ONC Announces Winners of Its Secure API Showdown

Want to make building secure application programming interface (API) servers more exciting than it already is? Make it a competition.

That’s what the Department of Health and Human Services’ Office of the National Coordinator (ONC) did. Its “Secure API Server Showdown” Challenge was announced in October 2017. This week, the agency released the winners.

The challenge asked programmers to develop Fast Healthcare Interoperability Resources (FHIR)-compliant servers that would allow healthcare applications to securely access and exchange healthcare information without requiring “special effort,” as mandated by the 21^st Century Cures Act.

>>READ: Data Science Bowl Yields 68K Algorithms and 1 Big Biomedical Break

The first stage of the challenge required entrants to build such a server, which Maryland-based tech provider Asymmetrik did successfully. “Using the Asymmetrik Framework, a developer could, for instance, aggregate patient data from multiple EHR systems, or build a server that allows data from legacy health record systems to be accessed using FHIR,” according to the GitHub description of the project.

The second stage had 2 tracks: In the Server track, the winning teams from stage 1 operated and monitored their creations while groups in the Discovery track prodded their work to find vulnerabilities. 1upHealth won Stage 2 and took home the prize by discovering the most flaws in Asymmetrik’s system. Their findings allowed the framework to be refined into an even more robust and secure API server.

Ultimately, the goal of the Showdown wasn’t just to award modest cash prizes—though that did happen—but rather to create a program that could be useful to other health IT developers. The unique FHIR implementation code is open source and now available to be built upon.

For 1upHealth, the victory isn’t its first in an ONC challenge. In 2016, it took 2^nd place in the Privacy Policy Snapshot Challenge, which asked participants to build a privacy policy generator to help health tech companies build custom, consumer-friendly policy notices.

Related Coverage:

Immersive Announces Updated Data Governance Framework for Healthcare

ONC Announces New Patient Guide for Accessing Health Records

Data Science Bowl 2018: A Deep Learning Drive