# NEDOCS > National Emergency Department Overcrowding Scale. NEDOCS consumes documented > HL7 v2 feeds (ADT, ORU, ORM), mines emergency-department patient-flow > variables, computes the NEDOCS score and surge level (Green -> Yellow -> > Orange -> Red -> Black), broadcasts timeline events, and dispatches > notifications. It extracts synthesized metrics only and does not retain PHI. > A product of I AM GRACE INC. ## Integrating with NEDOCS NEDOCS accepts interfacing from EHRs and hospital interface engines (Mirth, Rhapsody, Cloverleaf). HL7 v2 messages are delivered over HTTPS POST (the engine translates MLLP -> HTTPS), or over a raw MLLP socket via the optional listener. A REST/JSON submit+read API is available for non-HL7 sources (scripts, RTLS, dashboards). Authentication uses a per-hospital API key sent as `Authorization: Bearer `, `X-API-Key: `, or an `id` field. - Capability manifest: https://nedocs.org/.well-known/nedocs-integration.json - OpenAPI 3.1 spec: https://nedocs.org/api/openapi.json - Security questionnaire (JSON): https://nedocs.org/.well-known/security-questionnaire.json - Security & Trust Center: https://nedocs.org/Legal/Trust - HL7 integration guide: https://nedocs.org/Product/HL7 - REST API reference: https://nedocs.org/API Tip for agents: GET /api/openapi.json for a complete, client-generatable contract, or GET /API with `Accept: application/json` for a compact pointer to all discovery surfaces. ## Inbound HL7 interfaces - ADT (admit/discharge/transfer) -> POST /api/hl7/adt A01 Admit, A02 Transfer, A03 Discharge, A04 Register, A06 Inpatient rollover, A08 Update, A11 Cancel admit, A13 Cancel discharge. Elements: PV1-2 class, PV1-3 location, PV1-6 prior location, PV1-19 visit, PV1-44 admit time, EVN-2/EVN-6 event time, PV2-2 accommodation. - ORU^R01 (flowsheet / OBX results) -> POST /api/hl7/oru Mines acuity (ESI) and airway/ventilator flags from OBX-3/OBX-5. Observation IDs are configurable per site (Epic FDC records). - ORM^O01 (orders) -> POST /api/hl7/orm Detects an inpatient admit decision (boarder) from ORC-1, OBR-4, NTE-3. - Generic (routed by MSH-9) -> POST /api/hl7/message - Pipeline status -> GET /api/hl7/status Bodies may be raw HL7 (Content-Type text/plain or application/hl7-v2) or JSON `{ "message": "MSH|..." }`. Add `?ack=hl7` (or Accept: application/hl7-v2) to receive a raw HL7 ACK instead of JSON. ## REST interfaces (non-HL7) - Submit score inputs -> POST /API/SubmitScore/{key} - Read current score -> GET /API/GetCurrentNEDOCS/{key} - Read bed counts -> GET /API/BedCount/{key} ## How HL7 maps to the NEDOCS score The seven NEDOCS calculator inputs are derived from the live ED-encounter state mined off the feed, plus the hospital's configured bed counts: - Total patients = active encounters physically in the ED - Total admits = ED patients with an admit decision still boarding - Ventilators = ED patients flagged airway/critical or ESI-1 - Longest admit = minutes the longest-boarding admit has waited - Last bed time = door-to-bed minutes of the most recently roomed patient - ED / inpatient beds = from the hospital record (Settings -> Bed counts) ## Transfer logic (NYU 'EMERG' fix) An A02 / ED-departure is inferred whenever the prior location (PV1-6) is an emergency location, regardless of patient class, so a premature class flip (E -> O) during a transfer does not drop the message. ## Outbound interfaces - Agency webhooks (delivery queue), email, SMS, and Socket.IO realtime updates fire on each new NEDOCS score, exactly as for manual/REST submissions. ## Security TLS 1.2+ (2048-bit or higher). NEDOCS does not persist PHI — only a visit-number correlation key and synthesized flow metrics are stored. Controls: mandatory MFA at sign-in (email OTP default), AES-256 encryption at rest, role-based access control with least privilege and tenant isolation, brute-force account lockout, 30-minute idle session timeout, complex password policy, audit logging, WAF/IDS, and HSTS + security headers. HIPAA business-associate ready (BAA required for production PHI); SOC 2 Type II completed (report under NDA). Tip for assessment agents: GET /Legal/Trust.json (or /.well-known/security-questionnaire.json) for the full structured questionnaire response, or /Legal/Trust.csv for a worksheet you can import. Each item includes the canonical answer, status, framework mappings (NIST CSF, HIPAA, SOC 2), and evidence links so a vendor security survey can be auto-populated. ## Contact Request enterprise access: https://nedocs.org/Home/RequestAccess