The Legal Side of Healthcare APIs

I was taking a look at a new healthcare API recently, adding it to my stack, for deeper review at a later date. Whenever I add a company to my monitoring and review system, I go through the site to make sure they have some of the characteristics of a modern API. I am not interested in many of the APIs that I come across that are older web services, or just poorly done APIs. I want to make sure APIs have self-service registration, some web API characteristics, code libraries, support, and a minimum viable set of building blocks.

The API I was looking at is Validic, which bills itself as a "Digital Health Platform". I'm coming across a number of new API driven, healthcare platforms, like Validic lately. As I was adding it to my database I noticed the legal section in the footer, which had five elements: 

  • Data Security Policy
  • Service Level Agreement (SLA)
  • Support Policy
  • Privacy Policy
  • Terms & Conditions

Three of the five elements, I have as building blocks that I recommend for platforms. I'm taking note of two of the two that I do not have recorded, a data security policy, and support policy. While I think the stakes are a little bitter higher in healthcare, an industry that would require this added level of protection for the platform, developers, and users, I think these building blocks could be something I may include for all API providers.

I think having a support policy sets the bar, for how a platform will support its developers. I also find the data security policy very intriguing, setting the bar for how a platform will secure users data on the platform--something every online platform should step up and do, no matter what industry you are in. As I review the platform more, I will break down these potential new building blocks, and add them to my master list