Register your application at https://bluebutton.cms.gov/developers/ to obtain a client_id and client_secret for the sandbox environment.
Implement the OAuth2 authorization code flow using the sandbox authorization URL; beneficiaries log in with their MyMedicare.gov credentials to grant consent.
Exchange the authorization code for an access token and extract the patient identifier from the token response or the /v2/connect/userinfo endpoint.
Request the patient's claims data by calling the FHIR endpoints: /v2/fhir/Patient, /v2/fhir/ExplanationOfBenefit, /v2/fhir/Coverage using the Bearer token.
Handle paginated Bundle responses with next links; ExplanationOfBenefit queries can return hundreds of claim records.
For production access, complete CMS's production approval process including a security review and data use agreement before handling real beneficiary data.
Known gotchas
Blue Button 2.0 contains only Medicare Part A, B, and D claims data—it does not include clinical notes, lab results, or private insurance claims; do not present it to users as a complete health record.
Sandbox beneficiary accounts use synthetic data and test credentials distinct from production; never test against real Medicare credentials.
Beneficiary consent is per-app and can be revoked; always check token validity and handle 401 responses gracefully by prompting re-authorization rather than treating revocation as an error.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp