ONC Announces Secure API Server Showdown Challenge

Oct. 11, 2017
ONC has announced a new challenge that will invite interested stakeholders to build secure FHIR servers using current industry standards and best practices.

The Office of the National Coordinator for Health IT (ONC) has announced a new challenge that will invite interested stakeholders to build secure FHIR servers using current industry standards and best practices.

In a blog post announcement, ONC introduced the Secure API Server Showdown Challenge, which aims to identify unknown security vulnerabilities in the way open source FHIR servers are implemented, and will result in a hardened code base from which all stakeholders can benefit as they deploy FHIR servers in the future.

The post, from Steven Posnack, director, office of standards and technology, ONC, noted that the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard was released as a first draft standard for trial use in 2014 for implementation in health IT software. Posnack wrote that, “FHIR standard’s security page notes, however, that FHIR ‘is not a security protocol, nor does it define any security related functionality’ so it needs to be paired with appropriate security standards when it comes to deploying, for example, a production-grade FHIR server.”

To this point, Posnack said that many security standards already exist for web services and can be applied to FHIR. Specific to health IT, the Argonaut Project’s Data Query Implementation Guide, being deployed by many health IT developers, points to the SMART APP Authorization Guide for its security layer. “Implementing security in health IT is necessary and some of the specifications are not for the faint-hearted, but it’s important that the industry gets as much experience as possible when deploying secure, FHIR servers,” he wrote.

As such, ONC’s challenge will include two stages. In the first stage, participants will each develop and submit for judging a secured FHIR server. Three winning servers will be chosen to advance to the second stage, where they will face teams of security minded people vying to find security vulnerabilities, according to Posnack.

Sponsored Recommendations

Bridging the Health Plan/Provider Gap: Data-Driven Collaboration for a Value-Based Future

Download the findings report to understand the current perspective of provider and health plan leaders’ shift to value-based care—with a focus on the gaps holding them back and...

Exploring the future of healthcare with Advanced Practice Providers

Discover how Advanced Practice Providers are transforming healthcare: boosting efficiency, cutting wait times and enhancing patient care through strategic integration and digital...

Unlock Staff Capacity, Increase Safety and Reduce Operational Spend - Realizing ROI from AI enabled RTLS

Unlock staff capacity and enhance safety with AI-enabled RTLS! Join us on June 25th to learn how these systems can reduce operational spending and complexity, improving efficiency...

New Research: The State of Healthcare Cloud Security and Compliance Posture

Compliance & Security Debt Awareness Could Have Prevented Change Healthcare & Ascension Healthcare Breaches