Google and Kinvey launch HIPAA compliant mobile backend as a service
April 19, 2016
Google is collaborating with Massachusetts software company Kinvey to help legacy enterprise medical apps work on mobile devices and meet HIPAA regulations.
“We’ve extended our mobile backend-as-a-service (mBaaS) – a fully-managed, HIPAA compliant platform built on Google Cloud – to developers at healthcare providers, pharmaceutical companies and in life sciences,” said Sravish Sridhar, founder and CEO of Kinvey. “Our services satisfy the stringent policies of patient privacy as mandated by US government HIPAA regulations.”
Kinvey on Google Cloud provides a decoupled architecture for front-end developers to iterate on their apps and deliver them in an agile manner, without having to wait on backend systems owners to provision connectors to enterprise data and authentication systems.
An app developer can start to build the UI or UX of the app using the front-end programming language or framework of choice — Android, Objective-C, Swift, Ionic, Xamarin, PhoneGap and so on. The developer then downloads the Kinvey SDK for the particular language being used. The appropriate SDK takes care of client-side functionality such as managing and anonymising authentication tokens, marshalling data between the app and Kinvey’s backend APIs, offline caching and sync and data encryption.
The app is wired up to backend functionality by leveraging backend features such as an identity service to register and login users, data store to store and retrieve data from the cloud, file store to cache large files such as photos and videos, and custom business logic that can be written and provisioned on Kinvey’s Node.js PaaS.
In the meantime, owners of backend enterprise systems can connect Kinvey to their enterprise authentication and data sources, without writing any code. They use Kinvey’s MIC mobile identity connect to connect to protocols such as Active Directory, Open ID, LDAP and SAML. Kinvey’s Rapid data connectors and custom data links connect to enterprise data services such as Epic, Cerner, SAP and SharePoint. Services provisioned via MIC and Rapid are then made available to the front-end developers by publishing them in Kinvey’s service catalogue, with appropriate access policies.
The front-end developer can then flip a switch and instruct Kinvey to use an MIC authentication service instead of the default Kinvey service, and one or more Rapid services instead of sample data stored in collections in the Kinvey data store. With no front-end app code change, the app then works end-to-end with enterprise authentication and data systems.
By providing connectors to electronic health record (EHR) systems such as Epic and Cerner, Kinvey can make it easier for developers to launch apps without having to focus on complex enterprise integrations. Healthcare customers require a HIPAA compliant system to ensure that patient data are secure end-to-end.
Google Cloud’s infrastructure, cloud storage and CDN allow Kinvey to store and deliver data and files in a secure and compliant fashion. Specifically, the mBaaS on Google Cloud offers features such as plug-in client for offline caching, network management and Restful data access to accelerate development; turn-key backend services for data integration, IAM and orchestration for new mobile use cases; microservices for interconnectivity between enterprise systems; security at every level from mobile client to infrastructure layer; and mobile app analytics and reporting for fine-tuning operations.