Posted By: Department of Health and Human Services
Category: Software/Apps Skill: Software/Apps Interest: Business Submission Dates: 12 a.m. ET, Feb 20, 2017 - 11:59 p.m. ET, Apr 09, 2018
Secure API Server Showdown Winner Announced
Winner helped to find security weaknesses in database
The Department of Health and Human Service’s Office of the National Coordinator for Health Information Technology (ONC) today announced the Stage 2 winner of the “Secure API Server Showdown” Challenge. Application programming interfaces (APIs) are technology that allow one software program to access the services provided by another software program. The 21st Century Cures Act calls for the development of APIs that do not require “special effort” for developers to access and exchange health information.
The challenge sought to engage the health IT industry to identify Fast Healthcare Interoperability Resources (FHIR®) servers that reinforce the value of following technical security best practices on an industry-wide scale. These best practices ensure the most widely-accepted and effective measures are taken resulting in a high quality, secure FHIR server, further helping to protect the health information it contains. The winner of the challenge is 1UpHealth.
In Stage 1 of the challenge, Asymmetrik built a secure, Health Level 7 (HL7®) FHIR server using current industry technical standards, best practices, and recently issued healthcare-specific technical requirements for security. This included using the Substitutable Medical Apps, Reusable Technology (SMART) App Authorization Guide.
To win stage 2, participants were tasked with finding weaknesses in the FHIR server developed by Asymmetrik. 1UpHealth identified ways to strengthen the open source FHIR server, improving the overall security of the server and supporting the sensitive patient data being stored or transmitted.