Hospital Use of APIs to Enable Data Sharing between EHRs and Third-Party Technology

In a recent study, we found a large majority of hospitals enabled patient access to their health information via an application programming interface (API) and, increasingly, a standards-based API.(1) Prior studies have also shown that a variety of apps and software may connect via electronic health records (EHRs) to provide services and data to health care providers.(2,3) Beginning in 2023, we began to study to what extent hospitals’ EHRs use APIs to exchange data with third-party technology.(4) This data brief uses data from the 2024 American Hospital Association (AHA) Information Technology (IT) Supplement to build upon these studies and includes, for the first time, insights into how hospitals’ EHRs use APIs to share data for specific clinical and administrative use cases, including for remote patient monitoring, telehealth, prior authorization, and quality reporting. The data brief first examines hospitals’ use of patient-facing APIs to enable information access and engagement, highlighting important differences across hospital characteristics. Finally, we examine hospitals’ use of APIs and other methods to enable data sharing with third-party technology for clinical and administrative purposes. We conclude by summarizing and bringing attention to how these findings can support and inform ongoing industry and public policy efforts.

Highlights

• In 2024, approximately 9 in 10 hospitals enabled patient access to their health information via an API, unchanged from 2022, and, increasingly via standards-based APIs.
• In 2024, large, system-affiliated hospitals using a market-leading EHR more often reported use of standards-based APIs to enable patient access and patient generated health data submission.
• Most hospitals integrate data from and provide data to third-party technology for various clinical and administrative use cases, but mostly via non-standards-based approaches.
• In 2024, large, system-affiliated hospitals using a market-leading EHR more often reported integrating and providing data from and to third-party technology for at least one clinical purpose and at least one administrative purpose.

Standards-based patient access and patient generated health data (PGHD) submission to the EHR are common but not ubiquitous.

Findings

• In 2024, approximately 9 in 10 hospitals enabled patient electronic access to their health information via an API, unchanged from 2022.
• Seven in 10 hospitals (or 4 in 5 hospitals who enabled API-based access) reported use of standards-based APIs (e.g. Health Level 7 (HL7®) Fast Healthcare Interoperability Resources (FHIR®)) to enable patient access.
• Two-thirds of hospitals enabled some kind of patient generated health data (PGHD) submission to the EHR.
• About half of hospitals (or 3 in 4 who supported PGHD submission) reported using standards-based APIs to enable patient electronic submission of PGHD.

Figure 1: Percent of all hospitals that reported using APIs to enable patient access and PGHD submission through apps, 2022-2024.

Use of standards-based APIs to enable patient access and submission of PGHD varied significantly across hospital characteristics.

Findings

• Hospitals used standards-based APIs to enable patient access and PGHD submission more often than non-standards-based APIs.
• In 2024, medium or large, system-affiliated hospitals using a market-leading EHR more often reported use of standards-based APIs to enable patient access and PGHD submission.

Table 1: Percent of hospitals that reported using APIs to enable patient access and submit patient-generated data by hospital and health IT characteristics, 2024.

	Patient Access		PGHD Submissions
	Via a standards-based API	Via a non-standards-based API	Via a standards-based API	Via a non- standards-based API
All Hospitals	71%	16%	48%	16%
EHR
Market leading EHR (Top 3)	74%*	16%	51%*	16%
All other EHRs (ref. group)	48%	17%	30%	17%
Hospital Bed Size
Medium-Large	75%*	17%	53%*	14%*
Small (ref. group)	67%	16%	45%	17%
Hospital Ownership
System affiliated	77%*	16%*	58%*	14%*
Independent (ref. group)	57%	18%	29%	20%

Most hospitals share data for clinical purposes between their EHR and third-party technology, but mostly via non-standards-based approaches.

Findings

• For all four clinical use cases — remote patient monitoring (RPM), telehealth, clinical decision support (CDS), and population health (pop health) — more hospitals reported integrating data into their EHR from third-party technology than providing data from their EHR to third-party technology.
• Hospitals conducted this data sharing more often via proprietary APIs or non-API-based methods than standards-based APIs.

Figure 2: Percentage of hospitals that integrated and provided data for clinical purposes between their EHR and third-party technology, 2024.

Most hospitals share data for clinical purposes between their EHR and third-party technology, but mostly via non-standards-based approaches.

