Scope. These are the API-specific terms and conditions for Retinex's certified API technology, published per §170.404(a)(2) via a publicly accessible hyperlink with no preconditions. They are separate from, and govern in case of conflict with, the general website Terms & Conditions. Definitions ("API Information Source", "API User", "Certified API Developer", "Certified API Technology") have the meanings given in §170.404.
1. Material Information (§170.404(a)(2)(A))
Retinex publishes all terms and conditions for its certified API technology, including the following:
| # | Item | Statement |
|---|---|---|
| 1 | Fees | See §2 API Fees. Access to the API, this documentation, the sandbox, registration, and production connection details is provided at no charge. |
| 2 | Restrictions | Use must comply with HIPAA, applicable law, and the patient's authorization. No reverse-engineering of security controls; no attempts to access EHI without authorization. |
| 3 | Limitations | Fair-use rate limiting applies equally to all similarly situated API Users to protect availability (see §2); the data scope is the US Core 6.1.0 / USCDI v3 data set. |
| 4 | Obligations | Maintain the security of issued credentials and tokens; honor scope grants; keep registration contact information current; notify Retinex of suspected credential compromise. |
| 5 | Registration process requirements | See Application Registration — client types, required attributes, and dynamic client registration. |
| 6a | Needed to develop software | API Reference, SMART Authorization, US Core Support, and a free sandbox. |
| 6b | Needed to distribute / deploy in production | Production registration and service base URLs; no distribution-channel fee or approval gate beyond identity verification. |
| 6c | Needed to use software (access EHI) | Authorization Code + PKCE flow, scopes, and refresh tokens documented in SMART Authorization. |
| 6d | Needed to use EHI obtained | EHI may be used for any lawful purpose authorized by the patient, subject to HIPAA and applicable law; Retinex imposes no downstream-use restriction beyond the law. |
| 6e | Used to verify authenticity of API Users | Identity and redirect-URI/domain ownership verification — objective and uniformly applied (see Verification). |
| 6f | Used to register software | RFC 7591 Dynamic Client Registration and manual registration (see Registration). |
1.1 Developer Policies & Required Agreements
These Terms & Conditions are the developer agreement for Retinex's certified API technology. Acceptance occurs at the point of application registration; no separate signed contract, click-through license, or developer agreement is required to access, develop against, or deploy to the certified API technology beyond the objective identity and redirect-URI verification applied uniformly to all API Users. Retinex imposes no developer agreement that would condition the rights in §3.3 on any of the prohibited terms listed in §3.4.
The following associated developer policies are incorporated into and form part of these Terms. Each is publicly accessible at no charge and without preconditions:
| Policy | Governs | Reference |
|---|---|---|
| Acceptable Use & Restrictions | Lawful, HIPAA-compliant use; no reverse-engineering of security controls; no unauthorized EHI access | See §1, rows 2–4 |
| Fair-Use / Rate-Limiting Policy | Limits applied equally to all similarly situated API Users to protect availability | See §2 API Fees |
| Security Policy | Credential and token security, authentication, authorization (RBAC), encryption, and audit logging | Security & Compliance |
| Privacy Policy | Handling of personal and health information consistent with HIPAA and applicable law | Privacy Policy |
| Registration & Verification Policy | Client types, required attributes, dynamic and manual registration, identity verification | Application Registration |
| General Website Terms | Baseline terms; these API Terms govern in case of conflict | Terms & Conditions |
2. API Fees (§170.404(a)(3) & (B))
All fees are described below in plain language, including the persons to whom each fee applies, the circumstances in which it applies, and the amount or — for variable fees — the variable(s) and methodology used to calculate it.
| Fee | Applies to (persons / class) | Circumstances | Amount / methodology |
|---|---|---|---|
| API access & use of certified API technology | API Users (app developers) and patients | Accessing the §170.315(g)(10) API, documentation, sandbox, registration, and production connection details | $0 — no charge. |
| Documentation & test environment | All developers | Reading this documentation; using the sandbox / synthetic data | $0 — no charge. |
| EHI export (b)(10) | Patients, providers, successor systems | Single-patient and population EHI export | $0 — no charge (see Information Blocking → Fees). |
| EHR subscription | API Information Sources (provider organizations licensing the Retinex EHR) | Recurring license to deploy the certified Health IT | Per-provider recurring subscription; quoted in the customer's order form (see Costs & Certification). |
| Value-added services (optional) | API Information Sources / API Users who elect them | Services beyond what is necessary to develop, test, and deploy production apps (e.g. premium SLAs, dedicated support, custom integrations) | Permitted value-added-service fees under §170.404(a)(3)(iv); priced per the applicable service order; never required to access or use the certified API technology. |
Retinex does not charge: any fee to access the documentation it must publish; any fee for resources reasonably required to make effective use of the certified API technology; or any fee essential to developing and commercially distributing production-ready applications (including test environments and the connection information needed to reach the API). Permitted fees are based on objective, verifiable criteria uniformly applied to all similarly situated parties, are reasonably related to and allocated against Retinex's costs, and are not based on whether a party is a competitor. Retinex keeps records of any fees charged, the methodology used, and the costs to which they are attributed.
3. Openness & Pro-Competitive Conditions (§170.404(a)(4))
3.1 Independent access
Retinex provides certified API technology to an API Information Source with the independent ability to permit an API User to interact with that technology. Application-developer affirmations regarding their ability to secure a refresh token and/or client secret are treated in good faith.
3.2 Non-discrimination (§170.404(a)(4)(i))
Retinex grants access to its certified API technology on terms no less favorable than it extends to itself, its customers, suppliers, partners, and other business relationships. Retinex does not offer different terms or services based on (1) whether a competitive relationship exists or would be created, or (2) the revenue or other value a party may derive from using the API technology.
3.3 Rights that must be granted (§170.404(a)(4)(ii)(A))
Upon request, Retinex grants API Information Sources and API Users all rights reasonably necessary to: (1) access and use the certified API technology in production; (2) develop products and services that interact with it; and (3) market, offer, and distribute those products and services.
3.4 Prohibited conduct — what Retinex will not require (§170.404(a)(4)(ii)(B))
Retinex does not condition the rights above on:
- Paying a fee (including a license fee, royalty, or revenue-share);
- Agreeing not to compete with Retinex in any product, service, or market;
- Dealing exclusively with Retinex in any product, service, or market;
- Obtaining additional licenses, products, or services unrelated to (or unbundlable from) the certified API technology;
- Licensing, granting, assigning, or transferring any intellectual property to Retinex;
- Meeting any Retinex-specific testing or certification requirements; or
- Providing Retinex or its technology with reciprocal access to application data.
3.5 Service & support obligations (§170.404(a)(4)(iii))
Retinex provides the support and services reasonably necessary to enable the effective development, deployment, and use of the certified API technology by API Information Sources and API Users in production. Contact support@retinex.ai.
4. Additional Terms
These terms do not limit additional content Retinex may include, such as consumer protections. Nothing here prevents API Information Sources and API Users from forming permissible business relationships, provided they do not conflict with the ONC Cures Act Final Rule or other applicable law.
5. Change Log
| Date | Version | Change |
|---|---|---|
| 2026-06-03 | 1.0 | Initial publication of API-specific terms, fees, and openness conditions. |