§170.404(a)(2)–(a)(4) · API Transparency, Fees, Openness

Certified API Technology — Terms & Conditions

The complete business terms and conditions for Retinex's §170.315(g)(10) certified API technology.

Version 1.0 Effective 2026-06-03 Publicly accessible · No charge
Scope. These are the API-specific terms and conditions for Retinex's certified API technology, published per §170.404(a)(2) via a publicly accessible hyperlink with no preconditions. They are separate from, and govern in case of conflict with, the general website Terms & Conditions. Definitions ("API Information Source", "API User", "Certified API Developer", "Certified API Technology") have the meanings given in §170.404.

1. Material Information (§170.404(a)(2)(A))

Retinex publishes all terms and conditions for its certified API technology, including the following:

#ItemStatement
1FeesSee §2 API Fees. Access to the API, this documentation, the sandbox, registration, and production connection details is provided at no charge.
2RestrictionsUse must comply with HIPAA, applicable law, and the patient's authorization. No reverse-engineering of security controls; no attempts to access EHI without authorization.
3LimitationsFair-use rate limiting applies equally to all similarly situated API Users to protect availability (see §2); the data scope is the US Core 6.1.0 / USCDI v3 data set.
4ObligationsMaintain the security of issued credentials and tokens; honor scope grants; keep registration contact information current; notify Retinex of suspected credential compromise.
5Registration process requirementsSee Application Registration — client types, required attributes, and dynamic client registration.
6aNeeded to develop softwareAPI Reference, SMART Authorization, US Core Support, and a free sandbox.
6bNeeded to distribute / deploy in productionProduction registration and service base URLs; no distribution-channel fee or approval gate beyond identity verification.
6cNeeded to use software (access EHI)Authorization Code + PKCE flow, scopes, and refresh tokens documented in SMART Authorization.
6dNeeded to use EHI obtainedEHI may be used for any lawful purpose authorized by the patient, subject to HIPAA and applicable law; Retinex imposes no downstream-use restriction beyond the law.
6eUsed to verify authenticity of API UsersIdentity and redirect-URI/domain ownership verification — objective and uniformly applied (see Verification).
6fUsed to register softwareRFC 7591 Dynamic Client Registration and manual registration (see Registration).

1.1 Developer Policies & Required Agreements

These Terms & Conditions are the developer agreement for Retinex's certified API technology. Acceptance occurs at the point of application registration; no separate signed contract, click-through license, or developer agreement is required to access, develop against, or deploy to the certified API technology beyond the objective identity and redirect-URI verification applied uniformly to all API Users. Retinex imposes no developer agreement that would condition the rights in §3.3 on any of the prohibited terms listed in §3.4.

The following associated developer policies are incorporated into and form part of these Terms. Each is publicly accessible at no charge and without preconditions:

PolicyGovernsReference
Acceptable Use & RestrictionsLawful, HIPAA-compliant use; no reverse-engineering of security controls; no unauthorized EHI accessSee §1, rows 2–4
Fair-Use / Rate-Limiting PolicyLimits applied equally to all similarly situated API Users to protect availabilitySee §2 API Fees
Security PolicyCredential and token security, authentication, authorization (RBAC), encryption, and audit loggingSecurity & Compliance
Privacy PolicyHandling of personal and health information consistent with HIPAA and applicable lawPrivacy Policy
Registration & Verification PolicyClient types, required attributes, dynamic and manual registration, identity verificationApplication Registration
General Website TermsBaseline terms; these API Terms govern in case of conflictTerms & Conditions

2. API Fees (§170.404(a)(3) & (B))

All fees are described below in plain language, including the persons to whom each fee applies, the circumstances in which it applies, and the amount or — for variable fees — the variable(s) and methodology used to calculate it.

FeeApplies to (persons / class)CircumstancesAmount / methodology
API access & use of certified API technologyAPI Users (app developers) and patientsAccessing the §170.315(g)(10) API, documentation, sandbox, registration, and production connection details$0 — no charge.
Documentation & test environmentAll developersReading this documentation; using the sandbox / synthetic data$0 — no charge.
EHI export (b)(10)Patients, providers, successor systemsSingle-patient and population EHI export$0 — no charge (see Information Blocking → Fees).
EHR subscriptionAPI Information Sources (provider organizations licensing the Retinex EHR)Recurring license to deploy the certified Health ITPer-provider recurring subscription; quoted in the customer's order form (see Costs & Certification).
Value-added services (optional)API Information Sources / API Users who elect themServices beyond what is necessary to develop, test, and deploy production apps (e.g. premium SLAs, dedicated support, custom integrations)Permitted value-added-service fees under §170.404(a)(3)(iv); priced per the applicable service order; never required to access or use the certified API technology.

Retinex does not charge: any fee to access the documentation it must publish; any fee for resources reasonably required to make effective use of the certified API technology; or any fee essential to developing and commercially distributing production-ready applications (including test environments and the connection information needed to reach the API). Permitted fees are based on objective, verifiable criteria uniformly applied to all similarly situated parties, are reasonably related to and allocated against Retinex's costs, and are not based on whether a party is a competitor. Retinex keeps records of any fees charged, the methodology used, and the costs to which they are attributed.

3. Openness & Pro-Competitive Conditions (§170.404(a)(4))

3.1 Independent access

Retinex provides certified API technology to an API Information Source with the independent ability to permit an API User to interact with that technology. Application-developer affirmations regarding their ability to secure a refresh token and/or client secret are treated in good faith.

3.2 Non-discrimination (§170.404(a)(4)(i))

Retinex grants access to its certified API technology on terms no less favorable than it extends to itself, its customers, suppliers, partners, and other business relationships. Retinex does not offer different terms or services based on (1) whether a competitive relationship exists or would be created, or (2) the revenue or other value a party may derive from using the API technology.

3.3 Rights that must be granted (§170.404(a)(4)(ii)(A))

Upon request, Retinex grants API Information Sources and API Users all rights reasonably necessary to: (1) access and use the certified API technology in production; (2) develop products and services that interact with it; and (3) market, offer, and distribute those products and services.

3.4 Prohibited conduct — what Retinex will not require (§170.404(a)(4)(ii)(B))

Retinex does not condition the rights above on:

  1. Paying a fee (including a license fee, royalty, or revenue-share);
  2. Agreeing not to compete with Retinex in any product, service, or market;
  3. Dealing exclusively with Retinex in any product, service, or market;
  4. Obtaining additional licenses, products, or services unrelated to (or unbundlable from) the certified API technology;
  5. Licensing, granting, assigning, or transferring any intellectual property to Retinex;
  6. Meeting any Retinex-specific testing or certification requirements; or
  7. Providing Retinex or its technology with reciprocal access to application data.

3.5 Service & support obligations (§170.404(a)(4)(iii))

Retinex provides the support and services reasonably necessary to enable the effective development, deployment, and use of the certified API technology by API Information Sources and API Users in production. Contact support@retinex.ai.

4. Additional Terms

These terms do not limit additional content Retinex may include, such as consumer protections. Nothing here prevents API Information Sources and API Users from forming permissible business relationships, provided they do not conflict with the ONC Cures Act Final Rule or other applicable law.

5. Change Log

DateVersionChange
2026-06-031.0Initial publication of API-specific terms, fees, and openness conditions.