American Association for Physician Leadership

Operations and Policy

Standardized APIs Could Finally Make It Easy to Exchange Health Records

John Glaser | Elizabeth Gardner

May 11, 2022


Abstract:

A federal law requires that health information be easy to exchange by the end of this year. The development of standardized application programming interfaces, or APIs, will go a long way toward making that possible. Care providers, health plans, and software vendors should take several steps to capitalize on the opportunities that they will generate.




Trying to access personal medical information has been an intermittent annoyance for most people in the United States — until Covid-19 came along with a reminder of what a mess it can be.

We face flawed options for storing and accessing our Covid-19 vaccination information: a paper card that is too big for our wallet; a photo of the card stored in our phone for the maître d’ to squint at in low light; maybe a slick electronic vaccination card downloaded via QR code from our state health department that we can keep in our Apple Wallet. But wait! It only has our first two shots from last spring, and not the third one in November. Maybe our doctor has a portal app where we can pull up our immunizations — except for that booster we got at Walgreens.

In an age where banking apps aggregate all our financial information on command and our favorite restaurant can remember our “usual” when we order online, it’s mystifying that a piece of cardboard holds many people’s only proof of vaccination.

Vaccination cards are only one small symptom of a larger problem. Health information on any particular person is usually scattered across multiple hospitals, clinics, and pharmacies. Large chunks of most people’s medical histories are lost to any useful purpose when they move or change doctors because getting their information transferred is too complicated. If you’re lucky enough to get all your care within one health system and you stay put, you may have something close to a complete electronic health record (EHR). Otherwise, probably not.

Health care providers face these same hassles. Even when they use the same electronic health record software, health systems cannot always easily share information, and trying to corral a vaccination record from Walgreens or an emergency room report from out of state is, while sometimes feasible, always challenging. Health information exchanges (HIEs) operate in many states and allow providers to share basic demographic information and medical histories, but they vary in usefulness and availability.

However, federally mandated changes are afoot to make it significantly simpler to share any medical information electronically. It’s difficult to overstate their potential not only to allow everyone full, complete, and easy access to their personal health information but also to unlock countless new ways to use that information — as long as the entities that generate the information are prepared to take advantage of this advance in technology.

Historical Obstacles to Health Information Sharing, in Brief

Why is health information sharing so erratic, when virtually all health data is computerized? Can’t computers talk to each other? Other industries have figured this out. Why not health care?

The reasons are many and complex, but they boil down to lack of motivation. On the front lines, clinicians would love to have easy access to the information they need, but in the executive suite, the return typically hasn’t been large or obvious enough to justify the investment. For some providers, holding patients’ information hostage has been a competitive advantage: one way of keeping them from jumping to another provider. Some clinics and hospitals still grudgingly “share” information by handing the patient a disk or a folder of printouts.

Even basic computerization of medical information was going very slowly before billions of dollars in federal funding of electronic health records, appropriated as part of the Obama administration’s stimulus package enacted in 2009, changed the investment equation. It took free money to induce a critical mass of providers to take the plunge.

Sending health information from one computer to another has its own spotty history. Many health care software vendors have made a lucrative business out of creating custom interfaces to connect the diverse systems in use at many hospitals, with billable tweaking every time the hospital acquires a new application or upgrades an existing one. Moreover, vendors often have blocked data portability as a client-retention strategy. If it is difficult or expensive to move their data to a different vendor’s system, they will just default to the next version of the one they already have. Some vendors have taken steps toward helping providers share. For example, EHR vendor Epic allows its customers to swap data easily if they mutually agree to do so. But it can’t make them. If two Epic customers compete in a given market, they may decide it’s not in their best interest — even if it might be in their patients’ best interest.

It is not that the health care industry lacks data standards; quite the opposite. But they are often created by groups with interests in specific types of data — for example, standards developed for medical imaging by the American College of Radiologists. They have made data sharing somewhat less of a mess but can’t solve the other issues we discussed.

Meanwhile, baffled patients can’t access their information in any comprehensive way. Everything is probably on a computer somewhere, but there is no force powerful enough to compile it in one place and make it easy to find, let alone use it to improve our health.

The Federal Government Steps In

Enter the federal government, the one party with enough clout, when it chooses, to drive genuine change in the U.S. health care industry. Through Medicare for everyone 65 and up, Medicaid for the poor, CHIP for children, the Veterans Affairs health care system, the Department of Defense health care system for military personnel, and health coverage for millions of federal employees and their families, the government pays for more care for more people than any other single entity.

In the waning days of the Obama Administration, the 21st Century Cures Act finally leveraged this clout by including a requirement for easy exchange of health data by the end of 2022. Providers that don’t comply with the requirements may not be able to participate in Medicare, and that amount of lost revenue would be devastating to most hospitals and physicians. They depend on their software vendors to accomplish what is required, putting them on the hot seat as well. The regulations also establish penalties for vendors, providers, and payers who continue to exhibit “information blocking” practices (which theoretically should abolish the practice of leveraging information access to keep your customers imprisoned).

