Regulations last checked for updates: Nov 25, 2024

Title 45 - Public Welfare last revised: Nov 19, 2024
All TitlesTitle 45Chapter APart 170Subpart B - Subpart B—Standards and Implementation Specifications for Health Information Technology
View all text of Subpart B [§ 170.200 - § 170.299]
§ 170.215 - Application Programming Interface Standards.

The Secretary adopts the following standards and associated implementation specifications as the available standards for application programming interfaces (API):

(a) API base standard. The following are applicable for purposes of standards-based APIs.

(1) Standard. HL7® Fast Healthcare Interoperability Resources (FHIR®) Release 4.0.1 (incorporated by reference, see § 170.299).

(2) [Reserved]

(b) API constraints and profiles. The following are applicable for purposes of constraining and profiling data standards.

(1) United States Core Data Implementation Guides—(i) Implementation specification. HL7® FHIR® US Core Implementation Guide STU 3.1.1 (incorporated by reference in § 170.299). The adoption of this standard expires on January 1, 2026.

(ii) Implementation Specification. HL7® FHIR® US Core Implementation Guide STU 6.1.0 (incorporated by reference, see § 170.299).

(2) [Reserved]

(c) Application access and launch. The following are applicable for purposes of enabling client applications to access and integrate with data systems.

(1) Implementation specification. HL7® SMART Application Launch Framework Implementation Guide Release 1.0.0, including mandatory support for the “SMART Core Capabilities” (incorporated by reference, see § 170.299). The adoption of this standard expires on January 1, 2026.

(2) Implementation specification. HL7® SMART App Launch Implementation Guide Release 2.0.0, including mandatory support for the “Capability Sets” of “Patient Access for Standalone Apps” and “Clinician Access for EHR Launch”; all “Capabilities” as defined in “8.1.2 Capabilities,” excepting the “permission-online” capability; “Token Introspection” as defined in “7 Token Introspection” (incorporated by reference, see § 170.299).

(d) Bulk export and data transfer standards. The following are applicable for purposes of enabling access to large volumes of information on a group of individuals.

(1) Implementation specification. FHIR® Bulk Data Access (Flat FHIR®) (v1.0.0: STU 1), including mandatory support for the “group-export” “OperationDefinition” (incorporated by reference, see § 170.299).

(2) [Reserved]

(e) API authentication, security, and privacy. The following are applicable for purposes of authorizing and authenticating client applications.

(1) Standard. OpenID Connect Core 1.0, incorporating errata set 1 (incorporated by reference, see § 170.299).

(2) [Reserved]

[89 FR 1428, Jan. 9, 2024]
authority: 42 U.S.C. 300jj-11; 42 U.S.C 300jj-14; 5 U.S.C. 552.
source: 75 FR 2042, Jan. 13, 2010, unless otherwise noted.
cite as: 45 CFR 170.215
© 2014 CustomsMobile | Disclaimer | Privacy | About