Arseam

International Journal of Human Resource & Industrial Research

A Privacy-Preserving API Gateway Framework for Healthcare Systems with JWT and OAuth Integration

Deepak Singh, Gaurang Deshpande

Deepak Singh, Principal Solution Architect, Gainwell Technologies, USA

Gaurang Deshpande, Software Developer, IBM, USA

DOI : https://doi.org/10.5281/zenodo.18601280 Page No : 14-23

Published Online : 2024-12-30

Download Full Article : PDF Check for Updates

Abstract

Using digital records, telehealth, and Internet-linked devices is becoming more common in healthcare, so making sure API communication is safe and standardised is vital. The study is designed to analyse how well API gateways work, how secure they are and how compliant they are when using JSON Web Tokens (JWT) and OAuth 2.0 with healthcare systems. Secondary data, along with facts from case studies (such as NHS Digital and Babylon Health), were selected for the project to analyse the function of IoT, the storage of tokens and compliance with laws and regulations. Results revealed stronger access control, less risk and better compliance with GDPR and HIPAA. It states that using secure API setups, educating personnel and introducing standard security rules are important for tackling existing issues and getting healthcare systems ready for the future.

Key words: API Gateway, Healthcare Security, JWT, OAuth 2.0, Electronic Health Record (EHR), Data Protection, GDPR, HIPAA, Access Control and Cybersecurity.

References

[1] Chatterjee, A., Gerdes, M.W., Khatiwada, P. and Prinz, A., 2022. Sftsdh: Applying spring security framework with TSD-based oauth2 to protect microservice architecture apis. IEEE Access, 10, pp.41914-41934.

[2] Madupati, B., 2023. Comprehensive Approaches to API Security and Management in Large-Scale Microservices Environments. Available at SSRN 5076630.

[3] Cerny, T., 2022. Microservices Security Challenges and Approaches. Information Systems Development: Artificial Intelligence for Information Systems Development and Operations (ISD2022 Proceedings).

[4] Peng, C., Goswami, P. and Bai, G., 2020. A literature review of current technologies on health data integration for patient-centered health management. Health informatics journal, 26(3), pp.1926-1951.

[5] Al-Rumaim, A. and Pawar, J.D., 2023, November. Exploring the Evolving Landscape of API Security Challenges in the Healthcare Industry: A Comprehensive Review. In 2023 16th International Conference on Security of Information and Networks (SIN) (pp. 1-8). IEEE.

[6] Chitta, S., Sadhu, A.K.R., Gudala, L. and Reddy, S.G., 2022. Unlocking Health Data: API-Driven Solutions for Interoperability Challenges. Journal of Informatics Education and Research, 2, p.45.

[7] Bucko, A., Vishi, K., Krasniqi, B. and Rexha, B., 2023. Enhancing jwt authentication and authorization in web applications based on user behavior history. Computers, 12(4), p.78.

[8] Petcu, A., Pahontu, B., Frunzete, M. and Stoichescu, D.A., 2023. A secure and decentralized authentication mechanism based on web 3.0 and ethereum blockchain technology. Applied Sciences, 13(4), p.2231.

[9] Dawei, Y., Yang, G., Wei, H. and Kai, L., 2021. Design and achievement of security mechanism of api gateway platform based on microservice architecture. In Journal of Physics: Conference Series (Vol. 1738, No. 1, p. 012046). IOP Publishing.

[10] Oktaria, D., Ginting, J.A.M., Abdurohman, M. and Yasirandi, R., 2021. Design of API Gateway as Middleware on Platform as a Service. Indonesia Journal on Computing (Indo-JC), 6(3), pp.47-62.

[11] Hussain, F., Hussain, R., Noye, B. and Sharieh, S., 2020. Enterprise API security and GDPR compliance: Design and implementation perspective. IT professional, 22(5), pp.81-89.

[12] Boda, V.V.R. and Immaneni, J., 2022. Optimizing CI/CD in Healthcare: Tried and True Techniques. International Journal of Emerging Research in Engineering and Technology, 3(2), pp.28-38.

[13] Digital.nhs.uk, 2023, Spine Futures, Available at:https://digital.nhs.uk/services/spine/spine-futures [Accessed on: 04th November, 2023]

[14] Bucko, A., Vishi, K., Krasniqi, B. and Rexha, B., 2023. Enhancing jwt authentication and authorization in web applications based on user behavior history. Computers, 12(4), p.78.

[15] Service.gov.uk, 2023, Anticipated acquisition by UnitedHealth Group Incorporated of EMIS Group Plc, Available at:https://assets.publishing.service.gov.uk/media/6516ca296dfda6000d8e38dc/Final_report___.pdf [Accessed on: 05th October, 2023]

[16] Kaul, D. and Khurana, R., 2021. AI to detect and mitigate security vulnerabilities in APIs: encryption, authentication, and anomaly detection in enterprise-level distributed systems. Eigenpub Review of Science and Technology, 5(1), pp.34-62.

[17] Ons.gov.uk, 2021, Healthcare expenditure, UK Health Accounts provisional estimates: 2020, Available at:https://www.ons.gov.uk/peoplepopulationandcommunity/healthandsocialcare/healthcaresystem/bulletins/healthcareexpenditureukhealthaccountsprovisionalestimates/2020 [Accessed on: 07th March, 2023]

[18] Bain.com, 2021, Healthcare deal activity grew in every region, Available at:https://www.bain.com/insights/asia-pacific-global-healthcare-private-equity-and-ma-report-2022/ [Accessed on: 09th March, 2023]

[19] Alharbi, S.J. and Moulahi, T., 2023. API Security Testing: The Challenges of SecurityTesting for Restful APIs. International Journal of Innovative Science and Research Technology, 8(5), pp.1485-1499.