Since the end of 2022 is not that far away, how is the health care industry going to accomplish this mission? By doing something it should have figured out how to do long ago without needing a federal mandate: adopting one standard method of having its computers talk amongst themselves.

The Power of APIs

That method is open, standardized application programming interfaces, or APIs. They are the reason your devices and software programs can swap data without your having to do anything. APIs support the ability of an application from one developer to read and write data from another developer’s application.

APIs are everywhere. If you have pulled information from all your banking and credit card accounts into one financial planning app, it was APIs that did the pulling. APIs let you use your Google or Facebook account information to sign into websites owned by neither Facebook nor Google. APIs are the reason you can move from a company’s website to its phone app and back again and always pick up where you left off.

Imagine being able to do the same with all your health information, no matter where or when it was generated. (For starters, everyone could have an electronic vaccination card on their phone that would update automatically even if he or she used a different provider for every shot.) Using APIs to unlock electronic health record data could give people easy, efficient access to their own data to help them understand their health and make more informed choices. Providers would have a complete picture of each patient’s history. They could use that information not only to support their clinical decision-making but also as part of population health analytics to see patterns in their patient populations. Researchers could more easily identify patients who might benefit from a particular clinical trial — just one way the data could be used to discover and evaluate new drugs and therapies.

FHIR: The Health Care API Instruction Manual

Standardized APIs need a standards document outlining data formats and allowable values for each “resource,” or type of data to be exchanged. The standard could be as simple as specifying that all dates will be in the format mm/dd/yyyy, though more complex types of data will have correspondingly more complex standards. Health care generates many types of data, ranging from simple to extremely complex, and needs a thick, detailed instruction manual.

That manual is called Fast Healthcare Interoperability Resource (FHIR, pronounced “fire”), and it’s the one that the 21st Century Cures Act specifies be used to accomplish the easy interoperability we described above by the end of this year.

Why has FHIR gotten the federal endorsement? Several reasons:

Strong governance. FHIR is managed through Health Level Seven International (HL7), a health care standards development organization founded in 1987 and supported (with staff time, expertise, and money) by every significant player in health information technology. One of us (John Glaser) serves on its advisory council. HL7 has more than 500 corporate and organizational members, including:

  • Health information technology vendors (e.g., Epic, Cerner, and Athena Health)

  • Government agencies (e.g., Centers for Medicare and Medicaid Services, Centers for Disease Control and Prevention, Food and Drug Administration, U.S. Department of Veterans Affairs, National Institutes of Health, and European Medicines Agency)

  • Health systems (e.g., Mayo Clinic, Mass General Brigham, Kaiser Permanente, University of Pittsburgh Medical Center, and Intermountain Healthcare)

  • Health plans (e.g., Humana, Anthem, Aetna, Optum, Centene, Blue Cross Blue Shield Association, UnitedHealthcare, and Cigna)

  • Information technology companies (e.g., Apple, Microsoft, and Google)

  • Health care technology and services companies (e.g., Accenture, CVS Health, Pfizer, Philips, and Quest Diagnostics)

  • Professional organizations (e.g., the American Medical Association, the American College of Physicians, National Association of Community Health Centers, and the National Committee for Quality Assurance)

HL7 has maintained strict control over the FHIR standards since development started in 2011. This control is important because it prevents a frequent problem with standards development: the progressive creation of exceptions to the standard. It doesn’t take many exceptions before the “standard” is no longer standard.

HL7 has developed a strong set of services to support the implementation of FHIR. These services include testbeds, education programs, and implementation guides. The adoption and use of standards requires well-designed standards and strong support for the implementation of those standards.

International acceptance. FHIR has evolved to become a global, not just a U.S., standard. For app developers, this increases the value, of adopting the standards. Full FHIR documentation is currently available in Russian, Chinese, and Japanese, in addition to English.

Current successful use. The industry is already embracing FHIR and its use is delivering value.

  • A 2019 survey showed that 84% of hospitals and 61% of clinicians have adopted and implemented certified API technology enabled with FHIR.

  • Apple’s software development kits support FHIR. Several hundred health systems have created apps that enable patients to aggregate and access their health information using Apple technology.

  • The app development community, including Apple, Google, and Microsoft, is actively using an app-specific standard called SMART on FHIR to create FHIR-compliant apps.

  • The Mayo Clinic has found that FHIR APIs can reduce, by up to two orders of magnitude, the time and cost of developing interfaces between applications.

  • One payer was able to automatically approve 80% of knee-replacement pre-authorizations after swapping its custom interface with a FHIR-based interface, reducing average approval times from 20 minutes to 20 seconds.

