Frequently Asked Questions
- API FAQs
- --> API - How do I get my own API key?
- --> API - Can I send a request without registering?
- --> API - How do I get access to production?
- IDE FAQs
- --> IDE - Can you upload attachments when sharing data?
- --> IDE - Where will the incoming data be stored in ACC?
- --> IDE - What is the purpose of the Privacy & Ethics Threshold Analysis (PETA/PIA)?
- --> IDE - What is the Data Sharing Agreement and why is it required?
- --> IDE - Is the Social Investment Agency (SIA) involved in all third-party sign ups?
- --> IDE - What are the key prerequisites to on-board a 3rd party?
- --> IDE - How much does it cost the Business Unit requesting the service and what are the fees for?
- --> IDE - How long does it take to on-board a 3rd party and receive data?
- --> IDE - How secure is IDE?
- --> IDE - What types of data can be transferred?
- --> IDE - What type of data can be transmitted?
- Inbound Docs FAQs
- --> Inbound Docs - What is the document size limit?
- --> Inbound Docs - How long does a document take to upload using the Inbound docs API?
- --> Inbound Docs - Can I submit more than one file per submission?
- --> Inbound Docs - What can I submit via the inbound document’s API?
- --> Inbound Docs - I get an error saying, 'For this document type, Metadata for Content Type is required', what does this mean?
- --> Inbound Docs - Can I have the Content Type in lower case?
- --> Inbound Docs - I don't have an NHI number for a patient, can I still submit the file?
- --> Inbound Docs - Can I send documents in colour?
- --> Inbound Docs - How can I follow up on documents I have submitted via the API?
- --> Inbound Docs - What do I do if I am having problems submitting?
- --> Inbound Docs - I am receiving an 'authorisation error' when I try to submit documents.
- --> Inbound Docs - Why is the inbound documents API not accepting the document I am submitting?
- --> Inbound Docs - I get an error saying, 'For this document type, Assessment Type and Body Site details are not required', what does this mean?
How do I get my own API key?
- Login or register
- Go to My Apps
- Select Add a new App
- Complete App Name field (mandatory)
- Select the product (API) you want to use
- Select Create App
- Your App to be automatically approved for compliance. You'll receive a notification via email that your App has been approved
- Select your App
- You'll see your API key under the consumer key field
Can I send a request without registering?
Yes you can. As all API requests need an API key, we've made available a "test" API key in certain APIs. It can be used without having to register an account or an application.
The 'test' API key for HCSS is 6HoTt9GsONTE6eli2LGZVa0vVYfJa1VN. You can also find it next to the API key field in Our APIs/specific API/endpoint description.
We'll issue your own compliance API key once you register an app for a one of our APIs.
You must apply for access to production with the ACC Digital Operations team. Use the Contact page to apply. Select "Request production access" in the 'What are you contacting us about'- field. The Digital Operations team will contact you to discuss the process of submitting data to production using your app.
The API you're using determines what this process will involve. We look at:
- do you need specific authorisation to an API in production?
- do we need to talk to another team in ACC to streamline the onboarding process for your customers?
- Has all the required testing been completed to an acceptable level?
- How are you communicating the new app benefits to your customers?
- When will the new app be available to your customers?
No, you can't upload attachments when transferring data.
The requesting Business Unit must identify the target destination of the data and provide the IDE product team with the location of the repository e.g. (I:) Drive
The PETA (PTA) is used at a high level to:
- Identify the potential effects that a project or proposal may have upon the privacy of personal information
- Identify the potential effects that a project or proposal might have upon the wellbeing of the people involved
- Examine how any ethical concerns or detrimental effects on privacy might be mitigated.
The Data Sharing Agreement is a formal agreement between the parties planning to exchange data. It covers what data is being exchanged, the format of the data, using the data exchange as a channel, the reason for exchanging data, the period of the agreement, etc. It provides evidence of consideration by the data sharing parties that they are permitted to share the data cited.
The SIA’s role is to support the social sector to improve decision making. SIA will therefore only get involved if a third party organisation is part of the social sector or is sharing data to improve the wellbeing of New Zealanders.
