This week on the HIPAA Vault Show, we talk about APIs and how to use Google Cloud APIs specifically for the healthcare industry.
More information: https://www.hipaavault.com/resources/hipaa-compliant-hosting-insights/tricorders-enterprise-and-api-gateway/
Want to learn more? Check out our Blog on Tricorders, Enterprise, And API Gateway!
Transcript:
Adam
Hello, and welcome to The HIPAA Vault Show, where we discuss all things HIPAA compliance in the cloud. My name is Adam Zenerdine, and I’m joined, as always, by HIPAA Vault Chief Technical Officer and Founder, Gil Vidals. Hey, Gil.
Gil
Hey, Adam. I’m ready to talk about APIs today.
Adam
Yeah, I can’t wait to get stuck into this. If you’re watching for the first time, please do subscribe and like this episode and also check out a couple of other episodes on HIPAA compliance in the cloud. We really appreciate it. So last week we talked about healthcare. It professional skills. And this week, like Gil said, we’re going to talk about using APIs, and in particular, what Google Cloud has in terms of API management offering and how that relates to healthcare and HIPAA compliance. So just a quick intro. When it comes to healthcare, APIs are super important for smooth data sharing, device integration, and making patient care even better. And guess what? Google Cloud has some awesome solutions specifically designed for healthcare data sharing. Today, we’re going to dive into these solutions and see how they can be used. So let’s get started. Gil, just to kick us off, what is an API?
Gil
Well, it’s good to start right at the beginning. Okay? So the way I want to describe this, because it is highly technical, and I know some of our audience is technical, so just hang in there. But the audience that we have, that’s non technical. I want to describe this in a good way for you to imagine what this looks like. So in our modern world, where you have EHR EMR platforms, and then those platforms usually want to integrate with some other platform, like maybe an accounting one, or maybe there’s a plugin to EHR. I mean, who knows? But there’s all this software and platforms all over the place in the cloud. So essentially what happens is, if you have platform A, by platform, I mean some software in the cloud and you want to marry it or attach it to another platform, then you need to build a tunnel between the two where data can go both directions, right back and forth.
Gil
And there are these bridges that you want to build, and you want to make them secure. You want a good tunnel. You want data flowing through securely. So the way this is done is through these APIs application programming interfaces. So this is how two software packages talk to each other. So just think about that. Again, even if you’re not technical, it’s really important you grasp these concepts, because when you do talk to your developers, you’re a technical team. You want to be in the know. And the next time you have a project and you’re talking to your team and you say, hey, we want to bring in this new software package and we want it to communicate to our EHR EMR or what have you, then, you’ll know, to use the term API. And they’ll go, oh, yeah, there’s an API. This new vendor we just signed up.
Gil
They have this API. And you’re like, perfect. So that’s what they are. And of course, for HIPAA compliance, you want to make sure it’s a secure API, that they have all the security needed. Okay.
Adam
And you mentioned EHR integration there. What are some of the typical uses that we see in healthcare for APIs?
Gil
Well, so you’re sharing patient information, right? So EHR holds the health records. And so there could be a lot of times there’s medical devices that are needed that are used in a hospital. And then you want the data from that medical device to go out and into some other software platform. So to get the data out of that device and into the software platform, you want to use the API for that. That’s an example. Yeah. Let me give one concrete example. So one of our clients has robotic surgery, and they film during the surgery, they’re filming the actual surgery of the robot doing the surgery. And so the data that’s being videoed is protected health information. And it’s like, okay, you have video on this device. How do you get that data out into the cloud, into another software platform where the doctor can go watch the video?
Gil
So that’s where you perfect case, perfect example of where you want to enable an API, a secure bridge.
Adam
Okay, cool. And how does this relate then? You mentioned cloud there. What does Google Cloud specifically have to offer for API?
Gil
Well, there’s a service in Google Cloud in particular, Adam, that’s called Apigee, which is a great name. Apigee, API, and then gee, and the Apigee service is what Google offers for management and security of the APIs. And there’s also an API gateway. I think you were reading a little bit about that, one of the ones that you are more familiar than I was, I believe.