Accelerating the Transition

HL7 has formed several accelerators focused on target segments of health care information exchange. The first was the Argonaut Project, established in 2014 to develop the basic building blocks of the FHIR standards. Within each accelerator, developers and users work together to define “use cases” — the contexts in which the proposed information exchange will occur — and the data standards needed to support those use cases. HL7 accelerators also develop guides to support the implementation of the standards they develop for vendors to use in creating software products or incorporating new features into existing products. Participants fund the accelerators’ efforts and, within HL7 guidelines, establish how the accelerator will operate (including choosing the name of the accelerator).

A few examples:

  • The CARIN Alliance (Creating Access to Realtime Information Now) focuses on consumers’ access to and control of their health information.

  • CodeX is addressing the needs of cancer research, such as conducting clinical trials using “real-world data” gathered from EHRs, and matching patients with clinical trials.

  • Da Vinci’s efforts focus on interactions between health care providers and health plans: prior authorization, confirming a patient’s health insurance coverage, and accessing information about the price of care.

  • Helios, formed in fall 2021, is focusing on public health use cases, including reporting the incidence of diseases such as Covid-19, influenza, and sexually transmitted disease.

Broad adoption of FHIR is in its early stages. However, we think it holds enormous promise given the strength of FHIR’s tailwinds:

  • Well-defined and supported standards

  • A federal mandate to implement the APIs in all applications that handle health information

  • A broad range of use cases for every aspect of health care

  • The commitment of a broad spectrum of industry participants

To be clear, people will not be enjoying immediate, seamless access to all their health information by the end of this year. Universal FHIR compatibility is a baseline, not the finish line. Standards are still in development. Legacy systems need to be retrofitted with FHIR APIs. All entities that handle health data must become comfortable sharing it.

But at least we can start the race. Standard APIs can work their magic relatively quickly: The Apple App Store launched in 2008 with 500 apps and today has 2 million. The Google Play Store (launched the same year) has almost 3 million. While the health care software industry doesn’t have a single corporate entity with the dominance of a Google or an Apple, the universal support enjoyed by HL7 serves the same purpose and in many ways facilitates better collaboration in the user community.

To capitalize on the opportunities provided by FHIR APIs, providers, health plans, and software vendors should take several steps.

Learn as much as possible about the FHIR standards and the federal regulations. Organizations should review federal agency overviews of FHIR and related regulations and take advantage of the resources that always accompany a change of this magnitude: meetings, webinars, and industry articles. The 2022 HIMSS meeting, the largest health IT gathering in the world, features almost 40 sessions on various aspects of FHIR implementation, from prior authorization to cancer research to health care cost transparency.

Become active in the HL7 FHIR accelerator program. These development activities need broad input to ensure that the standards are responsive to everyone’s needs.

Develop implementation plans to migrate current legacy interfaces to FHIR APIs. Failure to comply with the regulations risks penalties and problems in the market. Moreover, given the next point, the APIs provide a foundation for the next generation of health care apps.

Be prepared to identify and evaluate novel applications that FHIR facilitates. A wave of innovations will accompany the implementation of FHIR to address any problem that can be solved with better information flow. But remember, FHIR APIs are the baseline, and any new solution requires the same old due diligence.

The new federal mandate will both enable and force the removal of stubborn technological and business barriers to the flow of health information, and, in the process, we believe will accelerate a wave of innovation rarely seen in this historically stodgy corner of the IT world. FHIR will speed the implementation of any application that depends on complex information-sharing such as matching organ donors to recipients or identifying situations where the risk of maternal mortality is elevated.

And we hope (and expect) that there will come a day when we can all stop worrying about accidentally putting our Covid-19 vaccination record through the wash.

Copyright 2022 Harvard Business School Publishing Corp. Distributed by The New York Times Syndicate.

John Glaser

John Glaser is an executive in residence at Harvard Medical School and a lecturer at the University of Pennsylvania’s Wharton School. He previously served as the CIO of Partners Healthcare (now Mass General Brigham), a senior vice president at Cerner, and the CEO of Siemens Health Services. He is the co-chair of the HL7 Advisory Council.


Elizabeth Gardner

Elizabeth Gardner has covered health information technology for Modern Healthcare, HealthLeaders, Health Data Management, the US News Best Hospitals Guide, and numerous other publications.

Interested in sharing leadership insights? Contribute



For over 45 years.

The American Association for Physician Leadership has helped physicians develop their leadership skills through education, career development, thought leadership and community building.

The American Association for Physician Leadership (AAPL) changed its name from the American College of Physician Executives (ACPE) in 2014. We may have changed our name, but we are the same organization that has been serving physician leaders since 1975.

CONTACT US

Mail Processing Address
PO Box 96503 I BMB 97493
Washington, DC 20090-6503

Payment Remittance Address
PO Box 745725
Atlanta, GA 30374-5725
(800) 562-8088
(813) 287-8993 Fax
customerservice@physicianleaders.org

CONNECT WITH US

LOOKING TO ENGAGE YOUR STAFF?

AAPL providers leadership development programs designed to retain valuable team members and improve patient outcomes.

American Association for Physician Leadership®

formerly known as the American College of Physician Executives (ACPE)