API Terms And Conditions

Last Updated: June 24, 2026

Plain Language Summary

These terms explain how third-party applications and other authorized users may connect to the EHRYourWay certified API provided by EHRYourWay, operated by Adaptamed LLC d/b/a EHRYourWay. Our API documentation and registration instructions are publicly available without a login, Non-Disclosure Agreement (NDA), or other precondition. Access to the standardized API for patient and population services certified under 45 C.F.R. § 170.315(g)(10) is included as part of the certified product. We do not charge separate API access, registration, onboarding, connection, or interoperability fees.

App developers must complete EHRYourWay’s standard registration and authenticity-verification process before production access is enabled. EHRYourWay applies that process the same way to all app developers. EHRYourWay completes authenticity verification within ten (10) business days after receiving the initial registration request and enables production access within five (5) business days after successful verification, unless required information is missing or a documented legal, privacy, security, infeasibility, or system-performance reason applies.

EHRYourWay may limit or suspend access only for objective reasons, such as security risk, misuse, system performance, or legal compliance. Nothing in these terms is intended to prevent lawful patient-directed access, exchange, or use of electronic health information.

1. Scope and Definitions

These API Terms and Conditions (“Terms”) govern access to and use of EHRYourWay’s certified application programming interface technology, including the standardized API for patient and population services certified under 45 C.F.R. § 170.315(g)(10) and any successor certified API functionality made available by EHRYourWay (the “certified API”).

These Terms describe the objective terms under which API users may register for, access, and use the certified API. These Terms should be read together with EHRYourWay’s publicly available API documentation, implementation guides, technical specifications, registration workflow, privacy and security documentation, and any applicable customer agreements.

For purposes of these Terms:

“EHRYourWay” means the EHR vendor that provides certified health information technology to health care organizations.

“API user” means a person or entity that creates, supplies, or supports a software application seeking to connect to the certified API. This includes third-party app developers.

“API information source” means an organization that deploys EHRYourWay’s certified health IT and makes electronic health information available through the certified API.

“End user” means an individual, patient, personal representative, health care provider, or other authorized user who uses an application or service to access, exchange, or use electronic health information through the certified API.

“Electronic health information” means electronic health information as defined under applicable federal information-blocking regulations.

“You” means the API user, API information source, end user, or other person accessing or using the certified API, as applicable.

2. Availability of the Certified API

EHRYourWay makes the certified API available to support access, exchange, and use of electronic health information in accordance with applicable ONC Health IT Certification Program requirements, including the API Condition and Maintenance of Certification requirements.

EHRYourWay publishes business and technical documentation for the certified API at EHRYourWay.com. The documentation is available without login, NDA, user account creation, or other precondition. The public documentation includes, as applicable, technical specifications, authorization and authentication requirements, registration steps, applicable terms and conditions, known restrictions or limitations, and fee disclosures.

3. Registration and Authenticity Verification

API users seeking production access must complete EHRYourWay’s published registration and authenticity-verification process. The process is objective, uniformly applied to API users, and designed to confirm the identity and authenticity of the API user and the software application seeking production access.

EHRYourWay will complete authenticity verification within ten (10) business days after receiving the API user’s initial request to register its software application for use with the certified API, unless the API user has not provided required information after notice and a reasonable opportunity to cure, or unless a documented regulatory exception applies.

After successful authenticity verification, EHRYourWay will enable production access within five (5) business days, unless the API user has not completed required technical steps after notice and a reasonable opportunity to cure, or unless a documented regulatory exception applies.

If EHRYourWay determines that a request cannot proceed because required information is missing, a security issue must be addressed, a privacy precondition has not been satisfied, the request is infeasible, or another applicable regulatory exception applies, EHRYourWay will provide written notice describing the issue and, where applicable, the steps needed to proceed.

4. Fees and Costs

Access to the standardized API for patient and population services certified under 45 C.F.R. § 170.315(g)(10) is included as part of the certified product.

EHRYourWay does not charge separate API access, registration, onboarding, connection, or interoperability fees for use of the certified API.

