TRANSFORMING HEALTHCARE The New Evolvent

Transcription

TRANSFORMING
HEALTHCARE
The New Evolvent
Evolvent has been acquired by
ManTech International Corporation
Big Data
12
Answers to Healthcare’s Data
Overload Challenges
Volume I, 2012
Agile Methodology
22
The Advantages of Agile
Methodology in Development
Future State
38
Disease Management
Enabled by Cloud
The New Evolvent:
Bigger, Stronger, and Serving
You Better than Ever
E
volvent Technologies is now a part of ManTech International Corporation, and
that is good news for everyone.
Evolvent has been honored to deliver a full spectrum of technology solutions that
improve healthcare where it matters most—at the point of care. Together, we will
continue to deliver that technology—and more.
The Evolvent team chose ManTech as a platform to enhance its growth opportunities
while continuing to provide our country with outstanding, mission-critical health
care solutions. With revenue of $3 billion and 10,000 highly qualified personnel,
ManTech is one of the most respected companies in the federal technology sector. We
have a reputation for innovation, integrity, and absolute commitment to the customer.
ManTech and Evolvent have a lot in common.
For its part, Evolvent will bring to ManTech unique new capabilities that we will
develop more fully and deploy more broadly. Together, we will break new ground
while continuing to uphold our shared commitment to our customers and their vital
missions.
We look forward to continuing our very positive relationship with you as a part of
ManTech International Corporation.
George J. Pedersen
Co-Founder, Chairman and Chief Executive Officer
ManTech International Corporation
Transforming Healthcare
Welcome to the 2012 Edition of Evolvent Magazine!
F
or the last 12 months, our tag line at Evolvent has been
purposefully bold and effectively captures our aspiration
to make a transformative difference in the delivery of care
through the better use of technology. From “big data” solutions
to medical imaging and real-time logistics systems, our team
is driving change for each and every client that embraces this
bold aspiration.
As a wholly-owned subsidiary of ManTech International
Corporation, Evolvent is now bigger, stronger and more
committed to transforming healthcare than ever before.
Our mission is broad enough, our talent pool deep enough,
and our capacity to deliver is strong enough to meet large
and difficult challenges across federal, commercial and international healthcare markets. We are your transformation partner – and welcome the chance to help you meet the challenges
of today and tomorrow in health IT.
Even as we seek to stimulate economic growth and create
more jobs as a country, our health remains in the news, and is
a daily concern for our long-term well-being. Healthcare and
its use of information technology continue to be a focal point
both for the economy and for changes in care delivery such
as the emergence of “Accountable Care Organizations.” Major Federal Government agencies are grappling with reform
and the implications for care delivery, reimbursement, quality,
safety and outcomes.
In this issue of Evolvent Magazine, we are trying, as usual, to
focus attention on strategic topics and bring our team’s clarity
of thought to the myriad problems we face in today’s complex
healthcare environment and explore a few ways that IT is trying to help.
Just a few highlights:
• B
ig Data: Exploring our work in handling healthcare’s
“data overload” problems, our lead architect, Kent Stevenson explains new approaches and technologies in one of
the more perplexing challenges facing our clients today.
• C
an Open Source Help? Our award-winning CTO,
Geoff Howard, delves into one of the most appealing and
most often misunderstood domains in IT today – the
mysterious world of “open source.”
• Th
e Advantages of Agile Methodology in Development:
One of our top leaders, Ms. Carolyn Melvin, now a PMIAgile Certified Practitioner (ACP), describes the emergence of
“Agile” as a development methodology and its advantages in a
rapid cycle time, demanding customer environment.
• O
perations Around Logistics: Exploring the opportunity
for better logistics information and its use in health care, one
of our top managers, Ms. Shawn Delph, writes on the need
for real-time data and the complexities of achieving quality
information on a timely basis.
• M
eet Our CloudEMR™: Our Chief Medical Officer, Dr. David Parker, explores the possibilities of “cloud-based” solutions
for electronic medical records.
• C
loud and Remote Disease State Management: Mr. Monty
Nanton, one of our executive leaders, examines the opportunity for quality of care improvements and reduced costs through
remote disease state management and real-time monitoring via
“cloud-based” solutions.
• H
ealthcare Informatics Research Initiative: Much of our
current work and much of the challenge in improving data in
healthcare organizations will revolve around better “informatics” solutions. J.D. Whitlock, our R&D lead, describes some
of the current thinking and solutions we are actively pursuing, as well as some of the client efforts we are working on in
military medicine.
• S
ecurity Around Cloud Computing: Our security team led
by veteran manager, Mr. Dennis Buxton, attacks the challenges and opportunities for information security in a world
rapidly pushing for “cloudbased” solutions.
I hope you find this edition of Evolvent Magazine informative
and useful in your daily work, and we welcome your feedback.
IT can do so much to truly transform the delivery of care and all
the organizations that serve in the ecosystem of health – whether
payor or provider focused. In the spirit of collaboration, if you
would like to share your thoughts, please send me a note. I look
forward to hearing from you. ♦
Kind Regards,
Bill Oldham
[email protected]
“Thanks for your service”
is no longer enough.
Our service members take an oath to serve, protect and defend this country. In return they ask for nothing
from us. And yet, many of us feel a great sense of duty to say, “Thank You” whenever we come across
someone in uniform. We take tremendous pride attaching a troop-supporting ribbon on our vehicles. And
we’re grateful to the young men and women who bravely go into battle for the freedoms we enjoy.
For the more than 31,000 service men and women wounded or injured in Iraq or Afghanistan, “Thank you
for your service” is no longer enough. Give thanks — then get involved.
To help these wounded service members and their families, we’re asking you to become part of something
more meaningful, something truly rewarding. A donation to the Fisher House Foundation or a Fisher House
in your area helps our heroes at a time when they need it the most. Fisher Houses, built through generous
public donations, offer our service members and their families a comfortable living
situation during treatment for traumatic, war-related medical crises. In most cases,
these service members are being treated at medical facilities far from home —
and their stays are lengthy due to the severity of their injuries.
Go above and beyond for those who give their all. Make a donation to the
Fisher House program at www.fisherhouse.org or call (888) 294-8560 toll free.
©2011 Fisher House Foundation | Creative services donated by ds+f, Washington, DC www.dsfriends.com | Photos compliments of Brendan Mattingly www.brendanmattingly.com
4 | Evolvent Magazine
MAGAZINE
VOLUME I, 2012
In This Issue:
12
Page 12
Kent Stevenson
EDITOR-IN-CHIEF
Paul Ramsaroop
EDITORS
Jennifer Cupka
Brittany Palmer
Julie Pomeroy
18
Page 18
Healthcare Informatics
Research Initiative
J.D. Whitlock
22
CONTRIBUTING WRITERS
Bill Oldham
David Parker, MD
Geoff Howard
Kent Stevenson
Carolyn Melvin
Shawn Delph
Monty Nanton
J.D. Whitlock
Dennis Buxton
Big Data
Answers to Data Overload
Page 22
The Advantages of Agile
Methodology in Development
Carolyn Melvin
28
Page 28
34
Page 34
Operations Around Logistics
Shawn Delph
Meet Our CloudEMR™
Evolvent’s Certified, CloudBased EMR
David Parker, MD
CREATIVE DIRECTOR
Bridget Skelly
38
Page 38
PUBLISHER
Evolvent Press
•
Statements contained herein may
constitute forward-looking statements
that involve risks and uncertainties.
Due to such uncertainties and risks,
readers are cautioned not to place undue
reliance on such statements.
Copyright © Evolvent,
2012 All rights reserved.
Future State:
Disease Management Enabled
by Cloud
Monty Nanton
40
Page 40
Security Around Cloud
Computing
Dennis Buxton
46
Page 46
Can Open Source Help?
Geoff Howard
Volume I, 2012 | 5
CMO Message
Well, I am rounding out the end of my
second year here at Evolvent. It has been
quite a ride – on multiple accounts...
iEHR
David Parker, MD
[email protected]
Even though they have been anticipated for quite a while, the sea-changes within
the Department of Defense (DoD) and the Department of Veterans Affairs’ (VA)
information technology (IT) organizations have been remarkable! I think there is
a good vision within the joint iEHR plans. At its core, the iEHR is to be built on
a Service-oriented Architecture (SOA). As of this writing, everyone is anxiously
waiting to see what specific technology the SOA infrastructure will utilize; but regardless of the infrastructure product, most of the work will be in creating the
services that will ride on that infrastructure and in the user interfaces that will be
created on top of it all. We here at Evolvent, have extensive experience in creating healthcare services, like those under the new Bidirectional Health Information
Exchange (BHIE) and within the Healthcare Artifact and Image Management Solution (HAIMS) and the Neurocognitive Assessment Tool (NCAT), all fundamentally SOA-based applications themselves. Indeed, these very services we have built
can be directly incorporated into the iEHR. It will be fascinating to see how the
iEHR vision will expand over the coming years. It will be great being a part of it!
CloudEMR™
A rather big surprise for me this year has been the opportunity to work on our
CloudEMR! I have worked on about seven or eight Electronic Medical Records
(EMRs), depending on how I count it, for more than 19 years now. Evolvent has
been working on various aspects of the AHLTA EMR and associated applications,
and this was the EMR-related I expected this year. So, digging in deep on a whole
new EMR, our CloudEMR, seemed to come out of nowhere for me. Perhaps the
discovery that we are doing this at Evolvent seems out of nowhere for you too! I
am enjoying being able to bring my long experience to this offering, and I am particularly enjoying the rich benefits that the architecture of the CloudEMR brings.
The future is exciting for this offering, and I encourage you to read about it in my
article on page 34 of this edition.
Mounds of Data
For years, I have been anxiously anticipating the opportunity to spend more time wading through all the
data that everyone in the Military Health System (MHS)
has worked so hard to capture over the past 10+ years.
I have had several opportunities to catch glimpses of it
in the past; most often looking at how AHLTA is actually being used – the workflows users take, how much
structured documentation are providers actually doing,
and the like. Now with the security and privacy paperwork and clearances coming through for the Health
Outcomes Research Center of Excellence (HORCE),
in partnership with the Naval Medical Center Portsmouth, Navy and Marine Corp Public Health Center
and Health Research Tx, the data is coming in and
we have been supporting Institutional Review Board
(IRB)-approved research. I am excited about the lessons this incredibly rich clinical data will teach us, now
that we are looking at it.
Updated National Interoperability
Standards
Our BHIE and Virtual Lifetime Electronic Record
(VLER) teams have spent much of the last two years
working on major interoperability efforts between the
DoD and VA, as well as commercial provider organizations. We have seen first hand the great benefits, but
remaining challenges with the current standards.
In fact, it was largely the VLER experience that motivated the Office of the National Coordinator’s (ONC’s)
Director of Standards and Interoperability to push for
an update to the HITSP “C32” – the latest version of
the Continuity of Care Document (CCD). This update
would address the major challenges found in real-life
use of the C32. Probably the biggest challenge with the
C32 has been the “onion peel” problem – the C32 is
mostly a short set of references to a whole list of underlying standards based in HL7’s Clinical Document
Architecture (CDA), with multiple layers of references,
constraints and relaxations that even sometimes stymie
the world experts.
The ONC’s Standards and Interoperability (S&I)
Framework effort charted a project in conjunction with
HL7 to “Consolidate” these standards. In addition to
consolidating the CCD, other CDA-based structured
documents (all built around a set of common “templates”) were also included in the consolidation effort.
