Healthcare Company Adds API Testing and Monitoring for a CI/CD Pipeline While Migrating from CDA to FHIR®

Healthcare / Insurance Case Study

Challenges

Implement API testing and monitoring without disrupting a migration from CDA to FHIR®
Significantly increase developer velocity without increasing risk (quality at speed)
Eliminate bottlenecks due to inefficient or ineffective collaboration between technical and non-technical stakeholders
Expand application and infrastructure monitoring coverage to their entire API infrastructure
Protect PHI by minimizing the risk of functional and/or human error leading to API breaches

SOLUTIONS

Run data-driven functional API tests for legacy XML APIs in the CDA/CCD method as well as new JSON objects for FHIR® via a centralized platform driving one version of API health across the organization
Unify functional and data-driven tests with end-to-end (integration), load and performance tests to create a single holistic unified API test that can capture real world scenarios, and generate more accurate and usable testing data
Provide command-line tools and a visual composer (GUI) that allow technical and non-technical stakeholders to work in parallel during test design
Integrate the microservices-based API Fortress platform with any CI/CD platform as well as any analytics and notifications platform
Reuse API Fortress unified API tests as functional uptime monitors that may be deployed in any environment before and after going live
Deploy API Fortress via a self-hosted cloud to keep all API tests, monitors, and results/reports on-premises and behind the firewall

OUTCOMES

Lowered costs by significantly increasing regression testing without increasing IT resources, catching more API defects early in the lifecycle, and simplifying collaboration to reduce the risk of falling short of the business case.
Accelerated time-to-value by making deployment quick and effortless with On-Demand (autonomous) API Tests and Monitors that were ready out-of-the-box for primary healthcare use cases and custom workflows.
Streamlined agile/DevOps by shortening the average test sprint by 40% and seamlessly integrating with the CI/CD platform and DevOps toolchain, including test case managers, version control systems, and analytics and notifications platforms.
Achieved quality-at-speed by upgrading their “uptime” and “performance” QA metrics to a better metric, “Functional Uptime,” allowing them to holistically detect functional and performance problems during constant changes in databases, API integrations, and code repositories by distributed teams and partners.
Boosted API Security with functional uptime monitoring capable of detecting a wider range of API problems and vulnerabilities due to functional and human error that could lead to an API breach.

About

This API Fortress customer is a large integrated healthcare organization in the United States with multiple health systems operating under their umbrella. The parent organization manages a large portfolio of apps, APIs, and web services for subsidiary business units.

Evolving QA for FHIR® and APIs

This large healthcare customer requested anonymity due to the sensitive nature of the high volume of PHI (Private Health Information) and financial transaction data that they handle for their physicians, hospitals, and patients.

As with other healthcare companies, this customer’s IT department was overseeing a couple of significant and potentially risky migrations:

1) moving from on-premises datacenters to self-hosted public clouds
2) migrating from the CDA API protocol to FHIR®

Both migrations involve a sharp rise in the usage of database-connected REST APIs to accelerate the development of new features, tools, and applications. In an effort to accelerate their goals with these migrations, the healthcare customer supplemented their agile development processes with a CI/CD pipeline.

While development velocity did increase, so did the number of API errors that were not caught before going to production. Even worse, some bugs were only caught after going live. Any functional API errors may not only be devastating for the company and its customers – but also for the DevSecOps team as in the case of a recent Twitter API error that exposed the private data of 17 million accounts.

The healthcare company searched for multiple solutions to solve their three biggest needs:

Replace their unreliable API tests and monitors
Deploy proper automated API testing, and increase regression testing without decreasing go to market times
Detailed monitoring of these critical APIs for internal and external SLAs

With API Fortress, the healthcare company realized that only one platform could solve all of their biggest needs.

“When we switched to ‘functional uptime monitoring’ with API Fortress for our internal APIs, it transformed our ability to maintain internal and partner SLA guarantees. It’s mission-critical that our data-driven apps and APIs never go down or fail to perform at the highest levels. API Fortress has been vital in helping us to streamline our CI/CD pipeline with shift-left testing, and then leverage those functional tests as proper uptime monitors.”

—Chief Architect at the Healthcare Company

Solution

The healthcare company did not know what they did not know. When they started a free trial of API Fortress, it did not take long to realize how many false-negatives that their traditional contract tests and ping/uptime monitors had been giving them.

“With API Fortress,” the Chief Architect at the Healthcare Company remarked, “Our Kibana dashboards suddenly lit up with detailed information related to functional API errors. We realized that the so-called synthetic monitoring that we’d been doing with our other APMs were simply not up to par, especially in our Jenkins CI/CD pipeline.”

With proper API testing automation, the healthcare company was able to discover functional errors early in the lifecycle thanks to data-driven regression testing. By going forward with data-driven functional testing, and then using those same tests as functional uptime monitors, they were able to unify all information for API quality on one centralized platform, while keeping notifications and test data in their existing platforms. The healthcare company’s technical, cybersecurity, and business leaders gained much needed confidence in their ability to uphold SLA guarantees during a fast transformation.

Download Case Study