Python in Healthcare

Python is featured among the most popular programming languages in the world. However, is Python programming a good idea for healthcare software development?

Python overtook other backend programming languages, according to the Stack Overflow Developer Survey

Python Safety: is Python safe?

Data security (patient privacy) has become especially critical to the healthcare industry with the adoption of electronic health records (EHR). Is Python a safe language for building healthcare apps? Or maybe there are more secure programming languages?

This is the responsibility of the coder to know what can be done and what to avoid. An application becomes secure when the developer adopts the best practice and best security policies and techniques.

The more a programming language is popular, the more it is safe because the more security vulnerabilities are widely known and the more of them could be fixed by professional Python developers.

There were a lot of talks that Python 2 was not so secure, so even OWASP created a project pythonsecurity.org to highlight this issue. However, with the arrival of version 3 of Python, there is no need for this project anymore, and the website no longer gets updated or opens. Now, the Python team (Python Software Foundation) itself checks Python's security and lists potential vulnerabilities. Anyone who works with the Python code can apply appropriate solutions in advance. They can also report issues to the Python Software Foundation.

According to Reddit users, some corporate IT departments ban older Python versions. However, blocking older versions alone is not a complete solution. Not all 3rd-party modules support the latest Python version, but they may be critical for other systems to function correctly. Python is a free programming language, and some modules are developed by enthusiastic contributors in their spare time. So they simply do not have enough resources to update them. Therefore, custom modifications of outdated Python modules may be required sometimes.

Django, a Python-based framework, was released in July 2005 for the purpose of creating web applications, including medical apps. A good Django dev is a good Python dev. Django simplifies web application creation by reducing the amount of code that your developer needs to write. Instead of creating modules from scratch, Django offers a solid set of built-in blocks (such as packages for the admin interface, user authentication, chat functionality, etc.). Django also provides the protection against the three main types of web app attacks (SQL injection, XSS, and CSRF). Using Django security best practices, you can be sure of the safety of your healthcare app.

Flask is a Python-based microframework primarily used for building API. Though it can be extended to a full-stack framework with the help of existing extensions. While Flask has fewer users than Django and takes more time for the configuration, it is often preferred for building prototypes because you can get going much more quickly with it. Which framework is easier to secure? Django. 

Python / Django and HIPAA

As a rule, development of a medical software application is associated with handling medical data that needs to be protected under the HIPAA compliance requirements. Are Python and Django or other Python-based frameworks secure enough to be HIPAA compliant? In fact, the HIPAA is a checklist that does not depend on a programming language or a framework.

• "You want to provide your clients the assurance that the information being presented is meeting the HIPAA requirements. This is not entirely a Django/Python implementation, but falls in line with the Database back-end support".
• "HIPAA factors like "how you store your data" and "how often sysadmins review logs" and "what the access control policies at the data center are" will probably play a bigger role than which programming framework you use, so you need to make sure to have good answers to those questions".
• "There are about 100 individual checkboxes that you'll need to hit to be HIPAA compliant. Approximately 90% of the requirements can be satisfied by having good engineering/risk management practices and documenting them. For example, one requirement is that you need to have a formal policy on use of patient information" (Patrick McKenzie).

Healthcare startups that use Python

• AiCure is an NIH and VC-funded healthcare New York-based startup. They have raised $19.25 Million for its app that automates the process of ensuring that patients are taking their medicine at the appropriate time. AiCure is combining mobile technology with Artificial Intelligence (Computer Vision, Machine Learning, Big Data). For example, their apps use computer vision to identify the patient (using face recognition), verify that patients are taking the right medication (pill recognition), and that they are actually taking their medication (action recognition). As of November 2017, they are looking for a Backend Software Engineer with "experience developing backend applications using popular open source frameworks, such as ROR, Django, Java Spring" for backend services and dashboard products, a computer vision research engineer with "strong coding experiences in at least two of: C++, Lua, Java, or Python" and a Computer Vision Research Scientist with "solid skills in developing prototypes, software engineering (C++, Python, Java, etc.), and running experiments at-scale" to invent and implement new algorithms and methods to perform the computer vision tasks, a Full Stack Engineer with "strong experiences with at least one application framework (ROR, Django, NodeJS, etc.)."
• Drchrono is a healthcare startup company with headquarters in Silicon Valley, California. Drchrono offers a healthcare EHR and practice management platform with features focused on iPads, iPhones, and the web. The company is ranked by INC 500 as one of the fastest growing private companies in America. They have received a total funding amount of $18,725,000. Drchrono app uses Python / Django tech stack.
• Qventus (analyticsMD), a startup with a predictive intelligence software platform, is from Mountain View (California, United States). Their funding amount totals $15,120,000. Its machine-learning based forecasting techniques enable hospitals to predict patient volumes and optimally allocate resources – such as staff, beds, and rooms. As of November 2017, Qventus is looking for a Front End Engineer with "6-8+ years of professional experience working with modern programming languages such as Java, C/C++ or Python", a Full Stack Engineer with experience working with "front end visualization stacks such as Django, backbone.js, Coffeescript/Javascript, HTML5 and CSS3" and a Backend Engineer with "5-10+ years of professional experience working with modern programming languages such as Java, C/C++, Python and SQL".
• Sempre Health is a healthcare startup company with headquarters in San Francisco, California.  Sempre raised a $2.5M seed round in 2016 from Social Capital, a top-tier Silicon Valley investor in consumer healthcare. Using SMS, Sempre app works with pharmacy benefit managers to inform patients about discounts on their prescriptions (For example, a patient might get a text that says ‘if you pick up your prescription this week you pay just $20, if you wait until next week it’ll go back up to $30.’). Sempre Health Cofounder and CEO Anurati Mathur explained the company’s technology: "We expose this data to our partners via a web dashboard which updates in near real-time as well. Additionally, we’ve built a sophisticated SMS management product, which can tag, parse and learn about how best to communicate with each patient, including best times to text, language to use, etc". Sempre program's technology includes GUI-based tool for engaging patients, handling inbound communications, and triggering events (Python + React); Internal, web-based patient management tool (Node + React); Customer-facing, web-based dashboard (Node + React); Backend services to integrate with pharmacy switches and calculate the optimal price for each patient (Python); Services to send / receive messages via Twilio and Mandrill (Python + Node). As of November 2017,  they are looking for a Software Engineer, who "can build using Python, React, or Node (if you know one, you can quickly ramp up on others)".
• Fathom Health is a healthcare startup based in San Francisco, California. It is a deep learning NLP (Natural language processing) system created to read, structure, and understand electronic health records. The company is backed by Google Ventures, 8VC, and Stanford, as well as founders and early employees from companies like Google, Dropbox, Airbnb, and athenahealth. As of November 2017, Fathom Health is looking for a Full-Stack Engineer "who brings familiarity with API programming, such as Flask" and Data Engineers "who have experience with Python’s NLTK".