legacy health data

Health Data APIs: Accessing Patient Records, Medical Surveys, and Clinical Studies

“The use of APIs offers new ways to facilitate data exchange in service of myriad use cases,” KLAS Research claims in their 2021 report. Since 2016, this healthcare insights company has been monitoring interoperability — or the ability of health systems to get access to outside information as well as share internal data.

Along with significant progress, the KLAS study points out that “... there is still a significant opportunity... to help data exchange truly impact patient care." In this article, we’ll explore health and medical data APIs allowing patient app developers, hospitals, telehealth providers, clinical research centers, and other players to seize this opportunity and discover the full value of the information.

Types of health and clinical data

Health data is a broad term encompassing any information about health conditions and quality of life, for both individuals and the entire population. Clinical or medical data applies only to the part of health data associated with patient care. In everyday speech, people frequently use these phrases interchangeably, and so do we in this article.

Data related to health is accumulated and stored in multiple forms across various systems, that are often siloed and hardly accessible. APIs serve to address this fragmentation. They enable apps and systems to connect patients, medical professionals, and clinical researchers with the information they're looking for. This includes
  • patient data — such as Electronic Health Records (EHRs) and biometrics from wearables;
  • public health content — like health surveys, statistics, and recommendations; and
  • clinical trials data.
Health data apis and use cases

Health data types, APIs, and use cases.

Below, we’ll study APIs that give access to different types of medical content. A separate section is devoted to APIs offering health data management and analytics capabilities.

Patient data APIs

Patient data APIs give access to support two key goals of interoperability:
  • to grant patients control over their electronic health records (EHRs) and
  • to boost data sharing between health systems.
These APIs deal with protected health information (PHI) and so must adhere to HIPAA Privacy and Security Rules. They are also subject to the Interoperability and Patient Access final rule that dictates compliance with version 4 of FHIR (Fast Healthcare Interoperability Resources) — the latest standard for transferring electronic health records.

FHIR provides a unified way to integrate and merge patient data from various sources. It breaks health records into data elements called "resources." Each of them has the same structure and stores the same amount of information on a single condition, procedure, or lab result. Depending on the query, resources can be extracted separately or combined into a large document.

FHIR standard data layers and resources

FHIR data layers and resources. Source: HL7 International

Currently, companies leveraging FHIR APIs tend to be large health systems. However, smaller players will inevitably join the club under the pressure of the new interoperability rules. They go into effect between 2021 and 2023, making FHIR mandatory to share a standardized set of patient data elements — or the United States Core Data for Interoperability (USCDI). This includes
  • allergies and intolerances,
  • assessment and plan of treatment,
  • care team members,
  • clinical notes,
  • encounter information (in draft),
  • goals,
  • health concerns (health related matters of interest),
  • immunizations,
  • lab tests and results,
  • medications,
  • patient demographics,
  • problems (conditions, diagnosis),
  • procedures,
  • provenance (metadata on who created the data and when),
  • smoking status,
  • unique device identifier for a patient's implantable device, and
  • vital signs.
Patient data apis comparison

Patient data elements accessible via different FHIR APIs.

Below we provide examples of FHIR APIs to create industry-led tools for patients and healthcare organizations.

Apple Health Records API

Apple opened its FHIR-based Health Records API for developers in 2018. It connects with over 500 health systems to retrieve EHR data and organizes pieces of information into a single view on iOS devices. The API aggregates the following data elements:
  • allergies,
  • clinical vitals,
  • conditions,
  • immunizations,
  • lab results,
  • medications, and
  • procedures.
Health recotds interface by Apple

The interface of Health Records feature available via FHIR-based API.

On its way from a hospital or clinic platform to a patient-facing health app, the content is encrypted and doesn’t move through Apple’s networks. Data at rest is protected with the patient’s iPhone passcode, Touch ID, or Face ID.

Primary use cases: medication tracking tools to import prescription lists, set reminders and notify about dangerous drug-drug interactions. Disease management apps to pull out lab data, fine-tune treatment, and improve meal planning.

Human API

Human Clinical API offers connection to 85 percent of US hospitals, pharmacies, and labs covering a total of 264 million American patients. A separate Wearable API collects data from around 300 health devices and fitness apps.

Leveraging the network of more than 40,000 sources, the API ingests diverse health data on a particular patient and makes it FHIR-compatible, using AI algorithms. The technology supports 18 types of data elements:
  • activity,
  • allergies,
  • conditions,
  • demographics,
  • encounters,
  • genotypes and genetic traits,
  • healthcare claims,
  • immunizations,
  • meals,
  • medications,
  • narratives,
  • provider information,
  • plans of care,
  • procedures,
  • sleep,
  • social history,
  • test results, and
  • vitals/observations.
Human API features an authentication widget for patients to grant the app access to their EHRs and electronic accounts — or revoke it whenever they want to. All information is encrypted both in transit and at rest. Once the tool is authorized to extract information, it takes no more than 20 minutes to retrieve a complete Health Electronic Record.

