💚Call Girls In Amritsar 💯Anvi 📲🔝8725944379🔝Amritsar Call Girl No💰Advance Cash...
HxRefactored - HealthIMPACT - Shahid Shah
1. Stop dreaming about fluid data
interoperability and start focusing on
actionable enterprise systems integration
By Shahid N. Shah
2. www.netspective.com
This and many of my other presentations are available at
www.SpeakerDeck.com/shah
@ShahidNShah
shahid@shah.org
www.ShahidShah.com
3. NETSPECTI
VE
www.netspective.com
Who is Shahid?
• 20+ years of software engineering and
multi-discipline complex IT implementations
(Gov., defense, health, finance, insurance)
• 12+ years of healthcare IT and medical
devices experience (blog at
http://healthcareguy.com)
• 15+ years of technology management
experience (government, non-profit,
commercial)
• 10+ years as architect, engineer, and
implementation manager on various EMR
and EHR initiatives (commercial and non-
profit)
Author of Chapter 13, “You’re
the CIO of your Own Office”
4. NETSPECTI
VE
www.netspective.com
What’s this talk about?
Background
• Many enterprise apps are being
built these days, most are
designed to work as a stand alone
system similar to consumer apps
• Healthcare-specific software
engineering and integration tools
are going to do more harm than
good (industry-neutral is better).
Key takeaways
• Any enterprise app which acts like
a consumer app that doesn’t
integrate well into hospital or
ambulatory systems and
workflows is doomed
• There’s nothing unique about
health IT data that justifies
complex, expensive, or special
technology.
• There’s a lot unique about
healthcare workflows that require
common technologies to be
adapted properly.
9. www.netspective.com
Because apps developers don’t have
a systems engineering culture where
we think of data integration as a
discipline our customers will buy.
But, that’s changing. Slowly.
10. www.netspective.com
Because we want to wait for others to
create a new standard or magical
API that makes integration problems
disappear.
But, that’s changing. Slowly.
11. NETSPECTI
VE
www.netspective.com
The tactical issues
• We don't support shared
identities, single sign on (SSO),
and industry-neutral
authentication and authorization
• We're too focused on
"structured data integration"
instead of "practical app
integration" in our early project
phases
• We focus more on "pushing"
versus "pulling" data than is
warranted early in projects
• We have “Inside out”
architecture, not “Outside in”
• We're too focused on
heavyweight industry-specific
formats instead of lightweight or
micro formats
• Data emitted is not tagged
using semantic markup, so it's
not securable or searchable by
default
• When health IT systems
produce HTML, CSS,
JavaScript, JSON, and other
common outputs, it's not done
in a security- and integration-
friendly manner
21. NETSPECTI
VE
www.netspective.com
Start with read-centric integration, move to enrichment later
Where users spend time What they’re missing
The image cannot be displayed. Your computer may not have enough memory to open the
image, or the image may have been corrupted. Restart your computer, and then open the file
again. If the red x still appears, you may have to delete the image and then insert it again.
25. NETSPECTI
VE
www.netspective.com
Proprietary identity is hurting us
• Most health IT systems create their own
custom identity, credentialing, and
access management (ICAM) in an
opaque part of a proprietary database.
• We’re waiting for solutions from health IT
vendors but free or commercial industry-
neutral solutions are much better and
future proof.
Identity exchange is possible
• Follow
National Strategy for Trusted Identities in
Cyberspace (NSTIC)
• Use open identity exchange protocols such
as SAML, OpenID, and Oauth
• Use open roles and permissions-
management protocols, such as XACML
• Consider open source tools such as
OpenAM, Apache Directory, OpenLDAP,
Shibboleth, or commercial vendors.
• Externalize attribute-based access control
(ABAC) and role-based access control
(RBAC) from clinical systems into
enterprise systems like Active Directory or
LDAP.
Implement industry-neutral ICAM
Implement shared identities, single sign on (SSO), neutral authentication and
authorization
26. NETSPECTI
VE
www.netspective.com
Dogma is preventing integration
Many think that we shouldn’t integrate
until structured data at detailed
machine-computable levels is available.
The thinking is that because mistakes
can be made with semi-structured or
hard to map data, we should rely on
paper, make users live with missing
data, or just make educated guesses
instead.
