Connecting to National Health Information Networks: Direct Integration vs On-Ramp APIs

Konstantin Kalinin

Head of Content

July 14, 2025

Think you need to “join the right network” to access clinical data? That’s like asking whether to install Comcast or AT&T when your building already has fiber—and your neighbor’s leasing out a faster Wi-Fi connection next door.

The question isn’t which network. It’s how you plug in without wrecking your dev sprints or legal budget.

Before you sign that Carequality contract or start mapping HL7 flows, let’s talk strategy. We’ll unpack what actually matters—and how to choose a path that won’t bottleneck your product or your team.

Key Takeaways

• It’s not about the network—it’s about the integration strategy.

Joining Carequality or CommonWell doesn’t guarantee usable data access. The real variable is how you connect—direct integration piles on legal, technical, and governance overhead, while on-ramp APIs abstract that pain and deliver faster results.

• On-ramp APIs aren’t just shortcuts—they’re orchestration engines.

Vendors like Particle, Redox, and Health Gorilla don’t just “wrap the network.” They manage trust agreements, fix fuzzy patient matching, normalize CCDs, and handle retries and routing quirks—saving you from months of backend chaos.

• Patient-matching UX can make or break your entire workflow.

Most data retrieval failures come from poor demographic input, ambiguous matches, or silent query errors. Getting the tech right isn’t enough—you need bulletproof user flows, deduplication logic, and match confidence cues baked into your product.

Table of Contents

1. The Real Question Behind “Which Network Should We Join?”
2. National Networks 101 — And Why You Probably Don’t Need Both
3. Direct Integration: When Owning the Pipe Becomes a Problem
4. On-Ramp APIs: Fast Lane to the Same Data
5. What Actually Comes Back: Coverage, Military Data, and History Windows
6. Demographics, Matching, and Clinical UX: Where Things Break
7. Choosing Your Strategy: 5 Scenarios for Direct vs API
8. You Don’t Need to Navigate This Alone

The Real Question Behind “Which Network Should We Join?”

If you’re still asking “Carequality or CommonWell?”—you’re already down the wrong rabbit hole.

This is the question we hear from product teams every other week. And here’s the blunt truth: it doesn’t matter which network you join if you pick the wrong integration method.

The Mistake Everyone Makes

Some well-meaning CTO, PM, or compliance lead gets nervous about coverage gaps, so the team starts eyeing direct memberships with multiple national networks. Maybe even both Carequality and CommonWell. Sounds thorough, right?

Except that’s not how modern health data plumbing works anymore.

These networks already interoperate—joining both doesn’t double your access, it doubles your legal and technical overhead.

What matters more is how you connect. Do you really want to stand up the infrastructure, credentialing, and governance in-house? Or would you rather work with a vendor that’s already solved this at scale?

That’s where on-ramp APIs come in. Vendors like Particle Health or Health Gorilla aren’t just middlemen—they’ve pre-negotiated trust agreements, handle patient-matching quirks, and smooth out network idiosyncrasies so you don’t have to.

What You Actually Need to Be Asking

• Who’s managing trust bundles and legal agreements with each participating org?
• How much flexibility do we need over patient-match logic and demographics?
• Are we prepared to handle multi-match scenarios and org-level match reviews manually?
• Do we want to manage all this ourselves… or use an API partner that’s already been through the fire?

Spoiler: direct integration sounds great until your legal team is buried in BAAs, and your engineering sprint board becomes a graveyard of onboarding tasks.

The truth is, if you’re building a clinical platform or app, the actual data you receive doesn’t change just because your logo’s on a Carequality contract.

Bottom Line

⚠️ Don’t confuse network coverage with integration strategy.

✅ Ask yourself who’s owning the headache: your team or your vendor?

Because in this game, the wrong architecture isn’t just expensive—it’s a roadblock dressed up as progress.

National Networks 101 — And Why You Probably Don’t Need Both

Let’s settle this up front: Carequality, CommonWell, and eHealth Exchange are not rival gangs. They’re increasingly interwoven parts of the same national interoperability fabric. So unless you’re running a network strategy for the Department of Veterans Affairs, you probably don’t need to join all three.

