Presented at the 3rd Annual Open Source EHR Summit - Key takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Reasons Why Health Data is Poorly Integrated Today and What We Can Do About It
1. Reasons Why Health Data is Poorly
Integrated Today and What We Can
Do About It
3rd Annual OSEHRA Summit
Shahid N. Shah
Chairman of OSEHRA Advisory Board
2. This and many of my other presentations are available at
www.SpeakerDeck.com/shah
@ShahidNShah
shahid@shah.org
www.ShahidShah.com
www.netspective.com 2
3. NETSPECTIVE
Who is Shahid?
• Chairman, OSEHRA Board of Advisors
• 20+ years of software engineering and
multi-discipline complex IT
implementations (Gov., defense, health,
finance, insurance)
• 12+ years of healthcare IT and medical
devices experience (blog at
http://healthcareguy.com)
• 15+ years of technology management
experience (government, non-profit,
commercial)
Author of Chapter 13, “You’re
the CIO of your Own Office”
www.netspective.com 3
4. NETSPECTIVE
What’s this talk about?
Background
• Many enterprise apps are being built
these days, most are designed to
work as a stand alone system similar
to consumer apps
• Healthcare-specific software
engineering and integration tools
are going to do more harm than
good (industry-neutral is better).
Key takeaways
• Any enterprise app which acts like
a consumer app that doesn’t
integrate well into hospital or
ambulatory systems and workflows
is doomed
• There’s nothing unique about health
IT data that justifies complex,
expensive, or special technology.
• There’s a lot unique about
healthcare workflows that require
common technologies to be
adapted properly.
www.netspective.com 4
5. NETSPECTIVE
Application focus is biggest mistake
Application-focused IT instead of Data-focused IT is causing business problems.
Lab
Apps
Silos of information exist across
groups (duplication, little sharing)
Other
Apps
Healthcare Provider Systems
Clinical
Apps
Patient
Apps
Billing
Apps
Partner Systems
Poor data integration across
application bases
www.netspective.com 5
6. NETSPECTIVE
The Strategy: Modernize Integration
Need to get existing applications to share data through modern integration
techniques
Clinical
Apps
NCI
App
Patient
Apps
Billing
Apps Lab
Apps
Other
Apps
NEI
App NHLBI
App
Healthcare Provider Systems
Partner Systems
Master Data Management, Entity Resolution, and Data Integration
Improved integration by services
that can communicate between applications
www.netspective.com 6
7. Why do health IT systems
integrate poorly?
www.netspective.com 7
8. Because customers don’t know how
to effectively punish vendors that
don’t integrate well.
But, that’s changing. Slowly.
www.netspective.com 8
9. Because apps developers don’t have
a systems engineering culture where
we think of data integration as a
discipline our customers will buy.
But, that’s changing. Slowly.
www.netspective.com 9
10. Because we want to wait for others
to create a new standard or magical
API that makes integration
problems disappear.
But, that’s changing. Slowly.
www.netspective.com 10
11. NETSPECTIVE
The tactical issues
• We don't support shared
identities, single sign on (SSO),
and industry-neutral
authentication and authorization
• We're too focused on "structured
data integration" instead of
"practical app integration" in our
early project phases
• We focus more on "pushing"
versus "pulling" data than is
warranted early in projects
• We have “Inside out”
architecture, not “Outside in”
• We're too focused on
heavyweight industry-specific
formats instead of lightweight or
micro formats
• Data emitted is not tagged using
semantic markup, so it's not
securable or searchable by
default
• When health IT systems produce
HTML, CSS, JavaScript, JSON,
and other common outputs, it's
not done in a security- and
integration-friendly manner
www.netspective.com 11
13. Unused data never gets better.
Fix broken windows.
