340 likes | 465 Views
Clinical Decision Support (CDS) Project SOA Services Demonstration HL7 SOA September, 2014. Welcome. Agenda Review of Prior Work Accomplishments since May Services Demonstration – Security Labeling and Message Escalation Technical Highlights. Abbreviations Used. SOA services
E N D
Clinical Decision Support (CDS) Project SOA Services Demonstration HL7 SOA September, 2014
Welcome • Agenda • Review of Prior Work • Accomplishments since May • Services Demonstration – Security Labeling and Message Escalation • Technical Highlights
Abbreviations Used • SOA services • EPS– Event Publish & Subscription Service • OS – Order Service • UCS – Unified Communication Service • Other abbreviations • CDS – Clinical Decision Support • PEP – Policy Enforcement Point • CPRS – Computerized Patient Record System • VistA – Veteran Health Information Systems and Technology Architecture • FHIR – Fast Health Interoperable Resources
EPS Topic HL7 May WG Meeting CDS UCS OS VistA
Accomplishments Since May • Implemented core conformance profiles for the three SOA service reference implementations • Refined order requirement model and interface definitions based on feedback from the May demonstration and implementation experience • Submitted DSTU ballot material for the three SOA services. • Enhanced the reference implementations to address: • Stability • Scalability • API completeness • Added two new security uses cases to the clinical scenario demonstration: Rule-based security labeling and security policy validation • Also added an escalation use case to clinical the scenario demonstration • escalation via failover • Implemented additional UCS adapters for SMS and Text-to-Voice protocols
The Core Story Patient Eighteen is admitted to the hospital and treated with Gentamicin for a urinary tract infection. The patient has a signed consent directive that limits disclosure of HIV and substance abuse information except for emergency situations. His attending physician, Dr. One Provider, orders a routine chemistry lab test in VistA. When the lab is completed, the hospital’s CDS system evaluates the results and recognizes that the patient is on Gentamicin. It then sends an alert to Dr. Provider informing him of the elevated creatinine level (1.8 mg/dL) and that an unsigned order for a Gentamicin dose adjustment has been placed in VistA. Dr. Provider is requested to either sign or cancel the recommended order.
Escalating the communication The CDS Service also calls Dr. Provider on his desktop phone with a text-to-voice message. If Dr. Provider does not answer his phone, an SMS message is then sent to his registered SMS-enabled mobile device.
The Security Context – Patient Able to Consent Based on the organization’s policy, two newly resulted labs for patient Eighteen (an HIV blood test and a cocaine drug screening) and their corresponding alerts are treated as protected content. Given the patient’s consent policy vis-à-vis protected content, these are not accessible except under emergency conditions. The creatinine lab result and its alert, however, are not so restricted. While the patient is awake and conscious in the hospital, the physician only sees the gentamicin alert.
The Security Context – Patient Unable to Consent Later, the patient develops florid urosepsis, becomes unconscious, needs mechanical ventilation and treatment for unstable hypotension. To ensure a comprehensive differential diagnosis, the physician elects to ‘break the glass’ in order to access any protected health information and advisories that may be relevant to the care required should such filtering exist. In this context, ‘break the glass’ overrides the patient’s consent directive, allowing the provider access to the full medical record, including restricted data and alerts.
