CareVue Technology

Medsphere was founded in 2002 with the initial goal of creating a comprehensive, affordable EHR built on the most proven and effective healthcare IT platform for use in the commercial healthcare market. With CareVue, the company leverages billions of federal dollars and targeted capital focused on applying a modern technology platform that includes new frameworks and programming languages. Medsphere’s development efforts in creating CareVue have yielded a distinctive solution that stands alone regardless of decisions made by non-Medsphere leadership.

Medsphere has added considerable functionality to CareVue for community and behavioral health hospitals, but it is the foundational changes to solution architecture, availability and connectivity that make the solution truly more adaptable to customer needs. In particular, Medsphere has improvised the technology stack to enable greater flexibility, used application programming interfaces (APIs) and custom-developed interfaces to ensure complete data in the patient record, and migrated CareVue to the cloud so hospitals can choose to move away from onsite data centers. Our Agile approach to product delivery ensures customers receive high-quality CareVue releases in a timely fashion.

Medsphere started with a rock-solid foundation on which to build, and we’ve continued to innovate by making CareVue a modern, independent, affordable care transformation tool.

CareVue Cloud

Medsphere’s CareVue Cloud option makes comprehensive EHR functionality available without the added burdens of on-premises deployment.

Via Medsphere’s software-as-a-service (SaaS) strategy, the fully cloud-based version of CareVue gives customers greater accessibility and saves the expense of local servers and data centers.

CareVue and all support services run in secure and isolated Amazon Web Services’ (AWS) virtual private clouds (VPCs). Each customer’s private CareVue instance is replicated across two geographically separate AWS regions; CareVue resources and data are isolated from other customers and malicious intruders. CareVue applications run in the cloud and are delivered to local workstations via web browser with a small helper client.

Each client’s data is separate and secure, meeting all HIPAA and HITECH requirements for security at rest and in transport. Medsphere’s base Cloud offering can scale to meet the needs of any organization.

The Advantages of CareVue Cloud

  • Lower Capital Costs: With CareVue Cloud, hospitals dispense with the need for onsite servers, hardware upgrades and specialized IT staff. Scaling up requires no additional capital investment.
  • IT Support Savings: Adoption of CareVue Cloud means the hospital has no need to deploy desktop application suites or local data centers; maintenance of applications and servers is not required.
  • Peace of Mind: Medsphere customers receive specialized and highly qualified support, standardized deployments, high availability, hourly backups and full disaster recovery systems/plans.

How CareVue Cloud Technology Works

  1. CareVue Cloud spans multiple Amazon regions in dedicated, HIPAA-compliant, isolated virtual private clouds (VPCs) (see diagram below).
  2. Medsphere leverages years of CareVue systems administration expertise to enable security features that surpass HIPAA requirements and design features that exceed typical on-premise installation performance.
  3. Each customer has a primary CareVue instance in one region and a secondary instance in a geographically distinct area, providing both high availability and disaster recovery (DR) features. This approach maximizes DR resilience during events like natural disasters that impact large geographical areas.
  4. Included in each customer instance:
    • Complete CareVue environments
    • IPSEC VPN tunnels for secure access and transport of printer, interface, and other data between CareVue Cloud and on-premises resources
    • Load-balanced user access portal & application servers
    • 24×7 support
    • Built-in high availability & disaster recovery features
  5. Each customer’s data is encrypted in transit and at rest, and is isolated and encrypted separately from that of all other customers.

Note: Click CareVue Cloud Specs for a complete overview of customer technical requirements. 

CareVue Cloud Technology

System Architecture

The defining characteristic of CareVue is flexibility. Medsphere has innovated at every level of the technology stack to create a solution limited neither by environment nor the inclusion of different components. 

Medsphere’s cloud and software-as-a-service (SaaS) strategy also gives clients both local and remote implementation options. Medsphere makes our CareVue EHR for acute and inpatient behavioral health hospitals available in a hosted model via industry-standard Amazon Web Services. Cloud-based CareVue is accessible from all the most commonly used platforms, including Windows, Linux and MacOS. 


The CareVue client employs either the Microsoft .NET framework or Mono, an open source implementation of Microsoft .NET, to provide modern functionality in a cross-platform graphical user interface (GUI) that is interoperable, language independent (C#, HTML 5, CSS, Java) and simple to deploy. The CareVue architecture enables the client to run natively on Windows or Linux systems. This flexibility allows facilities to leverage current hardware investment, expand resources and reach a greater clinical user base. 


At the network level, Medsphere updates an RPC-based approach through the use of CareVue Bridge, a middleware component developed by Medsphere that manages interaction between server and client, handles raw communication with the server, and provides an interface to the client. The implementation of the CareVue Bridge gives Medsphere the ability to use on-the-wire encryption for greater levels of security and enables the system to interact with Web-based applications.


