NHS Digital has announced plans for an new API Lab to be run in conjunction with the INTEROPen community. INTEROPen is a community formed to develop open standards for the health and social care sectors. By creating the API Lab, NHS Digital hopes to get a set of open source APIs. These can then be used by developers to create new apps and speed up integration between systems in both health and social care.
Richard Kavanagh, Head of NHS Digital’s API Lab, said: “I’m really excited by the API Lab’s potential to drive forward work on a number of significant open source APIs. By partnering with INTEROPen we will be able to create APIs even faster, delivering real benefits for the health and care system.”
Two years ago, HMRC launched its own API strategy. That has underpinned the development of the Making Tax Digital policy. It has also allowed many more payment providers and accounting software vendors to integrate with HMRC’s systems. While there have been some issues over the period, it has been successful.
A cash strapped NHS needs standards
With the pressure on the NHS to reform and improve its use of IT, this announcement makes sense. The potential benefits for NHS Digital far exceed those that HMRC has attained. NHS systems are currently fragmented and messy. There are many reasons for this, among them the number of different buyers for IT across the vast organisation that is the NHS.
Surgeries, dentists, physiotherapists, NHS Trusts, care homes, local and national government all have systems that impact health and social care. Making these systems work together has been, at best, a miserable failure in the past. This plan seeks to change that and provide both interoperability between all the different NHS stakeholders as well as industry.
There are two main beneficiaries from better integration. Patients will see more cohesion across the NHS from appointments to treatment. The NHS will see fewer delays in treating patients, helping it meet targets and a reduction in costs.
The big challenge here for NHS Digital is money. It is asking all interested parties to work Pro Bono. It will also expect all the APIs and any tools developed to be made available under a permissive open source licence. This latter will need to be carefully managed. As the mobile industry knows, it is all too easy to discover a key software component is suddenly patented and subject to licence fees. So far there is no information about how the open source will be policed or if there is a Fair Reasonable and non-discriminatory terms (FRAND) option for industry participants.
There are already commercial offerings that do this. Infor Cloverleaf is used by companies such as VANAD Enovation UK to integrate to NHS systems, passing clinical data back and forth. It seems unlikely that those software companies will welcome this news. It is also unlikely that they will they will make their code open source. Having said that, perhaps Infor could steal a march on rivals by doing so. Even open source still needs maintaining and by doing this they might open up a significant revenue stream. The problem will be sustaining it and keeping a competitive advantage.
Solutions will also have to meet the FHIR standard.
NHS Digital to provide data
To enable developers and participants to work with real data, NHS Digital will provide access to patient data. There will be a lot of interest in how it does this. There is currently a grey area over privacy and use of NHS data. The NHS has already come under fire across a number of projects for providing patient data to third parties. The most high profile of these was the Google Deep Mind deal in London.
GDPR advocates have also warned of the risks of using patient data without consent. This is, however, a grey area. Delegates at a Cambridge Wireless healthcare event in September were told that the NHS believes it has the legal rights to patient data. GDPR advocates dispute this and point to the position of the EU which would require consent for use.
The UK government has the ability to provide derogations for some data usage. Policing, national security and some areas of the legal system are already accepted as part of GDPR. The question for the NHs is ‘will the UK government add it to the list?’ At the moment there is no evidence that this will happen despite healthcare experts calling for this to happen.
There is also no mention of the NHS Data Security and Protection requirements that the NHS has just issued. The APIs must support these requirements to prevent becoming another security risk factor.
What does this mean?
This is a good move by NHS Digital providing it can get enough people to participate. The sticking point may be the demand that they work Pro Bono. Some commercial companies will be concerned at the permissive open source licence requirement. However, those companies involved early on will have a fast track into delivering apps and solutions into the NHS. This is a multi-billion pound market and one that is keen for solutions.
There are challenges here for NHS Digital. Data access and privacy are two. These can be solved provided they work within the ruling that the ICO delivered after the Google Deep Mind debacle. It will also be interesting to see if cyber security is made a core part of any work. If it isn’t then the gains from better integration and new solutions will be offset by additional spending on cyber security.
After the criticism of the NHS following its failure to prevent recent ransomware incidents, this is an opportunity to prove it can deliver secure solutions.
The API Lab is to be located in a shared workspace in Leeds.
