About the Author

Zach Gardner

Zach Gardner is Keyhole Software's Chief Architect with more than a decade of development experience. Zach has led numerous initiatives to modernize technologies and processes with real-world experience as an educator, architect, technical lead, developer, and mentor.He primarily lives in Microsoft Azure, leveraging modern architectural approaches to enable hybrid app modernization that meets business needs at an exceptional cadence. He also mentors new developers and provides architectural input to complement the existing talent of clients.

Part 4: Creating an FHIR API – Wrapping Things Up

Zach Gardner Cloud, Creating an FHIR API, Tutorial Leave a Comment

Welcome to the fourth and final installment of Creating an FHIR API with GCP. So far, we’ve covered a lot!

We discussed the differences between Google and Azure, landing on GCP as the best option for FHIR in Part 1. We began our implementation in Part 2, creating both the BigQuery resources and your FHIR repository resources. And finally, in Part 3, we tackled authentication methods and populating data in our FHIR repository.

This time, we’ll wrap everything up with a nice little bow. First, we’ll finish our implementation, and then, I’ll share the limitation I found – for the sake of transparency. Let’s dive in.

Part 3: Creating an FHIR API – Implementation Part B

Zach Gardner Cloud, Creating an FHIR API, Tutorial Leave a Comment

This is Part 3 of our series on creating an FHIR API using Google Cloud’s offering. In the last installment, we began implementing an FHIR using GCP. We covered creating both the BigQuery resources and your FHIR repository resources. if you missed Part 1 and Part 2, be sure you go back to read those – they’re critical to understanding!

This time, we’re continuing the implementation. I’ll explain the authentication methods, and we’ll also tackle populating data in our FHIR repository.

Creating an FHIR API Part 2

Part 2: Creating an FHIR API – Implementation Part A

Zach Gardner Cloud, Creating an FHIR API, Tutorial Leave a Comment

Welcome back to our series, Creating an FHIR API. This is Part 2 in our 4-part series on standing up an FHIR using GCP. In Part 1, we talked through two of the offerings out there, Google and Azure, and based on the pros and cons, I decided to use GCP FHIR Cloud Healthcare API.

In this part, we’ll start in on our implementation. A forewarning: we won’t be able to finish it during this installment, so stay tuned for parts 3 and 4! Let’s dive in.

FHIR APIs

Part 1: Creating an FHIR API – Google or Azure?

Zach Gardner Cloud, Creating an FHIR API, Security, Tutorial Leave a Comment

Data interoperability is one of the hardest problems in Healthcare IT. The most popular approach is to exchange HL7v2 messages between systems. These pipe-delimited messages are difficult to read by a human and often need additional customizations between implementations.

The next major paradigm shift is towards FHIR (Fast Healthcare Interoperability Resources), a JSON-based standard that is evolving ahead of the needs of the industry. Cloud vendors like Microsoft, Amazon, and Google are trying to lay their claim to be the one-stop shop for healthcare on the cloud.

This blog is part of a 4 part series diving into an actual use case I recently encountered while working with a client. I had to stand up an FHIR repository/API for 2+ million patients that could be used by hundreds of users every day, as well as countless background processes.

Application Security

Top Security Mistakes to Avoid in AppDev

Zach Gardner Architecture, Security Leave a Comment

Developing custom applications is one of the hardest professional endeavors, and making them secure is even harder. Malicious actors are constantly changing tactics and strategies, which, unfortunately, makes it impossible to completely eliminate any security threat.

There needs to be a balance between delivering features quickly to meet business objectives and mitigating security risks. Thankfully, these two goals are not mutually exclusive. This blog post dives into the top mistakes that can be made while developing custom applications.

These recommendations are different from what would commonly be seen in an OWASP list, and they should be used in addition to whatever security practices and procedures are already in place by an organization’s infosec department. These recommendations are also written from an application architect’s (rather than an enterprise infrastructure) perspective, so most of them aren’t covered by existing security checklists.