ONC Announces Secure API Server Showdown Challenge | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

ONC Announces Secure API Server Showdown Challenge

October 11, 2017
by Rajiv Leventhal
| Reprints

The Office of the National Coordinator for Health IT (ONC) has announced a new challenge that will invite interested stakeholders to build secure FHIR servers using current industry standards and best practices.

In a blog post announcement, ONC introduced the Secure API Server Showdown Challenge, which aims to identify unknown security vulnerabilities in the way open source FHIR servers are implemented, and will result in a hardened code base from which all stakeholders can benefit as they deploy FHIR servers in the future.

The post, from Steven Posnack, director, office of standards and technology, ONC, noted that the Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) standard was released as a first draft standard for trial use in 2014 for implementation in health IT software. Posnack wrote that, “FHIR standard’s security page notes, however, that FHIR ‘is not a security protocol, nor does it define any security related functionality’ so it needs to be paired with appropriate security standards when it comes to deploying, for example, a production-grade FHIR server.”

To this point, Posnack said that many security standards already exist for web services and can be applied to FHIR. Specific to health IT, the Argonaut Project’s Data Query Implementation Guide, being deployed by many health IT developers, points to the SMART APP Authorization Guide for its security layer. “Implementing security in health IT is necessary and some of the specifications are not for the faint-hearted, but it’s important that the industry gets as much experience as possible when deploying secure, FHIR servers,” he wrote.

As such, ONC’s challenge will include two stages. In the first stage, participants will each develop and submit for judging a secured FHIR server. Three winning servers will be chosen to advance to the second stage, where they will face teams of security minded people vying to find security vulnerabilities, according to Posnack.

Get the latest information on Interoperability/Health and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Ohio Man Charged for Allegedly Defrauding Cleveland Clinic out of $2.8M

A man in Westlake, Ohio has been indicted in federal court for his role in a conspiracy to defraud the Cleveland Clinic out of at least $2.8 million.

Survey: Most Providers Say Interoperability by 2020 Not Attainable with Current Federal Policies

The majority of healthcare providers (71 percent) believe that current federal polices, committees and regulations are not sufficient to help the country attain meaningful health IT interoperability by 2020.

House Committee Presses Nuance Executives on NotPetya Attack

he U.S. House Energy and Commerce Committee is requesting that Nuance Communications executives provide more information about the malware incident, called NotPetya, that impacted the company, along with multinational companies in 65 countries, back in June.

Regenstrief Researchers to Study Impact of HIE on Emergency Care

Scientists at the Indianapolis-based Regenstrief Institute are conducting what they say is the first study of health information exchange (HIE) use over multiple years to evaluate whether it improves patient outcomes in emergency departments.

Report: Healthcare Organizations Struggle with Human Error in Securing PHI

In the first nine months of 2017, unintended disclosure accounted for 41 percent of healthcare data breach incidents, according to a report from specialist insurer Beazley.

Three More Providers Receive 2017 HIMSS Davies Awards

Three patient care organizations have received the 2017 global Healthcare Information and Management Systems Society (HIMSS) Enterprise Nicholas E. Davies Award of Excellence for healthcare technology innovations that improve patient outcomes.