hie-and-open-source
DESCRIPTION
http://posscon.org/assets/Uploads/HIE-and-Open-Source.pdfTRANSCRIPT
<Insert Picture Here>
Health Information Exchange and Open Source Communities
Dan Russler, M.D.VP Clinical InformaticsOracle Health Sciences Global StrategyMar2011
© 2010 Oracle Corporation – Proprietary and Confidential 2
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Abstract: Several open source communities specializing in Health Information Technology have developed in the last several years. These include Open Health Tools at the international level of participation and include the CONNECT, Direct Project, and Standards & Infrastructure Framework communities at the US level of participation. All of these communities utilize wikis and other collaboration tools to allow active participation on a daily basis. However, scope, governance and software developer participation differ. A review of these open source communities includes discussion on the practical use of this open source HIT software in the health industry.
© 2010 Oracle Corporation – Proprietary and Confidential 3
Source: Oracle Insight Analysis
•Expanded access • Improved reimbursement•Reduced patient churn• Improved patient satisfaction & loyalty
• Reduced back-office costs (supply chain, HR, Finance)
• Improved Planning, Forecasting & Decision Making
• Low cost to serve patients (at a given level of care/outcome)
• Holistic approach across care continuum• Patient (and caregiver) empowerment• Processes based on “Voice-of-Patient”
Reduce Cost
Deliver Quality Patient Care
Enha
nce
Reve
nue
Provider Priority Triad
Providers Need To Manage Three Priorities
© 2010 Oracle Corporation – Proprietary and Confidential 4
Enable Health Information Exchange(HIE) by Adopting Electronic Health Records (EHR)
“How do we permanently bring down costs and make quality, affordable healthcare available to every single American?...First, we need to [switch] from a paper to an electronic system…so that information can be tracked from one doctor to another.."
- President Barack Obama, Addressing American Medical Association, 2009
An Initiative That Promises To Improve Quality And Efficiency
Secure Health Information Exchange of Electronic Health Records (EHR)
Deliver Complete Patient Data Rapidly, Efficiently, and Securely to All Authorized Healthcare Stakeholders
“A key premise [is that] information should follow the patient, and artificial obstacles — technical, business related, and bureaucratic — should not get in the way."
- Dr David Blumenthal, US National coordinator for health information technology, 2009
1
2
© 2010 Oracle Corporation – Proprietary and Confidential 5
What is Health Information Exchange?
AcademicMedical Center
PublicHealth
SpecialtyClinic
Long-TermCare
Finance Researchand Education
Home Health
Pharmacy BenefitManagement
Payers
HospitalDiagnosticImaging Center
Physicians
Pharmacy
ClinicalDocuments
ReferenceLaboratory
MedicalSupplier
EmergencyServices
Clinical Research
Organization & PharmaGovernment
Insurance
Employer
Ambulatory Centers
ScreeningRegisters
© 2010 Oracle Corporation – Proprietary and Confidential 6
Within one HC org Doesn’t scale across orgs
Not standards-based
Info conforms to National Interoperability Standards and can be shared across more than one HC org
Seamless exchange across disparate systems across Public/Private,
Providers/Payers and HIO/Patients
HIEs across the country“Network of networks”
(1) To receive the HIT funding per the HITECH act, providers need to show "meaningful use" of an EHR system; more in appendix on “meaningful use” criteria(2) EMR=Electronic Medical Records; EHR=Electronic Health Records; HIE-Health Information Exchange; and NWHIN=Nationwide Health Information Network
“We must ensure interoperability for the future”Dr. Blumenthal, Health and Human Services National Coordinator for HIT
Establishing Regional HIEs Is The Critical Step In Achieving
Nationwide Interoperability In The Form of NwHIN
U.S. Government Strategic Roadmap For Enabling Health Information Exchange
EMR1,2
EHR1,2
HIE1,2
NwHIN1,2
© 2010 Oracle Corporation – Proprietary and Confidential 7
NwHIN Standards Will Guide U.S. HIEs
“Private and secure health information exchange enables information to follow the patient when and where it is needed for better care. The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies.”
