Rucker: New rules will promote patient access to health data

National Coordinator for Health Information Technology Dr. Don Rucker told lawmakers on Tuesday that patients, providers and payers will soon be able to access health data easier thanks to his agency's work.

But Rucker didn't provide details on how these open application programming interfaces will come to fruition, since the rules addressing those APIs—including a rule on patient access and another on information-blocking—are still forthcoming.

Several members of the House Energy and Commerce Committee's Health Subcommittee asked Rucker when the information-blocking rule, which will define exceptions to the prohibition on information-blocking, will come out. The Office of the National Coordinator has already written the rule, and it is currently with the Office of Management and Budget—a point Rucker clarified many times.

"I am optimistic that it will be soon, but these are folks that are not under my control," he said.

That rule, along with one addressing patient access and interoperability, have been under OMB review since September.

Rucker hinted that at least one rule will set out how open APIs, required under the 21st Century Cures Act, will give patients more control over their health records. APIs allow apps to use resources and data from other apps.

"Our rulemaking will implement that patients can direct their smartphones at the providers' endpoints and download their records," Rucker said.

By pushing open APIs, the rule or rules will also encourage a marketplace for apps to allow that access, Rucker said.

Apple's Health app already lets patients download their records from providers. Patients of certain healthcare systems can now pull their health data directly onto their iPhones and permit it to flow into third-party apps.

By pushing open APIs, the ONC will also push the healthcare technology industry to move closer to the rest of the tech world.

"Historically, we've done it all ourselves with one of the healthcare protocols," Rucker said. "We're trying to move healthcare, with FHIR, into the modern technology stack."

Rep. Susan Brooks (R-Ind.) wondered what regulatory changes, if any, could speed up the process. But Rucker said companies will need to balance security, privacy and how easy the technology is to use.

Multiple committee members worried about the privacy and security implications of opening up health data. Rucker said the movement to the cloud will help since that lets individual users cede some security responsibilities to the vendors whose clouds they rely on.

The term "open API"—and misunderstanding of what it means—was the source of some of the concern. Rucker clarified: "The open API is in some ways misnamed. It in some ways should be a very secure API."

The forthcoming rules will address security requirements for APIs, Rucker added.