Findings

• For all three administrative use cases — scheduling/intake, prior authorization (prior auth), and quality reporting – a similar proportion of hospitals reported integrating data into their EHR from third-party technology and providing data from their EHR to third-party technology.
• Similar to data sharing for clinical purposes (Figure 2), hospitals conducted this data sharing more often via proprietary APIs or non-API-based methods than standards-based APIs.

Figure 3: Percentage of hospitals that integrated and provided data for administrative purposes from their EHR to third-party technology, 2024.

Most hospitals share data for clinical purposes between their EHR and third-party technology, but mostly via non-standards-based approaches.

Findings

• In 2024, compared to other hospitals, more medium to large system-affiliated hospitals using a market-leading EHR reported integrating data from and providing data to third-party technology for at least one clinical purpose and at least one administrative purpose.
• Half of hospitals reported sharing data for at least one clinicial purpose via standards-based APIs, compared to about 1 in 3 hospitals doing so for at least one administrative purpose.

Table 2: Percentage of hospitals that integrated and provided data for at least one clinical purpose and administrative purpose, stratified by method and hospital characteristics, 2024.

	Clinical Purposes				Administrative Purposes
	Integrate		Provide		Integrate		Provide
	Any Method	Standards-based API	Any Method	Standards-based API	Any Method	Standards-based API	Any Method	Standards-based API
All Hospitals	91%	52%	83%	39%	87%	35%	86%	32%
EHR
Market leading (Top 3)	94%*	56%*	87%*	43%*	90%*	37%*	90%*	34%*
All other (ref. group)	67%	20%	55%	15%	60%	20%	62%	14%
Hospital Bed Size
Medium-Large	96%*	56%*	90%*	44%*	94%*	38%*	93%*	35%*
Small (ref. group)	85%	47%	76%	34%	80%	33%	79%	29%
Hospital Ownership
System affiliated	97%*	60%*	90%*	47%*	93%*	39%*	92%*	36%*
Independent (ref. group)	77%	33%	67%	21%	72%	26%	73%	22%

Summary

To catalyze adoption of modern interoperability approaches, the 21^st Century Cures Act (Cures Act) required that EHRs be configured to enable data to be “accessed, exchanged, and used without special effort through the use of application programming interfaces (APIs).”(5) The ONC Cures Act Final Rule (Cures Rule) finalized a new certification criterion for the implementation of a standardized API for patient and population services.(6) Since January 1, 2023, all certified EHR users are now required to have standardized FHIR APIs for patient and population services available to exchange information with authorized business partners and with patients. As of 2024, 9 in 10 hospitals enabled patient access to an app of their choice via an API, and 7 in 10 did so via a standards-based API.  We find that these rates vary significantly by hospital characteristics and the EHR used by a hospital. In 2024, medium and large system-affiliated hospitals using a market-leading EHR reported use of standards-based APIs to enable patient access more often than other hospitals.

When we examine other types of data sharing, we see some parallels, opportunities, and insights. Patient generated health data (PGHD) submission, although not specifically regulated via the Health IT Certification Program, is a common capability reported by surveyed hospitals. In 2024, nearly two in three hospitals reported that they enabled patients to electronically submit some kind of PGHD to the EHR, and most of these hospitals enabled submission via a standards-based API, despite lacking regulatory or significant policy incentives to do so. Given the findings from other studies that patients are increasingly using smartphone apps to access their medical record and track and manage their health and health information, this finding demonstrates that hospitals are beginning to respond to patient interests as well as the interests of app and device developers to connect to the EHR to support patient engagement and involvement in their care.(7) However, similar to API-enabled patient access, we find significant differences in the types of hospitals that enabled this capability for their patients, with medium and large system-affiliated hospitals using a market-leading EHR as much more likely to do so.

Beyond these patient engagement capabilities, we find that most hospitals are also actively exchanging data between their EHR and third-party technology for various clinical and administrative purposes. In 2024, 9 in 10 hospitals integrated data from third-party technology to their EHR for at least one clinical purpose, whereas 83% of hospitals provided data from their EHR to third-party technology for at least one clinical purpose. We find parallels for administrative use cases with an equal number of hospitals (86% and 87%) integrating and providing data for at least one administrative purpose. However, we find that across all clinical and administrative use cases, most of this data sharing occurs via non-standards-based APIs (e.g. proprietary EHR APIs) and/or non-API-based methods (e.g. HL7 interface.) This means that despite broad data sharing between third-party technology and the hospital’s EHR for various clinical and administrative purposes, including remote patient monitoring, telehealth, prior authorization, and quality reporting, much of this is happening in a non-standards-based way. We also find differences in the amount of data sharing across clinical and administrative use cases. Hospitals are more likely to integrate data from third-party technology, like remote monitoring devices, than provide from the EHR back to the third-party device. Whereas, for the three administrative use cases, an equal proportion of hospitals provided data to and integrated from third-party technology. The data may show that for certain clinical purposes, hospitals may be larger consumers of data from third-party technology, such as notes from a virtual appointment or glucose data from a remote device.

