Presented at StrataRX 2012: http://strataconf.com/rx2012/public/schedule/detail/25953
While the entire healthcare community, for decades, has been clamoring for, cajoling, and demanding integration of its IT systems, we’re actually in a pretty elementary stage when it comes to useful, practical, health IT systems integration beyond on-premise and in-building hospital software. Our problem in the industry is not that engineers don’t know how to create the right technology solutions or that somehow we have a big governance problem; while those are certainly issues in certain settings, the real cross-industry issue is much bigger – our approach to integration is decades old, opaque, and rewards closed systems.
For decades, starting in the 50’s through the mid 90’s before the web / Internet came along, systems integration meant that every system had to know about each other in advance, decide on what data they would share, engage in governance meetings, have memoranda of understanding or contracts in place, etc. After the web came along, most of that was thrown out the window because the approach changed to one that said the owner of the data provides whatever they decide (e.g. through a web server) and whoever wants it will be provided secure access and they can come get it (e.g. through a browser or HTTP client). This kind of revolutionary approach in systems integration is what the health IT and medical device sectors are sorely lacking and something that ONC can help promote.
Specifically, the following things are holding us back when it comes to poor integration in healthcare and what future EHRs can do about it:
• We don’t support shared identities, single sign on (SSO), and industry-neutral authentication and authorization. Most health IT systems create their own custom logins and identities for its users including roles, permissions, access controls, etc. stored in an opaque part of their own proprietary database. ONC should mandate that all future EHRs use industry-neutral and well supported identity management technologies so that each system has a least the ability to share identities. Without identity sharing and exchange there can be no easy and secure application integration capabilities no matter how good the formats are. I’m continually surprised how little attention is paid to this cornerstone of application integration. There are very nice open identity exchange protocols, such as SAML, OpenID, and oAuth as well as open roles and permissions management protocols such as XACML that make identity and permission sharing possible. Free open source tools such as OpenAM, Apache Directory, OpenLDAP, Shibboleth, and many commercial vendors have drop-in tools to make it almost trivial to do identity sharing, SSO, and RBAC.
Reasons why health data is poorly integrated today and what we can do about it
1. The Myth of Health Data
Integration Complexity
An opinionated look at why current health IT systems
integrate poorly and what we can do about it
By Shahid N. Shah, CEO
2. NETSPECTIVE
Who is Shahid?
•
•
•
•
20+ years of software engineering and multidiscipline complex IT implementations (Gov.,
defense, health, finance, insurance)
12+ years of healthcare IT and medical
devices experience (blog at
http://healthcareguy.com)
15+ years of technology management
experience (government, non-profit,
commercial)
10+ years as architect, engineer, and
implementation manager on various EMR
and EHR initiatives (commercial and nonprofit)
www.netspective.com
Author of Chapter 13, “You’re
the CIO of your Own Office”
2
3. NETSPECTIVE
What you’ll learn today
Let’s stop the hand waving and relying on the government to take care of integration
Background
•
•
•
•
A deluge of healthcare data is being
created as we digitize biology,
chemistry, and physics.
Data changes the questions we ask
and it can actually democratize and
improve the science of medicine, if we
let it.
While cures are the only real miracles
of medicine, big data can help solve
intractable problems and lead to more
cures.
Healthcare-focused software
engineering is going to do more harm
than good (industry-neutral is better).
www.netspective.com
Key takeaways
•
•
•
•
Applications come and go, data lives
forever. He who owns, integrates,
and uses data wins in the end.
Never leave your data in the hands
of an application/system vendor.
There’s nothing special about health
IT data that justifies complex,
expensive, or special technology.
Spend freely on multiple systems
and integration-friendly solutions.
3
4. NETSPECTIVE
NEJM believes doctors are trapped
It is a widely accepted myth that medicine requires
complex, highly specialized information-technology (IT)
systems.
This myth continues to justify soaring IT costs,
burdensome physician workloads, and stagnation in
innovation — while doctors become increasingly bound
to documentation and communication products that are
functionally decades behind those they use in their
“civilian” life.
New England Journal of Medicine “Escaping the EHR Trap - The Future of Health IT”, June 2012
www.netspective.com
4
6. NETSPECTIVE
We’re digitizing biology
Last and past decades
Digitize
mathematics
Digitize
literature
Digitize social
behavior
Predict human
behavior
Gigabytes and petabytes
www.netspective.com
This and future decades
Digitize biology
Digitize
chemistry
Digitize physics
Predict
fundamental
behaviors
Petabytes and exabytes
6
7. NETSPECTIVE
What’s creating “data deluge”?
