Apps and APIs: A Positive Step for Patients

Healthcare is unique. The consequences from data errors can be catastrophic. Unlike other industries, where money may be mishandled or tickets lost, healthcare errors can cause real harm to people. The culture of privacy and security has contributed to some tremendous benefits, but it has also kept innovation for interoperability moving at a snail’s pace. Therefore, as technology is considered, privacy and security as well as data integrity must be paramount. Industry standards, government regulation, and technology certification can all work to help us keep intact the security and the privacy of the care information entrusted to our providers.

People are already using apps in healthcare. But until now, those apps stood apart from the healthcare data that physicians and hospitals held on the patients’ behalf in their EHRs. It is commonplace for us to log on to applications using our user profile from Gmail, or Facebook, or We understand the risks and benefits of downloading our data, and it is up to each of us individually to decide what is private and what is not. Those who want to share their health information may download their data and also use consumer apps to help them manage their own health. Those not comfortable with apps or sharing don’t have to.

The proposed rules will allow us to use our data and to share it with others and the app of our choice. This technology will allow providers and all stakeholders, including the patient, to interact with each other in more seamless ways. This kind of app use in healthcare is new and deserves some explanation.

Getting and using the healthcare app is a bit different than going to the app store alone. In healthcare, the source data in the EHR/API must “know” that the person connecting the app to the source EHR/API is who they say they are. This identity assurance is crucial to the privacy for the patient and the security of the data. Think about banking: when we interact with our bank online, we need first to establish and account and prove our identity to the bank.

Understanding how this new ecosystem works is fundamental to supporting the proposed regulations.

The transformation requires several technology elements:

  • Certified HIT developer. They have several products and modules that are certified to various capabilities. 
  • Certified patient/consumer-facing apps
  • Provider organization which owns an EMR and selects apps from the app store to connect to its EMR using a certified API by authenticating the patient
  • There also may be non-certified apps sponsored and made available by the developer or provider

The outcome will be the more fluid flow of data to and from patients/consumers and providers in actionable formats to improve health and healthcare.



API, EMR, patient engagement