National Coordinator Micky Tripathi | Administrator Chiquita Brooks-LaSure |
Office of the National Coordinator for Health Information Technology | Centers for Medicare & Medicaid Services |
Mary E. Switzer Building | Hubert H. Humphrey Building |
330 C. St SW, 7th Floor | 200 Independence Avenue, SW Room 445-G |
Washington, DC 20024 | Washington, DC 20201 |
January 5, 2022
National Coordinator Tripathi and Administrator Brooks La-Sure,
On behalf of the undersigned organizations, we request both The Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) review the security and vulnerability flaws of Fast Healthcare Interoperability Resource (FHIR) based application program interfaces (APIs) identified by the Health Information Sharing and Analysis Center (H-ISAC)1 and reevaluate the FHIR API polices outlined by both ONC and CMS. We appreciate the opportunity to raise these concerns and hope you will consider taking the necessary action to allow the healthcare community additional time to assess these risks and determine a path forward.