You might be wondering why APIs are so important but have you ever used an airline comparison website or booked an Uber from within google maps? Actions like these would not be possible without an API.
So how do APIs work?
An API acts a lot like a waiter in a restaurant. A customer will make a request to the waiter, who will then retrieve this request from the relevant location - for example, the kitchen, the bar or the till - and bring it to the customer. In the case of an airline comparison website, the API will be fetching the best flights that fit the parameters that the customer requested from the different airline’s databases.
At its core, an API brings together applications that usually would not be able to communicate.
Another quick example of this might be the ‘share’ button on an interesting article you are reading. An API allows you to share that article to your social media feed(s) at a click of a button.
If you want to dive deeper, APIs even help with the interaction between hardware and software. Without them, programmers would have to customise their code for each PC build combination possible - which is close to impossible.
The Risks Associated with APIs
With all this said, API’s also have their downfalls. APIs add another attack surface for hackers and can become their primary target. As it’s a gateway, all other applications and systems connected become vulnerable once the API is compromised. Common attacks of concern are SQL injection, XSS attacks, CSRF attacks and DDoS attacks - some of which are the most frequent cybersecurity risks on a day-to-day basis.
However, the more frequently executed an attack is, the more widely known security there will be surrounding it, and the easier they are to prevent. Although it has potential risks, APIs’ growth will only continue and mature, much like any application.
APIs in Healthcare and in the NHS
APIs can be used across every industry for a variety of reasons. Use in the Healthcare industry is no exception. Let’s take the NHS in the UK as an example; a significant concern is that the data storage basics are often not met. Within a hospital, there are many departments, some of which will be collecting niche patient data and using proprietary data storage techniques. To add to that, different hospitals will likely be using different systems entirely. This leads to a littered build-up of data silos, which are very difficult to leverage for the greater good.
“There’s no such thing as one set of data that gives you everything you need in one single format,” Dr. Nicholas Marko, Chief Data Officer at Geisinger Health.
The challenge of data silos has stemmed from NHS trusts and CCGs having full autonomy and choice over what platforms they want to use. This is paired with a lack of policy enforcement to lay out a uniform standard on how data is collected, stored, structured and shared. This lack of structure is a major concern for data privacy and poses a huge security risk. The NHS is notorious for struggling to adopt new technologies, as evidenced by the challenge in handling cyberattacks such as 2017’s WannaCry.
Multiple solutions to this challenge have been drafted, including a centralised, a decentralised and a blockchain approach. The main roadblock for an NHS-wide integration is the sheer size. For example, it would be difficult to support a blockchain for a population of over 60 million.
“When that patient rolls into the recovery unit, even today, the full clinical picture of what has happened to the patient thus far is not always clear,” explained Jeff Becker, Senior Analyst of Healthcare Strategy at consulting giant, Forrester Research. “At discharge, this patient may go to an inpatient rehabilitation unit, a skilled nursing facility, or home under the purview of a home health agency or a remote monitoring program, further fracturing the full, end-to-end clinical story of this patient’s encounter into more data silos.”
A more realistic approach to abolishing data silos would be to utilise an API to enable systems to communicate. An API will allow a system to fetch or send data which could update a patient’s medical record. Alternatively, an API could provide collected data about a single patient. This coordination would improve clinical workflows and could provide a path for patients to access their own healthcare data. Use of APIs is emerging as an important part of the wider plan to bring the public healthcare sector up to standard.