Adam
Yeah. So I think with Google Cloud, from our research, and specifically when we’re advising customers as a managed service provider, apigee is one like you mentioned, and Apigee has a lot of capabilities for managing APIs, specifically on the enterprise end, API Gateway is more ideal for small to medium sized businesses as well as startups. It’s basically a fully managed service for serverless workloads. It allows you to package them, not to get too technical here, but restful and routing traffic to multiple backends. So API gateway offers a little bit more functionality on the small to medium size, whereas Apigee is often used on the enterprise side, which we’re often seeing with a lot of customers. A third one is Cloud healthcare API, which Google has dedicated a lot of time into, and that really focuses on healthcare. It enables interoperability across data sources, specifically in healthcare, like healthcare formats, data formats like HL seven and DICOM imaging, things like that.
Adam
And it also allows the leveraging of machine learning and AI, which I know google Gill is really at the cutting edge of nowadays. Is that right?
Gil
Yeah, that’s right. And you said a buzzword. The buzzword is interoperability. That’s a big term used by the big boys, the enterprises. But yeah, interoperability. But our whole audience should understand what is a big deal about that term. Interoperability. It just simply means what we described earlier. If you have the functionality and these bridges built between all these different platforms, then that becomes quite interesting, because that means you’re able to leverage the data between different platforms and you’re able to extract more information from it, be more agile, use that. And you say, well, how does that work? Well, imagine if you didn’t have those bridges and you wanted to move data. You’d have to say, well, let me see. Let me put a USB disk drive into a machine, bring the data down, and then maybe go plug it into another machine and then upload it.
Gil
And then you have to sit there and babysit it, especially if it’s a lot of data. And then what do you do with the USB that you got in your hand? How do you destroy that? Or how do you delete the data from there to make sure nobody else sees it? Or what if you leave it on your desk and then the cleaning lady takes it home and you’re like, oh, so obviously you don’t want to do it that way. It’s slow and it’s prone to error. So that’s why interoperability is such a big deal, because you’re doing it seamless, you’re doing it securely, and you’re doing it between the different hospital facilities, or you’re doing it between software package A and software platform B. And so that’s why it’s such a big deal in the world of cloud providers and in the modern world, because data needs to flow fluidly around different platforms.
Adam
Absolutely. And Gil, if there was one takeaway that you could give for anyone looking to create that interoperability through APIs, specifically when it comes to HIPAA, to keep in mind, what would that be?
Gil
Well, with HIPAA, there’s liability, and so you have to always manage risk. And I think you would like to use a service that’s set up specifically for this. So instead of just using the raw API in your own environment, wherever that is, it’s best if you use it within a framework that’s already set up for security and compliance. So in our case, we favor Google, but AWS and have they have something similar. So when you’re talking to your development team and you want to review the API, say, hey, we want to use one of these services that has the API framework for interoperability and security and performance. Right. So you want the best of everything, best performance, best security. Now, you might think, oh my gosh, what’s that going to cost us? Well, it’s not free. You always have to pay for performance and security.
Gil
So you’re going to have to look at that and see what costs can fit within your budget. But I think that would be the takeaway. As always with the medical world, you don’t want to drown in technology and then you also don’t want to skip the technology because it seems like it’s complicated. You want to embrace it. And these services are getting quite easy to use. Right. The developers should be able to read the documentation. Google in particular. I really like it because when they document it’s not just a bunch of words or like, here, you got to read all this. They give you live examples. They’ll say, oh, if you’re going to be using Python or PHP or C plus, here’s how you do it. And they give you the code. They’re like. Here’s the code. You’re like? Oh, wow. They did all the heavy lifting for me.
Gil
Then you take that code and you copy it and you put it on your server and you make a few changes and presto. So I think they try to make it as easy as they can.
Adam
That’s Fantastic. All right, so that sums it up pretty nicely. API management tools, integrate APIs, protect data and ensure compliance. Google’s API. Gateway enables secure API creation, deployment and management. It Also Offers scalability, reliability, and customizable transformations for Easy integration with The Existing infrastructure that you Might have. It promotes interoperability and is ideal for healthcare. And then we also reviewed Google’s Cloud Healthcare API, which provides intelligent analytics, machine learning and interoperability with healthcare systems. HIPAA Vault as a Google Cloud partner, offers managed services for API management and data accessibility. So that’s it for this week. If you have any questions, you can email us as always at podcast@hipaavault.com or tweet us at @hipaahosting. And again, please make sure to subscribe and leave us a review or comment. If you enjoyed this episode and until next time. Thanks for stopping by.