The title may not be very sexy, but the content and direction of CMS’s latest fact sheet on information blocking should grab everyone’s attention. As the fact sheet makes clear, in order to qualify for the Merit-based Incentive Payment System (MIPS), eligible clinicians must attest that they have not knowingly and willfully limited or restricted the compatibility or interoperability of their certified electronic health record (EHR) technology. The fact sheet specifically calls out technical, policy and workflow decisions as the keys to meeting the requirement and, by implication, the ways that providers and EMR vendors might fail to show “good faith efforts” to meet these requirements.

As discussed by my colleague, Dave Levin MD, in his recent blog post, Liberate Applications with API-Based EMR Integration, application programming interfaces (APIs) allow seamless data exchange and integration into clinical workflows. APIs provide robust, EMR-agnostic integration that rapidly deploy and can quickly evolve. While APIs have many benefits, they also provide additional security for health systems and protection of patient privacy.

The number and variety of cybersecurity threats – from the hacking of Democratic National Committee (DNC) email servers to ransom-ware attacks on healthcare organizations – is on the rise. In a recent blog post, Dr. Karen DeSalvo, Acting Assistant Secretary for Health, quantified the problem by noting that criminal cyber-attacks against healthcare organizations are up 125% compared to five years ago and now surpass employee negligence and lost or stolen laptops as the top cause of health care data breaches. What can be done to mitigate these threats?