The recent enforcement of new rules to encourage the freer flow of healthcare data mainly through application programming interfaces (APIs) has jolted providers and payers into action to meet interoperability standards.
However, the rush to comply with the new requirements and avoid penalties may blind them to the subtleties and complexities of healthcare contexts as well as the significant differences between building APIs in this space versus for enterprises.
As major investments in health tech companies show, APIs will be the future of health information exchange (HIE). These interfaces are emerging as the “backbone” of the digital health economy, with payers, providers, and healthcare technology companies expecting them to “become the glue that binds healthcare together”.
But if healthcare organizations do not take an industry-specific approach to API adoption, collective efforts to relieve the healthcare system of high administrative costs and information silos may suffer a setback.
To contribute to and benefit from the healthcare API market—which is globally estimated to be worth $277.4 million in 2021 and is expected to reach $390.9 million in five years—health IT developers need to take several facts into account while mapping out their API strategy.
1) APIs in healthcare are more complex than in enterprise.
While there is little daylight between the tech stack for developing digital solutions for enterprises and that used for healthcare companies, the process of developing an API solution for care providers can feel very different in practice.
One reason for this is that the API language in the realm of healthcare is not the same as in other sectors. Instead of jumping in and writing scripts using Python, developers must have knowledge of and experience with Fast Healthcare Interoperability Resources (FHIR), a standard for exchanging healthcare information electronically that aims to simplify implementation without sacrificing information integrity.
Another aspect that makes API building for healthcare players an uphill task is that the FHIR API is presently limited in its usability and lags behind the FHIR adoption curve across the industry.
One main challenge in the FHIR context is that the generic informational model does not support specific needs and there is usually a need to extend FHIR models to implement specific use cases. Another issue is that it could be complicated to use FHIR extensions and profiles, which are necessary to deal with specialty health data, due to their need for deep domain knowledge.
Furthermore, migration between FHIR versions can be complex as there is no backward compatibility for older versions up to v3. The lack of standardization around how APIs are implemented has also complicated the situation further. Migrating from legacy standards to FHIR can add complexity to the process, which may prevent the adoption of more modern standards, leading to disjointed and siloed systems.
Essentially, engineering APIs for enterprises is like building a generic, one-story house compared to creating them for healthcare, which is like constructing multi-level buildings with subterranean parking garages.
2) Privacy takes priority for APIs in healthcare.
Patients’ health information, as industry experts have warned, is not protected by healthcare data privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) once downloaded to a third-party app. The lack of regulation within third-party environments raises privacy and security concerns for patients and healthcare organizations alike.
This could prove a real headache, especially because the healthcare sector is already a prime target for cyberattacks and many providers are strapped for resources as a result of the demands of the coronavirus pandemic.
The industry saw an average of 187 million attacks per month worldwide in 2020, or about 498 attacks per organization each month, and is expected to fall victim to two to three times more cyberattacks this year than the average amount for other sectors.
Privacy concerns act as a brake on the growth of API-driven digital transformation, with hospitals, insurance companies, and health systems having cited security and privacy issues as the most formidable barriers to API adoption.
Prioritizing privacy over everything must be the paramount rule for all healthcare API builders. A security-first approach across infrastructure, apps, and data that includes accreditations such as those of the Electronic Healthcare Network Accreditation Commission (EHNAC) and HITRUST is essential to guarantee the security of the API and the patient’s privacy.
Healthcare entities also have to do due diligence when choosing a partner for building APIs to make sure they have extensive healthcare expertise and are capable of meeting relevant privacy and security standards. As it is said, “you can have security without privacy, but you can’t have privacy without security.”
3) API testing for healthcare can be more difficult.
Testing of APIs is necessary to ensure they work properly as specified, determine that the type of technology being used is safe and reliable, and to reduce the chance of regressions between code merges and releases.
However, it is tricky to replicate real-life data flow in test environments given the complexity of healthcare data systems, the sensitive nature of health data, and the challenge of coordinating tests among the different parties involved.
To determine a method of testing healthcare APIs that can provide accurate downstream results, developers need to understand and test the flows and use test doubles—which are software objects that mimic the behavior of a real software dependency in a controlled way—for dependencies.
They should make sure to focus on the most important problem to solve first rather than implementing all APIs at once in order to make testing easier.
In addition, healthcare organizations should be wary of the common misconception that there is no need to test APIs until there is a problem. Regular testing is uniquely important in this field to discover and remove contaminated data and maintain data accuracy and integrity.
The future of healthcare APIs
Industry stakeholders predict widespread usage of APIs in healthcare by 2023 and are unanimous that they can help transform the sector and deliver a better patient experience.
Although these interfaces may seem like a panacea to many of the interoperability-related woes, they will not be able to fulfill their full transformative potential until best practices are put in place.
To overcome the obstacles to API adoption and to encourage it to evolve into an even more helpful tool, a multi-pronged effort on the part of all players—from the government to payers, service providers, and healthcare technology companies—is needed at all levels.
Gaining a deeper understanding of what sets healthcare APIs apart from those in other industries and leveraging the insights of expert API providers with profound knowledge of this space is a key step to powering a brighter future for the healthcare system.
About Anand Hirekatur
Anand Hirekatur is an Engineering Leader at Innovaccer, a leading US-based healthcare technology company. Innovaccer is working to connect and curate the world’s healthcare information to make it accessible and useful.