In the quest for a Health IT ecosystem, the Office of the National Coordinator for health IT has gathered a task force of 11 members that met last week for the first time. The objective was to determine how APIs will be used to share health information, according to a recent article by Molly Bernhart Walker for FierceGovernmentIT.
The ONC is encouraging the use of APIs to allow patients to send health data to the API of a selected third party from any healthcare portal in a capability called View, Download, Transmit. Any API must meet the ONC’s specified certification criteria, which includes the ability to view and download health records, but there are some security and privacy concerns that must be addressed.
The first meeting of this task force outlined its primary objectives;
- Identify perceived and real security risks that prohibit the adoption of APIs
- Identify perceived and real privacy concerns that prohibit the adoption of APIs
- "Identify priority recommendations for ONC that will help enable consumers to leverage API technology to access patient data, while ensuring the appropriate level of privacy and security protection."
The group is anticipating the possibility of hundreds of highly specific questions around these topics once the ONC’s API rules are first implemented. "A lot of this may come down to, in the end, clinical judgment," said Jeremy Maxwell, IT security specialist with ONC's office of the chief privacy officer. However, he added that "Our goal here is security and privacy concerns rather than on how well defined these APIs are".