As innovative  digital health technologies continue to emerge (including for those clinical and administrative use cases reported on in this brief), it is important to understand how they are able to integrate with foundational health information technology, like EHRs, that are deployed across nearly all hospitals nationwide. This brief’s findings show broad hospital usage of third-party technology and data sharing between those applications and the hospital’s EHR. However, while hospital EHRs broadly enable patient access to their health information via standards-based APIs, hospital EHRs are more likely to move data for clinical and administrative use cases between the EHR and third-party applications via non-standards-based and non-API-based methods. It is important for us to continue to monitor standards-based APIs versus other methods to better understand and measure the special effort involved with sharing data between the EHR and third-party applications – special effort the Cures Act interoperability provisions seek to limit to enhance health data interoperability. New policies and initiatives signal opportunities to build on this progress and bolster efforts to reduce special effort to access, exchange, and use electronic health information. Through the HTI-4 Final Rule, ASTP/ONC finalized new API criteria for prior authorization that enable standards-based methods for providers to submit prior authorization requests and for payers to route decisions with the intention that this be enabled in real-time.(8) The data above show that hospitals are actively integrating and providing data for prior authorization, and much of this is being done via non-standards-based and non-API-based methods. As HTI-4 described, these non-standards-based methods involve manual effort and limit automation of these tasks. These new API criteria, along with reciprocal requirements finalized by the Centers for Medicare & Medicaid Services (CMS) for health plans, can enhance bidirectional exchange for this purpose and reduce hospital effort to complete prior authorization tasks.(9) ASTP/ONC intends to continue to push forward API-focused strategies for information exchange and support ongoing efforts to reduce special effort to share data between EHRs and third-party technology.

Definitions

Interoperability: The ability of a system to exchange electronic health information with and use electronic health information from other systems without special effort on the part of the user.

Standards-based API: The application programming interface or API uses a standard or standards that provide known and consistent technical requirements to support data exchange and the content of the data being exchanged. ASTP/ONC requires the Health Level Seven (HL7) Fast Healthcare Interoperability Resources (FHIR) and ONC United States Core Data for Interoperability (USCDI) standards for the Standardized API for Patient and Population Services certification criterion.

Top 3 EHRs: The “Top 3” represent the three health IT developers with the most hospital clients. These developers are Cerner Corporation, Epic Systems Corporation, and MEDITECH. The market share determination is based on hospital responses to the 2024 survey.

Non-federal acute care hospital: Hospitals not owned and operated by the federal government (e.g. Veterans Health Administration) that provide short-term acute care to patients,

Small hospital: Non-federal acute care hospitals of bed sizes of 100 or less.System affiliated hospital: A system is defined as either a multi-hospital or a diversified single hospital system. A multi-hospital system is two or more hospitals owned, leased, sponsored, or contract managed by a central organization. Single, freestanding hospitals may be categorized as a system by bringing into membership three or more, and at least 25 percent, of their owned or leased non-hospital pre-acute or post- acute health care organizations.

Data Sources and Methods

Data are from the American Hospital Association (AHA) Information Technology (IT) Supplement to the AHA Annual Survey. Since 2008, ONC has partnered with the AHA to measure the adoption and use of health IT in U.S. hospitals. ONC funded the 2022, 2023, and 2024 AHA IT Supplements to track hospital adoption and use of EHRs and the exchange of clinical data.

The chief executive officer of each U.S. hospital was invited to participate in the survey regardless of AHA membership status. The person most knowledgeable about the hospital’s health IT (typically the chief information officer) was requested to provide the information via a mail survey or secure online site. Non- respondents received follow-up mailings and phone calls to encourage response.

