/HIE-and-Open-Source by Matt Hudson

Health Information Exchange and Open Source Communities Dan Russler, M.D. VP Clinical Informatics Oracle Health Sciences Global Strategy Mar2011

Abstract: Several open source communities specializing in Health Information Technology have The followinginisthe intended to outline our general developed last several years. These include product direction. It isatintended for information Open Health Tools the international level of purposes only,and andinclude may not incorporated into any participation thebeCONNECT, Direct contract. is not a commitment to deliverFramework any Project, It and Standards & Infrastructure material, code,atorthe functionality, should notAll beof communities US level ofand participation. relied in makingutilize purchasing decisions. theseupon communities wikis and other The development, timing of any on a collaboration toolsrelease, to allowand active participation features or functionality described for Oracle’s daily basis. However, scope, governance and products at the sole discretion softwareremains developer participation differ.of A Oracle. review of these open source communities includes discussion on the practical use of this open source HIT software in the health industry.

Providers Need To Manage Three Priorities

• Improved Planning, Forecasting

Provider Priority Triad

st Co

En ha nc eR ev en ue

(supply chain, HR, Finance)

e uc

satisfaction & loyalty

• Reduced back-office costs d Re

• Expanded access • Improved reimbursement • Reduced patient churn • Improved patient

& Decision Making • Low cost to serve patients (at a given level of care/outcome)

Deliver Quality Patient Care

• Holistic approach across care continuum • Patient (and caregiver) empowerment • Processes based on “Voice-of-Patient” Source: Oracle Insight Analysis

Secure Health Information Exchange of Electronic Health Records (EHR) An Initiative That Promises To Improve Quality And Efficiency

Enable Health Information Exchange (HIE) by Adopting Electronic Health Records (EHR) “How do we permanently bring down costs and make quality, affordable healthcare available to every single American?...First, we need to [switch] from a paper to an electronic system…so that information can be tracked from one doctor to another.." - President Barack Obama, Addressing American Medical Association, 2009

Deliver Complete Patient Data Rapidly, Efficiently, and Securely to All Authorized Healthcare Stakeholders “A key premise [is that] information should follow the patient, and artificial obstacles — technical, business related, and bureaucratic — should not get in the way." - Dr David Blumenthal, US National coordinator for health information technology, 2009

What is Health Information Exchange? Academic Medical Center

Specialty Clinic

Finance

Research and Education

Home Health Payers

Long-Term Care Public Health

Diagnostic Imaging Center

Hospital

Pharmacy Benefit Management

Pharmacy

Clinical Documents

Physicians

Medical Supplier

Employer

Clinical Research

Ambulatory Centers Screening Registers

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Emergency Services

Reference Laboratory

Government Insurance

Organization & Pharma

U.S. Government Strategic Roadmap For Enabling Health Information Exchange

HIEs across the country “Network of networks”

Seamless exchange across disparate systems across Public/Private, Providers/Payers and HIO/Patients

Info conforms to National Interoperability Standards and can be shared across more than one HC org Within one HC org Doesn’t scale across orgs

EMR1,2

EHR1,2

HIE1,2

NwHIN1,2

“We must ensure interoperability for the future” Dr. Blumenthal, Health and Human Services National Coordinator for HIT

Establishing Regional HIEs Is The Critical Step In Achieving Nationwide Interoperability In The Form of NwHIN

Not standards-based

(1) To receive the HIT funding per the HITECH act, providers need to show "meaningful use" of an EHR system; more in appendix on “meaningful use” criteria (2) EMR=Electronic Medical Records; EHR=Electronic Health Records; HIE-Health Information Exchange; and NWHIN=Nationwide Health Information Network

NwHIN Standards Will Guide U.S. HIEs “Private and secure health information exchange enables information to follow the patient when and where it is needed for better care. The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies.” Dr. David Blumenthal, National Coordinator for Health Information Technology May 14, 2010