The CareVue server layer uses Java, a platform-independent programming language intended to run anywhere, to give the overall technology improved market viability and extensive commercial market benefits. Through the use of Java, Medsphere enables the advancement of CareVue and preserves the longevity of the product. The incorporation of recognized interfacing technology standards such as Health Level 7 (HL7) enables CareVue to communicate effectively with required third-party applications (e.g., administrative, financial, PACS) in creating a complete, efficient enterprise EHR solution.

Application Server

At the Application Server level, Medsphere uses Java technologies to provide CareVue with more flexibility via an object domain layer. Medsphere developed this Java layer as part of the CareVue technology stack to enable greater application functionality, realize wider interoperability and increase development velocity. Through the use of this domain layer, CareVue applications can seamlessly connect to legacy modules and other Java-based applications, leveraging modern development methodologies (agile) and tools. For example, this tool is used to support interoperability with pharmacy billing systems. Medsphere provides additional flexibility at the Application Server level by giving clients the choice of either InterSystems Caché or Fidelity GT.M, a commercial open source solution.

Operating System

Medsphere offers freedom of choice at the OS level by certifying the use of CareVue on multiple platforms, allowing organizations to choose Linux or Windows operating systems, and hence a wider variety of hardware.


CareVue runs on any Intel x86 hardware. Medsphere provides recommended sizing guidelines for server-based configurations to support the optimal performance of the CareVue system. This gives clients a variety of choices, including Hewlett-Packard’s Intel-based products.

Medsphere is hardware-agnostic regarding compatibility with the CareVue Bar Code Medication Administration (BCMA) application. Customers can deploy whatever brand of barcode reader they choose. Most barcode readers are literally plug and play and are formatted to read a variety of barcodes. We recommend testing any legacy barcode scanners during implementation. Otherwise, purchase one for testing during implementation to make sure it works properly before go live. Typically, scanner ergonomics are more of an issue than specific functionality or compatibility. 

CareVue API

CareVue Release 2 has a published application programming interface (API) designed to support development and deployment of applications by our customers or third parties to securely access protected health information. These applications may be designed for use by patients or by authorized providers.

Terms of Use

The CareVue Common Data Set API is available for use by developers who agree to terms of use and application guidelines defined by Medsphere. Apps developed to this API will be able to connect to CareVue customers using the CareVue 2, 2017, release. CareVue customers may choose to enable or disable API access. Registered developers may also use documentation provided by Medsphere for the purpose of developing apps.

The CareVue API does not require any specific software components or configuration. It operates with secure communications via TLS encryption using the standard POST and GET messages as described in detail in our API documentation.


  1. You agree to indemnify, hold harmless and defend Medsphere, its subsidiaries, and CareVue customers and their affiliates, and all of their employees, officers, directors, contractors and other personnel from and against any claim arising out of or relating, directly or indirectly, to you, any of your apps, or any use of any of your apps.
  2. Medsphere will issue an app key for each app you submit for registration. This key will be required to identify your app and to permit access to the API. 
  3. You agree that Medsphere and CareVue customers may grant or deny API access to information at any time for any reason, and may implement control functions including but not limited to tracking and auditing access, disabling or blocking specific apps.
  4. An app may be blocked temporarily or permanently for abuse or misuse of the API or information obtained from the API. An app may be blocked for failure to follow reasonable security practices if so detected or reported to Medsphere or a CareVue customer. Apps that make excessive or inefficient use of API resources may be limited in rate or duration of requests or blocked. Medsphere may allow a CareVue customer to block an app for any reason. Medsphere understands that blocking should be a final option when less restrictive measures have failed.
  5. Terms of API use do not include access to CareVue software and do not confer any rights to use, copy, or distribute CareVue software. Direct access to CareVue software is not required to develop or test apps. Testing can be done by working with a CareVue customer or licensing CareVue software for development use. Your registration of an app and receipt of documentation does not give you permission to access any Medsphere customer’s CareVue system or any information stored in such systems.
  6. You agree to comply with app guidelines defined by Medsphere. These guidelines can be expected to change as needed to comply with regulations; protect private health information; safeguard CareVue customer systems and Medsphere infrastructure; and provide a reliable, high-quality experience for CareVue customers, as well as their patients and users.
  7. You are responsible for compliance with all applicable laws, regulations and certification requirements for the specific use of your app. Access through Medsphere’s API does not relieve you of any obligations under HIPAA, HITECH or relevant federal or state laws.

Getting Started

Contact Medsphere at 760-692-3700 to start the process and become a CareVue app developer.

API Documentation

Authentication and Encryption

CareVue 2.1 supports general multi-factor authentication when deployed as CareVue Cloud.  For electronic prescribing specifically, CareVue supports multi-factor authentication in both on-premise and cloud-based deployments.  

CareVue enables encryption of user credentials in compliance with FIPS 140-2.  It does so by default when deployed in a CareVue Cloud environment. When deployed on premise, the customer controls enabling this encryption.