Want to make building secure API servers more exciting than it already is? Make it a competition. That's what HHS's ONC did.
Want to make building secure application programming interface (API) servers more exciting than it already is? Make it a competition.
That’s what the Department of Health and Human Services’ Office of the National Coordinator (ONC) did. Its “Secure API Server Showdown” Challenge was announced in October 2017. This week, the agency released the winners.
The challenge asked programmers to develop Fast Healthcare Interoperability Resources (FHIR)-compliant servers that would allow healthcare applications to securely access and exchange healthcare information without requiring “special effort,” as mandated by the 21st Century Cures Act.
The first stage of the challenge required entrants to build such a server, which Maryland-based tech provider Asymmetrik did successfully. “Using the Asymmetrik Framework, a developer could, for instance, aggregate patient data from multiple EHR systems, or build a server that allows data from legacy health record systems to be accessed using FHIR,” according to the GitHub description of the project.
The second stage had 2 tracks: In the Server track, the winning teams from stage 1 operated and monitored their creations while groups in the Discovery track prodded their work to find vulnerabilities. 1upHealth won Stage 2 and took home the prize by discovering the most flaws in Asymmetrik’s system. Their findings allowed the framework to be refined into an even more robust and secure API server.
Ultimately, the goal of the Showdown wasn’t just to award modest cash prizes—though that did happen—but rather to create a program that could be useful to other health IT developers. The unique FHIR implementation code is open source and now available to be built upon.