Apps to enable patients to access their EHRs, share with researchers

FHIR, OAuth security standard to create tech platform for patient sharing of EHRs, says Josh Mandel, MD.


A project at Harvard Medical School funded by the National Institutes of Health is leveraging HL7’s emerging Fast Healthcare Interoperability Resources (FHIR) standard and OAuth 2.0 security profiles to enable individuals to access their health data and share it with researchers.

Using standards to share health information technology and putting people at the center of deciding when and how data should flow is the goal of Sync for Science (S4S), which is being coordinated by Harvard Medical School’s Department of Biomedical Informatics, NIH and the Office of the National Coordinator for Health IT.

Critical to this effort is the participation of major electronic health record vendors, including Allscripts, Cerner, eClinicalWorks, Epic and others, who are piloting the use of open, standardized applications to give individuals the ability to easily and securely contribute their data to research studies.

“The basic idea of this is to provide a technology platform where patients choose which apps to share their data with,” Josh Mandel, MD, research scientist in the Harvard Medical School’s Department of Biomedical Informatics, told a HIMSS17 pre-conference symposium in Orlando on Sunday.

Mandel, who is in charge of technical coordination for the project, emphasized that S4S is about sharing EHRs in an easy, automated, and secure way with research studies “in the same form that they’re used to actually take care of a patient.”

In particular, he noted that as part of NIH’s Precision Medicine Initiative (PMI) the agency is looking to recruit 1 million or more Americans to participate in a national cohort and contribute their health information. Called the All of Us research program, the information gathered from volunteers will form the basis of a data set that researchers will use to identify better ways to prevent and treat diseases that are based on individual health, environment, and lifestyle.

“About two-thirds (of participants) will come from hospitals that are involved, and about one-third will come in as what we call direct volunteers,” according to Mandel. “We want to make it as easy as we can for those people to share their electronic health record data.”

Also See: PMI cohort will require data management on a massive scale

Among the core values guiding the development and implementation of PMI’s All of Us cohort are that participants have access to their information, that the data be accessed broadly for research purposes, and that security and privacy will be of highest importance. By connecting a research app to their electronic health data, S4S will help ensure patients’ rights to access under the Health Insurance Portability and Accountability Act, contends Mandel.

“We’re building electronic tools to help them make that request in a simple web-based fashion and have the entire process be automated end-to-end—so, once a patient puts in that request, the provider system can share the data with an app of the patient’s choice quickly and automatically,” he added. “The All of Us program is going to launch an app that can ask for data in this way.” However, at the same time, Mandel made the case that “any research study can use these protocols…for any app that wants to ask for data in this way.”

In the final Meaningful Use Stage 3 rule, the Centers for Medicare and Medicaid Services required certified EHR technology to provide an application programming interface through which patient information can be viewed, downloaded, and transmitted to a third party. In addition, APIs are part of ONC’s 2015 Edition of Health IT Certification Criteria, which requires certified EHRs to demonstrate the ability to provide a patient-facing app access to the Common Clinical Data Set via an API.

“We want to take this technology, which is really part of our Meaningful Use and EHR certification landscape, and build on top of it,” said Mandel. “We use a set of standards—FHIR and OAuth 2.0 (the security standard for approving access)—to ask for access to the data in a variety of these provider systems…FHIR is a standard for sharing clinical data in a structured way, which is what we use for allergies, labs, medications, and other structured data.”

The initial focus of S4S is on a core data set that includes a list of elements including demographics, lab results, medications, problem lists, and vital signs, as defined in ONC’s Common Clinical Data Set. Mandel noted that the CCDS is “not everything” but “it’s a pretty good starting point for researchers and for consumer health apps.” He said future phases of S4S will support methods for sharing other data elements.

More for you

Loading data for hdm_tax_topic #better-outcomes...