The Big Three, in Numbers

Here’s what matters at a glance—not the marketing decks, but the real footprint:

Carequality

• Framework for 600K+ providers
• 4,200+ hospitals, 50K clinics
• 350M+ documents exchanged per month
• Backbone for Epic, Athena, Meditech, and more
• Think of it as the “network of networks” tying everyone together

CommonWell

• Over 36,000 connected provider sites
• 240M+ individuals reachable (~70% of the U.S.)
• 7.7B+ documents exchanged to date
• Powered by Oracle Cerner, Allscripts, etc.
• Now a designated QHIN under TEFCA (yes, they’re getting serious)

eHealth Exchange

• Oldest, most government-facing network
• Connects 75% of U.S. hospitals, 85% of dialysis centers, 60+ state HIEs
• 300M+ patients represented
• Moves 21B+ transactions per year
• The only one tightly integrated with five federal agencies, including the VA and DoD

That last point is important. If your app or platform needs VA or military patient data, eHealth Exchange is non-negotiable. But thanks to TEFCA and cross-network bridges, even that’s now becoming accessible via Carequality or CommonWell as well.

Interoperability Has Evolved

This isn’t 2017. The silos have cracks now—on purpose.

• CommonWell ↔ Carequality: Fully connected since 2018. One participant can query the other without custom plumbing.
• eHealth Exchange ↔ Carequality: Actively bridged. Carequality functions as connective tissue for dozens of networks, including state HIEs and federal agencies.

In short: these networks talk to each other. You don’t need to sign up for both Carequality and CommonWell to cover your bases. That just adds cost, complexity, and legal noise—without improving your actual data reach.

Gotchas That Still Catch Teams Off Guard

• You don’t get a full copy of a patient’s life history. Each source controls how much data is available—most networks don’t retain anything centrally. It’s fetch-on-demand. If the source hospital only keeps 3 years of records, that’s all you’ll get.
• You won’t get behavioral or substance abuse data unless the source permits it. Federal consent rules still apply.
• None of these networks let you cache VA data indefinitely. It flows, it’s used, it’s gone. That’s by design—security and compliance win over convenience here.

So… Do You Need Both?

Unless you’re trying to future-proof for direct federal reporting, no.

Pick the one that gets you into the ecosystem fastest—often via your EHR vendor or an on-ramp API. The others will come baked in as part of that package, without you having to lift a finger.

Direct Integration: When Owning the Pipe Becomes a Problem

Let’s not romanticize “full control.” Direct integration into a national network sounds like you’re building a high-speed rail line. But in practice? It’s more like laying your own track, negotiating with every landowner along the way, and still getting stuck behind a freight train.

Here’s what actually happens when teams go direct—and why many eventually wish they hadn’t.

It Starts with Good Intentions…

Direct integration appeals to teams who want to:

• Bypass third-party vendors
• Retain maximum data routing control
• Avoid long-term API costs
• Impress the compliance committee

And sure, you can do all of that. Just prepare to mortgage your roadmap.

The Real Costs: Legal, Technical, and Operational

Here’s what your team’s really signing up for:

1. Legal & Governance Overhead

• Multi-party trust frameworks (DURSA, Carequality Connected Agreement, etc.)
• Individual participation agreements
• Policy enforcement and governance meetings
• Liability and breach responsibility negotiations

2. Infrastructure Management

• Hosting query endpoints
• Managing certificates and mutual TLS
• Implementing IHE XCA/XDS.b, C-CDA parsing
• Logging, auditing, failover handling

3. Org-by-Org Onboarding

• For many networks, you’re not just “in” once you go live
• Some participants require bilateral trust or custom configurations
• Testing and credentialing with each endpoint is not plug-and-play

4. Maintenance Hell

• Annual network recertification
• Keeping up with evolving specs (FHIR support, TEFCA compliance)
• Staying compatible as upstream participants update systems

This is the “fun” that large health systems have internal teams for. If you’re a startup or mid-sized org trying to move fast, this path burns months—and your PMs and devs will spend more time in spreadsheet checklists than shipping features.

