APIs are becoming a huge part of how healthcare organizations provide better care to patients. But what about the security concerns with APIs?
Quality healthcare requires real-time, accurate information. When doctors, nurses, insurance companies, third-party service providers—and most of all, patients—have immediate access to information, care outcomes improve dramatically. Not only in the treatments patients receive, but also in how efficiently invoices and claims are processed.
The ability to deliver information quickly in order to coordinate patient care is largely dependent on Application Programming Interfaces (APIs). APIs are the “windows” that enable interoperability among information systems managed by individual entities across healthcare supply chains
Using APIs as part of electronic health records systems (EHRs) makes it easier for patients to access health information. APIs also help healthcare providers securely and efficiently share patient information with other providers and insurance companies. Here’s a quick look at some of the benefits APIs deliver:
- Patients get easy, efficient access to their personal data; this helps patients make informed decisions about their health.
- Doctors gain access to analytics to facilitate clinical decision-making on patient diagnoses and treatments.
- Providers and payers exchange patient information automatically to speed up the determination of coverage for procedures and medications.
- Researchers tap into detailed clinical and claims data to identify healthcare trends across patient populations.
Citing specific examples of healthcare APIs in action, mobile applications can gather data from wearable devices and add the data to patient records for review by their doctors. Patients can also share diagnostic information they manually collect with doctors—such as blood pressure, body temperature and photographs. Communicating info in real time as opposed to waiting until an office visit can be scheduled can help patients improve their health sooner.
APIs also help healthcare professionals improve care delivery. For example, when a physician uses an application to perform detailed visualizations and data analysis during physicals, they can provide instant feedback to patients. APIs can also make it easier for providers to share information with each other—such as a doctor from a hospital in California reviewing the medical history of a traveling patient by accessing the EHR system of the primary care provider in New York.
National Effort to Promote Healthcare APIs
Leading the nationwide effort in building a robust API ecosystem across healthcare supply chains is the Office of the National Coordinator for Health Information Technology (ONC), a division in the U.S. Department of Health and Human Services. The ONC is promoting the potential for Application Program Interfaces (APIs) to revolutionize healthcare data sharing and has adopted API certification criteria for electronic health records to enable access to health information for clinical and patient uses.
As part of this program, the ONC is making a concerted effort to educate providers, payers and patients on how APIs act as a doorway that lets people—if they have authorized access—gain access to EHR systems. The APIs work the same way on every device and operating system, and when they request data, the EHR returns data in a compatible format—such as JSON or XML—that works the same in all applications.
Because applications only need to know how to call APIs, the applications can access data from various EHRs without knowing how the data is stored within each EHR. This makes it easy for applications to combine data.
Addressing API Security Concerns
At the same time, the data access APIs provide also creates fears that healthcare systems may be opening themselves up to new security vulnerabilities. Access to patient records may be given without proper patient authorization. This is an understandable concern.
Healthcare APIs address the issue by using the secured Hypertext Transfer Protocol (HTTPS) as the transport technology. Many APIs provide additional levels of security by using authentication and authorization tools, such as OpenID Connect and OAuth 2.0. Because of these measures, well-managed APIs actually provide superior security compared to ad-hoc interfaces and proprietary integration technology. These existing standards along with the infrastructure and identityproofing processes are adequate to support patientdirected access.
Health data security associated with APIs will still warrant oversight, but they pose no greater a threat than any other technology. Part of the reason is that ONC regulations require EHR systems to utilize established security controls for APIs. The HIPAA Security Rule also helps healthcare providers and payers manage security risks by specifying they maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting health information.
A tool to help you take on the API security challenge is MOVEit Managed File Transfer from Ipswitch. The software provides healthcare organizations with visibility and control over all file transfer activities with other healthcare organizations and patients.
Simplifying Interoperability Provides Information More Efficiently
Healthcare organizations creating interoperability—among internal applications, EHRs, and other data exchanges—are increasingly turning to APIs to manage the flow of information between disparate systems. Taking this approach will become vital as the transition to value-based care, population health management, and care coordination makes it mandatory to access to actionable insights at the point of care.
APIs also ensure electronic health record data is accessible to authorized care givers and patients while remaining protected from malware and outside threats. While, the different formats that various data sets use will make interoperability between apps challenging, leveraging APIs is critical for enabling healthcare organizations to access and share data—especially as IT infrastructures migrate to the cloud and digital transformations eliminate paper processes.
There will always be information to sync with from many different systems. Because APIs serve as the windows through which communications can occur between systems, they simplify interoperability and provide doctors, patients, and healthcare professionals with data more efficiently. And that can make the world a healthier place to be!
Greg Mooney
Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.