The document discusses how open source software is driving innovation in healthcare. It provides examples of how open source platforms are being used to develop electronic health records, enable telehealth, and create apps. The NHS's Code4Health initiative aims to create an ecosystem where clinicians can collaborate to build and share open source solutions. While open source provides benefits, managing third-party code requires processes to ensure quality, security, and intellectual property compliance.
Speeding up Healthcare Application with HTTP/2CitiusTech
Healthcare data is being increasingly accessed over the public internet. With the rapid adoption of EHRs and patient portals, more and more healthcare technology providers are looking at providing the same features over the internet in a SaaS model to reduce feature to market time. As they embrace trends and begin supporting new use cases such as wearables, mobile health, AI and chat bots, more data gets transferred over the same public internet infrastructure
Secondly, there is a pressing need to optimize the time healthcare professionals spend on IT per patient instead of patient care. Hence, getting timely and accurate information is of utmost importance to ensure better patient care.
Patient engagement initiatives such as patient education, medication and visit reminder, positively impact patient outcomes and are a huge success if the applications built for the same provide seamless user experience. Internet based applications rely on HTTP. As web application became more prevalent, inefficiencies of HTTP need to be addressed. HTTP/2 (Hypertext Transfer Protocol Version 2) is the update to HTTP protocol that has been built with the aim of improving performance and reducing end user perceived latency, reducing network and server resource usage.This document introduces the features and benefits of HTTP/2 and how you can start using HTTP/2
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsCitiusTech
With the adoption of cloud and big data technologies, healthcare organizations are in a position to begin experimenting with IoT. Ranging from home care to smart facilities, there are many ways in which provider organizations can benefit by using IoT in their patient care workflows. E.g., a mobile app with patient geo-fencing capabilities can help optimize physician rounds by dynamically routing the physician to the nearest patient
Payers can leverage insights generated by IoT infrastructure to improve population health, increase patient awareness and reduce healthcare costs. Payers can also design more effective reward and retention programs using IoT generated data.
As IoT is evolving, adoption is slow but steady, and investments are being made by both startups and industry leaders. Healthcare is among the top 5 industries investing in IoT.
This document discusses how IoT can be leveraged to drive efficiency in healthcare workflows and enhance clinical outcomes.
One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
Conducting a Clinical Trial is a complex process, consisting of activities such as protocol preparation, site selection, approval of various authorities, meticulous collection and management of data, analysis and reporting of the data collected
Each activity is benefited from the development of point applications which ease the process of data collection, reporting and decision making. The recent advancements in mobile technologies and connectivity has enabled the generation and exchange of a lot more data than previously anticipated. However, the lack of interoperability and proper planning to leverage this data, still acts as a roadblock in allowing organizations truly harness their data assets. This document will help life sciences IT professionals and decision makers understand challenges and opportunities around clinical data integration
Speeding up Healthcare Application with HTTP/2CitiusTech
Healthcare data is being increasingly accessed over the public internet. With the rapid adoption of EHRs and patient portals, more and more healthcare technology providers are looking at providing the same features over the internet in a SaaS model to reduce feature to market time. As they embrace trends and begin supporting new use cases such as wearables, mobile health, AI and chat bots, more data gets transferred over the same public internet infrastructure
Secondly, there is a pressing need to optimize the time healthcare professionals spend on IT per patient instead of patient care. Hence, getting timely and accurate information is of utmost importance to ensure better patient care.
Patient engagement initiatives such as patient education, medication and visit reminder, positively impact patient outcomes and are a huge success if the applications built for the same provide seamless user experience. Internet based applications rely on HTTP. As web application became more prevalent, inefficiencies of HTTP need to be addressed. HTTP/2 (Hypertext Transfer Protocol Version 2) is the update to HTTP protocol that has been built with the aim of improving performance and reducing end user perceived latency, reducing network and server resource usage.This document introduces the features and benefits of HTTP/2 and how you can start using HTTP/2
Improving Efficiency and Outcomes in Healthcare using Internet of ThingsCitiusTech
With the adoption of cloud and big data technologies, healthcare organizations are in a position to begin experimenting with IoT. Ranging from home care to smart facilities, there are many ways in which provider organizations can benefit by using IoT in their patient care workflows. E.g., a mobile app with patient geo-fencing capabilities can help optimize physician rounds by dynamically routing the physician to the nearest patient
Payers can leverage insights generated by IoT infrastructure to improve population health, increase patient awareness and reduce healthcare costs. Payers can also design more effective reward and retention programs using IoT generated data.
