hie-and-open-source

<Insert Picture Here>

Health Information Exchange and Open Source Communities

Dan Russler, M.D.VP Clinical InformaticsOracle Health Sciences Global StrategyMar2011

© 2010 Oracle Corporation – Proprietary and Confidential 2

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Abstract: Several open source communities specializing in Health Information Technology have developed in the last several years. These include Open Health Tools at the international level of participation and include the CONNECT, Direct Project, and Standards & Infrastructure Framework communities at the US level of participation. All of these communities utilize wikis and other collaboration tools to allow active participation on a daily basis. However, scope, governance and software developer participation differ. A review of these open source communities includes discussion on the practical use of this open source HIT software in the health industry.


Source: Oracle Insight Analysis

•Expanded access • Improved reimbursement•Reduced patient churn• Improved patient satisfaction & loyalty

• Reduced back-office costs (supply chain, HR, Finance)

• Improved Planning, Forecasting & Decision Making

• Low cost to serve patients (at a given level of care/outcome)

• Holistic approach across care continuum• Patient (and caregiver) empowerment• Processes based on “Voice-of-Patient”

Reduce Cost

Deliver Quality Patient Care

Enha

nce

Reve

nue

Provider Priority Triad

Providers Need To Manage Three Priorities


Enable Health Information Exchange(HIE) by Adopting Electronic Health Records (EHR)

“How do we permanently bring down costs and make quality, affordable healthcare available to every single American?...First, we need to [switch] from a paper to an electronic system…so that information can be tracked from one doctor to another.."

- President Barack Obama, Addressing American Medical Association, 2009

An Initiative That Promises To Improve Quality And Efficiency

Secure Health Information Exchange of Electronic Health Records (EHR)

Deliver Complete Patient Data Rapidly, Efficiently, and Securely to All Authorized Healthcare Stakeholders

“A key premise [is that] information should follow the patient, and artificial obstacles — technical, business related, and bureaucratic — should not get in the way."

- Dr David Blumenthal, US National coordinator for health information technology, 2009

1

2


What is Health Information Exchange?

AcademicMedical Center

PublicHealth

SpecialtyClinic

Long-TermCare

Finance Researchand Education

Home Health

Pharmacy BenefitManagement

Payers

HospitalDiagnosticImaging Center

Physicians

Pharmacy

ClinicalDocuments

ReferenceLaboratory

MedicalSupplier

EmergencyServices

Clinical Research

Organization & PharmaGovernment

Insurance

Employer

Ambulatory Centers

ScreeningRegisters


Within one HC org Doesn’t scale across orgs

Not standards-based

Info conforms to National Interoperability Standards and can be shared across more than one HC org

Seamless exchange across disparate systems across Public/Private,

Providers/Payers and HIO/Patients

HIEs across the country“Network of networks”

(1) To receive the HIT funding per the HITECH act, providers need to show "meaningful use" of an EHR system; more in appendix on “meaningful use” criteria(2) EMR=Electronic Medical Records; EHR=Electronic Health Records; HIE-Health Information Exchange; and NWHIN=Nationwide Health Information Network

“We must ensure interoperability for the future”Dr. Blumenthal, Health and Human Services National Coordinator for HIT

Establishing Regional HIEs Is The Critical Step In Achieving

Nationwide Interoperability In The Form of NwHIN

U.S. Government Strategic Roadmap For Enabling Health Information Exchange

EMR1,2

EHR1,2

HIE1,2

NwHIN1,2


NwHIN Standards Will Guide U.S. HIEs

“Private and secure health information exchange enables information to follow the patient when and where it is needed for better care. The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies.”

Dr. David Blumenthal, National Coordinator for Health Information Technology

May 14, 2010


What Does Health Information Exchange Mean to Providers?

• Sharing healthcare information between entities, across a network

• Could be public-private HIE consortium, e.g. NwHIN

• Need to grow into the robust infrastructures required to support true Personalized Health

• Could span across many levels:– Public National International– Private Multi-region Hospital

Chain Enterprise– State– Community– Local Provider Enterprise

Service Area


Oracle Health Information ExchangeOpen Source in Use


Oracle Health Information Exchange Solution Overview

You can…• Comply with evolving Governance and Compliance regulations• Meet Meaningful Use requirements and improve care delivery• Support the translational research and consent management

needed to achieve Personalized Healthcare

Oracle Health Information Exchange is an extensible, open, standards-based, solution built upon a reliable technology infrastructure for the secure exchange of electronic Protected Health Information (PHI)