Our Chief Architect, Kent Stevenson, and I spent a
tremendous amount of time and effort this year participating in this “consolidation” project. Now after a full
year of work, the product is done. The HL7 community
(of which we are a part) has completed and successfully
balloted the Implementation Guide for CDA, Release
2.0, Consolidated CDA Templates. I have actually been
privileged to be named a co-author on this guide. It is
a whopper at about 500 pages, including all different
document types (e.g. the CCD, Discharge Summary,
etc.) and helpful appendixes. Much of the work Kent
and I did this year was directed at making this guide a
“one-stop-shop” that is easier to understand and implement. Hopefully, (despite the overall length), interoperability implementers (like us!) will have an easier go
at it. More importantly, I hope we will all have better
interoperability success – for better patient safety and
improved healthcare system efficiency.
Here’s hoping that next year is just as productive
and exciting! ♦
Volume I, 2012 | 9
CTO Message 1010100110100010110101001101
In today’s environment of budget cuts, paralysis
from Congressional Continuing Resolutions, and an
economy still recovering, “doing more with less” has
become a necessity for our clients. Several articles
in this edition of the magazine can help survive the
challenges of this environment.
Geoff Howard
[email protected]
Agile Methodology
Agile methodology is not a magic
bullet that makes development go
faster or even necessarily more efficiently. However, it does offer a way
to ensure that even if money is not
available to build all desired features,
the most important features are
completed earliest. By managing the
process well, it is possible to build
solutions that meet customer needs,
while deferring “nice to have” items
for later. Of course, this is possible
with any methodology if you know
ahead of time what defines a successful set of features, but only Agile accounts for the fact that this is
sometimes not well understood until
the application is usable. The understanding of user needs can change
radically once the requirements are
moved from the written page to a
working application that can be seen
and used. Evolvent has been a lead-
ing adopter of Agile approaches for
Government work, including sponsoring some of our Program Managers in being among the first to
achieve becoming a PMI-Agile Certified Practitioner (PMI-ACP).
Open Source
Another approach for “doing more
with less” can be found in Open
Source. Again, Open Source does
not solve all problems magically, but
it does often provide cost effective
options to stretch budgets in ways
that have not typically been thought
possible. The commercial world has
discovered this and has turned cloud
hosting plus open source software and
tools into a predictable formula for
budget-conscious innovative startups. Perhaps it is time for the Government to borrow a few tricks from
this playbook. Again, Evolvent has
consistently provided Open Source
options for our customers through-
out our history, and utilizes it internally where the functional and financial considerations make sense for us.
In one of our recent Federal health
care projects, we have utilized Open
Source, and estimate a $5M savings
as a result.
Cloud
Finally, we see cost savings in adopting Cloud for infrastructure. With
Federal security mandates such as
FISMA and DIACAP now supported
in the leading commercial Cloud options, the financial
savings can be
considerable.
1000101101010011010001
In some cases, cloud computing can
be utilized for approximately the cost
of the electricity alone in traditional
self-hosted data center locations.
The economies of scale achieved by
the best commercial cloud options
combined with the fully automated
and elastic ability to scale up and down
cost effectively, make this a very sensible option to consider for this costconscious customer. Again, we have
fully embraced cloud both internally
and for our customers. In one recent
R&D effort, we were able to stand up
a cluster of four machines to perform
a proof of concept of a new software
approach. On physical hardware, the
infrastructure set up would have cost
at least $10,000 in hardware and taken
at least two man-days of effort. Even
if we had used spare in-house lab
capacity, the infrastructure set up
would have involved a day or two of
effort. Our use of Amazon’s cloud,
on the other hand, took five minutes for infrastructure setup, and the
entire infrastructure bill for the
R&D effort was $0.21. Cloud is not
always appropriate and does not
solve all problems, but it sure did
in this case. ♦
?
Need to do
“more with less”
We would love to
discuss with you these
and other innovative
approaches appropriate
to your unique needs.
Let us know how we
can help you succeed.
Integrated clinical, technical and management
teams to deliver success!
» Interoperability
» Informatics
» Integration
» Imaging
Evolvent is a focused healthcare systems integrator with particular
strength in federal healthcare systems. Supporting a wide range
of programs that enable clinical intelligence, quality, patient and
family centric care, chronic disease management, and comparative
effectiveness research—we are helping our clients transform
healthcare every day.
For more information, visit
www.evolvent.com
010100110100010110101001101000101101010011010001010100010
BIG
DATA
BY KENT STEVENSON
Answers to Data Overload
101010011010001011010100110100010110101001101000101010001
Data overload. It is something we have all experienced—both as individuals and as organizations. We need information and knowledge to function well, but the sheer volume of data that
we must sift through to obtain that information has become increasingly vast, and continues to
grow exponentially. Even automation of the many tasks we engage in daily has resulted in new
sources of electronic data that may contain critical pieces of information needed to resolve issues
and provide answers to complex questions. Additionally, in many cases the questions that need
to be answered were not anticipated, so the structure of data is often not supportive of providing
answers using traditional tools. Thus, it is necessary to process enormous chunks of any available
data to search for those answers. The best approach to dealing with this in today’s world is to
establish a data warehouse using emerging technologies to manage and process all data, so that
information and knowledge is available when needed.
The term “big data” is becoming increasingly common in discussions
of housing, managing, accessing and processing the large quantities
of heterogeneous data we now need to deal with.
“Big data” refers to datasets that grow so rapidly, and
essentially unchanged. Ultimately, this means that the
reach sizes so enormous, that they become difficult to
limitations are only getting pushed out incrementally to
manage effectively with standard tools and techniques.
provide some additional headroom, but not eliminated.
The difficulties include capture, storage, format, search,
Furthermore, the data volumes for warehouses are often
sharing, analytics and visualization. Though a moving
increasing faster than the limitations are getting pushed
target, current limits using traditional tools are on the
out, leaving organizations using these traditional tech-
order of terabytes (1,000 gigabytes) or tens of terabytes,
nologies wondering how to keep up with their data
with the limits varying based on the nature and use of
growth. Some of the challenges faced by RDBMS based
the data. In contrast, some organizations have begun
data warehouses include:
turning to emerging technologies to deal with the petabytes (one million gigabytes), or even exabytes (one
billion gigabytes) of data they need to process.
The Challenges of Traditional
Data Warehouses
“Relational” database technology has become ubiquitous for database management systems over the last
several decades; first for OLTP systems, then for data
warehousing. As limitations have been encountered,
extensions have been added to relational database management systems (RDBMSs) to better support the specific use cases of data warehousing. However, the underlying relational model and approach has remained
üü Data must be well understood and structured before
it can even be loaded into the database, a factor that
does not fit well with today’s fast-paced and ever
changing world.
üü Database structures must be designed with specific
use cases in mind, and new use cases are not necessarily supported without significant restructuring,
which incurs high costs in both time and money.
üü Indexes are required to access data quickly, and it is
not uncommon for these indexes to consume nearly
as much storage as the primary data. This increases
storage capacity requirements and individual indexes
often support only certain types of queries, so the
need for new indexes tends to continue.
Volume I, 2012 | 13
0101101010011010001010100010
Wishlist
for a Modern Data Warehouse
üü Databases do not scale well horizontally (i.e.
doubling the number of commodity servers does
not necessarily double database capacity from
either a storage or processing perspective). Even
though many modern RDBMSs do provide
some level of support for horizontal scaling, doing so is extremely complex, is limited in scope,
and requires careful management of structures
and balancing of requests. This often results in
acquisition of very expensive high-end servers to
meet processing requirements.
üü Support for new kinds of queries often requires
Contemplation of a data warehouse for the modern world
suggests a need for a warehouse that inherently transcends
the challenges of traditional data warehouses. Some of the
key characteristics and goals of a Data Warehouse that
truly supports modern needs include:
-
üü Managing storage when tables grow exponen-
-
tially can require reorganization of entire tables,
often requiring significant planning and downtime.
-
that must be transformed before loading into
the database.
üü Unstructured data, such as that contained in log
files, is increasingly being viewed as a source of
critical information, but unstructured data is
essentially unsupported in relational databases
from a search, aggregation and processing perspective.
The bottom line is that although RDBMSs are of-
for all data in a way that provides easy access, low
growth beyond what was originally anticipated.
Reduce Duplication
L imit the need for multiple forms of the same data such as indexes, transport vs.
online access formats, etc. This reduces total storage requirements, improves load
times and reduces management effort.
-
Commodity Hardware
ood quality commodity hardware should be sufficient to provision a highly scalG
able cluster and avoid the need for expensive high-end hardware.
-
Robust, Resilient, Highly Available
esigned and built from the ground up to be robust, resilient and highly available.
D
No single points of failure should be present in the architecture, and all the redundancy needed should be provided using standard, commodity SW/HW.
-
Efficient Resource Utilization
ake efficient use of available memory, processing power and storage; avoid
M
excessive system administration needs, and not require extensive training for
users accessing data.
-
Good Performance
P erformance should be good when accessing large data sets in their entirety,
regardless of their growth over time.
-
Straightforward Data Mart Support
T argeted, defined data sets should be easily extracted from the data warehouse
into a data mart in which standard BI and reporting tools can be used.
-
Analytical, Statistical & Data Mining Support
irectly accessible using standard analytics, statistical and data mining tools and
D
provide good performance for accessing data using those tools.
overhead, ready support for answering new kinds
of questions over time, and the ability to handle
Cross Format Capable
P rovide the capability to aggregate or combine data from multiple sources/types/
formats to support linking data, regardless of the source.
ten still the best tool for OLTP processing, they are
simply not well suited to serve as a data warehouse
Easily Accessible
P rovide easy access to all of the types/formats of data contained—even if not
specifically designed/constructed for the data elements of interest.
üü Databases that are not specifically designed from
üü Data sources often have different formats
Data Format Agnostic
apable of holding virtually any format of data—files, tables, logs, documents,
C
images, XML, etc.
analysis, design and creation of additional indexes. In some cases, the data must be copied,
or table structures must be reworked in order to
support new types of queries.
the ground up with “big data” in mind tend to
degrade quickly in terms of performance and
manageability as data size increases. Even databases specifically designed for “big data” tend to
degrade in performance as data volumes increase.
Linear Horizontal Scalability
oubling the number of servers in the cluster doubles capacity. Architecture
D
contains no inherent bottlenecks that limit the number of servers in the cluster.
-
Standardized View of the Data
Include tools for defining canonical data models for all contained data, documenting the mapping to source data structures and publishing data based on the
canonical models. The canonical models should be based on standard models
wherever possible.
101010011010001011010100110100010110101001101000101010001
Emerging Technologies
Fortunately, recent innovations are now readily available to help meet these goals. Large-scale commercial
enterprises such as eBay, Wal-Mart, Facebook, Yahoo,
and others, are successfully performing analytics on
data sets greater than 5-15 petabytes. The amount of
data held and mined by Google is not publicly disclosed, but is believed to be well above this size. The
Innovations in Data Warehousing
and Business Intelligence
mindset of many of these companies, and others like
them, is to capture and keep all the data they can obtain and continuously discover new questions to ask
of that data to improve their competitive edge. Even
system log files from their host of servers become important sources of important information. The solutions for each of these companies are not identical,
but do share some common technological approaches. Most importantly, each uses solutions focused on
massively parallel processing (MPP), next-generation
There are two recent innovations in data warehousing
and business intelligence that dovetail with these big
data technologies to give even greater flexibility and
power to the analysis and real-time use of data:
1. COLUMN-ORIENTED DATA STORES
Put simply, traditional relational database management systems are built for efficient
processing of transactions, which generally affect one row of data and retrieve data
in the same way. Databases such as Oracle, Microsoft SQL Server, IBM DB2, MySQL,
grid computing, and software/hardware systems that
etc., are all historically “row-oriented” transactional databases that serve the needs
are designed from the ground up to perform under
of transactional systems successfully. Because data warehouses generally retrieve
data volumes orders of magnitude larger than can be
reasonably accommodated by traditional techniques.
