The Founda Health Platform makes sure that highly sensitive patient information is protected at all times. Access is restricted to authorized systems, software and/or individuals only. Founda's Identity and Access Management (IAM) Service allows providers to manage and control secure access to their data and it allows for quick and accurate verification of all involved parties. This also ensures that the necessary permissions for using the requested data are in position during every access attempt. The IAM service fully complies with the OAuth2.0 standard. 

Founda Health's Identity and Access Management (IAM) service ensures that every connected application and provider organization is precisely identified and authorized.

When an Application Provider creates a "client profile" for their application via the Founda Health platform console, an OAuth2.0 client representing this application is created. This client receives a unique "Client ID" and a confidential "Client Secret." Responsibility for securely storing these identifiers falls on the Application Provider, as they will be used in all future transactions, playing a crucial role in authenticating the client application.

Upon creating a client profile, the Application Provider defines the specific "authorization scopes" that the application requires to operate effectively. These selected "authorization scopes" are securely stored within Founda Health's Identity and Access Management service. Importantly, any authorization request made by an Application Provider must be approved by the respective Provider Organization. This two-step authentication process ensures that only the right applications gain access to the appropriate data, safeguarding patient privacy.

Using the Client Credentials (Client ID and Client Secret), an application can request an access and refresh token. The access token is a vital component, as it must be included in every request made to the HealthAPI service. It's important to note that access tokens have a time limit and expire after 60 minutes. Refresh tokens are used to request new tokens. Both tokens can be generated using the following URL, depending on the 

https://auth.<region>.founda.com/oauth2/token

For a comprehensive, step-by-step guide on how to authenticate and authorize using OAuth2.0, please refer to our detailed 

 tutorial, providing you with the knowledge and tools needed to navigate the identity and access management service.

Identity and Access Management

Founda Subscription Topic Catalog

Payload Signing and Verification

Subscription Service

Transformation Service

Health API Service

Audit Service

Services

Founda Health

Who we are

Who we serve

What we do

What we believe

Welcome!

Clients

Subscriptions

Connectors

Provider Connectivity

FHIR

Communication Standards

Conformance Statements

Founda Fundamentals

Self-service Console

Authentication with OAuth2

Sandbox Testing

Getting Started

Retry Mechanism Implementation

Best Practices

Patient Demographics

Access to Clinical Data

Document Exchange

Appointment Scheduling

Solutions

Building on the Platform

Security

Compliance

Privacy

Security & Compliance