As IoT is evolving, adoption is slow but steady, and investments are being made by both startups and industry leaders. Healthcare is among the top 5 industries investing in IoT.
This document discusses how IoT can be leveraged to drive efficiency in healthcare workflows and enhance clinical outcomes.
One of the main objective of HIPAA (Health Insurance Portability and Accountability Act) legislation is to provide data privacy and security provisions for safeguarding medical information. It requires healthcare organizations to ensure that applications are secure, and sensitive patient data is protected when in use, during transmission or when stored in a mobile device
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
Conducting a Clinical Trial is a complex process, consisting of activities such as protocol preparation, site selection, approval of various authorities, meticulous collection and management of data, analysis and reporting of the data collected
Each activity is benefited from the development of point applications which ease the process of data collection, reporting and decision making. The recent advancements in mobile technologies and connectivity has enabled the generation and exchange of a lot more data than previously anticipated. However, the lack of interoperability and proper planning to leverage this data, still acts as a roadblock in allowing organizations truly harness their data assets. This document will help life sciences IT professionals and decision makers understand challenges and opportunities around clinical data integration
Because putting patients’ needs first is essential in the healthcare industries, many healthcare systems
face health information technology (HIT) related challenges and a patient service dilemma.We will firstpresent
the patient service dilemma and provide a high-leveloverview of technologies that have increased the productivity,
efficiency in providing care, and clinical collaboration across their various healthcare campuses. Then, we will
suggest changesto current HIT practice that will enableHealth Systems to be Health Insurance Portability and
Accountability Act (HIPAA) compliant, while meeting the needs of patients, their expectations of care, and the
changing healthcare industry.
HxRefactored: Stop dreaming about fluid data interoperability and start focus...Shahid Shah
This was presented at Health 2.0's HxRefactored 2014 Conference in Brooklyn.
Background:
* Many enterprise apps are being built these days, but most are designed to work as a stand alone system similar to consumer apps
* Healthcare-specific software engineering and integration tools are going to do more harm than good (industry-neutral is better).
Key Takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
Architecting, designing and building medical devices in an outcomes focused B...Shahid Shah
Keeping your medical device designs relevant in an era of value based and outcome driven care is not easy. In this talk, I cover the following topics:
* “Connected EHRs”, device interoperability, and “Accountable Tech” are the future of med devices
* Hardware, sensors, and software are transient businesses but data lives forever. He who owns, integrates, and uses data wins in the end.
* Data from devices is too important and specialized to be left to software vendors, managed service providers, and system integrators.
Reasons Why Health Data is Poorly Integrated Today and What We Can Do About ItShahid Shah
Presented at the 3rd Annual Open Source EHR Summit - Key takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
A presentation about the role of informatics standards in facilitating electronic data interchange, and a framework for service-oriented semantic interoperability among data systems.
How to Use Open Source Technologies in Safety-critical Medical Device PlatformsShahid Shah
There is a great deal of fear and angst in the medical device vendor community about the use open source in safety-critical products. This presentation provides advice on why the fear is misplaced and how to proceed with using open source in safety-critical medical devices.
CIKM2020 Keynote: Accelerating discovery science with an Internet of FAIR dat...Michel Dumontier
Biomedicine has always been a fertile and challenging domain for computational discovery science. Indeed, the existence of millions of scientific articles, thousands of databases, and hundreds of ontologies, offer exciting opportunities to reuse our collective knowledge, were we not stymied by incompatible formats, overlapping and incomplete vocabularies, unclear licensing, and heterogeneous access points. In this talk, I will discuss our work to create computational standards, platforms, and methods to wrangle knowledge into simple, but effective representations based on semantic web technologies that are maximally FAIR - Findable, Accessible, Interoperable, and Reuseable - and to further use these for biomedical knowledge discovery. But only with additional crucial developments will this emerging Internet of FAIR data and services enable automated scientific discovery on a global scale.