Mature turnkey MPP databases, such as Teradata and
data about one “field” (column) across many or all rows, and generally load data
not row-by-row but in large batches, row-oriented stores are not optimized for data
warehousing tasks, though traditional data warehousing practices have mostly
worked around that limitation. Column-oriented stores realign their storage and
Netezza, come with a considerable price tag, but cur-
retrieval structures to optimize for the different characteristics of data warehouse
rently offer an edge for real-time performance.
and analytics workloads, achieving significant performance and storage advantages.
In the last few years, a new approach has emerged
Hadoop and Hive (as well as some of the other big data platforms) now provide
“column-oriented” storage to directly support this approach where applicable.
and has gained traction because it offers greater scal-
2. MEMORY & HARDWARE ADVANCEMENTS
ability and comparable performance using commod-
The second recent innovation has been driven by the advancement of hardware,
ity hardware at a lower total cost. In 2003 and 2004,
which can now accommodate significantly increased memory density on commod-
Google published two academic papers describing a
highly distributable storage system and computing algorithm called “map -reduce,” which they had devel-
ity hardware. Memory is the computing component that allows rapid access to the
information, which is actively being utilized at the moment. This is in contrast to
storage “disk drives,” which hold information long term (even after the computer is
turned off), but are significantly slower. Recent hardware improvements have drasti-
oped and used internally for Google’s massive search
cally increased the amount of memory that a computer can utilize, at cost points that
engine processing. An open source implementation
are not major capital investments, as was the case for previous generations of high
of each of these innovations has been developed by
the Apache Hadoop project at the Apache Software
memory density systems. As an example, Dell’s standard server line now includes a
server which can accommodate a terabyte (1,000 gigabytes) of memory. To leverage
this capability, “in-memory” database systems have been introduced to the market,
Foundation, and has matured quickly enough to gain
which make maximum use of available memory through innovative techniques such
extensive adoption by companies such as Facebook
as compression. With compression ratios of 10:1, these databases can perform
and Yahoo. In 2009, Yahoo used a Hadoop computing cluster to win an international benchmark competition for sorting speed on large data – in one case
lightning fast analytics on approximately 10 terabytes of data per machine. While
“big data” substantially exceeds these data volumes, in-memory database systems
are poised to become a powerful component of a larger data warehousing and analytics strategy. In particular, they provide extremely fast visualization and exploration
of data marts extracted from the base warehouse.
Volume I, 2012 | 15
010100110100010110101001101000101101010011010001010100010
sorting one petabyte (1,000 terabytes) at an astounding world record rate of one terabyte every 60 seconds. Commercial activity confirms the viability and importance of this approach. For instance, commercially supported versions of Hadoop, such as Cloudera, are now available; EMC, a network storage,
data recovery and information management company recently acquired Greenplum, which offers a
commercial appliance implementation of these same algorithms; and Teradata and Netezza both now
offer connectors to Hadoop to enable each platform to leverage the other’s complementary strengths.
Additionally, the extensive activity and interest in the Hadoop project has resulted in a number of addon Apache open source projects that provide tools such as:
Hive™
A data warehouse infrastructure, which provides data summarization and ad hoc
querying using standard SQL statements
Mahout™
A scalable machine learning and data mining library
Pig™
A high-level data-flow language and execution framework for parallel computation
Hadoop and the related open source toolsets not only provide MPP capabilities on commodity hardware with linear horizontal scalability, they also support storage and processing of unstructured data
such as log files, XML and documents, do not require indexes to achieve good performance, provide
relational query capabilities for data stored in non-relational format, support custom processing of large
data sets and provide robust, resilient and highly available storage and processing. Indeed, it is currently
possible to create a Hadoop based data warehouse that avoids all of the above listed challenges of a traditional relational based data warehousing solution and achieves all of the above listed key characteristics
of a good modern data warehouse.
101010011010001011010100110100010110101001101000101010001
Suddenly, data overload does not
Health Outcomes Research
Center of Excellence (HORCE)
appear to be such a monster after all...
Evolvent is the technology partner for a CooperaConclusions
tive Research & Development Agreement (CRADA)
In Evolvent’s Research and Development (R&D) lab,
and Health ResearchTx to create the Health Out-
we are combining these strategies and technologies, and
are in the process of refining their application to large
Federal healthcare data sets. We are also leveraging this
approach to build a new modern data warehouse for the
federal Government. This approach promises to resolve
the issues inherent in the traditional RDBMS-based approach, and provides a cost effective solution that can
start small and scale up as needed. Even though we are
currently working with structured data on these projects, the fact that we are using Hadoop as the foundation means that unstructured data can be added at any
time to meet the needs of the enterprises, and a robust
warehouse supporting a hybrid of structured and unstructured data is provided. This solution also positions
these enterprises to quickly adapt to changes in the data
landscape, to support access to data sources not previously considered, and to begin to answer questions not
contract between the Department of Defense (DoD)
comes Research Center of Excellence (HORCE), in
partnership with the Portsmouth Naval Medical Center, Navy and Marine Corp Public Health Center. The
HORCE is targeted at utilizing the extensive data in
DoD medical databases to conduct health outcomes
research, including data from the AHLTA Clinical
Data Repository (EHR data) and the Military Data
Repository (billing and management data). The primary goals of HORCE are multifold:
üü To assess the value of DoD health data
üü To create a secure collaboration environment for
internal DoD and external researchers to analyze
DoD health data and publish results
üü To improve force readiness, improve outcomes
and lower costs
previously considered, or considered but set aside un-
HORCE is a national resource for Federal healthcare
der the assumption that the data could not be extracted
research initiatives, being based on large-scale and de-
from the available sources. ♦
tailed clinical data, rather than simple diagnostic billing codes and pharmacy claims.
We have found that a hybrid approach combining
new “big data” technologies, such as Hadoop and
Hive, with traditional Business Intelligence tools,
such as SAS and SAS EBI is very effective given that
many studies only need to function on a selected subset of the data, often with computed summary data.
Defining and creating this subset, for instance, can
be done very effectively by an MPP system, and then
the resulting smaller data volume can be passed to
the traditional tools still preferred by analysts and researchers. We are finding that the approaches we are
developing give us a much greater flexibility to react
to and serve emerging needs and requests.
Volume I, 2012 | 17
Operationalizing America’s Undiscovered Laboratory for Health Services Research
Healthcare Informatics Research Initiative
BY J.D. WHITLOCK
The Air Force Medical Service (AFMS) is building a
optimized for historical storage in one place, and op-
Health Services Data Warehouse (HSDW) for the pur-
timized for a particular secondary use in another. The
pose of harvesting and exploiting enterprise data for
combination of the scope of MHS data, and the effi-
“Clinical Enterprise Intelligence,” a term used to de-
cient tailorability of the data for research use, makes the
scribe a wide range of capabilities from Clinical Deci-
HSDW a unique and powerful tool to support both
sion Support at the point of care, to operational perfor-
clinical and health services research.
mance metrics, to supporting clinical and health services
research. The Evolvent team, in conjunction with the
Evolvent, Intellicog Inc., and the rest of the AFMS
Center for Health Information and Decision Systems
research team are currently working on the best way
(CHIDS) at the University of Maryland, has been in-
to model and share the data for research purposes.
volved since early last year in helping the AFMS plan
For example:
and execute the research focused component of this
important effort, recently dubbed the Healthcare Informatics Research Initiative.
As noted in a recent article in the journal Medical Care1,
the Military Health System (MHS) is an “undiscovered
laboratory” for health services research. This is due to a
large and diverse patient population, an operating environment that facilitates integration of care and a health
information system linking the components of the clinical environment. The HSDW leverages these strengths
by modeling a combination of biological, clinical, purchased care claims, patient demographics and outcomes
data in a single large collection. Over the past couple of
years, the AFMS has put significant effort into modeling HSDW data for “secondary use” (secondary to the
Electronic Health Record) by means of clinical data
warehousing best practices. This means that the data is
• Describing the available data in a semantically rich
way so that researchers can easily understand its
strengths and limitations
• Developing a Clinical Research Support Service
(CRSS) to provide a “valet service” to researchers,
answering their questions about the feasibility of
using HSDW for their specific research needs
• Meeting with Air Force Graduate Medical Education
(GME) directors to better understand how HSDW
data can meet the needs of residents’ GME-required
research projects
• Leveraging advanced software to de-identify clinical
data in a way that is both safe to share and yet still
useful for research purposes (a significant challenge)
• Developing the policy and governance required to
meet stakeholder interests while protecting the data
Volume I, 2012 | 19
Lt. Gen. (Dr.) Charles B. Green, Surgeon General, U.S. Air Force, has articulated a vision for making the
HSDW a public resource for conducting research that can improve healthcare not only for the military
population, but for the entire nation. In a letter to academic leaders he stated:
“We have a responsibility both to our patients, and to medical science, to make
better use of this data for research. It is my sincere hope that through effective
partnership, we can leverage best practices in human research protection, research
data modeling, and new models of translational research in order to appropriately
expose this data for use by clinical researchers both inside the military and at
selected academic partners.”
— Lt. Gen. (Dr.) Charles B. Green, Surgeon General, U.S. Air Force
Towards this goal, Evolvent and CHIDS assisted the AFMS,
üü Data mining and knowledge discovery to generate
the NIH’s National Center for Research Resources (NCRR),
novel research hypotheses and identify new relationships in data
and the Clinical and Translational Science Awards (CTSA)
Consortium, in hosting a workshop on “Opportunities in
Translational Science Research.” The workshop was held
In the spring of 2012, the HSDW will be populated
on the NIH campus in Bethesda on May 13, 2011. The
with five years of MHS data, and will then be ready (via
workshop was designed to bring together stakeholders from
the Clinical Research Support Service mentioned above)
the military, Government, academic and industry commu-
to help support funded research projects that are of in-
nities to engage in a dialog about how to optimally utilize
terest to the AFMS and MHS.
MHS data for research. Follow on collaboration between
CHIDS, the AFMS, other federal health agencies, and ac-
Longer term Healthcare Informatics Research Initiative
ademia resulted in a whitepaper titled “Leveraging the Air
goals include:
Force Health Services Data Warehouse for Transformational Healthcare Research: An Action Agenda” (available
at http://bit.ly/hiriwp).
Recommendations in the whitepaper focused on identifying
üü Externally accessible, de-identified research data
mart made directly available to approved researchers trained on SAS, with Institutional Review Board
(IRB)-approved research projects
the significant research questions that can be addressed lever-
üü Efficient translation of research findings into evi-
aging HSDW data, and the actions necessary to move this
dence-based learning systems to improve diagnosis/
care/prognosis
research agenda forward. Three areas of research priority are
suggested. These include:
üü Condition/disease specific research of interest to the military such as TBI, PTSD and obesity
üü Health services delivery research spanning the Patient‐Centered Medical Home (PCMH) model, disease management programs and care coordination
across transitions
üü Data federation capability to include external-toHSDW data sources, such as de-identified genomics data from the AFMS PC2-Z genomics project.
This will permit the ability to compare problem lists
against the genome, discover new disease relationships with genomic data and conduct associated
longitudinal studies
The Healthcare Informatics Research
Initiative is a unique opportunity to
positively impact clinical and health
services research. It will require specialized knowledge and effective collaboration across military medicine,
multiple federal healthcare agencies,
academia and industry to be successful. Evolvent is proud to play a role
on this ground-breaking project. ♦
Gimbel, R.W., Pangaro, L., & Barbour,
G. (2010). America’s “Undiscovered”
Laboratory for Health Services Research.
Medical Care, 48(8): 751-756.
1
In the book, Transforming Health Care: Better Data for Better
Interested in hearing
more about the Health
Informatics Research
Initiative?
