In 2015, ONC recognized the potential for APIs to revolutionize health care data sharing, as it has already revolutionized data sharing in other industries. ONC issued a regulation that included “certification criteria” for APIs. Using APIs as part of electronic health records systems, or EHRs, can make it easier for patients to get and share important health information. APIs can also help health care providers share patient information with other providers securely and efficiently.
APIs are messengers or translators that work behind the scenes to help software programs communicate with one another. If you have ever used a web-based application or a mobile “app” on your computer, smartphone, or tablet to purchase a flight or pay a bill, you’ve probably used an API.Today, APIs have become an integral part of both our personal and business worlds. ONC has adopted API certification criteria for electronic health records to help enable access to health information for clinical and patient-facing uses.
Let’s start with something you’re familiar with. Think about searching for a flight. Before APIs, people had to visit various airlines’ websites to compare prices. Now, there are travel search programs that centralize airline flight information. How do they do this? By using APIs.APIs in health care are already doing the same things. For example, mobile apps can use APIs to gather data from fitness trackers and add the data to a patient’s personal health record. In the near future, patients may even be able to use an API to electronically share diagnostic information with their doctor in real time – like blood pressure readings, blood sugar levels, and other health information patients generate themselves.Now that certified electronic health records are required to provide APIs, patients will be able to connect with these APIs to gather and share health information, like from health care providers’ patient portals.
Let’s take a look at a scenario in which a patient securely accesses her medical records with the help of APIs.1.) The patient downloads and logs into the app with her username and password.2.) The patient uses the application to link securely to an API for the health careprovider’s EHR.3.) The application sends a request to the patient’s health care provider EHR asking for access to her medical records.4.) The health care provider’s EHR validates the request coming through its API and sends back the patient’s data to the app.5.) The patient can now access health information from the app and can merge this information with other health information from other sources – for example, patient portals – to access all the data in one place.
We have learned that APIs act as a doorway to data that lets people with the right key get through. APIs work in exactly the same way on different types of devices, in various operating systems, and on a range of mobile devices. When using APIs, remember that the security safeguards required by the ONC certification rule establish a floor of security controls that all certified electronic health records must meet. However, even when using certified health IT resources and tools, there are risks whenever data are shared electronically. The HIPAA Security Rule can help providers manage these risks. The Security Rule requires providers that are covered by the rule to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting electronic personal health information, or e-PHI. Covered providers are required to perform risk analysis as part of their security management processes. When health care providers add APIs or other new technologies to facilitate information sharing, the best way to identify the risks is to conduct a revised security risk assessment. If the analysis identifies new risks, security measures will need to be put in place to reduce those risks.This process will help providers protect their practice from threats such as ransom ware, theft, or other types of hacking. ONC offers a Security Risk Assessment Tool online, free of charge, to help small and medium providers assess their risk so they can take the appropriate precautions.
Read more click here