Iterate your way to better
data by forcing its use.
www.netspective.com 13
14. NETSPECTIVE
Legacy integration
Presentation
Functionality
Data
Application A
Feature X
Feature Y
Presentation
Functionality
Data
Application B
Feature X
Feature Y
Feature Z
Copy features and enhance (everything is separate)
Presentation
Functionality
Data
Application A
Feature X
Feature Z
Presentation
Functionality
Data
Application B
Feature X
Feature Y
Feature Z
Connect directly to existing data, but copy features and enhance
www.netspective.com 14
15. NETSPECTIVE
Modern integration
Feature X
Feature Y
REST
SOAP, RMI
Create API between applications, integrate data, create new data
Feature X
Feature Z
Services
Presentation
Functionality
Data
Application A
Presentation
Functionality
Data
Application B
Feature X
Feature Y
Feature Z
Presentation
Functionality
Data
Application A
Presentation
Functionality
Data
Application B
Feature X
Feature Y
Feature Z
Create common services and have all applications use them
ETL
APIs
SOA
WOA
www.netspective.com 15
16. Create a formal Enterprise
Integration Group (EIG)
Even get a cool logo and team mascot.
www.netspective.com 16
17. Start cataloging and
formalizing use of enterprise
integration patterns.
You’re not the first (or second) to see these problems.
www.netspective.com 17
18. Learn about ESB, ETL, and BPM –
grab open source or commercial
implementations and build around
them.
Don’t hand code things.
www.netspective.com 18
19. Create a technical profile
questionnaire and
checklist
Don’t hand code things.
www.netspective.com 19
20. Lets see what all of this
looks like in practice.
You can do this in less than 40 man-hours of work.
www.netspective.com 20
21. NETSPECTIVE
Start with read-centric integration, move to enrichment later
Where users spend time What they’re missing
www.netspective.com 21
22. NETSPECTIVE
Stop and think about workflows
Sexy but wrong: Device-centric closed systems Dull but right: Workflow-centric open solutions
www.netspective.com 22
23. NETSPECTIVE
Promote “Outside-in” architecture
Think about clinical and
hospital operations and
processes as a collection
of business capabilities or
services that can be
delivered across
organizations.
www.netspective.com 23
24. NETSPECTIVE
Promote “Outside-in” architecture
Inside-out focus Outside-in focus
Patients
and
Referral
Partners
Clinical
Personnel
Admin
Personnel
IT
Personnel
Unsophisticated and
less agile focus
Sophisticated and
more agile focus
www.netspective.com 24
25. NETSPECTIVE
Implement industry-neutral ICAM
Implement shared identities, single sign on (SSO), neutral authentication and authorization
Proprietary identity is hurting us
• Most health IT systems create their own
custom identity, credentialing, and access
management (ICAM) in an opaque part of
a proprietary database.
• We’re waiting for solutions from health IT
vendors but free or commercial industry-neutral
solutions are much better and
future proof.
Identity exchange is possible
• Follow National Strategy for Trusted Identities
in Cyberspace (NSTIC)
• Use open identity exchange protocols such as
SAML, OpenID, and Oauth
• Use open roles and permissions-management
protocols, such as XACML
• Consider open source tools such as OpenAM,
Apache Directory, OpenLDAP, Shibboleth, or
commercial vendors.
• Externalize attribute-based access control
(ABAC) and role-based access control (RBAC)
from clinical systems into enterprise systems
like Active Directory or LDAP.
www.netspective.com 25
26. NETSPECTIVE
App-focused integration is better than nothing
Structured data dogma gets in the way of faster decision support real solutions
Dogma is preventing integration
Many think that we shouldn’t integrate
until structured data at detailed machine-computable
levels is available.
The thinking is that because mistakes can
be made with semi-structured or hard to
map data, we should rely on paper, make
users live with missing data, or just make
educated guesses instead.
App-centric sharing is possible
Instead of waiting for HL7 or other structured
data about patients, we can use simple
techniques like HTML widgets to share
"snippets" of our apps.
• Allow applications immediate access to
portions of data they don't already manage.