What Does Health Information Exchange Mean to Providers? • Sharing healthcare information between entities, across a network • Could be public-private HIE consortium, e.g. NwHIN • Need to grow into the robust infrastructures required to support true Personalized Health

• Could span across many levels: – Public National International – Private Multi-region Hospital Chain Enterprise – State – Community – Local Provider Enterprise Service Area

Oracle Health Information Exchange Open Source in Use

Oracle Health Information Exchange Solution Overview

Oracle Health Information Exchange is an extensible, open, standards-based, solution built upon a reliable technology infrastructure for the secure exchange of electronic Protected Health Information (PHI) You can… • Comply with evolving Governance and Compliance regulations • Meet Meaningful Use requirements and improve care delivery • Support the translational research and consent management needed to achieve Personalized Healthcare

Oracle Health Information Exchange Key Components

Oracle Health Sciences Information Manager (HIM)

Oracle Health Sciences Information Gateway (HIG)

(HIM) leverages the

(HIG) leverages the CONNECT

CONNECT reference architecture and Oracle server virtualization to provide a broad range of internationalstandards-based web services to HIE applications in a management and performance-optimized solution; HIM may be utilized either as a standalone set of repository services or integrated into the management-optimized Oracle HIE solution

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

open source application and Oracle server virtualization to orchestrate secure, health policybased communications over the Internet for the in-flight protection of personal health information (PHI); HIG may be integrated with other IHE-compliant software or integrated into the managementoptimized Oracle HIE solution

Oracle Health Sciences Portals and Applications Present the business process GUIs for consumers, providers, and other health information stakeholders supported by HIM and HIG in a secure, open, flexible, standards-based presentation environment, especially when displayed via Oracle Sun Ray Desktop Virtualization solutions for maximum data center access control

Health Information Exchange and the EHR Worries of a Health Enterprise CIO

• Preventing EHR System Performance Problems – Electronic Health Record system response time is mission critical to care givers – Heavy query loads from the Internet may threaten response time to internal enterprise care givers at critical times

• Control of EHR Information Sharing over the Internet – Not all information in EHR systems is intended for sharing – Access to sharable EHR information should be under CIO control – Few EHR systems today allow CIOs to segregate sharable information

• Granular Control over Release of Information – Many organizations prefer granular control, e.g. consumer consents for use of data for research – Most EHR systems do not support granular release of information based on individual consumer consents

Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources

Firewall Penetrations

Edge Servers for EHR Users

Multiple Internal and back channel PHI Data Sources

Desktop Virtualization End Users

Cloud Computing Data Center

Other Health Information Organizations

Standardized “Front Door” HIE Transactions

DMZ Firewall & Internet

PKI Security Certificate Authorities

Data Center Firewall

DMZ Proxy Servers

Web Service Registries

Edge Servers

Electronic

for the

Health Record

Health Information

System(s)

Internet Cloudsupports Secure, Controlled Edge Servers Health Information Exchange of PHI to and from the EHR System(s)

Oracle HIE Solution Architecture Connect “Architecture,” the Oracle Viewpoint

What is the CONNECT “Architecture” to Oracle? • •

CONNECT itself is an open source software solution that supports health information exchange – both locally and at the national level CONNECT uses NWHIN standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country

Features of the CONNECT “Architecture” important to Oracle • • • •

A “two-component” DMZ Gateway and Data Center Adapter model Provides maximum control over Internet traffic into and out of the data center OHS Information Gateway delivers these two components as virtualized servers for two hardware servers separated by a firewall An Adapter architecture that supports a standardized set of web service endpoints that become virtualized servers within the OHS Information Manager

CONNECT “Architecture” can be used to • • •

Set up a health information exchange within an organization Connect with many other public and private HIEs Provide an “edge server architecture” for Enterprise EHR system(s)

Breaking News Report! CONNECT open source community transition • Major Governance Change • Scope: a wide variety of projects • First project: Aurion, an open source software project built on CONNECT • Aurion Project is a means to take the initial CONNECT community to the next level by moving the project out into the private sector, where all organizations – big and small, in the public and private sectors – can work together to make the software stronger

