Skip to main content
Skip to main navigation
Skip to footer

by Dr. David McCallie
Published on November 10, 2016

Join Dr. David McCallie, Meg Marshall and Lucia Savage, chief privacy officer with the ONC, in a panel discussion Preparing your org for the implications of consumer controlled APIs: App access via the patient portal, 4:15 p.m., Wednesday, Nov. 16, at the Cerner Health Conference in Kansas City, Missouri.

Consumers have greater expectations for personalization when seeking care than ever before, and they want access to their electronic health information anytime, anywhere. The term view, download and transmit (VDT) is a now-familiar Meaningful Use (MU) requirement that provides consumers with multiple options for access to their electronic health record (EHR) data. VDT is only the beginning. Application programming interfaces (APIs), which have been the backbone of the ecosystems that have revolutionized many other industries, are coming soon to health care. Providers need to get up to speed on what's required and have a plan to meet those requirements.

APIs offer direct programming access to the underlying health IT system and enable 'app' developers to create tools that can ingest EHR data and provide new services to consumers. Through projects like SMART® on FHIR®, providers are becoming familiar with APIs that support customization of the EHR experience. However, API access is not limited to providers. A new class of APIs will give consumers the ability to access their health information on demand via apps of their choice. These APIs are emerging not simply based on consumer demand, but also are driven by major regulations coming into effect in the near future.

Under the Office of the National Coordinator for Health Information Technology (ONC) 2015 Edition requirements, which will start being enforced in 2018, and Meaningful Use Stage 3 (MU3) requirements, patients must be granted access to portal-hosted APIs upon request. ONC's expectation is that patients will be able to select apps which can then be connected to the patient's portal account. The patient can use their portal login information to authorize the app to download their health data from the EHR. Unlike provider-facing APIs, a consumer's app can only access the patient's own data, but otherwise, the provider and patient API specifications are very similar.

Granting patients access to EHR data through the use of APIs was a major change, so ONC designated a joint task force (co-chaired by Meg Marshall, senior director of health policy with Cerner, and Josh Mandel, formerly with Boston Children's) to survey various stakeholder opinions and concerns. The task force concluded there were no 'show stopping' barriers that would prevent the deployment of APIs within the timelines for ONC 2015 and MU3. The task force also recommended that ONC continue its pursuit of an API strategy as another important mechanism for enabling patient choice and promoting a more efficient health care marketplace.

One of the first uses of the new consumer access APIs will be the Sync for Science (S4S) pilot program. In February, the National Institutes of Health (NIH), in collaboration with the ONC, launched S4S to enable individuals to access their health data and share it with researchers associated with the NIH Precision Medicine Initiative (PMI). The PMI intends to create a 1 million-member volunteer research cohort, with the expectation that many of the participants in the cohort will be consumers who choose to 'donate' their health data to the PMI.

Cerner is one of several EHR suppliers involved in S4S working to verify that these APIs can accurately retrieve the patient's data. The APIs used for S4S are the same ones that will help our clients meet the Meaningful Use requirements for API-based patient access.

Cerner is proud to be a leader in the movement to enable consumers to have more control of their health care data. However, we believe we should enter this new 'app era' cautiously, because there are still numerous unanswered technical and policy questions to be worked out.

Here are just a few scenarios a provider may be faced with as these API rules come into effect.

  • A provider wishes to 'prescribe' a trusted app to patients, with the hope the app will help with management of a health condition,
  • A patient wants to connect an app from a commercial app store to access clinical data through the patient portal, even though the provider may have never seen the app or heard of the app's vendor,
  • Informatics staff at the hospital develops an app in-house and wants to make it available to all patients,
  • A medical or IT student, who is also a patient, creates a personal app to access their health data and wants to connect it to their own portal account.

How far will providers need to go to ensure that each of these scenarios, and potentially many others, are feasible by Jan. 1, 2018? There are many questions:

  • Once these APIs are turned on, will patients find apps and actually come seeking API access?
  • What are the liability issues providers should be concerned about?
  • Do APIs present new threats to privacy and security?
  • Will apps need to be certified by Cerner before access is granted?
  • Will providers be able to promote or exclude specific apps?

While we don't have all the answers yet, we think it's worth a broader discussion because it's not a question of whether consumer API access is coming, but when - and the industry needs to be prepared.

A Leap Forward for Value-Based Care

by Dr. Debbie Zimmerman
July 9, 2018
Lumeris and Cerner announce a 10-year, strategic operating relationship to create Maestro Advantage™, a collaboration which leverages the significant investments health systems have made in digitizing their clinical and process data.

Read full post

Ep. 82: Dignity Health's Sean Turner on Leveraging HIEs for Disaster Preparedness

by Sean Turner
July 3, 2018
HIEs empower the appropriate, timely sharing of vital patient information between organizations, which can better inform decision making at the point of care. There’s even more potential for HIEs to impact outcomes when it comes to disaster preparedness, as they have the potential to provide timely access to clinical information in response to a disaster.

Read full post

Unpacking the U.S. Federal Government’s Role in Advancing Health IT Interoperability Policies

by Meg Marshall
June 28, 2018
There are many options to consider as health IT policy levers can be any form of incentive, penalty or mandate used to effectuate change in support of health IT adoption, use or interoperability.

Read full post