Using Open Source Technologies in Safety-critical Digital Health Apps

Views:
 
     
 

Presentation Description

Presented at 3rd Annual Open Source EHR Summit - Key Takeaways: * Outcomes driven care (vs. fees for service or volume driven care) is in our future * Because outcomes now matter more than ever, open source digital health solutions are even more important * There are new realities of patient populations driving open source even faster * How to use open source reliably and and securely in a safety-critical environment like medical devices

Comments

Presentation Transcript

How to Use Open Source Technologies in Safety-critical Health Applications:

How to Use Open Source Technologies in Safety-critical Health Applications 3 rd Annual OSEHRA Summit Shahid N. Shah Chairman of OSEHRA Advisory Board

Who is Shahid?:

Who is Shahid? Chairman, OSEHRA Board of Advisors 20+ years of software engineering and multi-discipline complex IT implementations (Gov., defense, health, finance, insurance) 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com ) 15+ years of technology management experience (government, non-profit, commercial) Author of Chapter 13, “You’re the CIO of your Own Office”

Outcomes driven care is in our future:

Outcomes driven care is in our future

Open source software (OSS) is in our future:

Open source software (OSS) is in our future You’re moving from standalone boxes to fully integrated systems mHealth demands more interoperability Your customers demand flexible workflows with enhanced functionality Your customer demand data integration with their systems Security of medical devices is under great scrutiny and excuses aren’t going to be accepted

The new realities of patient populations:

The new realities of patient populations Obesity Management Wellness Management Assessment – HRA Stratification Dietary Physical Activity Physician Coordination Social Network Behavior Modification Education Health Promotions Healthy Lifestyle Choices Health Risk Assessment Diabetes COPD CHF Stratification & Enrollment Disease Management Care Coordination MD Pay-for-Performance Patient Coaching Physicians Office Hospital Other sites Pharmacology Catastrophic Case Management Utilization Management Care Coordination Co-morbidities Well Patient At Risk Chronic Care Acute Treatment Prevention Management 26 % of Population 4 % of Medical Costs 35 % of Population 22 % of Medical Costs 35 % of Population 37 % of Medical Costs 4% of Population 36 % of Medical Costs Source: Amir Jafri, PrescribeWell

Customers are struggling with Accountable Tech:

Customers are struggling with Accountable Tech Everything your app/device does to help answer important questions below means more sales and better margins

Opportunities for incremental or new revenue:

Opportunities for incremental or new revenue

Wireless BAN Ecosystem is complex without OSS:

Wireless BAN Ecosystem is complex without OSS Source: Qualcomm

Data is getting more sophisticated, analysis even more so:

Data is getting more sophisticated, analysis even more so It’s hard today but will be even harder tomorrow IOT sensors Administrative

Implications of healthcare trends:

Implications of healthcare trends DATA Evidence Based Medicine Comparative Effectiveness Software Regulated IT and Systems Integration Services

What users want vs. what they’re offered:

What’s being offered to users What users really want What users want vs. what they’re offered Data visualization requires integration and aggregation

Evolving Healthcare IT Enterprise Architecture:

Evolving Healthcare IT Enterprise Architecture You need to fit into a complex environment Cloud Services Management Dashboards Data Transformation (ESB, HL7) BaaS Gateway (DDS, XMPP, ESB) Enterprise Data RCM, Financials, EHRs Device Inventory Cross Device App Workflows Alarm Notifications Patient Context Monitoring Device Teaming Device Management Report Generation HIT Integration Remote Surveillance Device Data SSL VPN Patient Self-Management Platforms Device Utilization Device reimbursement Device profitability

PowerPoint Presentation:

Should medical device and health IT vendors be using open source to implement their safety-critical requirements? How about contributing to open source projects? How about creating their own open source projects?

PowerPoint Presentation:

Yes! If you’re not using open source projects in your own devices then you’re doing far more engineering work than is necessary. If you’re not contributing to open source then you’re not making code you rely on better. If you’re not creating open source then you’re missing a valuable marketing opportunity.

Connectivity is a must, OSS is answer:

Connectivity is a must, OSS is answer Most obvious benefit Least attention Most promising capability This talk focuses on connected devices

Smart buyers looking for poly-connectivity:

Smart buyers looking for poly-connectivity Option 1 (no cellular access or hospital IT integration required) Option 2 (cellular access and no hospital IT integration required) DDS REST HL7 X.12 DDS REST MPEG-21 MPEG-21 Could be a Home Network, too Wired Wireless Bluetooth, WiFi, Zibee , etc. Wireless , Cellular

Appreciate tradeoffs:

Appreciate tradeoffs The more connection-friendly a device, the harder it is to validate it Lesson: Demand Testability

Regulatory Strategy:

Regulatory Strategy 510(k) PMA, Class 3, Class 2, etc. Unregulated EHR or others 510(k) Class 2 “Data Bridges” “Everything else” Customer registry Patient registry Patient profile Study Management Billing “The Device” Class 1 MDDS

What are we afraid of when it comes to OSS?:

What are we afraid of when it comes to OSS? Compliance Will the FDA and other regulators accept open source code in safety-critical systems ? Reliability Is open source code safe enough for medical devices ?

PowerPoint Presentation:

Yes, of course. Proof : we did it at American Red Cross in 1996 for a Class 3 device built on a modern enterprise IT ecosystem Lesson : Risk managers and quality leadership often use regulators as an excuse to prevent OSS use because of OSS illiteracy, not legitimate strategy or actual evidence of harm. Reality : Regulators don’t care about your use of open source, they care about safe systems that meet intended use .

