Connect your EHR. Skip the chart-to-form copy-paste.
Clinician EHR integration lives on ApprovalHelp, our product for clinics. It ships a SMART-on-FHIR client — Athena in Preview today; other vendors on the roadmap. Patient demographics, conditions, medications, and prior denials prefill the appeal, so your staff edits and signs instead of retyping.
What we connect to
Six EHR vendors registered. New vendors take ~1 business day to wire up against an existing FHIR R4 endpoint.
Active integration. Production registration in progress.
DrChrono Marketplace →Client ID configured. SMART-launched + standalone modes ready.
Cerner CODE →Client ID configured. USCDI patient + condition + medication scopes.
Athena Marketplace →Client ID configured. Production onboarding on practice request.
eCW Developer Portal →Client ID configured. SMART backend services supported.
MEDITECH Expanse FHIR →Don’t see your EHR? If it exposes a FHIR R4 endpoint and supports SMART authorization, we can wire it up. Tell us what you use.
What you get from connecting
The same appeal-drafting product, with chart data prefilled instead of retyped.
Prefill from the chart
Patient demographics, diagnoses (ICD-10), active medications (RxNorm), encounter dates. No retyping; no transcription errors.
Clinical context the letter needs
USCDI v1 data classes — conditions, medication orders, observations, procedures — surface as click-to-include exhibits in the letter editor.
Standards-compliant auth
SMART App Launch v2, PKCE on every flow, confidential-client JWT assertions (RS384, RSA-2048), public JWKS endpoint with key rotation.
Technical specifications
For your EHR security team and integration engineers.
- • SMART App Launch v2 (EHR-launched + standalone)
- • OAuth 2.0 + PKCE (mandatory, no client-secret-only flows)
- • Confidential clients via JWT client assertions (RS384, RSA-2048)
- • Public JWKS at
/.well-known/jwks.json - • Per-vendor allowlist on issuer (iss) — fail-closed SSRF defense
- • State + nonce + iss-binding to prevent session fixation
- •
patient/Patient.read - •
patient/Condition.read - •
patient/MedicationRequest.read - •
patient/Observation.read - •
patient/Encounter.read - • Read-only. We never write to your EHR.
- • AWS Lightsail Sydney (ap-southeast-2), BAA-covered
- • PHI at rest on LUKS-encrypted volume (AES-XTS-256)
- • SQLCipher on top of LUKS (defense in depth)
- • Tailscale tailnet between gateway and home server
- • Cloudflare DNS-only — PHI never traverses CDN proxy
- • Every USCDI field passes through in-house redaction (regex + Presidio)
- • Outbound gate refuses if any identifier survives
- • LLM only ever sees de-identified text
- • Rehydration happens in-process after the response
- • Token-mapping never logged or persisted
How to connect
From practice signup to first auto-prefilled appeal.
- 1Start on ApprovalHelp
Magic-link or Google / Microsoft OAuth. ApprovalHelp — Independent from $499/mo, with unlimited scribe, PAs, and appeals on every paid tier. See approvalhelp.com/pricing →
- 2Connect your EHR
EHR-launched flow: install DenialHelpfrom your vendor’s marketplace, launch from a patient chart. Standalone flow: paste your organization’s FHIR base URL in
/fhir/connect, authorize, done. - 3Draft your first appeal
When you start a new appeal for a connected patient, demographics + diagnoses + medications prefill. Click-to-include any USCDI item as an exhibit. Prescriber signs. Packet PDF auto-assembles.
- • HIPAA-compliant — designated Privacy Officer, signed Security Risk Analysis on file
- • AWS BAA signed for AWS PHI sub-processors (Textract, S3, Lightsail)
- • PHI text inference uses Anthropic subscription Claude over de-identified inputs
- • Immutable audit log with BEFORE-UPDATE / BEFORE-DELETE triggers
- • 7-year retention policy with automated purge cascade
- • 60-day breach notification clock with T-30 / T-7 / T-1 alerts
Full detail at /security.
Ready to connect?
Start on ApprovalHelp and connect your EHR yourself, or talk to us about an Enterprise integration with a custom BAA and dedicated onboarding.