Accessing and utilizing health data used to be a challenge for Medicare beneficiaries.
The original Blue Button system was developed before FHIR implementation. It struggled to handle large amounts of data and convert it into usable formats. This made it difficult for beneficiaries to share their health information with providers and other trusted parties.
FHIR implementation is a key topic in the health IT space. Through it, data can be standardized and made interoperable between disparate systems.
Better access to health data:
This leads to better service recommendations and health outcomes.
For Blue Button 2.0, we focused on developing a secure, FHIR-based API that allows beneficiaries to connect their Medicare data seamlessly with various applications and services.
We rapidly transformed CMS's Blue Button 2.0 prototype into a secure, production-ready system. Our initial focus was on quickly bringing the existing Blue Button 2.0 prototype to a production-ready state. We achieved this in under 7 weeks.
This allowed beneficiaries to start benefiting from the enhanced functionality as soon as possible.
We developed a FHIR-based API to ensure interoperability and streamline data exchange. By implementing the FHIR standard, we ensured that the Blue Button 2.0 API could seamlessly integrate with various health IT systems. This enables easier data sharing and reduces the need for manual data entry.
To achieve this, we collaborated closely with the Chronic Conditions Warehouse (CCW) team to understand, map, and transform data. The CCW is a large-scale repository of unstructured Medicare and Medicaid data. Researchers use it to:
The Blue Button API needed to be able to make calls into the CCW and return data according to HAPI FHIR specifications (a Java FHIR implementation).
We also collaborated with other CMS teams to identify cross-system dependencies and understand developers' integration needs. We then validated the retrieval and presentation of data according to FHIR standards, refining our solution based on user feedback.
We fostered developer adoption by creating a robust developer community and providing comprehensive support. To encourage the development of applications that utilize the Blue Button 2.0 API, we built a dedicated developer portal, Sandbox environment, and support channels. These included:
This resulted in over 6,400 developers registering in the Sandbox environment. AI usage also exceeded CMS's annual goal by 400%.
We prioritized security to safeguard beneficiary data. We implemented strict security measures to ensure the privacy and protection of sensitive health information. This includes a cloud encryption gateway and Developer Portal. We also used OAuth 2.0 standards for role-based identity management and included rigorous security audits.
For secure mobile functionality, we implemented a native OAuth extension called Proof Key for Code Exchange (PKCE). This enabled mobile users to securely authorize third-party applications to use their data from their phones.
To further protect beneficiary data, we used FHIR Extensions in our API responses. This meant highly sensitive data (e.g., social security numbers) was not provided by the API at all.
These efforts ensured Blue Button 2.0 adherence to FHIR, OAuth 2.0, PII, PHI, and CMS security compliance standards.
We built a strong technical foundation to support scalability and long-term growth. We automated processes, supporting Continuous Integration/Continuous Deployment (CI/CD). To automate deployment processes and cloud infrastructure, we used:
We also automated tests to run against third-party applications.
To improve availability while managing costs, we used Amazon EC2 Auto Scaling. We also used Elastic Load Balancing to improve availability and performance. With this approach, we were able to automatically distribute incoming API requests.
Our open-source, API-first approach to development supported OAuth 2.0 and FHIR implementation. This resulted in a scalable, secure, and sustainable system.
We improved deployment speed with agile process improvements. Our work on the Blue Button 2.0 program didn’t just involve technical enhancements and FHIR implementation. We also helped guide CMS on their journey from a waterfall-style management approach to a more agile development process.
To make this shift smooth, we focused on building trust and uniting stakeholders around a series of quick wins. At the same time, we implemented a hybrid approach that combined waterfall, SAFe, and Scrum.
We mitigated issues and dependencies through coaching, constant communication, and continuous goal alignment. This collaborative approach involved:
This collaboration ensured successful stakeholder management and project delivery. It allowed us to build strong relationships across CMS. It also led to full support from the CMS leadership chain.
With this collaborative approach, we delivered consistent value on a tight schedule. This allowed us to rapidly deliver the FHIR implementation, data, security, and development services CMS required.
The Blue Button 2.0 team was recognized with:
This announcement was published independently of the Centers for Medicare & Medicaid Services (CMS). This release does not constitute or imply an endorsement by CMS or the United States Government of the product, process, or service, or its producer or provider. The views and opinions expressed in any referenced document do not necessarily state or reflect those of CMS or the United States Government.