Date post: | 02-Jun-2015 |
Category: |
Business |
Upload: | shahid-shah |
View: | 209 times |
Download: | 0 times |
How to Use Open Source Technologies in Safety-critical Health Applications
3rd Annual OSEHRA SummitShahid N. Shah
Chairman of OSEHRA Advisory Board
NETSPECTIVE
www.netspective.com 2
Who is Shahid?
• Chairman, OSEHRA Board of Advisors• 20+ years of software engineering
and multi-discipline complex IT implementations (Gov., defense, health, finance, insurance)
• 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com)
• 15+ years of technology management experience (government, non-profit, commercial)
Author of Chapter 13, “You’re the CIO of your
Own Office”
NETSPECTIVE
www.netspective.com 3
Outcomes driven care is in our future
NETSPECTIVE
www.netspective.com 4
Open source software (OSS) is in our future• You’re moving from standalone boxes to fully
integrated systems• mHealth demands more interoperability• Your customers demand flexible workflows with
enhanced functionality• Your customer demand data integration with their
systems• Security of medical devices is under great scrutiny
and excuses aren’t going to be accepted
NETSPECTIVE
www.netspective.com 5
The new realities of patient populations
• Obesity Management• Wellness
Management
• Assessment – HRA• Stratification• Dietary• Physical Activity• Physician
Coordination• Social Network• Behavior Modification
• Education
• Health Promotions
• Healthy Lifestyle Choices
• Health Risk Assessment
• Diabetes• COPD• CHF
• Stratification & Enrollment
• Disease Management• Care Coordination• MD Pay-for-
Performance• Patient Coaching
• Physicians Office• Hospital• Other sites• Pharmacology
• Catastrophic Case Management
• Utilization Management
• Care Coordination• Co-morbidities
Well Patient At Risk Chronic Care Acute Treatment
Prevention Management
26 % of Population
4 % of Medical Costs
35 % of Population
22 % of Medical Costs
35 % of Population
37 % of Medical Costs
4% of Population
36 % of Medical Costs
Source: Amir Jafri, PrescribeWell
NETSPECTIVE
www.netspective.com 6
Customers are struggling with Accountable Tech
Cost per patient per procedure / treatment going up but without
ability to explain why
Cost for same procedure /
treatment plan highly variable across localities
Unable to compare drug efficacy across
patient populations
Unable to compare health
treatment effectiveness
across patients
Variability in fees and treatments promotes fraud
Lack of visibility of entire patient record causes medical errors
Everything your app/device does to help answer important questions below means more sales and better margins
NETSPECTIVE
www.netspective.com 7
Opportunities for incremental or new revenue
Fill clinical documentation
into EHRs
Improve alarm notification
Review and perform
complex event processing
Add signal/data processing for
new parameters
Remotely upgrade and
service equipment
Automate clinical
workflows
Remote surveillance
Gateways and interoperability
appliances
NETSPECTIVE
www.netspective.com 8
Wireless BAN Ecosystem is complex without OSS
Source: Qualcomm
NETSPECTIVE
www.netspective.com 9
Data is getting more sophisticated, analysis even more so
ProteomicsGenomicsBiochemicalBehavioralPhenotypic
sEconomics
It’s hard today but will be even harder tomorrow
IOT sensorsAdministrative
NETSPECTIVE
www.netspective.com 10
Implications of healthcare trends
PPACA ACO
MU PCMH
Health Home mHealth
DATAEvidence Based
MedicineComparative Effectiveness
Software
Regulated IT and Systems Integration
Services
NETSPECTIVE
www.netspective.com 11
What’s being offered to users What users really want
What users want vs. what they’re offeredData visualization requires integration and aggregation
NETSPECTIVE
www.netspective.com 12
Evolving Healthcare IT Enterprise ArchitectureYou need to fit into a complex environment
CloudServices
ManagementDashboards
Data Transformation (ESB, HL7)
BaaS Gateway(DDS, XMPP, ESB)
Enterprise DataRCM, Financials, EHRs
Device Inventory
Cross Device App Workflows
AlarmNotifications
Patient ContextMonitoring
DeviceTeaming
DeviceManagementReport
Generation
HITIntegration
RemoteSurveillance
DeviceData
SSL VPN
PatientSelf-Management
Platforms
Device Utilization
Device reimbursement
Device profitability
www.netspective.com 13
• Should medical device and health IT vendors be using open source to implement their safety-critical requirements?
• How about contributing to open source projects?
• How about creating their own open source projects?
www.netspective.com 14
Yes!• If you’re not using open source projects
in your own devices then you’re doing far more engineering work than is necessary.
• If you’re not contributing to open source then you’re not making code you rely on better.
• If you’re not creating open source then you’re missing a valuable marketing opportunity.
