This was presented at Health 2.0's HxRefactored 2014 Conference in Brooklyn.
Background:
* Many enterprise apps are being built these days, but most are designed to work as a stand alone system similar to consumer apps
* Healthcare-specific software engineering and integration tools are going to do more harm than good (industry-neutral is better).
Key Takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
Unleash Your Potential - Namagunga Girls Coding Club
HxRefactored: Stop dreaming about fluid data interoperability and start focusing on actionable enterprise systems integration
1. Stop dreaming about fluid data
interoperability and start focusing on
actionable enterprise systems integration
By Shahid N. Shah
2. www.netspective.com 2
This and many of my other presentations are available at
www.SpeakerDeck.com/shah
@ShahidNShah
shahid@shah.org
www.ShahidShah.com
3. NETSPECTIVE
www.netspective.com 3
Who is Shahid?
• 20+ years of software engineering and multi-
discipline complex IT implementations (Gov.,
defense, health, finance, insurance)
• 12+ years of healthcare IT and medical
devices experience (blog at
http://healthcareguy.com)
• 15+ years of technology management
experience (government, non-profit,
commercial)
• 10+ years as architect, engineer, and
implementation manager on various EMR
and EHR initiatives (commercial and non-
profit)
Author of Chapter 13, “You’re
the CIO of your Own Office”
4. NETSPECTIVE
www.netspective.com 4
What’s this talk about?
Background
• Many enterprise apps are being built
these days, most are designed to
work as a stand alone system similar
to consumer apps
• Healthcare-specific software
engineering and integration tools
are going to do more harm than
good (industry-neutral is better).
Key takeaways
• Any enterprise app which acts like
a consumer app that doesn’t
integrate well into hospital or
ambulatory systems and workflows
is doomed
• There’s nothing unique about health
IT data that justifies complex,
expensive, or special technology.
• There’s a lot unique about
healthcare workflows that require
common technologies to be
adapted properly.
5. NETSPECTIVE
www.netspective.com 5
Application focus is biggest mistake
Application-focused IT instead of Data-focused IT is causing business problems.
Healthcare Provider Systems
Clinical
Apps
Patient
Apps
Billing
Apps
Lab
Apps
Other
Apps
Partner Systems
Silos of information exist across
groups (duplication, little sharing)
Poor data integration across
application bases
6. NETSPECTIVE
www.netspective.com 6
NCI
App
NEI
App NHLBI
App
Healthcare Provider Systems
Clinical
Apps
Patient
Apps
Billing
Apps Lab
Apps Other
Apps
Master Data Management, Entity Resolution, and Data Integration
Partner Systems
Improved integration by services
that can communicate between applications
The Strategy: Modernize Integration
Need to get existing applications to share data through modern integration
techniques
9. www.netspective.com 9
Because apps developers don’t have
a systems engineering culture where
we think of data integration as a
discipline our customers will buy.
But, that’s changing. Slowly.
10. www.netspective.com 10
Because we want to wait for others
to create a new standard or magical
API that makes integration
problems disappear.
But, that’s changing. Slowly.
11. NETSPECTIVE
www.netspective.com 11
The tactical issues
• We don't support shared
identities, single sign on (SSO),
and industry-neutral
authentication and authorization
• We're too focused on "structured
data integration" instead of
"practical app integration" in our
early project phases
• We focus more on "pushing"
versus "pulling" data than is
warranted early in projects
• We have “Inside out”
architecture, not “Outside in”
• We're too focused on
heavyweight industry-specific
formats instead of lightweight or
micro formats
• Data emitted is not tagged using
semantic markup, so it's not
securable or searchable by
default
• When health IT systems produce
HTML, CSS, JavaScript, JSON,
and other common outputs, it's
not done in a security- and
integration-friendly manner
14. NETSPECTIVE
www.netspective.com 14
Legacy integration
Application A
Data
Functionality
Presentation
Feature Y
Feature X
Application B
Data
Functionality
Presentation
Feature Y
Feature X
Feature Z
Copy features and enhance (everything is separate)
Application A
Data
Functionality
Presentation
Feature Z
Feature X
Application B
Data
Functionality
Presentation
Feature Y
Feature X
Feature Z
Connect directly to existing data, but copy features and enhance
15. NETSPECTIVE
www.netspective.com 15
Services
Modern integration
Application A
Data
Functionality
Presentation
Feature Y
Feature X
Application B
Data
Functionality
Presentation
Feature Y
Feature X
Feature Z
Create API between applications, integrate data, create new data
Application A
Data
Functionality
Presentation
Feature Z
Feature X
Application B
Data
Functionality
Presentation
Feature Y
Feature X
Feature Z
Create common services and have all applications use them
REST
SOAP, RMI
SOA
ETL
WOA
APIs
18. www.netspective.com 18
Learn about ESB, ETL, and BPM –
grab open source or commercial
implementations and build around
them.
Don’t hand code things.
23. NETSPECTIVE
www.netspective.com 23
Promote “Outside-in” architecture
Think about clinical and
hospital operations and
processes as a collection
of business capabilities or
services that can be
delivered across
organizations.
24. NETSPECTIVE
www.netspective.com 24
Promote “Outside-in” architecture
Patients
and
Referral
Partners
Clinical
Personnel
Admin
Personnel
IT
Personnel
Unsophisticated and
less agile focus
Sophisticated and
more agile focus
Inside-out focus Outside-in focus
25. NETSPECTIVE
www.netspective.com 25
Proprietary identity is hurting us
• Most health IT systems create their own
custom identity, credentialing, and access
management (ICAM) in an opaque part of
a proprietary database.