Implementation, configuration, or data-migration services may incur standard professional-service fees as outlined in applicable customer agreements. Those professional-service fees are not imposed as a condition of API access and do not prevent an end user from implementing, connecting, or exchanging health information in accordance with ONC certification criteria.

5. Authorization and Patient-Directed Access

Access to electronic health information through the certified API may require authorization by the applicable end user, patient, personal representative, provider, or API information source, as required by applicable law and the applicable technical workflow.

API users are responsible for obtaining and maintaining all authorizations, consents, or permissions required for their applications and services, except to the extent those authorizations are obtained through EHRYourWay’s patient-facing or provider-facing authorization workflow. API users must not access, request, use, or disclose electronic health information except as authorized by the end user and permitted by applicable law.

Nothing in these Terms is intended to prevent lawful patient-directed access, exchange, or use of electronic health information.

6. API User Responsibilities

API users are responsible for ensuring that their applications and services:

1. comply with applicable federal and state privacy, security, consumer-protection, and health-information laws;
2. do not contain malware, viruses, malicious code, or other harmful components;
3. do not interfere with, disrupt, degrade, or compromise the certified API, EHRYourWay systems, or any connected systems;
4. do not misrepresent the application’s identity, purpose, privacy practices, or authorization status;
5. do not access or attempt to access electronic health information without appropriate authorization;
6. maintain reasonable administrative, technical, and physical safeguards appropriate to the nature of the information accessed; and
7. comply with the technical specifications, authentication requirements, and reasonable-use requirements published by EHRYourWay.

API users must promptly notify EHRYourWay at apisolutions@ehryourway.com of any suspected unauthorized access, credential compromise, security incident, or material change to the application that may affect access to or use of the certified API.

7. Privacy and Security

EHRYourWay may delay, deny, restrict, suspend, or terminate access to the certified API only when consistent with these Terms, applicable law, and applicable regulatory requirements, including documented privacy, security, infeasibility, or health IT performance circumstances.

Where a privacy precondition is required by applicable law, EHRYourWay may require the applicable authorization, consent, or other legal prerequisite before enabling access to electronic health information. When a privacy precondition is missing, EHRYourWay will provide notice, where practicable, and a reasonable opportunity to satisfy the missing precondition.

Where EHRYourWay identifies a specific security risk, EHRYourWay may take reasonable and necessary steps to protect electronic health information, the certified API, and connected systems. Any such security measure will be based on objective criteria, tailored to the identified risk, applied in a non-discriminatory manner, and no broader than necessary under the circumstances.

8. Reasonable Use, Throttling, and System Protection

EHRYourWay may apply reasonable and objective technical controls to protect the performance, availability, and security of the certified API. These controls may include rate limits, usage thresholds, monitoring, temporary throttling, or temporary suspension when necessary to address documented security risks, system performance concerns, misuse, or noncompliance with these Terms.

EHRYourWay will not apply throttling, suspension, or other access limitations based on whether an API user is a competitor, whether an API user has an existing customer relationship with EHRYourWay, or any other non-objective or discriminatory factor.

Where practicable, EHRYourWay will provide written notice and an opportunity to cure before materially restricting or suspending access. Immediate temporary action may be taken without prior notice when reasonably necessary to address an imminent security, privacy, operational, or legal risk. In that event, EHRYourWay will provide notice as soon as practicable and will restore access when the risk has been resolved.

9. Prohibited Conduct

You may not:

1. use the certified API to access electronic health information without appropriate authorization;
2. introduce malware, viruses, malicious code, or other harmful components;
3. interfere with or disrupt the certified API or connected systems;
4. attempt to circumvent authentication, authorization, rate limits, audit controls, or security controls;
5. misrepresent your identity, application identity, authorization status, or purpose;
6. use credentials, tokens, or access rights assigned to another person or application;
7. use the certified API in violation of applicable law;
8. reverse engineer, decompile, or attempt to derive source code from EHRYourWay software except to the extent such restriction is prohibited by applicable law; or
9. use electronic health information obtained through the certified API in a manner inconsistent with applicable authorization, privacy representations, or law.

Nothing in this section prohibits lawful access, exchange, or use of electronic health information authorized by an end user or otherwise permitted by applicable law.

