How to Use Open Source Technologies in Safety-critical Digital Health Applications and Medical...

How to Use Open Source Technologies in Safety-critical Health Applications

3rd Annual OSEHRA SummitShahid N. Shah

Chairman of OSEHRA Advisory Board

NETSPECTIVE

www.netspective.com 2

Who is Shahid?

• Chairman, OSEHRA Board of Advisors• 20+ years of software engineering

and multi-discipline complex IT implementations (Gov., defense, health, finance, insurance)

• 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com)

• 15+ years of technology management experience (government, non-profit, commercial)

Author of Chapter 13, “You’re the CIO of your

Own Office”

http://healthcareguy.com/

NETSPECTIVE


Outcomes driven care is in our future

NETSPECTIVE


Open source software (OSS) is in our future• You’re moving from standalone boxes to fully

integrated systems• mHealth demands more interoperability• Your customers demand flexible workflows with

enhanced functionality• Your customer demand data integration with their

systems• Security of medical devices is under great scrutiny

and excuses aren’t going to be accepted

NETSPECTIVE


The new realities of patient populations

• Obesity Management• Wellness

Management

• Assessment – HRA• Stratification• Dietary• Physical Activity• Physician

Coordination• Social Network• Behavior Modification

• Education

• Health Promotions

• Healthy Lifestyle Choices

• Health Risk Assessment

• Diabetes• COPD• CHF

• Stratification & Enrollment

• Disease Management• Care Coordination• MD Pay-for-

Performance• Patient Coaching

• Physicians Office• Hospital• Other sites• Pharmacology

• Catastrophic Case Management

• Utilization Management

• Care Coordination• Co-morbidities

Well Patient At Risk Chronic Care Acute Treatment

Prevention Management

26 % of Population

4 % of Medical Costs

35 % of Population


35 % of Population


4% of Population


Source: Amir Jafri, PrescribeWell

NETSPECTIVE


Customers are struggling with Accountable Tech

Cost per patient per procedure / treatment going up but without

ability to explain why

Cost for same procedure /

treatment plan highly variable across localities

Unable to compare drug efficacy across

patient populations

Unable to compare health

treatment effectiveness

across patients

Variability in fees and treatments promotes fraud

Lack of visibility of entire patient record causes medical errors

Everything your app/device does to help answer important questions below means more sales and better margins

NETSPECTIVE


Opportunities for incremental or new revenue

Fill clinical documentation

into EHRs

Improve alarm notification

Review and perform

complex event processing

Add signal/data processing for

new parameters

Remotely upgrade and

service equipment

Automate clinical

workflows

Remote surveillance

Gateways and interoperability

appliances

NETSPECTIVE


Wireless BAN Ecosystem is complex without OSS

Source: Qualcomm

NETSPECTIVE


Data is getting more sophisticated, analysis even more so

ProteomicsGenomicsBiochemicalBehavioralPhenotypic

sEconomics

It’s hard today but will be even harder tomorrow

IOT sensorsAdministrative

NETSPECTIVE


Implications of healthcare trends

PPACA ACO

MU PCMH

Health Home mHealth

DATAEvidence Based

MedicineComparative Effectiveness

Software

Regulated IT and Systems Integration

Services

NETSPECTIVE


What’s being offered to users What users really want

What users want vs. what they’re offeredData visualization requires integration and aggregation

NETSPECTIVE


Evolving Healthcare IT Enterprise ArchitectureYou need to fit into a complex environment

CloudServices

ManagementDashboards

Data Transformation (ESB, HL7)

BaaS Gateway(DDS, XMPP, ESB)

Enterprise DataRCM, Financials, EHRs

Device Inventory

Cross Device App Workflows

AlarmNotifications

Patient ContextMonitoring

DeviceTeaming

DeviceManagementReport

Generation

HITIntegration

RemoteSurveillance

DeviceData

SSL VPN

PatientSelf-Management

Platforms

Device Utilization

Device reimbursement

Device profitability


• Should medical device and health IT vendors be using open source to implement their safety-critical requirements?

• How about contributing to open source projects?

• How about creating their own open source projects?


Yes!• If you’re not using open source projects

in your own devices then you’re doing far more engineering work than is necessary.

• If you’re not contributing to open source then you’re not making code you rely on better.

• If you’re not creating open source then you’re missing a valuable marketing opportunity.