This data brief reports results from the 2022, 2023, and 2024 AHA IT Supplements. The 2022 survey was fielded between July 2022 and December 2022, and the response rate for non-federal acute care hospitals (N = 2,541) was 59 percent. For the 2023 survey, fielded between March and August 2023, hospitals’ (N = 2,547) response rate was 58 percent. The 2024 survey was fielded from April to September 2024, and its response rate for non-federal acute care hospitals (N = 2,253) was 51 percent. A logistic regression model was used to predict the propensity of survey response as a function of hospital characteristics, including size, ownership, teaching status, system membership, and availability of a cardiac intensive care unit, urban status, and region. Hospital-level weights were derived by the inverse of the predicted propensity. Missing responses were removed from the sample for all weighted averages. This includes hospitals located in the state of Missouri, which did not receive questions relating to API use during the 2024 fielding.

Data Availability

The complete 2024 American Hospital Association IT Supplement data is available from the American Hospital Association (AHA): https://www.ahadata.com/aha-healthcare-it-database. If you have questions or would like to learn more about the data source or these findings, you may contact ASTP_Data@hhs.gov.

References

1. Gabriel MH, Richwine C, Owusu-Mensah P, Strawley C. Health IT-Enabled Patient Engagement Capabilities Among U.S. Hospitals: 2024. Office of the Assistant Secretary for Technology Policy. Data Brief: 79. August 2025.
2. Barker W, Maisel N, Strawley CE, Israelit GK, Adler-Milstein J, Rosner B. A national survey of digital health company experiences with electronic health record application programming interfaces. J Am Med Inform Assoc. 2024 Apr 3;31(4):866-874. Available from: https://academic.oup.com/jamia/article/31/4/866/7590608.
3. Barker W, Johnson C. The ecosystem of apps and software integrated with certified health information technology. J Am Med Inform Assoc. 2021 Oct 12;28(11):2379-2384. Available from: https://pmc.ncbi.nlm.nih.gov/articles/PMC8510286/.
4. Strawley C., Everson J., Barker W. Hospital use of APIs to Enable Data Sharing Between EHRs and Apps. Office of the National Coordinator for Health Information Technology. Data Brief: 68. 2023.
5. United States of America. H.R. 34 – 21st Century Cures Act. [Internet]. Washington D.C.: Congress.gov; 2016 [2023 Apr 17]. Available from: https://www.congress.gov/bill/114th- congress/house-bill/34.
6. 21^st Century Cures Act: Interoperability, Information Blocking, and ONC Health IT Certification Program Final Rule (85 FR 47099). 2020. Available from: https://www.federalregister.gov/documents/2020/08/04/C2-2020-07419/21st-century-cures-act-interoperability-information-blocking-and-the-onc-health-it-certification.
7. Richwine C. Individuals’ Access and Use of Patient Portals and Smartphone Health Apps, 2024. Office of the Assistant Secretary for Technology Policy. Data Brief: 77. June 2025.
8. Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals (IPPS) and the Long-Term Care Hospital Prospective Payment System and Policy Changes and Fiscal Year (FY) 2026 Rates; Changes to the FY 2025 IPPS Rates Due to Court Decision; Requirements for Quality Programs; and Other Policy Changes; Health Data, Technology, and Interoperability: Electronic Prescribing, Real-Time Prescription Benefit and Electronic Prior Authorization Final Rule (90 FR 36536). 2025. Available from: https://www.federalregister.gov/documents/2025/08/04/2025-14681/medicare-program-hospital-inpatient-prospective-payment-systems-for-acute-care-hospitals-ipps-and.
9. Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Advancing Interoperability and Improving Prior Authorization Processes for Medicare Advantage Organizations, Medicaid Managed Care Plans, State Medicaid Agencies, Children’s Health Insurance Program (CHIP) Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally-Facilitated Exchanges, Merit-Based Incentive Payment System (MIPS) Eligible Clinicians, and Eligible Hospitals and Critical Access Hospitals in the Medicare Promoting Interoperability Program Final Rule (89 FR 8758). 2024. Available from: http://federalregister.gov/documents/2024/02/08/2024-00895/medicare-and-medicaid-programs-patient-protection-and-affordable-care-act-advancing-interoperability.

Acknowledgments

The authors are with the Office of Standards, Certification, and Analysis, within the Office of the Assistant Secretary for Technology Policy (ASTP). The data brief was drafted under the direction of Mera Choi, Director of the Technical Strategy and Analysis Division, Vaishali Patel, Deputy Director of the Technical Strategy and Analysis Division, and Wesley Barker, Chief of the Data Analysis Branch.