Federal HIE Solution NHIN Node

Implementing CONNECT Architecture & Components within the Health Information Organization (HIO) NH

ode IN N

HIO Zone NHIN Zone

HIO System(s)

NHIN Infrastructure Zone Services Registry Security Infrastructure

CONNECT

Minimal centralized federal services

Federal HIE Solution – Removing the Covers Hiding Complexity “inside CONNECT”NHIN Node

HIO Zone NHIN Zone

Implementing CONNECT Architecture & Components within the Health Information Organization (HIO) ode NN

HIO System(s)

NHI

NHIN Infrastructure Zone Services Registry Security Infrastructure

Patient Discovery

Query for Documents

Retrieve Documents

Subscription Management

Notification Processing

Document Submission

Audit Reporting

UDDI Update Management

Audit Reporting

UDDI Update Management

CONNECT Gateway NHIN Orchestration Components Subject Discovery

Query for Documents

Retrieve Documents

Subscription Management

Notification Processing

Document Submission

Audit Repository

Document Cache

Connection Manager

Subscription Repository

CONNECT Core Components Patient Correlation Repository

Patient Discovery

Query for Documents

MPI

Retrieve Documents

Policy

Subscription Management

Notification Processing

Others Others

Document Submission

Audit Reporting

CONNECT Adapter Adapter Services Bus Re-Identification

Subscription Repository

Policy Engine

MPI

Document Registry

Document Repository

Federal Gateway Services Model Illustrates Complex HIE Orchestrations

SDK Services Data Transforms

Terminology Services

Others Others

Oracle Health Information Exchange “Edge-server” Architecture Use of Open Source Software

Firewall Penetrations

Edge Servers for EHR Users

Multiple Internal and back channel PHI Data Sources

Desktop Virtualization End Users

Cloud Computing Data Center Web Service Orchestration

Oracle Health Sciences Information Gateway Web Service Registries

Data Center Adapter

DMZ Gateway

PKI Security Certificate Authorities

Other SOA Service Endpoints Other Oracle VM Assemblies

•Oracle VM (Xen) •Oracle MySQL

Data Center Management

•Oracle Solaris

Oracle VM Assembly Builder Oracle Enterprise Manager

EXALOGIC

SOA-based Integrations

•Oracle Linux Data Center Firewall

Standardized “Front Door” HIE Transactions

•Oracle GlassFish DMZ Firewall & Internet

Other Health Information Organizations

Adaptive Web Service Design & Orchestratio

Fixed Web Service Orchestration

Oracle Databases Enterprise Linux

Solaris Containers

Oracle Hardware Servers

Oracle VM

Database Encryption

EXADATA

Oracle Health Sciences Information Gateway Delivering Value

Oracle Health Sciences Information Gateway (HIG) leverages the CONNECT open source application and Oracle server virtualization to orchestrates secure, health policy-based communications over the Internet for the protection in-flight of personal health information (PHI)

Providers

Academic Medical Centers

Clinical Researchers

Oracle Health Sciences Information Gateway accelerates the implementation of meaningful use objectives through health sciences information exchange between certified and non-certified EHR modules and other health information organizations

Oracle Health Sciences Information Gateway facilitates health sciences information exchange for research purpose and patient care purposes at a very low IT cost

Oracle Health Sciences Information Gateway lowers the cost of obtaining and executing on consumer consent for release of health sciences information for clinical research purposes

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Oracle Health Sciences Information Gateway Oracle VM Template Model

HIG Roadmap: • Upgrade to newer releases of CONNECT (now Aurion) • Offer WebLogic application server templates in addition to GlassFish application server templates

Oracle Health Sciences Information Gateway DMZ Gateway Component Architecture based on CONNECT

Governance and Compliance • • • •

Protects Health Data Center Personal Health Information (PHI) Enforces Privacy Policies on Release of Information Encryption In-flight over the Internet NHIN Compatible Web-services exposed to the Internet

