Decades of piecemeal and ad hoc development across thousands of siloed healthcare databases created the mother of all legacy integration nightmares. While off-the-shelf APIs can provide developers with instant access to databases, data formats and protocols in healthcare providers’ legacy systems vary so much that interoperability of this data is a major challenge. How can we be sure that the John Smith listed in one database is the same as the John Smith listed in a dozen other databases?
It is this particular challenge—patient data interoperability and how APIs make sense of this messy data—that has been placed at the forefront of the U.S. healthcare system since its implementation 21st Century Cures Act April 2021. The landmark ruling gives every American the right to instant access to their medical data, which in turn will remove barriers to innovation in digital health services that can access this data on behalf of patients.
Given the fragmented nature of the U.S. healthcare system, and the siloed databases owned by numerous providers, insurers, and other stakeholders, high-level APIs are the only way to achieve the promise of the Cures Act.
But it’s not just the fragmented U.S. health care system that’s solving the problem. Public healthcare systems, including the NHS, face similar problems with data silos and ad hoc data standards.
Unfortunately, the adoption, development, and deployment of high-level APIs for this purpose has been slow. A variety of factors, from skills gaps and regulatory uncertainty to a lack of big-picture thinking, mean that most healthcare systems and providers have far from perfect solutions to this problem. However, the solution adopted by the API is within our grasp.
Increased adoption of global standards
Central to the successful adoption and widespread use of healthcare data APIs is agreement on international standards for data transfer. The International Standards Organization Health Level Seven International (HL7) has been developing this feature since 2012.is called Fast Healthcare Interoperability Resources (FHIR)which defines the data format and elements for exchanging Electronic Health Records (EHRs).
The first trial version of FHIR (r1) was in 2014 and the first normative version (r4) was delivered at the end of 2019. Since then, many government agencies around the world have fully supported FHIR, which has cemented this as the global standard for healthcare APIs.
This includes U.S. government agencies such as the Centers for Medicare and Medicaid Services, which require the use of HL7 FHIR as part of the Cures Act. In the public health system for all, the Brazilian Ministry of Health has embarked on a large-scale EHR interoperability project that will use HL7 FHIR as a common data standard.
What’s more, many private companies such as Apple, Amazon, and Google have now adopted the HL7 FHIR data standard when dealing with EHRs.
NHS also adopted and is being widely used Use this standard, for example in products developed by NHS Digital and digital health services provided by partner organisations.
Now that HL7 FHIR has begun to gain such widespread adoption in public health systems and the private sector, we are starting to gain a large number of organizations using the standard. By ensuring vendors are FHIR compliant before working with them, healthcare organizations can ensure a foundation for EHR interoperability.
Overcome security issues and vulnerabilities
While HL7 FHIR helps to accelerate API adoption and improve interoperability among healthcare providers, security concerns remain a stumbling block. According to IDC InfoBrief, more than 59% of healthcare services are concerned with security and regulations related to their APIs.
However, the most important factor for security in the FHIR era is identifying where the vulnerabilities lie and who is responsible for mitigating those risks. Recent research is beginning to inform this conversation.A sort of Learn Cybersecurity firm Approov found that while EHR holders had good security, third-party mobile apps and other digital health services were found to have “widespread systemic” vulnerabilities.
In other words, the digital health platform at the front end of the FHIR API ecosystem is currently the weakest link in the chain. But that shouldn’t stop policymakers from adopting the API.
In the context of the U.S. market, many of these platforms are currently outside the control of federal health regulators, but given the explosive growth of these services, specific regulation is likely in the medium term.
The situation in the UK is slightly different, as the NHS chooses which providers to work with and therefore which organisations have access to patient data, such as Recent partnership with Cerner Health records are provided via the patient’s smartphone. This means that specific security standards can be designed as part of the initial service agreement.
So what is the medium-term outlook for API adoption in healthcare? It’s all about growing up.Digital health companies have £15.7 billion has been raised ($21 billion) in 2021, far more than the previous year. By the end of 2022, any app that wants to interact with U.S. hospitals will need to legally have FHIR export capabilities, further driving the need for patient-friendly data sharing. This will be enabled by companies that are developing common APIs that can access data from any database, as well as a growing ecosystem of HL7 FHIR compliant record holders.
Going forward, API adoption will depend on efforts from every angle—such as healthcare organizations, IT experts, and regulators—to work together to support standardized API solutions and overhaul systems in desperate need of transformation.
Photo: bsd555, Getty Images
