As a follow-up to a previous post by Dave Levin, I would like to extend some thoughts regarding the security of open Application Program Interfaces (APIs) that I’ve had since joining Sansoro Health. Being new to health information technology (but not new to large vendor packages), the lack of existing support for interoperability among Electronic Medical Record (EMR) platforms truly surprised me. Over the past few years, one of the main concerns hindering EMR integration has been the potential vulnerability of patient data and medical records. The sensitive nature of the Protected Health Information (PHI) stored in these EMR systems justifies this apprehension; however, ignoring the facts and benefits of open APIs greatly restricts advancements within the healthcare industry. The great news is that secure and innovative solutions for EMR interoperability are currently available for healthcare IT systems!


APIs are all around us

To illustrate the importance of open APIs for healthcare information technology, let’s start elsewhere. For years, the digital economy has actively leveraged open APIs in many complex and security dependent ways. The financial sector provides a similar comparison of another industry where data security is paramount. The use of open APIs in financial technology has enabled data connectivity, inspiring the innovation of new products and services including mobile deposits, online money transfers, and secured investments.


Debunking security & vulnerability concerns

Clearly, APIs make possible many of the innovative tools we use every day, yet skepticism remains over potential security and vulnerability issues. When implemented correctly, APIs can actually help standardize authentication and security across an entire enterprise. By only exposing key data via APIs, the number of potential vulnerabilities is limited to a set of endpoints. This approach gives a system administrator control over the way that access is granted to data with a standard path to authentication. In other words, security and other policies are easily applied to this core set of endpoints in a systematic and consistent way. Utilizing this approach, an organization can determine its security requirements and apply them uniformly. For example, an organization could efficiently apply multi-factor authentication across an enterprise with properly implemented APIs in place.

Systematic application of security policies is just the start of an APIs ability to support a more secure approach for accessing data. When properly applied, an API will validate access and credentials with each call instead of opening a connection and leveraging it for a set period of time. APIs can also be built to limit the rate at which an application can make requests for sensitive data; preventing any malicious activity from breaching those thresholds. Finally, APIs can validate the application a user is interacting with thus ensuring the API is functioning in the same way a valid user would interact with a given application. The APIs in Sansoro’s core product, Emissary™ , operate in precisely this way.


The possibilities are endless!

When designed properly, APIs are not the scary, open pathway to your patient’s data that some might have you believe. But where do we go from here? That’s the fun part! Could open APIs give a patient access to their medical record via multiple platforms and support their ability to give consent on its use? Could open APIs simplify the integration between your EMR system and your best in class Laboratory Information System (that just so happens to not be a product from your EMR vendor)? Could APIs… I think you get the point.  Let’s just say this: the answer is YES. EMR interoperability sets the stage for endless possibilities in healthcare information systems and now is the time to embrace this innovation!

Real-Time Electronic Medical Records

Discover how open APIs will influence healthcare technology for yourself

On February 29th, Sansoro’s Chief Medical Officer, Dave Levin, MD, will be a keynote speaker at a symposium on healthcare cyber security at the HIMSS 2016 Conference. He will address how changing needs in healthcare relate to an ever-growing reliance on open APIs and other secure technologies. Learn more about Dave’s keynote here:

Alongside Dave, the Sansoro team will be discussing the value of open APIs throughout HIMSS as well. Be sure to stop by Booth #12206 to meet with the team and learn how open APIs are currently providing secure EMR interoperability in several healthcare IT systems.

HIMSS 2016


We look forward to meeting you at HIMSS 2016: February 29th – March 4th in Las Vegas, Nevada!


Talk with one of our experts today.