HITInfrastructure

Networking News

ONC 2015 Edition EHR Certification Builds Case for APIs, FHIR

By Kyle Murphy, PhD

- To complement the publication of proposed Stage 3 Meaningful Use requirements by the Centers for Medicare & Medicaid Services, the ONC has issued its proposed rule for the 2015 Edition certification criteria, the means by which certified EHR technology enables eligible providers to demonstrate the final phase of the EHR Incentive Programs.

In looking to set a foundation for an interoperable health IT infrastructure, the ONC's proposed rule emphasizes the value of application programming interfaces (APIs) and the currently most talked about standard in health IT circles, Fast Health Interoperability Resource.

Under the section of the health IT certification criteria for application access to the Common Clinical Data Set, the federal agency reveals its plan to adopt a new certification criterion in order to handle requests from patient data from multiple applications.

"We propose that this certification criterion would require the demonstration of an application programming interface (API) that responds to data requests for any one or more of the data referenced in the Common Clinical Data Set definition," the propose rule states.

The ONC acknowledges the role of industry feedback and the ability of APIs to expand access to common data sets as motivation for this specific certification criterion proposal.

Additionally, the federal agency proposes to make the "Application Access to Common Clinical Data Set" certification criterion a part of the criteria necessary for satisfying the definition for of a 2015 Edition Base EHR.

"This additional proposal, due to its linkage to the CEHRT definition," the ONC continues, "would ensure that all EPs, eligible hospitals, and CAHs would need to adopt a Health IT Module certified to this criterion in order to have the necessary health IT to successfully demonstrate meaningful use under the EHR Incentive Programs."

In allowing for "a wide array of implementations to meet the certification criterion," the ONC is proposing to specify three technical outcomes to meet this certification criteria:

1) Security. The API needs to include a means for the establishment of a trusted connection with the application that requests patient data. This would need to include a means for the requesting application to register with the data source, be authorized to request data, and log all interactions between the application and the data source.

2) Patient Selection. The API would need to include a means for the application to query for an ID or other token of a patient’s record in order to subsequently execute data requests for that record.

3) Data requests, response scope, and return format. The API would need to support two types of data requests and responses: “by data category” and “all.” In both cases, while the scope required for certification is limited to the data specified in the Common Clinical Data Set, additional data is permitted and encouraged.

According to the federal agency, its proposed approach to this certification criteria should give health IT developers "ample flexibility" to create and customize APIs as well as to leverage current standards already necessary for seeking certification for other criteria. Another important aspect of this proposed approach is its anticipation of future innovations.

"In addition, we believe that this approach supports future, innovative approaches to be used," the ONC explains. "The intent behind this certification criterion is to allow for, but not require, health IT developers to implement the Fast Health Interoperability Resource (FHIR®) REST API and accompanying FHIR standard specification."

Health IT develops will also need to provide technical documentation and terms of use as part of the testing for certification:

The technical documentation would need to include, at a minimum: API syntax, function names, required and optional parameters and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns. The terms of use would need to include information of the API’s developer policies and required developer agreements so that third party developers could assess these additional requirements before engaging in any development against the API.

The proposed inclusion of APIs and standards such as FHIR align well with the ONC's plan to achieve nationwide health IT interoperable through standards-based data access and exchange.