The Office of the National Coordinator's Health IT Policy and Standards Committees on Tuesday approved recommendations from the agency's application programming interface (API) task force, but narrowly and only after much debate.
In a report presented at a joint meeting of the committees, the task force generally supported APIs, noting that there were no "show-stopping" barriers to using APIs for patient apps. The 2015 edition of certification criteria created three new criteria that require certified health IT to demonstrate the ability to provide patient-facing app access to the common clinical data set via an API. To be certified for API criteria, privacy and security specifications must be met. In parallel, the Centers for Medicare & Medicaid Services included two objectives in Stage 3 of Meaningful Use regarding APIs: patient electronic access to health information and coordination of care through patient engagement.
The task force suggested that ONC should continue its pursuit of an API strategy for enabling patient choice and promoting a more efficient healthcare marketplace, and addressed eight topics, including app registration, limits and safeguards on sharing patient information, auditing and accounting for disclosures, endorsements, identity proofing and user authentication.
It also suggested that ONC analyze the feasibility of a "single, simple, comprehensive oversight framework mechanism that would address the needs of the patient-directed API ecosystem." The task force noted that ONC, as advisor, should seek to harmonize conflicting, redundant and confusing laws that govern access to health information.
Several other recommendations for ONC included:
- Encourage app developers to adopt a voluntary code of conduct
- Encourage the private market to develop standards specific to the usability of consumer apps
- Coordinate with agencies to pursue the concept of "privacy literacy" with patients
- Support a model privacy notice for app developers
The task force was created in response to concerns by ONC regarding privacy compliance and security of APIs.
The committee members had many comments and concerns with the task force's recommendations, particularly on the ability of providers to block an app that the provider believed was detrimental to the patient, and the patient's ability to use it anyway.
The lack of consensus caused the task force to consider not voting or creating a minority report. In the end, the recommendations, with an amendment to enable providers the right of "fair warning" to patients regarding APIs with which they had concerns, was approved, 13-10; the task force chairs agreed to confer with ONC regarding the best way to proceed.