Care, we advance the following principles:
• How we deliver care can be fundamentally changed, extended,
supported and enriched by a host of different operating concepts
that are made possible by changes in information technology
• The cost of care can be radically changed through better use and
exchange of information
• The quality of care can be dramatically improved through better
Visit Session #215
at HIMSS:
Date:
use and exchange of information
• Transforming health care depends in large part on how we design
the delivery of care and how it is supported by better data for
both consumers and providers
Friday, February 24, 2012
Time:
11:15 AM - 12:15 PM
Room:
Marco Polo 803
Pick up your FREE copy at our booth, or
download at www.evolvent.com.
The Advantages of
Agile Methodology
in Development
BY CAROLYN MELVIN
Agile
Quite a number of surveys and studies
have been done over the last few years
on agile software development. In 2008,
When beginning a software development project, the development methodology used will have a major role in the
Michael Mah, Managing Partner of QSM
speed and quality of the code developed. Because of this, the
Associates, did a series of quantitative
Agile methodology is becoming more ubiquitous amongst
studies on Agile. Below is a summary from
development organizations, and is particularly taking off in
Government organizations, including the Department of
Veterans Affairs. The primary reason for the surge in Agile
adoption is that there are now significant metrics available to
prove Agile methodologies provide greater benefits over traditional development approaches, such as Waterfall. Benefits
over traditional development approaches include:
Michael’s study that illustrates the magnitude of the improvements provided by
Agile methods:
n
reduce defect levels by 83% over previous
non-agile projects.
Higher productivity
Lower cost
n
In two software companies, the productiv
ity index numbers recorded for their project
Improved employee engagement and job satisfaction
were among the highest recorded in a data-
Faster time to market
base of 7,500 projects.
Higher quality
Improved stakeholder satisfaction
In one organization, agile methods helped
n
A
gile teams have shattered the previous
formula from traditional projects where
For those new to Agile, it is important to note that Agile
doubling staff increased defects by 2-6
focuses a team on delivering business value and reducing
times. Agile teams can increase staff with-
risk, over focusing on sticking to a plan and creating detailed
out a corresponding increase in defects.
specifications. The Agile Manifesto states, “we have come to
value working software over comprehensive documentation,
individuals and interactions over processes and tools, cus-
n
comprehensive automated testing, improve
tomer collaboration over contract negotiation, and respond-
schedule performance, but do not reduce
ing to change over following a plan.” One of the advantages
defect levels from the norm.
of Agile methodologies in software development is that it acknowledges organizations do not have the ability to predict
the future, so it establishes a flexible framework to respond
I
mmature agile teams, those that fail to do
n
M
ature agile teams, who do comprehensive
to future needs once they arise. Wherever possible, Agile de-
automated testing, improve both schedule
fers decisions about the future until the future is here, and
performance and reduce defect levels.
thus, there is better information available on which to make
our decisions.
Volume I, 2012 | 23
Since Agile methodologies are becoming so widely adopted,
In the case of some software development efforts,
it is important to understand the advantages, and even the
especially large ones, it is difficult to assess the ef-
disadvantages, in order to determine what is best for a project.
fort required at the beginning of the project.
Some of the advantages of Agile methodologies include:
Senior developers are more capable of handling
Face to face communication and continuous feedback
the kind of decisions required during the agile
from customer representative and stakeholders to
development process; therefore, it is not tuned
eliminate guesswork.
for junior developers, unless combined with more
Utilization of an adaptive team that is able to respond
experienced developer talent.
There is a lack of emphasis on necessary architec-
to changing requirements.
A team that does not have to invest time and effort
only to find by the time the product is ready to deliver,
the requirement of the customer has changed.
ture, design and documentation tasks.
During a May 18, 2011 hearing of the Senate Committee on Veterans Affairs, VA Deputy Secretary Scott
Terse and to the point documentation to save time.
Gould stated the Department of Veterans Affairs (VA)
The end result of Agile development is high
and the Department of Defense (DoD) were committed
quality software in the least possible time and
to using agile development to implement the DoD and
a satisfied customer.
VA’s integrated Electronic Health Record (iEHR) system. Specifically, Gould stated in the hearing that Agile
This means starting development fast, but with the caveat
is “bringing a sense of urgency and oversight and quality
that requirements and project scope may be “flexible” and
of management to this process that [Gould] think[s] will
not fully defined at the initial onset of development.
avoid or lower the chance that [they] might misspend
As with any process or methodology, there are shortfalls
to the Agile methodology that one should be aware of
before deciding to adopt for a project. Some of the shortfalls include:
money in this process.” Gould also stated that the DoD
and VA departments are “turning to the private sector to
build the applications that will be part of this joint, common electronic health platform.”
The lack of a full specifications at the outset can lead to
“scope creep” if not properly managed.
The project can easily go off track if the customer
representative is not clear on the desired
final outcome.
One of the advantages of Agile methodologies in software development is that it acknowledges that organizations do not have
the ability to predict the future, so it establishes a flexible framework to respond to future needs once they arise.
Agile Quiz Questions
Evolvent, in fact, has already been involved in the iEHR
development. We developed some of the backend components that provide patient data to the iEHR graphical user
interface. This development was done utilizing Agile meth-
1. How is Agile planning different from the traditional
approach to planning?
a. Agile planning is done only once
odologies, which helped make the delivery and deploy-
b. Agile planning is non iterative
ment successful. Accordingly, we can help the DoD and
c. Agile planning places emphasis on the planning
and is iterative
VA successfully implement Agile processes within the Interagency Program Office (IPO), which is a joint program
office formed to help speed the exchange of health care data
for military personnel and veterans, and is in charge of the
iEHR development.
Evolvent also works with customers to help coach and educate on Agile processes, rather than just follow a process
itself. Evolvent provides the leadership and thought processes necessary to create innovative solutions and products
d. Agile planning places emphasis on the plan
2. You are assigned as a project manager for a new team and
have been asked to follow the Agile methodology
for delivering the project. Which of the following
practices could you pick up immediately for increasing
collaboration within your team?
a. Weekly status meetings
b. Daily Stand-up meetings
through the use of Agile methodologies. In order to suc-
c. Iteration planning meetings
cessfully apply Agile methodologies to the iEHR develop-
d. Planning Poker games
ment, the IPO and development teams must be flexible and
responsive to the iEHR user needs. Utilizing Agile method-
3. Who should have access to the version control system?
ologies and Agile Project Management can help achieve all
a. Developers
these goals without compromising value, quality, or busi-
b. Customers
ness discipline.
c. Both Developers and your Customers
Below are some helpful questions and guidelines to consider when determining whether one should engage in Agile
development for a project:
1. Are customers or users active participants in requirements and analysis efforts?
2. Are changing
requirements
welcomed and
acted upon accordingly (i.e.,
there is no “re-
d. Neither Developers nor your Customers
4. Which of the following statements best defines
“Agility”?
a. Agility means planning to avoid change in scope
b. Agility means delivering with cost and schedule
c. Agility means working with smaller team sizes
Try Our
Agile
Quiz
quirements freeze”)?
3. Is work being done on the
highest priority requirements
first, as prioritized by project
stakeholders, and as a result,
d. Agility is the ability to balance flexibility and stability
5. In an Agile project, Risks with negligible impact on
the Project can be discarded due to the fact that:
a. The customer does not monitor the project risks
b. Risk management is not a focus of an Agile project,
value delivery is
c. The generic risk multiplier will cover such risks already
d. Risks with minor impact are unlikely to happen
focusing on highest risk issues
as work progresses?
Volume I, 2012 | 25
Agile Quiz Questions
4. Commitment to taking an iterative and incremental approach to development.
5. Keeping primary focus on the development of
software, not the documentation or the designs
themselves.
6. Working and developing as a team where individual input is welcome.
7. Customers and Product Owners making
business decisions, leaving developers to make
technical decisions.
The bottom line is that Agile development is taking off, and it is imperative to become familiar with
the methodology, understand it, and know how and
6. Which approach is BEST for organizations to take first
when applying Agile practices to preexisting processes
that may not be Agile?
a. Accounting for mistakes that will surely take place
and develop contingencies for them
b. Evolving existing processes to be more accepting of
new Agile procedures
c. Integrating corporate needs into existing Agile procedures and streamlining requirements and activities
d. Developing new hybrid Agile and non-Agile procedures that work and coincide well together
7. In the context of a software project, which of the
following has the MOST likelihood of becoming
a constraint:
when it is applicable. In order to help the reader as-
a. Developers
sess whether the basic principles of Agile develop-
b. Organization
ment are understood, we have included some very
basic Agile questions from www.agileexams.com, a
resource for studying for the Agile PMP exam. If
the answers to more than a few of these questions
are missed, investing some time in reading up
on Agile or even engaging in some Agile training
is suggested. ♦
c. Managers
d. Stakeholders
8. To apply new Agile practices, which of the following
is NOT one of the 3 areas of focus for a manager?
a. Manage the team
b. Manage the projects
c. Manage the environment
d. Manage investments
9. Which of the following best describes User Stories?
a. IEEE 830
b. Support tools for analysis
c. Use Cases
d. Interaction Design Scenarios
10. Who is the target audience of the Manifesto for Agile
Software Development?
a. Project Leaders
b. Project Managers
c. Software Developers
d. Product Stakeholders
Answers: 1-c, 2-b, 3-c, 4-d, 5-c, 6-b, 7-a, 8-b, 9-b, 10-c
SOURCE: www.agileexams.com
Visit us online at:
www.operationhomefront.net/dcmetro
Or call us at:
703-421-9033
Operation Homefront DC Metro
P.O. Box 650220
Sterling, VA 20165
On his 3rd tour in Iraq in 2008, Spc.
Josh Schictl was driving a Humvee
which was hit by two IED’s.
He suffered life-threatening injuries to his face
and head. Despite the quick work of medics,
Spc. Schictl lost his right eye and nine teeth.
Nearly all of the bones in his face were broken
but were stabilized before being transported to
Walter Reed Medical Center. He also suffered a
Traumatic Brain Injury (TBI).
Wounded warriors and their families struggle
for years to recover physically, emotionally and
financially from the sacrifices they make in wartime. Operation Homefront seeks to walk with
them on their journey and ease the hardships
they face. The DC Metro Chapter assisted Josh
and his wife, Emily with transitional housing,
household furnishings, holiday gifts and grocery
gift cards during these difficult times.
There are many ways you can work with the DC
Metro Chapter to assist local military families
like Josh and Emily. One way you can do this is
to let the DC Metro Chapter fill the gap for military families as they adjust to the ‘new normal’
after being deployed or wounded in combat.
Local business man thanks solider for his service.
Volunteers prepare care packages for deployed soldiers.
Contact Operation Homefront today and find out how you can
help these families who have sacrificed so much for our freedom!
Volume I, 2012 | 27
Operations Around Logistics
BY SHAWN DELPH
The mission of medical logistics is to ensure that the right
Medical logistics operations can be classified into four
product, in the right quantity, is available to the right place
main areas:
at the right time. Medical logistics covers a wide range of
topics including: logistics, production and service operations
management, program management, operations research,
supply chain management, lean production, quality assurance, forecasting, and performance metrics. Regardless of
the political environment, or whether it is a time of peace or
war, logistics readiness will remain at the forefront of military program concerns. The military’s projected decrease in
size, move toward modularity, continuous modernization,
reset and reconstitution challenges, and frequent rotation of
forces overseas, provide growth opportunities for those supporting medical logistics and the responsibility of ensuring
continuity of operations for the user community.
1. A
cquisition of materiel – initial purchase
and provisioning
2. M
anagement of resources, warehousing,
distribution and redistribution of material
3. M
aintenance, repair and enhancements to
the software systems supporting medical
logistics capabilities
4. M
aintenance and repair of the hardware
supporting the software systems
“Within minutes of hearing
When one thinks about it, logistics lie at the heart of
about a 7.0 earthquake in
every effort that takes place in the field of operations.