Dr. David Blumenthal, National Coordinator for Health Information Technology
May 14, 2010
© 2010 Oracle Corporation – Proprietary and Confidential 8
What Does Health Information Exchange Mean to Providers?
• Sharing healthcare information between entities, across a network
• Could be public-private HIE consortium, e.g. NwHIN
• Need to grow into the robust infrastructures required to support true Personalized Health
• Could span across many levels:– Public National International– Private Multi-region Hospital
Chain Enterprise– State– Community– Local Provider Enterprise
Service Area
<Insert Picture Here>
Oracle Health Information ExchangeOpen Source in Use
© 2010 Oracle Corporation – Proprietary and Confidential 10
Oracle Health Information Exchange Solution Overview
You can…• Comply with evolving Governance and Compliance regulations• Meet Meaningful Use requirements and improve care delivery• Support the translational research and consent management
needed to achieve Personalized Healthcare
Oracle Health Information Exchange is an extensible, open, standards-based, solution built upon a reliable technology infrastructure for the secure exchange of electronic Protected Health Information (PHI)
© 2010 Oracle Corporation – Proprietary and Confidential 11
Oracle Health Information ExchangeKey Components
(HIM) leverages the CONNECT reference architecture and Oracle server virtualization to provide a broad range of international-standards-based web services to HIE applications in a management and performance-optimized solution; HIM may be utilized either as a standalone set of repository services or integrated into the management-optimized Oracle HIE solution
(HIG) leverages the CONNECT open source application and Oracle server virtualization to orchestrate secure, health policy-based communications over the Internet for the in-flight protection of personal health information (PHI); HIG may be integrated with other IHE-compliant software or integrated into the management-optimized Oracle HIE solution
Present the business process GUIs for consumers, providers, and other health information stakeholders supported by HIM and HIG in a secure, open, flexible, standards-based presentation environment, especially when displayed via Oracle Sun Ray Desktop Virtualization solutions for maximum data center access control
Oracle Health Sciences Information
Manager (HIM)
Oracle Health Sciences Information
Gateway (HIG)
Oracle Health Sciences Portals and
Applications
Health Information Exchange and the EHRWorries of a Health Enterprise CIO
• Preventing EHR System Performance Problems– Electronic Health Record system response time is mission critical to
care givers– Heavy query loads from the Internet may threaten response time to
internal enterprise care givers at critical times• Control of EHR Information Sharing over the Internet
– Not all information in EHR systems is intended for sharing– Access to sharable EHR information should be under CIO control– Few EHR systems today allow CIOs to segregate sharable
information• Granular Control over Release of Information
– Many organizations prefer granular control, e.g. consumer consents for use of data for research
– Most EHR systems do not support granular release of information based on individual consumer consents
© 2010 Oracle Corporation
DM
Z Fi
rew
all &
Inte
rnet
Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
End Users
DMZProxy
Servers
Cloud Computing Data Center
Firewall Penetrations Multiple Internal and back channel
PHI Data Sources
Standardized“Front Door”
HIETransactions
Edge Servers for EHR UsersDesktop Virtualization
Edge Servers
for the
Health Information
Internet Cloud
Electronic
Health Record
System(s)
Edge Servers supports Secure, Controlled Health Information Exchange of PHI to and from
the EHR System(s)
© 2010 Oracle Corporation – Proprietary and Confidential 14
Oracle HIE Solution Architecture Connect “Architecture,” the Oracle Viewpoint
What is the CONNECT “Architecture” to Oracle?• CONNECT itself is an open source software solution that supports health information exchange – both
locally and at the national level• CONNECT uses NWHIN standards and governance to make sure that health information exchanges are
compatible with other exchanges being set up throughout the country
