eLaws | eCases | United States Code | Federal Courts |
 Code of Federal Regulations (Last Updated: November 8, 2024)
 Title 45 - Public Welfare
 Subtitle A—Department of Health and Human Services
 SubChapter D—Health Information Technology
 Part 170 - Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology
 Subpart B - Standards and Implementation Specifications for Health Information Technology

  § 170.215 - Application Programming Interface Standards.  

Latest version.

  • § 170.215 Application Programming Interface Standards.

    Cross Reference
    Link to an amendment published at 89 FR 1428, Jan. 9, 2024.
    Cross Reference

    The

    effective date of this amendment was corrected to read Mar. 11, 2024, at 89 FR 8548, Feb. 8, 2024.

    The Secretary adopts the following standards and associated implementation specifications as the available standards for application programming interface interfaces (API) standards and associated implementation specifications:

    (a) API base standard. The following are applicable for purposes of standards-based APIs.

    (1) Standard. HL7® Fast Healthcare Interoperability Resources (FHIR ®FHIR®) Release 4.0.1 (incorporated by reference in , see § 170.299).

    (2) [Reserved]

    (b) API constraints and profiles. The following are applicable for purposes of constraining and profiling data standards.

    (1) United States Core Data Implementation Guides

    (i) Implementation specification.

    HL7

    HL7® FHIR® US Core Implementation Guide STU 3.1.1 (incorporated by reference in § 170.299).

    (3) Implementation specification. HL7

    The adoption of this standard expires on January 1, 2026.

    (ii) Implementation Specification. HL7® FHIR® US Core Implementation Guide STU 6.1.0 (incorporated by reference, see § 170.299).

    (2) [Reserved]

    (c) Application access and launch. The following are applicable for purposes of enabling client applications to access and integrate with data systems.

    (1) Implementation specification. HL7® SMART Application Launch Framework Implementation Guide Release 1.0.0, including mandatory support for the “SMART Core Capabilities” (incorporated by reference, see § 170.299). The adoption of this standard expires on January 1, 2026.

    (2) Implementation specification. HL7® SMART App Launch Implementation Guide Release 2.0.0, including mandatory support for the “Capability Sets” of “Patient Access for Standalone Apps” and “Clinician Access for EHR Launch”; all “Capabilities” as defined in “8.1.2 Capabilities,” excepting the “permission-online” capability; “Token Introspection” as defined in “7 Token Introspection” (incorporated by reference, see § 170.299).

    (

    4)

    d) Bulk export and data transfer standards. The following are applicable for purposes of enabling access to large volumes of information on a group of individuals.

    (1) Implementation specification.

    FHIR

    FHIR® Bulk Data Access (Flat

    FHIR

    FHIR®) (v1.0.0: STU 1), including mandatory support for the “group-export” “OperationDefinition” (incorporated by reference

    in

    , see § 170.299).

    (

    b)

    2) [Reserved]

    (e) API authentication, security, and privacy. The following are applicable for purposes of authorizing and authenticating client applications.

    (1) Standard. OpenID Connect Core 1.0, incorporating errata set 1 (incorporated by reference

    in

    , see § 170.299).

    [85 FR 25941, May 1, 2020, as amended at 85 FR 70082, Nov. 4, 2020

    (2) [Reserved]

    [89 FR 1428, Jan. 9, 2024]