VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

API First, beyond "portal first", for Electronic Health Records

This week, ProgrammableWeb has a very interesting article by Martin Brennan about how Electronic Health Record (EHR) portals are moving to use APIs. He quotes a Health Data Management story which says that:
"If the proposed Stage 3 Meaningful Use rule is finalized in its current form, application programming interfaces (APIs) could supplant portals as the preferred method adopted by providers to enable patients to “view, download and transmit” their health information."
http://www.itnews.com.au/CXOChallenge/404377,apis-rivets-for-the-composable-enterprise.aspx/0

This can be seen as part of the overall movement to an "API First" orientation. EHR began by being "Portal First". But, as Martin Brennan explains, an API First approach enables more innovation by empowering developers to use the patient data.

Of course, security and privacy are never far from mind in this discussion. Once EHR data is enabled via APIs, it's important to ensure that only authorized clients can see their own data. Sophisticated "dynamic authorization" rules can be applied, such as "only the patient can access their own data, unless they are under 18 in which case their parents or guardians can also access the data". An API Gateway is ideally suited to enforcing these types of dynamic authorization policies.

In APAC for example, the Axway API Gateway technology has been deployed as part of a personally-controlled EHR architecture. This is smart since it allows security to be applied at the API layer. Brant DeBow at Mobile Surge explains the security benefits of "API First" well:
"...focusing on APIs bring additional security benefits. With an API, you are separating different layers of your app. There’s a whole host of security issues that can sneak in when the UI is directly coupled back to core functionality."
http://themobilesurge.com/post/102891669120/why-ctos-need-to-think-about-apis-before-websites
So it is with EHR portals. By focusing on the API, you not only enable innovation, but you also have a point to apply security. I look forward to EHR moving more and more to being truly "API First".

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.