Patient Discovery

Query for Documents

Retrieve Documents

Subscription Management

Notification Processing

Document Submission

Audit Reporting

UDDI Update Management

Audit Reporting

UDDI Update Management

CONNECT Gateway NHIN Orchestration Components Subject Discovery

Query for Documents

Retrieve Documents

Subscription Management

Notification Processing

Document Submission

Audit Repository

Document Cache

Connection Manager

Subscription Repository

CONNECT Core Components Patient Correlation Repository

Others Others

Oracle Health Sciences Information Gateway Data Center Adapter Services “Bus” Orchestration Governance and Compliance • • • •

Standardized Web-service Orchestration of HIE Business Processes Supports HIE Release of Information Policies Encryption In-flight through firewall and inside the datacenter Supports standard IHE XDS Web-service “plug-in” components via TLS (

Patient Discovery

Query for Documents

MPI

Retrieve Documents

Policy

Subscription Management

Notification Processing

)

Document Submission

Audit Reporting

CONNECT Adapter Adapter Services Bus ReIdentification

Subscription Repository

Policy Engine

MPI

Document Registry

Document Repository

SDK Services Data Transforms

Terminology Services

Others Others

Oracle Health Information Exchange “Edge-server” Architecture Data Center Design Requirement – Provide an Internet “buffer” to PHI data sources

Firewall Penetrations

Edge Servers for EHR Users

Multiple Internal and back channel PHI Data Sources

Desktop Virtualization End Users

Cloud Computing Data Center Web Service Orchestration

Oracle Health Sciences Information Gateway Web Service Registries

Data Center Adapter

DMZ Gateway

PKI Security Certificate Authorities

open source histories

Data Center Firewall

Standardized “Front Door” HIE Transactions

Oracle Health Sciences DMZ Firewall & Internet

Other Health Information Organizations

Adaptive Web Service Design & Orchestratio

Fixed Web Service Orchestration

Other SOA Service Endpoints Other Oracle VM Assemblies

Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine

EXALOGIC

SOA-based Integrations

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle Hardware Servers

Oracle VM

Database Encryption

EXADATA

Oracle Health Information Exchange Architecture Enterprise Access Control Built on Oracle Technology Oracle Desktop Virtualization

Oracle Identity & Access Management SSO

Caregiver Mobility

LDAP

Oracle Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Oracle Health Sciences Information Gateway Web Service Registries

Data Center Adapter

DMZ Gateway

Oracle Business Process Management Suite

SOA-based Integrations Other SOA Service Endpoints Other Oracle VM Assemblies

Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine

EXALOGIC

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

ÂŠ 2010 Oracle Corporation

BPEL Business Process Manager Process Analysis Adaptive Web Service Design & Orchestratio

Oracle Health Sciences Data Center Firewall

DMZ Firewall & Internet

Fixed Web Service Orchestration

Consent Mobility Empowerment

Web Service Orchestration ESB

PKI Security Certificate Authorities Other Health Information Organizations

User Provisioning

Solaris Containers

Oracle Hardware Servers

Oracle VM

Database Encryption

EXADATA

Standards, Testing, and Open Source The sequence of Public Development in Healthcare 1. Standards • Cross-industry Standards examples – W3C, OASIS, …

• Healthcare Standards examples – HL7 (messages, documents, services) – DICOM (imaging) – LOINC, SNOMED (terminology standards)

2. Public Software Testing Specifications • IHE (international) – XDS web services architecture, medical devices • NIST (National, e.g. US Federal EHR certifications) 3. Standards-based Open Source Healthcare Implementations • Open Health Tools (multiple projects—both tooling and applications) • CONNECT (now Aurion) • Direct Project (Secure Health Email)

Oracle Health Sciences Information Manager Health Transaction Policy Management Components Oracle Identity Management

