Belitsoft > Patient Access API: the ONC/CMS final rules 2020/2021

Patient Access API: the ONC/CMS final rules 2020/2021

On 9 March 2020, the U.S. Department of Health and Human Services (HHS) finalized two rules (the ONC final rule and the CMS final rule) that will give patients “unprecedented” access to their health data. These final rules require both public and private entities to share health information between patients and third-party developers, which will be allowed to include claims data and other patient health information in their apps.


We build APIs for EHR systems, patient portals, and mobile applications. Need help with API development or testing?
Let's talk.

ONC’s final rule establishes API requirements to support a patient’s securely and easily access and use their electronic health information from their provider’s medical records for free, using the smartphone app.

Beginning January 1, 2021, Medicare Advantage, Medicaid, CHIP, and, for plan years beginning on or after January 1, 2021, plans on the federal Exchanges will be required to share claims and other information related to their medical encounter, such as cost or clinical information, with patients through the Patient Access API (HL7 FHIR version 4.0.1).

This rule also requires MA organizations, Medicaid FFS programs, CHIP FFS programs, Medicaid managed care plans, and CHIP managed care entities to make provider directory information publicly available via FHIR-based Provider Directory API. This rule also has an implementation deadline of January 1, 2021.

This API will allow patients to access their data through any third-party application they choose and could also be used to integrate a health plan’s information to a patient’s EHR. Patients can take this information with them as they move from plan to plan, and provider to provider.

The CMS final rule establishes a new Condition of Participation for all Medicare and Medicaid participating hospitals, requiring them to send electronic notifications to another healthcare facility or community provider or practitioner when a patient is admitted, discharged, or transferred.

Follow these steps to get start

  1. One of your patients identifies a patient health app, for example, the Apple Health app that they would like to use to access their health information.
  2. Ask your EHR provider to give you links to the appropriate APIs, Including the patient's ID, Allergies, Assessments, all current Care Team members, all current Goals, all current Health Concerns, Immunizations, Lab Results, pending and future Lab Tests, current and past Medications, implanted and removed Medical Equipment records, current demographics (Race, Ethnicity, Name, Sex, Date of Birth, and Preferred Language), active, inactive and resolved Problems, Procedures, Social History data (Including Smoking Status), and Vital Signs.
  3. For third-party applications chosen by individuals to facilitate their access to their Electronic Health Information Export, you don’t need (page 465) to “vet” these applications on security grounds.
  4. Provide these links to the Apple Health app developers to allow them to connect to your EHR. Once they integrate them into their app, they should provide instructions for accessing health information for their users, including your patient.

Some EHR vendors express criticism

Among the most vocal critics of these final rules was EHR vendor Epic. It posted a long note, which points to a recent study showing that 79% of healthcare apps resell or share data.  "By requiring health systems to send patient data to any app requested by the patient, the ONC rule inadvertently creates new privacy risks," according to Epic.

Earlier, Tommy Thompson, former HHS Secretary – and former governor of Wisconsin -  wrote in the Wisconsin State Journal that the regs “would compel Epic to give its trade secrets away to venture capitalists, Big Tech, Silicon Valley interests, and overseas competitors for little or no compensation...HHS' rule would conscript Epic to work for these new entrants, subverting free-market principles at the expense of Wisconsin residents”.

Companies such as Apple, Google and Microsoft are all proponents of the new rules. They are members of the CARIN Alliance, which has advocated that "the two proposed rules should be finalized and released immediately." (By the way, Epic this month announced plans to stop integrations with Google Cloud.)

Never miss a post! Share it!

Written by
Partner / Department Head
"I've been leading projects and managing teams with core expertise in ERP development, CRM development, SaaS development in HealthTech, FinTech and other domains for 15 years."
16 reviews

Rate this article

Recommended posts

Belitsoft Blog for Entrepreneurs


Custom Electronic Healthcare Record SaaS Development
Custom Electronic Healthcare Record SaaS Development
Belitsoft has successfully developed an MVP version of a cloud-based electronic healthcare record (EHR) platform for a well-known Company in the healthcare industry.
Telehealth Software Development for Mental Health Providers
Telehealth Software Development for Mental Health Providers
A founder of a healthcare startup from the USA reached out to us. His idea was to develop a turnkey telemedicine portal that would connect mental/behavioral health professionals and their patients.
Project Management System for a Health, Security and Environment Company
Project Management System for a Health, Security and Environment Company
Belitsoft’s client, a French company providing services in Health, Security & Environment, required software which would exclude the paperwork and replace Excel spreadsheets with the industry-specific functionality. They got a convenient project management tool and could improve the transparency of work processes.
Custom Healthcare Web Development
Custom Healthcare Web Development
The client's idea was to create a community of people challenged with different diseases to provide live communication among them. The dimensions of the community grow (5000+ members) and that proves the fact that it is a popular site to find friends, share experience and support each other.

Our Clients' Feedback

Let's Talk Business
Do you have a software development project to implement? We have people to work on it. We will be glad to answer all your questions as well as estimate any project of yours. Use the form below to describe the project and we will get in touch with you within 1 business day.
Contact form
We will process your personal data as described in the privacy notice
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply
Call us

USA +1 (917) 410-57-57

UK +44 (20) 3318-18-53

Email us

[email protected]

to top