Getty Images

How APIs Streamline Patient Access to Health Information

HL7 FHIR-based application programming interfaces (APIs) can help boost interoperability for streamlined patient access to health information.

To comply with federal interoperability regulations for patient access to health information, many stakeholders are adopting application programming interfaces (APIs).

A portion of the Office of the National Coordinator for Health Information Technology (ONC) Interoperability rule calls on providers and device developers to promote patient access to health information through APIs or third party applications. Compliance for this portion of the rule began on April 5, 2021. 

“Delivering interoperability actually gives patients the ability to manage their healthcare the same way they manage their finances, travel and every other component of their lives,” Don Rucker, MD, former national coordinator for health information technology, said of the final rule at the time. “This requires using modern computing standards and APIs that give patients access to their health information.”

“A core part of the rule is patients’ control of their electronic health information which will drive a growing patient-facing healthcare IT economy and allow apps to provide patient-specific price and product transparency,” Rucker continued.

Additionally, the CMS Interoperability and Patient Access final rule requires payers and providers to remove the industry siloes that prevent seamless patient data exchange across the care continuum.

Compliance for the final rule began on July 1, 2021.

To comply with the CMS interoperability and patient access final rule, most provider organizations are implementing application programming interfaces (APIs).

APIs are widely leveraged across business sectors. When someone checks the weather on her phone, uses a website to search for a flight, or sends a direct message, she is using an API.

Put simply, an API sends information back and forth between a user and a website or app.


Data Standards

Federal regulations have increasingly referenced Health Level Seven International’s Fast Healthcare Interoperability Resources (FHIR) as a requirement for data exchange.

This standard is key to streamlining patient access to health information and ensuring interoperability.

According to Pew, the FHIR standard “allows different systems access to modular—or individual—pieces of data and provides more flexibility to obtain only relevant information through an API, such as a medication list or recent diagnosis. For example, apps on patients’ smartphones can use FHIR to request and receive a list of allergies without accessing any other data.”

The CMS Interoperability final rule requires that member data access must follow the HL7 FHIR standard for the electronic exchange of healthcare information.

To fulfill this condition of participation, Washington and Michigan selected an interoperability solution from CNSI which provides members access to their personal health data through a secure FHIR-based API.

The interoperability tool is set to provide patients with data regarding care encounters and claims, as well as a provider directory.

“Medicaid beneficiaries are the real winners in all this as they will have access to their health information when they need it most and in a way they can best use it,” Jason Werner, manager of the Medicaid EHR Incentive Program at State of Michigan, said in a press release at the time of the announcement.


Mobile Access to Health Data

Apple’s Health Records on iPhone is a digital health solution that forms a direct connection between a healthcare organization and a patient’s Health app on her iPhone.

This connection grants patients portable access to information related to their allergies, conditions, immunizations, lab results, medications, procedures, and vitals. 

EHR vendor MEDITECH recently announced a new feature that aims to promote patient empowerment through patient data exchange with providers via Apple’s Health app.

As iOS 15 becomes available this Fall, the flow of patient data exchange will go both ways; patients at participating organizations will be able to share their personal health information with hospitals and physician practices.

The interoperability solution will allow patients to choose what health information they share and with whom they share it, promoting patient empowerment.

EHR vendor Cerner Corporation also recently partnered with Apple on the new feature.

“What that means for a patient is that they have the right to choose an app of their choice and gain access to their clinical data and use it however they want,” Sam Lambson, Cerner’s vice president of interoperability, told The Kansas City Star.

Greater access to personal health information may improve patient engagement, prompting patients to become more involved in their care.

“This past year has emphasized the importance of health, and we’re enabling our users to take a more active role in their well-being,” Jeff Williams, Apple chief operating officer, said in a news release at the time of the announcement. “We’ve added powerful features that give users the most comprehensive set of insights to better understand their health trends over time.”


API Updates

As the healthcare industry’s needs shift, third-party API vendors can provide customers with updates to health IT.

For example, a Google API update helped healthcare organizations provide patients with electronic copies of their COVID-19 vaccination and testing information through a digital COVID Card.

Healthcare organizations have been distributing physical COVID-19 vaccination cards as proof of vaccination. However, these cards may be subject to forgery, physical damage or wear, and misplacement. Healthcare leaders in EHR have emphasized that paper cards are not the optimal way to document vaccination.

Google responded to these concerns with an update to its API.

Organizations authorized by public health authorities to distribute COVID-19 vaccines and/or tests, including healthcare organizations and government agencies, can implement the API.

Once a patient stores the digital version of her COVID Card to her Android device, she can access it through a shortcut on her device’s home screen. This allows patients to access their personal health data even when they are offline or in an area with weak internet service.

Users must have a lock screen to store a COVID Card on their device. For security purposes, each time a patient wants to access her COVID Card, she will be asked for the password, pin, or biometric method set up for her Android device.

If a patient wants to access her personal health information on multiple devices, she will need to manually store it on each device. Users may also share their COVID Card with others.

Greater patient access to healthcare data can increase the risk of a security breach. Although the update uses an API that may already have security protections built into the design, updating an API still requires attention to privacy and security.

Google designed the COVID Card to ensure patient health data security and privacy, representatives noted in a press release. The company does not share the information in the user’s COVID Card with the its various services or third parties, nor is it used for targeting ads.

As the digital health transformation continues, APIs are set to help healthcare organizations grant patients safe, easy access to their personal health data.

Next Steps

Dig Deeper on Interoperability in healthcare

Cloud Computing
Mobile Computing