The Cloud Healthcare API provides industry-standard protocols and formats for ingesting, storing, analyzing, and integrating healthcare data with cloud-based applications. The API supports the following applications:
- Healthcare machine learning applications
- Data-level integration of healthcare systems
- Secure storage and retrieval of healthcare and life science data, including electronic protected health information (ePHI) and other forms of PII
For many applications, the Cloud Healthcare API can provide a cloud-based alternative to on-premises stacks implementing the Digital Imaging and Communications in Medicine (DICOM), Health Level Seven Version 2.x (HL7v2), and Fast Healthcare Interoperability Resources (FHIR) STU3 standards. This can simplify data integration with existing systems and allow developers to focus on differentiating features, such as UX and intelligence.
The API consists of three modalities that implement individual industry-wide standards:
- Medical imaging data in the Digital Imaging and Communications in Medicine (DICOM) format
- Clinical event messages in the Health Level Seven Version 2.x (HL7v2) format
- Clinical resources in the Fast Healthcare Interoperability Resources (FHIR) format
Each modality has different structural and processing characteristics, but they are all backed by a standards-compliant data store that provides read, write, search, and other operations on the data.
The data stores corresponding to each modality reside in datasets, which are containers in your Google Cloud (Google Cloud) project that hold modality-specific healthcare data.
For more information, see Projects, datasets, and data stores.
Features of the Cloud Healthcare API
This section describes the features that make up the Cloud Healthcare API and the primary purpose of each feature.
The Cloud Healthcare API implements a REST API for multiple healthcare modalities. For example:
- The FHIR portion of the REST API conforms to STU3, a version of the FHIR specification.
- The DICOM portion of the REST API conforms to DICOMweb, a web-based standard for exchanging medical images.
Compliance with privacy regulations
The Cloud Healthcare API is covered by Google Cloud’s security, privacy, and compliance assessments/certifications for industry standards, such as:
- ISO 27001
- ISO 27017
- ISO 27018
- PCI DSS
The Cloud Healthcare API is a covered service under the Google Cloud HIPAA BAA, which means that customers can use it in conjunction with electronic protected health information (ePHI), with appropriate configuration. The Cloud Healthcare API has been developed according to Google’s security and privacy practices.
Google Cloud provides detailed guidance regarding compliance with HIPAA in the US, the PIPEDA in Canada, and other global privacy standards.
Data location control
Data location is a core component of the API. You can select the storage location for each dataset from a list of currently available locations that correspond to distinct geographic areas aligned with Google Cloud's regional structure. Data stores exist in the same region as their parent dataset.
For more information, see Regions.
The Cloud Healthcare API security model is based on Google’s Identity and Access Management (IAM) system. IAM’s fine-grained permissions give you complete control over what can be done with healthcare data, and by whom. To provide comprehensive threat detection and traffic management capabilities, there are also implementations of open-source proxies for the Apigee API Management system. You can use these implementations to securely expose sensitive ePHI with patient and provider applications.
Bulk import and export
The Cloud Healthcare API’s DICOM and FHIR modalities support bulk import and export of data, making it easier to transfer data to and from Cloud Storage.
You can also export FHIR resources and DICOM store metadata to BigQuery. This lets you perform advanced data discovery and analytics workloads on large datasets.
The Cloud Healthcare API supports de-identifying data at the dataset level. This simplifies the process of redacting sensitive information for research and other purposes. For more information, see Data de-identification.
You can use Stackdriver to audit administrative and data access requests.
Using Google Cloud’s high-performance technology, the Cloud Healthcare API can scale to thousands of requests per second, even when accessing very large volumes of data.
Availability for mission-critical scenarios is made possible through Google Cloud’s robust and highly redundant infrastructure.
Cloud Healthcare API is designed for 99.999999999% annual durability. This is achieved by storing data across multiple disks located in different power and network failure domains.