follow us on facebook follow us on twitter email us

Secure API Server Showdown Challenge

About the Challenge
ONC invites interested stakeholders to build a secure, FHIR server using current industry standards, best practices, and recently issued healthcare-specific implementation guide requirements.

Posted By: Department of Health and Human Services
Category: Software/Apps
Skill: Software/Apps Interest: Business Submission Dates: 12 a.m. ET, Feb 20, 2017 - 11:59 p.m. ET, Apr 09, 2018

Secure API Server Showdown Winner Announced

Winner helped to find security weaknesses in database

The Department of Health and Human Service’s Office of the National Coordinator for Health Information Technology (ONC) today announced the Stage 2 winner of the “Secure API Server Showdown” Challenge. Application programming interfaces (APIs) are technology that allow one software program to access the services provided by another software program. The 21st Century Cures Act calls for the development of APIs that do not require “special effort” for developers to access and exchange health information.

The challenge sought to engage the health IT industry to identify Fast Healthcare Interoperability Resources (FHIR®) servers that reinforce the value of following technical security best practices on an industry-wide scale. These best practices ensure the most widely-accepted and effective measures are taken resulting in a high quality, secure FHIR server, further helping to protect the health information it contains. The winner of the challenge is 1UpHealth.

In Stage 1 of the challenge, Asymmetrik built a secure, Health Level 7 (HL7®) FHIR server using current industry technical standards, best practices, and recently issued healthcare-specific technical requirements for security. This included using the Substitutable Medical Apps, Reusable Technology (SMART) App Authorization Guide.

To win stage 2, participants were tasked with finding weaknesses in the FHIR server developed by Asymmetrik. 1UpHealth identified ways to strengthen the open source FHIR server, improving the overall security of the server and supporting the sensitive patient data being stored or transmitted.

As a result of this challenge, a unique open source FHIR implementation using JavaScript, Node.js and MongoDB is now available for industry developers to build upon. This implementation meets the security technical requirements as specified in the Argonaut Data Query Implementation Guide Version 1.0.0. The source code is available for public use on GitHub.


Prizes $50,000.00

Add to the Discussion

No solutions have been posted for this challenge yet.
Submit Solution
Submissions for this competition are being accepted on a third-party site. Please visit the external site for instructions on submitting:
Challenge Followers
Public Profile: 0
Private Profile: 2