ONC Names API Server Showdown Stage 2 Winner

The Office of the National Coordinator for Health Information Technology (ONC) has named 1UpHealth as the Stage 2 winner of the “Secure API Server Showdown” challenge.

Application programming interfaces (APIs) are technology that allow one software program to access the services provided by another software program. The 21st Century Cures Act calls for the development of APIs that do not require “special effort” for developers to access and exchange health information.

As such, according to ONC officials, the challenge “sought to engage the health IT industry to identify Fast Healthcare Interoperability Resources (FHIR) servers that reinforce the value of following technical security best practices on an industry-wide scale. These best practices ensure the most widely-accepted and effective measures are taken resulting in a high quality, secure FHIR server, further helping to protect the health information it contains.”

In Stage 1 of the challenge, Maryland-based tech company Asymmetrik built a secure, Health Level 7 (HL7) FHIR server using current industry technical standards, best practices, and recently issued healthcare-specific technical requirements for security. This included using the Substitutable Medical Apps, Reusable Technology (SMART) App Authorization Guide, ONC officials noted.

To win Stage 2, participants were tasked with finding weaknesses in the FHIR server developed by Asymmetrik. “1UpHealth identified ways to strengthen the open source FHIR server, improving the overall security of the server and supporting the sensitive patient data being stored or transmitted,” ONC revealed.