Oracle Desktop Virtualization

SSO

LDAP

Oracle Health Sciences Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter

DMZ Gateway

Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway

Oracle BPA Suite

Data Center Firewall

Oracle Health Sciences Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine

Oracle SOA Suite Web Service Orchestration

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

Other SOA Web Service Endpoints Other Oracle VM Assemblies

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle VM

Database Encryption

Oracle Exadata Hardware Servers

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Oracle Health Sciences Information Manager Health Policy Engine Management Components

Governance and Compliance • • • • •

CONNECT Orchestrates Release of Information Decisions Dynamically executes on regulatory and organizational policy Incorporates Patient Consent into policy XACML standards based Integrates to LDAP directories for single-sign on access control

CONNECT Adapter Adapter Services Bus

ReIdentification

Policy Engine Orchestrator

Subscription Repository

Policy Engine

MPI

Document Registry

Document Repository

Adapter Policy

Policy Management Detail

Policy Enforcement Point

Components Policy Decision Point (Engine)

Single Sign-on Authentication

Adapter Document Registry/Repository

Policy Information Point

Patient Consent Mgmt GUI

Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components • First Register and Store Documents from providers

ORACLE HIM QUERY AND RESPONSE PROCESS Requestor/ESB

OHMPI

Registry

Repository

• Providers Retrieve Documents: – Find Patient – Then Locate Documents – Then Retrieve Document

Patient Lookup

Potential Matches

Display Record Set

• Supports centralized, federated and hybrid data models

Select Patient

Query XDS.b Registry

Documents Associated with Patient

Display record headers, store pointers

• HIM facilitates installation and coordination of IHE XDS components

Select Individual record/ Document

Query XDS.b Repository

Displayed Detailed result(s)

Extract full data set/ document

Oracle Health Sciences Information Manager Master Person Index (MPI) Component Oracle Identity Management

Oracle Desktop Virtualization

SSO

LDAP

Oracle Health Sciences Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter

DMZ Gateway

Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway

Oracle BPA Suite

Data Center Firewall

Oracle Health Sciences Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine

Oracle SOA Suite Web Service Orchestration

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

Other SOA Web Service Endpoints Other Oracle VM Assemblies

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle VM

Database Encryption

Oracle Exadata Hardware Servers

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Oracle Health Sciences Information Manager Healthcare Master Person Index Component

Physician Systems

HL7

Diagnostic Imaging

Web Service Hospital Systems

Public Health

Business Services API

Pharmacy Systems

• • • •

Lab Systems

EMPI IHE

Enterprise Cross-Reference of demographics and identifiers Cleanses and standardizes data Probabilistic and deterministic matching process Complex algorithms for character uncertainty Phonetic errors, transpositions, character insertion, deletion, and replacement

Oracle Health Sciences Information Manager Healthcare Master Person Index Matching Process

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Oracle Health Sciences Information Manager Health Record Locator Component (XDS document registry) Oracle Identity Management

Oracle Desktop Virtualization

SSO

LDAP

Oracle Health Sciences Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter

DMZ Gateway

Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway

Oracle BPA Suite

Data Center Firewall

Oracle Health Sciences Information Manager Features Health Record Locator Health Policy Monitor Health Policy Engine

Oracle SOA Suite Web Service Orchestration

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

Other SOA Web Service Endpoints Other Oracle VM Assemblies

Prerequisites Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle VM

Database Encryption

Oracle Exadata Hardware Servers

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Oracle Health Sciences Information Manager (HIM) Document Sharing (IHE XDS) Components • First Register and Store Documents from providers

ORACLE HIM QUERY AND RESPONSE PROCESS Requestor/ESB

OHMPI

Registry

Repository

• Providers Retrieve Documents: – Find Patient – Then Locate Documents – Then Retrieve Document

Patient Lookup

Potential Matches

Display Record Set

• Supports centralized, federated and hybrid data models

Select Patient

Query XDS.b Registry

Documents Associated with Patient

Display record headers, store pointers

• HIM facilitates installation and coordination of IHE XDS components

Select Individual record/ Document

Query XDS.b Repository

Displayed Detailed result(s)

