FAQs

The International Patient Access (IPA) project is a free and open initiative aimed at empowering patients worldwide by enabling secure, selective sharing of their health data across different healthcare systems.

By using Health Level Seven (HL7) Fast Healthcare Interoperability Resources (FHIR) standards, IPA ensures that patients can control who accesses their health information while maintaining the highest levels of data protection and privacy.

HL7®, and FHIR® are the registered trademarks of Health Level Seven International and their use of these trademarks does not constitute an endorsement by HL7.

HL7 FHIR (Fast Healthcare Interoperability Resources) standards are a set of free and open guidelines developed by Health Level Seven International (HL7) to facilitate the exchange of healthcare information electronically. FHIR standards ensure that health data can be shared and understood across different systems and platforms, promoting interoperability and improved patient care.

Many countries already use FHIR, but IPA addresses crucial limitations:

• Secure Access: IPA ensures that only authorized users and apps can access health information, protecting patient privacy. It defines how apps get permission to access data using standard methods (like OAuth 2.0).
• Standardized Data: IPA creates a common set of data types and formats. This means medical apps can work consistently across different systems worldwide, simplifying development, improving interoperability and patient access.
• Consistent Global Standard: IPA enables individual regions and nations to reuse a proven FHIR standard to further a digital health it economy, and improve interoperability.

IPA allows patients to easily access their health data from various healthcare providers. With easy access, patients become more informed and engaged in their healthcare decisions. This can lead to better health outcomes as patients can track their conditions, understand their treatments, and communicate more effectively with their healthcare providers.

With IPA, patients can share health data by granting access to specific health apps. This is done through consent management features within IPA-compliant systems, allowing the patient to control who sees their information and for what purposes.

The patients’ health data is protected through robust security measures, including encryption, secure authentication, and compliance with data protection regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).

Yes, patients can revoke access to your health data at any time, as patient-controlled consent is a key feature of our system. However, it’s important to note that any data that was accessed prior to revocation will still be subject to the privacy policy of the app or health system that accessed the information. This means that the patient should review their policies to understand how your data will be handled after access is revoked.

Many hospitals and clinics worldwide are adopting HL7 FHIR standards and participating in the IPA project. To find out if your local healthcare providers support IPA, check with them directly or visit our official blog for a list of participating institutions.

There are numerous health apps that are integrating with IPA to provide seamless data sharing capabilities. These range from personal health management tools to specialized medical applications. For a sample list of compatible apps, visit our official blog.

There are several ways to get involved with the IPA project:

• Contact Your Government Representative: Advocate for the adoption of IPA standards in national healthcare policies.
• Engage in the IPA Community: Join discussions on the chat.fhir.org chat server.
• Participate in Connectathons: Test and improve FHIR implementations in collaborative events.
• Join the HL7 Patient Empowerment Workgroup: Contribute to initiatives that enhance patient engagement and control over their health data.
  • Upcoming HL7 Events
  • HL7 Patient Care
  • HL7 Patient Empowerment
• Spread the Word: Share information about the IPA project with your network.
• Provide Feedback: Your input is invaluable for improving IPA standards.
• Ask Questions: See if your Electronic Health Records (EHR) vendor supports IPA.

At a high-level, to be compliant with IPA, systems must:

• Implement the FHIR RESTful API framework.
• Support FHIR Version 4.0.1 or later.
• Provide endpoints for patient data access and sharing.
• Ensure robust security protocols, including OAuth 2.0 and SMART on FHIR. For a full list of requirements and specifications, visit the International Patient Access API Specification

Millions of dollars have been invested to secure the SMART App Launch mechanisms within the International Patient Access (IPA) framework. Some jurisdictions have confidently opted to forgo app certification, allowing developers to innovate confidently while ensuring patient data is protected. Regardless of the certification framework in use within a jurisdiction, IPA enables robust security and empowers reliable, efficient health information management.

Check with your EHR or health IT system provider to confirm their support for HL7 FHIR IPA standards. You can also refer to our official blog for a list of compliant systems and providers.