Implementation of REST API in Web Service System for Medical Resume Provision

: This research seeks to develop a web service system that functions as a medical resume provision via RESTful API. Accurate and comprehensive medical records are critical in the identification and diagnosis of patients. Medical resumes, which summarize a patient's healthcare services and are completed by the responsible doctor, are an essential component of medical records. Electronic medical record systems can aid in patient care, and a patient's prior health history is crucial in developing a holistic and continuous treatment plan. Unfortunately, patients often require a fresh medical examination due to a lack of past health data. The proposed system can interconnect with other electronic medical record systems and facilitate the exchange of medical resume data between hospitals. This research employs the waterfall development system. The resultant system provides patient medical resumes from participating hospitals, offering a solution to the problem of inconsistent patient information and clinical data, and improves service quality and diagnosis accuracy based on available data.


Introduction
Electronic medical records (EMRs) have gained prominence in healthcare due to their benefits over traditional paper-based records, such as improved data continuity and integration of clinical data [1].Each healthcare facility that uses electronic health records must have its own operating electronic health record system that is not integrated with the electronic health record systems of other healthcare facilities, but must be able to connect with other electronic health record systems.[2] However, the lack of standardization in EMR systems has made it difficult to share patient medical summaries between different healthcare institutions, leading to fragmented information and redundant patient examinations [3].
To address this challenge, various approaches have been proposed, including the use of web service systems to enable the exchange of patient medical summaries between hospitals.For instance, Saepudin and Sari [4] investigated the impact of the completeness of medical summary forms on the quality of medical records in a hospital in Bandung, Indonesia.They found that the completeness of medical summary forms influenced the quality of medical records, with higher completeness resulting in better quality.
Moreover, the Indonesian Ministry of Health has issued several regulations on EMR, including PMK No. 269/MENKES/PER/III/2008 [5], which outlines the requirements for medical record keeping, including the use of standardized medical summary forms.Another regulation, PMK No. 21/2020 [6], details the strategic plan for the Ministry of Health for 2020-2024, including the promotion of health information exchange through the use of electronic medical records.
In order to improve the sharing of patient medical information while maintaining the privacy and security of patient data, one potential solution is the integration of electronic medical records (EMRs) with RESTful APIs.REST (Representational State Transfer) is one of the architecture models for implementing web services to exchange data between states.State refers to the condition when a browser loads a page or website, and then the server sends the requested state of the page to the browser [7].In its implementation, RESTful works in a resource-oriented manner.Clients can utilize RESTful to use services provided by the server by accessing the server using methods on HTTP and obtaining the necessary resources [8].According to Jozef [9], REST and services are among the four interoperability paradigms, and there is a significant expected growth in the utilization of RESTful web services in medical informatics.One notable advantage of RESTful web services is their ease of implementation, both on the server side and the client side.RESTful API has been utilized to develop various applications, including patients' health records [10].This approach allows for more efficient and standardized data exchange between healthcare institutions and this approach could enhance the integration of healthcare systems and improve data accessibility [11].
In this study, we developed a web service system for medical resume provision that utilizes RESTful API to enable the exchange of patient medical summaries between hospitals.Our study aimed to develop and implement a reliable and secure system that can facilitate the exchange of medical summary data while ensuring patient privacy and data security.To achieve this goal, we used a combination of R&D and Waterfall Somerville methodologies to develop the system.Our study has important implications for the development of cutting-edge electronic medical record systems that enable the sharing of patient medical summary data between healthcare institutions

Materials and Methods
The study conducted was an R&D that resulted in the development of a web service system designed to provide medical resumes and facilitate the exchange of medical information among healthcare institutions.The research and development method can be utilized in software engineering research, as it facilitates communication between software developers and potential users of the engineering software through the prototype system [12].The research was carried out at the Manual Medical Record Laboratory, under the Health Information Management Study Program, within the Department of Health at Jember State Polytechnic.The method of development utilized in this study is the Waterfall methodology, which is a software development method that progresses through a series of sequential stages.The process begins with analyzing requirements, followed by designing, coding, testing, and maintaining the product.In the requirements analysis stage, the researchers identified user and system requirements.The design stage involved creating an architectural design and detailed design.After the design was completed, the coding stage took place, and PHP was used as the programming language.Then, the testing stage was conducted to ensure the product's quality [13].The Waterfall methodology was chosen because it is a sequential development process that allows for a clear understanding of the project requirements and a systematic approach to completing the project.In addition, PHP was chosen as the programming language due to its versatility and ability to integrate with different databases and operating systems.