NETSPECTIVE


Connectivity is a must, OSS is answer

Data integration Manageability

Enhance functionality

Most obvious benefit Least attention

Most promisingcapability

This talk focuses on connected devices

NETSPECTIVE


Smart buyers looking for poly-connectivity

Device Hospital Network

Corporate Gateway

External Cloud

Hospital Systems

Option 1 (no cellular access or hospital IT integration required)

Device External Cloud

Option 2 (cellular access and no hospital IT integration required)

DDS

REST

HL7

X.12

DDS REST

MPEG-21

MPEG-21

Could be a Home

Network, too

Wired

WirelessBluetooth, WiFi, Zibee, etc.

Wireless, Cellular

NETSPECTIVE


Appreciate tradeoffs

Integration-

friendliness

Ease of validation

The more connection-friendly a device, the harder it is to validate it

Lesson: Demand Testability

NETSPECTIVE


Regulatory Strategy

510(k) PMA, Class 3, Class

2, etc.

UnregulatedEHR or others

510(k)Class 2

“Data Bridges”

“Everything else”Customer registryPatient registryPatient profileStudy ManagementBilling

“The Device”

Class 1

MDDS

NETSPECTIVE


What are we afraid of when it comes to OSS?Compliance

Will the FDA and other regulators accept open source code in safety-critical systems?

Reliability

Is open source code safe enough for medical devices?


Yes, of course.

Proof: we did it at American Red Cross in 1996 for a Class 3 device built on a modern enterprise IT ecosystem

Lesson: Risk managers and quality leadership often use regulators as an excuse to prevent OSS use because of OSS illiteracy, not legitimate strategy or actual evidence of harm.

Reality: Regulators don’t care about your use of open source, they care about safe systems that meet intended use.

NETSPECTIVE


Code you write is not necessarily safer

Modern IT systems’ custom components

There is significantly more and better testing of large open source projects than you could ever do

In an integrated ecosystem, you have to learn how to rely on others and do so safely and effectively

NETSPECTIVE


It’s not as hard as we think…

• Modern real-time operating systems (open source and commercial) are reliable for safety-critical medical-grade requirements.

• Open standards such as TCP/IP, DDS, HTTP, and XMPP can pull vendors out of the 1980’s and into the 1990’s.

• Open source and open standards that promote enterprise IT connectivity can pull vendors into the 2010’s and beyond.

How to start using OSS immediately

NETSPECTIVE


Remove OSS illiteracy from decision making

Understand open source

licensing, remove the fear

of IP loss

Understand where code is coming from and what test

harnesses included

Get in touch with the open

source developers to find out the

current utilization

NETSPECTIVE


Choose the right OSS projects

Requirements traceability possible?

Code reviews conducted by

OSS code authors?

Unit testing conducted by

authors?

Continuous integration

system employed?

Integration testing

conducted?

Performance testing

conducted?

Safety testing conducted?

Security testing

conducted?

NETSPECTIVE


Engender trust in the code’s provenance

Connect to the revision

control system of the open source project

Create your own

binaries

Create a process to securely sign the binaries

Create your own

deployment packages

NETSPECTIVE


Integrate OSS into your QSR process

Employ continuous integration (CI) for your own and OSS

project components

Create a process to test the binaries

using code coverage tools

Conduct continuous hazard and risk analysis of outside code

Keep an eye on changes coming in

from the source and retest regularly

NETSPECTIVE


But it’s not easy either…we need

Risk Assessments

Hazard Analysis

Design for Testability

Design for Simulations

Documentation Traceability Mathematica

l Proofs Determinism

Instrumentation

Theoretical foundations

NETSPECTIVE


OSS hazard and risk assessment

• What is the intended use for the device or system?

• How will the OSS product you’re planning to use going to be tied to your intended use?

• What is the risk associated with the OSS product for that particular intended use?

