Twenty years ago, technology consultants started advising CIOs to build less. That’s when the movement towards Commercial Off the Shelf (COTS) began.
Today, there are many shops, especially those in small and medium-sized organizations, with few programmers who build new applications from scratch.
Yes, they have programmers who configure, script, and integrate various applications but very little is built. For the provider community, we have a habit of either sourcing our needs from our Electronic Health Records (EHR) application vendor or buying a “best of breed” application from a niche vendor.
Moving to Software as a Service (SaaS) has even reduced the dread of upgrades. No doubt buying commercial software has enabled all of us to have access to better solutions and in some cases, may have reduced the ongoing run rate. Still, it means technology costs have gone up and a lot of our technology goals have not been achieved.
For example, interoperability remains a point to point problem. ONC and CMS are still pushing to remove barriers to interoperability and have mandated data exchange with penalties.
CIOs are struggling with the realities of constraint budgets where new programs are starving while dollars go to pay maintenance, integration costs associated with prior purchases (e.g. tech debt).
Then, in a year of the normal pull-and-tug between maintaining current and delivering new systems, COVID-19 arrived and our planning fell short. Technology teams were challenged as never before. They suddenly needed to:
– Enable teams to work from home – even teams who have never worked remotely.
– Stand up telehealth solutions in days – not months.
– Find a good external data source with statistics to integrate and then discover a newer, better source days later.
– Provide real-time updates on the availability of hospital rooms to leadership.
– Provide rapidly evolving guidance to patients on admissions changes, new requirements for entrance to facilities reduced access to admitted patients.
– Be a trusted, consistent source of guidance to reduce the spread of the disease.
This was all new, unplanned work. Work that took resources from other budget areas and other teams. Work that didn’t always meet our aim for better patient care or patient experience.
For example, we saw some providers advertising the availability of telehealth services but requiring a patient to call their primary care doctor to schedule instead of requesting an appointment online. Then due to staff shortages, the patient would land in voice mail, further delaying access to care.
Patients needing tests have been told to get an order from their physician. The truth is telehealth isn’t integrated and isn’t part of our daily processes.
The story here is the emergence of an unsung hero you can’t find on the nightly news: our IT Teams. We need to arm this group of heroes with better tools. Tools where delivery of new programs, updates to existing processes and integrating new data from external sources can be done in days, not months.
Did your clients link to external data sources such as John Hopkins? Did they need to enable test sources from new partners? Did they need to build new mobile applications to integrate workstations in parking lots and third-party locations?
New approach – Low-Code
Today’s challenges require a new approach that is “low-code.” Low-code is shorthand for an application development environment that is primarily visual and uses simple declarative statements to create applications. The primary goal of low-code is to accelerate program delivery.
This is surely a goal for every healthcare technology team. As enterprise clients embrace low-code, they can ensure readiness by putting these building blocks in place so clients can realize the promised value:
– Authentication Management through APIs (OAuth)
– Standardized access through APIs
– Management and Monitoring
In preparation for the adoption of a low-code application platform (LCAP), it is essential to assess the adoption of authentication best practices.
The technology landscape now spans on-prem, private cloud, and public cloud solutions requiring a standardized, tokenized approach to authentication. Without this, security processes will inevitably fall short of the CISO’s goals or will require additional manpower to monitor and maintain.
OAuth is the building block
Given the number of vendors, environments, and the velocity of human interactions (non-employee clinicians, temporary resources of all types, patients, etc.), OAuth is the building block for scalable secure authentication. OAuth is a delegated authentication framework that replaces the need to send credentials in program calls (APIs).
It has been required by CMS for the interoperability rule as a foundation for data sharing. If you haven’t, invest in a centralized identity management system and move to use OAuth to authenticate service and access requests. Standardizing authentication is foundational. Do it before selecting a low-code vendor.
LCAP platforms deliver a variety of methods to access data from other applications. Typical integration patterns include files, database calls (ODBC, JDBC, etc.), and scripting.
Now is the time to adopt API-First and design thinking. Stop building point-to-point integrations – the velocity of LCAP will result in a proliferation of connection methods if interfaces are not standardized.
Using APIs – fast delivery
Using APIs will enable faster delivery and better performance. Providing a set of standardized interfaces that meet the needs of consumers (a fundamental goal of API-First) will reduce test time, production breakage, and upgrade complexity. Don’t wait.
Doing APIs right requires a culture shift – slapping an API on an enterprise application is not the goal. Delivering APIs that drive consumption and adoption by citizen developers and go-to-market programs will power user experiences that truly do more with less.
Management and monitoring
Last but not least is the management and monitoring of your new agile applications, especially the application interactions with your core enterprise applications and external integrations. We have all seen it, a new program or upgrade is delivered, and performance slows to a crawl.
Monitoring and metering access (limited access to X number of calls per time period) is essential to proactively prevent coding errors and shield your client from bad actors. Knowing who is accessing what, and how the load varies, is necessary to achieve the goals of delivery velocity and efficient use of resources.
API Management vendor leaders include policy engines, management, and embedded analytics in their gateways to protect and scale service integrations.
Better, faster, cheaper is our mantra (once again, some of us mutter under our breaths). Adopting low-code will accelerate delivery and help us meet the demands of the new normal.
LCAP demands standardized authentication, application program interfaces (APIs), and secure, monitoring gateways to accelerate adoption while protecting and securing enterprise resources.
About Ruby Raley
Ruby Raley is VP of Healthcare and Life Sciences at Axway. Axway empowers customers to compete and thrive in dynamic marketplaces using hybrid integration solutions to better connect their people, systems, businesses, and digital ecosystems. More than 11,000 organizations in 100 countries rely on Axway to solve their data integration challenges.