What the Docs Don’t Tell You

• You can pass testing and still fail in prod—due to org-specific edge cases, inconsistent patient matching logic, or delayed endpoint onboarding.
• Some orgs only respond to queries from “known” connections—even inside Carequality. You may technically be “connected,” but functionally still blocked.
• You’ll likely hit diminishing returns fast: direct integration gives you more control, but not necessarily more coverage. Most big players already talk to each other through network bridges.

Who Should Go Direct?

There are valid reasons to own the pipe—just make sure they’re your reasons:

• You’re a health system with an existing IT team trained on national exchange protocols
• You need ultra-fine-grained routing rules or edge-case data workflows
• You’re building infrastructure for others (e.g. an HIE or data intermediary)

Otherwise, ask yourself: are you optimizing for scale—or for résumé bullet points?

On-Ramp APIs: Fast Lane to the Same Data

If direct integration is building your own highway, using an on-ramp API is grabbing an EZ Pass to the freeway someone else already paved, certified, and filled with traffic.

We’re talking about Particle Health, Redox, and Health Gorilla—your three real options if you want access to Carequality, CommonWell, and eHealth Exchange without sacrificing quarters of engineering time and buckets of Advil.

Let’s break down what they actually do (and what most teams misunderstand).

What You Think You’re Getting: “Just an API to the networks”

What You’re Actually Getting:

• Legal trust bundles + framework participation abstracted away
• Patient-match logic and fallback strategies you don’t have to build
• Real-time querying and data post-processing
• Deduplication, normalization, FHIR transformation
• Logging, audit trails, error recovery, SLA-backed uptime
• In some cases, a lightweight EHR-in-the-cloud

This isn’t a wrapper—it’s an orchestration layer. And each vendor does it differently.

Particle Health: Unified Firehose with Smarts

Particle gives you one endpoint. Hit it, and you get data from all three major networks—Carequality, CommonWell, and eHealth Exchange. Under the hood, it does:

• Smart record location: Uses current and past ZIP codes, plus condition-specific heuristics (e.g. if your patient has a rare disease, it’ll check Centers of Excellence).
• Verato-backed EMPI: Referential matching = better odds your patient isn’t lost due to “Robert” vs “Bob”.
• Post-query validation: Cross-checks demographics from returned documents before they hit your workflow.

👉 Ideal for teams that want a fast, consistent experience and don’t want to manage any of the fuzzy matching headaches or geographic scope config.

🛑 Gotchas:

• It pulls everything. No pre-query filters = potential data overload.
• You’re largely buying into Particle’s way of doing things. Great if you align, limiting if you want more custom routing.

Redox: The Integration Swiss Army Knife

Redox has deep roots as an integration platform and has evolved to offer national network access via its Network Onramp. Key distinctions:

• Supports Carequality + CommonWell (via QHIN)
• Lets you choose your QHIN: Redox isn’t one, so it can switch on your behalf.
• More EHR connections beyond networks: Can route into Epic, Cerner, Athena directly via custom channels.

It also offers:

• Bi-directional flows (e.g. write referrals, meds, etc.)
• “Data on Demand” cache for faster repeat access
• Verato-powered EMPI available (optional)

👉 Ideal for orgs that need flexibility: nuanced workflows, custom integrations, or multi-modal data sources.

🛑 Gotchas:

• Less out-of-the-box—Redox wants to be your long-term integration partner, not just your network pass.
• Might be overkill for MVPs that only need read-access to records.

Health Gorilla: HIE-as-a-Service with QHIN Status

HG isn’t just an API vendor—it’s a QHIN, a California-designated QHIO, and an all-in-one health data platform. It connects to the same big three networks, but goes further:

• Patient360 API triggers real-time record pulls
• 50-mile default search radius, auto-expanded if new addresses are found
• State-of-the-art MPI and “Safety Check” matching to prevent mismatches
• FHIR-native data store with post-query filtering and continuous record enrichment

Bonus: If you want to build a full patient chart or portal, HG already has that scaffolding in place.

👉 Ideal for teams that want deep coverage + UI support, or are future-proofing for TEFCA data exchange across multiple purposes (not just treatment).