Requirement Definition
During this stage, researchers collect information on the prerequisites for developing a web service system aimed at providing medical resumes.The assessment of these prerequisites is grounded in multiple regulatory standards, specifically focusing on patients' consent for employing medical resumes as a data source in the exchange of medical resumes between healthcare institutions.This consent is governed by Minister of Health Regulation number 21 of 2020, which outlines the Health Ministry's Strategic Plan for 2020-2024 [6].In the scholarly article authored by Rano Indradi Sudra, entitled "Patient Consent Regarding the Usage of Their Medical Resume for Health Information Exchange in Accordance with Minister of Health Regulation Number 21/2020," it elucidates that obtaining patients' consent for using medical resumes necessitates the clarification of regulations, standardization, and education for all involved parties.Despite the implementation of existing regulations such as the MIRM 15 standard concerning discharge summaries, there is presently no requirement to explicitly inform patients about the plans for utilizing their discharge summaries on their behalf.Moreover, there is a lack of regulations governing the usage of medical resumes for the exchange of health information among healthcare institutions.As a result, more specific regulations are required to ensure the creation and utilization of medical resumes that are associated with health information exchange activities [3].
The article titled "Standardization of Medical Resumes in the Implementation of Minister of Health Regulation Number 21/2020 Regarding Data Exchange in Electronic Medical Records," written by Rano Indradi Sudra, explains that the existing regulations regarding medical resumes lack standardized guidelines for language, abbreviations, symbols, and units used in documenting medical resumes.Additionally, there is a lack of data dictionaries for each data item present within medical resumes, particularly those utilized in electronic formats.These aspects are crucial in ensuring consistent understanding and providing sufficient information when medical resumes are utilized for various purposes, including the support of SISRUTE (Integrated Referral Information System).Consequently, the establishment of clear and standardized documentation guidelines and data dictionaries is necessary to optimize the functionality and advantages of medical resumes in health information exchange [14].Based on figure 2, hospitals intending to utilize the web service system for medical resume provision were required to undergo a registration process and obtain system credentials.These credentials serve as authorization for users to access the web service dedicated to medical resume provision.Moreover, each hospital is responsible for providing its own API endpoint for medical resumes.This endpoint enables the system to request medical resume data from the respective hospital when necessary.When hospitals require patient medical resume data, they can submit a request to the web service system.Subsequently, the system verifies the patient's visit information and sends requests to the hospitals that the patient has visited and that are registered within the system.The system receives data from each hospital and returns it to the requesting hospital in JSON format.

Securing RESTful APIs
The application that provides medical resume uses RESTful API as a platform for data exchange and Oauth2 for authorization.The OAuth 2.0 Framework allows thirdparty applications to obtain limited access to HTTP services, either on behalf of the resource owner by arranging approval interaction between the resource owner and the HTTP service, or by allowing third-party applications to obtain access on their own behalf.The credential grant used in the medical resume provision is the Resource Owner Password Credentials.This type of credential grant is suitable in cases where the resource owner has a trusted relationship with the client, such as specialized device operating systems or applications.The authorization server must be cautious when enabling this authorization type and only allow it when other flows cannot be used.This grant type is suitable for clients who can obtain resource owner credentials (username and password, usually using an interactive form).It is also used to migrate existing clients using direct authentication schemes such as HTTP Basic or Digest to OAuth by converting stored credentials into access tokens [16].In order to access protected resources from a resource server, a client needs to acquire an authorization grant from either the resource owner or its credentials such as the ID and password.Once the client has obtained the grant, it sends it to an authorization server, which then issues an access token.The client can then use this access token to request the protected resource [17].
Secure Socket Layer (SSL) is also carried out to ensure data security when performing internet transactions between the web server and the client's browser.This protocol uses a body commonly called a Certificate Authority (CA) to identify and verify the parties involved in the transaction [18].SSL is necessary to maintain the authentication process and the encrypted data transfer process [19].The use of Hypertext Transfer Protocol Secure (HTTPS) is also implemented to prevent the possibility of theft of important data or information transmitted during ongoing communication between the client and server or vice versa.By utilizing SSL and HTTPS, data leakage or theft during transit between client and server or vice versa can be minimized, and those who steal the data cannot read it because it has been encrypted using SSL encryption methods [18].

