Tricorders, Enterprise, and API Gateway

How’s your health?

If you’re like me, sometimes you wish had a tricorder – you know, that fictional device (pictured above) used by Bones to scan for abnormalities in the old Star Trek

A quick pass over your body, and 3 phases of “tech magic” (thus, “tri” – corder) would happen instantly: sensing, computing, and recording. 

Heart issues? Check. Diabetes concerns? Got it. How about Andorian measles?  

“I’m a doctor, Jim, not a miracle worker.”   

(It’s fascinating – as Spock would say – that the American Association for Clinical Chemistry (AACC) did spearhead a competition back in 2012 to see who could create the most workable “tricorder.” By 2017, a number of companies had produced some impressive devices, and took home some nice prize money.) 

Science fiction aside for a moment, we’d all like a clearer picture of our health sometimes. Seeking answers to perplexing health issues can often feel like searching for that elusive, missing piece to a jigsaw puzzle.  

It may be under a chair, or in a different room of the house – sort of like your lab test results, which may reside in some far-off database or inaccessible EHR or software application. 

Only when the pieces of your medical data are brought together can a true “picture” of your health begin to emerge.

Gathering the Pieces

That may seem like wishful thinking, but science fiction has a way of becoming reality. Imagination is the spark of invention. 

For healthcare, the ability to present a clearer picture for patients also has much to do with two key factors: data accessibility and interoperability. 

Accessible data means providers (and ideally, you) enjoy near-instant data availability, for a prompt diagnosis and the ability to make more intelligent treatment choices. (According to surveys, over 80% of adults desire increased access to health information for both patients and providers).

Interoperability means that all your data residing in disparate systems are synthesized – put into the puzzle – to provide a more complete picture of your health. 

We’ve seen previously how cutting-edge, enterprise cloud solutions like Google’s BigQuery are helping healthcare organizations like Mayo Clinic drastically cut the time involved in data retrieval and analysis. 

We now turn to another valuable tool to facilitate health data accessibility and interoperability, which is the API. 

What is an API?   

APIs, or application programming interfaces, are software that enables seamless communication and integration between different (and often complex) applications and systems. 

Essentially, when one developer’s code needs to “call” another developer’s code or application, a message is sent to a server asking for access and reuse of that application’s logic and data as it is exposed over the network.

In healthcare, some common programs that utilize APIs include Human API, Cerner, Epic Systems, OneMedical, Meditech, etc. Interoperability can happen when an organization integrates these APIs. 

An example of how this works is the Epic system, which is used to store and share medical records. If Epic users desire to incorporate Zoom technology for video conferencing, they would need an interface that allows for this integration (which it has). 

API Management

As one might imagine, managing the numerous APIs that may exist in a healthcare organization can be daunting. 

A unified interface (known as a proxy layer) that will manage, protect, and optimize APIs provides a practical solution since it sits between the front-end and the actual back-end services to provide a layer of abstraction that decouples the two and allows for more efficient integration. 

There are different options for managing APIs, depending on the need. For example, Google’s Apigee provides a comprehensive API management platform with a developer portal. It allows for monitoring, advanced API ops, and other extension possibilities. 

Apigee is essentially a full lifecycle API management solution, from designing APIs to managing and securing them at runtime.

Google’s API Gateway, on the other hand, is a fully managed service that enables developers to create, secure, and monitor APIs for services built on Google Cloud. API gateway integrates with other Google Cloud Platform services, allowing for easy integration with existing applications. 

The platform is designed to be scalable and reliable, making it a suitable choice for healthcare enterprises that require high availability and performance.

What are the benefits of Google’s API Gateway?

With API Gateway, healthcare businesses can provide secure access to their services through a well-defined REST API that is consistent across all services, regardless of the infrastructure or vendor. 

Basically, a REST API is a way for two computer systems to communicate with each other securely over the internet using HTTP requests and access data. REST APIs are used by most business applications, and are designed to be stateless, meaning that no client context is stored on the server between requests. 

