Health IT Security, FHIR Focus of ONC Secure API Server Challenge

Elizabeth Snell | HealthIT Security | October 10, 2017

ONC announced a Secure API Server Showdown Challenge, urging stakeholders to focus on health IT security in building FHIR servers.

ONC is challenging healthcare stakeholders to build secure Fast Healthcare Interoperability Resources (FHIR) servers to improve health IT security and ensure that secure FHIR options are available in the future. The Secure API Server Showdown Challenge will ideally “identify unknown security vulnerabilities in the way open source FHIR servers are implemented,” ONC Office of Standards and Technology Director Steven Posnack, MS, MHS, wrote in a blog post.

“FHIR is a standardized way to exchange health information that’s similar to the way we experience using the Internet,” Posnack explained. “The FHIR standard’s security page notes, however, that FHIR ‘is not a security protocol, nor does it define any security related functionality’ so it needs to be paired with appropriate security standards when it comes to deploying, for example, a production-grade FHIR server.”

The Challenge consists of two stages, the first of which has contestants developing and submitting a secured FHIR server for judging, he wrote. Winners advance to Stage 2 and will be eligible to collect a $10,000 prize. The first track of Stage 2 requires participants “to operate their Stage 1 winning FHIR servers throughout Stage 2 and review potential vulnerabilities submitted by Discovery Track teams.”...