Jan 30, 2014


The Case for a Health Records API

Prime has only been in the App Store for 3 months and we’ve already had people approach us for API access, to either our data set (e.g., they want a “Log in with Prime” button in their own app, to allow their app’s users to bring in their Prime health data) or our functionality (e.g., let their app’s users get their health records from any doctor and pull them into their app).

We’re not ready to open up an API but this got me thinking1: we’re so young and (relatively) so small, why are people knocking down our door? Don’t they have somewhere else to go?

Turns out: no, they don’t.

Here is a list of all the public (in at least the most minimum capacity) healthcare REST APIs I know of:

  • drchrono API: push and pull doctor, practice, and patient data to and from your drchrono EMR
  • Practice Fusion Labs API: push lab results to Practice Fusion
  • Greenway Marketplace: push and pull doctor and patient data to and from Greenway’s primeSUITE series of products
  • Mashery’s Health APIs: active.com, Aetna CarePass, FoodCare, and FoodEssentials
  • National Library of Medicine APIs: access to many different data sets (I included this last because the APIs aren’t really tapping into userbase-driven dynamic data sets but they are healthcare APIs, and ones that are actually used no less)

What’s missing? A non-physician-based API for accessing a patient’s health records.

Here is a list of APIs mentioned as existing but don’t seem to actually exist (please correct me in the comments if I am wrong):

I’m sure I’m missing some from both categories, please add more in the comments.

Why are there not more healthcare APIs? I honestly don’t have an answer to this. I have some guesses but not a solid answer. Here are my guesses based on what I’ve learned from being in the healthcare industry for 6 months (and by the way, tech startups generally love offering APIs so I’m really only talking about incumbents here):

  • Incumbents don’t “get” public-facing APIs: Unlikely. As easy as it is to imagine large company executives just not getting it, that’s not my experience in reality. They understand APIs are useful to developer-focused companies; they just don’t think of themselves as a developer-focused company.
  • Incumbents don’t think public-facing APIs are safe: Unlikely. Everyone in healthcare constantly has HIPAA on their minds so this is a quick and easy answer. But the reality is every company already has numerous private APIs in between their own products. And none would say their private APIs aren’t as secure as a public API should be.
  • Incumbents don’t think developers will use a public API: Unlikely. Again, incumbents understand developers will build on data sets. Incumbents just don’t think of developers as a large market.
  • Incumbents don’t feel the need to offer public-facing APIs: This is my best guess. Pharmaceuticals, EMR vendors, and medical device companies already make billions annually. So why open up their data? How would letting developers build on their data sets unlock another billion-dollar market? This is super unfortunate thinking because 1) Silicon Valley has a history/bloodless thirst for disrupting huge industries, 2) the data will find a way to be opened up anyway, and 3) history shows that letting people build on a respected, curated platform yields lucrative dividends. The market is there. The opportunity is there. Narrow thinking and bureaucratic process prevents the innovation.2

What do you think?


  1. And boy, do I like thinking

  2. If you don’t think there are engineers at Epic who want a 21st-century, truly REST API, you better think again. It’s not the engineers who are preventing it from happening.