Electronic authorization by Human API

An authentication widget to grant an app access to electronic health data.

Primary use cases: healthcare claims management tools, health and wellness apps, clinical trial software.

Particle Health API

Particle Health uses demographic information (first and last name, gender, ZIP code, and date of birth) to query the network of over 300 million unique patient records. The API returns clinical data sets including consultation notes, lab orders, and Continuity of Care Documents (CCDs).

A standalone Data Transformation API converts these records to an FHIR-compatible format by extracting all USCDI elements a hospital must share with a patient under the interoperability rules.

The HIPAA-compliant API platform covers multiple use cases. For example, it can serve healthcare payers by pulling out information to accomplish risk adjustment, claims adjudication, and proof of statements. Another application is generating short customized reports on patients for doctors, pharmacists, and care coordinators.

Primary use cases: health insurance software, telemedicine platforms, pharmacy management systems.

Public health content APIs

These APIs facilitate building apps and websites to educate both patients and doctors. The evidence-based content keeps people informed about various health risks and ways to stay healthy.

MyHealthfinder content API

MyHealthfinder is a free tool to quickly get health recommendations based on age, sex, and habits. Available in English and Spanish, the tips are maintained by the Office of Disease Prevention and Health Promotion and reviewed at least once every two years.

For example, if you are a 45-year-old man who smokes and is sexually active, the response will contain
  • the list of tests and vaccinations you should get,
  • general recommendations, and
  • recommendations based on risk factors and family history.
MyHealthFinder query

Example of a query via MyHealthfinder. Source: health.gov

MyHealthfinder content can be easily integrated with any hospital website via API to boost patient engagement. The API supports both JSON and XML formats.

Primary use cases: patient-facing apps, hospital websites.


The World Health Organization offers Athena API to query its data portal — the Global Health Observatory (GHO). By default, it returns XML files, but the service also provides the basic support for JSON.

The GHO is the centralized source of global health data. It consolidates statistics by country for more than 1000 indicators. Health topics covered by the GHO include
  • child nutrition and health,
  • maternity and reproductive health,
  • immunization,
  • health systems,
  • sanitation, and
  • particular diseases — for example, HIV/AIDS, tuberculosis, and malaria.
Primary use cases: health analytics solutions, web portals of hospitals, research centers, and medical education departments.

HHS Content Syndication APIs

The US Department of Health and Human Services (HHS) provides its Content Syndication API to make available various types of health information in five languages (English, Spanish, French, Chinese, and Vietnamese). The content includes but is not limited to
  • health-related news,
  • articles on diseases and disorders and their prevention and treatment,
  • medical surveys and studies,
  • health tips and recommendations,
  • descriptions of medical procedures, and
  • other educational materials.
The Syndication System accumulates information from numerous HHS publishing partners — including the US Food and Drug Administration (FDA), Centers for Disease Control and Prevention (CDC), National Cancer Institute (NCI), and many others. The API returns JSON and XML files and enables displaying the content on websites, social media pages, widgets, in EHR systems, mobile apps, etc. Citizen developers can use the API to build a variety of products and services.

HSS medical content disrtibution via API

HHS content distribution via API. Source: SourceForge

You can search the content you need by keyword and then apply filters to narrow down the list of results.

Primary use cases: web portals of hospitals, medical institutions and education departments, patient-facing apps, EHR systems.

Clinical trials APIs

Clinical trials check if a new drug, procedure, or device is safe and better than current options. Such studies need volunteers participation. For patients suffering from certain conditions it often makes sense to join the research. This way, they receive additional medical attention and, potentially, get innovative therapy for free — long before it is widely available or affordable. Trial database APIs increase the chance of finding the right study nearby and tapping into it.

ClinicalTrials.gov API

ClinicalTrials.gov database stores information that is updated daily about over 81,000 clinical trials conducted in the United States and other countries. Its API returns a maximum of 200 results per query, using XML format by default (JSON is also available). Each record contains
  • a trial’s type, current status, and purpose;
  • start and expected completion dates;
  • eligibility criteria for participation (gender, age, diagnosis, etc.);
  • trial locations;
  • the name of the entity supporting the trial; and
  • e-mail and phone numbers to get more details.
The API provides a basic search functionality and several options to filter and optimize results.

Primary use cases: apps for patients and doctors that let users search for clinical trials; web portals of hospitals, medical institutions, and research centers.

Cancer Clinical Trials Search API

The API was launched by the National Cancer Institute (NCI) to facilitate creation of apps, integrations, and digital platforms that will keep care providers and patients informed on cancer clinical trials supported by the NCI. The information is extracted from the Clinical Trial Reporting program (CTRP) database in XML format.

