Reasons Why Health Data is Poorly Integrated Today and What We Can Do About It

Transcript

1. Reasons Why Health Data is Poorly
   Integrated Today and What We Can
   Do About It
   3rd Annual OSEHRA Summit
   Shahid N. Shah
   Chairman of OSEHRA Advisory Board
   

   View Slide

2. NETSPECTIVE
   www.netspective.com 2
   Who is Shahid?
   • Chairman, OSEHRA Board of Advisors
   • 20+ years of software engineering and
   multi-discipline complex IT
   implementations (Gov., defense, health,
   finance, insurance)
   • 12+ years of healthcare IT and medical
   devices experience (blog at
   http://healthcareguy.com)
   • 15+ years of technology management
   experience (government, non-profit,
   commercial)
   Author of Chapter 13, “You’re
   the CIO of your Own Office”
   

   View Slide

3. NETSPECTIVE
   www.netspective.com 3
   What’s this talk about?
   Background
   • Many enterprise apps are being built
   these days, most are designed to
   work as a stand alone system similar
   to consumer apps
   • Healthcare-specific software
   engineering and integration tools
   are going to do more harm than
   good (industry-neutral is better).
   Key takeaways
   • Any enterprise app which acts like
   a consumer app that doesn’t
   integrate well into hospital or
   ambulatory systems and workflows
   is doomed
   • There’s nothing unique about health
   IT data that justifies complex,
   expensive, or special technology.
   • There’s a lot unique about
   healthcare workflows that require
   common technologies to be
   adapted properly.
   

   View Slide

4. NETSPECTIVE
   www.netspective.com 4
   Application focus is biggest mistake
   Application-focused IT instead of Data-focused IT is causing business problems.
   Healthcare Provider Systems
   Clinical
   Apps
   Patient
   Apps
   Billing
   Apps
   Lab
   Apps
   Other
   Apps
   Partner Systems
   Silos of information exist across
   groups (duplication, little sharing)
   Poor data integration across
   application bases
   

   View Slide

5. NETSPECTIVE
   www.netspective.com 5
   NCI
   App
   NEI
   App NHLBI
   App
   Healthcare Provider Systems
   Clinical
   Apps
   Patient
   Apps
   Billing
   Apps Lab
   Apps Other
   Apps
   Master Data Management, Entity Resolution, and Data Integration
   Partner Systems
   Improved integration by services
   that can communicate between applications
   The Strategy: Modernize Integration
   Need to get existing applications to share data through modern integration
   techniques
   

   View Slide

6. www.netspective.com 6
   Why do health IT systems
   integrate poorly?
   

   View Slide

7. www.netspective.com 7
   Because customers don’t know how
   to effectively punish vendors that
   don’t integrate well.
   But, that’s changing. Slowly.
   

   View Slide

8. www.netspective.com 8
   Because apps developers don’t have
   a systems engineering culture where
   we think of data integration as a
   discipline our customers will buy.
   But, that’s changing. Slowly.
   

   View Slide

9. www.netspective.com 9
   Because we want to wait for others
   to create a new standard or magical
   API that makes integration
   problems disappear.
   But, that’s changing. Slowly.
   

   View Slide

10. NETSPECTIVE
    www.netspective.com 10
    The tactical issues
    • We don't support shared
    identities, single sign on (SSO),
    and industry-neutral
    authentication and authorization
    • We're too focused on "structured
    data integration" instead of
    "practical app integration" in our
    early project phases
    • We focus more on "pushing"
    versus "pulling" data than is
    warranted early in projects
    • We have “Inside out”
    architecture, not “Outside in”
    • We're too focused on
    heavyweight industry-specific
    formats instead of lightweight or
    micro formats
    • Data emitted is not tagged using
    semantic markup, so it's not
    securable or searchable by
    default
    • When health IT systems produce
    HTML, CSS, JavaScript, JSON,
    and other common outputs, it's
    not done in a security- and
    integration-friendly manner
    

    View Slide

11. So what do we do?
    And now…
    

    View Slide

12. www.netspective.com 12
    Unused data never gets better.
    Fix broken windows.
    Iterate your way to better
    data by forcing its use.
    