10. Support

EHRYourWay provides public documentation for API users at EHRYourWay.com. Questions regarding API registration, authenticity verification, technical documentation, or production access may be submitted to apisolutions@ehryourway.com.

EHRYourWay will route API access and registration inquiries to personnel trained on the applicable API Condition of Certification and information-blocking requirements.

11. Changes to the Certified API or These Terms

EHRYourWay may update the certified API, technical documentation, or these Terms from time to time.

EHRYourWay will provide advance public notice of material changes to API terms, technical requirements, or fees where feasible and applicable. If advance notice is not feasible due to security, operational, legal, or emergency circumstances, EHRYourWay will post notice as soon as practicable. Notices will identify the effective date of the change and describe the material changes.

EHRYourWay will maintain access to prior versions or a change log where practicable.

12. Ownership

EHRYourWay retains all rights, title, and interest in and to its software, systems, documentation, websites, trademarks, and other intellectual property. These Terms do not transfer ownership of any EHRYourWay property.

These Terms do not give EHRYourWay ownership of electronic health information accessed through the certified API.

13. Third-Party Applications and Content

Third-party applications, services, software, or content used by API users or end users are the responsibility of the applicable third party. EHRYourWay does not control and is not responsible for third-party applications’ privacy policies, security practices, representations, or use of electronic health information after electronic health information is transmitted to the third-party application at the direction of an authorized end user, except to the extent otherwise required by applicable law.

API users are responsible for accurately describing their privacy and security practices to end users.

14. Suspension or Termination of Access

EHRYourWay may suspend or terminate access to the certified API only for objective reasons, including documented security risk, material noncompliance with these Terms, unauthorized access, unlawful conduct, system performance risk, failure to complete required registration or authenticity-verification steps, or other circumstances permitted by applicable law or regulatory exception.

Where practicable, EHRYourWay will provide written notice and an opportunity to cure before suspension or termination. Immediate temporary suspension may occur without prior notice when reasonably necessary to address an imminent security, privacy, operational, or legal risk. EHRYourWay will document the basis for the action and will restore access when the basis for suspension has been resolved.

15. Disclaimer

The certified API and related documentation are provided on an “as is” and “as available” basis, except to the extent otherwise provided in an applicable written agreement or required by applicable law.

To the fullest extent permitted by law, EHRYourWay disclaims all warranties not expressly stated in an applicable written agreement, including implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

Nothing in this section limits any obligation EHRYourWay has under the ONC Health IT Certification Program, applicable information-blocking regulations, or applicable law.

16. Limitation of Liability

To the fullest extent permitted by law, EHRYourWay will not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages arising from or relating to use of the certified API.

Any limitation of liability in these Terms applies only to the extent permitted by applicable law and does not limit obligations that cannot legally be waived, including obligations under the ONC Health IT Certification Program, applicable information-blocking regulations, or applicable privacy and security laws.

17. Indemnification

To the fullest extent permitted by law, an API user agrees to defend, indemnify, and hold harmless EHRYourWay and its officers, directors, employees, and agents from claims, damages, liabilities, costs, and expenses, including reasonable attorneys’ fees, arising from the API user’s unauthorized access to electronic health information, violation of applicable law, material breach of these Terms, misrepresentation to end users, security incident caused by the API user’s application, or infringement or misappropriation of third-party rights.

This section does not apply to patients or end users acting in an individual capacity to access their own electronic health information, except to the extent permitted by applicable law.

18. Publicity

You may not state or imply that EHRYourWay sponsors, endorses, certifies, or partners with your application unless EHRYourWay has agreed in writing. You may accurately state that your application connects to the certified API if that statement is truthful and not misleading.

19. Contact

Questions regarding these Terms, API documentation, app registration, authenticity verification, or production access should be directed to: apisolutions@ehryourway.com

20. No Waiver of Legal Rights

Nothing in these Terms is intended to waive, limit, or restrict any rights of patients, end users, API users, API information sources, or EHRYourWay under applicable federal or state law, including the ONC Health IT Certification Program and the information-blocking regulations.