Social Interactions
Biosensors
Economics
Phenotypics
Since 1970,
pennies per
patient
Since 1980s,
pennies per
patient
• Business focused data
• Retrospective
• Built on fee for service models
• Inward looking and not focused
on clinical benefits
www.netspective.com
• Must be continuously collected
• Mostly Retrospective
• Useful for population health
• Part digital, mostly analog
• Family History is hard
Genomics
Since 2000s,
started at $100k
per patient, <$1k
soon
• Can be collected infrequently
• Personalized
• Prospective
• Potentially predictive
• Digital
• Family history is easy
Proteomics
Emerging
• Must be continuously collected
• Difficult today, easier tomorrow
• Super-personalized
• Prospective
• Predictive
7
8. NETSPECTIVE
Data changes the questions we ask
Simple visual facts
www.netspective.com
Complex visual facts
Complex computable
facts
8
9. NETSPECTIVE
Implications for scientific discovery
The old way
Identify problem
Identify data
Ask questions
Generate questions
Collect data
Mine data
Answer questions
www.netspective.com
The new way
Answer questions
9
10. NETSPECTIVE
We’re in the integration age
We’re not in an
app-driven
future but an
integrationdriven future.
He who
integrates the
best, wins.
Source: Geoffrey Raines, MITRE
www.netspective.com
10
11. Where is all the data coming from?
Recognizable Data Sources
12. NETSPECTIVE
Data is hidden everywhere
Clinical trials data
(failed or successful)
Secure Social Patient
Relationship
Management (PRM)
Patient
Communications,
SMS, IM, E-mail,
Voice, and Telehealth
Patient Education,
Calculators, Widgets,
Content
Management
Blue Button, HL7,
X.12, HIEs, EHR, and
HealthVault
Integration
E-commerce, Ads,
Subscriptions, and
Activity-based Billing
Accountable Care,
Patient Care
Continuity and
Coordination
Patient Family and
Community
Engagement
Patient Consent,
Permissions, and
Disclosure
Management
www.netspective.com
12
13. NETSPECTIVE
More hidden sources of data
Clinical systems
Consumer and
patient health
systems
Core transaction
systems
Decision
support systems
(DSS and CPOE)
Electronic
medical record
(EMR)
Managed care
systems
Medical
management
systems
Materials
management
systems
Clinical data
repository
Patient
relationship
management
Imaging
Integrated
medical devices
Clinical trials
systems
Telemedicine
systems
Workflow
technologies
Work force
enabling
technologies
www.netspective.com
13
14. NETSPECTIVE
Unstructured patient data sources
Patient
Source
Self reported by
patient
Health
Professional
Observations by
HCP
Labs &
Diagnostics
Computed from
specimens
Errors
High
Medium
Slow
Slow
Low
Medium
Megabytes
Megabytes
Megabytes
Data type
PDFs, images
PDFs, images
PDFs, images
Availability
Common
Common
Common
Computed from
specimens
High
Data size
Computed realtime from patient
Medium
Reliability
Biomarkers /
Genetics
Low
Time
Medical Devices
www.netspective.com
Uncommon
Uncommon
14
15. NETSPECTIVE
Structured patient data sources
Patient
Source
Self reported by
patient
Health
Professional
Observations by
HCP
Labs &
Diagnostics
Specimens
Medical Devices
Real-time from
patient
Biomarkers /
Genetics
Specimens
Errors
High
Medium
Low
Low
Low
Time
Slow
Slow
Medium
Fast
Slow
Reliability
Low
Medium
High
High
High
Kilobytes
Kilobytes
Kilobytes
Megabytes
Gigabytes
Gigabytes
Gigabytes
Uncommon
Uncommon
Discrete size
Streaming size
Availability
www.netspective.com
Uncommon
Common
Somewhat
Common
15
17. NETSPECTIVE
Why you can’t just “buy interoperability”
Interoperability of data is an emergent property of your IT environment
Myth
Truth
• I only have a few systems
to integrate
• I know all my data formats
• I know where all my data is
and most of it is valid
• My vendor already knows
how all this works and will
solve my problems
• There are actually hundreds
of systems
• There are dozens of formats
you’re not aware of
• Lots of data is missing and
data quality is poor
• Tons of undocumented
databases and sources
• Vendors aren’t incentivized to
integrate data
www.netspective.com
17
18. NETSPECTIVE
Application focus is biggest mistake
Application-focused IT instead of Data-focused IT is causing business problems.