Implementation of REST API in Web Service System for Medical Resume Provision
In the third stage of the waterfall method, the Implementation phase, the coding of the program based on the previously designed system was performed.The coding process was carried out using Microsoft Visual Studio Code and the MySQL database.The following figure is the schema of the web service system for the provision of medical resumes.In the Implementation phase of the waterfall method, the implementation of program coding is carried out based on the previously designed results.The coding is done using Microsoft Visual Studio Code and MySQL database.The data request scheme for patient medical resume starts with the client (hospital requesting data) sending a request to the Medical Resume Provision System using HTTP Request through the provided address using an access token as authorization and required parameters.The received parameters will be used by the system to request patient medical resume data from the hospitals (providers) where the patient has visited based on the visit data stored in the Medical Resume Provision System.The patient medical resume response data obtained from the provider will then be received by the Medical Resume Provision System to be processed and returned to the client in JSON format.The medical resume data received by the client is the data from all hospitals that the patient has ever visited and is registered in the Medical Resume Provision System.Here is the display of the Medical Resume Provision System: To use the medical resume provision system, users must enter their registered email and password combination on the login page.The system will grant access to the features according to the users' access rights if they successfully log in.If the login attempt fails, an error message will appear, and users will need to re-enter the correct email and password combination to access the system.After successfully logging in, hospitals will be directed to the Initial Settings Page.Hospitals that are logging into the medical resume provision system for the first time are required to fill out several forms related to the technical requirements that have been prepared beforehand.Hospitals will not be granted credentials to use the medical resume provision system until they have completed the Initial Settings Page.The Credential Page for the Medical Resume Provision System provides hospitals with the necessary credentials to access the medical resume provision system after completing the initial setup page.These credentials include a unique username, email, password, client ID, client secret, and grant type, which are required to request an access token.The access token is essential for hospitals to interact with the system and request medical resumes.It has a validity period of only one hour, and hospitals need to obtain a new access token or refresh the existing one periodically to ensure uninterrupted access to the web service system for medical resume provision.After completing the Initial Settings Page, the hospital will be directed to the Dashboard Page.This page allows the hospital to monitor all requests for medical resumes from other hospitals as well as requests for medical resumes from the hospital itself.Through the Dashboard, hospitals can keep track of the status of each request, whether it has been successful or has encountered errors.Additionally, hospitals can access detailed information on each request, including the requester's identity, the date of the request, and the requested data.The Dashboard provides a comprehensive overview of all medical resume-related activities, enabling hospitals to manage their data effectively and efficiently.The Hospital API Credentials Page in the Medical Resume Provision System allows hospitals to access the necessary credentials to integrate their API endpoints with the system.By accessing the "Apps" menu, hospitals can navigate to the "Hospital Credentials" submenu and find their API endpoint credentials for medical resume provision.The hospital can update the credentials on this page in case of any changes to their API, ensuring uninterrupted access to their medical resume data for the web service system.The system is designed with strict data security measures to protect the privacy and confidentiality of the medical data.The system also employs advanced technologies to ensure the highest level of accuracy and data security in the provision of medical resumes to hospitals.The Credential Page for the Medical Resume Provision System API provides hospitals with the necessary credentials to access the web service system for medical resume provision.These credentials include a unique username, email, password, client ID, client secret, and grant type, and are used to request an access token for interacting with the system and requesting medical resumes.Access tokens are valid for one hour, and hospitals need to refresh them periodically to ensure uninterrupted access to the system.With these credentials, hospitals can securely and accurately provide medical resume data to their patients, ensuring the highest level of accuracy and data security.The List of Sent Medical Resume Requests by Hospitals and List of Accepted Medical Resume Requests from Other Hospitals are two menus available on the medical resume provision system.These menus contain important information about the medical resume requests that have been sent or received by hospitals through the system's web service.The List of Sent Medical Resume Requests by Hospitals displays data related to the medical resume requests that have been sent to other hospitals through the system's web service.Hospitals can use this menu to view transaction details of their sent requests.Meanwhile, the List of Accepted Medical Resume Requests from Other Hospitals provides information about medical resume requests that have been received and accepted from other hospitals through the medical resume provision system API.Hospitals can utilize this menu to review details of approved requests.