bio:
Dr. Michel Dumontier is the Distinguished Professor of Data Science at Maastricht University and co-founder of the FAIR (Findable, Accessible, Interoperable and Reusable) data principles. His research focuses on the development of computational methods for scalable and responsible discovery science. Dr. Dumontier obtained his BSc (Biochemistry) in 1998 from the University of Manitoba, and his PhD (Bioinformatics) in 2005 from the University of Toronto. Previously a faculty member at Carleton University in Ottawa and Stanford University in Palo Alto, Dr. Dumontier founded and directs the interfaculty Institute of Data Science at Maastricht University to develop sociotechnological systems for responsible data science by design. His work is supported through the Dutch National Research Agenda, the Netherlands Organisation for Scientific Research, Horizon 2020, the European Open Science Cloud, the US National Institutes of Health and a Marie-Curie Innovative Training Network. He is the editor-in-chief for the journal Data Science and is internationally recognized for his contributions in bioinformatics, biomedical informatics, and semantic technologies including ontologies and linked data.
This presentation was given on October 21, 2020 at CIKM2020.
Because putting patients’ needs first is essential in the healthcare industries, many healthcare systems
face health information technology (HIT) related challenges and a patient service dilemma.We will firstpresent
the patient service dilemma and provide a high-leveloverview of technologies that have increased the productivity,
efficiency in providing care, and clinical collaboration across their various healthcare campuses. Then, we will
suggest changesto current HIT practice that will enableHealth Systems to be Health Insurance Portability and
Accountability Act (HIPAA) compliant, while meeting the needs of patients, their expectations of care, and the
changing healthcare industry.
HxRefactored: Stop dreaming about fluid data interoperability and start focus...Shahid Shah
This was presented at Health 2.0's HxRefactored 2014 Conference in Brooklyn.
Background:
* Many enterprise apps are being built these days, but most are designed to work as a stand alone system similar to consumer apps
* Healthcare-specific software engineering and integration tools are going to do more harm than good (industry-neutral is better).
Key Takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
Architecting, designing and building medical devices in an outcomes focused B...Shahid Shah
Keeping your medical device designs relevant in an era of value based and outcome driven care is not easy. In this talk, I cover the following topics:
* “Connected EHRs”, device interoperability, and “Accountable Tech” are the future of med devices
* Hardware, sensors, and software are transient businesses but data lives forever. He who owns, integrates, and uses data wins in the end.
* Data from devices is too important and specialized to be left to software vendors, managed service providers, and system integrators.
Reasons Why Health Data is Poorly Integrated Today and What We Can Do About ItShahid Shah
Presented at the 3rd Annual Open Source EHR Summit - Key takeaways:
* Any enterprise app which acts like a consumer app that doesn’t integrate well into hospital or ambulatory systems and workflows is doomed
* There’s nothing unique about health IT data that justifies complex, expensive, or special technology.
* There’s a lot unique about healthcare workflows that require common technologies to be adapted properly.
A presentation about the role of informatics standards in facilitating electronic data interchange, and a framework for service-oriented semantic interoperability among data systems.
How to Use Open Source Technologies in Safety-critical Medical Device PlatformsShahid Shah
There is a great deal of fear and angst in the medical device vendor community about the use open source in safety-critical products. This presentation provides advice on why the fear is misplaced and how to proceed with using open source in safety-critical medical devices.
CIKM2020 Keynote: Accelerating discovery science with an Internet of FAIR dat...Michel Dumontier
Biomedicine has always been a fertile and challenging domain for computational discovery science. Indeed, the existence of millions of scientific articles, thousands of databases, and hundreds of ontologies, offer exciting opportunities to reuse our collective knowledge, were we not stymied by incompatible formats, overlapping and incomplete vocabularies, unclear licensing, and heterogeneous access points. In this talk, I will discuss our work to create computational standards, platforms, and methods to wrangle knowledge into simple, but effective representations based on semantic web technologies that are maximally FAIR - Findable, Accessible, Interoperable, and Reuseable - and to further use these for biomedical knowledge discovery. But only with additional crucial developments will this emerging Internet of FAIR data and services enable automated scientific discovery on a global scale.
