Carebeans Developer APIs

Browse and learn how to integrate with our APIs

Overview

Carebeans aims to support the NHS goal and vision of a people powered health and social care system enabled by the Integrated Digital Care Record. We need an interoperable ecosystem of applications, data and processes to allow the right information to be available to the right user at the right time. The fundamental elements of the vision are:

  • Transparency; safe and reliable sharing of information between clinicians, care providers and service users
  • Participation; supporting service users to take more control of their health and care and fully engage in the design of local services, and
  • Interoperability; to develop the capability to realise integrated digital records across all care settings.

Principles for Open Standards across government for software interoperability, data and document formats have been directed by the Government Digital Service.

The importance of using an Open API approach and hence the value of the policy is to:

  • Promote and accelerate innovation through the availability of data from systems
  • Maximise interoperability by exposing application functionality
  • Reduce vendor lock-in to closed systems.

The term Open API refers to all methods of software-to-software interaction including, but not limited to, web interfaces, direct program interfaces, batch/file drops over FTP etc.

Carebeans is a commercial organisation that has, and continues to invest, in the development of its IPR. There are key principles that are fundamental to the health of the company, its customers and data privacy: Carebeans system IPR must not be compromised and will not be shared with competing organisations. It is our customers data and they determine how it can be used and who by. The integrity of the system must be maintained. The privacy of personal data is paramount.

In order to access our API download page, you will first need to fill in our API application form.

Already have an account? Log-in here.

Our list of current APIs

We will be constantly adding and updating our available APIs.

Policy Context

Definitions

The term Application Programming Interface, or API, in the context of this document is used broadly to refer to any mechanisms which allow a system or service to access data or functionality provided by another system or service. Consequently, this policy will encourage software interoperability. Open APIs are those APIs that have been exposed to enable other systems to interact with Carebeans system, and those APIs have been sufficiently documented that the available functionality is discoverable, fit for purpose and re-usable. Open also means potential users of the API can access the API documentation free of charge and also access the API free of charge. Where access to the live API is not possible (e.g. chargeable usage applies, service level agreements are in place, or the API returns confidential data) a test environment will be provided to allow potential users to experiment and test the API.

API Access Policy

Although API’s provide access to the Carebeans system the data does not belong to Carebeans. In this context, Carebeans is the processor. The data controller, the care provider (Carebeans customer) owns the data and will need to provide explicit permission in the form of a change to the processor/controller agreement.

It will be up to the care provider to determine and document consent of any Service users and system users if their data is to be shared.

Partners wanting to consume APIs must go through the below process:

Although the API is free to use it is not open for anyone to access. Security and privacy of our customers data is paramount and there is a process to be followed to allow access. In summary:

  • A questionnaire will be provided to ensure the connecting applications have adequate security in place. This relates to the storage and sharing of the data.
  • The connecting company will need to provide a suitable privacy and GDPR policy
  • The usage of the data will need to be defined
  • A processor agreement will need to be agreed between the 2 parties.

Scope of APIs

The following types of API are in the scope of shared APIs:

  • Service user details
  • Care records
  • User Details
  • Care transactions
  • Observations and monitoring
  • Red bag information
 

The objective, over time, is to make Data held in Carebeans system available via an Open API, consistent with the HM Government Open Data policy.

This will take time and the roadmap will be based on need.

The following APIs are not available for sharing:

  • APIs within the Carebeans application which connects 2 or many parts of the system and would be totally impractical to share
  • Specific interfaces to customer proprietary systems
  • Security or passwords

Current position and Future Development

At this time there are only a handful of APIs available and these standards are being applied to these. As time moves forward and new APIs are developed they will be developed in line with these standards. APIs will be developed on customer need and governed by business financial constraints. Our Aim is not to make this an overly costly APIs will be tailored to customer requirements while aligning with our fiscal considerations. Our objective is to ensure affordability without compromising on value.

API Principles Statement

This section outlines the specific policy statements and principles for our Open APIs:

  • Specified data held by the Data Processor on the host system on behalf of the Data Controller must be made available as instructed by the Data Controller.
  • The existence of each exposed API must be published on publicly available resources.
  • Each exposed API must have freely accessible documentation that has sufficient information that would enable a competent developer to make use of the API without further information.
  • Each exposed API should be accessible free of charge to enable testing.
  • Where access to the API is chargeable and/or access is identified, developers must have non chargeable access to test APIs.
  • Access to confidential data, including patient or clinical data, through any API must meet, as a minimum, the same requirements for information governance, authentication and authorisation, and auditing as the host system the API exposes.
  • All commercial agreements relating to the development and use of Open APIs must be fair and transparent. perpetual, non-exclusive and transferable Licences for Open APIs accessing service user data by a consuming system should be non-exclusive.
  • The APIs need to add value to our customers. For example incoming data should not just be logged, the value and usage of the data should be analysed and used in such a fashion to provide extra customer benefits.

API Structure

Carebeans employs a REST architecture to facilitate API’s to its partners and customers. The key benefits of this implementation are compatibility between different clients and servers, regardless of platforms or operating systems, and the simplified communication and data transfer between applications. REST works on top of the HTTP transport. It takes advantage of HTTP’s native capabilities, such as GET, PUT, POST and DELETE. When a request is sent to a RESTful API, the response (the “representation” of the information “resource” being sought) returns in either the JSON, XML or HTML format. A RESTful API is defined by a web address, or Uniform Resource Identifier (URI).
Carebeans API Structure

API Security

API security is concerned with the transfer of data through APIs that are connected to the internet. Broken, exposed, or hacked APIs are behind major data breaches and as such Carebeans applies all the best practices to ensure sensitive data is secured.

The following security is placed for the protection of the integrity of all APIs – both consumed and provided:

  • Token based authentication
  • Digital Signatures and API Encryption
  • Transport Layer Security (TLS) encryption
  • API Gateway
Carebeans API Security

API Onboarding

Although the API is free to use it is not open for anyone to access. Security and privacy of our customers data is paramount and there is a process to be followed to allow access. In summary:

  • A questionnaire will be provided to ensure the connecting applications have adequate security in place. This relates to the storage and sharing of the data. Due Diligence Form – based on ICO recommendations and GDPR compliance.
  • The connecting company will need to provide a suitable privacy and GDPR policy
  • The usage of the data will need to be defined
  • A processor agreement and API agreement will need to be agreed between the 2 parties
Carebeans API Onboarding

Support

A SLA will be put in place.

API Application Form

Please fill in the form shown, giving as much information as you can in relation to your intended use of our APIs.

A member of our team will be in touch with you in due course once your application has been submitted.

If you would prefer to send an email, please do so by clicking here.

Request Access to APIs (#24)