The medical and health industry is one of the pioneers of adopting advanced technology both at home and abroad, because the stakeholders in the industry will be more close to the data and attach importance to the importance of data, so as to speed up the action on decision-making, in order to better the life expectancy of patients and improve the health of the social population. More importantly, the quality and availability of data are transparent enough to enable patient data centric models to play an important role in the healthcare industry.
According to the Stanford medical health trends report 2017, the amount of data captured by the healthcare industry has grown significantly over the past decade. This is because, for example, the government has adopted electronic medical record (EMR) platform, equipment (X-ray, MRI, CT, etc.) to digitize medical records, and ubiquitous personal health / fitness monitors (Intelligent wearable devices such as apple watch, etc.).
Next, we will discuss how to use the API Market (including a series of solutions later) as a solution to this problem. Through the API market, managers can safely or partially open these data (user’s privacy data and information protected by law are not included in the description), so that patients or medical institutions and citizens in the medical industry can access these data, so as to improve the efficiency of the medical health industry and realize the innovation of population health technology.
API Market as a solution
In today’s world, data platform has become the operation center of many different business systems, and API, as the data connector of the platform, plays a key role. All walks of life have begun to actively adopt the API priority system development method, which we can see clearly in the field of health care. A sound API market can solve the commercial problems of medical and health data. It will socialize with data users through API, so that they can get more information from data, so as to innovate products and technologies. API Market encourages medical institutions or pharmaceutical enterprises to think about how to better use and keep their legal research data, and provide medical data through high availability API plan, and then generate benefits.
From the reality, the API Market of the medical and health industry is mainly responsible for establishing the connection between medical data users and producers, and the ultimate vision of the corresponding solution is to establish an economy based on the API Market and guided by the legal transaction of medical and health data. In this economy, there should be a comprehensive API management platform, which provides the impetus for the API market concept, and the platform enables data suppliers to design, publish and manage APIs, while implementing security management, data application governance, collection and analysis.
Figure 1: solution architecture
With this solution, we can understand the overall needs of the healthcare IT field (there is a large part of data or API common use for other industries). When developers and managers of all products are using API based management solutions, data suppliers will publish the obtained legal data in the API market, and the enterprises in need will contact their interested API suppliers in the market at the same time; the API market has built an open and secure value exchange channel for suppliers and consumers, so that data consumers can To produce more valuable or potentially valuable products based on the data obtained.
Roles of each module in API Market
Figure 2: API Market role and data flow analysis
API producers:It refers to the designer, architect, developer, tester and publisher of API. Be responsible for defining the application scope of each API (internal use, external use, use restriction and use right). In the API production of large-scale medical projects, producers can come from different medical organizations or enterprises.
Platform owner:It refers to the maintenance and construction personnel of API market. They are responsible for the maintenance of API Market modules, promote collaboration among API users, and report consumer feedback to API providers in a timely manner. They are responsible for platform publicity, support and community building of the entire API market.
API users / consumers:It mainly refers to application development and innovators who are willing to use medical data and get value from it. At the same time, it may refer to health development projects, medical and health start-ups, transnational health organizations, hospital groups or governments, who are keen to improve the level of health care and provide better medical solutions for the industry.
Composition of medical and health API Market
Figure 3: components of the healthcare API Market
API management is the foundation of the platform, which includes the gateway, security, management, design release and analysis of API.
API gateway is the entrance of the whole platform, which is connected with the actual data back-end EHR system. It is closely related to the API security module. In addition, it will provide support services for the entire API management platform based on the information of security policy and token.
In view of the sensitivity of API data, strong management is needed in every stage of development, release and maintenance. Through the maintenance of API management system and platform managers, the use of API can be strengthened and controlled well, and good management strategies and use patterns are provided for managers.
Developers need to be able to continuously monitor, test and manage the published API after publishing the API. In addition to providing these functions, API management solutions should also be able to propose solutions and send alarm reminders against API call failure, sudden increase in response time or abnormal changes in API resource access mode.