Figure 3 Profile Page with Access History and Account Management
The List of Sent Medical Resume Requests by Hospitals and List of Accepted Medical Resume Requests from Other Hospitals are two menus available on the medical resume provision system.These menus contain important information about the medical resume requests that have been sent or received by hospitals through the system's web service.The List of Sent Medical Resume Requests by Hospitals displays data related to the medical resume requests that have been sent to other hospitals through the system's web service.Hospitals can use this menu to view transaction details of their sent requests.Meanwhile, the List of Accepted Medical Resume Requests from Other Hospitals provides information about medical resume requests that have been received and accepted from other hospitals through the Medical Resume Provision System API.Hospitals can utilize this menu to review details of approved requests.The Medical Resume Provision System admin has access to an admin panel that allows them to manage various application-related data, including transaction data, hospital data, and user data.On the dashboard page, the admin can view transaction data for medical resume requests from all hospitals that use the Medical Resume Provision System web service.This provides the admin with an overview of the system usage and helps them monitor and manage the transactions effectively.Additionally, the dashboard page provides the admin with quick access to other important features and functions, such as managing hospital data, user data, and system settings, making it a powerful tool for system administration.The Hospitals page displays a comprehensive list of hospitals, which includes various information such as hospital ID, name, province, type, class, and ownership.This page serves as a centralized location for the admin to access and manage all hospital-related data.The admin can easily search and filter through the list of hospitals to find a specific hospital or a group of hospitals based on different criteria.It is important to note that not all hospitals on this list are affiliated with the Medical Resume Provision System.The Hospitals page provides a convenient way for the admin to view and manage hospital data, making it easier to ensure the accuracy and completeness of the data.Additionally, the admin also has the ability to add new hospital data to the system through the "Add New Hospital" menu.The Users page provides the admin with access to view all registered user data in the medical resume provision web service system.The page enables the admin to search user data based on various criteria such as name, username, and email.The Add New User feature on this page allows the admin to add new user data to the system by filling out a form that includes fields for username, email, first name, last name, password, and role.This page serves as a centralized location for the admin to manage user data and ensure the accuracy of the information in the system.With the ability to add new users and search for existing ones, the admin can efficiently manage user data and access the necessary information when needed.

Medical Resume Request Results based on Patient NIK through Medical Resume Provision System API
The Medical Resume Provision System API enables hospitals to request medical resume data of patients based on their NIK (National Identification Number).The API sends requests to all hospitals that the patient has visited and are registered in the Medical Resume Provision System API.To make the request, the hospital must provide an Authorization header with the bearer method and access token, and a Content-Type of application/json to ensure the request is secure and the data is transmitted safely.The request body should include parameters such as id_hospital_req, id_user_req, and NIK.A successful request returns a status code of 200 and the data is returned in JSON format.Examples of the response structure can be seen in figure 21, which use sample data to illustrate the response format.The Medical Resume Request Results based on Medical Record ID through Medical Resume Provision System API refers to the process of requesting a patient's medical record information by providing their medical record ID.To request the details of a patient's medical record, the hospital needs to send a header containing Authorization with the bearer method and access token.Additionally, the hospital needs to specify the Content-Type as application/json to ensure that the request runs smoothly and the data transmitted remains secure.In the request body, the hospital must include parameters such as id_hos-pital_req, id_user_req, id_record, and id_hospital_destination.If the request is successful, the server will return a status code of 200 and the data in a dummy format as shown in the example.

