The Centers for Medicare and Medicaid Services in the final Stage 3 meaningful use rule is fully embracing application programming interfaces (APIs) for electronic health records to enable patients to view, download and transmit their health information, potentially replacing patient portals.

While the “current trend to use a patient portal to meet the view, download and transmit functions” is “prevalent and acceptable,” the final Stage 3 rule incorporates API functionality into an objective for patient electronic access, CMS notes in the rule. “The Stage 3 objective for Patient Electronic Access is not a ‘patient portal’ versus ‘API’ requirement or a requirement to support two patient portals,” according to the rule. “Instead, this proposed objective is supporting four basic actions that a patient should be able to take: view their health information; download their health information; transmit their health information to a third party; and access their health information through an API.”

Nonetheless, at the same time the rule comments that “APIs may be enabled by a provider or provider organization to provide the patient with access to their health information through a third-party application with more flexibility than is often found in many current patient portals,” and that “from the provider perspective, an API could complement a specific provider ‘branded’ patient portal or could also potentially make one unnecessary if patients were able to use software applications designed to interact with an API that could support their ability to view, download, and transmit their health information to a third party.”

Also See: Will APIs Replace Patient Portals in Stage 3 Meaningful Use?

The Stage 3 requirements are optional in 2017 but all participating Meaningful Use providers will be required to comply with the regulations beginning in 2018—including providing patient electronic access to their health information through an API—using EHR technology certified to the final rule for 2015 Edition Health IT Certification Criteria that was released on Tuesday by the Office of the National Coordinator for HIT.

“The 2015 Edition final rule provides more expectations about system security, which should be a top priority for developers,” who “will now be able to begin development of improved transitions of care and innovative API functionality,” states a CMS fact sheet released with the final Stage 3 rule. As the fact sheet points out, APIs support the ability of patients to more easily access their health data via mobile devices.

In addition, the final rule emphasizes that providers “may not prohibit patients from using any application, including third-party applications, which meet the technical specifications of the API, including the security requirements of the API.”

However, Micky Tripathi, president and CEO of the Massachusetts eHealth Collaborative, says he is “a little bit dismayed” that CMS has required deployment of an API in Stage 3. “My concern is that it may just be a little premature,” observes Tripathi. “I was really happy when the draft Stage 3 rule came out in the spring basically saying they would give the option of an API, but I’m uncomfortable now requiring it in the final rule.”

Tripathi is also manager of the Argonaut Project, an industry-wide effort to accelerate development and adoption of Health Level Seven International’s Fast Healthcare Interoperability Resources (FHIR), which leverages the latest web standards including the RESTful API. In October 2014, a Health IT Standards and Policy Committee task force recommended that ONC mobilize an accelerated standards development process to ready an initial specification of FHIR for certification to support Meaningful Use Stage 3.

“When we drafted the Argonaut Project charter back in December 2014, we firmly stated that—although we are very excited about APIs—we do not believe a FHIR-based API is ready for certification for Meaningful Use Stage 3 and that it would be premature to do that because the standard is not ready,” adds Tripathi. “As I look at our current experience and where we see the standards development process going, I just don’t see how that time gets compressed.”

Lee Barrett, executive director of the Electronic Healthcare Network Accreditation Commission, a voluntary, self-governing standards development organization created to develop standard criteria and accredit organizations that electronically exchange health data, says he is all in favor of being able to give patients the ability to access their information with an API. “The only concern that I have for the proliferation of APIs is that they are secure,” concludes Barrett.  

As for the utility of patient portals, Tripathi argues that the “view, download and transmit” requirement was never designated as a portal by CMS but EHR vendors “for whatever reason decided they were going to do that through a portal.” Still, he sees APIs and patient portals “living in parallel” for the time being.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access