Private Sector Actions Highlight Promise of Planned Federal Rules for Electronic Health Records

Electronic health records have helped improve medical care and reduce costs. But to fulfill their promise, the information in these digital tools must flow easily between computer systems in hospitals, doctors’ offices, and other places patients receive care. Progress toward this seamless exchange of data—or interoperability—could be accelerated through wider adoption of application programming interfaces (APIs), a tool used by many websites to help people shop for airline tickets or hotel rooms by comparing information from multiple online sources.

A move in that direction came in November, when the CARIN Alliance—more than 60 electronic health record (EHR) vendors, consumer technology companies, application developers, and health care providers—proposed a voluntary code of conduct for handling patient health care data shared through APIs with entities such as smartphone application developers that are not covered by the Health Insurance Portability and Accountability Act, the 1996 federal law intended to protect the privacy of medical information. The alliance’s approach in the use of APIs, and the commitment of its members to follow the new code of conduct, offers a pathway for other organizations and the government to follow as APIs become more prominent in health care.

APIs essentially operate as bridges between computer systems, facilitating the aggregation of data from different sources. Their use in health care is expanding; many EHR vendors have created APIs that allow third-party applications to access patient information.

Under the proposed code of conduct, CARIN members commit to using APIs to grant patients secure access to their health information, an approach that is only now beginning to gain traction in health care. For example, APIs could help patients get their medical data on their smartphones in a secure way that also protects privacy. That, in turn, could give patients a better understanding of their health needs as well as ensure that their information is accurate.

But while the code of conduct is an important step, more work remains in order to advance the adoption and effective use of APIs in health care systems across the nation.

Federal rules, expected this year, could drive progress in these areas by expanding the EHR data available via APIs. The 21st Century Cures Act, passed by Congress in 2016, required the Office of the National Coordinator for Health Information Technology (ONC) to issue rules for EHR systems that ensure “all data elements” in health records are available via APIs. These APIs could serve various purposes, from getting patients their information to improving data exchanges among health care facilities and tools that support clinical decisions.

To meet the Cures Act’s objectives, ONC’s planned rules should require the release of more information—such as family health history or medical imaging data—than is often made available via APIs today. ONC should also ensure that these APIs adhere to common standards for recording and transmitting data, which would ease exchanges between software systems.

The CARIN Alliance’s draft code of conduct demonstrates the health care industry’s increasing interest in using APIs, which can help get patients their data and can equip clinicians with the information they need to provide the best possible medical care. In fact, the alliance is working on developing industry consensus on ways to release to patients more health plan, pharmacy, and post-acute care information in 2019. The federal government can, and should, contribute to the growing momentum toward APIs in health care by crafting policies that promote their effective use in EHRs.

Ben Moscovitch directs The Pew Charitable Trusts’ health information technology initiative.