Silos of information exist across
groups (duplication, little sharing)
Clinical
Apps
Billing
Apps
Lab
Apps
Other
Apps
Healthcare Provider Systems
Patient
Apps
Partner Systems
Poor data integration across
application bases
www.netspective.com
18
19. NETSPECTIVE
The Strategy: Modernize Integration
Need to get existing applications to share data through modern integration
techniques
Clinical
Apps
NCI
App
Billing
Apps
Lab
Other
Apps
Apps
NEI
App
Healthcare Provider Systems
Patient
Apps
NHLBI
App
Partner Systems
Master Data Management, Entity Resolution, and Data Integration
Improved integration by services
that can communicate between applications
www.netspective.com
19
21. NETSPECTIVE
Why health IT systems integrate poorly
Technology “Culture”
•
•
•
•
•
Permissions-oriented culture prevents
tinkering and “hacking”
We don’t let patients drive data
decisions.
No scripting or customizing EHRs, lab
systems, etc.
Interoperability isn’t required for
transactions to be completed (ecommerce)
We have “Inside out” architecture, not
“Outside in”
www.netspective.com
Actual Technology
•
•
•
•
We don't support shared identities,
single sign on (SSO), and industryneutral authentication and
authorization
We're too focused on "structured data
integration" instead of "practical app
integration“
We focus more on "pushing" versus
"pulling" data than is warranted early
in projects
We're too focused on heavyweight
industry-specific formats instead of
lightweight or micro formats
21
22. NETSPECTIVE
Promote “Outside-in” architecture
The IT department inside your organization cannot possibly do everything you’d like
Process and people consolidation won’t work in
the future
Defining and coordinating interactions across a
multitude of organizations is the new way
“For decades, businesses typically have been
rewarded for consolidation around standard
processes and stockpiling assets through
people, technology and goods.
Companies are discovering they need a new
kind of leverage – capability leverage – to
mobilize third parties that can add value.”
• Outside-in architecture asks you to think
about your operations and processes as
a collection of business capabilities or
services.
• Each individual service must be analyzed
and packaged to see who can deliver
them best. According to Deloitte, “this
architectural transition requires new skills
from the CIO and the IT organization.
CIOs who anticipate and understand the
opportunity are likely to become much
more effective business partners with
other executive leaders.”
Source: Deloitte “Outside-in Architecture”
www.netspective.com
22
23. NETSPECTIVE
Implement industry-neutral ICAM
Implement shared identities, single sign on (SSO), neutral authentication and authorization
Proprietary identity is hurting us
•
•
Most health IT systems create their own
custom identity, credentialing, and access
management (ICAM) in an opaque part of
a proprietary database.
We’re waiting for solutions from health IT
vendors but free or commercial industryneutral solutions are much better and future
proof.
www.netspective.com
Identity exchange is possible
• Follow National Strategy for Trusted Identities
in Cyberspace (NSTIC)
• Use open identity exchange protocols such as
SAML, OpenID, and Oauth
• Use open roles and permissions-management
protocols, such as XACML
• Consider open source tools such as OpenAM,
Apache Directory, OpenLDAP Shibboleth, or
,
commercial vendors.
• Externalize attribute-based access control
(ABAC) and role-based access control (RBAC)
from clinical systems into enterprise systems
like Active Directory or LDAP
.
23
24. NETSPECTIVE
App-focused integration is better than nothing
Structured data dogma gets in the way of faster decision support real solutions
Dogma is preventing integration
App-centric sharing is possible
Many think that we shouldn’t integrate
until structured data at detailed machinecomputable levels is available.
The thinking is that because mistakes can
be made with semi-structured or hard to
map data, we should rely on paper, make
users live with missing data, or just make
educated guesses instead.
Instead of waiting for HL7 or other structured
data about patients, we can use simple
techniques like HTML widgets to share
"snippets" of our apps.
• Allow applications immediate access to
portions of data they don't already manage.
• Widgets are portions of apps that can be
embedded or "mashed up" in other apps
without tight coupling.
