Upload
vivien-dawson
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
CONNECT Deep Dive July 16th 2015
Goals and Focus Areas
• Goals– Provide a detailed view
of CONNECT and its benefits
– Explain how CONNECT capabilities can be used today in your environments to support interoperability use cases
2
• Focus Areas– The CONNECT evolution
from Reference Implementation to Enterprise Application
– Functional and technical review of CONNECT (services, capabilities and use cases)
• Established by the Office of Management and Budget as an E-Government Line of Business (LoB) Initiative
• Supports federal activities related to the development and adoption of health IT standards and policies
• Ensures that federal agencies seamlessly and securely exchange health data with other agencies, government entities, and with other public and private organizations
3
Federal Health ArchitectureCollaborative Mindset Drives CONNECT
4
2011
2012 2013
2014 2015
3.2.1- Deferred Patient Discovery- Audit Logging Improvements - Updates to the Universal Client - Onboarding Testing Support
3.3- Multiple Spec Version
Support- Configurable Services at
Install- Message Fan Out- Support for Clustering- Performance Tuning
4.3/4.4- NwHIN CAQH Core X12 - Testing Rigor and Automation- Support for Certifications
(eHEX/ Product, NIST/ MU2)- Industry Security Scans- System Admin Module GUI
4.0/4.2- Direct Specification Support- Message Throughput and Performance- Multiple Application Server Support- Event Logging and Usage Metrics- Build Refinements and Application
Stability
4.5- Gateway Admin- X12 Auditing- Auto of Direct Tests- FHIR/HPD Demos
5.0
CONNECT RoadmapReference Implementation to Enterprise
Application
Functional Review
Deepthi Rodrigues
What is CONNECT?
CONNECT is a software platform that supports secure health information exchange
CONNECT uses ONC Nationwide Health Information Network and industry standards to ensure interoperability with current and future exchanges
CONNECT is a low cost open source solution that is designed to be flexible to support an evolving health data exchange environment
6
6
CONNECT Can Be Used To
• Set up a health information exchange within an organization (HIE, HIH, etc.)
• Set up a Direct health information service provider (HISP)
• Tie a health information exchange into other HIEs for example the eHealth Exchange, CMS esMD or Direct
• Support patients with technology to electronically “carry” their health record as they traverse the healthcare system
• Support providers by enabling a more complete medical picture of a patient
• Provide a method to meet certain mandated interoperability requirements
7
CONNECT is NOT an Exchange (e.g. eHealth Exchange or DirectTrust)CONNECT is NOT a data sharing agreement but supports them
CONNECT is a product/platform that implements specifications to allow organizations to participate in different exchanges
Federal agencies, state agencies, private health organizations as well as vendors have implemented or incorporated CONNECT to participate in exchanges and use cases
CONNECT is NOT?
8
HealthOrganization
Systems
Role of CONNECT in Health Information Exchange
ONC/ NwHIN standards, services,
& policies
Software Platform(gateway and adapters)
Health Data Exchange
Data
ONC/ NwHIN Specifications are built off of Industry
Specifications; CONNECT
implements these
NwHINSpecifications
(SOAP)
Industry Specifications(IHE, OASIS, WS-I, IETF, W3C, HL7, ANSI)
DirectSpecifications
(SMTP)
9
CONNECT and SOAP based services
10
EHRor HIE
System
Master Patient
Index (MPI) System
Document Registry System
Document Repository
(SOAP)
Policy Engine
EHR or HIEAdapter Service
Creates/sends messages to
CONNECT and receives/processes
and responds to messages from
CONNECT
Regional Health
Information Organization
Government Agency
Health Information Exchange
Hospitals, physicians, practices
Disease Oriented Care
Network
CONNECT and Direct service
11
Any mail server
Direct(SMTP)
Edge (EHRor HIE
System)
Government Agency
Health Information Exchange
Hospitals, physicians, practices
HISP
EdgeAdapter Service
Creates/sends messages to
CONNECT and receives/processes
and responds to messages from
CONNECT
Supported NwHIN/SOAP services
• NwHIN Patient Discovery service• NwHIN Query for Documents service• NwHIN Retrieve Documents service• NwHIN Document Submission service• NwHIN Administrative Distribution service• NwHIN CAQH CORE X12 Document Submission
service• Support for underlying NwHIN specifications (Web
