popyconcept - Fotolia
The Office of the National Coordinator for Health IT is steadfast in fostering interoperability through healthcare APIs. But health IT leaders are asking for more nuance: specifically, how APIs can also keep patient data safe.
During ONC's 3rd Interoperability Forum this week, Don Rucker, national coordinator for health IT, made it clear that the federal agency is dedicated to pursuing greater patient access to data through healthcare APIs, or code that enables software programs to talk to each other.
Earlier this year, ONC and the Centers for Medicare and Medicaid Services proposed new rules on interoperability and information blocking. The proposed rules would require healthcare organizations to use APIs, which ONC hopes will create a market for healthcare apps and inject competition into the mix.
"We are very serious in getting the American public to have the benefits of interoperability on their smartphone," he said.
Rucker and ONC are focused on the interoperability rule and getting patient data access through apps, as well as keeping data secure. But during the forum, a panel of healthcare experts raised other issues that could affect the use of healthcare APIs.
Patient data safety
Don RuckerNational coordinator for health IT
Based on more than 2,000 comments on the proposed rules from the healthcare community, ONC is taking a harder look at a growing concern: secondary uses of data when healthcare apps store medical records.
Indeed, concerns about patient data safety were voiced even before the comment period on the rules concluded. During a hearing in May held by the U.S. Senate Committee on Health, Education, Labor and Pensions, several Senate members questioned whether patient data would be safe in an app ecosystem.
The community's worry has to do with end-user license agreements, which users are asked to sign off on when using an app. The agreements are often cumbersome, long and filled with small print that, in part, detail potential secondary uses of data, something a patient could overlook or accept blindly.
The agreements "don't work in this modern world," Rucker said, and the agency is working to find more transparent ways of getting patient consent.
Healthcare organizations are not yet required to use APIs so that patients can download their electronic health information into healthcare apps -- nor are they incentivized to make it known when they do. Indeed, another concern the panel raised had less to do with functionality and more to do with awareness.
Philip Parker, CEO at Boston-based Coral Health, said as a tech company with a healthcare app, he works closely with EHR vendors and provider organizations to connect to APIs they have available. One of the issues he sees is lack of patient awareness about the availability of healthcare APIs enabling them to download their data into an app.
"There's a big gap there where patients aren't asking for this yet because they don't know about it, and it makes it difficult," Parker said.
While ONC's proposed rule requiring organizations to use healthcare APIs has not been finalized, early adopters have seen dismal results, according to new research in the "Journal of the American Medical Association."
Researchers studied 12 U.S. health systems with at least nine months of experience using healthcare APIs. From March to December 2018, the study found that only 0.7% of patients who logged into their patient portal also used an API to download their health data into an app.
The study acknowledged that because the capability is new, few applications are able to access and use electronic health information. But it also stressed that there has been "little effort by healthcare systems or health information technology vendors to market this new capability to patients, and there are not clear incentives for patients to adopt it."
While APIs will be a good way to share information once patients become more familiar with the capability, another challenge is the content, according to panelist Jim Barnett, director of strategic intelligence analysis at AARP. Clinical or claims data doesn't always make sense to consumers and can be difficult to interpret, he said. "We need more work there," he said.