Abstract
There has been considerable interest for years in the digitalization of healthcare to make it more accessible and affordable with better outcomes for more people. The ongoing pandemic has created a new sense of urgency. A key part of digitalizing healthcare is ensuring that holistic information about patients is accessible at the right time and place to facilitate diagnosis and treatment.
Importantly, this includes ensuring patients have meaningful access to their own data. This is enshrined in for the U.S. market by the final rule in the Trump Administration’s MyHealthEData initiative and its “promise to put patients first, giving them access to their health information when they need it most and in a way they can best use it”.
In our online era, access to information online on-demand sounds simple, but in fact has proved an immense stumbling block. To quote from CMS.com, a U.S. federal website funded by U.S. Centers for Medicare & Medicaid Services, “the lack of seamless data exchange in healthcare has historically detracted from patient care, leading to poor health outcomes, and higher costs”.
The essential step to digitally transforming healthcare is enabling “different information systems, devices and applications (systems) to access, exchange, integrate and cooperatively use data in a coordinated manner,” according to the Healthcare Information and Management Systems Society (HIMSS), the member association committed to transforming the global health ecosystem.
The critical component to enabling that exchange of data on demand is application programming interfaces or APIs. They are the backbone of the internet, seamlessly connecting different software, applications and devices in a secure, controlled, pragmatic and standardized way – if they are implemented consistently (see Section 2). The idea is to make linking disparate data sources together ‘plug and play’ like building blocks.
APIs are used in many industries and are foundational to the success of the world’s largest and most valuable – note all digital-native – companies, including Alphabet (Google’s parent company), Amazon, Apple and Meta (formerly Facebook). Yet standard or open APIs have not been widely implemented across the healthcare ecosystem.
The U.S. federal government recognized the importance of APIs within the healthcare ecosystem and has taken steps to embed their use, most recently the ONC published the long-anticipated Trusted Exchange Framework and the Common Agreement (TEFCA) – developed by the Sequoia Project – on 18 January.
The Fast Healthcare Interoperability Resources (FHIR®) is a Health Level Seven (HL7) standard for exchanging healthcare information electronically and is used to standardize APIs. It is central to the success of the U.S. digital health initiative, becoming an optional part of electronic health information (EHI) in 2023 and a mandatory part in 2024.
Introduction – U.S. policy supports adoption of standardized APIs
The U.S. federal government understood the importance of standardized APIs and has pursued a policy that increasingly mandates their inclusion in the health ecosystem. In 2014, the U.S. Health IT Policy and the Health IT Standards committees endorsed recommendations for more public (open) APIs. In 2015, the Office of the National Coordinator for Health Information Technology (ONC) required the use of APIs in certified electronic health record systems (EHRs).
In turn, the Centers for Medicare & Medicaid Services (CMS), required health care providers to use products certified as meeting those requirements or else receive reduced payment from federal government. In the same year, the ONC also required certified EHRs to make a subset of data, called the Common Clinical Data Set (CCDS) available to patients via a portal or API, although not necessarily a standard one, at no cost to patients.
The CCDS contains essential health information, such as medication lists and vital signs, as identified by the federal government.
The initial goal was to specify the use of two profiles from the Fast Healthcare Interoperability Resources (FHIR®), an HL7 standard for exchanging healthcare information electronically.
The ONC in 2020, expanded the dataset available to patients and renamed it the United States Core Data for Interoperability (USCDI). This set of information contains all data in the CCDS and adds additional important information like clinical notes and expanded patient demographics.
The 2020 regulation required the use of the Fast Healthcare Interoperability Resources (FHIR®), an HL7 standard for exchanging healthcare information electronically, and expanded the dataset that must be available for exchange via APIs.
1. The role of FHIR in the U.S. healthcare ecosystem
In January 2021, a report published by Pew describes FHIR as a “National Standard, Critical for Effective APIs” and focused on three main benefits that APIs can bring to healthcare:
- Give patients access to data
- Incorporate clinical decision support (CDS) tools, such as risk calculators or apps that provide recommendations for prescribing antibiotics
- Enable the exchange of information between providers.
The building blocks of FHIR are known as resources and describe exchangeable health data formats and elements. The FHIR’s approach is to provide access to small pieces of information, such as a list of specific medications, say, instead of a bigger, more general document that contains more data. The idea is to avoid unnecessary sharing of excess information, which includes any that patients wish to keep private.
This approach is also designed to shorten the learning curve for users, which is important because those needing access to information are typically not focused on the technology that enables it so much as patient care.
Wider uses
FHIR could be applied to patient-mediated data and support an active community of proponents and implementers. A good analogy might be how the open-source community jointly develops and validates open-source software, making it more robust and rounded.
Currently, most APIs can only read information from electronic health record systems (EHRs) but being able to input information into electronic records – known as “write” functions – could prove beneficial and improve efficiency.
For example, it would give CDS tools and more capabilities to benefit clinicians while enabling patients to contribute to their own records, such as to change an address, update symptoms, or fix errors. More regulation scheduled to take effect in 2022 will cover the write function capability.
Although regulations to date have been and will be critical in helping digital healthcare to progress, it is widely agreed that additional policy and technology developments are needed to integrate and prioritize APIs within healthcare.