Extract full data set/ document

Oracle Health Sciences Information Manager Healthcare Transaction Base Document Repository component Oracle Identity Management

Oracle Desktop Virtualization

SSO

LDAP

Oracle Health Sciences Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter

DMZ Gateway

Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway

Oracle BPA Suite

Data Center Firewall

Oracle Health Sciences Information Manager Features Health Record Locator Health Policy Monitor Health Policy Engine

Oracle SOA Suite Web Service Orchestration

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

Other SOA Web Service Endpoints Other Oracle VM Assemblies

Prerequisites Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle VM

Database Encryption

Oracle Exadata Hardware Servers

ÂŠ 2010 Oracle Corporation â&#x20AC;&#x201C; Proprietary and Confidential

Opportunities for Small IT Business in Healthcare Open Source Applications and the Small Healthcare Business 1. Local Support for Open Source Applications • Small Clinics – Communications with Local Hospitals, Referral Centers, and Patients

• Nursing Homes and Assisted Living Centers – Long-term residential care facilities for elderly and disabled – Communications with families

• Urgent Care Hospitals – Mostly rural emergency rooms with few beds – Ambulance communications

• Independent Pharmacies – Prescriptions from Clinics, Nursing Homes, and Urgent Care Hospital – Refill requests from patients

2. Incorporation of Open Source Software into proprietary software • Reach market entry faster • Focus on initial support and growth instead of development • Begin with Open Health Tools: www.openhealthtools.org © 2010 Oracle Corporation – Proprietary and Confidential

The Direct Project – Small Business Support “The Direct Project will help support simple exchange where a sender wants to push health information securely to a receiver.” Status: • Direct Design Initiative Launched: 1March2010 • First Live Implementation: Feb2011 (Rhode Island)

Direct Project Goals • The Direct Project was designed to provide support for small providers and consumers who are using fax as the standard for electronic health communications – Reduces the privacy and security issues related to fax – Complements the large enterprise use cases already supported by the Nationwide Health Information Network – Leverages current email workflows into an Internet-based Secure Health Email solution – Adds small, independent providers in the rural and urban “white space” to Health Information Exchange use cases

Fax “Hassle-factors” for Small Business Providers • Cost of dedicated phone lines • Labor costs: Routing paper fax to paper medical record files OR routing electronic fax to electronic image archives • Errors: Misfiling of fax records • Privacy and security breaches – Uncontrolled access to fax rooms – can’t afford dedicated rooms – Unmanned fax rooms – health records on the floor – Wrong fax line numbers – who received the health record? – Insufficient confirmations of receipt – lack of accountability

Direct Project Secure Health Email Solution • Eliminate Fax! • Use ordinary email routing for data transportation • Use Secure MIME (S/MIME email attachment) encryption for data payload • Offer standardized payload formats in addition to usual email formats – Allows increasing exchange of structured data over time – More efficient exchange of structured data as specialized health email clients are created for consumers and small providers

Direct Communications Enterprise Benefits and Risks

Enterprise Benefits of Secure Health Email • Reduction in Fax Labor Cost • Improved communication inside service area – Small business Providers • Clinics • Nursing Homes • Independent pharmacies • Home health agencies – Consumers

• Referrals from outside service area – Secondary, Tertiary, and Quaternary Hospital Care – Academic Consultations

Enterprise Risks of Secure Health Email • Protected Health Information (PHI) Security Risks – Inbound email PHI routing to legal Electronic Medical Record – may get dropped by receiving employee: clerk, nurse, physician, etc, before insertion into medical record – Outbound PHI auditing of encrypted email: risk of unauthorized and un-auditable release of encrypted PHI

• Variable (non-standard) secure email payloads increase labor costs (approaching fax labor costs) • Pubic Key Infrastructure (PKI) Management Workflow – Provisioning and Validation of Public Key Certificates (for both internal employees and external email sources) – Private Key management for internal employees

