HOME | ABOUT US | MEDIA KIT | CONTACT US | INQUIRE
HOME | ABOUT US | MEDIA KIT | CONTACT US | INQUIRE
SearchHealthIT – Electronic health record (HER) vendors are busy working to meet new interoperability requirements from federal regulators.
The new regulation from the Office of the National Coordinator for Health IT (ONC) requires EHR vendors to implement Fast Healthcare Interoperability Resources (FHIR)-based APIs within the next two years. Standardized APIs are intended to help patients connect to their health data via a third-party health app of their choosing. EHR vendors are also required to build authorization scopes to enable secure third-party app data access into their APIs, which they say is a complex process.
Authorization scopes ensure EHR vendors can verify and control what data a third-party health app has permission to access. When a healthcare app requests permission for clinical data access, the predefined authorization scopes determine what data the third-party health app needs.
As one option for third-party app authentication, EHR vendors are using OAuth 2.0, an open standard used by travel and banking apps, according to Don Rucker, national coordinator for health IT. OAuth 2.0 is an authorization protocol that EHR vendors can use to permit or deny an app secure access to data as well as limit what data is accessed.
“There are a lot of authentication technologies that are moving along rapidly, so I think in the next couple of years, we will see true consumer security and of course with all of the privacy protections that authentication brings,” Rucker said during the organization’s virtual ONC Tech Forum this week.
At the event, representatives from two of the nation’s largest EHR vendors talked about the challenges authorization scopes present and explained why building out APIs between EHRs and third-party health apps is a balancing act between making enough but not too much data available to third-party apps.