NETSPECTIVE
www.netspective.com 15
Connectivity is a must, OSS is answer
Data integration Manageability
Enhance functionality
Most obvious benefit Least attention
Most promisingcapability
This talk focuses on connected devices
NETSPECTIVE
www.netspective.com 16
Smart buyers looking for poly-connectivity
Device Hospital Network
Corporate Gateway
External Cloud
Hospital Systems
Option 1 (no cellular access or hospital IT integration required)
Device External Cloud
Option 2 (cellular access and no hospital IT integration required)
DDS
REST
HL7
X.12
DDS REST
MPEG-21
MPEG-21
Could be a Home
Network, too
Wired
WirelessBluetooth, WiFi, Zibee, etc.
Wireless, Cellular
NETSPECTIVE
www.netspective.com 17
Appreciate tradeoffs
Integration-
friendliness
Ease of validation
The more connection-friendly a device, the harder it is to validate it
Lesson: Demand Testability
NETSPECTIVE
www.netspective.com 18
Regulatory Strategy
510(k) PMA, Class 3, Class
2, etc.
UnregulatedEHR or others
510(k)Class 2
“Data Bridges”
“Everything else”Customer registryPatient registryPatient profileStudy ManagementBilling
“The Device”
Class 1
MDDS
NETSPECTIVE
www.netspective.com 19
What are we afraid of when it comes to OSS?Compliance
Will the FDA and other regulators accept open source code in safety-critical systems?
Reliability
Is open source code safe enough for medical devices?
www.netspective.com 20
Yes, of course.
Proof: we did it at American Red Cross in 1996 for a Class 3 device built on a modern enterprise IT ecosystem
Lesson: Risk managers and quality leadership often use regulators as an excuse to prevent OSS use because of OSS illiteracy, not legitimate strategy or actual evidence of harm.
Reality: Regulators don’t care about your use of open source, they care about safe systems that meet intended use.
NETSPECTIVE
www.netspective.com 21
Code you write is not necessarily safer
Modern IT systems’ custom components
There is significantly more and better testing of large open source projects than you could ever do
In an integrated ecosystem, you have to learn how to rely on others and do so safely and effectively
NETSPECTIVE
www.netspective.com 22
It’s not as hard as we think…
• Modern real-time operating systems (open source and commercial) are reliable for safety-critical medical-grade requirements.
• Open standards such as TCP/IP, DDS, HTTP, and XMPP can pull vendors out of the 1980’s and into the 1990’s.
• Open source and open standards that promote enterprise IT connectivity can pull vendors into the 2010’s and beyond.
How to start using OSS immediately
NETSPECTIVE
www.netspective.com 24
Remove OSS illiteracy from decision making
Understand open source
licensing, remove the fear
of IP loss
Understand where code is coming from and what test
harnesses included
Get in touch with the open
source developers to find out the
current utilization
NETSPECTIVE
www.netspective.com 25
Choose the right OSS projects
Requirements traceability possible?
Code reviews conducted by
OSS code authors?
Unit testing conducted by
authors?
Continuous integration
system employed?
Integration testing
conducted?
Performance testing
conducted?
Safety testing conducted?
Security testing
conducted?
NETSPECTIVE
www.netspective.com 26
Engender trust in the code’s provenance
Connect to the revision
control system of the open source project
Create your own
binaries
Create a process to securely sign the binaries
Create your own
deployment packages
NETSPECTIVE
www.netspective.com 27
Integrate OSS into your QSR process
Employ continuous integration (CI) for your own and OSS
project components
Create a process to test the binaries
using code coverage tools
Conduct continuous hazard and risk analysis of outside code
Keep an eye on changes coming in
from the source and retest regularly
NETSPECTIVE
www.netspective.com 28
But it’s not easy either…we need
Risk Assessments
Hazard Analysis
Design for Testability
Design for Simulations
Documentation Traceability Mathematica
l Proofs Determinism
Instrumentation
Theoretical foundations
NETSPECTIVE
www.netspective.com 29
OSS hazard and risk assessment
• What is the intended use for the device or system?
• How will the OSS product you’re planning to use going to be tied to your intended use?
• What is the risk associated with the OSS product for that particular intended use?
R = Sh x Ph
NETSPECTIVE
www.netspective.com 30
Risk is related to severity and harm
R = Sh x Ph
R = riskSh = severity of harm
Ph = probability of harm
• Harm is damage done to a person• Severity is the degree of harm done• Probability is the frequency and duration of exposure
NETSPECTIVE
www.netspective.com 31
Examples of Severity & Probability
Severity
• multiple fatalities• fatalities• severe injury (non-reversible,
requires hospitalization)• moderate injury (reversible,
requires hospitalization)• minor (reversible, requires first
aid)• very minor (no first aid)
Probability
• Constant exposure• Hourly• Daily• Weekly• Monthly• Yearly• Never
NETSPECTIVE
www.netspective.com 32
Formal risk assessment methods
What-if analysis
Preliminary hazard
analysis (PHA)
Failure modes and
effects analysis (FMEA)
Fault tree analysis (FTA)
Hazard and operability
studies
NETSPECTIVE
www.netspective.com 33
OSS Risk analysis steps - FMEA
• Define the function of the OSS product being analyzed. • Identify potential failures of the OSS. • Determine the causes of each failure types. • Determine the effects of potential failures. • Assign a risk index to each of the failure types. • Determine the most appropriate corrective/preventive
actions. • Monitor the implementation of the
corrective/preventive to ensure that it is having the desired effect.