Haiti, the Defense Health
There will always be a requirement to support our De-
Services Systems Medical
partment of Defense (DoD) healthcare providers by
providing what they need in order to take care of our
Logistics Division sprang into
service members and their dependents. Planning and
action. The Medical Opera-
executing logistics-based programs is the heart of the
tions Directorate, Defense
managed logistics services and operations support provided by the Defense Health Services Systems (DHSS)
Supply Center Philadelphia, led by U.S. Army
Medical Logistics Division (MLD) Joint Medical Lo-
Colonel Marsha Langlois, alerted its teams
gistics Functional Development Center (JMLFDC) at
to begin rapidly stocking the U.S. Navy ship
Ft. Detrick Maryland. An outstanding example of the
dynamic nature of medical logistics supported by the
Comfort in the Port of Baltimore, Md. Staff
DHSS MLD JMLFDC was described in the January
from the Joint Medical Logistics Functional
2010 edition of the DHSS eXpresso newsletter.
Development Center in Ft. Detrick, Md.,
The suite of products used to manage medical logis-
assisted in installing security patches and
tics—the logistics of pharmaceuticals, medical and
system upgrades to the DMLSS server on
surgical supplies, medical devices and equipment, and
the Comfort. Using existing Prime Vendor
other products needed to support all DoD healthcare
providers—comprise an important part of the health
contracts and the Defense Medical Logistics
care system. After staff costs, medical supplies are the
Standard Support, the Contingency Automa-
single most expensive component of health care. The
tion Application, Medical Product Data Bank,
DHSS MLD JMLFDC has developed the following
software systems used to support medical logistics for
and Electronic Catalog applications, vital
the DoD, and provides the service and support opera-
medical supplies were researched, sourced,
tions for each of them, so that they are available to the
ordered, and delivered to the Comfort within
user community 24/7:
48 hours. These medical logistics information
à
Defense Medical Logistics Standard Support
technology applications helped ensure the
(DMLSS)
most rapid stocking of medical supplies on
à
Common User Database (CUD)
the Comfort in recent history. While in port,
à
Defense Medical Logistics Standard Support
Customer Assistance Module (DCAM)
à
Joint Medical Asset Repository (JMAR)
à
Theater Enterprise-Wide Logistics Systems
(TEWLS)
the Comfort maintains a minimal crew with
limited supplies. Typically, and depending on
the mission, it can take up to five days to restock the 1,000-bed Comfort. After departing
the Port of Baltimore on Jan. 16, the Comfort made supply stops in Norfolk, Va., and
Jacksonville, Fla., to collect more crew, fuel,
medical supplies, water, and food.”
Volume I, 2012 | 29
DMLSS
CUD
DCAM
Just-in-Time
Logistics
Strategic Planning for
Medical Readiness
Medical Online Shopping...
Simplified
üü Allows users to select and order
the best value item required,
providing an order history
üü Implements just-in-time logistics, eliminating the need to
maintain large pharmaceutical
and medical/surgical inventories at the wholesale level
üü Maintains medical and facility
maintenance records along
with work
üü This system is unique in that
it standardizes medical logistics management among the
military services, and engages
the wholesale medical logistics,
medical information management, medical information
technology, user communities,
and the health care industry
to improve the effectiveness, efficiency and quality of
healthcare delivery. DMLSS has
been proven to reduce the time
healthcare providers and health
professionals spend on logistics
planning and management
In peacetime or wartime, the Defense Medical Logistics Standard
Support (DMLSS) delivers an automated and integrated information system with a comprehensive
range of medical materiel, equipment, war reserve materiel and facilities management functions for
the Department of Defense Military
Health System.
üü Assists MHS in managing clinical workflow processes to select
medical surgical items, equipment and pharmaceuticals
üü Serves as a net-centric, medical
materiel logistics and clinical
patient encounter planning
and standardization tool
üü Merges medical materiel
logistics and clinical patient
encounter data
üü Allows online collaboration to
quickly manage workflow
üü Facilitates Defense Medical
Standardization Board business
objectives
CUD helps facilitate materiel standardization and creates optimal medical readiness interoperability by pro-
üü Allows the Department of
Defense Military Health System
users to view and order from
electronic supply catalogs
üü Primarily supports the theater
environment and allows nonlogisticians to electronically
download catalog data, place
orders and obtain status
üü Handles medical logistics
orders, follow-up requests and
receipt confirmations worldwide
üü Automates the medical supply process while delivering
electronic catalog and ordering
capability
üü Enables medical logistics mission at lower Levels of Care
(Levels I and II in Theater) and
some small clinics
viding an authoritative data source
for medical, combat, requirements,
Using DCAM, medical supplies
training and human resources to be
in the battlefield are replenished
used by the joint community for
through an electronic exchange of
planning and simulations. This en-
catalog order and status information
sures deployment of sufficient medi-
generated while managing unit level
cal resources throughout the world.
medical supplies.
JMAR
TEWLS
JMLFDC
Total Medical Asset
Visibility
Modern Military Medical
Logistics
Each of these systems plays an in-
üü Web-based application which
üü Supports intermediate medical
provides access to medical
asset information for any user,
any time, on any machine
logistics functions and consolidates national, regional and
deployed units into a single
business environment
üü Provides a single, integrated
and authoritative source for
joint medical logistics information for the Department of
Defense Military Health System
üü Provides secure and timely
data on the location, movement, status and identity of
medical materiel
üü Optimizes the medical supply
chain via data reporting from
Department of Defense business partners
üü Delivers Web-based access 24/7
worldwide
JMAR delivers a single medical asset
repository,
which
improves
operational readiness by rapidly
reporting decision support capabilities for global military operations. It
enhances business intelligence and
üü Compliments other apps
within the DMLSS
portfolio and provides a
capability for an enterprise
backbone for centralized
management of data and key
intermediate level medical
logistics processes
üü Provides single data entry and
instant data sharing across
DoD medical logisticians to
support Logistics Enterprise
üü Creates links for planners,
commercial partners and
medical logisticians to support
care in the theater through a
single ‘customer facing’ portal
üü Supports theater-level medical
materiel management, warehousing, distribution functions and medical assemblage
creation/build/management
medical asset visibility from factory
tegral role in supporting the four
main areas of medical logistics
services and operations. Through
the development and sustainment
of these products, DHSS MLD
JMLFDC has achieved significant
savings in providing medical logistics by implementing just-in-time
practices, Prime Vendor support
concepts, and by eliminating the
need to maintain large inventories
of pharmaceutical and medical/
surgical items at the wholesale level
and at military treatment facilities
(MTFs). Because of the exceptional
ability of the JMLFDC teams to
scope a difficult problem, map out
a solution and execute the plan, the
Defense Medical Logistics enterprise
architecture enjoys a maturity that
enables decision-makers to make informed decisions with confidence in
their outcomes.
Where the products supported by
the JMLFDC provide medical logistics capabilities to those directly
supporting patient care, there is yet
to frontline and provides total medi-
TEWLS is a single application
another layer of logistics supported
cal asset visibility. Its real-time asset
and database and enterprise cata-
by the JMLFDC to ensure the sta-
management and decision support
log for lifecycle management of all
bility and 24/7 availability of the
dashboards are critically important
medical assemblages and theater
products. Each of the software prod-
for military readiness because they
intermediate-level supply chain
ucts requires hardware and engineer-
directly support medical logistics
management. It eliminates several
ing support, and with five products
and supply chain management for
legacy logistics systems and stand-
deployed world-wide, this task alone
all branches.
alone products.
requires close coordination to en-
Volume I, 2012 | 31
Evolvent has designed an RTLS solution that leverages optimized tools
and integrated architecture in order to provide more efficient and automated processes through which we will realize improved productivity
and effectiveness of patient care, reduced staff hours spent searching for
equipment, and a more efficient, maintained inventory level.
sure high availability and consistently
the tracker would be routed through
placement hardware can be shipped
deliver the extraordinary up-times of
to the software engineers for further
to a production site within one day of
more than 99 percent across the board
analysis. In the case of a hardware
determining a replacement is needed.
for each of the products.
issue, the tracker would be routed
The JMLFDC maintains a warehouse
through to the Integration and De-
of constantly rotating inventory to
For each software product, there is a
ployment team who is responsible for
support all of the products and is
specialized support team of software,
issuing new and replacement hard-
responsible for the change manage-
database and network engineers who
ware to the field.
ment of that inventory, tracking the
monitor each of the production sites
for network and database issues, and
respond to product functionality issues reported by the end users of the
products. The JMLFDC has internally
developed an extensive process-driven
tracker system using Serena Business
Manager (SBM) to handle any issues
reported by the engineers or the end
users, as well as other tasks, such as
system change requests and routine
maintenance activities. Each software
product has a customized workflow,
which allows the support engineers
to account for the unique features of
each product as they are resolving reported issues. Each issue and task is
captured in the SBM as a tracker and
assigned to an engineer for initial triage. Based on the engineer’s analysis
of the tracker, and the product being
analyzed, the tracker is reviewed and
assigned to the appropriate engineers
that can address the findings. In the
case of a product functionality issue,
location of each asset at any given
Given the number of products and
moment. This allows the JMLFDC
the fact that there are more than 100
to know when inventory levels are at
production sites, the Integration and
ordering thresholds and which assets
Deployment team is shipping hard-
in the field may be reaching end of life
ware to an average of six sites a week
status. Change management for all
and is responsible for maintaining an
of the JMLFDC-managed hardware
inventory of new and replacement
maintained in inventory is performed
hardware large enough to have a read-
through a database and web-based
ily available inventory such that re-
application, which provides online
access to the inventory at any time by those individuals responsible for ordering
and picking hardware for shipment. Using the online application, inventory is
shipped using a standard First-In First-Out (FIFO) methodology ensuring that
hardware is not ‘going stale’ sitting in the warehouse. It also provides the Government full access to know what inventory they have in the warehouse at any
given time.
The Future of Logistics
Although we have made significant advances to tracking inventory and assets on
a clipboard or a spreadsheet into a database, Evolvent is taking this to the next
level through research and development of a Real Time Location System (RTLS),
which is a type of local positioning system which would allow the JMLFDC to
track and identify the location of assets in real time. Evolvent has designed an
RTLS solution that leverages optimized tools and integrated architecture in order
to provide a more efficient and automated process through which we will realize
improve the productivity and effectiveness of patient care, reduced staff hours
spent searching for equipment, and maintain a more efficient inventory level. We
project that with a more effective asset management process we can reduce loss
by 10 percent to 20 percent, and decrease cost of ownership to the Government
by at least 20 percent. With the emphasis always on patient care and by ensuring
the providers have the tools they need, they are able to efficiently and effectively
provide world-class medical care to our Service Members and Veterans.
What is a Real Time Location System (RTLS)?
By using simple, inexpensive tags attached to the assets, radio frequency readers receive wireless signals from the tags to determine the location of an asset.
Through a number of complementary technologies RTLS is capable of providing
either passive or automatic collection of location information for each tracked asset. Evolvent recognizes the goals of the DoD and the VA and the relative merits
of the most viable RTLS technologies on the market today. Having worked with
many of the clinics and medical centers we saw the need for RTLS in a hospital
operating environment in the form of a system that can leverage the capability of
the available technology to streamline operations, and improve patient care with
pertinent data available through a user configurable dashboard with a set of charts
to monitor metrics on demand.
Evolvent is driven by a significant need within the DoD and the VA to improve
productivity and efficiency, improve quality and patient experience, decrease costs
and manual tasks, and ensure patient safety. An RTLS system will indeed supply a
state of the art system to provide healthcare for our nation’s Service Members and
Veterans, who deserve the best we have to offer.
Volume I, 2012 | 33
Meet Our CloudEMR™
Evolvent’s Certified, Cloud-Based EMR
BY DAVID PARKER, M.D.
Nothing is more hyped and “buzz-worded” these days than all things
“CLOUD.” Seemingly overnight, everyone is a “CLOUD” expert, and
every company is a “CLOUD” provider of some sort. Looking under
the hood, most of these claims are a real stretch. While the definition of “CLOUD” is a bit elastic, not everything that is deployed on a
server somewhere qualifies as CLOUD.
