Your path to the compliance with the 21st Century Cures Act

On May, 1st of 2020 ONC has published the final rule called “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” to further boost interoperability among provider organizations and EHR system developers. The rule introduced several new provisions and updates from 2015 Edition Certification Criteria. In this blog post we are going to focus solely on the new API requirements.

The new API requirements enforce the use of the FHIR standard which came a long way to serve a key role in healthcare interoperability in the United States. ONC has chosen the latest FHIR Release 4.0.1 and adopted Standards Version Advancement Process (SVAP) to give health IT developers flexibility to use more advanced versions of the adopted standards.

What is in the rule?

To comply with the rule, health IT developers should allow dynamic registration and launch of 3rd-party SMART on FHIR  applications. EHR technology should support both patient-facing and practitioner-facing applications via HL7® SMART Application Launch Framework, and bulk data access via SMART Backend Services Authorization Guide.

All 3rd-party applications when authorized should be able to access patient data over FHIR API. ONC has updated the dataset that should be made available through API from the Common Clinical Data Set (CCDS) adopted in the 2015 Edition to a new dataset called the United States Core Data for Interoperability (USCDI). USCDI should be made available through FHIR API compliant with HL7 FHIR US Core Implementation Guide STU 3.1.1 which defines the minimum conformance requirements for accessing patient data using FHIR Release 4.

The API is limited to read-only and does not allow 3rd-party applications any “write” capabilities to create or modify Electronic Health Information (EHI).


The timeline

On November 4 of 2020 ONC issued the Interim Final Rule that extended compliance deadlines for the Information Blocking and the ONC Health IT Certification Program in response to the COVID-19 public health emergency. Health IT technology must make the new HL7 FHIR API capability available by December 31 of 2022.

Source: ONC

Build or buy?

The new ONC requirements embrace many important use cases and aim to shift healthcare interoperability to the whole new level. One can imagine a marketplace of modern 3rd-party applications that complement EHR systems and resolve the most acute pain points of their users. But with comprehensive use cases come complexity and cost of their implementation. 

The current scope includes at the minimum the latest version of the FHIR API profiled with the US Core implementation guide, SMART on FHIR profile of the OAuth 2.0 specification with OpenID Connect, UI to support dynamic registration and launch of 3rd-party applications, and forms for data access permissions management. But even though the rule is called “final”, this scope in some way is only the beginning. HL7 organization is targeting FHIR version 5 to be released in the third or fourth quarter of 2022, new versions of US Core and SMART on FHIR IG are coming along too.

At the same time the FHIR solutions from companies that are specialized in FHIR have matured and found hundreds of implementations. We believe that it is a good time for EHR developers to evaluate the new ONC requirements and decide if they want to develop and maintain their own FHIR capabilities or find a FHIR partner that will help them to address all current and future interoperability requirements in the long term.

Aidbox FHIR platform

Health Samurai’s Aidbox FHIR platform offers you a fast and reliable route to comply with the 21st Century Cures Act. It checks all the checkboxes and already passes relevant Inferno and Touchstone tests for FHIR API, US Core IG, and SMART on FHIR. It comes with an automated HIPAA-compliant infrastructure for your favorite cloud. And it offers a web portal with a configurable UI for all the participants, dynamic app registration, app gallery, and data access permissions management.


Beyond the 21st Century Cures Act

You will not only comply with the current rule but establish a solid foundation for all future regulations and interoperability needs. Aidbox is fully metadata-driven and makes migration to new FHIR versions and Implementation Guides easy. Aidbox demonstrates great performance at large scale and will support your customer growth. Its fine-grained access control allows complex interoperability use cases beyond SMART on FHIR data sharing. You can even develop new modules for your EHR solution with Aidbox as its sole backend as did many Aidbox users.

Health Samurai can help you to implement Aidbox and provide quality enterprise support with a strict SLA after the implementation is complete. We are looking to become your long-term partner for all your interoperability requirements.

For more information or client references please reach out to Health Samurai at hello@health-samurai.io or +1-818-731-1279.

Your path to the compliance with the 21st Century Cures Act

On May, 1st of 2020 ONC has published the final rule called “21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program” to further boost interoperability among provider organizations and EHR system developers. The rule introduced several new provisions and updates from 2015 Edition Certification Criteria. In this blog post we are going to focus solely on the new API requirements.

The new API requirements enforce the use of the FHIR standard which came a long way to serve a key role in healthcare interoperability in the United States. ONC has chosen the latest FHIR Release 4.0.1 and adopted Standards Version Advancement Process (SVAP) to give health IT developers flexibility to use more advanced versions of the adopted standards.

What is in the rule?

To comply with the rule, health IT developers should allow dynamic registration and launch of 3rd-party SMART on FHIR  applications. EHR technology should support both patient-facing and practitioner-facing applications via HL7® SMART Application Launch Framework, and bulk data access via SMART Backend Services Authorization Guide.