- Data Sharing Agreement:
Data Sharing Agreement must be in place between the parties intending to share data. - Privacy:
A Privacy Threshold Analysis (PTA) must be undertaken. There are scenarios where one PTA document can cover a group of different scenarios. - Security:
An addendum to the Security Risk Assessment (SRA) must be approved. The addendum covers the same information as the PTA but it is required for security purposes. - Service Provider:
The 3rd party must create a connection (Agent) on their platform to transmit data to EightWire’s data exchange platform.
Each connection has to be configured and setup. This configuration is done by Datacom at a charge of approximately $1000.
Provided the information in the application form is complete, the process to on-board takes approximately seven working days.
The Social Investment Agency (SIA) has undertaken a privacy impact assessment of EightWire’s Data Exchange (DX) which underpins the IDE. The DX has been certified and accredited for the transfer of information classified under the New Zealand Government Security Classification System as SENSITIVE.
If the format of data changes regularly and there is no need for real-time transfers, then IDE would be the most suitable and cost-effective solution. For systems that need real-time, transactional type data transfers, where the format of the data never changes, using Application Programme Interfaces (API’s) instead of the IDE would be more beneficial. To ensure the correct transmission mechanism is selected as per your need, we suggest that you consult with a Solutions Architect..
IDE has been developed to receive data up to sensitive level from any 3rd party.
The Inbound documents API will currently accept one document per submission up to 20 MB in size.
This depends on the speed of your internet connection, however, please see below for the average submission times for different size documents.
- 3MB ~3 seconds
- 5MB ~5 seconds
- 10MB ~8 seconds
- 15MB ~12 seconds
- 20MB ~15 seconds
The API will only accept one file per submission.
If you wish to submit multiple documents for the same client, these can be combined into one PDF file (no greater than 20MB) and submitted as a single submission.
As at the end of March 2023 you can submit the following sets of documents using this API:
|
Discharge and Operation reports |
MMEXDISOP |
|
Extension of treatment requests – ACC32 |
MMEX32PHY |
|
Guided Injection requests |
MMEXPRAPR |
|
High Tech Imaging |
MMEXHSHTI |
|
Radiology reports |
MMEXESHTI |
|
Specialist / GP / Other treatment provider notes |
MMEXSPECR |
|
Surgery requests and documentation |
MMEXEARTP |
Forms / documents available for submission from mid June 2023 are:
- ACC32 Treatment Extension Request (ACC32) - x 21
- Admin (ADM) - x 122
- Accidental Death Unit (ADU) - x 49
- Cover Assessment (CA) - x 23
- Clinical Reports (CR) - x 7
- Elective Services (ES) - x 41
- Employer Reimbursement Agreement Deductions (ERA) - x 25
- Orthotics (OR) - x 20
- Permanent Injury Claims (PIC) - x 8
- Prior Approval (PA) - x 20
- Travel (TR) - x 14
- Treatment Injury (TI) - x 11
Whilst this appears to be a large number there are multiple forms that are used across multiple groups, and these will become available to all groups as they become developed.
Note: Characters in brackets denote the first characters in the document naming conventions as shown in the Inbound Documents - File Naming Standards.
- For MMEXDISOP files it must contain the document type (either ‘Notice of Discharge’ or ‘Operation Notes’).
- For MMEXESHTI and MMEXSPECR records it must be blank.
No, our preference is for this to be UPPERCASE.
Yes, you can submit the file for the client, however, you would need to enter '000000000' in the NHI field.
Yes - the API will accept PDFs with colour.
You would need to email Digital Operations digitaloperations@acc.co.nz and provide the file creation date and time as well as the runID.
If you are unable to submit a document after troubleshooting the error(s), please contact your PMS support team to discuss.
You need to have a valid Digital Certificate to access our digital services. To apply for a new digital certificate, please email registration.authority@acc.c.nz
The API will provide an error message advising the document type is not supported.
Only PDF formatted documents are supported at this time.
Any further issues contact digitaloperations@acc.co.nz for assistance.
Assessment type:
- For MMEXDISOP and MMEXSPECR it must be blank.
- For MMEXESHTI must contain the Assessment Type (e.g. "Radiology Xray").
Body site:
- For MMEXDISOP and MMEXSPECR must be blank.
- For MMEXESHTI must contain the body site that the assessment relates to (e.g. " MRI LUMBAR SPINE").