We at Evolvent also have some “CLOUD” claims, with our
CloudEMR™ offering, but as you will see, it truly qualifies as a
Cloud-based offering—by anyone’s definition! Let me introduce you!
A Certified EMR
Intuitive User Experience
CloudEMR™ is certified by an Of-
CloudEMR is built with a modern, purely web-based design. This web-based
fice of the National Coordinator for
design greatly facilitates the learnability and usability of our system, and has
Health Information Technology (IT)
enabled clinicians to adopt it with less training and implementation effort
Authorized Testing and Certification
than what is typical for commercial EMRs. The application’s navigation and
Body (ONC-ATCB) as a “Complete
screen layouts use extremely familiar web-based paradigms for easy learnabil-
Ambulatory EHR.” This is a major
ity. User and patient chart dashboards, for example, use interfaces similar to
achievement, one that is required to
general web portals like those of My Yahoo, Google, or most general portals.
be able to achieve Meaningful Use
Secure messaging works similar to most web-based e-mail clients.
of an EHR, and also testifies to the
breadth and depth of functionality
provided by the offering. Some of
these capabilities include:
ü Clinical documentation
ü e Prescribing, including
Surescripts integration
ü E lectronic results reporting
ü A utomated laboratory
results reporting via
connectivity with major
national, regional and
local laboratories
CloudEMR provides an intuitive, web-based solution
ü Secure messaging
ü Scheduling
üM
eaningful use, PQRI and
other reporting capabilities
üH
ealth Information Exchange
(HIE) interoperability with
other providers
Patient Dashboard
Volume I, 2012 | 35
Evolvent’s Cloud-based EHR Solution
Our solution is designed to enable providers to easily exchange sensitive patient
information while remaining secure and in compliance with strict federal requirements.
Many clinicians and staff self-train
in a Service-oriented Architecture
high-reliability and easy scaling to
using the extensive library of train-
(SOA), and operates natively in a
facilitate both expected and unantic-
ing video clips provided via links
Software as a Service (SaaS) Cloud
ipated usage. Yes, it is a real “cloud-
in the application. They use on-
configuration. This commercial-off-
based” EMR!
demand training of a specific fea-
the-shelf (COTS) electronic medical
ture. Customer feedback surveys
record (EMR) runs natively within
Our SaaS EHR runs natively for
and third-party usability assess-
the Amazon Elastic Compute Cloud
commercial clients within the Ama-
ments by highly experienced clini-
(Amazon EC2), including the secure
zon EC2 cloud. For U.S. Govern-
cal informatics and EHR usability
“Amazon GovCloud” reserved for
ment agencies, Amazon Web Ser-
experts are utilized to ensure contin-
Government clients.
vices (AWS) GovCloud is used.
Amazon’s AWS GovCloud is a
ual improvement of the product is
The web-based CloudEMR is spe-
cloud environment specifically de-
cifically structured and designed
signed for U.S. Government agen-
for simplicity, usability, ease of con-
cies and contractors to move more
figuration and administration, and
sensitive workloads into the cloud,
rapid startup of new sites/facilities.
by addressing their specific regula-
The CloudEMR provides a unique
All server hardware and software
tory and compliance requirements.
and beneficial technical architec-
is provided securely ‘in the cloud,’
The new GovCloud “Region” of-
ture solution for our customers.
with built-in redundancy, extensibil-
fers the same high level of secu-
It is designed around web services
ity and elastic scalability that enables
rity as other AWS Regions, as well
regularly performed..
Cloud-based, SOA
Architecture
Service-oriented Architecture dispersed in the cloud offers flexibility, scalability,
reliability, responsiveness and redundancy for backup and failover capabilities.
as supports security controls and certifications such as
between server instances, and allows for no-downtime
FISMA, SAS-70, ISO 27001, FIPS 140-2 compliant
software and server upgrades.
end points, and PCI DSS Level 1. AWS also provides
an environment that enables agencies to comply with
HIPAA regulations.
Remote Solution Configuration
All configurations are managed remotely from the clin-
Fault Tolerance and Scalability
ics and facilities using the service. Every aspect of the en-
Our EHR implementation in the Amazon Cloud is de-
characteristic of a truly cloud-based architecture. In fact,
signed to provide a high level of fault tolerance, including
automatic failover redundancy, disaster recovery and business continuity. The design includes Amazon’s sophisticated monitoring capability, configured for automated scaling (as needed) and failover. All of these design features
enable our EHR implementation to operate at service
levels that exceed those typically seen in most environments, such as a guaranteed Service Level Agreement of
99.95% annual uptime percentage for the general server
tire system is designed to be remotely managed, a central
the administrators, developers, architects, system monitors and implementation team all work remotely from the
servers, which are in high-security facilities without public access. The very design of the platform eliminates any
need to be physically present with the servers.
Capability and Architecture that
Make a Difference!
environment (Amazon EC2) and 99.9999999% for data
We are information technology people. Software tools,
store durability (Amazon S3). The fault tolerant design
methodologies and architectures matter to us – perhaps
includes redundant servers geographically dispersed across
more than the average. More than just having a great
multiple data centers, frequent database snapshots that
buzzword-compliant app, we are excited to have this cer-
provide fast-restore backups, stored server images that en-
tified EMR that is architected in such a way to make a real
able simple and quick server restores, automatic failover
difference for our customers! ♦
Volume I, 2012 | 37
FUTURE STATE
DISEASE MANAGEMENT ENABLED BY CLOUD
BY MONTY NANTON
Paradigm Shift
In the next decade, many analysts and researchers believe
we will experience a disruptive change in the delivery of
healthcare as new technologies and discoveries in science
make it possible to practice medicine within a different
paradigm. Driven by quality and cost metrics, healthcare
systems are expected to change radically in the near future,
from the current healthcare professional and large facilitycentric systems, to distributed, networked and mobile
healthcare systems. This new paradigm will focus more
on health prevention, replacing the traditional medicine
model by changing the healthcare delivery model from
provider-centric to patient-centric, from acute reactive to
stringent observance of policy constraints. We believe remote disease state management is an excellent example for
this effort. Today, disease management care coordination
is designed around a host of algorithms on top of claims
data because data has traditionally only been available
from claims transactions. As Electronic Health Records
(EHRs) and other clinical data become more available,
we can show how this paradigm maps from traditional to
cloud-based deployment architectures.
Emergence of Cloud Computing
If we look at traditional approaches to remote home care,
intelligence was based on centralized control through a
continuous preventive, and from sampling to monitoring.
home server or gateway. Today, the intelligence and com-
In this article, we will discuss how this paradigm shift ex-
out from the home onto the network; or more precisely
poses new opportunities for innovative services by lever-
the Internet. Data, which is aggregated then stored within
aging the computational power and scalability of cloud
the cloud, can now provide dramatic new insights about
computing, along with the collective consumer knowl-
patient needs and behavior. Adoption becomes less of an
edge that exists today. The Evolvent strategy for delivering
issue when implemented properly because many potential
services from the cloud into the highly regulated health-
beneficiaries are already using cloud computing, though
care industry is designed to make derived information
they may not realize it. From Web-based e-mail accounts
available to patients, practitioners and researchers under
via Google or Yahoo, to social media networks such as
plexity in new smarter medical devices has transitioned
YouTube, Facebook or Twitter, most
people have already interacted with
data stored in the cloud.
The emergence of cloud computing,
web services and service-oriented
architecture (SOA), along with new
standards, will open up the field for
the new remote management devices that may facilitate health and
well being. At Evolvent, we believe
our ability to rapidly obtain, correlate, mine existing and create new
data, while leveraging the cloud for
validation, analysis and synthesis of
the data, will enable us to make the
information available to patients,
into only one part of a continuum
self-care, wellness, disease state eval-
of care. Since data has always been
uation and management, as well as
predominantly episodic, data gaps
remote patient monitoring, we can
have presented great difficulty for
trend patient data and send alerts to
mapping care to need, considering
health care providers when data falls
the element of time and case conti-
out of a patient’s normal range. The
nuities or discontinuities of service.
graphic above depicts a functional
based architecture.
A service delivery platform in the
view of a simple architecture to sup-
cloud allows organizations to move
port disease management.
The health care delivery value chain
forward quickly and with confidence
implications are enormous when
to take immediate action in a more
At Evolvent, we believe that en-
you consider the potential of contin-
cost-effective manner, if solutions
abling technologies around personal
uously monitoring data to allow for
can creatively solve the data gaps.
disease management in the home is
providers, payers and researchers. New ideas and solutions can
be built quickly using cloud-based
platforms that are already HIPAA
compliant. New technology implementations (like mobile devices) are
facilitated through the use of a cloud-
case coordination and more timely
interventions,
which
potentially
Leveraging the Cloud
the key to making it easier for patients to be healthier, ensuring com-
reduce cost of care. From a man-
Our strategy for a disease man-
pliance with treatment plans and
agement theory perspective, most
agement architecture is facilitated
keeping providers more in tune with
integrated delivery networks have
by leveraging the cloud to enable
their progress. As such, we continue
a separate value chain for each care
e-health Portals, which can allow
to create innovative, inspiring prod-
delivery organization. As a result,
patients and providers to monitor
ucts and services that harness the
disease management is often just
vital signs, Point Of Care Testing
power of new technologies to help
limited to data collection in a par-
(POCT), medication compliance,
patients become more aware of their
ticular part of the network mapped
etc. Through the use of common
everyday activities and motivate
to a particular sub-sector’s individ-
algorithms in quality data collection
them to participate more in manag-
ual value chain, and by extension
and analytics for clinical diagnostics,
ing disease states. ♦
Volume I, 2012 | 39
Security Around Cloud Computing
by Dennis Buxton
“To the cloud!”
To the Cloud!
“To the cloud!” the bored, airport-stranded travelers said in that not-somemorable commercial. Those hapless travelers unfortunately do not
end up in a happy place. Nevertheless, “to the cloud” is where many
organizations, both commercial and Government, are heading these
days in order to take advantage of the operating costs savings in Information Technology (IT) infrastructure that cloud-based computing
touts. According to critics, cloud computing cannot be trusted because
one is not in control of the data, while other voices state that thus far,
there have not been any significant security incidents involving a cloud
computer vendor.
While the jury is still out, and despite this relatively mild debate within
the security industry, many organizations, including the Federal Government, are finding these services very attractive for various reasons
other than simple IT infrastructure cost in terms of savings across several
aspects of the IT enterprise. Cloud computing, more specifically, offers
reduced internal hardware, software, operating and security costs because these cloud services can be purchased by the hour or even minute.
Best of all, the entire operation is managed by the provider. Subscribing
to a cloud service enables an organization to possibly reduce such infrastructure as databases, applications and e-mail, which are outsourced on
a “pay-as-you-go” basis.
Volume I, 2012 | 41
Cloud Security
Don’t Forget Security
is an endorsement of cloud computing has
As we have learned (some the hard way), the
the potential to help reduce current IT in-
Internet remains basically a lawless “Dodge
City,” and a cloud operation is Internetbased, so the risks do not necessarily disap-
Many industry
writers are noting,
pear simply because an organization has
turned its risk management processes over to
a third party. Further, many industry writers
something the Government sees has having
frastructure inefficiencies, such as, “low asset
utilization, fragmented demand for resources, duplicative systems environments, (which
are difficult to manage,) and long procurement lead times.”
are noting, “Caveat Emptor!” (let the buyer
This strategy document also addresses the
beware); how many of these organizations
security aspects of cloud computing by stat-
(let the buyer beware);
who are considering heading for the cloud
ing, “As the Federal Government moves to
how many of these
are taking a hard look at the security? Be-
the cloud, it must be vigilant to ensure the
fore a migration to a cloud-based service is
security … of Government information to
made on whatever scale, do organizations
protect the privacy of citizens and national
consider the continued security of their data
security.” By addressing the security rami-
and their operations? Do they ask for a se-
fications of cloud computing, the strategy
curity proof-of-concept before subscribing
paper equates outsourcing cloud comput-
or signing a contract? All cloud vendors will
ing to risk management. The literature cov-
undoubtedly swear to the sanctity of their se-
ering risk management can comprise vast
curity measures, but do they meet business
libraries. Here it is essentially risk transfer-
security requirements?
ence, but with heavy security input from the
“Caveat Emptor!”
organizations who are
considering heading
for the cloud are
taking a hard look
at the security?