• Blue Button has demonstrated the power of
app integration versus structured data
integration. It provides immediate benefit to
users while the data geeks figure out what
they need for analytics, computations, etc.
www.netspective.com
24
25. NETSPECTIVE
Pushing data is more expensive than pulling it
We focus more on "pushing" versus "pulling" data than is warranted early in projects
Old way to architect:
“What data can you send me?” (push)
Better way to architect:
“What data can I publish safely?” (pull)
The "push" model, where the system that
contains the data is responsible for sending the
data to all those that are interested (or to some
central provider, such as a health information
exchange or HL7 router) shouldn’t be the only
model used for data integration.
• Implement syndicated Atom-like feeds (which
could contain HL7 or other formats).
• Data holders should allow secure
authenticated subscriptions to their data and
not worry about direct coupling with other
apps.
• Consider the Open Data Protocol (oData).
• Enable auditing of protected health
information by logging data transfers through
use of syslog and other reliable methods.
• Enable proper access control rules expressed
in standards like XACML.
www.netspective.com
25
26. NETSPECTIVE
Industry-specific formats aren’t always necessary
Reliance on heavyweight industry-specific formats instead of lightweight micro formats is bad
HL7 and X.12 aren’t the only formats
Consider industry-neutral protocols
The general assumption is that
formats like HL7, CCD, and X.12 are
the only ways to do data integration
in healthcare but of course that’s
not quite true.
Microsoft Excel & Access, Google
Docs, etc. don’t have live access to
our data in transactional systems
such as EHRs.
•
www.netspective.com
•
•
•
Consider identity exchange
protocols like SAML for integration
of user profile data and even for
exchange of patient demographics
and related profile information.
Consider iCalendar/ICS publishing
and subscribing for schedule data.
Consider microformats like FOAF
and similar formats from
schema.org.
Consider semantic data formats
like RDF, RDFa, and related family.
26
27. NETSPECTIVE
Tag all app data using semantic markup
When data is not tagged using semantic markup, it's not securable or shareable by default
Legacy systems trap valuable data
Semantic markup and tagging is easy
In many existing contracts, the
vendors of systems that house the
data also ‘own’ the data and it can’t
be easily liberated because the
vendors of the systems actively
prevent it from being shared or are
just too busy to liberate the data.
• One easy way to create semantically
meaningful and easier to share and
secure patient data is to have all
HTML tags be generated with
companion RDFa or HTML5 Data
Attributes using industry-neutral
schemas and microformats similar to
the ones defined at Schema.org.
• Google's recent implementation of
its Knowledge Graph is a great
example of the utility of this
semantic mapping approach.
www.netspective.com
27
28. NETSPECTIVE
Produce data in search-friendly manner
Produce HTML, JavaScript and other data in a security- and integration-friendly approach
Proprietary data formats limit findability
Search engines are great integrators
• Legacy applications only present
through text or windowed
interfaces that can be “scraped”.
• Web-based applications present
HTML, JavaScript, images, and
other assets but aren’t search
engine friendly.
• Most users need access to
information trapped in existing
applications but sometimes they
don’t need must more than access
that a search engine could easily
provide.
• Assume that all pages in an
application, especial web
applications, will be “ingested” by
a securable, protectable, search
engine that can act as the first
method of integration.
www.netspective.com
28
29. NETSPECTIVE
Rely first on open source, then proprietary
“Free” is not as important as open source, you should pay for software but require openness
Healthcare fears open source
Open source can save health IT
• Only the government spends more per
user on antiquated software than we do
in healthcare.
• There is a general fear that open source
means unsupported software or lower
quality solutions or unwanted security
breaches.
• Other industries save billions by using
open source.
• Commercial vendors give better pricing,
service, and support when they know
they are competing with open source.
• Open source is sometimes more secure,
higher quality, and better supported
than commercial equivalents.
• Don’t dismiss open source, consider it
the default choice and select commercial
alternatives when they are known to be
better.
www.netspective.com
29
30. NETSPECTIVE
Primary challenges
• Tooling strategy must be comprehensive. What hardware and
software tools are available to non-technical personnel to encourage
sharing?
• Formats matter. Are you using entity resolution, master data and
metadata schemas, documenting your data formats, and access
protocols?
• Incentivize data sharing. What are the rewards for sharing or penalties
for not sharing healthcare data?
• Distribute costs. How are you going to allow data users to contribute
to the storage, archiving, analysis, and management costs?
• Determine utilization. What metrics will you use determine what’s
working and what’s not?
www.netspective.com
30