Oracle Secure Health Email Solutions for Enterprises

Oracle Health Information Exchange “Edge-server” Architecture Enterprise Access Control Built on Oracle Technology

Oracle Desktop Virtualization

Oracle Identity & Access Management

Caregiver Mobility

SSO

LDAP

Oracle Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter (CONNECT)

DMZ Gateway (CONNECT)

PKI Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway ESB

BPEL Business Process Manager

V1.1

Data Center Firewall

Oracle Health Sciences Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine

EXALOGIC

Process Analysis

Adaptive Web Service Design & Orchestratio

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

SOA-based Integrations Other SOA Service Endpoints Other Oracle VM Assemblies

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle Hardware Servers

Oracle VM

Database Encryption

EXADATA

Oracle Health Sciences Information Manager (HIM) Document Sharing (XDS) Components • First Register and Store Documents from providers

ORACLE HIM QUERY AND RESPONSE PROCESS Requestor/ESB

OHMPI

Registry

Repository

• Providers Retrieve Documents: – Find Patient – Then Locate Documents – Then Retrieve Document

Patient Lookup

Potential Matches

Display Record Set

• Supports centralized, federated and hybrid data models

Select Patient

Query XDS.b Registry

Documents Associated with Patient

Display record headers, store pointers

• HIM facilitates installation and coordination of XDS components

Select Individual record/ Document

Query XDS.b Repository

Displayed Detailed result(s)

Extract full data set/ document

Oracle Health Information Exchange “Edge-server” Architecture Road Map: Direct Project Secure Health Email

Oracle Desktop Virtualization

Oracle Identity & Access Management

Caregiver Mobility

SSO

LDAP

Oracle Portals and Applications

Oracle Sun Ray Thin Client

Consumers

Clinicians

Administrators

Web Service Registries

Oracle Business Process Management Suite

Data Center Adapter CONNECT-Direct

DMZ Gateway CONNECT-Direct

PKI Security Certificate Authorities

Consent Mobility Empowerment

Web Service Orchestration

Oracle Health Sciences Information Gateway ESB

BPEL Business Process Manager

Data Center Firewall

Oracle Health Sciences Information Manager Components Health Record Locator Health Policy Monitor Health Policy Engine Public Key Directory

EXALOGIC

Process Analysis

Adaptive Web Service Design & Orchestratio

Fixed Web Service Orchestration

DMZ Firewall & Internet

Other Health Information Organizations

User Provisioning

SOA-based Integrations Other SOA Service Endpoints Other Oracle VM Assemblies

Healthcare Master Person Index

Data Center Management

Healthcare Transaction Base

Oracle VM Assembly Builder Oracle Enterprise Manager

Oracle Databases Enterprise Linux

Solaris Containers

Oracle Hardware Servers

Oracle VM

Database Encryption

EXADATA

Enterprise Secure Health Email Architecture Protecting the Enterprise using an XDS infrastructure

•

Protected Health Information (PHI) Security Risks – Inbound email PHI decrypted and stored in XDS before notifying internal email inbox – Outbound PHI stored in XDS, audited and encrypted automatically; no email client encryption and risk of unauthorized and un-auditable release of encrypted PHI

•

Pubic Key Infrastructure (PKI) Management Workflow – Public Key Directory for Providers and Consumers – Supplies Email Public Keys to External Email Sources

The is intended to to outline ourour general Thefollowing preceding is intended outline general product productdirection. direction.ItItisisintended intendedfor forinformation information purposes only, and may not be incorporated into any purposes only, and may not be incorporated into any contract. contract.ItItisisnot notaacommitment commitmenttotodeliver deliverany any material, material,code, code,ororfunctionality, functionality,and andshould shouldnot notbe be relied upon in making purchasing decisions. relied upon in making purchasing decisions. The Thedevelopment, development,release, release,and andtiming timingofofany any features featuresororfunctionality functionalitydescribed describedfor forOracle’s Oracle’s products remains at the sole discretion products remains at the sole discretionofofOracle. Oracle.