Through SMART, FHIR, and the Argonaut Project, standardized APIs for EHR data interoperability are finally starting to show serious signs of traction. That means the health industry will start to see more complete records, better care, and more robust data sets that can power machine learning algorithm. But it also means more data in the hands of patients, and more responsibility for developers regarding the security of that data.

In his opening keynote at Dev4Health in Cleveland this week, former US Chief Technology Officer Aneesh Chopra said he thinks FHIR has turned a corner.

“Clinical data on patients will now essentially all flow through a single technical path,” he said. “This is my prediction: that we will have essentially FHIR servers that are compliant with the Argonaut Project specification in every doctor’s office, every hospital system, and, I believe voluntarily, you’ll see the same at pharmacies and other stakeholders. We are reaching massive convergence on a single technical path to sharing information about a patient’s condition.”

Chopra said that his assertion that FHIR has arrived is supported by both the high caliber players embracing it and the sheer number of users.

“You heard about the Apple story, and my perception is the judgement that Apple made to not go its own way with an Apple API but to use the FHIR API as constrained by the Argonaut project suggests that we have truly got consumer scale,” he said. “Epic and Cerner and Athena and McKesson and all the major EHR vendors [are using FHIR]. Over half of the certified projects on the ONC website have voluntarily chosen the FHIR API. That’s half by number. If you did it by market share I would estimate it’s well over 80 percent.”

He also highlighted a partnership between the VA and the Cleveland Clinic, a CMS pilot project, and a partnership between Cleveland Clinic and Oscar Health as further examples.

“The Cleveland Clinic is on its own exposing the FHIR scheduling resource, which is beyond what’s currently regulated,” Chopra said. “So Oscar patients in this network can now access open slots in the Cleveland Clinic without having to go through the Cleveland Clinic home page. So I don’t need to have multiple portalitis. I can simply have my Oscar app and I can schedule my appointments right there from the phone.”

But as data flows more freely, Chopra warned, it’s incumbent on everyone to keep it safe.

“Now as we move to this digital health environment and we think about all the applications that are available, this is the opportunity for us to acknowledge today’s usernames and passwords are not the ideal way. We need to find a better way and that discussion about ID proofing and ways to get the digital license is an issue we’re going to have to grapple with,” he said.

Specifically, Chopra believes HIPAA needs to be augmented with a “voluntary but enforceable code of conduct” that applies to data even if it didn’t originate in the healthcare system.

“We’ve got to find a way to strengthen consumer protections, and to me that means we need an enforceable code of conduct that you would voluntarily pledge to in advance long before people start flowing information from the HIPAA-covered entity to your apps,” he said. “We’ve done this in the education domain. A number of stakeholders, Apple, AT&T, Google, many others, have said what they would do and what they would not do and lying on that pledge puts you in front of the FTC.”

Check out the embedded video below to watch Chopra’s full keynote on HIMSSTV.