New · agency integrations

Send your NEDOCS to the agencies that need it — directly, with consent.

State HAvBED, EMResource, WebEOC, regional EMS authorities, and trauma councils can subscribe to your live NEDOCS, boarding load, and operational flags. You stay in control: every agency is approved by your hospital, every grant is scoped, and every byte is auditable.

JSON v1 FHIR R4 EMResource JSON CSV HAvBED XML

How a single score reaches three agencies

1
Charge nurse saves a scoreStandard NEDOCS save in the dashboard — no extra workflow.
2
Server fans out to active grantsState HAvBED gets FHIR. Regional EMS gets EMResource JSON. Trauma council gets CSV.
3
HMAC-signed delivery to each webhookExponential backoff retries, dead-letter queue if an endpoint is down.
4
Audit log writes a permanent recordRetained for seven years. Visible to hospital and admin from day one.

Consent-driven by design

Hospital-controlled grants are the only way data ever leaves your facility. No back doors, no aggregator middlemen, no “opt-out” — every byte sent to an agency exists because you issued a grant.

Sharing grant

Per-agency, scoped, revocable

Pick which data points to share — NEDOCS, boarding, beds, flags, EOI band — and how often. Revoke any grant instantly from Settings → Data sharing. Revocation halts the next delivery, not the next day.

Push or pull

Real-time webhooks or scheduled polls

Agencies can subscribe to a webhook that fires on every save, or pull on their own cadence. Both honor the same grant scope and the same rate limits.

Audit log

Every access is recorded

Pulls, pushes, denials, format conversions — all logged with timestamp, IP, key ID, and bytes shipped. Retained for seven years. Exportable.

Agency verification

Admin-reviewed before they can ask

Every agency self-signs-up, then waits for human verification by a NEDOCS administrator. Unverified agencies cannot request grants.

Hashed API keys

Issued once, never stored in cleartext

Keys are SHA-256 hashed at rest. The raw secret is shown exactly once to the agency at issuance. Per-key scopes, IP allowlists, sliding-window rate limits.

HMAC signing

Tamper-evident webhook payloads

Every webhook is signed with the agency's per-endpoint secret. Replay-protected via timestamps. The portal docs page ships a verification recipe in five languages.

Speak the format an agency already understands

The same canonical event is rendered on the fly into whatever the agency consumes. No middleware to install on either end. New formats slot in behind the same registry.

  • JSON v1 — clean, versioned, defaults for modern stacks.
  • FHIR R4 Observation Bundle — for state and federal HIE pipelines.
  • EMResource JSON — drop-in fit for EMResource and similar consoles.
  • CSV line — append-only land-and-store, perfect for trauma councils and dashboards.
  • HAvBED XML — for legacy state HAvBED feeds still in production.

Each format respects the grant scope — fields you didn't authorize never appear in the payload.

POST https://agency.example.gov/nedocs X-NEDOCS-Signature: t=1716700000,v1=hmac-sha256…
{
  "version": "1",
  "event": "score.saved",
  "hospital": {
    "id": "6630…",
    "name": "Example Memorial ED",
    "state": "CA"
  },
  "observed_at": "2026-05-27T19:14:02Z",
  "nedocs": { "score": 78, "band": "Overcrowded" },
  "boarding": { "longest_admit_minutes": 218, "admits_in_ed": 11 },
  "capacity": { "ed_patients": 48, "ed_beds": 32 },
  "flags": ["diversion", "icu_hold"],
  "eoi": { "band": "Stressed" }
}

Set it up in five steps

Two roles do the work: the agency requests access, the hospital approves it. NEDOCS handles the rest.

1

Agency self-signs up

State HAvBED, EMS authority, or trauma council registers at the agency portal with verification documents.

2

Admin verifies

NEDOCS administrators review and mark the agency verified. Unverified agencies can't request grants.

3

Hospital grants access

Hospital manager browses verified agencies, picks one, scopes the data, and clicks grant. Done.

4

Agency picks format

JSON, FHIR, EMResource, CSV, or HAvBED XML. Webhook URL, optional HMAC secret. Or pull from the REST API.

5

Live deliveries flow

Every score save fans out automatically. Hospital sees delivery status; agency sees inbound activity.

Built for the people who say no when something looks off

Per-grant scope

Boarding only? Flags only? Just the band? Hospital decides per agency.

Instant revocation

One click halts the next delivery. The agency learns immediately; the audit log records it.

Rate limited

Sliding-window per key. Bursty consumers are throttled, not crashed.

Dead-letter visibility

Failed deliveries land in a queue admins can replay or expire. No silent drops.

HIPAA-friendly

Operational facility data only — no PHI in the canonical event. Same posture as today's NEDOCS API.

Per-hospital scoping

An agency-issued API key can only see hospitals that granted that agency access. No tenant bleed.

Signed webhooks

HMAC over body + timestamp. Replay-protected. Verification recipes shipped in the portal docs.

Seven-year audit

Every access, push, denial, and revocation is retained — exportable for state audits.

Common questions

What does the hospital have to install?

Nothing. If you're using the NEDOCS dashboard, you already have everything. Sharing is enabled by issuing a grant from Settings → Data sharing.

Can the same score go to multiple agencies in different formats?

Yes. That's the typical case. State HAvBED gets FHIR, regional EMS gets EMResource JSON, trauma council gets CSV — from a single save in your ED.

Does sharing send PHI?

No. The canonical event is operational facility data — bed counts, score values, boarding minutes, operational flags. There are no patient identifiers or clinical fields. We treat the integration the same way as the existing NEDOCS API.

What happens if an agency's webhook is down?

The dispatcher retries with exponential backoff. After repeated failure the delivery moves to a dead-letter queue, visible to NEDOCS admins, who can replay or expire it. Your hospital is notified when an agency's endpoint has been failing.

Can our state become a verified agency?

Yes — start at the agency portal or email integrations@nedocs.org. Verification usually takes a couple of business days.

How is this different from the existing NEDOCS API?

The existing API is hospital-scoped: a single hospital authenticates and reads/writes its own data. Agency integrations are multi-tenant by design: an agency authenticates once and sees the union of all hospitals that have explicitly granted them access — with consent governance, signed delivery, and audit trails built in.

Sharing should be opt-in, scoped, and obvious. Now it is.

If you're a hospital, talk to us about turning sharing on. If you're an agency, start at the portal — verification takes a couple of days.

Hospital: request access Agency: portal