Python in Healthcare
Python Safety: is Python a safe language?
Data security (patient privacy) has become especially critical to the healthcare industry with the adoption of electronic health records (EHR). Is Python a safe language for building healthcare apps? Or maybe there are more secure programming languages?
If you are trying to figure out what is the most secure programming language, you are probably on the wrong path. All programming languages are not secure. An application becomes secure when the developer adopting the best practice and best security policies and techniques.
The more a programming language is popular the more it is safe because the more security vulnerabilities are widely known and the more of them could be fixed by professional Python developers.
According to Enrico Branca, the Cyber Security Researcher, the Leader of the “OWASP Python Security Project”: "Python is a powerful and easy to learn language BUT has to be used with care. There are no limits or controls in the language, this is the responsibility of the coder to know what can be done and what to avoid."
Django was first released in July 2005 (12+ years ago). It is a Python-based framework that is widely used for the creation of web applications, including medical apps. A good Django dev is a good Python dev. Django simplifies the creation of web application by reducing the amount of trivial code that your developer needs to write. Django provides a solid list of built-in modules (packages for the admin interface, user authentication, chat functionality etc.) so you don’t have to create them yourself. Django provides built-in protection against the three main types of web app attacks (SQL injection, XSS, and CSRF). Using Django security best practices, you can be sure in safety of your healthcare app.
Flask is a Python-based microframework primarily for building API but it can be extended to the full-stack framework with the help of existing extensions. Flask has fewer users than Django and requires more time for the configuration. Flask is often used for building prototypes because you can get going much more quickly with it. Which framework is easier to secure? Django.
Python / Django and HIPAA
As a rule, development of a medical software application is associated with handling medical data that needs to be protected under the HIPAA compliance requirements. Are Python and Django or other Python-based frameworks secure enough to be HIPAA compliant? In fact, the HIPAA is a checklist that does not depend on a programming language or a framework.
- "You want to provide your clients the assurance that the information being presented is meeting the HIPAA requirements. This is not entirely a Django/Python implementation, but falls in line with the Database back-end support".
- "HIPAA factors like "how you store your data" and "how often sysadmins review logs" and "what the access control policies at the data center are" will probably play a bigger role than which programming framework you use, so you need to make sure to have good answers to those questions".
- "There are about 100 individual checkboxes that you'll need to hit to be HIPAA compliant. Approximately 90% of the requirements can be satisfied by having good engineering/risk management practices and documenting them. For example, one requirement is that you need to have a formal policy on use of patient information" (Patrick McKenzie).
Healthcare startups that use Python
- Roam Analytics is a healthcare startup company with headquarters in San Mateo, Silicon Valley, San Francisco Bay Area. Total Funding Amount: $21,864,162 (Blumberg Capital is the main investor). Roam is a proprietary artificial intelligence platform. According to the official description, "Roam’s machine learning and data platform powers rich analysis of patient journeys to reveal the factors affecting treatment decisions and outcomes. The Roam platform is powered by machine learning and a proprietary data asset called the Health Knowledge Graph. The Health Knowledge Graph converts billions of disparate, often unstructured, data elements into a coherent picture of healthcare. The relationships and information captured in the Graph are continuously enriched using machine learning and natural language processing to extract more information, and by making connections to new data sources. The result is a comprehensive view of the healthcare industry that allows life sciences companies to follow information instead of instincts when seeking to improve patient outcomes". As of November 2017, Roam Analytics is looking for a Senior Backend/API Engineer with key qualification "experience with Python-based server frameworks is a huge plus (Flask, Django)" and Machine Learning Platform Engineers for "designing, developing, and improving the machine learning platform for the Roam Health Knowledge Graph using application programming with Python".
- AiCure is an NIH and VC-funded healthcare New York-based startup. AiCure raised $19.25 Million for its app that automates the process of ensuring that patients are taking their medicine at the appropriate time. AiCure is combining mobile technology with Artificial Intelligence (Computer Vision, Machine Learning, Big Data). For example, their apps use computer vision to identify the patient (using face recognition), verify that patients are taking the right medication (pill recognition), and that they are actually taking their medication (action recognition). As of November 2017, they are looking for a Backend Software Engineer with "experience developing backend applications using popular open source frameworks, such as ROR, Django, Java Spring" for backend services and dashboard products, a computer vision research engineer with "strong coding experiences in at least two of: C++, Lua, Java, or Python" and a Computer Vision Research Scientist with "solid skills in developing prototypes, software engineering (C++, Python, Java, etc.), and running experiments at-scale" to invent and implement new algorithms and methods to perform the computer vision tasks, a Full Stack Engineer with "strong experiences with at least one application framework (ROR, Django, NodeJS, and etc.)."
- Drchrono is a healthcare startup company with headquarters in Silicon Valley, California. Drchrono offers a healthcare EHR and practice management platform with features focused on iPads, iPhones, and the web. Drchrono is ranked by INC 500 as one of the fastest growing private companies in America. Total Funding Amount: $18,725,000. Drchrono app uses Python / Django tech stack.
- Sempre Health is a healthcare startup company with headquarters in San Francisco, California. Sempre raised a $2.5M seed round in 2016 from Social Capital, a top-tier Silicon Valley investor in consumer healthcare. Using SMS, Sempre app works with pharmacy benefit managers to inform patients about discounts on their prescriptions (For example, a patient might get a text that says ‘if you pick up your prescription this week you pay just $20, if you wait until next week it’ll go back up to $30.’). Sempre Health Cofounder and CEO Anurati Mathur explained the company’s technology: "We expose this data to our partners via a web dashboard which updates in near real-time as well. Additionally, we’ve built a sophisticated SMS management product, which can tag, parse and learn about how best to communicate with each patient, including best times to text, language to use, etc". Sempre program's technology includes GUI-based tool for engaging patients, handling inbound communications, and triggering events (Python + React); Internal, web-based patient management tool (Node + React); Customer-facing, web-based dashboard (Node + React); Backend services to integrate with pharmacy switches and calculate the optimal price for each patient (Python); Services to send / receive messages via Twilio and Mandrill (Python + Node). As of November 2017, they are looking for a Software Engineer, who "can build using Python, React, or Node (if you know one, you can quickly ramp up on others)".
- Fathom Health is a healthcare startup company with headquarters in San Francisco, California. Fathom is a deep learning NLP (Natural language processing) system created to read, structure, and understand electronic health records. The startup is backed by Google Ventures, 8VC, and Stanford, as well as founders and early employees from companies like Google, Dropbox, Airbnb, and athenahealth. As of November 2017, Fathom Health is looking for a Full-Stack Engineer "who bring familiarity with API programming, such as Flask" and Data Engineers "who have experience with Python’s NLTK".