bio:
Dr. Michel Dumontier is the Distinguished Professor of Data Science at Maastricht University and co-founder of the FAIR (Findable, Accessible, Interoperable and Reusable) data principles. His research focuses on the development of computational methods for scalable and responsible discovery science. Dr. Dumontier obtained his BSc (Biochemistry) in 1998 from the University of Manitoba, and his PhD (Bioinformatics) in 2005 from the University of Toronto. Previously a faculty member at Carleton University in Ottawa and Stanford University in Palo Alto, Dr. Dumontier founded and directs the interfaculty Institute of Data Science at Maastricht University to develop sociotechnological systems for responsible data science by design. His work is supported through the Dutch National Research Agenda, the Netherlands Organisation for Scientific Research, Horizon 2020, the European Open Science Cloud, the US National Institutes of Health and a Marie-Curie Innovative Training Network. He is the editor-in-chief for the journal Data Science and is internationally recognized for his contributions in bioinformatics, biomedical informatics, and semantic technologies including ontologies and linked data.
This presentation was given on October 21, 2020 at CIKM2020.
Daca poate ai indoieli si spui ca nimeni nu te iubeste si nu-i pasa de tine, in aceasta prezentare vreau sa vezi ca poti fi iubitul Domnului si vei vedea chiar un exemplu al unui om cum a ajuns sa fie iubit de Dumnezeu.
Daca poate ai indoieli si spui ca nimeni nu te iubeste si nu-i pasa de tine, in aceasta prezentare vreau sa vezi ca poti fi iubitul Domnului si vei vedea chiar un exemplu al unui om cum a ajuns sa fie iubit de Dumnezeu.
Open Source Governance in Highly Regulated Companiesiasaglobal
Open source governance is part of IT governance and focuses on the specific issues related to the acquisition, use and management of OSS, and ensuring it is done in alignment with a company?s stated objectives, policies and risk profile. And as open source becomes more common, the need for governance increases dramatically. Without proper controls and processes to ensure compliance and reduce exposure, organizations will be at risk from technical and operational, regulatory, security, legal and brand factors.
PharmaLedger Press Release #2 June 2020 PharmaLedger
PharmaLedgers June 2020 press release covers the strong foundations in the project’s first year and how it set the stage for accelerated development and ecosystem engagement.
The press release also announces the establishment of PharmaLedger’s Advisory Board and the outlook for 2021.
—
This project has received funding from the Innovative Medicines Initiative 2 Joint Undertaking under grant agreement No 853992. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and EFPIA.
Disclaimer: Any information on this presentation solely reflects the author’s view and neither IMI nor the European Union or EFPIA are responsible for any use that may be made of the information contained herein.
Guide to Develop a Healthcare App Like Epic Systems Corporation.pdfMariaMurphy57
One such trailblazer in the realm of healthcare technology is Epic Systems Corporation, renowned for its innovative healthcare software solutions.
Visit: https://www.quytech.com/healthcare-app-development.php
This whitepaper discusses the future path of pharmacovigilance from a safety, regulatory and technological perspective. It argues the need to rethink traditional Pharmacovigilance (PV) strategies and discusses the influential role technology including cloud-based solutions, mobile applications, robotic automation, artificial intelligence (AI) and big data analytics will play in transforming the safety continuum.
We are publishing a draft of the technical standards of the Personal Health Records (PHR) component of the National Health Stack (NHS)!
As a refresher, these standards govern the consented sharing of health information between Health Information Providers (HIPs) - like hospitals, pathology labs, and clinics - and Health Information Users (HIUs) like pharmacies, medical consultants, doctors, and so on. The user’s consent to share their health data is issued via a new entity called a Health Data Consent Manager (HDCM).
The problem today is that the electronic health records listed in one app or ecosystem are not easily portable to other systems. There is no common standard that can be used to discover, share, and authenticate data between different networks or ecosystems. This means that the electronic medical records generated by users end up being confined to many different isolated silos, which can result in frustrating and complex experiences for patients wishing to manage data lying across different providers.
