API task force recommendations gain narrow approval

Fed advisory committees debate app certification; amendment gives providers a voice.


By a vote of 13-10, the Health IT Policy and Standards committees has approved final recommendations from a task force on application programming interfaces (APIs), but only after an amendment was included to satisfy dissenting opinions among members.

Meaningful Use Stage 3 requires certified electronic health records to provide an API through which patient data can be viewed, downloaded and transmitted to a third party. APIs, which allow a software program to access the services provided by another software program, are seen as the enabling technology for patients to gain access to their healthcare information that may be held in multiple provider EHR systems.

The API task force presented its final recommendations during a joint May 17 HIT Policy-Standards Committee meeting that generated a spirited debate, primarily around the development of private sector endorsement or certification of API-enabled apps. At issue was the task force’s recommendation that the Office of the National Coordinator for HIT not require centralized certification or testing of the plethora of health apps expected to be generated as a result of widespread adoption of open APIs in healthcare.

“Instead, ONC should encourage a secondary market in app endorsements,” states the task force’s 53-page report. At the same time, the advisory group recommended that ONC “should ensure that provider organizations must not use endorsements (or the lack of endorsements) as a reason to block the registration of an app, or to block a patient’s ability to share data with an app.”

However, HIT Policy Committee Co-chair Paul Tang, MD, voiced his concerns that without any kind of ONC certification or endorsement of these apps, consumers will not be properly be able to make choices on informed consent.

“It’s always a fine line to walk in terms of what to enforce through regulations at the government level and what should the private sector do,” said Tang. “Your heavy reliance on the private sector, which is all voluntary and could of course be very fragmented, just makes me nervous.”

Ultimately, Tang argued, providers are patient advocates. Likewise, Paul Egerman, a member of the HIT Policy Committee, expressed his belief that without ONC certification or endorsement, the development of an ecosystem of API-enabled health apps through which patients’ EHRs can be viewed, downloaded and transmitted to third parties would have serious risks.

“In particular, [the task force] says provider organizations need to accept all of these apps regardless of the lack of endorsement from any rating agency,” said Egerman. “Provider organizations should be able to block any app that they reasonably think is not beneficial or detrimental to the patient. Unfortunately, I will be voting no on these recommendations. I think this goes too far. ”

To address some of these concerns, an amendment was added to the task force’s recommendations acknowledging provider organizations’ rights to supply “fair warning” to patients about apps that do not meet their criteria for integrity, security or safety.

However Josh Mandel, MD, co-chair of the API task force, responded that the group “felt it would be undesirable to try to have a federal certification program by which every patient-facing app would need to be officially approved.”

Meg Marshall, task force co-chair, also told the committees that while providers don’t have the obligation to protect patients by reviewing or validating “suspicious” apps, she said “they certainly have the right to protect their own systems.” For instance, according to the task force’s report, providers may suspend API access to an app that does not meet its terms of service or appears to have been compromised.

More for you

Loading data for hdm_tax_topic #better-outcomes...