EPS Topic Updated Scenario Three labeled messages sent CDS OS Three Lab Orders Cocaine, HIV, Creatinine VistA
CDS TTV UCS PEP
Use Cases • Event Publish and SubscribeService (EPS) • VistA (via Mirth) is registered as an event publisher • VistA (via Mirth) publishes events • A CDS service subscribes to a topic • A CDS service receives event notification • A Publication Intervention intercepts the message to: • Normalize the payload to FHIR • Add security metadata to the message • Order Service (OS) • A CDS service creates an order using OS • OS invokes VistA’s order fulfillment system • Unified Communication Service (UCS) • A CDS service issues threealert to the UCS carrying forward all security metadata • The CDS service places a call to the physician’s work phone via UCS • Should the clinician not answer the voice call the CDS service reformats and escalates the message to SMS • The UCS delivers the alerts via the portal adapter
The updated scenario • Demonstrates a powerful and extensible UCS API • Illustrates how UCS can provide more timely and proactive notification • Showcases and validates new services in a live lab environment • HL7 Security Labeling Service and the need for enforceable, fine-gained access control of healthcare information • Mike Davis and the VA’s contributions to the HL7 Security Working Group • Illustrates how our three new services can be integrated with, and enhanced by, the Security Labeling Service to provide sophisticated functionality
Security Labeling Mirth <<Interface>> Publication Interface • <<Interface>> • Publication Intervention • FHIR Normalization • Security Labeling EPS <<Interface>> PSSubscription Interface Health Care Classification Service CDS if(observation.name IN {…}) … Reference Implementation VA Integration Points
Security Labeling – Leverages FHIR Tags <feed xmlns="http://www.w3.org/2005/Atom"> <entry> <category scheme="http://hl7.org/fhir/tag" term="http://hl7.org/implement/standards/fhir/v3/Confidentiality#N" label=”Restricted"/> <content type="text/xml"> <DiagnosticReport xmlns="http://hl7.org/fhir"> <contained> <Patient id="patient">
Security Policy Enforcement CDS • Input • User type: MD/Allopath • Purpose of use: Treat • Patient information via FHIR resource • PeP • Parses security labels • Evaluates data against patient consent • directives and org policy • Output • Denied or Permitted • Displays only if ‘Permitted’ <<Interface>> Client Interface UCS Rule-based Security Policy Enforcement Endpoint <<Interface>> UCS Alerting Portal Reference Implementation VA Integration Points
Escalation Text-to-Voice Message type sent to UCS Routed to Text-to-Voice Adapter Invokes VoIP TTV Service TTV Adapter CDS Telecom Device UCS No response to call triggers timeout exception via UCS Client Interface Exception forwarded back to caller CDS UCS SMS Message type sent to UCS Routed to SMS Adapter Invokes SMS Service SMS Adapter CDS UCS
Service Specification Plan • DSTU Ballot in Sept 2014 (DSTU Ballot Material Published) • OMG presentation after Sept WGM (TBD) • OMG RFP (TBD) • Proposal selection and standards definition phase (TBD) • OMG ratification (TBD)
Closing Remarks • The three Service Functional Models and their reference implementations showcase the functional utility of the services, especially for patient care coordination activities across organizational boundaries • Important in developing service functional requirements, APIs, and how they fit into the security and privacy fabric of healthcare. • Also raise provocative questions for Clinical Decision Support: • As data flows through the information system infrastructure, when and where should security and policy enforcement occur? • Should a CDS system ever evaluate data that a patient might restrict by consent directives evaluate that data at all? • Is the typical SAML / XCAML policy approach a scalable solution for building fine-grained access control systems • The CDS Evaluation Lab provides a unique opportunity to better understand the functional, technical, and medical-legal implications of applying technology to healthcare
Triggering the Event Chain • A lab order is placed using CPRS • Lab test results entered using scroll-n-roll • VistA pushes lab results to Mirth via its HL7 Streaming Package as an HL7 V2 message
Mirth <<Interface>> Publication Interface EPS <<Interface>> Publication Intervention <<Interface>> PSSubscription Interface CDS Reference Implementation VA Integration Points
CDS <<Interface>> Order Management Order Service <<Interface>> Fulfillment VistA (via Cache) Reference Implementation VA Integration Points
CDS <<Interface>> Client Interface UCS <<Interface>> UCS Alerting Portal Reference Implementation VA Integration Points
Human Intervention via the Universal Portal/CPRS • Physician view alert in inbox • Physician signs the order in CPRS
Why SOA Services • Improve the quality of patient care • Lower cost of care • Deliver higher patient/provider satisfaction
Event Publish and Subscribe Service (EPS) • Brokered service • Topic-based • Decouples interface between providers and consumers of new clinical content • Notification vs Polling • Content Intervention • Content brokering (e.g., deferred content delivery, content negotiation) • Not a query interface to a data repository
Order Service (OS) • Common interface providing common governance and orchestration of orders and order-related artifacts. • Covers the creation, update, monitoring, metadata discovery, and deletion of orders and related order components • Catalog management services provide similar services for order items and order sets • Provides facilities for order fulfillment and fulfillment updates
Unified Communication Service (UCS) • Brokered communication service • Decouples sender from receiver • Supports the notion of a ‘conversation’ • Standardized interface for message-based notifications • Bi-directional communication • Dynamic routing and escalation • Supports multiple modalities through the use of ‘adapters’ • Supports multiple message transport protocols