprietary API.	Create + Update via proprietary API after contract + BAA.
Appointments	Full scheduling via proprietary API.	Book, update, cancel, check-in via proprietary API.
Encounters	Self-serve	Multiple write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.
Clinical Notes	DocumentReference + DiagnosticReport read.	SMART launch is one write-back pattern described in vendor materials. Other non-SMART write paths exist depending on endpoint and access tier. Scope approval may be required.
Document Upload	Self-serve	POST /patients/{id}/documents/clinicaldocument — PDF upload to patient chart.
Lab Results	DiagnosticReport + Observation via FHIR.
Medications	Self-serve	Write access restricted to specific partner types.
Allergies	FHIR + proprietary API.
Conditions	FHIR + proprietary API.	Write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.
Immunizations	FHIR Immunization read.
Vitals	FHIR + proprietary API.	Write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.

Billing / Claims	Claims, charges via proprietary API.	Charge entry, claim creation, credit card payments via proprietary API.
Coverage / Insurance	FHIR Coverage + proprietary /insurances.	Capture patient insurance information via proprietary API.
Referrals	Self-serve
Bulk Data Export	FHIR Bulk Data Export ($export) supported on Group resource. Also: EHI Export feature + Data View SQL editor for analytics.	—
Events / Webhooks	Legacy polling-based Changed Data Subscriptions (production). FHIR push-based Event Subscriptions in limited alpha (v0.13).	—

DocumentedNot documentedSelf-serveGatedPartner only

Integration considerations

Note on access levels: 'Self-serve' indicates capabilities accessible in the preview/sandbox environment without a contract. Production access for many athenaOne APIs requires an athenahealth Platform Services contract and BAA; exact requirements depend on endpoint and program. See athenahealth onboarding overview for details.
Clinical note write-back has multiple patterns described in vendor materials (SMART launch for in-workflow embedding, athenaOne document upload endpoints (e.g., PDF/C-CDA attachment) for certain write-back scenarios). Structured encounter note creation may require specific scopes and commercial access.
FHIR event subscriptions are in limited alpha (v0.13) — not production-ready
Quarterly breaking changes with mandatory testing deadlines require ongoing maintenance
No published rate limits or uptime SLAs
Documentation is SPA-rendered, making automated discovery difficult
Single OAuth 2.0 infrastructure with multiple grant types: 2-legged client credentials (background/server access), 3-legged authorization code (user-facing), and SMART on FHIR launch (embedded apps). The same 2-legged credentials can access both athenaOne and FHIR endpoints.
Documentation links point to athenahealth's API reference directory. Endpoint-specific documentation requires navigating within the developer portal, which is SPA-rendered and not directly linkable at the resource level.