Features of the CONNECT “Architecture” important to Oracle• A “two-component” DMZ Gateway and Data Center Adapter model• Provides maximum control over Internet traffic into and out of the data center• OHS Information Gateway delivers these two components as virtualized servers for two hardware servers
separated by a firewall• An Adapter architecture that supports a standardized set of web service endpoints that become virtualized
servers within the OHS Information Manager
CONNECT “Architecture” can be used to• Set up a health information exchange within an organization • Connect with many other public and private HIEs• Provide an “edge server architecture” for Enterprise EHR system(s)
Breaking News Report!CONNECT open source community transition
• Major Governance Change
• Scope: a wide variety of projects
• First project: Aurion, an open source software project built on CONNECT
• Aurion Project is a means to take the initial CONNECT community to the next level by moving the project out into the private sector, where all organizations – big and small, in the public and private sectors – can work together to make the software stronger
© 2010 Oracle Corporation – Proprietary and Confidential 16
NHINInfrastructure
Zone
Services Registry
Security Infrastructure
NHIN Zone
HIO Zone
Federal HIE Solution
Implementing CONNECT Architecture & Components within the Health Information Organization (HIO)
NHIN Node
HIO System(s)
NHIN Node
Minimal centralized federal services
HIO DMZ Firewall
CONNECT
© 2010 Oracle Corporation – Proprietary and Confidential 17
Federal Gateway Services Model
Illustrates Complex HIE Orchestrations
Federal HIE Solution – Removing the Covers Hiding Complexity “inside CONNECT”
Implementing CONNECT Architecture & Components within the Health Information Organization (HIO)
PatientDiscovery
Query forDocuments
RetrieveDocuments
SubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
UDDI UpdateManagement
SubjectDiscovery
Query forDocuments
RetrieveDocuments
NHIN Orchestration ComponentsSubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
UDDI UpdateManagement
Patient Correlation Repository
Audit Repository
DocumentCache
CONNECT Core Components
ConnectionManager
SubscriptionRepository
OthersOthers
CONNECT Gateway
PatientDiscovery MPI
Query forDocuments
RetrieveDocuments Policy
SubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
OthersDataTransforms
TerminologyServices Others
SDK Services
Docum
entR
epository
Docum
entR
egistry
MPI
Adapter Services Bus
Policy Engine
SubscriptionR
epository
Re-Identification
CONNECT Adapter
HIO DMZ Firewall
HIO Data Center Firewall
NHIN Node
HIO System(s)
NHIN Node
NHINInfrastructure
Zone
Services Registry
Security Infrastructure
NHIN Zone
HIO Zone
© 2010 Oracle Corporation
EXALOGIC Oracle Hardware Servers EXADATA
DM
Z Fi
rew
all &
Inte
rnet
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Information Exchange “Edge-server” Architecture Use of Open Source Software
SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
End Users
Firewall Penetrations
Standardized“Front Door”
HIETransactions
Cloud Computing Data Center
Multiple Internal and back channel
PHI Data Sources
Edge Servers for EHR UsersDesktop Virtualization
Oracle Health Sciences Information Gateway
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Adaptive Web Service Design & Orchestration
•Oracle GlassFish•Oracle Linux•Oracle VM (Xen)•Oracle MySQL•Oracle Solaris
© 2010 Oracle Corporation – Proprietary and Confidential 19
Oracle Health Sciences Information GatewayDelivering Value
ProvidersOracle Health Sciences Information Gateway accelerates the implementation of meaningful use objectives through health sciences information exchange between certified and non-certified EHR modules and other health information organizations
Academic Medical Centers
Oracle Health Sciences Information Gateway facilitates health sciences information exchange for research purpose and patient care purposes at a very low IT cost
Clinical ResearchersOracle Health Sciences Information Gateway lowers the cost of obtaining and executing on consumer consent for release of health sciences information for clinical research purposes
