Getting Started with the CRIO Medical Records API in 6 Easy Steps

It’s easy to get started with CRIO’s Medical Records API with these 6 steps. This blog post will help you set up and be ready to go in just over an hour.

If you haven’t already signed up for the Medical Records API, click here for more information, reach out to your customer success representative, or contact us.

Please note: Some resources below require you to login to the CRIO help center to get access.

Step 1: Watch the Comprehensive Demo

In this video, the CRIO Product team walks through all of the features and functionality of the Medical Records API. (25 minutes to complete)

Click here to watch the demo.

Step 2: Read the Manual

This written material covers all functionality and will serve as a resource for any team members that need to pull medical records. (10 minutes to complete)

Click here to access the user manual.

Step 3: Implement a Medical Information Authorization Form

In order to use the Medical Records API, you will need to implement a medical information authorization form. There are two options for doing this. If you already have a form in place, you will need to amend it to include this language:

“The information released in response to this authorization may be re-disclosed to other Business Associates.”

The second option is to use this template to obtain permission from patients during the consent process. In short, you will need to inform the patient that a third party vendor will have access to their medical records and to get their permission to obtain these records on their behalf. (5 minutes to complete)

Step 4: Review and Implement an SOP for Use of the CRIO Medical Records API

We have prepared an SOP that will cover your use of the Medical Records API at your site. Reviewing and implementing this SOP will take about 10 minutes to complete.

Click here to download the SOP.

Step 5: Read Our Data Protection Impact Assessment (EU ONLY)

Under GDPR, CRIO, as a processor, acts on behalf of the controller (you). When selecting a processor, controllers must use only processors that provide sufficient guarantees of their abilities to implement the technical and organizational measures necessary to meet the requirements of the GDPR. CRIO maintains a data protection impact assessment of its platform that can be made available to the controller to demonstrate its compliance with the GDPR.

Click here to read our Data Protection Impact Assessment (10 minutes to complete)

Step 6: Review the Validation Documentation

The validation documentation includes the Functional Requirements Specification and Validation Certification for the site application. Reviewing this documentation will take about 10 minutes to complete.

Once you have completed these steps, you are ready to go! Still need help? Reach out to your customer success representative or contact us.

Want to learn more? Check out these additional resources:

Best Practice Tips for Requesting Records
Site Reimbursement Resources
Medical Records API FAQ