The Dynamic FHIR API allows health IT applications to make read-only data requests for patient health information. The API request process encompasses all data elements in ONC’s Common Clinical Data Set and meets §170.315(g)(7), §170.315(g)(8) and §170.315(g)(9) measures under 2015 Edition ONC Certification. The API allows requests for “all” patient data, irrespective of dates/category, and also “by specific data category,” for specified date range and/or data section.
The API is designed to be lightweight and accessible by patient mobile and web applications with robust security that does not impede interoperability. This includes the use of HIPAA-compliant OAuth 2.0, unique identification of patients by Token and the availability of data on receipt of a version 2.1 CCDA.
The API renders FHIR® resources (in XML and JSON) on demand directly from a CCDA repository. FHIR is a set of clinical interoperability resources under the umbrella of HL7 and is based on common web standards. We chose FHIR because it combines the domain-specific features developed over many years through the HL7 standards organization with leading-edge e-commerce and security authorization protocols used by industry leaders.
Through this project, we also made available a FHIR Client Test Application, which enables patient account activation and provides a GUI display of each data category and a method for downloading a full patient CCDA package.