prospects for cloud computing in a public university hospitalmlaas: machine learning as a service...
TRANSCRIPT
Prospects forCloud Computing
in a Public University Hospital
ArturoGonzález-Ferrer,Ph.D.
SanCarlosUniversityHospitalMadrid,Spain
Wien,AustriaNovember23rd 2016
Agenda
1. Context• Hospital• Innovation Unit
2. Health IT Security & Cloud3. Our case
• Hospital status• Regional status
4. Prospects: ongoing projects5. Challenges6. Benefits7. Conclusions
EnisaeHealthCibersecurityWorkshop 2
HospitalClínico SanCarlos(HCSC)
• LocatedinMadridcitycenter• BelongstoSERMAS(+30hospitals)• 964beds• Potentiallyprovidingcareto365.000patientsfrom14primarycarefacilities
• 40.000admissions,650.000outpatientconsultations
• 125.000emergencyconsultations(350/day)• Morethan5.000professionals.
• 807staffphysicians,453residents
EnisaeHealthCibersecurityWorkshop 3
InnovationUnitHCSC• MainmantraistoproduceVALUE
• Channelinginnovationrequestsfrom• Hospitalprofessionals• Externalpartners• Or…proactiveproposalsbyourselves
• Twomainareas:DevelopprototypesofinnovativeIT,togetherwithexternalpartners
Supporttheinnovationprocesstomoveclinicalresearchtomarket
EnisaeHealthCibersecurityWorkshop 4
HealthIT securityproblems:governance
• HeadDirectorsofITDepartmentin“Castilla yLeón”RegionalHealthcareSystemforcedtoresignthismonthduetothelostofthousandsofmedicalimagesduringmigrationofanoldITsystem
• Externalcompanyhadthegovernance ofdataandthecontractexpired…
EnisaeHealthCibersecurityWorkshop 5
HealthIT securityproblems:VirusvsHA
EnisaeHealthCibersecurityWorkshop 6
HealthIT securityproblems:externalstorage
EnisaeHealthCibersecurityWorkshop 7
• Patientsshouldhavefreedomofaccesstotheirhealthcaredata.
• Researchersneedeasyaccesstopatientdata.
• Societydemandssecurityinthisregard
• SecurityvsUsability?Theyareusuallyenemies
whowins?
EnisaeHealthCibersecurityWorkshop 8
ReviewofsecurityinEHRs• 26/49usedstandardsorregulations
• 27/49studiesuserole-basedaccesscontrol(RBAC)
• 16/49saysemergencyjustifypermissionoverride
• 25/49audit-logisproduced• 4/49mentionthatusers,healthstaffshouldbetrainedinsecurityandprivacy(!?)
EnisaeHealthCibersecurityWorkshop 9
DataProtectionRegulation
Securitymeasures BasicLevel MediumLevel HighLevel1 StaffFunctions andobligations Si Si Si2 IncidentLog Si Si Si3 Accesscontrol Si Si Si4 Handlingofstorage anddocuments Si Si Si5 AuthenticationandAuthorization Si Si Si6 Back-upandrestore Si Si Si7 Securityresponsible Si Si8 Audit Si Si9 Handingof storageanddocuments Si Si10 AuthenticationandAuthorization Si Si11 Physical accesscontrol Si Si12 IncidentLog Si Si13 Handling anddistributionofstorage Si14 Back-upandrestore Si15 Accesslog Si16 Telecommunications Si
Security measures are regulated in sections 89 to 104 of Spanish “Ley Orgánica de Protección deDatos” (Real Decreto 1720/2007) :
EnisaeHealthCibersecurityWorkshop 10
SERMASAthene@Plan:CloudCenterofRegionalHealthITSystems(2013)
• Three-DataCenter topology(Active-Active/Contingency)• PrivateCloudforallMadridhealthcenters• Consolidation:Virtualization+Standardization
• Lesscost• HigherFlexibility,AvailabilityandSecurity
EnisaeHealthCibersecurityWorkshop 11
Inourinstitution?• Many“DataIslands”(lab,pharma,nursingemergency,
radiology…)
• 40%ofhospitalsoftwareareself-developments
• Very difficult totackle migrations
• NostructuredEHR(yet)
• IntranetWebapplication“PACIENTE”(2005)tosavedischargepatientreports+integrationwithlabresults
• Paperpatientmedicalhistoriesarestoredin-hospitalbutalsooutside,throughacompanythatkeep,orderandtransportthem
• NoformalCISO(inprocess)
Enisa eHealthCibersecurity Workshop 12
IaaSorSaaSExample:ClinicalDecisionSupportonHyponatremia
• Awebapptocollectpatientinfoandgetevidence-baseddecisions
EnisaeHealthCibersecurityWorkshop 13
IaaSsecuredeploymentExample:MobiGuide
CreditstoDanieleSegagni (FSM)EnisaeHealthCibersecurityWorkshop 14
BigData:HIKARIProject
MLaaS:MachineLearningasaService
• IaaS,SaaScreatedforDataanalyticsforhealthcareresearch
• RonHadoop?