Oracle Health Sciences Information Gateway (HIG) leverages the CONNECT open source application and Oracle server virtualization to orchestrates secure, health policy-based communications over the Internet for the protection in-flight of personal health information (PHI)
© 2010 Oracle Corporation – Proprietary and Confidential 20
Oracle Health Sciences Information GatewayOracle VM Template Model
HIG Roadmap: • Upgrade to newer releases of CONNECT (now Aurion)• Offer WebLogic application server templates in addition to
GlassFish application server templates
© 2010 Oracle Corporation – Proprietary and Confidential 21
Oracle Health Sciences Information GatewayDMZ Gateway Component Architecture based on CONNECT
Governance and Compliance• Protects Health Data Center Personal Health Information (PHI)• Enforces Privacy Policies on Release of Information• Encryption In-flight over the Internet• NHIN Compatible Web-services exposed to the Internet
PatientDiscovery
Query forDocuments
RetrieveDocuments
SubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
UDDI UpdateManagement
SubjectDiscovery
Query forDocuments
RetrieveDocuments
NHIN Orchestration ComponentsSubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
UDDI UpdateManagement
Patient Correlation Repository
Audit Repository
DocumentCache
CONNECT Core ComponentsConnection
ManagerSubscriptionRepository
OthersOthers
CONNECT Gateway
© 2010 Oracle Corporation – Proprietary and Confidential 22
Oracle Health Sciences Information GatewayData Center Adapter Services “Bus” Orchestration
Governance and Compliance• Standardized Web-service Orchestration of HIE Business Processes• Supports HIE Release of Information Policies• Encryption In-flight through firewall and inside the datacenter• Supports standard IHE XDS Web-service “plug-in” components via TLS ( )
OthersDataTransforms
TerminologyServices Others
SDK Services
Docum
entR
epository
Docum
entR
egistry
MPI
Adapter Services Bus
Policy Engine
SubscriptionR
epository
Re-
Identification
PatientDiscovery MPI
Query forDocuments
RetrieveDocuments Policy
SubscriptionManagement
NotificationProcessing
DocumentSubmission
AuditReporting
CONNECT Adapter
© 2010 Oracle Corporation
EXALOGIC Oracle Hardware Servers EXADATA
DM
Z Fi
rew
all &
Inte
rnet
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources
SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
End Users
Firewall Penetrations
Standardized“Front Door”
HIETransactions
Cloud Computing Data Center
Multiple Internal and back channel
PHI Data Sources
Edge Servers for EHR UsersDesktop Virtualization
Oracle Health Sciences Information Gateway
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Adaptive Web Service Design & Orchestration
Oracle Health Sciences
Information Manager Components
Health Record Locator
Health Policy Monitor
Health Policy Engine
Healthcare Master Person Index
Healthcare Transaction Baseopen
source histories
Oracle Health Sciences
Information Manager
© 2010 Oracle Corporation
EXALOGIC Oracle Hardware Servers EXADATA
DM
Z Fi
rew
all &
Inte
rnet
Oracle Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity & Access ManagementSSO User Provisioning LDAP
Oracle Desktop VirtualizationCaregiver Mobility
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Information Exchange ArchitectureEnterprise Access Control Built on Oracle Technology
Oracle Health Sciences Information Gateway
Oracle Business Process Management Suite ESB BPEL Business Process Manager Process Analysis
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Adaptive Web Service Design & Orchestration
SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Components
Health Record Locator
Health Policy Monitor
Health Policy Engine
Healthcare Master Person Index
Healthcare Transaction Base
© 2010 Oracle Corporation – Proprietary and Confidential 25
Standards, Testing, and Open SourceThe sequence of Public Development in Healthcare
1. Standards• Cross-industry Standards examples
– W3C, OASIS, …• Healthcare Standards examples
– HL7 (messages, documents, services)– DICOM (imaging)– LOINC, SNOMED (terminology standards)
2. Public Software Testing Specifications• IHE (international) – XDS web services architecture, medical devices• NIST (National, e.g. US Federal EHR certifications)
