CARIN Code of Conduct

CARIN Code of Conduct

In July 2021, the Centers for Medicare & Medicaid Services (CMS) began enforcing key components of the Interoperability and Patient Access final rule – one of several federal initiatives aimed at accelerating the ability for individuals to access personal health information via applications that leveraging  HL7® FHIR® application programming interfaces (APIs). CMS provided an option for payers to implement an attestation framework asking developers to describe the data practices and privacy provisions of the applications that are connecting to the HL7® FHIR® APIs.

In response to this, we collaborated with the CARIN Alliance to bring both the CARIN Code of Conduct and DirectTrust criteria review process together as a new accreditation program – CARIN Code of Conduct for Consumer-Facing Applications (CARIN-CFA).This program enables health plans, health systems, EHR vendors, implementers of HL7® FHIR®-based APIs, and third-party app developers to demonstrate their support of secure consumer access to health data. 

This new voluntary program builds on the CARIN Code of Conduct for Consumer-Facing Applications already established self-attestation approach but is not required by CMS or CARIN. Through this program, stakeholders are now able to promote adherence to the industry’s highest standards and best practices while protecting the security, privacy and confidentiality of their patient data.

Criteria for the CARIN Code of Conduct for Consumer-Facing Applications is available on our Criteria Page. To begin the application process for this program, please complete the application form.

Also, are you looking for hands-on support to help you through the pre-assessment steps, readiness planning process and more? Learn about our Consulting and Advisory Services which have been designed to provide additional guidance in completing the CARIN Code of Conduct for Consumer-Facing Applications.