    View Slide

13. NETSPECTIVE
    www.netspective.com 13
    Legacy integration
    Application A
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Application B
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Feature Z
    Copy features and enhance (everything is separate)
    Application A
    Data
    Functionality
    Presentation
    Feature Z
    Feature X
    Application B
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Feature Z
    Connect directly to existing data, but copy features and enhance
    

    View Slide

14. NETSPECTIVE
    www.netspective.com 14
    Services
    Modern integration
    Application A
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Application B
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Feature Z
    Create API between applications, integrate data, create new data
    Application A
    Data
    Functionality
    Presentation
    Feature Z
    Feature X
    Application B
    Data
    Functionality
    Presentation
    Feature Y
    Feature X
    Feature Z
    Create common services and have all applications use them
    REST
    SOAP, RMI
    SOA
    ETL
    WOA
    APIs
    

    View Slide

15. www.netspective.com 15
    Create a formal Enterprise
    Integration Group (EIG)
    Even get a cool logo and team mascot.
    

    View Slide

16. www.netspective.com 16
    Start cataloging and
    formalizing use of enterprise
    integration patterns.
    You’re not the first (or second) to see these problems.
    

    View Slide

17. www.netspective.com 17
    Learn about ESB, ETL, and BPM –
    grab open source or commercial
    implementations and build around
    them.
    Don’t hand code things.
    

    View Slide

18. www.netspective.com 18
    Create a technical profile
    questionnaire and
    checklist
    Don’t hand code things.
    

    View Slide

19. www.netspective.com 19
    Lets see what all of this
    looks like in practice.
    You can do this in less than 40 man-hours of work.
    

    View Slide

20. NETSPECTIVE
    www.netspective.com 20
    Start with read-centric integration, move to enrichment later
    Where users spend time What they’re missing
    

    View Slide

21. NETSPECTIVE
    www.netspective.com 21
    Stop and think about workflows
    Sexy but wrong: Device-centric closed systems Dull but right: Workflow-centric open solutions
    

    View Slide

22. NETSPECTIVE
    www.netspective.com 22
    Promote “Outside-in” architecture
    Think about clinical and
    hospital operations and
    processes as a collection
    of business capabilities or
    services that can be
    delivered across
    organizations.
    

    View Slide

23. NETSPECTIVE
    www.netspective.com 23
    Promote “Outside-in” architecture
    Patients
    and
    Referral
    Partners
    Clinical
    Personnel
    Admin
    Personnel
    IT
    Personnel
    Unsophisticated and
    less agile focus
    Sophisticated and
    more agile focus
    Inside-out focus Outside-in focus
    

    View Slide

24. NETSPECTIVE
    www.netspective.com 24
    Proprietary identity is hurting us
    • Most health IT systems create their own
    custom identity, credentialing, and access
    management (ICAM) in an opaque part of
    a proprietary database.
    • We’re waiting for solutions from health IT
    vendors but free or commercial industry-
    neutral solutions are much better and
    future proof.
    Identity exchange is possible
    • Follow National Strategy for Trusted Identities
    in Cyberspace (NSTIC)
    • Use open identity exchange protocols such as
    SAML, OpenID, and Oauth
    • Use open roles and permissions-management
    protocols, such as XACML
    • Consider open source tools such as OpenAM,
    Apache Directory, OpenLDAP
    , Shibboleth, or
    commercial vendors.
    • Externalize attribute-based access control
    (ABAC) and role-based access control (RBAC)
    from clinical systems into enterprise systems
    like Active Directory or LDAP
    .
    Implement industry-neutral ICAM
    Implement shared identities, single sign on (SSO), neutral authentication and authorization
    

    View Slide

25. NETSPECTIVE
    www.netspective.com 25
    Dogma is preventing integration
    Many think that we shouldn’t integrate
    until structured data at detailed machine-
    computable levels is available.
    The thinking is that because mistakes can
    be made with semi-structured or hard to
    map data, we should rely on paper, make
    users live with missing data, or just make
    educated guesses instead.
    App-centric sharing is possible
    Instead of waiting for HL7 or other structured
    data about patients, we can use simple
    techniques like HTML widgets to share
    "snippets" of our apps.
    • Allow applications immediate access to
    portions of data they don't already manage.
    • Widgets are portions of apps that can be
    embedded or "mashed up" in other apps
    without tight coupling.
    • Blue Button has demonstrated the power of
    app integration versus structured data
    integration. It provides immediate benefit to
    users while the data geeks figure out what
    they need for analytics, computations, etc.
    App-focused integration is better than nothing
    Structured data dogma gets in the way of faster decision support real solutions
    