With the PHR system, a user is able to generate a longitudinal view of their health data across providers. The interoperability and security of the PHR architecture allows users to securely discover, share, and manage their health data in a safe, convenient, and universally acceptable manner. For instance, a user could use a HDCM to discover their account at one hospital or diagnostic lab, and then select certain electronic reports to share with a doctor from another hospital or clinic. The flow of data would be safe, and the user would have granular control over who can access their data and for how long. Here is a small demo of the PHR system in action.
The standards in the draft released today offers a high-level description of the architecture and flows that make this possible.
This month, there are two important events taking place – one in Mumbai (India) and other one in Abu Dhabi (UAE) and ICISS is Event Partner for both of them! While the seminar in Mumbai, “Secutech India Safety & Security Conclave 2014” is focusing on Security Solutions for Vertical Markets, the “Global Energy Security Conference 2014” in Abu Dhabi will have in-depth discussions on Corporate Security Integration with the Business, Security Mitigation Measures for International Companies and Ensuring Security at Oil & Gas Infrastructure in High Risk Areas against Terrorism.
The Pinkerton initiatives in India have been very useful in identifying the real threats faced by various sectors and strategies to mitigate them. The past survey results have been found very useful by the Corporates operating in India and for those wishing to set-up their operations in India in formulating their Security & Risk Policies and the measures to counter the treats. Like last year, the ICISS has partnered in this survey and we request all our readers to positively respond to this survey.
Capt S B Tyagi
For ICISS
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxhanneloremccaffery
STUDY PROTOCOL Open Access
Safety Assurance Factors for Electronic Health
Record Resilience (SAFER): study protocol
Hardeep Singh1*, Joan S Ash2 and Dean F Sittig3
Abstract
Background: Implementation and use of electronic health records (EHRs) could lead to potential improvements in
quality of care. However, the use of EHRs also introduces unique and often unexpected patient safety risks.
Proactive assessment of risks and vulnerabilities can help address potential EHR-related safety hazards before harm
occurs; however, current risk assessment methods are underdeveloped. The overall objective of this project is to
develop and validate proactive assessment tools to ensure that EHR-enabled clinical work systems are safe and
effective.
Methods/Design: This work is conceptually grounded in an 8-dimension model of safe and effective health
information technology use. Our first aim is to develop self-assessment guides that can be used by health care
institutions to evaluate certain high-risk components of their EHR-enabled clinical work systems. We will solicit input
from subject matter experts and relevant stakeholders to develop guides focused on 9 specific risk areas and will
subsequently pilot test the guides with individuals representative of likely users. The second aim will be to examine
the utility of the self-assessment guides by beta testing the guides at selected facilities and conducting on-site
evaluations. Our multidisciplinary team will use a variety of methods to assess the content validity and perceived
usefulness of the guides, including interviews, naturalistic observations, and document analysis. The anticipated
output of this work will be a series of self-administered EHR safety assessment guides with clear, actionable,
checklist-type items.
Discussion: Proactive assessment of patient safety risks increases the resiliency of health care organizations to
unanticipated hazards of EHR use. The resulting products and lessons learned from the development of the
assessment guides are expected to be helpful to organizations that are beginning the EHR selection and
implementation process as well as those that have already implemented EHRs. Findings from our project, currently
underway, will inform future efforts to validate and implement tools that can be used by health care organizations
to improve the safety of EHR-enabled clinical work systems.
Keywords: Electronic health records, Health information technology, Patient safety, Risk assessment, Resilience
Background
Several countries have made recent multi-billion dollar
investments in electronic health record (EHR) infra-
structure to transform their health care delivery systems.
However, implementation of EHR-related initiatives has
encountered greater than expected challenges [1-4].
Although successful transformations have occurred in a
few pioneering healthcare organizations across the globe,
[5,6] the vast majority of organizations are still in the
process of implementing.
Open Source Software is the major rival in the software market previously dominated by proprietary software products. Open Source Software(OSS) is available in various forms including web servers, Enterprise Resource Planning systems (ERPs), Academic management systems and network management systems and the development and uptake of such software by both commercial and non-commercial companies and institutions is still on the rise. The availability of OSS applications for every common type of enterprise, minimal licensing issues and availability of source code as well as ease of access has made the technology even more attractive in learning and teaching of software based courses in institutions of learning. Through embracing this technology, institutions of learning have been able to minimize general operations cost that could have otherwise been incurred in procuring similar proprietary software. Students and teaching staff can nowadays interact and modify the readily available source code hence making learning and teaching more practical.