🛑 Gotchas:

• Slightly more hands-on integration (e.g. managing address scopes, enrollment workflows)
• Platform cost can creep up with all the bells and whistles

Common Misconceptions (and Why They Hurt Teams)

🚫 “We’ll just query for what we need”

➡️ Not how it works. You get all the data allowed by the source—no pre-query scoping by date or section.

🚫 “All these vendors are the same”

➡️ Nope. They differ in matching accuracy, data enrichment, retry logic, FHIR modeling, and subscription workflows.

🚫 “It’s plug-and-play”

➡️ It’s plug-and-go… once you understand query scope, webhook setup, patient identity quirks, and what to do with 10,000 unstructured documents from a 90-year-old patient.

If you need to get live clinical data into your product without babysitting HL7, XDS.b, or EHR reps:

• Particle is the shortest path to “it just works.”
• Redox is your go-to if you want long-term flexibility and custom flows.
• Health Gorilla is your bet if you want the full HIE toolkit—and plan to grow into broader TEFCA use cases.

What Actually Comes Back: Coverage, Military Data, and History Windows

Just because you “connected to the network” doesn’t mean you’ll get the data you need—or even the data you think you’re entitled to. Misconceptions around coverage, access to VA/DoD records, and data availability windows are common enough to derail entire product roadmaps. So let’s get precise.

Who’s Actually on the Grid?

If you’re plugged into Carequality, CommonWell, or eHealth Exchange, congratulations—you’re talking to nearly every major hospital and clinic in the U.S.

By 2025, these networks function less like isolated silos and more like a stitched-together mesh of data liquidity. Thanks to interop agreements (Carequality ↔ CommonWell, Carequality ↔ eHealth Exchange), any single integration can open the door to all three—assuming your on-ramp handles the handoff properly.

So yes, you get national reach. But remember: connected ≠ cooperative. Just because a provider could share data doesn’t mean they will (more on that in a bit).

Military and VA Data: Yes, You Can Get It (But Know the Route)

This is where most founders get it wrong: “Can I get veteran records through CommonWell?”

Short answer: yes, but only if your data highway is properly paved.

• eHealth Exchange is still the backbone for VA and DoD records. It’s how you tap into military hospitals and VA clinics. If your integration doesn’t route through eHealth Exchange—or through a vendor that does—you’re not seeing veteran data, period.
• CommonWell & Carequality now also offer VA data access, but it’s largely piggybacked through Oracle Cerner (the VA’s new EHR) and relies on your on-ramp vendor handling the Carequality-eHealth bridge correctly.

Pro tip: Don’t assume your aggregator handles this automatically. Particle, Redox, and Health Gorilla all claim access to federal records, but the real test is how cleanly they route across networks and match veteran IDs. Ask if they’ve successfully pulled VA/DoD records at scale, not just technically “support” it.

How Far Back Can You Go?

Big myth: “These networks give you 10 years of history.” Not necessarily.

These are federated exchanges, not centralized vaults. Each query pulls records from the original data source in real-time. So what you get depends on:

• How long the source org retains data electronically
• Whether the CCDs include older encounter summaries
• How far back your on-ramp vendor configures the query radius (geographically and temporally)

In practice:

• You might get 7 years of history from a large health system,
• 18 months from a community clinic,
• And nothing at all from a practice that never onboarded to any HIE.

The networks themselves don’t impose retention limits. But you can’t ask CommonWell to “delete a record” or “give you all of Joe Smith’s history”—because they don’t store any records. They’re brokers, not banks.

Gotchas to Flag

Here’s where teams get burned:

• The VA is connected—but only if you routed through the right vendor. Some on-ramps don’t have eHealth Exchange hooked in well, or misconfigure consent pathways for federal records.
• Data looks stale? The clinic might’ve purged old records. Or your vendor didn’t extend the query radius to include Joe’s college town hospital.
• You get back too much data—then realize it’s from three different “John Smiths.” Patient-matching logic matters. More in section 6, but preview: don’t cut corners on demographics.

TL;DR — What You Really Get

Bottom line: network access ≠ data completeness. The good news? Most gaps are avoidable with the right on-ramp setup, realistic expectations, and some strategic vendor grilling.