3. Standards-based Open Source Healthcare Implementations• Open Health Tools (multiple projects—both tooling and applications)• CONNECT (now Aurion)• Direct Project (Secure Health Email)
© 2010 Oracle Corporation – Proprietary and Confidential 26
Oracle Exadata Hardware Servers
DM
Z Fi
rew
all &
Inte
rnet
Oracle Health Sciences Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity ManagementSSO User Provisioning LDAP
Oracle Desktop Virtualization
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
Oracle BPA Suite Oracle SOA Suite
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Web Service Orchestration
Oracle Health Sciences Information Manager
Other SOA Web Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Oracle Health Sciences Information Manager Health Transaction Policy Management Components
Components
Health Record Locator
Health Policy Monitor
Health Policy Engine
Healthcare Master Person Index
Healthcare Transaction Base
© 2010 Oracle Corporation – Proprietary and Confidential 27
Oracle Health Sciences Information ManagerHealth Policy Engine Management Components
Governance and Compliance• CONNECT Orchestrates Release of Information Decisions• Dynamically executes on regulatory and organizational policy• Incorporates Patient Consent into policy• XACML standards based• Integrates to LDAP directories for single-sign on access control
Patient Consent Mgmt GUI
Policy Decision Point (Engine)
Single Sign-on Authentication
Components
Docum
entR
epository
Docum
entR
egistry
MPI
Adapter Services Bus
Policy Engine
SubscriptionR
epository
Re-
Identification
CONNECT Adapter
Policy Information Point
Policy Enforcement Point
Adapter Document Registry/Repository
Policy EngineOrchestrator
AdapterPolicy
Policy Management
Detail
© 2010 Oracle Corporation – Proprietary and Confidential28
Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components
• First Register and Store Documents from providers
• Providers Retrieve Documents:– Find Patient– Then Locate Documents– Then Retrieve Document
• Supports centralized, federated and hybrid data models
• HIM facilitates installation and coordination of IHE XDS components
ORACLE HIM QUERY AND RESPONSE PROCESS
Patient Lookup
Documents Associated with Patient
Select Patient
Select Individual
record/ Document
Extract full data set/
document
Potential Matches
Requestor/ESB OHMPI Registry Repository
Display Record Set
Query XDS.b Registry
Display record headers, store pointers
Query XDS.b Repository
Displayed Detailed result(s)
© 2010 Oracle Corporation – Proprietary and Confidential 29
Oracle Exadata Hardware Servers
DM
Z Fi
rew
all &
Inte
rnet
Oracle Health Sciences Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity ManagementSSO User Provisioning LDAP
Oracle Desktop Virtualization
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
Oracle BPA Suite Oracle SOA Suite
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Web Service Orchestration
Oracle Health Sciences Information Manager
Other SOA Web Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Oracle Health Sciences Information Manager Master Person Index (MPI) Component
Components
Health Record Locator
Health Policy Monitor
Health Policy Engine
Healthcare Master Person Index
Healthcare Transaction Base
© 2010 Oracle Corporation – Proprietary and Confidential 30
Oracle Health Sciences Information ManagerHealthcare Master Person Index Component
• Enterprise Cross-Reference of demographics and identifiers• Cleanses and standardizes data• Probabilistic and deterministic matching process• Complex algorithms for character uncertainty
Phonetic errors, transpositions, character insertion, deletion, and replacement
• Address tokenization• Filters “junk” values i.e. John Doe or ID number “9999999”
EMPI
HL7
Web Service
API
IHE
BusinessServices
Hospital Systems
Pharmacy Systems
Physician Systems
PublicHealth
DiagnosticImaging
Lab Systems
© 2010 Oracle Corporation – Proprietary and Confidential 31
Oracle Health Sciences Information Manager Healthcare Master Person Index Matching Process
© 2010 Oracle Corporation – Proprietary and Confidential 32
Oracle Exadata Hardware Servers
DM
Z Fi
rew
all &
Inte
rnet
Oracle Health Sciences Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity ManagementSSO User Provisioning LDAP
Oracle Desktop Virtualization
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