OPEN SOURCE TECHNOLOGY: AN EMERGING AND VITAL PARADIGM IN INSTITUTIONS OF LEA...ijcsit
Open Source Software is the major rival in the software market previously dominated by proprietary software products. Open Source Software(OSS) is available in various forms including web servers, Enterprise Resource Planning systems (ERPs), Academic management systems and network management systems and the development and uptake of such software by both commercial and non-commercial companies and institutions is still on the rise. The availability of OSS applications for every common type of enterprise, minimal licensing issues and availability of source code as well as ease of access has made the technology even more attractive in learning and teaching of software based courses in institutions of learning. Through embracing this technology, institutions of learning have been able to minimize general operations cost that could have otherwise been incurred in procuring similar proprietary software. Students and teaching staff can nowadays interact and modify the readily available source code hence making learning and teaching more practical
IEEE DEST 2013 tGov paper eHealth - The Future Service Model for Home & Co...Hans A. Kielland Aanesen
Abstract — This document describes how future home and community health care services can be delivered using a range of new technologies and using standards developed by the EPR-forum and OASIS, and provides an overview of current efforts to build a new demonstrator showing how these services can be provided by the interoperability of the various edevices and systems.
2. eHealth Software Complexity
Software complexity is increasing with no end in sight as today’s code becomes the foundation for
tomorrow’s more complex functionality. Historically, healthcare organisations have created platforms to
manage these solutions fairly autonomously, both within individual organisations and industry wide. Quite
often these systems were procured at significant expense from software vendors who lock them into
solutions that restrict innovation, stifle diversity and have little ability to be re-used.
In the past, developing all software internally was a point of pride for many organizations. Today, the
complexity of modern software, coupled with the pressures to release applications and products on
tight deadlines, has made delivering projects that rely exclusively on internal code development almost
impossible. Increasingly, organizations are turning to commercial third party code, code brought in from
outsourcers and contractors, and open source software (OSS) to accelerate development and reduce costs.
If this approach is compared to other industries such as the automotive industry where in the early days
of car manufacturing car models were largely custom made. In more recent times, automotive
manufacturers have developed “platforms”, commonly re-used across companies and continents. This
gives them the ability to re-use existing components and enables greater flexibility – a new model is no
longer a completely new design and as a result costs are significantly reduced.
The same approach is now being applied to eHealth systems and with the emergence of Open Source
Software there is a shift to adopt Open Systems, Open Platforms and Open Data. These solutions are
developed efficiently without licence restriction where the code can be shared and re-used across the
public and private healthcare industry.
Code4Health
A great example of this repurposing is an initiative launched recently by NHS England called
Code4Health.
Code4Health is a resource used by healthcare professionals and providers of services to deliver better
patient outcomes. It provides a platform for clinicians to come together with IT suppliers to identify and
experiment with the systems in their Trusts and develop new functionality and products or solutions
that they can potentially deploy.
“Our ambition for Code4Health is to educate clinical and administrative staff to develop their interest in
digital technology and stimulate a desire to engage more closely in the design, development and
delivery of systems and apps”.
Code4Health are currently piloting ‘App In a Day’ where individual clinicians are being trained and
encouraged to play an active role in the development of apps or even develop their own apps using
LiveCode.
Overtime, the goal of the NHS is to:
Create a market of viable Open Source solutions
Provide evidence of the value of Open Source software to the wider Health and Social Care
Community
Ensure by default all code created in the NHS is shared as part of a library of assets for re-use
3. Ensure a level playing field for Open Source commodity and infrastructure services
Achieve a self-sustaining eco-system of communities
Managing Open Source and Other Third Party Content
Clearly there are huge benefits to be gained from this approach but it is not without its risks. Along with
the advantages realized by using third party code, there are a few challenges that can arise. Governing
the quality, security, licensing and intellectual property (IP) ownership attributes are imperative in
avoiding risks and potential downstream costs of using third party software. Last year Community
Health Systems Inc. lost data related to 5.4 million patients which could end up costing the health
system between $75 and $150 million. This data breach leveraged the bug Heartbleed to access VPH
log-in credentials.