• Widgets are portions of apps that can be
embedded or "mashed up" in other apps
without tight coupling.
• Blue Button has demonstrated the power of
app integration versus structured data
integration. It provides immediate benefit to
users while the data geeks figure out what
they need for analytics, computations, etc.
www.netspective.com 26
27. NETSPECTIVE
Pushing data is more expensive than pulling it
We focus more on "pushing" versus "pulling" data than is warranted early in projects
Old way to architect:
“What data can you send me?” (push)
The "push" model, where the system that
contains the data is responsible for sending the
data to all those that are interested (or to some
central provider, such as a health information
exchange or HL7 router) shouldn’t be the only
model used for data integration.
Better way to architect:
“What data can I publish safely?” (pull)
• Implement syndicated Atom-like feeds (which
could contain HL7 or other formats).
• Data holders should allow secure
authenticated subscriptions to their data and
not worry about direct coupling with other
apps.
• Consider the Open Data Protocol (oData).
• Enable auditing of protected health
information by logging data transfers through
use of syslog and other reliable methods.
• Enable proper access control rules expressed
in standards like XACML.
www.netspective.com 27
28. NETSPECTIVE
Industry-specific formats aren’t always necessary
Reliance on heavyweight industry-specific formats instead of lightweight micro formats is bad
HL7 and X.12 aren’t the only formats
The general assumption is that
formats like HL7, CCD, and X.12 are
the only ways to do data integration
in healthcare but of course that’s
not quite true.
Consider industry-neutral protocols
• Consider identity exchange
protocols like SAML for integration
of user profile data and even for
exchange of patient demographics
and related profile information.
• Consider iCalendar/ICS publishing
and subscribing for schedule data.
• Consider microformats like FOAF
and similar formats from
schema.org.
• Consider semantic data formats
like RDF, RDFa, and related family.
www.netspective.com 28
29. NETSPECTIVE
Tag all app data using semantic markup
When data is not tagged using semantic markup, it's not securable or shareable by default
Legacy systems trap valuable data
In many existing contracts, the
vendors of systems that house the
data also ‘own’ the data and it can’t
be easily liberated because the
vendors of the systems actively
prevent it from being shared or are
just too busy to liberate the data.
Semantic markup and tagging is easy
• One easy way to create semantically
meaningful and easier to share and
secure patient data is to have all
HTML tags be generated with
companion RDFa or HTML5 Data
Attributes using industry-neutral
schemas and microformats similar to
the ones defined at Schema.org.
• Google's recent implementation of
its Knowledge Graph is a great
example of the utility of this
semantic mapping approach.
www.netspective.com 29
30. NETSPECTIVE
Produce data in search-friendly manner
Produce HTML, JavaScript and other data in a security- and integration-friendly approach
Proprietary data formats limit findability
• Legacy applications only present
through text or windowed
interfaces that can be “scraped”.
• Web-based applications present
HTML, JavaScript, images, and
other assets but aren’t search
engine friendly.
Search engines are great integrators
• Most users need access to
information trapped in existing
applications but sometimes they
don’t need must more than access
that a search engine could easily
provide.
• Assume that all pages in an
application, especial web
applications, will be “ingested” by
a securable, protectable, search
engine that can act as the first
method of integration.
www.netspective.com 30
31. NETSPECTIVE
Rely first on open source, then proprietary
“Free” is not as important as open source, you should pay for software but require openness
Healthcare fears open source
• Only the government spends more per
user on antiquated software than we do
in healthcare.
• There is a general fear that open source
means unsupported software or lower
quality solutions or unwanted security
breaches.
Open source can save health IT
• Other industries save billions by using
open source.
• Commercial vendors give better pricing,
service, and support when they know
they are competing with open source.
• Open source is sometimes more secure,
higher quality, and better supported
than commercial equivalents.
• Don’t dismiss open source, consider it
the default choice and select commercial
alternatives when they are known to be
better.
www.netspective.com 31