Government to the cloud provider by stat-
Federal Government
Strategy Paper
ing, “the Federal Government will create a
Despite these risks, the Federal Government
‘defined requirements for cloud comput-
has indeed jumped on the cloud computing
ing security controls, including vulnerabil-
bandwagon, as evidenced by the publication
ity scanning and incident monitoring, log-
of the “Federal Cloud Computing Strategy,”
ging and reporting. The strategy also calls
a document written by the United States
for the Department of Homeland Security
Chief Information Officer. The document
to prioritize a list of top security threats ev-
transparent security environment between
cloud providers and cloud consumer... with
Key Security
Questions
ery six months and to ensure these controls and measures are implemented.” Technical security guidance
will come from National Institute of Standards and
Technology (NIST) that is consistent with its six step
Risk Management Framework (Special Publication
800-37, Revision 1).
The Challenges for Federal
Government and DoD
Randy Marchany of Virginia Tech’s IT Security De-
As many of us in the industry know, our military clients
ness makes the decision to move to the cloud. In this
use the Defense Information Assurance Certification
article, Mr. Marchany uses the term “asset” to mean
and Accreditation Process (DIACAP), a very challeng-
“data,” and asks, “What bad things can happen if”:
ing labyrinth of requirements, activities and documen-
partment, lists several good security questions that
must be answered concerning assets once a busi-
tation to work through, often requiring months (and
Our data became widely public and widely
in some cases years) to achieve the coveted Authoriza-
distributed?
tion to Operate (ATO). A more basic question exists:
Is it even possible for a cloud operation to meet the
rigorous, stringent and laborious requirements already
levied against Government systems and still remain a
An employee of the cloud provider accessed
and/or manipulated our data?
The
data became unavailable for a time?
cloud despite the Federal Government’s strategy? For
example, consider DODI 8500-2 IA Control Check-
In his briefing, Mr. Marchany also calls out two
list developed by Defense Information Systems Agency
key points that (1) The subscriber no longer has a de-
(DISA) for the Department of Defense (DoD). In this
fined network security border (what a paradigm shift!)
document, there are 102 separate Information Assurance (IA) controls alone whose requirements must be
addressed. Many of these controls call for a document
to be created in response. Some examples include: Incident Response Plan, Continuity of Business and Contingency Plan, Core Document, Training Plan, Busi-
and (2) Cloud computing equates to loss of control.
These two key points are especially poignant for Government and military organizations to mull over if considering a migration to commercially provided clouds.
ness Impact Analysis and many more. Will the move to
cloud force the Federal Government to streamline this
process without compromising security?
Volume I, 2012 | 43
Added to the military-specific requirements above, the
Further, from a tactical, implementation level, any Gov-
civilian Government security requirements are levied as
ernment organization considering a cloud service must
well because Federal Government IT programs have a
ask, at minimum, the following questions:
wide range of security requirements. For example, the
Federal Information Security Management Act (FISMA)
requirements include, but are not limited to: Compliance
with Federal Information Processing Standards agency
specific policies; Authorization to Operate requirements;
1. Are cloud provider’s operations U.S. based? Are parts
out-sourced to foreign-based organizations? If the latter
is true, what security requirements does the host country require its commercial enterprises to comply with?
and vulnerability and security event monitoring, logging
2. Will internal IP addresses be visible to other users?
and reporting.
3. Can the cloud infrastructure be ‘hacked’? i.e., how safe
is the cloud’s code?
Military or civil service organizations will retain the ultimate security responsibility because of statutory compliance to laws, regulations and agency requirements, as well
as the ultimate Federal mandate to protect the privacy
and confidentiality of its information and the integrity
of its data. The Government must ensure that its cloud
computing service providers are sufficiently transparent,
have adequate security and management controls and
provide the information necessary for the agency to appropriately and independently assess and monitor the
efficacy of those controls; e.g., Government oversight of
commercial operations.
4. Will your network vulnerabilities be exposed to
another cloud user? Is the cloud’s network safe, and
does it meet Government network and vulnerability
management requirements?
5. Which of the cloud employees have root and database
access, and will anything prevent them from getting
access to your corporate data? What personnel controls
are in place?
6. What level of information assurance training have
cloud employees received?
7. Are data at rest and data in transit encrypted? How?
Does it meet FIPS 140 requirements?
8. Is Government data mixed with other cloud client’s
data? More specifically, is Government PII and PHI
‘mixed’ with another organization’s data? If kept separated, what is the process used to separate the data?
9. What personnel or technical controls are in place that
can, for example, prevent insiders from downloading
data onto a USB stick and walking out of the door?
10. What is the promised service availability?
11. What are the vendor’s back-up, contingency and
incident response plans? Do they meet Government
requirements?
12. What information is captured in the audit logs? Are
audit records properly managed per Government
requirements?
The Challenge for Security
Contractors
conducting operations using cloud technology, both internally
Because cloud computing security is an ‘emerging” sub-
Rebecca Wettemann, a vice president at Nucleus Research,
domain of overall IA, this Government and industry
stated in a recent article, “the security concern with cloud
trend forces those of us who provide security services to
computing is a cultural issue.” From an Evolvent perspective,
military and other Government clients to ask: Will there
this cultural issue swings both ways. As a security provider pri-
be a continued need for our services, which are fashioned
marily to Government and military agencies, Evolvent fully
to support stove-piped, individual systems and net-
understands the cultural and associated issues with being dif-
works—the current Government and military computing
ferent from most civilian or commercial operations. Industry
model? If these cloud operations meet DoD or other Fed-
vendors must change their cultures as well to support this new
eral requirements, then the answer is obvious. We become
Government and military-wide security need, by strategically
providers of tailored private Government/Federal clouds,
planning and positioning through cloud security resource and
or engage in teaming agreements with current and future
expertise development to successfully expand into the security
cloud providers to provide subscription based cloud security services on behalf of the cloud vendor.
Evolvent Rising to Cloud
Security Challenges
Evolvent is currently engaged in two separate cloud initiatives in which the security challenges outlined above
are at the forefront of our operations. In one example,
Evolvent is performing cloud-based research and access activities involving de-identified clinical and claims
data using cloud-based technology to develop solutions
for our Health Outcomes Research Center of Excel-
and with our partners and clients.
discipline of cloud computing security. ♦
Sources and References
DISA. DoDI 850-2 IA Controls Checklist (2008, March). MAC-3 Sensitive, Version 1, Release 1.4.
Feiman, J., Heiser, J. (2011, October) Workshop: Cloud Security – Shield or Vapor. Gartner
Symposium Paper.
Gartner. (2011, July). Hype Cycle for Cloud Security. Research Paper ID Number: G00214151
Essential Guide to Cloud and Virtualization Security. (Undated). Information Security Magazine.
From http://infosecuritymag.com
Cloud Computing. National Institute of Standards and Technology (NIST). From http://csrc.nist.
gov/groups/SNS/cloud-computing
NIST Cloud Computing Program. National Institute of Standards and Technology (NIST). From
http://www.nist.gov/itl/cloud/index.cfm
Burning Security Cloud Computing Questions. Network World. From http://www.networkworld.
com/news/2009/042709-burning-security-cloud-computing.html
Cloud Computing Security. Wikipedia. Retrieved November 23, 2011, from http://en.wikipedia.org/
wiki/Cloud_computing_security
lent (HORCE) Cooperative Research and Development
Kendrick, T. (2009). Identify and Managing Project Risk, 2nd Edition. American Management
Association.
Agreement (CRADA). In the second case, Evolvent is col-
Kundra, V. (2011, February 8). Federal Cloud Computing Strategy. US CIO, The White House.
From http://www.cio.gov/documents/federal-cloud-computing-strategy.pdf
laborating with Amazon to develop viable cloud solutions
to hold patient Electronic Medical Record (EMR) data.
Kwasniewski, EJ. (2011, July). Cloud Computing in the Government. Data & Analyst Center for
Software. From http://www.thedacs.com/techs/abstract/518136
Because Evolvent’s cloud initiatives may someday involve
Marchany, R. (Undated). Presentation: Cloud Computing Security Issues. VA Tech IT Security.
personal, sensitive and privacy information that will, if
Messmer, E. (2009, March 12). Best Security Questions to Ask About SaaS. Network World. From
http://www.networkworld.com/news/2009/031209-saas-security.html
implemented, may no longer be under local security control, Evolvent is in the midst of performing a fundamental
self-examination of its existing security operations. Using
the methodology described above, Evolvent is developing
solutions for implementing effective security measures for
Mills, E. (2009, January 27). Cloud Computing Security Forecast: Clear Skies. CNET News. From
http://news.cnet.com/8301-1009_3-10150569-83.html
Guidelines on Security and Privacy in Public Cloud Computing, NIST Publication 800-144.
National Institute of Standards and Technology (NIST). From http://csrc.nist.gov/publications/
drafts/800-144/Draft-SP-800-144_cloud-computing.pdf
Definition of Cloud Computing. National Institute of Standards and Technology (NIST). From http://
csrc.nist.gov/publicatiions/nistpubs/800-145/SP800-145.pdf
Volume I, 2012 | 45
BY GEOFF HOWARD
Can Open Source Help?
There has been an increasing interest in the Federal marketplace recently regarding Open Source Software (OSS, or “Open Source”). In many ways, the Government is now following where the commercial market has been for years. Having
been long-time users of, and contributors to, Open Source software projects,
we at Evolvent find that (for the uninitiated) there can be a lot of confusion and
concern about Open Source. This article will seek to present an overview of the
Open Source Software landscape, with the hopes that we can clear up some
common misconceptions and provide some helpful insight into this growing
reality for modern enterprises.
What Exactly Is Open Source?
First of all, there needs to be a clear dis-
The generally recognized beginning of
tinction drawn between Open Source and
Open Source was with the work of Rich-
Freeware. These terms are by no means
ard Stallman in the late 1980s and the
equivalent. While both are available at no
Free Software Foundation. The words
cost, Freeware does not make the source
free and open in these phrases are meant
code available. This one discriminator
to connote permission (rights) for the
alone (of several) drives critical negative
public to use the software in ways nor-
consequences to freeware (in security,
mally disallowed by commercial soft-
for example), as we will see throughout
ware. The originating principles from
this article. In recognition of these nega-
this time focused on granting and pre-
tive consequences, Freeware is gener-
serving the right of the public not only
ally forbidden for use on Government
to use, but also to learn from, and even
networks, while Open Source is consid-
to modify the original software sources,
ered equivalent to Commercial Off-the-
if desired. The earliest implementations
Shelf (COTS).
of this thinking were in some cases radical and philosophically foreign to many
The availability of source code is not the
in the main stream. While the more
only thing that defines Open Source.
radical thinking still exists in many cor-
With the constant rise in popularity of
ners of the Open Source world, much
Open Source, many commercial software
of the thinking has now evolved to fo-
packages are offering copies of their source
cus on the pragmatic benefits of public
code to their paying customers; but again
collaboration on shared software, while
there is a distinction between this practice
providing sufficient protection for legiti-
and Open Source. The distinction hinges
mate private interests of Government
on the full meaning of the word “open.”
or Businesses.