DataoutsidetheHospital?
EnisaeHealthCibersecurityWorkshop 16
Label Num. Patients
Intra-cluster contribution of variables (shown those >15%, except when not reaching the threshold, where we show those >9%)
Cancer 53 Cancer of bronchus; lung (81.13), Secondary malignancy of bone (45.28), Secondary malignancy of lymph nodes (43.4), Secondary malignancy of brain/spine (41.51), Secondary malignant neoplasm of liver (28.3), Secondary malignancy of respiratory organs (22.64), Cancer, suspected or other (18.87)
UTI 81 Urinary tract infection (95.06), E. coli (32.1), Bacterial infection NOS (29.63), Diaphragmatic hernia (23.46), Delirium due to conditions classified elsewhere (17.28)
NotSpec 351 Urinary tract infection (13.68), Other diseases of respiratory system, NEC (12.54), Encounter for long-term (current) use of aspirin (10.83)Hyperplasia of prostate (9.4)
Easychallenges
• Demonstratecapabilitiesofthecloudsolutionforworst-casescenarios
• vulnerabilitiesindatatransferinterfaces• breachofdataconfidentiality• breachofdataintegrity• accidentallossofdataavailabilityorconfidentiality
• Demonstratefeatures• Increasedprotectionofpersonaldata• provenanceandtraceability• simplicity(e-certificates,vpn’s,etc…arenoteasyforusers)
EnisaeHealthCibersecurityWorkshop 17
Hardchallenges
• Procurement cantakeanage.Eachspendmustbefullyjustified,causeseriousdelaysininnovation
• Institutionalandgovernmentsupport.Inourhierarchicalstructure,isneeded.
• Change&prioritymanagement:Youknowwhatcould bedone!Butphysiciansarecaringforpatients.
• PatientSensitivedata:in-houseprivatecloudiscostly,outsidepubliccloudisinsecure…
• Cloudproviderscannotseepatientdata
EnisaeHealthCibersecurityWorkshop 18
Benefits
• Securityisimproved,ifwellimplemented
• Speed-uponbackingupfromITdisasters
• Testingnewtechnologiescanbeveryfastandindependentthankstovirtualization
• On-demandscalabilityforEHRuseandresearchtasks
EnisaeHealthCibersecurityWorkshop 19
Conclusions
• Theneedfortraininghospitalstaffatalllevelspreventdoingfastinnovationsthathaveimpactontheirdailyactivity
• Securitycanbeimprovedovertraditionalpaper-basedrecords.Needtodefinegovernanceanddefineusableandhardsecuritypolicies.
• Actualbenefit:reductionofcostsandbackup.Prospect:MlaaS,CDSS,…
• Usingvirtualization,careprofessionalscanexplorenewITsolutions
• Toreachhospitals,successrelyoniterativeapproach:cheapscenario-basedprototypesthatworkcanenduponvalue-basedinvestments
EnisaeHealthCibersecurityWorkshop 20
Thankyou
Dr.Strange(2016)
”You are now inside the mirror dimension,ever present but undetected. The real worldisn't affected by what happens here. We usethe mirror dimension to train, surveil andsometimes to contain threats”.
Cloud:aparalleldimensionthatallowstheuser topracticetheirmagicalabilitieswithoutthepublic'sknowledge 21
Aboutmyself:[email protected]
Designed the e-learning service. 30.000 students. HA with GFS2 +SAML2-Shibboleth federated Auth.
Leaded the Data Integration Tasks within a 5M€ EU-funded FP7 project to develop a patient guidance system
2002 2010 2013 Today
Ph.D.UC3M
University
2015
supports the institution taking IT innovations that can providesome value for improvement
EnisaeHealthCibersecurityWorkshop 22