Oracle BPA Suite Oracle SOA Suite
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Web Service Orchestration
Oracle Health Sciences Information Manager
Other SOA Web Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Oracle Health Sciences Information Manager Health Record Locator Component (XDS document registry)
Features
Health Record Locator
Health Policy Monitor
Health Policy Engine
Prerequisites
Healthcare Master Person Index
Healthcare Transaction Base
© 2010 Oracle Corporation – Proprietary and Confidential33
Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components
• First Register and Store Documents from providers
• Providers Retrieve Documents:– Find Patient– Then Locate Documents– Then Retrieve Document
• Supports centralized, federated and hybrid data models
• HIM facilitates installation and coordination of IHE XDS components
ORACLE HIM QUERY AND RESPONSE PROCESS
Patient Lookup
Documents Associated with Patient
Select Patient
Select Individual
record/ Document
Extract full data set/
document
Potential Matches
Requestor/ESB OHMPI Registry Repository
Display Record Set
Query XDS.b Registry
Display record headers, store pointers
Query XDS.b Repository
Displayed Detailed result(s)
© 2010 Oracle Corporation – Proprietary and Confidential 34
Oracle Exadata Hardware Servers
DM
Z Fi
rew
all &
Inte
rnet
Oracle Health Sciences Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity ManagementSSO User Provisioning LDAP
Oracle Desktop Virtualization
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
Oracle BPA Suite Oracle SOA Suite
Fixed Web Service Orchestration
Data Center AdapterDMZ Gateway
Web Service Orchestration
Web Service Orchestration
Oracle Health Sciences Information Manager
Other SOA Web Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Oracle Health Sciences Information Manager Healthcare Transaction Base Document Repository component
Features
Health Record Locator
Health Policy Monitor
Health Policy Engine
Prerequisites
Healthcare Master Person Index
Healthcare Transaction Base
© 2010 Oracle Corporation – Proprietary and Confidential 35
Opportunities for Small IT Business in HealthcareOpen Source Applications and the Small Healthcare Business
1. Local Support for Open Source Applications• Small Clinics
– Communications with Local Hospitals, Referral Centers, and Patients• Nursing Homes and Assisted Living Centers
– Long-term residential care facilities for elderly and disabled– Communications with families
• Urgent Care Hospitals– Mostly rural emergency rooms with few beds– Ambulance communications
• Independent Pharmacies– Prescriptions from Clinics, Nursing Homes, and Urgent Care Hospital– Refill requests from patients
2. Incorporation of Open Source Software into proprietary software• Reach market entry faster• Focus on initial support and growth instead of development • Begin with Open Health Tools: www.openhealthtools.org
The Direct Project – Small Business Support
“The Direct Project will help support simple exchange where a sender wants to push health information securely to a receiver.”
Status:• Direct Design Initiative Launched: 1March2010• First Live Implementation: Feb2011 (Rhode Island)
Direct Project Goals
• The Direct Project was designed to provide support for small providers and consumers who are using fax as the standard for electronic health communications
– Reduces the privacy and security issues related to fax– Complements the large enterprise use cases already
supported by the Nationwide Health Information Network– Leverages current email workflows into an Internet-based
Secure Health Email solution – Adds small, independent providers in the rural and urban
“white space” to Health Information Exchange use cases
Fax “Hassle-factors” for Small Business Providers
• Cost of dedicated phone lines• Labor costs: Routing paper fax to paper medical
record files OR routing electronic fax to electronic image archives
• Errors: Misfiling of fax records• Privacy and security breaches
– Uncontrolled access to fax rooms – can’t afford dedicated rooms
– Unmanned fax rooms – health records on the floor– Wrong fax line numbers – who received the health record?– Insufficient confirmations of receipt – lack of accountability
Direct Project Secure Health Email Solution
• Eliminate Fax!