App-centric sharing is possible
Instead of waiting for HL7 or other structured
data about patients, we can use simple
techniques like HTML widgets to share
"snippets" of our apps.
• Allow applications immediate access to
portions of data they don't already manage.
• Widgets are portions of apps that can be
embedded or "mashed up" in other apps
without tight coupling.
• Blue Button has demonstrated the power of
app integration versus structured data
integration. It provides immediate benefit to
users while the data geeks figure out what
they need for analytics, computations, etc.
App-focused integration is better than nothing
Structured data dogma gets in the way of faster decision support real solutions
27. NETSPECTI
VE
www.netspective.com
Old way to architect:“What data can you send
me?” (push)
The "push" model, where the system that
contains the data is responsible for sending
the data to all those that are interested (or to
some central provider, such as a health
information exchange or HL7 router)
shouldn’t be the only model used for data
integration.
Better way to architect:
“What data can I publish safely?” (pull)
• Implement syndicated Atom-like feeds
(which could contain HL7 or other formats).
• Data holders should allow secure
authenticated subscriptions to their data
and not worry about direct coupling with
other apps.
• Consider the Open Data Protocol (oData).
• Enable auditing of protected health
information by logging data transfers
through use of syslog and other reliable
methods.
• Enable proper access control rules
expressed in standards like XACML.
Pushing data is more expensive than pulling
itWe focus more on "pushing" versus "pulling" data than is warranted early in projects
28. NETSPECTI
VE
www.netspective.com
HL7 and X.12 aren’t the only formats
The general assumption is that
formats like HL7, CCD, and X.12
are the only ways to do data
integration in healthcare but of
course that’s not quite true.
Consider industry-neutral protocols
• Consider identity exchange
protocols like SAML for
integration of user profile data
and even for exchange of patient
demographics and related profile
information.
• Consider iCalendar/ICS
publishing and subscribing for
schedule data.
• Consider microformats like FOAF
and similar formats from
schema.org.
• Consider semantic data formats
like RDF, RDFa, and related
family.
Industry-specific formats aren’t always necessary
Reliance on heavyweight industry-specific formats instead of lightweight micro formats is
bad
29. NETSPECTI
VE
www.netspective.com
Legacy systems trap valuable data
In many existing contracts, the
vendors of systems that house the
data also ‘own’ the data and it can’t
be easily liberated because the
vendors of the systems actively
prevent it from being shared or are
just too busy to liberate the data.
Semantic markup and tagging is easy
• One easy way to create
semantically meaningful and easier
to share and secure patient data is
to have all HTML tags be
generated with companion RDFa
or HTML5 Data Attributes using
industry-neutral schemas and
microformats similar to the ones
defined at Schema.org.
• Google's recent implementation of
its Knowledge Graph is a great
example of the utility of this
semantic mapping approach.
Tag all app data using semantic markup
When data is not tagged using semantic markup, it's not securable or shareable by
default
30. NETSPECTI
VE
www.netspective.com
Proprietary data formats limit findability
• Legacy applications only
present through text or
windowed interfaces that can
be “scraped”.
• Web-based applications
present HTML, JavaScript,
images, and other assets but
aren’t search engine friendly.
Search engines are great integrators
• Most users need access to
information trapped in existing
applications but sometimes
they don’t need must more than
access that a search engine
could easily provide.
• Assume that all pages in an
application, especial web
applications, will be “ingested”
by a securable, protectable,
search engine that can act as
the first method of integration.
Produce data in search-friendly manner
Produce HTML, JavaScript and other data in a security- and integration-friendly approach
31. NETSPECTI
VE
www.netspective.com
Healthcare fears open source
• Only the government spends more per
user on antiquated software than we
do in healthcare.
• There is a general fear that open
source means unsupported software
or lower quality solutions or unwanted
security breaches.
Open source can save health IT
• Other industries save billions by using
open source.
• Commercial vendors give better
pricing, service, and support when
they know they are competing with
open source.
• Open source is sometimes more
secure, higher quality, and better
supported than commercial
equivalents.
• Don’t dismiss open source, consider it
the default choice and select
commercial alternatives when they are
known to be better.
Rely first on open source, then proprietary
“Free” is not as important as open source, you should pay for software but require
openness