The process of managing third party content in a code base can be time-consuming and resource intensive,
and an understanding of the effort associated with this exercise is the first step in optimizing the process
and mitigating the costs. This highlights a need for a governance program to underpin Open Source
initiatives. Indeed the NHS have created a custodian model for Code4Health and will have “code
custodians” to manage the risks of OSS and make the adoption of OSS based solutions easier for less
technically proficient trusts.
A study of common practices deployed at software
organizations, concerning adoption of open source and other
third party software components, has revealed a pattern
consisting of a number of necessary as well as some
discretionary steps. Originally coined as Open Source Software
Adoption Process (OSSAP), this process is equally applicable to
any third party software that is deployed and used in a project
within any organization. Eight steps are identified in a
structured open source adoption process.
1) Establishing a software policy, identifying acceptable
attributes of a third party software, and highlighting remedial
actions that should be taken in case of a violation of the
policy. Typically, an “open source committee” consisting of
legal, technology, security and business stakeholders are
responsible for establishing and communicating the policy.
2) An optional software package pre-approval workflow process that allows technology teams to
request open source and other external packages to be approved for use on a certain project under certain
use-case scenarios. The package-preapproval process would allow the “software clearing house” in an
organization to open and assess the requests and grant or deny permission depending on how well the
requested package aligns with the policies established in step 1.
3) Establishing a baseline, or taking stock of the existing code in the organization. This is a necessary
step in all but the simplest cases and is performed using automated tools creating a detailed view of the
code that is already present in the software organization. This will produce a resulting map of
proprietary, commercial or open source components and their licensing, security, quality and supplier
attributes. Furthermore, the results obtained at the conclusion of this step are compared against the
established policies and components and can be blacklisted/whitelisted as a result for future projects.
4. 4) Assessment of all code delivered to the project by contractors and outsourcing suppliers against the
policies using automated tools, and extending the software inventory map that was established during the
baselining process of step 3.
5) Regular scanning and examination of the project code library. This can be done by scripting an
automated policy-based scanner to review the complete library for any changes at regular intervals, for
example, every weekend, and highlighting content that violates a policy component.
6) Optional real-time assessment of code as it is checked into the organization’s Source Control
Management (SCM) system against the policies, and taking appropriate action if a violation is detected.
This step ensures that the project repository contains only acceptable code.
7) An optional real-time automated scanner residing on the developer’s workstation. Similar to a virus
checker, the content that is downloaded from the web, brought in through, for example from a USB
memory card or simply assembled on the developer’s workstation is continually scanned against the
project policies. Any violations against the policy can be highlighted to the developer (and the
developer only), allowing for either quick remedy at the source or a comment to be inserted against the
offending code (e.g. “will be used for testing only”).
8) Final build assessment, usually through an automated process tied into the build (for example
Jenkins) process.
The purpose of steps 2-7 is that all the code that could potentially end up in a project is logged and
approved in that it satisfies the project IP, security and exportability policies. By the time the final
application is built at step 8, there will be no surprises if steps 2-7 are diligently followed.
Conclusion
There is a significant opportunity to advance the caliber of healthcare by applying intelligent software
solutions to electronic health records, delivery of consumer health information, and the provision of
mobile and virtual health services. Leveraging open source software and drawing on the associated groups
accelerates the identification and development of healthcare applications, creates a level playing field for
all ecosystem communities, and allows the sharing and re-use of efforts across a wide range of healthcare
domains and geographies. The distributed and crowd-based nature of the open source development can
be managed by applying a structured open source software adoption process that will ensure quality,
security and legal compliance to the re-use obligations inherent in any open source code.
List of Additional Resources
Code4Health |Code4Health is a programme managed by NHS England to enable the best use to be made of digital
tools and technology to deliver safe, high quality, efficient and compassionate care.
Apperta Foundation |The Apperta Foundation is a not-for-profit community interest company supported by
NHS England led by clinicians and social care professionals to promote open systems and standards for digital
health and social care.