2. Leveraging the power of APIs
The secret of success with APIs – regardless of industry sector – is reusing them at every opportunity in a consistent manner. APIs cannot be widely adopted if technology developers implement them in proprietary ways so that they work with only one electronic health record (EHR) system, and apps must be coded differently for each system with which APIs interact.
One of FHIR’s core missions is to ensure easier, repeatable use of APIs, and all healthcare organizations need to embed this in all their thinking, but organizations must put governance and oversight in place for their use of APIs.
Healthcare organizations need a carefully constructed API strategy and execution plan. As always, the strategy needs to start with the desired outcomes, rather than the technology per se or the limited way in which the technology has mainly been used so far.
For example, research published in the January 2021 Pew Report found:
- Use cases - of the three use cases examined (patient access, clinical decision support, and provider-to-provider exchange), hospitals most frequently implemented APIs for patient access and clinical decision support. APIs have not yet appeared significantly for other uses, such as data exchange among healthcare providers treating the same patient.
- Data exchange capabilities – vendors vary significantly regarding the data elements they permit for exchange via APIs built on the FHIR standard. This disparity significantly affects the amount of information that can be exchanged via APIs, as does lack of write access (which should be addressed this year).
- Terms of use – the agreements that govern relationships between care providers, EHR vendors, and third-party application developers in the use of APIs can dictate costs, who retains the intellectual property of the application and API, and how apps are developed and deployed. In the EHR documentation reviewed, many of the terms and conditions lacked critical details, including costs.
- Future promise – interviewees identified three areas as key opportunities to improve the use of APIs in healthcare settings in future. The first is to enter data into EHRs rather than just extract information. Second is to incorporate applications more seamlessly into clinicians' workflow. Third - add more standard data elements, such as images or cost information.
Getting started
To draw up an organization’s API strategy, a workshop is a good place to start, where the business and IT stakeholders can agree on the desired outcomes and vision and draw up a roadmap for the digital transformation of their healthcare business.
In the first iteration, there likely is only two points on the roadmap – the vision/desired outcomes and the starting point. It is essential that healthcare organizations understand where they are now in terms of FHIR readiness, and what they need to do to prepare for it and get the best results.
Gaining a real understanding of where an organization is now in terms of FHIR readiness must be comprehensive and include assessing applications, technologies, infrastructure, policies, staffing, skills and more.
The workshop should also start the ball rolling on:
- Selecting areas for modernization, compliance and new revenue channels
- Identifying digital healthcare ecosystem participation opportunities and balancing providers versus consumer, outlining required partner profiles, identifying customer value streams
- Defining the API monetization strategies, data points, price plans and so on
- Agree to build a transformation plan.
After that, organizations need to take a deeper dive, breaking down activities such as build versus buy decisions for selected legacy components.
The roadmap needs to be expanded as these issues are discussed and populated with step-by-step transformation of components to adhere to FHIR’s standards to help construct the transformation plan.
Finally, organizations need to have a good grasp of the skills and competencies their IT teams will need, how that fits with the current profile, and plot the best way to close the gap.
Each of the steps outlined above looks straightforward at first glance, but in fact is complex with each phase of planning having a profound impact on the ones that follow. Consistency, continuity and flexibility are critical for the organization to gain business and operational agility – while carrying on business as usual and avoiding slow and expensive retro-engineering later.
Expert help is an important option
Health organizations should consider engaging a specialist firm that is expert in the use of proven tools, to promote and speed the adoption and widespread use of APIs. Specialist help and tools can massively shorten the time to delivering the business and operational benefits of APIs.

The graphic below shows the API lifecycle as well as where some of the most popular tools on the market come into play. Just to give a flavor of what these tools can do in expert hands:
AutoStub® can speed up API development by up to 20% as it can reduce build time by designing, prototyping, documenting and testing APIs using a functional mock that allows developers to work with APIs before they are fully implemented.
Deplomatic can reduce governance costs by 35% as an API-first, integration-friendly tool for quickly creating and maintaining cloud-native data environments that run on containers. It and ensures deployments are less error-prone and more repeatable.
AutomatonTM can reduce test effort by 30% as multiple award-winning, no-code tool that automates testing of data interfaces, APIs, user interface components and all the other elements of an application. The simple interface means users can run tests without coding knowledge.
DigitMarketTM Microgateway support seamless management of API cycles – when a number of APIs are in use simultaneously, it helps monetize applications and monitor security from one place – the publisher portal – without the user needing any knowledge of coding.

As Micky Tripathi, Ph.D., national coordinator for health information technology, said at the launch of TEFCA, “Simplified nationwide connectivity for providers, health plans, individuals, and public health is finally within reach.”
The expertise, tools and technology exist to ensure that every healthcare entity doesn’t let this once-in-a-generation opportunity slip through its fingers.