Want VA records, deep history, and clean CCDs? Don’t just ask “Are you connected?” Ask how they route, validate, and expand queries. That’s where 90% of your success will come from.

Demographics, Matching, and Clinical UX: Where Things Break

Let’s be blunt: most data-sharing failures aren’t technical—they’re identity problems. Your patient search might hit the network perfectly and still bring back nothing useful. Or worse, it brings back the wrong patient.

Why? Because patient-matching is the weakest link in national exchange workflows, and your UX either compensates for it—or amplifies it.

The Minimum Isn’t Enough

Carequality and CommonWell both accept queries with just:

• First Name
• Last Name
• Date of Birth
• Gender

Sounds easy, right? Until you try querying “Maria Garcia, 01/01/1985” in Los Angeles. You will get either zero matches or too many. Both are bad.

What actually works in production:

• Full name (first + last), DOB, gender — baseline
• Full address (City, State, ZIP) — non-negotiable for CommonWell
• Phone number and/or email — strongly recommended
• SSN if available — match rate booster
• Bonus: middle name, previous names, exact formatting (normalized, USPS-style)

Every extra field improves your match confidence. And missing just one can make your query look like a false positive or a ghost.

What Happens When There’s More Than One Match?

Here’s the thing: if your demographics are too fuzzy, networks will either:

• Return multiple possible profiles (e.g., CommonWell via its MPI)
• Return “no match” (which might actually mean “too many matches to return one safely”)

The result? Someone—either your app or your user—has to decide which “John Smith” is the right one.

You can:

• Ask the user to confirm (“Did you ever live at 123 Main St?”)
• Force stronger inputs (e.g., block queries unless ZIP+phone or SSN is included)
• Rely on the vendor’s MPI to resolve behind the scenes (Particle, HG, Redox all try this)

If you’re doing your own UI, this is where you can break the user experience or build trust. Don’t over-automate this step. Make ambiguity visible—but not terrifying.

Vendor MPI ≠ Magic Wand

On-ramp APIs try to help here:

• Particle: Verato-powered referential matching, plus post-query document validation (it double-checks if incoming CCDs actually match the original patient).
• Health Gorilla: Deterministic matching at query time + their own MPI for post-processing and deduplication. Their “Safety Check” flags sketchy matches.
• Redox: Pushes everything to the network and lets the network match, unless you add their Verato-powered EMPI add-on.

So yes, the vendors help—but garbage in = garbage out still applies.

Clinical Workflow Gotchas

This is where theory dies in the waiting room. Real issues we see:

• Front-desk staff skips key fields during intake. No ZIP? Congrats, you just tanked your match rate.
• Clinician assumes no data exists when the system quietly returns “No Match” because of a typo in DOB.
• User clicks ‘Retrieve All’ and gets flooded with 12 versions of the same allergy note from 4 clinics.

UX must do the following:

• Show match confidence (even a simple “likely match” tag can help).
• Prompt for missing or ambiguous fields before sending the query.
• Handle timeouts gracefully. Don’t let the doc stare at a spinner. Async fetch + notifications works best.

And whatever you do, don’t hide failed matches. Expose the cause: “Couldn’t find the patient—try adding phone number or ZIP.”

Deduping: You Will Need It

Whether you go direct or via on-ramp, duplicates happen.

• One med listed in 3 different CCDs = UI clutter
• One patient in two networks with a maiden name and a married name = MPI nightmare

Vendors try to help:

• Particle dedupes CCDs and gives you a flat, normalized FHIR bundle.
• Health Gorilla merges via their MPI and adds provenance data.
• Redox lets you filter or dedupe downstream, but you have to configure it.

Build a UI that shows source and timestamp. Let users collapse repeated data. And never assume CCDs are clean.

Final Red Flags

• Patient match fails silently? The user assumes the patient has no history. Wrong.
• Two patients merged? Now you’re showing one person’s psych notes in another person’s chart. Good luck with that lawsuit.
• A single field mismatch (e.g., phone typo) kills an otherwise perfect query. Normalize before you send.

