ONC Announces Secure API Server Showdown Challenge | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

ONC Announces Secure API Server Showdown Challenge

October 11, 2017
by Rajiv Leventhal
| Reprints

The Office of the National Coordinator for Health IT (ONC) has announced a new challenge that will invite interested stakeholders to build secure FHIR servers using current industry standards and best practices.

In a blog post announcement, ONC introduced the Secure API Server Showdown Challenge, which aims to identify unknown security vulnerabilities in the way open source FHIR servers are implemented, and will result in a hardened code base from which all stakeholders can benefit as they deploy FHIR servers in the future.

The post, from Steven Posnack, director, office of standards and technology, ONC, noted that the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard was released as a first draft standard for trial use in 2014 for implementation in health IT software. Posnack wrote that, “FHIR standard’s security page notes, however, that FHIR ‘is not a security protocol, nor does it define any security related functionality’ so it needs to be paired with appropriate security standards when it comes to deploying, for example, a production-grade FHIR server.”

To this point, Posnack said that many security standards already exist for web services and can be applied to FHIR. Specific to health IT, the Argonaut Project’s Data Query Implementation Guide, being deployed by many health IT developers, points to the SMART APP Authorization Guide for its security layer. “Implementing security in health IT is necessary and some of the specifications are not for the faint-hearted, but it’s important that the industry gets as much experience as possible when deploying secure, FHIR servers,” he wrote.

As such, ONC’s challenge will include two stages. In the first stage, participants will each develop and submit for judging a secured FHIR server. Three winning servers will be chosen to advance to the second stage, where they will face teams of security minded people vying to find security vulnerabilities, according to Posnack.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Cedars-Sinai Collaborates on Organs-on-Chip Precision Medicine Project

Scientists at Los Angeles-based Cedars-Sinai, in partnership with biotechnology startup Emulate, are pioneering a Patient-on-a-Chip program to help predict which disease treatments would be most effective based on a patient's genetic makeup and disease variant.

Blockchain Company Hashed Health Gets New Partner

ODH, Inc., a New Jersey-based health technology company, has joined with blockchain innovation consortium Hashed Health.

NCQA Approved by Government as ONC-Authorized Testing Lab

The National Committee for Quality Assurance (NCQA) has announced that its eMeasure testing laboratory is now approved by the Office of the National Coordinator for Health Information Technology (ONC).

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.