This week, Don Rucker MD, the National Coordinator for Health IT, proposed a healthcare API economy. This is something that’s long overdue, especially in the USA, and shadows the changes that the banking sector, and before that the telecommunications sectors have gone through.

However, it has its own unique risks and challenges that need to be carefully considered as the move happens.

If you build healthcare APIs they might not come

One of the many challenges for the telecommunications sector was that they were slow to adopt the right technologies. The innovations they wanted to be part of ended up happening, but pretty much circumvented them entirely.

At a certain level that’s harder with healthcare, but there is a similar risk for market distribution, even within what is a very ‘staid’ sector.

Wait, that’s MY (healthcare API) data

Laws such as HIPPA make the sharing of data – even with permission – EXTREMELY challenging. This leads to two major risks. The first is an unintentional breach, where a huge amount of data is shared through an accidental hole in healthcare API security. The second is a hack.

Both of these can be dealt with. But it must be identified at the outset. For accidental problems, negative (and positive) API monitoring to check that things that should be reached, aren’t reachable, is essential – something that APImetrics leads the industry at.

For the second, we strongly recommend a secure and powerful identity server with AI-based hack detection, like the suite of products from our partners Ping Identity and their excellent Ping Intelligence product.

Creating dependency leads to risk

So, putting data and services online where they can be accessed more efficiently by insurance companies, hospitals, first responders and others is important. So important that it could lead to a revolution in American healthcare.

But it isn’t risk-free. When data is supposed to be available in an app or online service, people expect this to just work, no matter where they are – anywhere in the world. That requires a lot of thought about the architectures to be implemented, the quality of those architectures, and the API performance they support.

As always, we recommend to anybody moving into the healthcare API economy that they follow some simple rules from the outset. This way, they can avoid the kind of pain we’ve seen in banking, telecoms, travel, social networking and other sectors.

1) Build security in from the outset

2) Make the eco-system easy to use, remember the 3-30-3 rule – you have 3 seconds to be discovered, 30 seconds to make a call, 3 minutes to grasp the API

3) Build a sandbox (see rule 2!)

4) Make it secure and MONITOR the secure

5) Make it fast and MONITOR how fast it is from where the people building the apps and services are going to be

Healthcare API is a big step forward for US healthcare, following the work the NHS in the UK has been doing on this topic. But as we said, it isn’t risk-free, and the teams working on this need to really focus on the details.