The main advantage of using a REST API is that it provides a standardized, scalable, and secure way to access data or perform actions.  

Overall, API Gateway facilitates API management with high performance and provides a range of features and advantages over other API gateway solutions available in the market. 

Enterprise healthcare organizations and developers can benefit from the additional functionality that a proxy can provide, including added security, traffic management, and customizable requests/responses.

Let’s look closer at 3 of these benefits. 


Google’s API Gateway provides greater security for APIs in healthcare and other industries by offering a range of HIPAA-recommended security features, including authentication, authorization, encryption, and monitoring. 

API Gateway, therefore, provides flexible security controls that can be customized to meet the specific needs of the organization, including secure and scalable authentication and authorization for APIs, in support of OAuth2.0, OpenID Connect, and JSON Web Tokens (JWT).  

API Gateway also supports SSL/TLS encryption, making it possible to secure sensitive data in transit. 

Traffic Management

Google’s API Gateway enables continuous monitoring of API traffic and notification of anomalies or suspicious activity, through comprehensive monitoring and analytics capabilities. 

Traffic management features such as rate limiting, quota enforcement, and request transformations allow developers to set quotas and limits on the number of requests allowed per second, minute, hour, or day. 

API Gateway also supports automatic scaling of application instances to accommodate fluctuations in traffic. 

Customizable Requests and Responses

API Gateway also provides the ability to modify requests and responses through request and response transformations, allowing customization of data. 

API Developers can perform content-based transformations by using request and response message content as input for transformations. Developers can use these transformations to customize the data sent between the client and server, allowing them to modify requests and responses in a fully flexible and customizable way. This can include adding, removing, or modifying HTTP headers or payloads. 

Overall, the customizable request and response capabilities of Google’s API Gateway provide a flexible and powerful tool for API developers to optimize the performance and functionality of their APIs. 


API management tools can be used to put a feature-rich gateway between different systems, helping to integrate APIs while protecting sensitive data and ensuring compliance with industry standards. 

Google’s API Gateway provides data accessibility by allowing APIs to be created, deployed, and managed to access and share data securely. 

Developers can use Google’s API Gateway to create APIs that provide access to data from various sources, such as databases, services, and applications. The platform is designed to be scalable and reliable, making it a suitable choice for healthcare and other industries that require high availability and performance. 

Additionally, the platform includes features such as customizable request and response transformations, which can be used to modify data sent between different systems, making it easier to integrate APIs with existing infrastructure.

HIPAA API Gateway also promotes interoperability by allowing for easy integration with other healthcare applications and services. The platform includes features such as customizable request and response transformations, which can be used to modify data sent between different systems, making it easier to integrate APIs with existing infrastructure. 

Of course, the degree to which Google’s API Gateway provides interoperability depends on the specific needs and requirements of the organization, so it is important to evaluate different options and consider factors such as reliability, scalability, and ease of use before making a decision. 

Overall, Google’s API Gateway provides a reliable and secure platform for managing APIs in healthcare and other industries, offering critical security features that help protect sensitive health information, and providing developers with robust traffic management capabilities to optimize API performance and ensure reliability.

(Of note, Google Cloud also has a specific Healthcare API which is a managed solution for storing and accessing healthcare data in Google Cloud Platform (GCP). The platform provides intelligent analytics and machine learning capabilities and includes pre-built connectors for streaming data and interoperating with other healthcare systems. It’s designed to enable interoperability at an enterprise scale, while providing useful, reliable, and accessible data in near real-time). 

As a Google Cloud partner, HIPAA Vault has the expertise to help you manage your APIs and facilitate increased data accessibility and interoperability. In addition, our 24/7 fully managed services include dedicated, personal service, so you’ll be freed up to concentrate on your business.

Leave the day-to-day security monitoring and patching, system optimization and updates in the hands of proven cloud specialists who know HIPAA… and just a little bit about tricorders.

If you have any questions about how we can assist your development process and create better customer experiences, please give us a call! 760-417-5981

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.