Integration and System Testing
This phase encompasses the integration and testing of the system, employing the Black Box Testing method.During this testing, the software undergoes assessment based on its functional specifications, without delving into the evaluation of the program code and design.The primary objective is to ensure that the software's functions, inputs, and outputs align precisely with the desired specifications [20].The testing procedure is conducted by the researchers, and the test results are based on the successful execution of all anticipated functions by users with the appropriate access rights.Notably, the test outcomes for admin access rights also demonstrate the successful execution of all intended functions.Similarly, the testing outcomes for the process of requesting medical resumes through the web service system for medical resume provision reveal the successful execution of all intended functions.

Discussion
The results of our study on the Medical Resume Provision System indicate that the system has improved the efficiency of accessing and managing medical resume data for healthcare professionals.This system allows healthcare providers to access medical resumes of patients from various hospitals in a centralized location, saving them time and resources.The implications of these findings are significant.First, the system's ability to access and compile medical resume data from multiple hospitals has the potential to improve the quality of care and reduce medical errors.Healthcare professionals can quickly review a patient's medical history, which can lead to better-informed decision making and improved patient outcomes.Second, the system's centralized approach to managing medical resume data can help to standardize and streamline the process of exchanging medical information between healthcare providers.This can help to reduce administrative burdens, improve communication between providers, and ultimately improve patient care.
However, there are also some limitations to consider.One limitation is that not all hospitals may be registered with the Medical Resume Provision System, which can lead to incomplete medical histories for some patients.Additionally, the system's reliance on digital technology can pose challenges for some healthcare providers who may not have access to the necessary equipment or training.Future research directions could focus on addressing these limitations, as well as exploring other potential benefits and drawbacks of the system.Certainly, in addition to the points mentioned earlier, it is important to note that the system should also be developed to accommodate various types of REST API security standards.This will help ensure that the system is secure and that data transmitted through the API is protected.Common REST API security standards include OAuth, SSL, and JWT, among others.The development team should research and determine which standards are appropriate for the system and implement them accordingly.Failure to implement proper security measures could lead to potential data breaches and compromise the integrity of the system.Therefore, the development team should prioritize security in the design and implementation of the system.Overall, the Medical Resume Provision System has the potential to significantly improve the efficiency and quality of healthcare delivery, and further exploration of its impact is warranted.

Conclusions
In conventional medical records, the flow of information and clinical data can be disrupted due to limited storage time and variations in data release standards across different hospitals.While electronic medical records offer a potential solution, their full integration within healthcare institutions is still pending.However, by employing a web service system with REST architecture as a medical resume provision, data exchange between hospitals and diverse information systems becomes flexible, unrestricted by specific programming languages.This web service system effectively addresses the issue of information and clinical data continuity for patients, enabling accurate service delivery and diagnosis based on existing data.The successful implementation of the web service system for medical resume provision validates its functionality and reliability.

Conflicts of Interest:
The authors declare that there is no conflict of interest regarding the publication of this paper.

Figure 1 .
Figure 1.The Waterfall model as presented in Somerville's (2016) book on software engineering.

Figure 2 .
Figure 2. Flowchart of the Medical Resume Provision System.

1 .Figure 4 .
Figure 4.The login page of the Medical Resume Provision System.

Figure 5 .
Figure 5. Setting Up Your Account on Medical Resume Provision System.

Figure 6 .
Figure 6.Credential page for Medical Resume Provision System.

Figure 7 .
Figure 7. Medical Resume Provision System Dashboard for monitoring medical resume requests.

Figure 8 .
Figure 8. Credentials Page for hospital APIs in Medical Resume Provision System.

6 .Figure 9 .
Figure 9. Medical Resume Provision System Credential Page displaying API credential for hospital.

Figure 10 .
Figure 10.(a) List of Sent Medical Resume Requests by Hospitals; (b) List of Accepted Medical Resume Requests from Other Hospitals;

Figure 10 .
Figure 10.Medical Resume Provision System Dashboard for monitoring all medical resume requests.

10 .Figure 11 .
Figure 11.List of Hospitals in Medical Resume Provision System.

Figure 12 .
Figure 12.List of Users in Medical Resume Provision System.