Code you write is not necessarily safer:

Code you write is not necessarily safer Modern IT systems’ custom components There is significantly more and better testing of large open source projects than you could ever do In an integrated ecosystem, you have to learn how to rely on others and do so safely and effectively

It’s not as hard as we think…:

It’s not as hard as we think… Modern real-time operating systems (open source and commercial) are reliable for safety-critical medical-grade requirements. Open standards such as TCP/IP, DDS, HTTP, and XMPP can pull vendors out of the 1980’s and into the 1990’s.  Open source and open standards that promote enterprise IT connectivity can pull vendors into the 2010’s and beyond.

How to start using OSS immediately:

How to start using OSS immediately

Remove OSS illiteracy from decision making:

Remove OSS illiteracy from decision making

Choose the right OSS projects:

Choose the right OSS projects

Engender trust in the code’s provenance:

Engender trust in the code’s provenance

Integrate OSS into your QSR process:

Integrate OSS into your QSR process

But it’s not easy either…we need:

But it’s not easy either…we need

OSS hazard and risk assessment:

OSS hazard and risk assessment What is the intended use for the device or system? How will the OSS product you’re planning to use going to be tied to your intended use? What is the risk associated with the OSS product for that particular intended use? R = S h  x P h

Risk is related to severity and harm:

Risk is related to severity and harm R = S h  x P h R = risk S h  = severity of harm P h  = probability of harm Harm is damage done to a person Severity is the degree of harm done Probability is the frequency and duration of exposure

Examples of Severity & Probability:

Examples of Severity & Probability Severity multiple fatalities fatalities severe injury (non-reversible, requires hospitalization) moderate injury (reversible, requires hospitalization) minor (reversible, requires first aid) very minor (no first aid) Probability Constant exposure Hourly Daily Weekly Monthly Yearly Never

Formal risk assessment methods:

Formal risk assessment methods

OSS Risk analysis steps - FMEA:

OSS Risk analysis steps - FMEA Define the function of the OSS product being analyzed. Identify potential failures of the OSS. Determine the causes of each failure types. Determine the effects of potential failures. Assign a risk index to each of the failure types. Determine the most appropriate corrective/preventive actions. Monitor the implementation of the corrective/preventive to ensure that it is having the desired effect.

Good summary of FMEA:

Good summary of FMEA http://en.wikipedia.org/wiki / Failure_mode_and_effects_analysis

Sampling of OSS / open standards:

Sampling of OSS / open standards Project / Standard Subject area D G Comments Linux or Android Operating system   OMG DDS (data distribution service) Publish and subscribe messaging   Open standard with open source implementations AppWeb , Apache Web/app server   OpenTSDB Time series database  Open source project Mirth HL7 messaging engine  Built on Mule ESB Alembic Aurion HIE, message exchange  Successor to CONNECT HTML5, XMPP, JSON Various areas   Don’t reinvent the wheel SAML, XACML Security and privacy   DynObj , OSGi , JPF Plugin frameworks   Build for extensibility

OSS applicability to connectivity:

OSS applicability to connectivity

OSS applicability to manageability:

OSS applicability to manageability

OSS enables extensible devices:

OSS enables extensible devices

Shahid’s “Ultimate Connectivity Architecture”:

Device Components 3 rd Party Plugins App #1 App #2 Security and Management Layer Device OS (QNX, Linux, Windows) Sensors Storage Display Plugins Web Server, IM Client Connectivity Layer (DDS, HTTP, XMPP) Presence Messaging Registration JDBC, Query Cloud Services Management Dashboards Data Transformation (ESB, HL7) Device Gateway (DDS, ESB) Healthcare Enterprise Enterprise Data Shahid’s “Ultimate Connectivity Architecture” Plugin Container Event Architecture Inventory Workflow Notifications Patient Context Location Aware 1 2 3 4 5 6 7 8 9 SSL VPN

OSS in Ultimate Architecture Core:

OSS in Ultimate Architecture Core Device Components Security and Management Layer Device OS (QNX, Linux, Windows) Connectivity Layer (DDS, HTTP, XMPP) Plugin Container Don’t create your own OS! Security isn’t added later Think about Plugins from day 1 Connectivity is built-in, not added Build on Open Source Create code as a last resort

OSS enables plugin architecture:

OSS enables plugin architecture Device Components 3 rd Party Plugins App #1 App #2 Security and Management Layer Device OS (QNX, Linux, Windows) Plugins Connectivity Layer (DDS, HTTP, XMPP) Plugin Container Event Architecture Location Aware

OSS in connectivity components:

OSS in connectivity components Device Components Security and Management Layer Device OS (QNX, Linux, Windows) Web Server, IM Client Connectivity Layer (DDS, HTTP, XMPP) Presence Messaging Registration JDBC, Query Plugin Container Surveillance & “remote display” Remote Access Alarms Event Viewer Design all functions as plugins

OSS in device components:

OSS in device components Device Components 3 rd Party Plugins Security and Management Layer Device OS (QNX, Linux, Windows) Sensors Storage Display Plugins Web Server, IM Client Connectivity Layer (HTTP, XMPP) Plugin Container Event Architecture Location Aware Virtualize! “On Device” Workflow Patient Context, too

OSS enables enterprise integration:

OSS enables enterprise integration Cloud Services Management Dashboards Data Transformation (ESB, HL7) BaaS Gateway (DDS, XMPP, ESB) Enterprise Data RCM, Financials, EHRs Device Inventory Cross Device App Workflows Alarm Notifications Patient Context Monitoring Device Teaming Device Management Report Generation HIT Integration Remote Surveillance Device Data SSL VPN Patient Self-Management Platforms Device Utilization Device reimbursement Device profitability

Thank You:

Thank You Visit http://www.netspective.com http :// www.healthcareguy.com E-mail shahid.shah@netspective.com Follow @ ShahidNShah Call 202-713-5409

authorStream Live Help