Suggested Citation

Strawley C, Barker W. Hospital Use of APIs to Enable Data Sharing between EHRs and Third-Party Technology. Office of the Assistant Secretary for Technology Policy. Data Brief: 81. February 2026.

Appendix

Appendix Table A1: Survey questions used to define data sharing functionalities, 2024.

Question Number and Text	Response Option
Patient Access
4. Are patients who receive care provided by your hospital or outpatient sites able to do the following:   f. Access their health/medical information using applications (apps) configured to meet the application programming interfaces (API) specifications in your EHR   g. Access their health/medical information using applications (apps) configured to meet Fast Healthcare Interoperability Resource (FHIR) specifications	Respondents were prompted to select all that apply among the following options: 1. Yes, at some or all inpatient sites 2. Yes, at some or all outpatient sites 3. Not across outpatient or inpatient site(s) 4. Do not know
Patient Generated Health Data (PGHD)
4. Are patients who receive care provided by your hospital or outpatient sites able to do the following:   h. Submit patient generated data (e.g., blood glucose, weight) i. Submit patient generated data (e.g., blood glucose, weight) through apps configured to meet FHIR specifications	Respondents were prompted to select all that apply among the following options: 1. Yes, at some or all inpatient sites 2. Yes, at some or all outpatient sites 3. Not across outpatient or inpatient site(s) 4. Do not know
Use of Apps and APIs for Data Sharing and Information Access
Clinical Use Cases
24. Through what method(s) does your hospital directly integrate data for clinical purposes into your EHR received from third party technology (e.g., app, website, or medical device) for the following uses?   a. Patient monitoring devices b. Telehealth visits c. Clinical decision support d. Population health e. Other	Respondents were prompted to select all that apply among the following options: 1. Standards-based API 2. Other method(s) (e.g., proprietary EHR APIs, HL7 interface) 3. Do not receive or integrate data for this purpose 4. Do not know
25. Through what method(s) does your hospital provide data for clinical purposes from your EHR to third-party technology? (e.g., app, website, or medical device) for the following uses?   a. Patient monitoring devices b. Telehealth visits c. Clinical decision support d. Population health e. Other	Respondents were prompted to select all that apply among the following options: 1. Standards-based API 2. Other method(s) (e.g., proprietary EHR APIs, HL7 interface) 3. Do not receive or integrate data for this purpose 4. Do not know
Administrative Use Cases
26. Through what method(s) does your hospital directly integrate data for administrative purposes into your EHR received from third-party technology? (e.g., app, website, or external system) for the following uses?   a. Scheduling/Intake b. Prior authorization c. Quality reporting and management d. Other	Respondents were prompted to select all that apply among the following options: 1. Standards-based API 2. Other method(s) (e.g., proprietary EHR APIs, HL7 interface) 3. Do not receive or integrate data for this purpose 4. Do not know
27. Through what method(s) does your hospital provide data for administrative purposes from your EHR to third-party technology? (e.g app, website, or medical device) for any of the following uses and by what method?   a. Scheduling/Intake b. Prior authorization c. Quality reporting and management d. Other	Respondents were prompted to select all that apply among the following options: 1. Standards-based API 2. Other method(s) (e.g., proprietary EHR APIs, HL7 interface) 3. Do not receive or integrate data for this purpose 4. Do not know

Appendix Table A2: Write-in responses for “Other” clinical and administrative use cases, 2024.

Integrating Data from Third-Party Technology for Clinical Purposes
Patient and physician education	13
Radiology, Lab & Anesthesia/Optime	7
Critical Diagnostic Results	4
Immunization State registry query response	3
Imaging	2
Providing Data to Third-Party Technology for Clinical Purposes
Radiology, Lab & Anesthesia/Optime	7
Census, patient demographics for custom apps, orders for custom and vendor apps	3
Copernicus (Transplant)	2
Imaging	2
Interfaces	2
Integrating Data from Third-Party Technology for Administrative Purposes
Salesforce Contact Center	19
RTE	4
Care management – Cerner HealtheIntent	2
Prescription drug coverage	2
Providing Data to Third-Party Technology for Administrative Purposes
Salesforce Contact Center	19
Financial reporting	13
Security, auditing, regulatory	12
Census, provider information, patient demographics for custom apps	3
Care management – Cerner HealtheIntent	2
Portal	2
Release of information; admission eligibility	2