All 3rd-party applications when authorized should be able to access patient data over FHIR API. ONC has updated the dataset that should be made available through API from the Common Clinical Data Set (CCDS) adopted in the 2015 Edition to a new dataset called the United States Core Data for Interoperability (USCDI). USCDI should be made available through FHIR API compliant with HL7 FHIR US Core Implementation Guide STU 3.1.1 which defines the minimum conformance requirements for accessing patient data using FHIR Release 4.

The API is limited to read-only and does not allow 3rd-party applications any “write” capabilities to create or modify Electronic Health Information (EHI).


The timeline

On November 4 of 2020 ONC issued the Interim Final Rule that extended compliance deadlines for the Information Blocking and the ONC Health IT Certification Program in response to the COVID-19 public health emergency. Health IT technology must make the new HL7 FHIR API capability available by December 31 of 2022.

Source: ONC

Build or buy?

The new ONC requirements embrace many important use cases and aim to shift healthcare interoperability to the whole new level. One can imagine a marketplace of modern 3rd-party applications that complement EHR systems and resolve the most acute pain points of their users. But with comprehensive use cases come complexity and cost of their implementation. 

The current scope includes at the minimum the latest version of the FHIR API profiled with the US Core implementation guide, SMART on FHIR profile of the OAuth 2.0 specification with OpenID Connect, UI to support dynamic registration and launch of 3rd-party applications, and forms for data access permissions management. But even though the rule is called “final”, this scope in some way is only the beginning. HL7 organization is targeting FHIR version 5 to be released in the third or fourth quarter of 2022, new versions of US Core and SMART on FHIR IG are coming along too.

At the same time the FHIR solutions from companies that are specialized in FHIR have matured and found hundreds of implementations. We believe that it is a good time for EHR developers to evaluate the new ONC requirements and decide if they want to develop and maintain their own FHIR capabilities or find a FHIR partner that will help them to address all current and future interoperability requirements in the long term.

Aidbox FHIR platform

Health Samurai’s Aidbox FHIR platform offers you a fast and reliable route to comply with the 21st Century Cures Act. It checks all the checkboxes and already passes relevant Inferno and Touchstone tests for FHIR API, US Core IG, and SMART on FHIR. It comes with an automated HIPAA-compliant infrastructure for your favorite cloud. And it offers a web portal with a configurable UI for all the participants, dynamic app registration, app gallery, and data access permissions management.


Beyond the 21st Century Cures Act

You will not only comply with the current rule but establish a solid foundation for all future regulations and interoperability needs. Aidbox is fully metadata-driven and makes migration to new FHIR versions and Implementation Guides easy. Aidbox demonstrates great performance at large scale and will support your customer growth. Its fine-grained access control allows complex interoperability use cases beyond SMART on FHIR data sharing. You can even develop new modules for your EHR solution with Aidbox as its sole backend as did many Aidbox users.

Health Samurai can help you to implement Aidbox and provide quality enterprise support with a strict SLA after the implementation is complete. We are looking to become your long-term partner for all your interoperability requirements.

For more information or client references please reach out to Health Samurai at hello@health-samurai.io or +1-818-731-1279.

Your path to the compliance with the 21st Century Cures Act

ReAD MORE

Aidbox HIPAA book. Part 1. Technical safeguards.

ReAD MORE

Why do you need to enable 2FA in your healthcare application?

ReAD MORE

The 2020 X-mas Hackathon

ReAD MORE

A quick guide to telemedicine software alternatives

ReAD MORE

About FHIR facades (part I) - two approaches

ReAD MORE

Two-phase FHIR terminology

ReAD MORE

First Fhirbase Release

ReAD MORE

FHIR Storage and Analytics in Baltimore

ReAD MORE

SQL on FHIR

ReAD MORE

Should you use FHIR resources as your data storage format?

ReAD MORE

The FHIR Guide for CTOs and technical leaders

ReAD MORE

FHIR and Machine Learning (ML)

ReAD MORE

Announcing the FHIRbase Dojo!

ReAD MORE

FHIR Starter 2018: Recap of the first FHIR conference in Eastern Europe

ReAD MORE

Using FHIR to Simplify Healthcare Application Development

ReAD MORE

FHIR: What's great, what isn't so good, and what it's not built to do

ReAD MORE

Moving Cardiovascular Disease Detection to the Cloud

ReAD MORE

FHIR Success Story: Narus Health Connects Patients, Families and Providers

ReAD MORE

Thoughts on the Duke University FHIR Applications Roundtable

ReAD MORE

Choosing Access Control Model for a Generic FHIR Server

ReAD MORE

Implementing FHIR in Dynamic Languages

ReAD MORE

Choosing FHIR for Laboratory Integration

ReAD MORE

Thoughts About Microservices

ReAD MORE

Meaningful Use Stage 3: ONC-certified API for your health care application

ReAD MORE

Transforming Healthcare IT

ReAD MORE

Starting a Health IT project with the FHIR standard at your healthcare organization

ReAD MORE

How do we build the best Convenient Healthcare Clinics?

ReAD MORE

Accelerating Healthcare Innovation with HL7 FHIR

ReAD MORE
3415 S Sepulveda Blvd Ste 1000 Los Angeles, CA 90034
+1 (818) 731-1279
hello@health-samurai.io