[20] Yigzaw, K.Y., Olabarriaga, S.D., Michalas, A., Marco-Ruiz, L., Hillen, C., Verginadis, Y., De Oliveira, M.T., Krefting, D., Penzel, T., Bowden, J. and Bellika, J.G., 2022. Health data security and privacy: Challenges and solutions for the future. Roadmap to Successful Digital Health Ecosystems, pp.335-362.

[21] Vento, S., Cainelli, F. and Vallone, A., 2020. Violence against healthcare workers: a worldwide phenomenon with serious consequences. Frontiers in public health, 8, p.570459.

[22] Kioskli, K., Fotis, T., Nifakos, S. and Mouratidis, H., 2023. The importance of conceptualising the human-centric approach in maintaining and promoting cybersecurity-hygiene in healthcare 4.0. Applied Sciences, 13(6), p.3410.

[23] Ratta, P., Kaur, A., Sharma, S., Shabaz, M. and Dhiman, G., 2021. Application of blockchain and internet of things in healthcare and medical sector: applications, challenges, and future perspectives. Journal of Food Quality, 2021(1), p.7608296.

[24] Yugandhar, M. B. D. (2020). Digital Operations in Fintech: A Study of Process Automation. International Journal of Information and Electronics Engineering, 10(4), 15-24.

[25] P. Chintale, R. K. Malviya, N. B. Merla, P. P. G. Chinna, G. Desaboyina and T. A. R. Sure, "Levy Flight Osprey Optimization Algorithm for Task Scheduling in Cloud Computing," 2024 International Conference on Intelligent Algorithms for Computational Intelligence Systems (IACIS), Hassan, India, 2024, pp. 1-5, doi: 10.1109/IACIS61494.2024.10721633.

[26] Bucha, S. DESIGN AND IMPLEMENTATION OF AN AI-POWERED SHIPPING TRACKING SYSTEM FOR E-COMMERCE PLATFORMS.

[20] INNOVATIONS IN AZURE MICROSERVICES FOR DEVELOPING SCALABLE”, int. J. Eng. Res. Sci. Tech., vol. 17, no. 2, pp. 76–85, May 2021, doi: 10.62643/

Cite this article as: Deepak S & Gaurang D (2024), “A Privacy-Preserving API Gateway Framework for Healthcare Systems with JWT and OAuth Integration”, International Journal of Human Resource& Industrial Research, Volume 11, Issue 2, 2024, pp. 14-23. DOI: https://doi.org/10.5281/zenodo.18601280

Article View: 89
PDF Download: 13

References

[2] Madupati, B., 2023. Comprehensive Approaches to API Security and Management in Large-Scale Microservices Environments. Available at SSRN 5076630.

[6] Chitta, S., Sadhu, A.K.R., Gudala, L. and Reddy, S.G., 2022. Unlocking Health Data: API-Driven Solutions for Interoperability Challenges. Journal of Informatics Education and Research, 2, p.45.

[7] Bucko, A., Vishi, K., Krasniqi, B. and Rexha, B., 2023. Enhancing jwt authentication and authorization in web applications based on user behavior history. Computers, 12(4), p.78.

[10] Oktaria, D., Ginting, J.A.M., Abdurohman, M. and Yasirandi, R., 2021. Design of API Gateway as Middleware on Platform as a Service. Indonesia Journal on Computing (Indo-JC), 6(3), pp.47-62.

[11] Hussain, F., Hussain, R., Noye, B. and Sharieh, S., 2020. Enterprise API security and GDPR compliance: Design and implementation perspective. IT professional, 22(5), pp.81-89.

[12] Boda, V.V.R. and Immaneni, J., 2022. Optimizing CI/CD in Healthcare: Tried and True Techniques. International Journal of Emerging Research in Engineering and Technology, 3(2), pp.28-38.

[13] Digital.nhs.uk, 2023, Spine Futures, Available at:https://digital.nhs.uk/services/spine/spine-futures [Accessed on: 04th November, 2023]

[14] Bucko, A., Vishi, K., Krasniqi, B. and Rexha, B., 2023. Enhancing jwt authentication and authorization in web applications based on user behavior history. Computers, 12(4), p.78.

[21] Vento, S., Cainelli, F. and Vallone, A., 2020. Violence against healthcare workers: a worldwide phenomenon with serious consequences. Frontiers in public health, 8, p.570459.

[24] Yugandhar, M. B. D. (2020). Digital Operations in Fintech: A Study of Process Automation. International Journal of Information and Electronics Engineering, 10(4), 15-24.

[26] Bucha, S. DESIGN AND IMPLEMENTATION OF AN AI-POWERED SHIPPING TRACKING SYSTEM FOR E-COMMERCE PLATFORMS.

[20] INNOVATIONS IN AZURE MICROSERVICES FOR DEVELOPING SCALABLE”, int. J. Eng. Res. Sci. Tech., vol. 17, no. 2, pp. 76–85, May 2021, doi: 10.62643/

International Peer Reviewed & Refereed Journal as per UGC New Rules

ISSN (P) : 2349–4816; ISSN (O) : 2349–3593, UGC Approved as per UGC New Rules

Submission Instruction

Call for Paper

Submit Paper Online

Join Editorial Board

Author Guidelines

Indexed in