Open healthcare APIs are now the law of the land

The new 21st Century Cures Act mandates that medical records be accessible via open APIs.

With a stroke of his pen, President Obama turned the landmark 21st Century Cures Act into law on December 13, 2016. This extensive healthcare bill sailed through both the U.S. House and Senate with huge bipartisan majorities, by focusing on improving patient outcomes through research, regulatory changes, and funding for initiatives like Vice President Biden’s “cancer moonshot”.

But buried deep inside the 996-page legislation is a subsection on IT that is poised to transform the way that doctors, hospitals, insurance companies, and patients interact with medical information. In clear language, the Cures Act mandates the use of open healthcare APIs beginning January 1, 2018, by requiring electronic health record (EHR) systems to have:

  • “… published application programming interfaces, with respect to health information within such records, for search and indexing, semantic harmonization and vocabulary translation, and user interface applications”
  • “… such mechanisms as application programming interfaces without the requirement for vendor-specific interfaces”


The Cures Act goes on to state that providers must demonstrate that health data can be accessed “through the use of application programming interfaces without special effort,” and it explicitly prohibits closed proprietary interfaces, or what the law terms “information blocking”. Vendors found to be in contravention could face penalties of up to $1 million per violation.

What the 21st Century Cures Act means for healthcare IT

Over the past few years, interoperability has become a buzzword in healthcare IT, with many vendors committing to a voluntary “Interoperability Pledge” sponsored by the U.S. Department of Health and Human Services. But with little concrete progress seen by either regulators or the public, the Cures Act moves to the next level by adding legislative teeth to the mix – turning a nice-to-have imperative into a race for compliance.

In many ways, this move towards regulation parallels the journey being taken by APIs in the financial industry. While consumer demand for better banking apps and more streamlined transactions between institutions led to dabbling in APIs, it was ultimately the passing of PSD2 legislation in Europe – with its mandate for open access to account information and transaction capabilities – that unleashed a torrent of banking API projects with big budgets and hard deadlines.

Next steps for healthcare in an open API world

One of the most mature technology solutions for meeting interoperability standards in healthcare is Fast Healthcare Interoperability Resources (FHIR), an emerging API-based framework for managing the transfer of health data across a wide range of endpoints including mobile apps, cloud services, and different EHR platforms.

FHIR takes a streamlined, modular, and agile approach to interoperability that resonated strongly with us earlier this year. So using CA API Management SaaS, we set out to build a sandbox to show how FHIR domain data would benefit from being fronted by tools to improve API discovery, security, scalability, and developer usability – with the goal being a genuinely useable healthcare interoperability platform.

I’m proud to say that our project was a resounding success, and together with our partner Perficient, we took it to CA World last month. For their contribution, Perficient built a sample app for iOS on our FHIR portal – in less than a month – to demonstrate innovative functionality like viewing and authorizing the transfer of lab results with a single swipe, and automatically updating medical records with Fitbit data.

Racing towards compliance is never easy, but it is possible to turn a regulatory nightmare into sustained competitive advantage with the right technology approach. For more information, I invite you to read our take on open APIs in healthcare.

David Chiu
David Chiu is a Senior Principal for product marketing at CA Technologies, specializing in API…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Low-Code Development: The Latest Killer Tool in the Agile Toolkit?What Are “Irresistible” APIs and Why Does Akamai's Kirsten Hunter Love Them?Persado's Assaf Baciu Is Engineering AI to Understand How You Feel