New Standardized Health Care Application Programming Interfaces (APIs)
Will the Hoped-For Rewards from Improved Interoperability and Reduced Information Blocking Outweigh the Potential Impact on the Privacy and Security of Personal Health Information?
- September 03, 2020
- Jon Moore, MS, JD, HCISPP , Clearwater
This Briefing is brought to you by AHLA’s Health Information and Technology Practice Group.
On May 1, 2020, the Department of Health and Human Services (HHS) published in the Federal Register two new final rules (Final Rules) targeted at improving interoperability and patient access to health information: one from HHS' Office of the National Coordinator for Health Information Technology (ONC) and the other from its Centers for Medicare & Medicaid Services (CMS).
In its March 9, 2020, press release, HHS stated that “these final rules mark the most extensive healthcare data sharing policies the federal government has implemented, requiring both public and private entities to share health information between patients and other parties while keeping that information private and secure.” While few will argue the extensive nature and impact of the new Rules on data sharing, the claims of keeping that information private and secure have come under much debate. The concerns about privacy and security focus mainly on the new requirements for standards-based, publicly available web application programming interfaces (APIs) for certified health IT systems.
This article describes the Final Rules generally and, more specifically, the one-two punch of information blocking penalties and new API requirements that they introduce. To help the reader understand the implications of the new API requirements, APIs are explained, along with the evolution of APIs in health care technology. Finally, this article examines the risks arising from the implementation of APIs in the health care arena.