HITInfrastructure

Networking News

Healthcare API Management Solutions Grow with Interoperability

Healthcare API management solutions are growing as more organizations are embracing APIs for interoperability efforts.

Source: Thinkstock

By Elizabeth O'Dowd

- The application programming interface (API) management market is expected to grow at a CAGR of 34 percent from 2016 to 2021, according to a recent Markets and Markets report.

Report authors stated that the main forces driving API management market growth are the growing demand for private and public APIs, the growing popularity of web APIs, and the increased number of mobile device users.

APIs are critical to healthcare organizations sharing data between apps. The API allows developers to borrow information from other applications to build other apps, which makes the development process much faster.

An API is an interface that allows unrelated software programs to communicate with one another. They act as bridges between two applications, allowing data to flow regardless of how each application was originally designed.  

For applications that function by pulling a constant stream of data from one or more sources, an API is especially important to decrease development time and save storage space on endpoint devices. It is also beneficial to overcome any differences in the standards or programming languages used to create the data that lives at either end of the bridge.  

Currently the healthcare industry lacks a standardized way to share data between EHR systems, which causes compatibility issues when organizations are trying to integrate data sets using different formats.

“There’s no such thing as one set of data that gives you everything you need in one single format,”  Geisinger Health Chief Data Officer Dr. Nicholas Marko told HealthITAnalytics.com.  “There will always be information coming from a number of different places, and there will always be a need to work with systems that handle that.”

APIs are being developed to simplify interoperability to provide healthcare professionals and users with data more efficiently because APIs are the points of communication between systems.

HL7 is currently developing the Fast Healthcare Interoperability Resource (FHIR) data standard, which provides a standardized way to aggregate and merge patient health data from separate data sources.

While APIs are necessary for future interoperability efforts, organizations are still hesitant about fully utilizing APIs due to security concerns.

report released earlier this year by the API Task Force, along with the Health IT Policy and Standards Committee, outlines security concerns APIs bring to healthcare.

"There are fears that APIs may open new security vulnerabilities, with apps accessing patient records 'for evil', and without receiving proper patient authorization," stated the report. "There are also fears that APIs could provide a possible 'fire hose' of data, as opposed to the 'one sip at a time' access that a web site or email interface may provide."

Considering how public, consumer-facing APIs function, the concerns raised by the report are valid. There is the risk of users gaining access to too much data instead of just the data they need.

Even if the user is not “evil,” authorized users accessing a wealth of data they do not need is still a security risk and may violate HIPAA privacy regulations.

The report found that when properly secured and managed, the benefits of APIs outweigh the risks. Several organizations testified their properly managed APIs provided better security than legacy or proprietary integration technology.

Well-managed healthcare API exchanges usually include authentication, authorization, encryption, and signatures to ensure secure connections.  

The API Task Force report touches on APIs and HIPAA regulations, particularly focusing on patient-directed API technology. While managed APIs are secure, the risk factor rises when patients are accessing PHI without knowing the risks associated using unauthorized means to access health data.

Healthcare organizations using APIs will need API management solutions as the patients gain more access to their health information.

Future initiatives such as healthcare blockchain that put the patient at the center of their personal health information will see much more engagement of PHI from outside the network. API management solutions will evolve to deal with these issues as APIs become more standardized across the healthcare industry.