Skip to main content

The case for healthcare-specific APIs

(Image credit: Image source: Shutterstock/Wichy)

Thanks to APIs, developers aren’t expected to reinvent the wheel every time they need their software to perform a certain task. If a developer wants an app to utilise a device’s camera, for example, she can rely on the manufacturer’s camera API instead of having to code a new camera program. In short, APIs let different forms of software play nicely with one another.

In healthcare, APIs have the potential to make life easier for everyone by making information more accessible. With rising consumer expectations and the increasing use of mobile devices, a web portal as the sole point of electronic access just isn’t cutting it anymore. Of the 52 per cent of patients who were offered access to medical records via a patient portal in 2017, only 28 per cent took advantage of it, according to the Office of the National Coordinator for Health Information Technology.

Powered by APIs, a growing number of health apps and services are making it easier for patients to access healthcare information. In some cases, patients can even collect and record data about their own health. For example, patients with diabetes can record blood glucose levels each time they test, giving doctors a wealth of information when it comes time to make a diagnosis. APIs can also make recording data to electronic health records easier for physicians and drive efficiency improvements in a healthcare environment.

The advantages of APIs

Almost every hospital has at least partially implemented an EHR system — 99.1 per cent, according to one study, which is up from just 33.6 per cent in 2003. But when patients change doctors or visit different healthcare providers, information often has to be mailed or faxed. Sure, faxing was a ground-breaking technology when it emerged in the 1840s, but patients and doctors agree that it’s time to move on. If EHR vendors would open up their systems and allow APIs to connect them, physicians could begin to realise their goals of mobility and interoperability.

Currently, physicians are forced to use desktop devices to access patient records. With the mobility enabled by APIs, they could rely on mobile devices such as tablets and smartphones to pull patient information as needed, whether the doctor is at work, at home, or at a conference across the globe. Increased interoperability would eliminate the current difficulties of patient data exchange and make the process more seamless, presenting healthcare providers with a more complete picture of each patient’s health.

When combined with cloud-based servers, APIs can yield a few additional benefits. First, they allow for more agile development because plugging in APIs saves developers valuable time, both immediately and down the road when it’s time to update an app. Plus, operating in the cloud means improved security because providers don’t have to worry about physical breaches like they would with on-premise solutions. In fact, a survey from Gartner indicates that the 60 per cent of enterprises that took appropriate cloud security measures in 2018 were expected to fall victim to one-third fewer security lapses.

Finally, APIs can enable a deep analysis of healthcare environments in a way that helps decision makers improve efficiency and cut overhead costs. By plugging machine learning software into billing, EHRs, and administrative data like patient and physician scheduling, healthcare providers can gain valuable insights about the best way to deploy resources in order to improve patient outcomes and eliminate waste.

For example, Amazon Comprehend Medical, the tech giant’s HIPAA-eligible machine learning software, is capable of extracting the most important information from what’s commonly a mess of patient records and doctors’ notes using natural language processing technologies — all powered by APIs.

Turning API ambitions into reality

To operate in full compliance with the rules and regulations of the healthcare industry, healthcare providers must have a business associate agreement in place that protects them from fines and HIPAA violations. There are excellent technology vendors out there that won’t sign a BAA — they shouldn’t be seen as potential partners.

Other vendors, such as the creators of the email API Mailgun, will sign a BAA. But even if a vendor signs a BAA, healthcare organisations must periodically check in with vendors to ensure the BAA is actually being upheld. Also, healthcare providers need to be aware of what the BAA covers.

Virtua Medical Group learned this lesson the hard way when Best Medical Transcription caused a breach. As a result, Best Medical Transcription was fined $200,000 by the State of New Jersey for violating HIPAA’s Security Rule, Privacy Rule, and Breach Notification Rule. It turns out that the medical transcription company violated its BAA with Virtua by improperly disclosing patients' health information. In the whirlwind of the breach and lawsuits, Virtua was also slapped with a hefty fine and agreed to take more stringent data security measures.

Because integrating with APIs isn’t always as plug-and-play as it’s meant to be, in addition to securing BAAs, healthcare organisations should also look for clear documentation and exceptional support to assist with an integration. The Office of the National Coordinator for Health Information Technology has released regulations standardising the creation of healthcare APIs. Approximately 82 per cent of hospitals have adopted the API standard, dubbed FHIR 2.

Testing the security of software integrations in a sandbox is standard practice, but be aware that things always change when they go live. Inform users when a rollout is going to happen, and conduct the rollout in phases in order to minimise the number of bugs that occur. All it takes is that one-off security patch for Internet Explorer 8 to rear its ugly head and mess with your beautiful integration. So test, test, and test some more.

International Data Corporation research suggests that one in four patients will have a “bring your own data” approach to healthcare by 2020. For healthcare providers to thrive in this brave new world of mobile EHR access and interoperability, they’ll need to have a slew of healthcare-specific APIs at their disposal. As patient expectations continue to rise, don’t be the one left holding the fax machine.

Hoala Greevy, founder and CEO, Paubox (opens in new tab)
Image source: Shutterstock/Wichy

Hoala Greevy is the founder and CEO of Paubox, the leading provider of HIPAA-compliant email API. Paubox’s email encryption works on any device without requiring additional apps, plugins, or logins.