Currently, the API powers the NCI search tool that helps discover appropriate clinical trials based on cancer type, age, location, and other factors.

Primary use cases: apps for oncologists, cancer patients, and their family members; search tools for websites and web portals of cancer treatment and research providers.

Clinical data management and analytics APIs

Tech giants — Amazon, Google, and Microsoft — also do their part in facilitating health information exchange. One by one, they’ve launched APIs that help healthcare organizations manage their data and draw insights using the power of analytics, NLP, and machine learning.

Amazon Comprehend Medical APIs

Amazon Comprehend Medical is a HIPAA-compliant service for the extraction of clinical information from various sources including EHRs, trial reports, and doctor’s notes. It applies natural language processing (NLP) and machine learning algorithms to automatically draw terms describing body parts, medical conditions, medications, and treatment procedures, and link them to unique codes from ICD-10-CM and RxNorm datasets.

Amazon Comprehend Medical workflow

How Amazon Comprehend Medical works.

The service can also identify words associated with protected health information (PHI) — names, ages, professions, addresses, phone numbers, IDs, and more. This allows healthcare companies to better protect such sensitive data and stay compliant with HIPAA.

The functionality is available via two separate API sets: Text Analysis APIs and Ontology Linking APIs that connect medical entities with standardized names. To work with medical documents you must add them to Amazon S3 storage.

Primary use cases: medical billing software, indexing and searching modules for clinical trials, health analytics solutions, patient management tools, clinical decision support systems.

Google Cloud Healthcare API

Google introduced its Healthcare API in 2020 to enable seamless data exchange between existing health systems and apps hosted on Google Cloud.

The API supports HIPAA compliance and all major healthcare data standards — including FHIR for patient access to their health records, DICOM for transmitting medical images, and HL7 v2 for messaging between health systems. It allows you to perform a wide range of operations on medical data:
  • ingesting data from various sources,
  • transforming CSV/HL7v2 files into FHIR format,
  • removing protected health information (PHI) from FHIR and DICOM resources
  • combining data in different formats,
  • applying machine learning to large datasets,
  • managing patient consents and privacy choices, and
  • tracking actions that affect their data.
In addition to its Healthcare API, Google launched Healthcare Natural Language API for deriving insights and medical concepts from unstructured medical texts — such as medical records or insurance claims. Concepts like diseases, medications, and procedures can be mapped to medical codes (ICD-10, RxNorm, and MeSH or Medical Subject Headings).

Primary use cases: health analytics software, solutions for population health, precision medicine and clinical research, extended functionality for existing EHR systems.

Azure API for FHIR

Microsoft Azure is snapping at Google’s heels with an API that allows healthcare organizations to move their legacy medical documents to the cloud, transforming them into the FHIR format. The API can ingest and normalize data from different sources — EHR systems, research databases, and even medical devices using the IoT Connector for processing biometric signals.

Azure IoT Connector converts biometric data from medical devices into FHIR.

Azure IoT Connector converts biometric data from medical devices into FHIR.

The Azure cloud services allow companies to create rich datasets and apply business intelligence tools. Power BI FHIR Connector links the FHIR API to BI platform for analytics and data visualization.

Needless to say, Microsoft takes care of PHI data protection to meet HIPAA requirements and, besides that, covers more than 90 compliance certifications.

Primary use cases: clinical and patient reporting dashboards, clinical decision support and remote patient monitoring systems, scalable EHR systems, analytics solutions for healthcare and health sciences.

Medical API implementation challenges

The number of health data APIs has significantly increased over the past few years. This growth is spurred mainly by the approach of interoperability deadlines, and — to some extent — by the rise in patient engagement. People start to actively participate in healthcare decisions, seeking easy access to various types of medical information.

More APIs mean more available content while a large-scale shift to the FHIR API standard promises fast and stable exchange of well-structured data across the healthcare ecosystem. Still, the new technology comes with its limitations and challenges.

Mapping data to FHIR. Some API providers — like Apple, Google, and Microsoft — offer built-in capabilities to transform legacy health documents into the FHIR format. However, in most cases, healthcare systems and IT experts have to develop a data transformation mechanism to meet a company’s specific needs or customize an existing one. The need for the customization exists because clinical data is often incomplete or redundant.

No security-related solutions. The standard doesn’t address security issues, so you must create HIPAA safeguards alongside FHIR compatibility.

A lack of support for two-way data exchange. FHIR allows you to extract information but doesn’t provide a way to write data back. So, currently, patients can’t make any changes in their health records via apps that use FHIR APIs.

Limited functionality. FHIR data elements don't always cover the entire workflow, and so must be completed with the content stored in other formats. Over time, new elements will be added, but it won’t replace other widely-used standards in the foreseeable future — rather, they will be functioning in parallel.