• We’re waiting for solutions from health IT
vendors but free or commercial industry-
neutral solutions are much better and
future proof.
Identity exchange is possible
• Follow National Strategy for Trusted Identities
in Cyberspace (NSTIC)
• Use open identity exchange protocols such as
SAML, OpenID, and Oauth
• Use open roles and permissions-management
protocols, such as XACML
• Consider open source tools such as OpenAM,
Apache Directory, OpenLDAP, Shibboleth, or
commercial vendors.
• Externalize attribute-based access control
(ABAC) and role-based access control (RBAC)
from clinical systems into enterprise systems
like Active Directory or LDAP.
Implement industry-neutral ICAM
Implement shared identities, single sign on (SSO), neutral authentication and authorization
26. NETSPECTIVE
www.netspective.com 26
Dogma is preventing integration
Many think that we shouldn’t integrate
until structured data at detailed machine-
computable levels is available.
The thinking is that because mistakes can
be made with semi-structured or hard to
map data, we should rely on paper, make
users live with missing data, or just make
educated guesses instead.
App-centric sharing is possible
Instead of waiting for HL7 or other structured
data about patients, we can use simple
techniques like HTML widgets to share
"snippets" of our apps.
• Allow applications immediate access to
portions of data they don't already manage.
• Widgets are portions of apps that can be
embedded or "mashed up" in other apps
without tight coupling.
• Blue Button has demonstrated the power of
app integration versus structured data
integration. It provides immediate benefit to
users while the data geeks figure out what
they need for analytics, computations, etc.
App-focused integration is better than nothing
Structured data dogma gets in the way of faster decision support real solutions
27. NETSPECTIVE
www.netspective.com 27
Old way to architect:
“What data can you send me?” (push)
The "push" model, where the system that
contains the data is responsible for sending the
data to all those that are interested (or to some
central provider, such as a health information
exchange or HL7 router) shouldn’t be the only
model used for data integration.
Better way to architect:
“What data can I publish safely?” (pull)
• Implement syndicated Atom-like feeds (which
could contain HL7 or other formats).
• Data holders should allow secure
authenticated subscriptions to their data and
not worry about direct coupling with other
apps.
• Consider the Open Data Protocol (oData).
• Enable auditing of protected health
information by logging data transfers through
use of syslog and other reliable methods.
• Enable proper access control rules expressed
in standards like XACML.
Pushing data is more expensive than pulling it
We focus more on "pushing" versus "pulling" data than is warranted early in projects
28. NETSPECTIVE
www.netspective.com 28
HL7 and X.12 aren’t the only formats
The general assumption is that
formats like HL7, CCD, and X.12 are
the only ways to do data integration
in healthcare but of course that’s
not quite true.
Consider industry-neutral protocols
• Consider identity exchange
protocols like SAML for integration
of user profile data and even for
exchange of patient demographics
and related profile information.
• Consider iCalendar/ICS publishing
and subscribing for schedule data.
• Consider microformats like FOAF
and similar formats from
schema.org.
• Consider semantic data formats
like RDF, RDFa, and related family.
Industry-specific formats aren’t always necessary
Reliance on heavyweight industry-specific formats instead of lightweight micro formats is bad
29. NETSPECTIVE
www.netspective.com 29
Legacy systems trap valuable data
In many existing contracts, the
vendors of systems that house the
data also ‘own’ the data and it can’t
be easily liberated because the
vendors of the systems actively
prevent it from being shared or are
just too busy to liberate the data.
Semantic markup and tagging is easy
• One easy way to create semantically
meaningful and easier to share and
secure patient data is to have all
HTML tags be generated with
companion RDFa or HTML5 Data
Attributes using industry-neutral
schemas and microformats similar to
the ones defined at Schema.org.
• Google's recent implementation of
its Knowledge Graph is a great
example of the utility of this
semantic mapping approach.
Tag all app data using semantic markup
When data is not tagged using semantic markup, it's not securable or shareable by default
30. NETSPECTIVE
www.netspective.com 30
Proprietary data formats limit findability
• Legacy applications only present
through text or windowed
interfaces that can be “scraped”.
• Web-based applications present
HTML, JavaScript, images, and
other assets but aren’t search
engine friendly.
Search engines are great integrators
• Most users need access to
information trapped in existing
applications but sometimes they
don’t need must more than access
that a search engine could easily
provide.
• Assume that all pages in an
application, especial web
applications, will be “ingested” by
a securable, protectable, search
engine that can act as the first
method of integration.
Produce data in search-friendly manner
Produce HTML, JavaScript and other data in a security- and integration-friendly approach
31. NETSPECTIVE
www.netspective.com 31
Healthcare fears open source
• Only the government spends more per
user on antiquated software than we do
in healthcare.
• There is a general fear that open source
means unsupported software or lower
quality solutions or unwanted security
breaches.
Open source can save health IT
• Other industries save billions by using
open source.
• Commercial vendors give better pricing,
service, and support when they know
they are competing with open source.
• Open source is sometimes more secure,
higher quality, and better supported
than commercial equivalents.
• Don’t dismiss open source, consider it
the default choice and select commercial
alternatives when they are known to be
better.
Rely first on open source, then proprietary
“Free” is not as important as open source, you should pay for software but require openness