    View Slide

26. NETSPECTIVE
    www.netspective.com 26
    Old way to architect:
    “What data can you send me?” (push)
    The "push" model, where the system that
    contains the data is responsible for sending the
    data to all those that are interested (or to some
    central provider, such as a health information
    exchange or HL7 router) shouldn’t be the only
    model used for data integration.
    Better way to architect:
    “What data can I publish safely?” (pull)
    • Implement syndicated Atom-like feeds (which
    could contain HL7 or other formats).
    • Data holders should allow secure
    authenticated subscriptions to their data and
    not worry about direct coupling with other
    apps.
    • Consider the Open Data Protocol (oData).
    • Enable auditing of protected health
    information by logging data transfers through
    use of syslog and other reliable methods.
    • Enable proper access control rules expressed
    in standards like XACML.
    Pushing data is more expensive than pulling it
    We focus more on "pushing" versus "pulling" data than is warranted early in projects
    

    View Slide

27. NETSPECTIVE
    www.netspective.com 27
    HL7 and X.12 aren’t the only formats
    The general assumption is that
    formats like HL7, CCD, and X.12 are
    the only ways to do data integration
    in healthcare but of course that’s
    not quite true.
    Consider industry-neutral protocols
    • Consider identity exchange
    protocols like SAML for integration
    of user profile data and even for
    exchange of patient demographics
    and related profile information.
    • Consider iCalendar/ICS publishing
    and subscribing for schedule data.
    • Consider microformats like FOAF
    and similar formats from
    schema.org.
    • Consider semantic data formats
    like RDF, RDFa, and related family.
    Industry-specific formats aren’t always necessary
    Reliance on heavyweight industry-specific formats instead of lightweight micro formats is bad
    

    View Slide

28. NETSPECTIVE
    www.netspective.com 28
    Legacy systems trap valuable data
    In many existing contracts, the
    vendors of systems that house the
    data also ‘own’ the data and it can’t
    be easily liberated because the
    vendors of the systems actively
    prevent it from being shared or are
    just too busy to liberate the data.
    Semantic markup and tagging is easy
    • One easy way to create semantically
    meaningful and easier to share and
    secure patient data is to have all
    HTML tags be generated with
    companion RDFa or HTML5 Data
    Attributes using industry-neutral
    schemas and microformats similar to
    the ones defined at Schema.org.
    • Google's recent implementation of
    its Knowledge Graph is a great
    example of the utility of this
    semantic mapping approach.
    Tag all app data using semantic markup
    When data is not tagged using semantic markup, it's not securable or shareable by default
    

    View Slide

29. NETSPECTIVE
    www.netspective.com 29
    Proprietary data formats limit findability
    • Legacy applications only present
    through text or windowed
    interfaces that can be “scraped”.
    • Web-based applications present
    HTML, JavaScript, images, and
    other assets but aren’t search
    engine friendly.
    Search engines are great integrators
    • Most users need access to
    information trapped in existing
    applications but sometimes they
    don’t need must more than access
    that a search engine could easily
    provide.
    • Assume that all pages in an
    application, especial web
    applications, will be “ingested” by
    a securable, protectable, search
    engine that can act as the first
    method of integration.
    Produce data in search-friendly manner
    Produce HTML, JavaScript and other data in a security- and integration-friendly approach
    

    View Slide

30. NETSPECTIVE
    www.netspective.com 30
    Healthcare fears open source
    • Only the government spends more per
    user on antiquated software than we do
    in healthcare.
    • There is a general fear that open source
    means unsupported software or lower
    quality solutions or unwanted security
    breaches.
    Open source can save health IT
    • Other industries save billions by using
    open source.
    • Commercial vendors give better pricing,
    service, and support when they know
    they are competing with open source.
    • Open source is sometimes more secure,
    higher quality, and better supported
    than commercial equivalents.
    • Don’t dismiss open source, consider it
    the default choice and select commercial
    alternatives when they are known to be
    better.
    Rely first on open source, then proprietary
    “Free” is not as important as open source, you should pay for software but require openness
    

    View Slide

31. Thank You
    Visit
    http://www.netspective.com
    http://www.healthcareguy.com
    E-mail [email protected]
    Follow @ShahidNShah
    Call 202-713-5409
    

    View Slide