R = Sh x Ph

NETSPECTIVE


Risk is related to severity and harm

R = Sh x Ph

R = riskSh = severity of harm

Ph = probability of harm

• Harm is damage done to a person• Severity is the degree of harm done• Probability is the frequency and duration of exposure

NETSPECTIVE


Examples of Severity & Probability

Severity

• multiple fatalities• fatalities• severe injury (non-reversible,

requires hospitalization)• moderate injury (reversible,

requires hospitalization)• minor (reversible, requires first

aid)• very minor (no first aid)

Probability

• Constant exposure• Hourly• Daily• Weekly• Monthly• Yearly• Never

NETSPECTIVE


Formal risk assessment methods

What-if analysis

Preliminary hazard

analysis (PHA)

Failure modes and

effects analysis (FMEA)

Fault tree analysis (FTA)

Hazard and operability

studies

NETSPECTIVE


OSS Risk analysis steps - FMEA

• Define the function of the OSS product being analyzed. • Identify potential failures of the OSS. • Determine the causes of each failure types. • Determine the effects of potential failures. • Assign a risk index to each of the failure types. • Determine the most appropriate corrective/preventive

actions. • Monitor the implementation of the

corrective/preventive to ensure that it is having the desired effect.

NETSPECTIVE


Good summary of FMEA

• http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis

http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis



NETSPECTIVE


Sampling of OSS / open standardsProject / Standard Subject area D G Comments

Linux or Android Operating system

OMG DDS (data distribution service)

Publish and subscribe messaging

Open standard with open source implementations

AppWeb, Apache Web/app server

OpenTSDB Time series database Open source project

Mirth HL7 messaging engine

Built on Mule ESB

Alembic Aurion HIE, message exchange

Successor to CONNECT

HTML5, XMPP, JSON Various areas Don’t reinvent the wheel

SAML, XACML Security and privacy

DynObj, OSGi, JPF Plugin frameworks Build for extensibility

NETSPECTIVE


OSS applicability to connectivityPhysical• W

ired, wireless (WiFi, cellular, etc.)

S

tr

u

c

t

u

r

a

l• S

e

c

u

rit

y

,

N

u

m

b

e

r

s

,

U

n

it

s

o

f

M

e

a

s

u

r

e

,

e

t

c

.

Semantic• P

resence, Vitals, Glucose, Heartbeats, etc.

NETSPECTIVE


OSS applicability to manageability

Security• Is the device

authorized?

Inventory• Where is the

device?

Presence• Is a device

connected?

Teaming• Device grouping

NETSPECTIVE


OSS enables extensible devices

Legacy Devices Future Devices

NETSPECTIVE


Device Components 3rd Party Plugins

App #1

App #2

Security and Management LayerDevice OS(QNX, Linux, Windows)

Sensors Storage Display Plugins

Web Server, IM Client

Connectivity Layer (DDS, HTTP, XMPP)

• Presence• Messaging• Registration• JDBC, Query

CloudServices



Device Gateway (DDS, ESB)

Healthcare Enterprise

Enterprise Data

Shahid’s “Ultimate Connectivity Architecture”

Plugin Container

Event Architecture

Inventory

Workflow

NotificationsPatient Context

LocationAware

1 23

4

5

6

7

8

9

SSL VPN

NETSPECTIVE


OSS in Ultimate Architecture Core

Device Components



Plugin Container

Don’t createyour own OS!

Security isn’tadded later

Think aboutPlugins from day 1

Connectivity isbuilt-in, not added

Build onOpen Source

Create code asa last resort

NETSPECTIVE


OSS enables plugin architecture


App #1

App #2


Plugins


Plugin Container

Event Architecture

LocationAware

NETSPECTIVE


OSS in connectivity components

Device Components




• Presence• Messaging• Registration• JDBC, Query

Plugin Container

Surveillance &“remote display”

Remote Access

AlarmsEvent Viewer

Design all functions as plugins

NETSPECTIVE


OSS in device components



Sensors Storage Display Plugins


Connectivity Layer (HTTP, XMPP)

Plugin Container

Event Architecture

Location

Aware

Virtualize!

“On Device”Workflow

PatientContext, too

NETSPECTIVE


OSS enables enterprise integration

CloudServices



BaaS Gateway(DDS, XMPP, ESB)

Enterprise DataRCM, Financials, EHRs

Device Inventory

Cross Device App Workflows

AlarmNotifications

Patient ContextMonitoring

DeviceTeaming

DeviceManagementReport

Generation

HITIntegration

RemoteSurveillance

DeviceData

SSL VPN

PatientSelf-Management

Platforms

Device Utilization

Device reimbursement

Device profitability

Thank You

Visit http://www.netspective.com http://www.healthcareguy.comE-mail [email protected] @ShahidNShahCall 202-713-5409

Date post:	02-Jun-2015
Category:	Business
Upload:	shahid-shah
View:	209 times
Download:	0 times

How to Use Open Source Technologies in Safety-critical Digital Health Applications and Medical...

Business