Oracle Health Information ExchangeKey Components

(HIM) leverages the CONNECT reference architecture and Oracle server virtualization to provide a broad range of international-standards-based web services to HIE applications in a management and performance-optimized solution; HIM may be utilized either as a standalone set of repository services or integrated into the management-optimized Oracle HIE solution

(HIG) leverages the CONNECT open source application and Oracle server virtualization to orchestrate secure, health policy-based communications over the Internet for the in-flight protection of personal health information (PHI); HIG may be integrated with other IHE-compliant software or integrated into the management-optimized Oracle HIE solution

Present the business process GUIs for consumers, providers, and other health information stakeholders supported by HIM and HIG in a secure, open, flexible, standards-based presentation environment, especially when displayed via Oracle Sun Ray Desktop Virtualization solutions for maximum data center access control

Oracle Health Sciences Information

Manager (HIM)

Oracle Health Sciences Information

Gateway (HIG)

Oracle Health Sciences Portals and

Applications

Health Information Exchange and the EHRWorries of a Health Enterprise CIO

• Preventing EHR System Performance Problems– Electronic Health Record system response time is mission critical to

care givers– Heavy query loads from the Internet may threaten response time to

internal enterprise care givers at critical times• Control of EHR Information Sharing over the Internet

– Not all information in EHR systems is intended for sharing– Access to sharable EHR information should be under CIO control– Few EHR systems today allow CIOs to segregate sharable

information• Granular Control over Release of Information

– Many organizations prefer granular control, e.g. consumer consents for use of data for research

– Most EHR systems do not support granular release of information based on individual consumer consents

© 2010 Oracle Corporation

DM

Z Fi

rew

all &

Inte

rnet

Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources

Dat

a C

ente

r Fire

wal

lWeb Service

Registries

PKI Security CertificateAuthorities

Other HealthInformation

Organizations

End Users

DMZProxy

Servers

Cloud Computing Data Center

Firewall Penetrations Multiple Internal and back channel

PHI Data Sources

Standardized“Front Door”

HIETransactions

Edge Servers for EHR UsersDesktop Virtualization

Edge Servers

for the

Health Information

Internet Cloud

Electronic

Health Record

System(s)

Edge Servers supports Secure, Controlled Health Information Exchange of PHI to and from

the EHR System(s)


Oracle HIE Solution Architecture Connect “Architecture,” the Oracle Viewpoint

What is the CONNECT “Architecture” to Oracle?• CONNECT itself is an open source software solution that supports health information exchange – both

locally and at the national level• CONNECT uses NWHIN standards and governance to make sure that health information exchanges are

compatible with other exchanges being set up throughout the country

Features of the CONNECT “Architecture” important to Oracle• A “two-component” DMZ Gateway and Data Center Adapter model• Provides maximum control over Internet traffic into and out of the data center• OHS Information Gateway delivers these two components as virtualized servers for two hardware servers

separated by a firewall• An Adapter architecture that supports a standardized set of web service endpoints that become virtualized

servers within the OHS Information Manager

CONNECT “Architecture” can be used to• Set up a health information exchange within an organization • Connect with many other public and private HIEs• Provide an “edge server architecture” for Enterprise EHR system(s)

Breaking News Report!CONNECT open source community transition

• Major Governance Change

• Scope: a wide variety of projects

• First project: Aurion, an open source software project built on CONNECT

• Aurion Project is a means to take the initial CONNECT community to the next level by moving the project out into the private sector, where all organizations – big and small, in the public and private sectors – can work together to make the software stronger


NHINInfrastructure

Zone

Services Registry

Security Infrastructure

NHIN Zone

HIO Zone

Federal HIE Solution

Implementing CONNECT Architecture & Components within the Health Information Organization (HIO)

NHIN Node

HIO System(s)

NHIN Node

Minimal centralized federal services

HIO DMZ Firewall

CONNECT


Federal Gateway Services Model

Illustrates Complex HIE Orchestrations

Federal HIE Solution – Removing the Covers Hiding Complexity “inside CONNECT”

Implementing CONNECT Architecture & Components within the Health Information Organization (HIO)

PatientDiscovery

Query forDocuments

RetrieveDocuments

SubscriptionManagement

NotificationProcessing

DocumentSubmission

AuditReporting

UDDI UpdateManagement

SubjectDiscovery

Query forDocuments

RetrieveDocuments

NHIN Orchestration ComponentsSubscriptionManagement


DocumentSubmission

AuditReporting


Patient Correlation Repository

Audit Repository

DocumentCache

CONNECT Core Components

ConnectionManager

SubscriptionRepository

OthersOthers

CONNECT Gateway

PatientDiscovery MPI

Query forDocuments

RetrieveDocuments Policy



DocumentSubmission

AuditReporting

OthersDataTransforms

TerminologyServices Others

SDK Services

Docum

entR

epository

Docum

entR

egistry

MPI

Adapter Services Bus

Policy Engine

SubscriptionR

epository

Re-Identification

CONNECT Adapter

HIO DMZ Firewall

HIO Data Center Firewall

NHIN Node

HIO System(s)

