The Patient Protection and Affordable Care Act of 2010 has had far-reaching effects on the US healthcare industry. Its goal is to increase the quality and affordability of healthcare insurance for US citizens. The act produced reams of requirements for healthcare providers and insurers in terms of what must be included in insurance plans, which treatments are covered, how information is presented to the public, and much more.
Wellmark Blue Cross and Blue Shield is at the forefront of using technology to satisfy the new regulatory requirements. Wellmark is a health insurance company that serves more than 2 million people in Iowa and South Dakota. As an independent licensee of the Blue Cross and Blue Shield Association, Wellmark is part of a national network that covers more than 100 million people—nearly one third of the population of the United States. Wellmark is based in Des Moines, Iowa, and employs 1,800 people.
To make its member-facing computer systems friendlier and more consumer-oriented, Wellmark created an app called the Wellmark Finder Service. Members use it to research healthcare providers and facilities and better manage their healthcare experience from their mobile phones, tablets, or desktop computers. Wellmark runs the Finder Service in Microsoft Azure, a public cloud environment that provides virtual compute, networking, storage, and other resources for developing and hosting applications in Microsoft datacenters.
The Finder Service is used in Wellmark applications and is also accessed by many different partners—healthcare providers, medical supply providers, health and wellness groups, and benefits managers—which incorporate it in their own applications. To supply partners with information contained in the Finder Service, Wellmark sent very large data files by email or file-share sites. Wellmark developers had to define the file and data formats for each vendor request, which consumed a great deal of time. Because of the work involved, Wellmark could only get files to partners every week or two, which meant that partners often used old data. Some partners wanted smaller, specialized subsets of data, but Wellmark did not have the resources to meet these custom requests.
Wellmark was also concerned about the security of its member and plan data as files were shipped to dozens of third parties. “We wanted to expose our data to as many partners as possible but at same time authenticate who was getting it, authorize access to the data, and be able to audit it,” says Brad Hoyt, Director of Innovation and Emerging Technology at Wellmark Blue Cross and Blue Shield. “HIPAA [Health Insurance Portability and Accountability Act] regulations are very specific about patient data security requirements and the penalties for a breach. Without good auditing, we could incur very large fines.”
Wellmark decided that it would be far more efficient to share its data by publishing the Finder Service application programming interface (API) to authorized partners. Instead of shipping large data files around, Wellmark shared a library of specifications for various data sets. The API approach essentially gave vendors the freedom to grab the data that they needed and were authorized to access, rather than requiring Wellmark to prepare and deliver the data.
However, managing the Finder Service API still involved a lot of work in terms of managing security keys and monitoring downloads and usage. “We wanted to automate the process of partner registration and subscription to our APIs, API discovery, developer authentication, and usage reporting,” Hoyt says.
Wellmark looked at API gateways, solutions for deploying and managing APIs, when it learned from its local Microsoft account team about Microsoft Azure API Management. API Management is an Azure service that gives developers a way to easily distribute and protect their APIs with authentication, rate limiting, quotas, caching, and more. By using API Management, organizations can assure that only authorized partners, developers, and applications access their APIs and that access is in accordance with their policies.
“We liked the fact that API Management was an Azure service, because our Finder Service ran in Azure,” Hoyt says. “We were also very impressed with Microsoft’s continued improvement of the Azure platform.”
By using the preview version of API Management, Wellmark thoroughly tested the service and is in the process of moving its test system into production. The three capabilities that Wellmark likes best about API Management are the authentication tools that help Wellmark determine who is requesting its APIs, the auditing mechanisms that tell who is using which API and when, and the ability to throttle API downloads.
“We can use the API Management throttling capability to build parameters that specify the number of Finder Service transactions that a particular partner can perform in a given time period,” Hoyt says. “This helps prevent our web service from being pounded with transaction requests that might have been triggered by bad code and degrade the performance of our service for other users. Or, someone could hit our servers with a denial-of-service attack.”
To date, Wellmark is sharing only the Finder Service API through Azure API Management but plans to manage additional future APIs with API Management. The Finder Service API is hosted in Azure, but Azure API Management can also manage APIs stored in servers at customer sites and third-party datacenters.
Wellmark continues to expand its use of Microsoft Azure. It is currently using both Azure infrastructure-as-a-service (Microsoft Azure Virtual Machines and Virtual Network) and Azure platform-as-a-service (Azure Cloud Services and Web Sites) offerings for development, test, and running line-of-business applications. “Our developers really like the flexibility of Azure,” Hoyt says. “They can create an Azure Virtual Machine whenever they want, use it, and then deprovision it. If it was up to our development teams, they would do the majority of their work in Azure.”
With Azure API Management, Wellmark Blue Cross and Blue Shield has gained an easier, more secure way to manage its APIs. This frees the company to create even more innovative member services and helps it deliver timely, accurate data to partners so that they can also create great apps that use Wellmark data.
Easily Publish APIs and Enable Partners
Wellmark uses Azure API Management to better support its business partners. “Our partners can deliver value quicker with less effort because they get smaller datasets and exactly the data that they want,” says Matt Cable, Systems Architect, Innovation, at Wellmark Blue Cross and Blue Shield. A partner who previously received a weekly data feed can now get near real-time data feeds.
Also, Wellmark can get new APIs to market faster because it has a common model for accessing them. “We won’t have to reinvent the wheel every time we create an API,” Hoyt says. “We can reuse parameters that we already have and get APIs to partners with far less work.”
Reduce Risk and Cost of API Sharing
With Azure API Management, Wellmark has better authentication and auditing of API usage. “We can see in real time who’s downloading our APIs, how the downloads are performing, if there are any errors, if developers are complying with their agreements, and much more,” Hoyt says. “Our APIs, and by extension our member data, are better protected with Azure API Management, which helps us better meet HIPAA and other regulations.”
Make It Easier for Members to Find Providers
The ultimate beneficiaries of Wellmark’s use of Azure API Management are Wellmark members. “By using Azure API Management, we can better deliver user-friendly services that our members want,” Hoyt says. “Instead of developing and managing one big application as we’ve done in the past, we can develop smaller application components and use technologies like Azure API Management to deliver services to specific customer segments.”
For example, when a member uses the Finder Service today to find doctors in their neighborhood, he or she might get an unmanageable list of 2,000 doctors. But with more granular API services, Wellmark can narrow the list to the five providers that are within the individual’s zip code. Or, a member might text their zip code to the Finder Service and ask for the top five pediatricians in their area. “It’s the same data, but with API Management, we can make it available more granularly, deliver it to different devices, distribute it to social media sites, and many other possibilities,” Hoyt says.
Enable modern business applications
Enable modern business applications that meet the most demanding requirements. Microsoft development tools help you design, test, and deploy applications quickly, as well as connect applications, data, and services to any device. Your applications can run in your datacenter, a hosted site, or a public cloud, or they can span multiple locations.
For more information about enabling modern business applications, go to:
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Wellmark Blue Cross and Blue Shield services, visit the website at:
Wellmark Blue Cross and Blue Shield is an independent licensee of the Blue Cross and Blue Shield Association.