The 2015 Edition final rule includes several health IT certification criteria that support patient access to, and patient-directed transmission of, their health information. Of note:
- The API criterion requires health IT to provide application access to the Common Clinical Data Set via an application programming interface (API).
- API functionality will help to address challenges such as the “multiple patient portal” problem by potentially allowing individuals to aggregate data from multiple sources in a single web or mobile application of their choice.
- As Don Rucker M.D., National Coordinator for Health Information Technology noted in his buzzblog “Achieving the Interoperability Promise of 21st Century Cures,” "The Cures Act builds on the 2015 Edition of ONC’s health IT certification criteria by calling for the development of modern APIs that do not require “special effort” to access and use. APIs are technology that allow one software program to access the services provided by another software program…APIs need to be standardized, transparent, and pro-competitive. Open and accessible APIs have transformed many industries. We think they can transform health care as well.”
To support the implementation of the 2015 Certification criteria and meet the requirements of the 21st Century Cures Act, ONC has developed an API training module aimed at providers and consumers to explain how APIs work and how they can support access to health information.
This learning module focuses on Application Programming Interfaces (APIs) and the role they play in health information exchange. It is interactive, and provides the user the ability to skip, select and replay chapters as they please. The module is aimed at both providers and consumers who want to learn more about how APIs work. It starts out with an introduction and general information then includes more technical material in a later chapter. The expectations are as follows:
- Provide a snapshot of how APIs can be useful in a health care setting
- Help providers to become familiar with APIs by understanding how they are used in other industries
- Give providers the technical terms they will need to understand developers when they discuss adding APIs to the provider’s practice
NOTE: this educational tool is designed to give a basic overview of how APIs work and is not intended to be implementation instructions. It is important to note that actual use of APIs in an electronic health record will require authentication and certification procedures, such as those suggested by Topic 8 in the API Task Force Recommendations. The use case outlined in the module assumes that these authentication procedures have already taken place. The text below outlines a more comprehensive view of user authentication, using patient portals as an example of how apps might consolidate health information from different providers. For more information on the privacy and security of APIs, visit this link: - https://www.healthit.gov/sites/default/files/privacy-security-api.pdf
- The patient downloads the health app of her choice
- The patient logs into the app and creates a username and password for the app.
- The patient uses the applicationto link securely to an API for the health care provider, where the patient logs onto the health care provider’s patient portal.
- The application sends a request to the patient’s health care provider asking for access to her medical records.
- The health care provider’s server validates the request coming through its API, fulfills the criteria, and sends back the patient’s data in a structured format.
- The patient can now access health information from the app from that provider
- The patient repeats steps 1-6 with other health care providers that have granted access to that application
- Depending on the app the patient is using, the patient can merge this information with other health information from other sources, to access all their health data in one place.