Upload
charla-carter
View
214
Download
0
Embed Size (px)
Citation preview
Public Trust in Health Information: Public Trust in Health Information: Foundational Principles for Foundational Principles for
Dependable SystemsDependable Systems
Public Trust in Health Information: Public Trust in Health Information: Foundational Principles for Foundational Principles for
Dependable SystemsDependable SystemsDixie B. Baker, Ph.D.Dixie B. Baker, Ph.D.
Vice President for TechnologyVice President for TechnologyCTO, Enterprise and Infrastructure Solutions GroupCTO, Enterprise and Infrastructure Solutions Group
Presented by Kathleen A. McCormick, Ph.D.Presented by Kathleen A. McCormick, Ph.D.Senior Scientist/Vice President SAIC, Health SolutionsSenior Scientist/Vice President SAIC, Health Solutions
22
Realization of the Vision Brings RiskRealization of the Vision Brings Risk
IT Dependency and Value
eHea
lth
– R
ealiz
atio
n o
f N
HIN
TimeRISKStage 3: The Digital Doctor • Patient ownership of record• Integrated EMR available anywhere, exchangable across caregivers, minable
for syndromic surveillance• Integrated, individualized decision support• Data exchanged over shared, public networks (Internet)
Stage 2: The Bewildered Doctor• “System of systems” through the miracle of integration engines• Electronic clinical data• Electronic administrative transactions with trading partners• General-use decision-making tools (e.g., drug-drug interactions)
Stage 1: The Family Doctor• Minimal use of IT in clinical care• “Departmental” systems• Private networks• Decision making as an “art”
33
Confronting Risk – Assuring Public Confronting Risk – Assuring Public TrustTrust
System reliabilitySystem reliabilityService availabilityService availabilityInformation confidentiality Information confidentiality Data integrity Data integrity Software safetySoftware safety
As provider organizations increase their dependence on information technology in the delivery of clinical care, DEPENDABILITY becomes essential for business success, quality care, and patient safety!
44From:Baker, D. Dependable Systems foFrom:Baker, D. Dependable Systems for Quality Care. in Saba, VK and McCorr Quality Care. in Saba, VK and McCormick, KA. Essentials of Nursing Informamick, KA. Essentials of Nursing Informatics, 4th Edition, New York:McGraw-Hill tics, 4th Edition, New York:McGraw-Hill Book Co., in press 2005Book Co., in press 2005
5 Guidelines for Dependability 5 Guidelines for Dependability 1.1. Architect for dependability.Architect for dependability.
Architect enterprise systems from the bottom up so that no Architect enterprise systems from the bottom up so that no critical component is dependent upon a component less critical component is dependent upon a component less trustworthy than itself.trustworthy than itself.
Minimize complexity – the simplest design and integration Minimize complexity – the simplest design and integration strategy will be the most understandable, maintainable, and strategy will be the most understandable, maintainable, and recoverable.recoverable.
Avoid/eliminate single-point failures – distributed architectures Avoid/eliminate single-point failures – distributed architectures can tolerate failure more easily than large, centralized systems.can tolerate failure more easily than large, centralized systems.
Incorporate redundancy & fail-over for critical components.Incorporate redundancy & fail-over for critical components. Implement security in depth to protect sensitive information Implement security in depth to protect sensitive information
from unauthorized disclosure, critical data from corruption and from unauthorized disclosure, critical data from corruption and destruction, and essential services from interruption.destruction, and essential services from interruption.
55
Dependability Requires Dependability Requires Architectural Architectural AssuranceAssurance
Confidence that enterprise systems will:Confidence that enterprise systems will: Deliver services as described in functional Deliver services as described in functional
specification;specification; NotNot exhibit behaviors that are unexpected, exhibit behaviors that are unexpected,
malicious, or harmful; andmalicious, or harmful; and Be available when they are needed.Be available when they are needed.
66
Dependable Architectures Dependable Architectures Recognize DependenciesRecognize Dependencies
Vu
lner
abili
ty R
isk
Pro
pag
atio
n
Ass
ura
nce
Dep
end
ency
Safety FUNCTIONALCAPABILITIES
Security FUNCTIONALCAPABILITIES
CPOE
UserAuthentication
AccessControl
Audit
ElectronicPrescribing
Bar-CodeReader
Rules-Based Decision Support
Single Sign-On
Operating Systems
Networks
Enterprise Architecture
Encryption
User Interface
77
5 Guidelines for Dependability5 Guidelines for Dependability2.2. Expect failures.Expect failures.
Implement application-transparent features to detect faults, Implement application-transparent features to detect faults, failover to redundant components, and recover from failover to redundant components, and recover from infrastructure failures.infrastructure failures.
Implement application-specific features to handle exceptions Implement application-specific features to handle exceptions in software execution.in software execution.
Implement features to detect, recover from, and survive Implement features to detect, recover from, and survive malicious attacks while preserving system stability and malicious attacks while preserving system stability and security.security.
Design and build safety-critical systems to fail in a safe state.Design and build safety-critical systems to fail in a safe state.
3.3. Expect success.Expect success. Plan for scalability.Plan for scalability. Plan for integration with other systems.Plan for integration with other systems. Model use-case scenarios and associated data flows, system Model use-case scenarios and associated data flows, system
loading, and network impact.loading, and network impact.
88
5 Guidelines for Dependability5 Guidelines for Dependability
4.4. Hire meticulous managers (with just a touch of Hire meticulous managers (with just a touch of paranoia) to manage your systems and networks.paranoia) to manage your systems and networks.
Use middleware to manage workload.Use middleware to manage workload. Use out-of-band tools to monitor and manage system and Use out-of-band tools to monitor and manage system and
network performance.network performance. Develop and execute plans and procedures for managing Develop and execute plans and procedures for managing
emergencies and recovering from disasters.emergencies and recovering from disasters.
5.5. Don’t be adventurous.Don’t be adventurous. Use proven methods, tools, technologies, and products that Use proven methods, tools, technologies, and products that
have been in production, under conditions and at a scale similar have been in production, under conditions and at a scale similar to yours.to yours.
Don’t be the first (or second) to adopt a new technology.Don’t be the first (or second) to adopt a new technology.
99
Contact InformationContact Information
1010
Local Health SolutionsLocal Health Solutions
Kathleen A. McCormick, Ph.D.Kathleen A. McCormick, Ph.D.
Senior Scientist/Vice PresidentSenior Scientist/Vice President
SAIC Health SolutionsSAIC Health Solutions
Falls Church, VA and Rockville, MDFalls Church, VA and Rockville, MD
703 575-7209703 575-7209
[email protected]@saic.com