Open healthcare APIs are now the law of the land
The new 21st Century Cures Act mandates that medical records be accessible via open APIs.
With a stroke of his pen, President Obama turned the landmark 21st Century Cures Act into law on December 13, 2016. This extensive healthcare bill sailed through both the U.S. House and Senate with huge bipartisan majorities, by focusing on improving patient outcomes through research, regulatory changes, and funding for initiatives like Vice President Biden’s “cancer moonshot”.
But buried deep inside the 996-page legislation is a subsection on IT that is poised to transform the way that doctors, hospitals, insurance companies, and patients interact with medical information. In clear language, the Cures Act mandates the use of open healthcare APIs beginning January 1, 2018, by requiring electronic health record (EHR) systems to have:
The Cures Act goes on to state that providers must demonstrate that health data can be accessed “through the use of application programming interfaces without special effort,” and it explicitly prohibits closed proprietary interfaces, or what the law terms “information blocking”. Vendors found to be in contravention could face penalties of up to $1 million per violation.
What the 21st Century Cures Act means for healthcare IT
Over the past few years, interoperability has become a buzzword in healthcare IT, with many vendors committing to a voluntary “Interoperability Pledge” sponsored by the U.S. Department of Health and Human Services. But with little concrete progress seen by either regulators or the public, the Cures Act moves to the next level by adding legislative teeth to the mix – turning a nice-to-have imperative into a race for compliance.
In many ways, this move towards regulation parallels the journey being taken by APIs in the financial industry. While consumer demand for better banking apps and more streamlined transactions between institutions led to dabbling in APIs, it was ultimately the passing of PSD2 legislation in Europe – with its mandate for open access to account information and transaction capabilities – that unleashed a torrent of banking API projects with big budgets and hard deadlines.
Next steps for healthcare in an open API world
One of the most mature technology solutions for meeting interoperability standards in healthcare is Fast Healthcare Interoperability Resources (FHIR), an emerging API-based framework for managing the transfer of health data across a wide range of endpoints including mobile apps, cloud services, and different EHR platforms.
FHIR takes a streamlined, modular, and agile approach to interoperability that resonated strongly with us earlier this year. So using CA API Management SaaS, we set out to build a sandbox to show how FHIR domain data would benefit from being fronted by tools to improve API discovery, security, scalability, and developer usability – with the goal being a genuinely useable healthcare interoperability platform.
I’m proud to say that our project was a resounding success, and together with our partner Perficient, we took it to CA World last month. For their contribution, Perficient built a sample app for iOS on our FHIR portal – in less than a month – to demonstrate innovative functionality like viewing and authorizing the transfer of lab results with a single swipe, and automatically updating medical records with Fitbit data.
Racing towards compliance is never easy, but it is possible to turn a regulatory nightmare into sustained competitive advantage with the right technology approach. For more information, I invite you to read our take on open APIs in healthcare.