In the proposed solution, we regard system integration and API management as two different necessary components. We need to think that integration components should be able to integrate with various medical and health systems through different protocols. After that, it also needs to transform and standardize the data to provide a unified interface for use. In the integration layer above the bottom, all data should be desensitized and anonymized according to the testing strategy set by the manager on the API management system. Of course, we can find many different technology stacks and frameworks to achieve this, such as Apache camel, Apache synapse, Apache servicemix, spring integration and ballerina, etc.
API management module consists of high-performance gateway for authentication key server, event processor for restriction and analysis, developer portal for API list and workflow engine for title management. Some popular open source products encapsulate these functions, including eolinker API manager, Goku API gateway, Kong API gateway and tyk API gateway.
The following figure shows the integration of the framework we have described and shows where these technical options can be used. This diagram is inclined to open source platform and other frameworks, which provides great flexibility for later platform development and function customization.
Figure 4: implementation architecture with technology options
In this implementation, API management system provides the functions of API life cycle management, including API use, management, commercialization, data security and routing API management, while API requests will be sent to the management platform through API gateway.
The scheme of the reference graph also considers the life cycle of the API – once a new API is released, the previous version must be discarded and all API subscribers will be notified. The API solution should be able to handle this problem through internal settings, so it should be able to associate with the corresponding operations in each phase of the API life cycle, as shown in Figure 5.
Figure 5: example API lifecycle view
The security of API is the primary consideration of the whole API management system. Although authentication and authorization are completed by key or token, the higher level rights should be authorized by the corresponding information of OAuth token. This information can be the validation of advanced user groups or the attribute judgment of data users, such as the user’s device or geographic location.
Figure 6: example of authorizing OAuth scope for API operation application
The API management platform should be able to control how data is exposed to third parties, such as allowing unrestricted access or restricted policies. At the same time, API management platform should also be able to limit the number and rate of requests.
Figure 7: example view of how to apply restriction policies to API subscriptions
API management system should provide users with a window where they can find, try and subscribe to all or part of the API. This portal will develop and innovate for products and developers through the data they get. This platform records the functions and use methods of each platform’s APIs, and at the same time allows managers to classify these APIs and push them to all users interested in this platform, so that they can integrate the interested APIs into their applications for a fee (or free).
Figure 8: sample view of a developer portal with the patient / provider fhir API
The analysis function of API management system provides the most common view of API usage data, and provides enough objective data for different users. For the platform maintainer, this can provide more information and information for the decision-making of upgrading planning of related technical equipment. The advantage is that API consumers can further understand the availability and importance of health data, while API providers can provide more data related to data collection.
Figure 9: example healthcare API analysis view
In the domestic API interface management tools, the platform and tool that can fully realize the whole process of API management and experience better is eolinker, while in foreign countries, such as postman and swagger, the functions of eolinker include interface document editing, API testing, automatic testing, API monitoring and control, API gateway and other functions, which can experience a complete API R & D program. If you want to talk about the difference, postman pays attention to testing and swagger pays attention to interface management. However, the English language of foreign countries is not very friendly to Chinese people, and eolinker is relatively more comprehensive, so you can learn about eolinker, postman and swagger if you have needs or interests.
In the above discussion, we simulated a simple scenario to demonstrate the practical use of the healthcare API market. Not only medical and health APIs, but all APIs can provide more value based on API management solutions. Data should never be closed. Only by making full use of the value of data itself and making it flexible in the hands of more institutions and entrepreneurs, can greater value be created. On the one hand, data providers can get more services, on the other hand, it can promote the development of service innovation.
One of the points worthy of attention is that we should pay more attention to the security of API while making effective use of API for service innovation and value innovation. With the development of society, the API economy will gradually be valued by people, and the management and use of API will play a greater role in the development of various industries.
Reference: sachini Samson, transforming the healthcare industry through API markets, https://dzone.com/articles/ap