Matching UX = Make or Break

Choosing Your Strategy: 5 Scenarios for Direct vs API

If you’re still weighing “direct integration” vs. an on-ramp API like it’s a philosophical debate, let’s bring it back to earth.

This isn’t about purity or pride. It’s about what you’re building, how fast you need to move, and how much overhead your team can tolerate. Below are five real-world scenarios to help you pick the right path—based on project scope, org type, and risk appetite.

You’ve got product-market fit to prove, investors breathing down your neck, and three engineers juggling eight APIs.

Go with: Particle Health or Health Gorilla

Why?

• Fastest to integrate (single API, full U.S. coverage)
• Already connected to Carequality, CommonWell, eHealth Exchange
• Handles patient matching, network rules, deduplication

Avoid: Direct integration. You’ll burn quarters you don’t have negotiating DURSA agreements and troubleshooting org-specific CCD quirks.

Tip: Particle’s “one query gets everything” approach is the lowest-friction if your UX doesn’t need advanced filters. HG is better if you also want a native chart viewer.

Scenario 2: You’re a Mid-Sized Health System Building a Centralized HIE

Your CIO wants bi-directional data flow, fine-grained control, and maybe even TEFCA readiness baked in.

Go with: Health Gorilla (if you want a QHIN-compliant platform) or Direct Integration + Redox

Why?

• HG gives you full-stack HIE + QHIN status
• Redox lets you layer in direct EHR integrations on top of national network access
• Direct integration makes sense here if you want to host infrastructure and enforce org-level routing policies

Avoid: Particle (too abstracted for complex, system-level routing needs)

Tip: If you’re managing multiple facilities with unique workflows, Redox’s configurability pays off.

Scenario 3: You Need Write-Back or Bi-Directional Data Flow

You’re not just reading external records—you want to push referrals, write meds, or sync encounters.

Go with: Redox

Why?

• Built for EHR integration from day one
• Supports write-back via HL7/FHIR/custom interfaces
• Lets you combine real-time feeds and network queries

Avoid: Particle and Health Gorilla (both skew read-only for now)

Tip: Redox can also future-proof your TEFCA connections by letting you swap QHINs later—without rearchitecting your app.

Scenario 4: You Want Full Patient History, with Smart Search Logic

You need a longitudinal record—clean, deduped, normalized—without needing to know every clinic the patient’s visited.

Go with: Particle Health

Why?

• Best record locator logic (e.g. searches based on past ZIPs, specialty heuristics)
• Intelligent matching via Verato
• Handles false positives with post-query validation

Avoid: Direct integration (you’ll miss a lot unless you build similar heuristics—and you won’t)

Tip: If you’re concerned about firehose queries, Particle’s Deltas API helps you fetch only new data after the first pull.

Scenario 5: You’re a Compliance-Heavy Org (e.g., Payer, Public Health)

You need exchange under multiple TEFCA purposes (not just treatment), audit trails, and policy-aligned infrastructure.

Go with: Health Gorilla

Why?

• QHIN status = ready for all TEFCA exchange purposes
• Built-in compliance hooks for sensitive data access
• Trusted by public agencies (California QHIO, etc.)

Avoid: Vendors not yet fully TEFCA-aligned

(Particle and Redox are close but rely on third-party QHINs)

Tip: If you’re in California, HG’s designation as a QHIO gives you a compliance edge with state mandates.

TL;DR — The Shortlist

Picking your integration path is a strategic decision—make it based on actual workflow needs, not vendor pitch decks. You’re not buying access; you’re buying capability + leverage.

You Don’t Need to Navigate This Alone

If this felt like a lot—it’s because it is.

Choosing between direct integration and on-ramp APIs isn’t just a technical decision. It’s a strategic fork that affects your roadmap, burn rate, and patient experience. And once you’re in, course-correcting gets expensive—fast.

We’ve helped dozens of healthtech teams avoid dead-ends here. Whether you’re launching an MVP, scaling a platform, or untangling messy EHR workflows, we’ve been in the trenches. We know the networks. We know the vendors. We know how to make them work together.

Let’s talk. Book a consult with our EHR integration team. You bring the vision. We’ll help you connect the pipes.