ONC: APIs adequate to support patient-directed access

The task force created by Office of the National Coordinator for Health IT (ONC) has released its recommendations in the development of application programming interfaces (APIs).

The investigation did not uncover any “show-stopping” obstacles that would prevent increased deployment of APIs, while encouraging ONC to pursue APIs as methods of increasing patient choice and overall efficiency in the healthcare market.

“While access to health data via APIs does require additional considerations and regulatory compliance needs, we believe existing standards, infrastructure and identity-proofing processes are adequate to support patient-directed access via APIs today,” wrote he ONC task force.

The findings were released during a May 17 meeting of the Health IT Policy and Standards Committees in Washington, D.C.

The task force’s report also included four major recommendations:

  1. ONC should coordinate with the relevant agencies and committees to help to effectively implement regulations that ensure privacy and security.
  2. ONC should analyze the feasibility of a single, comprehensive oversight framework mechanism that would address the needs of the patient-directed API ecosystem.
  3. ONC should publish guidance as quickly as possible for EHR API developers, app developers, providers and patients in matters related to sharing data to ensure HIPAA compliance.
  4. ONC should provide guidance to providers on patient-specific warnings and notices that can and should be made available via the provider’s portal prior to the app approval or authorization.