• Use ordinary email routing for data transportation
• Use Secure MIME (S/MIME email attachment) encryption for data payload
• Offer standardized payload formats in addition to usual email formats– Allows increasing exchange of structured data over time– More efficient exchange of structured data as specialized health
email clients are created for consumers and small providers
<Insert Picture Here>
Direct CommunicationsEnterprise Benefits and Risks
Enterprise Benefits of Secure Health Email
• Reduction in Fax Labor Cost• Improved communication inside service area
– Small business Providers• Clinics• Nursing Homes• Independent pharmacies• Home health agencies
– Consumers• Referrals from outside service area
– Secondary, Tertiary, and Quaternary Hospital Care– Academic Consultations
Enterprise Risks of Secure Health Email
• Protected Health Information (PHI) Security Risks– Inbound email PHI routing to legal Electronic Medical Record – may
get dropped by receiving employee: clerk, nurse, physician, etc, before insertion into medical record
– Outbound PHI auditing of encrypted email: risk of unauthorized and un-auditable release of encrypted PHI
• Variable (non-standard) secure email payloads increase labor costs (approaching fax labor costs)
• Pubic Key Infrastructure (PKI) Management Workflow– Provisioning and Validation of Public Key Certificates (for both
internal employees and external email sources)– Private Key management for internal employees
<Insert Picture Here>
Oracle Secure Health Email Solutions for Enterprises
Oracle Health Sciences Information Manager
© 2010 Oracle Corporation
EXALOGIC Oracle Hardware Servers EXADATA
DM
Z Fi
rew
all &
Inte
rnet
Oracle Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity & Access ManagementSSO User Provisioning LDAP
Oracle Desktop VirtualizationCaregiver Mobility
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Information Exchange “Edge-server” ArchitectureEnterprise Access Control Built on Oracle Technology
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
ESB BPEL Business Process Manager Process Analysis
Fixed Web Service Orchestration
Data Center Adapter(CONNECT)
DMZ Gateway(CONNECT)
Web Service Orchestration
Adaptive Web Service Design & Orchestration
SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
ComponentsHealth Record LocatorHealth Policy MonitorHealth Policy Engine
Healthcare Master Person Index
Healthcare Transaction Base
V1.1
© 2010 Oracle Corporation – Proprietary and Confidential45
Oracle Health Sciences Information Manager (HIM) Document Sharing (XDS) Components
• First Register and Store Documents from providers
• Providers Retrieve Documents:– Find Patient– Then Locate Documents– Then Retrieve Document
• Supports centralized, federated and hybrid data models
• HIM facilitates installation and coordination of XDS components
ORACLE HIM QUERY AND RESPONSE PROCESS
Patient Lookup
Documents Associated with Patient
Select Patient
Select Individual
record/ Document
Extract full data set/
document
Potential Matches
Requestor/ESB OHMPI Registry Repository
Display Record Set
Query XDS.b Registry
Display record headers, store pointers
Query XDS.b Repository
Displayed Detailed result(s)
Oracle Health Sciences Information Manager
© 2010 Oracle Corporation
EXALOGIC Oracle Hardware Servers EXADATA
ComponentsHealth Record LocatorHealth Policy MonitorHealth Policy EnginePublic Key Directory
DM
Z Fi
rew
all &
Inte
rnet
Oracle Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment
Oracle Identity & Access ManagementSSO User Provisioning LDAP
Oracle Desktop VirtualizationCaregiver Mobility
Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption
Oracle Health Information Exchange “Edge-server” ArchitectureRoad Map: Direct Project Secure Health Email
Oracle Health Sciences Information Gateway Oracle Business Process Management Suite
ESB BPEL Business Process Manager Process Analysis
Fixed Web Service Orchestration
Data Center AdapterCONNECT-Direct
DMZ GatewayCONNECT-Direct
Web Service Orchestration
Adaptive Web Service Design & Orchestration
Healthcare Master Person Index
Healthcare Transaction Base
SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies
Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager
Dat
a C
ente
r Fire
wal
lWeb Service
Registries
PKI Security CertificateAuthorities
Other HealthInformation
Organizations
Oracle Sun Ray Thin Client
Enterprise Secure Health Email ArchitectureProtecting the Enterprise using an XDS infrastructure
• Protected Health Information (PHI) Security Risks– Inbound email PHI decrypted and stored in XDS before
notifying internal email inbox– Outbound PHI stored in XDS, audited and encrypted
automatically; no email client encryption and risk of unauthorized and un-auditable release of encrypted PHI
• Pubic Key Infrastructure (PKI) Management Workflow– Public Key Directory for Providers and Consumers– Supplies Email Public Keys to External Email Sources
© 2010 Oracle Corporation – Proprietary and Confidential 48
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
© 2010 Oracle Corporation – Proprietary and Confidential 49
Q&A