NETSPECTIVE
www.netspective.com 34
Good summary of FMEA
• http://en.wikipedia.org/wiki/Failure_mode_and_effects_analysis
NETSPECTIVE
www.netspective.com 35
Sampling of OSS / open standardsProject / Standard Subject area D G Comments
Linux or Android Operating system
OMG DDS (data distribution service)
Publish and subscribe messaging
Open standard with open source implementations
AppWeb, Apache Web/app server
OpenTSDB Time series database Open source project
Mirth HL7 messaging engine
Built on Mule ESB
Alembic Aurion HIE, message exchange
Successor to CONNECT
HTML5, XMPP, JSON Various areas Don’t reinvent the wheel
SAML, XACML Security and privacy
DynObj, OSGi, JPF Plugin frameworks Build for extensibility
NETSPECTIVE
www.netspective.com 36
OSS applicability to connectivityPhysical• W
ired, wireless (WiFi, cellular, etc.)
S
tr
u
c
t
u
r
a
l• S
e
c
u
rit
y
,
N
u
m
b
e
r
s
,
U
n
it
s
o
f
M
e
a
s
u
r
e
,
e
t
c
.
Semantic• P
resence, Vitals, Glucose, Heartbeats, etc.
NETSPECTIVE
www.netspective.com 37
OSS applicability to manageability
Security• Is the device
authorized?
Inventory• Where is the
device?
Presence• Is a device
connected?
Teaming• Device grouping
NETSPECTIVE
www.netspective.com 38
OSS enables extensible devices
Legacy Devices Future Devices
NETSPECTIVE
www.netspective.com 39
Device Components 3rd Party Plugins
App #1
App #2
Security and Management LayerDevice OS(QNX, Linux, Windows)
Sensors Storage Display Plugins
Web Server, IM Client
Connectivity Layer (DDS, HTTP, XMPP)
• Presence• Messaging• Registration• JDBC, Query
CloudServices
ManagementDashboards
Data Transformation (ESB, HL7)
Device Gateway (DDS, ESB)
Healthcare Enterprise
Enterprise Data
Shahid’s “Ultimate Connectivity Architecture”
Plugin Container
Event Architecture
Inventory
Workflow
NotificationsPatient Context
LocationAware
1 23
4
5
6
7
8
9
SSL VPN
NETSPECTIVE
www.netspective.com 40
OSS in Ultimate Architecture Core
Device Components
Security and Management LayerDevice OS(QNX, Linux, Windows)
Connectivity Layer (DDS, HTTP, XMPP)
Plugin Container
Don’t createyour own OS!
Security isn’tadded later
Think aboutPlugins from day 1
Connectivity isbuilt-in, not added
Build onOpen Source
Create code asa last resort
NETSPECTIVE
www.netspective.com 41
OSS enables plugin architecture
Device Components 3rd Party Plugins
App #1
App #2
Security and Management LayerDevice OS(QNX, Linux, Windows)
Plugins
Connectivity Layer (DDS, HTTP, XMPP)
Plugin Container
Event Architecture
LocationAware
NETSPECTIVE
www.netspective.com 42
OSS in connectivity components
Device Components
Security and Management LayerDevice OS(QNX, Linux, Windows)
Web Server, IM Client
Connectivity Layer (DDS, HTTP, XMPP)
• Presence• Messaging• Registration• JDBC, Query
Plugin Container
Surveillance &“remote display”
Remote Access
AlarmsEvent Viewer
Design all functions as plugins
NETSPECTIVE
www.netspective.com 43
OSS in device components
Device Components 3rd Party Plugins
Security and Management LayerDevice OS(QNX, Linux, Windows)
Sensors Storage Display Plugins
Web Server, IM Client
Connectivity Layer (HTTP, XMPP)
Plugin Container
Event Architecture
Location
Aware
Virtualize!
“On Device”Workflow
PatientContext, too
NETSPECTIVE
www.netspective.com 44
OSS enables enterprise integration
CloudServices
ManagementDashboards
Data Transformation (ESB, HL7)
BaaS Gateway(DDS, XMPP, ESB)
Enterprise DataRCM, Financials, EHRs
Device Inventory
Cross Device App Workflows
AlarmNotifications
Patient ContextMonitoring
DeviceTeaming
DeviceManagementReport
Generation
HITIntegration
RemoteSurveillance
DeviceData
SSL VPN
PatientSelf-Management
Platforms
Device Utilization
Device reimbursement
Device profitability
Thank You
Visit http://www.netspective.com http://www.healthcareguy.comE-mail [email protected] @ShahidNShahCall 202-713-5409