NHIN Node

NHINInfrastructure

Zone

Services Registry

Security Infrastructure

NHIN Zone

HIO Zone


EXALOGIC Oracle Hardware Servers EXADATA

DM

Z Fi

rew

all &

Inte

rnet

Oracle DatabasesEnterprise Linux Solaris Containers Oracle VM Database Encryption

Oracle Health Information Exchange “Edge-server” Architecture Use of Open Source Software

SOA-based IntegrationsOther SOA Service Endpoints Other Oracle VM Assemblies

Data Center ManagementOracle VM Assembly Builder Oracle Enterprise Manager

Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations

End Users

Firewall Penetrations


HIETransactions


Multiple Internal and back channel

PHI Data Sources


Oracle Health Sciences Information Gateway

Fixed Web Service Orchestration

Data Center AdapterDMZ Gateway

Web Service Orchestration

Adaptive Web Service Design & Orchestration

•Oracle GlassFish•Oracle Linux•Oracle VM (Xen)•Oracle MySQL•Oracle Solaris


Oracle Health Sciences Information GatewayDelivering Value

ProvidersOracle Health Sciences Information Gateway accelerates the implementation of meaningful use objectives through health sciences information exchange between certified and non-certified EHR modules and other health information organizations

Academic Medical Centers

Oracle Health Sciences Information Gateway facilitates health sciences information exchange for research purpose and patient care purposes at a very low IT cost

Clinical ResearchersOracle Health Sciences Information Gateway lowers the cost of obtaining and executing on consumer consent for release of health sciences information for clinical research purposes

Oracle Health Sciences Information Gateway (HIG) leverages the CONNECT open source application and Oracle server virtualization to orchestrates secure, health policy-based communications over the Internet for the protection in-flight of personal health information (PHI)


Oracle Health Sciences Information GatewayOracle VM Template Model

HIG Roadmap: • Upgrade to newer releases of CONNECT (now Aurion)• Offer WebLogic application server templates in addition to

GlassFish application server templates


Oracle Health Sciences Information GatewayDMZ Gateway Component Architecture based on CONNECT

Governance and Compliance• Protects Health Data Center Personal Health Information (PHI)• Enforces Privacy Policies on Release of Information• Encryption In-flight over the Internet• NHIN Compatible Web-services exposed to the Internet

PatientDiscovery

Query forDocuments

RetrieveDocuments



DocumentSubmission

AuditReporting


SubjectDiscovery

Query forDocuments

RetrieveDocuments

NHIN Orchestration ComponentsSubscriptionManagement


DocumentSubmission

AuditReporting


Patient Correlation Repository

Audit Repository

DocumentCache

CONNECT Core ComponentsConnection

ManagerSubscriptionRepository

OthersOthers

CONNECT Gateway


Oracle Health Sciences Information GatewayData Center Adapter Services “Bus” Orchestration

Governance and Compliance• Standardized Web-service Orchestration of HIE Business Processes• Supports HIE Release of Information Policies• Encryption In-flight through firewall and inside the datacenter• Supports standard IHE XDS Web-service “plug-in” components via TLS ( )

OthersDataTransforms

TerminologyServices Others

SDK Services

Docum

entR

epository

Docum

entR

egistry

MPI


Policy Engine

SubscriptionR

epository

Re-

Identification

PatientDiscovery MPI

Query forDocuments

RetrieveDocuments Policy



DocumentSubmission

AuditReporting

CONNECT Adapter



DM

Z Fi

rew

all &

Inte

rnet


Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources



Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations

End Users

Firewall Penetrations


HIETransactions


Multiple Internal and back channel

PHI Data Sources







Oracle Health Sciences

Information Manager Components

Health Record Locator

Health Policy Monitor

Health Policy Engine

Healthcare Master Person Index

Healthcare Transaction Baseopen

source histories

Oracle Health Sciences

Information Manager



DM

Z Fi

rew

all &

Inte

rnet

Oracle Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment

Oracle Identity & Access ManagementSSO User Provisioning LDAP

Oracle Desktop VirtualizationCaregiver Mobility


Oracle Health Information Exchange ArchitectureEnterprise Access Control Built on Oracle Technology


Oracle Business Process Management Suite ESB BPEL Business Process Manager Process Analysis







Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations

Oracle Sun Ray Thin Client

Components





Healthcare Transaction Base


Standards, Testing, and Open SourceThe sequence of Public Development in Healthcare

1. Standards• Cross-industry Standards examples

– W3C, OASIS, …• Healthcare Standards examples

– HL7 (messages, documents, services)– DICOM (imaging)– LOINC, SNOMED (terminology standards)

2. Public Software Testing Specifications• IHE (international) – XDS web services architecture, medical devices• NIST (National, e.g. US Federal EHR certifications)

3. Standards-based Open Source Healthcare Implementations• Open Health Tools (multiple projects—both tooling and applications)• CONNECT (now Aurion)• Direct Project (Secure Health Email)


Oracle Exadata Hardware Servers

DM

Z Fi

rew

all &

Inte

rnet

Oracle Health Sciences Portals and ApplicationsConsumers Clinicians Administrators Consent Mobility Empowerment

Oracle Identity ManagementSSO User Provisioning LDAP

Oracle Desktop Virtualization


Oracle Health Sciences Information Gateway Oracle Business Process Management Suite

Oracle BPA Suite Oracle SOA Suite





Oracle Health Sciences Information Manager

Other SOA Web Service Endpoints Other Oracle VM Assemblies


Dat

a C

ente

r Fire

wal

lWeb Service

Registries

Security CertificateAuthorities


Organizations


Oracle Health Sciences Information Manager Health Transaction Policy Management Components

Components







Oracle Health Sciences Information ManagerHealth Policy Engine Management Components

Governance and Compliance• CONNECT Orchestrates Release of Information Decisions• Dynamically executes on regulatory and organizational policy• Incorporates Patient Consent into policy• XACML standards based• Integrates to LDAP directories for single-sign on access control

Patient Consent Mgmt GUI

Policy Decision Point (Engine)

Single Sign-on Authentication

Components

Docum

entR

epository

Docum

entR

egistry

MPI


Policy Engine

SubscriptionR

epository

Re-

Identification

CONNECT Adapter

Policy Information Point

Policy Enforcement Point

Adapter Document Registry/Repository

Policy EngineOrchestrator

AdapterPolicy

Policy Management

Detail

© 2010 Oracle Corporation – Proprietary and Confidential28

Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components

• First Register and Store Documents from providers

• Providers Retrieve Documents:– Find Patient– Then Locate Documents– Then Retrieve Document

• Supports centralized, federated and hybrid data models

• HIM facilitates installation and coordination of IHE XDS components

ORACLE HIM QUERY AND RESPONSE PROCESS

Patient Lookup

Documents Associated with Patient

Select Patient

Select Individual

record/ Document

Extract full data set/

document

Potential Matches

Requestor/ESB OHMPI Registry Repository

Display Record Set

Query XDS.b Registry

Display record headers, store pointers

Query XDS.b Repository

Displayed Detailed result(s)



DM

Z Fi

rew

all &

Inte

rnet














Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations


Oracle Health Sciences Information Manager Master Person Index (MPI) Component

Components







Oracle Health Sciences Information ManagerHealthcare Master Person Index Component

• Enterprise Cross-Reference of demographics and identifiers• Cleanses and standardizes data• Probabilistic and deterministic matching process• Complex algorithms for character uncertainty

Phonetic errors, transpositions, character insertion, deletion, and replacement

• Address tokenization• Filters “junk” values i.e. John Doe or ID number “9999999”

EMPI

HL7

Web Service

API

IHE

BusinessServices

Hospital Systems

Pharmacy Systems

Physician Systems

PublicHealth

DiagnosticImaging

Lab Systems


Oracle Health Sciences Information Manager Healthcare Master Person Index Matching Process



DM

Z Fi

rew

all &

Inte

rnet














Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations


Oracle Health Sciences Information Manager Health Record Locator Component (XDS document registry)

Features




Prerequisites




Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components




• HIM facilitates installation and coordination of IHE XDS components


Patient Lookup


Select Patient

Select Individual

record/ Document


document

Potential Matches


Display Record Set







DM

Z Fi

rew

all &

Inte

rnet














Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations


Oracle Health Sciences Information Manager Healthcare Transaction Base Document Repository component

Features




Prerequisites




Opportunities for Small IT Business in HealthcareOpen Source Applications and the Small Healthcare Business

1. Local Support for Open Source Applications• Small Clinics

– Communications with Local Hospitals, Referral Centers, and Patients• Nursing Homes and Assisted Living Centers

– Long-term residential care facilities for elderly and disabled– Communications with families

• Urgent Care Hospitals– Mostly rural emergency rooms with few beds– Ambulance communications

• Independent Pharmacies– Prescriptions from Clinics, Nursing Homes, and Urgent Care Hospital– Refill requests from patients

2. Incorporation of Open Source Software into proprietary software• Reach market entry faster• Focus on initial support and growth instead of development • Begin with Open Health Tools: www.openhealthtools.org

The Direct Project – Small Business Support

“The Direct Project will help support simple exchange where a sender wants to push health information securely to a receiver.”

