15 Jun, 2022 | 3 min read

The Healthcare API Ecosystem: Looking Beyond The CMS Rule

  • Mifan Careem
  • Vice President - Global Head of Solution Architecture - WSO2

Photo by CDC on Unsplash

First published on Forbes.

The healthcare industry has often been plagued with interoperability challenges. This has limited the innovation targeting the most important stakeholder in the healthcare industry: the patient. The CMS rule targeting U.S. healthcare organizations is the perfect way to disrupt the industry and promote interoperability. The expectation is that this will trigger innovation, paving the way to a newer app ecosystem. CIOs of healthcare companies need to look at the bigger picture of these rules — not just their regulatory requirements. It is important for healthcare companies to adopt APIs as products and API management beyond fast healthcare interoperability resources (FHIR), paving the way toward competitive advantage in the digital healthcare ecosystem.

Interoperability: The Challenge In Healthcare

The healthcare industry has its share of interoperability challenges, sometimes by design in order to protect healthcare data and lock in customers. An efficient, timely and digital way of transferring health data to newer networks is critical for patients moving between healthcare organizations such as hospitals, care homes or different healthcare payers. Unfortunately, this is not often the case today. Customer choice is a major differentiator of the digital age, and modern industries need to provide full interoperability and portability while competing for customer loyalty through higher value. 

The CMS Rule

Regulation, for better or worse, is a driver for digital innovation. In the financial industry, the PSD2 and Open Banking regulations in the UK, EU and the rest of the world is a testament to this. In the U.S., the Department of Health and Human Services (HHS) put together rules that give healthcare consumers access to their personal data. The Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access final rule aims to enable better access to health information for patients, improve interoperability and unleash innovation. This is achieved by requiring healthcare payers to expose clinical and claims data to its members and member-approved third-party applications. The CMS rule provides the foundation for healthcare data being exposed in a standard format — namely FHIR release 4 (R4) APIs as defined by the Health Level Seven (HL7) healthcare standards organization.

In a nutshell, this means that health insurance companies will expose clinical and claims data of patients as FHIR compliant APIs to the patients themselves, or to third-party systems that the patient selects. The systems that access these APIs can be healthcare apps that the patient consents to and uses, or they can be a separate healthcare insurer or provider that the patient transfers to. 

Addressing The CMS Rule And Beyond

While the rule itself is clear, the implementation details behind the rule can vary. We’ll increasingly see healthcare enterprises that look beyond the rule to build a comprehensive digital value proposition around APIs; the standard FHIR APIs provide the perfect steppingstone for healthcare innovation. Today, the rules specify APIs for patients, claims and providers, with notifications on patient admissions, discharge and transfers, paving the way for healthcare interoperability between payers, providers and vendors.

The ONC hopes to see "growth in patient-facing healthcare IT markets from an entirely new app ecosystem." These SMART on FHIR apps provide personalized, aggregated services that pull data from multiple payers or providers. Add to that the healthcare wearables and IoT market, and this becomes a space ripe for innovation. The shift toward public APIs and third-party apps puts the onus on advanced security in an industry where security and privacy is already a core challenge. Healthcare identity systems need to handle healthcare API security through protocols such as OpenID Connect, while advanced end-user consent management for apps and data must become a core requirement.

Solving Climate Change the American Way: Saul Griffith’s Vision for an Electric Future

Technology selection here is key, affecting time to market and flexibility and providing the features and road map that fit your bigger picture vision. Purpose-built healthcare solutions on full API-integration platforms enable organizations to participate in the API economy, which is key for healthcare companies looking at building a competitive edge. Strong healthcare API platforms provide capabilities such as API marketplaces, API products, API monetization, rate limiting and throttling, etc. Platforms should also support flexible deployment models, and CIOs should be able to pick from SaaS, cloud, on-premises or hybrid cloud deployments.

A critical part of the implementation of these systems is the process of connecting new and existing source systems. Connectivity with well-known claims management systems and electronic health records (EHRs) might be straightforward, while integrating with homegrown systems that have data sitting in databases might be complex. Teams need a purpose-built integration engine that can handle current and future integration requirements. In addition to FHIR, healthcare integration involves various other formats. Connecting these sources will require a fair bit of effort.

As discussed above, becoming compliant with these new rules involves multiple steps. Identifying and validating data sources, integrating with source systems, translating existing formats to FHIR R4 and exposing FHIR resources as APIs are important key steps. This should be coupled with finding the right domain expertise and estimating projected effort in order to complete the project by deadline day. Expect to spend significant effort invalidating, connecting and translating data sources.

Selecting the right technology vendor and deployment model is critical for a timely delivery here. Because APIs are exposed externally, OpenID Connect-based API security and user consent management should be part of the platform. An API developer portal encourages B2B and app developers to subscribe to, test and try out APIs. This will be the foundation of your healthcare API marketplace, where you can productize both APIs compliant to the rule as well as other APIs — and monetize some of them.

Regulations are often a blessing in disguise, and they have led to innovation in industries such as finance. Healthcare is well placed to follow in this path. Healthcare companies should look to building a sustainable API ecosystem and platform business model where all stakeholders collaborate and benefit, leading to better value for the most important stakeholder: patients.

To find out how WSO2 Open Healthcare connects, translates, validates, secures, and exposes health data, click here