Volume I, 2012 | 47
Of course not all Open Source is created equal. For every wildly successful project like the Apache web server, there are many others that are not
enterprise-worthy. It is helpful to understand the basis of the project.
What Types of Open Source Should I Be Aware Of?
The least likely type of Open Source projects to be
OSS license, but sell an Enterprise version at a cost.
successful and enterprise-worthy are projects created
Sometimes, this model erases the benefits of Open
and maintained by a “Lone Ranger.” While many suc-
Source, but in other cases it provides great benefit.
cessful projects start this way, if only one or a very
For example, when the Enterprise version consists of
small handful of people are working on an Open
the base Open Source version, plus additional man-
Source project, there is a significant risk that when
agement tools or enterprise integration plug-ins, the
their personal interest wanes, the project will fall by
core software code is still available to the enterprise for
the wayside. Before utilizing the software in these
inspection and extension if necessary.
cases, it is important to take into consideration the
effort that would be entailed in taking full responsi-
Federal Agencies are also now sponsoring Open
bility for the code base – to protect against the “worst
Source development of projects. A well-known exam-
case scenario” of the “Lone Ranger” abandoning the
ple is the ONC Nationwide Health Information Net-
project (and, in effect, your project). Only in rare
work CONNECT project. Evolvent is very involved
circumstances will under-supported or abandoned
in this effort, with key staff positions in the develop-
projects like this make sense for an organization. Pri-
ment of CONNECT, and as users of the project in
marily, these situations are ones such that the only
our Virtual Lifetime Electronic Record (VLER) and
alternative is to create a new code base from scratch
Bidirectional Health Information Exchange (BHIE)
to accomplish the task – the abandoned Open Source
programs for Department of Defense (DoD)/Depart-
project simply provides a good starting point for one’s
ment of Veterans Affairs (VA) interoperability. Simi-
own development.
larly, the VA continues to move forward as a sponsor
of Open Source, having recently established the Open
Another type of Open Source project is those devel-
Source Custodial Agent for VistA. Outside of the
oped and owned by for-profit companies. In many
health arena, the National Security Agency is in the
cases, this can be the best of both worlds for Federal
process of releasing an internal project, Accumulo, as
customers. They provide the freedom to develop and
Open Source through the Apache Software Founda-
test the software with no license fee but still offer paid
tion to add a new database option to the Apache Ha-
support for reduced risk and cost in production op-
doop “big data” solution. For more on Hadoop and
erations. Companies can, and do, go out of business,
Evolvent’s use of it in Federal Health Care, see our
however, and the same due diligence that would be
article on Big Data on page 12.
applied to understanding the viability of a supplier of
commercial software needs to be applied to suppliers
Many of the most successful Open Source projects,
of Open Source software. Additionally, some com-
however, are sponsored by large virtual communities
panies provide a version of their software under an
of developers, often organized under the umbrella of
a not-for-profit Open Source foundation, such as the
perfectly valid business model. Providing your basic
Apache Software Foundation (ASF), or the Eclipse
software for free, for example, can protect against
Foundation. Somewhat counter-intuitively, these vol-
commercial competitors entering at a lower price
unteer-driven foundations, without commercial inter-
point and growing “up market,” and many find that
est or control, have led to some of the most stable and
there is plenty of profit in support contracts (a “se-
long-running Open Source projects. These founda-
cret” which traditional software companies have long
tions are not chaotic free-for-alls, as one might expect.
taken advantage).
The ASF, for example, is governed by well-structured
by-laws, with leadership roles being granted only to
those who have demonstrated commitment and ability through a process sometimes known as meritocracy
(governance by those who have earned it). New projects are put through a structured onboarding process
known as an “Incubator” to help ensure the viability
of the project. Where commercial- and Governmentsponsored OSS projects tend to have only participants
who are directly paid to work on the project, successful community-driven projects can have thousands of
active participants performing development, testing
and documentation of the project.
The ASF and similar organizations are influenced in
part by a seminal essay and book on Open Source development advocating “bottom up” innovation, called
“The Cathedral and the Bazaar.” 1 Community-based
Open Source is not always under one of these structured foundations, however. Sites like SourceForge
and GitHub provide public infrastructure to support
a wide variety of projects ranging from “Lone Rangers” to fully viable communities. While these community-driven efforts do not provide commercial support
directly, an ecosystem of support companies provides
support for many of the most successful projects.
It can also be just as difficult to understand why any
individual would volunteer their valuable time to
work on Open Source software. Many individual
developers are motivated purely by the intellectual
challenge of solving interesting problems and contributing to something important. Such intrinsic motivations for software developers have been studied
and demonstrated to be as, or more powerful than,
extrinsic motivations such as salary, so it should perhaps not be surprising to find developers working
just as hard, or harder, outside of paid positions.2 For
some of the most successful and widely used Open
Source projects, developers are sometimes motivated
to participate in order to establish desirable technical
experience with an in-demand skill for their resumes.
Accordingly, many employers (including Evolvent)
consider serious Open Source work equivalent to paid
job experience.
Commercial and Government interests often support
contribution to Open Source as well. In some cases,
Open Source represents an opportunity to make a
shared investment in the technical building blocks
necessary for complex solutions. Many organizations
have found significant savings in sharing costs in this
way through investment in Open Source projects,
Why Do People Make Open Source?
and find they can also have the advantage of ensuring,
For those new to Open Source, it can be confusing to
their needs. In some cases, organizations are especial-
understand why any company would give their soft-
ly motivated to pursue this approach when product
ware away and reveal their source code to the world,
prices in a category reach inflated levels. This factor
when most companies regard their software code as a
may have played a role in many recent Open Source
tightly controlled trade secret. For many companies,
successes in product categories, such as Database
they have realized that Open Source can provide a
(Oracle MySQL), Data Warehousing (Apache Hive),
through their involvement, that the product meets
Volume I, 2012 | 49
Massively Parallel Processing (Apache Hadoop), Op-
thwart the author’s intent of providing a shared public
erating System (Linux), and Search and Information
benefit in the public release of their code. As a result,
Retrieval (Apache Lucene), to name a few.
most Open Source software is copyrighted by the author, with carefully crafted legal rights being granted
Who Owns This?
Intellectual Property and Licensing 101
In usual business, openness and private interest are
typically thought as opposite extremes. However,
in OSS, the balance between these two interests has
been achieved in different ways and in different proportions, leading to a number of different types of licenses for Open Source that should be understood.
Licenses are an important concept in all intellectual
property (IP) issues and have significance in Open
Source, just as in commercial software, to control the
to the public, as well as specific rights being denied.
While there are literally hundreds of types of Open
Source licenses, there are really only five major licenses, and only two primary types of license. The original
license from the Free Software Foundation is the General Public License (GPL). It has undergone several
revisions over the years, and it is still widely in use
today. The primary distinction between this license
and others is its use of “transitive” user rights, also
known as inherited or “viral” user rights. This grants
the right for users to modify the protected software,
granting of rights.
but then requires that the GPL license be applied
The oldest and simplest OSS “license” (of sorts) is
means, for example, that a corporation cannot modify
Public Domain. All intellectual property eventually
GPL-licensed source code and then sell those modifi-
reverts to the Public Domain after copyright protec-
cations as a closed commercial product. Even further,
tions expire. However, in this context, we are referring
the GPL applies this requirement not only to modifi-
to software that, once written, is intentionally placed
cations, but also to entirely new software, if it incor-
in the Public Domain to relinquish all personal rights
porates the protected software even through software
the author (person, corporation, etc.) would have had
linkages, as is common in software utility libraries.
in the IP. It may surprise many new to Open Source
For Government use, this style of license can create
that the vast majority of open/free software is not in
a concern when considering the security of releasing
the Public Domain. Why? Because there are nuanced
sensitive or classified code to the public. Generally,
legal possibilities that, if not protected against, could
however, these constraints only apply to code that is
to those modifications if they are distributed. That
distributed, as would be the case in a commercial sale.
Sensitive code, by definition, is not distributed in this
way. A variant of GPL, the Lesser General Public License (LGPL), softens the conditions in which these
transitive rights are applied so as to enable linking of
software modules to LGPL code without inheritance
of the license constraints. The core of the Linux operating system is an example of a well-known product
licensed under the terms of the GPL.
The other primary license type takes a different approach to downstream effect on software derived from
the licensed Open Source software. The Berkeley Soft-
ware Distribution (BSD) and Apache Software Foundation licenses allow for
closed modifications and extensions to be distributed, protecting the intellectual
property of commercial or Government interests. This license approach has led to
a large ecosystem of Open Source software forming the foundation of closed software in both commercial and Government products. In particular, the Apache
Software Foundation has developed some of the most successful projects to date
– some of which have become de facto standards in the programming world.
For example, the Apache web server is the most utilized web server software in
the world, used on 350 Million web sites, with a 65 percent market share of the
internet’s busiest sites; both more than four times as many as Microsoft IIS (the
next most common competitor).3
Open Source in the Federal Space
Sources for the article:
“Can Open Source Help?”
by GEOFF HOWARD
Raymond, E. (1999). The Cathedral and the Bazaar: Musings on
Linux and Open Source by an
Accidental Revolutionary. Cambridge, MA: O’Reilly Press.
1
Most Federal Agencies have positive or neutral positions with respect to Open
Source. For example, a 2009 Department of Defense Memorandum clarified
the DoD’s position to include asserting that the Federal Acquisition Regulation
(FAR) preference for COTS software also applies to Open Source, that Open
T. Hall, et al. (2008) What Do We
Know About Developer Motivation. IEEE Software 25(4): 92-94
2
Source should be included in Market Surveys for selecting COTS, and that Open
Source software has security advantages over closed commercial software.4 This
last point may surprise many, as the opposite opinion is often promulgated in
Federal circles. While in practice, many who use the Open Source software may
never see or use the source code, the fact that the public can see the source code
provides an important safeguard in terms of both quality and security. An inter-
Web Server Survey. (2011,
December) Netcraft. From ,
http://news.netcraft.com/archives/2011/12/09/december2011-web-server-survey.html
3
esting incident in software history is sometimes used to illustrate the fact that
Open Source contributors actually find and resolve security holes that go unnoticed in commercial software. Borland InterBase was a commercial database
software product used in many critical applications. It was transitioned to Open
Source in July of 2000. Not long after this, an Open Source contributor found
that a security “back door” had existed in the source code dating back to at least
1996, and had been included in all commercial releases of the code. The security
Department of Defense Memorandum. (2009, October). Clarifying
Guidance Regarding Open Source
Software. Department of Defense.
From http://dodcio.defense.gov/
sites/oss/2009OSS.pdf
4
problem was then quickly patched.
Certainly, Open Source software is not always the appropriate choice for a project. Hopefully, this article has helped to demystify the OS landscape. When an
enterprise-class Open Source option exists for either complete software or for
code library “building blocks,” real benefits – beyond just price – can accrue to
Government and Commercial enterprises that include Open Source software in
its selection process. In addition, when the situation arises that the cost-sharing
model of Open Source development provides benefits, it may make sense for a
Government or Commercial organization to consider contributing to, participating in or sponsoring Open Source projects.
Volume I, 2012 | 51
evolvent
|
transforming healthcare
|
www.evolvent.com

TRANSFORMING HEALTHCARE The New Evolvent

Transcription

Similar documents

Digital Industry - PASSTI | Perkumpulan Assessment Center Indonesia

iPPlus Sales Sheet - IP Plus Consulting, Inc.

Open Cloud Initaitive http://www.opencloudinitiative.org/ Sam

January 2015 - ZATIS TECHNOLOGY GROUP

AppRiver - Franchise services Inc.

Cloud Identification Guide

River Walk Audio Tour Brochure

Ziptech January 2015 Newsletter v 1 1 2

EurekaWeb - Eureka Support