Status:• Direct Design Initiative Launched: 1March2010• First Live Implementation: Feb2011 (Rhode Island)

Direct Project Goals

• The Direct Project was designed to provide support for small providers and consumers who are using fax as the standard for electronic health communications

– Reduces the privacy and security issues related to fax– Complements the large enterprise use cases already

supported by the Nationwide Health Information Network– Leverages current email workflows into an Internet-based

Secure Health Email solution – Adds small, independent providers in the rural and urban

“white space” to Health Information Exchange use cases

Fax “Hassle-factors” for Small Business Providers

• Cost of dedicated phone lines• Labor costs: Routing paper fax to paper medical

record files OR routing electronic fax to electronic image archives

• Errors: Misfiling of fax records• Privacy and security breaches

– Uncontrolled access to fax rooms – can’t afford dedicated rooms

– Unmanned fax rooms – health records on the floor– Wrong fax line numbers – who received the health record?– Insufficient confirmations of receipt – lack of accountability

Direct Project Secure Health Email Solution

• Eliminate Fax!

• Use ordinary email routing for data transportation

• Use Secure MIME (S/MIME email attachment) encryption for data payload

• Offer standardized payload formats in addition to usual email formats– Allows increasing exchange of structured data over time– More efficient exchange of structured data as specialized health

email clients are created for consumers and small providers


Direct CommunicationsEnterprise Benefits and Risks

Enterprise Benefits of Secure Health Email

• Reduction in Fax Labor Cost• Improved communication inside service area

– Small business Providers• Clinics• Nursing Homes• Independent pharmacies• Home health agencies

– Consumers• Referrals from outside service area

– Secondary, Tertiary, and Quaternary Hospital Care– Academic Consultations

Enterprise Risks of Secure Health Email

• Protected Health Information (PHI) Security Risks– Inbound email PHI routing to legal Electronic Medical Record – may

get dropped by receiving employee: clerk, nurse, physician, etc, before insertion into medical record

– Outbound PHI auditing of encrypted email: risk of unauthorized and un-auditable release of encrypted PHI

• Variable (non-standard) secure email payloads increase labor costs (approaching fax labor costs)

• Pubic Key Infrastructure (PKI) Management Workflow– Provisioning and Validation of Public Key Certificates (for both

internal employees and external email sources)– Private Key management for internal employees


Oracle Secure Health Email Solutions for Enterprises




DM

Z Fi

rew

all &

Inte

rnet





Oracle Health Information Exchange “Edge-server” ArchitectureEnterprise Access Control Built on Oracle Technology


ESB BPEL Business Process Manager Process Analysis


Data Center Adapter(CONNECT)

DMZ Gateway(CONNECT)





Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations


ComponentsHealth Record LocatorHealth Policy MonitorHealth Policy Engine



V1.1


Oracle Health Sciences Information Manager (HIM) Document Sharing (XDS) Components




• HIM facilitates installation and coordination of XDS components


Patient Lookup


Select Patient

Select Individual

record/ Document


document

Potential Matches


Display Record Set








ComponentsHealth Record LocatorHealth Policy MonitorHealth Policy EnginePublic Key Directory

DM

Z Fi

rew

all &

Inte

rnet





Oracle Health Information Exchange “Edge-server” ArchitectureRoad Map: Direct Project Secure Health Email


ESB BPEL Business Process Manager Process Analysis


Data Center AdapterCONNECT-Direct

DMZ GatewayCONNECT-Direct







Dat

a C

ente

r Fire

wal

lWeb Service

Registries



Organizations


Enterprise Secure Health Email ArchitectureProtecting the Enterprise using an XDS infrastructure

• Protected Health Information (PHI) Security Risks– Inbound email PHI decrypted and stored in XDS before

notifying internal email inbox– Outbound PHI stored in XDS, audited and encrypted

automatically; no email client encryption and risk of unauthorized and un-auditable release of encrypted PHI

• Pubic Key Infrastructure (PKI) Management Workflow– Public Key Directory for Providers and Consumers– Supplies Email Public Keys to External Email Sources


The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Q&A

hie-and-open-source

Documents

health information technology

health information exchangehie

health industry

open health tools

information purposes

oracle corporation proprietary

open source hit software

us level of participation