Upload
brad-genereaux
View
100
Download
1
Embed Size (px)
Citation preview
Combining Healthcare Standards with Other
RESTful APIs
Brad GenereauxProduct Manager, Agfa HealthCare
Co-chair, DICOM WG-27 Web TechnologiesCo-chair, HL7 Imaging Integration / DICOM WG-20
@IntegratorBrad
Disclosures• Product Manager at Agfa HealthCare• Co-chair of DICOM WG-27 Web Technologies• Co-chair of HL7 Imaging Integration / DICOM WG-20
Learning Objectives• By the end of this presentation, attendees should be able to:• Understand the value in connecting non-healthcare REST APIs• Understand the general methods to accomplish this• Understand the risks and mitigation strategies in doing this
Last Year at SIIM15…
Healthcare Standards are at your Disposal
HL7® /
FHI
R® • In production everywhere
• Use only the messages you want
• FHIR uses industry standard REST technologies DICO
Mw
eb™ • Pull in images to
enrich your patient and clinician experiences
• Pull in imaging meta-data to further enrich the detail you show
And
Mor
e! • Human API• Radiology Gamuts• RadReport API• SWIM / TRIP• RadLex Playbook
… but challenges expand beyond these domains ...
My Eleventy Billion Dollar Innovation
The Innovation
“Hi Alex. You have an appointment today at
9:30am. Will you still be coming?”
“Yes.”
“Sally, before we can image you, is there any chance you
might be pregnant?
“Yes.”
“It is unsafe to proceed with your CT. We will release your CT slot to other patients, and follow-up with an MRI. How is Friday at 10am?”
Missed Appointment $70=Avg Cancellation Rate 20%=
Annual Loss for 1,000 monthly visits $168,000=Challenge – Connecting Telephony:• Do you perform integrations into each
PBX system or into each telephony provider?
• How do you guarantee up-time? What happens when an API changes?
• This quickly becomes untenable when scaling deployments
How can we maximize re-use and minimize effort?
Someone else has solved your problem …
… but they may not be in the healthcare space ...
Example API : Twilio
• Telephony REST API provider• Enable your applications to• send out text messages• make phone calls• solicit input via voice or digit presses• text-to-speech and speech-to-text
• Simple to implement using “TwiML” language (XML-driven)
https://www.twilio.com
Good APIs follow the “555” Rule
5 seconds to Documentation
5 minutes to Hello World
5 hours to Prototype
Combine APIs to Innovate Exponentially
?
Example API Aggregator : IFTTT
• If This, Then That• “Consumertizes” API access for the end users• Defines a “service” as an API endpoint• Defines a “recipe” as a combination of two services with an action
https://ifttt.com
Innovate with Building Blocks
Send myself a text five mins before my meeting
Call an Uber to take me to work when it rains
Log tweets on #SIIM16 to my notepad
Innovate with Healthcare Standards
Call patients to remind them of appointments
Log all images with cancer to my notepad
When patient admitted to room, warm to 72 degrees
Call Uber to pick up patients for appointments without transport
Increase staff in ER during freezing rain forecasts
E-mail patient their images after each visit
How to Connect to an API
Find Docs Register Play
BuildComplete
5 seconds 5 minutes
5 hours
What is an API key?• This uniquely identifies you to the service• They may collect usage metrics or for billing
• Usually passed as an HTTP header or query parameter
Security• Always use HTTPS• Never post your application keys anywhere• Nor embed the keys in a system at risk of being reverse-compiled
• Proxy calls to drive connectivity from servers where relevant (XSS)
!!
Won’t work due to XSS
Privacy• Understand the cloud environment where data is stored• Need to understand your liability• Understand methods to mitigate or control risk• i.e., two-factor authentication
Testing• Health data have structures that will break your apps• Both in your own application and in the API provider• i.e., looking up an address in Google Maps but the patient has no fixed
address
• So, test both your core and edge cases• Follow OWASP guidelines
(https://www.owasp.org/index.php/Data_Validation)• Handle HTTP errors you receive gracefully• Know your rate limits
Useful Links• API Directory from Programmable Web
http://www.programmableweb.com• API Conferences and Hackathons
http://devpost.com• If This, Then That
http://ifttt.com• Open Web Application Security Project (OWASP)
https://www.owasp.org/index.php/Data_Validation
Connect to APIs …
Find Docs Register Play
BuildComplete
… And Innovate Healthcare
Someone else has solved your problem …Use their solutions to your advantage, to innovate and drive change
@IntegratorBrad