Accessing the ZAP

This page explains when and how your organization can access a patient’s Zus Aggregated Profile (ZAP), including what data is available, how access is asserted, and what happens when patient or subscription status changes.

What Is the Zus Aggregated Profile (ZAP)?

The Zus Aggregated Profile (ZAP) is a unified patient record that may include:

• Data contributed by your organization
• Data retrieved from third-party health data networks
• Data contributed by other covered entities on Zus

Access to third-party and cross-organization data is conditional and depends on:

• Applicable legal, contractual, and network-specific requirements
• Your asserted relationship with the patient

Permitted Use

Legal Context (HIPAA)

Under HIPAA, the use and disclosure of protected health information (PHI) is permitted for activities related to Treatment, Payment, and Healthcare Operations (TPO).

Zus and Network Requirements

In addition to HIPAA:

• Health data exchanges integrated with Zus may impose additional access requirements (e.g., treatment-only use, prescribing provider presence).
• To use the Zus platform, your organization must:
  • Agree to the Zus Builder Terms of Service
  • Have your use case reviewed and approved by Zus’s sales and legal teams

Asserting an Active Patient Relationship

Zus uses the FHIR Patient.active field as the primary signal that your organization has an active treatment relationship with a patient for TPO purposes.

When Patient.active is set to true, Zus treats your organization as authorized to access third-party data for that patient, subject to subscription status and network rules.

How Patient.active Can Be Set

The Patient.active field may be set to true in the following ways:

1. Patient history requests or subscriptions
   When you submit a patient history API request or enroll a patient in a Zus data subscription, you must assert that you have treatment consent. Zus treats this assertion as evidence of an active patient relationship and automatically sets Patient.active = true.

2. EHR integrations
   If you sync patient data from your EHR, your integration may set this field automatically.

3. Direct updates
   You may explicitly set Patient.active for a patient via the FHIR API.

When Patient.active is set to false (or treated as false), your organization can still access its own data, but third-party and cross-organization data will no longer be visible.

📘

⚠️ Important: NULL Values Are Treated as FALSE

Unlike the FHIR specification, Zus interprets a NULL value for Patient.active as FALSE.

If you set Patient.active to NULL, Zus will:

• Pause active data subscriptions
• Remove access to previously queried third-party network data

Best practice: Always explicitly set Patient.active to either true or false. Never leave it unset.

Example Active Patient

{
  "resourceType": "Patient",
  "active": true,
  "name": [
    {
      "family": "Smith",
      "given": ["Mike"]
    }
  ]
}

Data Retention

Zus will store all clinical for a given patient and make it accessible to your organization for as long as the following conditions are true:

• The FHIR Patient.active field is set to “true”, indicating an active treatment relationship
• The patient is actively enrolled in a Zus data subscription

What happens if I update the Patient.active field to “false”?

As stated above, your organization will retain access to your data for that patient, but data contributed by third-party networks or other builders on Zus will no longer be accessible.

What happens if I unenroll a patient from a Zus data subscription, or instead submit a patient history query?

Your organization will retain access to data contributed by third-party networks according to the following policy:

• Accessible via Zus App or APIs for at least 30 days
• Accessible via Zus data marts for at least 12 months

The data retention periods listed above are measured from the unenrollment date or the date of the last patient history query (whichever is later).