All over the globe, healthcare organizations and all participants in the healthcare ecosystem are increasingly making IT investments to improve their care delivery, efficiency, capabilities and at the same time to optimize their operational costs. The path is not straight and easy for them due to extensive existing investments in hardware, software, and medical devices that they must continue to support. They are facing increasing pressure to modernize their systems as technologies are constantly evolving and at the same time user expectations are increasing. While one need not be overly confused, or deviated by so-called "hyped best practices", they should not ignore what is the best for them.
"The more open a system is, the harder it is to control the potential variables"
Task of CIOs becomes challenging here because they have to serve two competing interests. They need to package the entire system into a cohesive whole with minimal ins and outs to make sure that it passes through the rigorous compliance criteria. The more open a system is, the harder it is to control the potential variables, which is a truism also in the security industry. Even simple upgrades or applying patch requires running over stringent validations because of the compliance and high security requirements. The best way to manage this is to close up the system as much as reasonably possible. While healthcare industry has benefited some from standardization efforts, systems are still islands of data connected by custom bridges. CIO has to see how system can be interconnectible without compromising on security or conflicting commercial interests.
I am working in the healthcare domain since the last 15 years, and frankly, this situation does not surprise me; healthcare has all of the elements that lead to the perfect storm of IT complications. If there is one sector that could surely benefit from adopting SOA, it is healthcare.
Connecting healthcare systems cannot be done in a centralized way—one cannot build a system that does all the work; it has to be system of systems. The only way to do is by building many systems based on common standards. The standards should allow easy connection of these systems. SOA provides all the necessary features to connect systems and exchange data in a secure and robust way.
SOA is constituted of following components
Service: The contract defined between one or more published interfaces exposing well-defined functionalities.
Service provider: The software entity that implements a service specification.
Clients: The software entity that requests the services.
Service locator: A specific kind of service provider that acts as a registry and allows for the lookup of service provider interfaces and service locations. Service Broker: A special service provider that can pass on service requests to one or more additional service providers.
In Healthcare, typical examples of Services are medical billing, claims, medical vocabulary translation, master-person index, lab result services, ePrescription service and so on. At public level, service locator component is in very limited existence. However, various clearing-houses and gateways are performing this role.
I consider following four key features of the architecture very critical and how industry has taken positive steps:
1. Service-orientation–a modular approach that reduces dependencies between systems, using open standards and protocols to promote data application and interoperability. We have now reached to HL7 standards, which encompasses X12, ADT, CDA. This is really a great groundwork that we can leverage.
2. Federated data–given the local nature of healthcare delivery, data should reside as close as possible to where it is created and administered, caching information at different levels within the system (departmental, regional, national) to allow for different levels of service. This is achieved by HIEs and we need to do lot of data de-identification of filtering whenever required so as to minimize any unnecessary data compromises.
3. Federated security–allowing easier management of identities and security credentials by delegating aspects of authentication and role assignment to trusted parties. The Health Information Trust Alliance (HITRUST) was born out of this need.
4. Trustworthiness–reliable, fault-tolerant systems. We have been using security trust agent (STA) in blue button initiative.
SOA does not have a smooth path in the healthcare domain. There are realistic problems that may become the bottleneck of such architecture.
1. Designing an SOA system requires high expertise and takes significant amount of time; also various public private organizations must come together to achieve the motive. Although we have seen very good initiatives on this front, we still have miles to go.
2. The standard in representing data in healthcare is evolving and must be given high priority. It is very important for services to know that semantics of the data being passed back and forth from them. Standards would also play an important role in making the systems interoperable. Today there are a number of data standards in various fields of heath care and therefore there is a need to determine whether they are sufficient and comprehensive.
3. As I mentioned, an important feature of SOA is that services can be discovered but this is a complex process. One has to describe service with precision so that one can choose the correct service.
4. Services must be comprehensive so we need to identify the gaps and build them.
5. SOA system should give a failover mechanism as it would be really needed in emergency where fast response is very critical.
6. Most healthcare organizations are reluctant to share their data due to both organizational and legal constraints.
I will summarize this as SOA is the way for healthcare to go for; we have walked really well so far but still have miles to go before reaching our destination.