Easing the Path for FHIR Client App Developers: A Solution for Credibility, Trust, and Integration Challenges

Easing the Path for FHIR Client App Developers: A Solution for Credibility, Trust, and Integration Challenges

AUTHOR: John Valutkevich, Director of Programs, Drummond Group LLC

As governments and consumers worldwide push for greater access to patient and health data, the role of FHIR (Fast Healthcare Interoperability Resources) client app developers is increasingly vital. App developers are tasked with creating applications that connect healthcare data sources, like Electronic Health Records (EHRs) and Payers, with patients, clinicians, and administrators. However, the journey is loaded with challenges, including a lack of credibility or market trust and the high cost of data source API integration.

Current Landscape

Recent healthcare regulations, including the Office of The National Coordinator for Health Information Technology’s (ONC) 21st Century Cures Final Rule and the Centers for Medicare & Medicaid Services’ (CMS) Interoperability and Patient Access Final Rule, aim to make patient data freely available to various stakeholders, including app developers. The goal is well-intended but has faced numerous challenges, leading many in the health IT industry to consider it aspirational rather than practical.

One significant issue is the lack of specificity in these regulations regarding the nature, purpose, and function of the apps that access patient data. While the rules address broad use cases and how to enable data sharing for apps, there are significant issues regarding trust around how the data will be consumed, stored, and used.

It was initially assumed that the proliferation of patient-focused apps would drive the adoption of interoperability, but this hasn’t materialized as expected. Patients often have portals with their data and may not prioritize using third-party apps for data management. Further complicating this is the fact that these patient portals are also frequently referred to as apps whether the data is accessed via browser or re-packaged as an app for access via a mobile device.

The definition of a FHIR app is vague, leading to low demand and adoption and numerous opportunities for abuse.


R&D, Startup, Innovation Costs

Many FHIR client app developers are small startups with limited resources. They must register and devote time and resources to gain approval from each data source’s app gallery, which can be expensive and time-consuming. There’s also an implementation bias, where adherence to Implementation Guides varies among data sources, slowing down adoption and innovation.

Smaller app developers often feel pressured to start with the largest data sources to gain leverage, which can lead to a one-size-fits-all approach that may not benefit all parties.

Developing Trust

The burden of trust primarily falls on the data sources (EHRs/Payers) due to certification mandates applied to them. However, there’s limited trust in app developers’ self-attestation of data security and privacy practices. Each data source has its own requirements for app developers, creating inconsistencies and a lack of common standards for data security.

The lack of name-brand recognition among many app developers makes it challenging to gain trust from consumers. Consumers want proof that their data is being handled securely and will be permanently deleted if they choose to stop using an app.

The Solution

The industry needs to work together to alleviate the burden faced by FHIR client app developers and ensure a more standardized and secure environment for healthcare data sharing.

One potential solution to these challenges is the introduction of third-party testing and certification. A third-party and impartial evaluation can confirm that an app developer is a good actor, expedite approval processes, and increase trust. The key is to ensure that these third-party entities are recognized as credible by API data sources.

A testing and certification process can test for more than simply adherence to the FHIR standard and legislated requirements. They can use other voluntary frameworks to help develop credibility and trust, such as the Carin Code of Conduct.

The Carin Alliance’s Code of Conduct can serve as a framework for app developers to follow best practices in data handling (including deletion of data and data disposal once a user withdraws consent) and privacy.

To further strengthen trust, impartial third-party testing and certification processes could be mandated by government agencies for FHIR client apps. This would ensure that all app developers meet a common standard for data security and privacy.

In conclusion, FHIR client app developers are crucial in advancing healthcare technology and interoperability. However, they face significant challenges regarding the credibility and trustworthiness of their apps in addition to increasing integration costs. By implementing third-party testing and certification processes, following industry codes of conduct, and introducing government-mandated standards, we can alleviate these burdens and promote a more efficient, secure, and trusted environment for healthcare data sharing. This not only benefits app developers and source API developers, but also ensures increased interoperability and usability for patients, clinicians, and administrators, thereby facilitating better healthcare outcomes overall.

Book your FREE consultation with a Drummond Health IT FHIR expert today!

We’ve identified the topics our customers ask about most and are ready to share our expertise with you. You can choose from the following FHIR topics:

  • Patient & Provider Access FHIR APIs
  • Payer-to-Payer Data Exchange FHIR APIs
  • Prior Authorization & Burden Reduction FHIR APIs
  • No Surprises Act FHIR APIs
  • ONC and CMS FHIR Federal Regulations

Are you ready to start your compliance journey?

More News

Download Drummond's Guide to Integration Review of E-Prescription Module

Please fill out the form below to download the guide.

Oops! We could not locate your form.

Drummond's guide to EPCS Recertification

Please fill out the form below to download the guide.

Oops! We could not locate your form.

Drummond's guide to Initial EPCS Certification

Please fill out the form below to download the guide.

Oops! We could not locate your form.