service Registry, Messaging Platform, Authorization Framework) and Access Consent Policy profile
• Support for multiple versions of the specifications
12
Other Supported Services - Direct
• Direct service— Applicability Statement for Secure Health Transport
specification — Implementation Guide for Delivery notifications and
Direct Project Trust Bundle Distribution— XDR/XDM for Direct messaging
13
HealthInformationExchange
(i.e. HIE, HIH, Federal partner)
HealthInformationExchange
(i.e. HIE, HIH, Federal Partner)
Use Case Scenario : Request/ Pull of Health Data
14
Patient CentricData
Patient CentricData
1) Determine if a patient is known
2) Understand what health data is available for the patient
3) Request relevant patient health record(s)
The Request/ Pull scenario provides ability to find, locate and request patient data
Health Care Organization
Health Information Exchange
( i.e. HIE, HIH)
HealthInformationExchange
(i.e. HIE, HIH)
Use Case Scenario : Submission/Push of Health
Data
Personal Health Record
Potential UsersFederal Agency
State AgencyHealth Entity
Hospital
Patient CentricData (1)
Health Care Organization
Provider CentricData (2)
Patient CentricData (2)
The Submission scenario provides the ability to push patient data
15
Health Information
Service Provider (HISP)
Health Information
Service Provider (HISP)
Use Case Scenario : Direct Based Submission of Health Data
SMTP (SMTP + S/MIME)
(SMTP + XDM)
Provides a secure way to send health information to a trusted recipient
This diagram depicts a patient referral from provider (A) to Provider (B)
16
SMTP (SMTP + S/MIME)
(SMTP + XDM)
Technical Deep DiveFeatures, Capabilities and Deployment
Jason Smith
System Deployment Overview
18
Configurable Deployment of the Gateway
QD RDPD
DS AD
X12
Audit Logging
Trans Logging
Event Logging
Policy Engine
Patient Correlation
Pass By Ref
FAN OUT
Direct
SystemAdminModule
Plugins• FHIR• MPI• HIEOS• HPD
TIME OUT
GATEWAY
19
Lightweight Gateway
• Minimize deployment load by supporting a lightweight gateway which allows smaller server footprint and use of system resources and allows the adopters to maximize the use of custom-built adapters – Supports selective services
deployment– Is Extensible– Is Configurable
BENEFITS
Adopters with capable back-end systems can have a more lightweight deployment footprint
Allows for more economical allocation and use of infrastructure resources
Paves ground for community-contributed adapter layers – to EMRs & etc.
20
Expanding supported services
• Support Direct messages to allow for greater adoption and exchange– Supports HISP functions
of sending and receive Direct messages
– Configuring and utilization of Trust Bundles for the Direct service
• CAQH CORE X12 Document Submission service– Supports Synchronous
and Deferred mode for submitting X12 payloads
BENEFITS• Broadening the supported message
transports used for healthcare data exchange
• Meaningful Use (Stage 2) Support with Direct. Support both NwHIN Exchange and Direct spec transactions through one deployment
• Enable adopters to exchange X12 payloads
• Offers a flexible built-in growth or migration path for additional use cases
• Supports expanding federal, state, commercial and regional HIE needs
21
Reference Adapters - Plugins - Add-ons
• Entity adapters– Target communities– SAML authorization elements
• Policy Engine– Configurable service for patient consent
• Patient Correlation– Correlates patient identifiers and organization mappings– Used for PD/DQ Fan Out
• MPI / HIEOS– Adapters used to proxy to open source MPI and Registry/Repo Systems
• – FHIR reference adapters for Patient, Document Reference and Binary
Resources
22
Increased Throughput
• CONNECT has improved performance throughput targeting increased numbers of PD, QD, RD, AD and DS transactions– Tested with 1600 messages
per minute at the gateway for PD, QD, RD , DS and AD services
BENEFITS
• More efficiency of gateway at higher volumes
• Support more widespread or national rollout plans for health data exchange
• Better utilization of adopter infrastructure
23
Increased Throughput
Achieved through:• Reduction in memory usage• ApacheCXF & OpenSAML• Reduced number of
static classes• Fewer number of Web
services running• Removed redundant and
duplicative code flows
*These numbers are based on the same testing methodology performed during the CONNECT
benchmark testing for release 3.3.
Document Submission
PatientDiscovery
Document Retrieve
Document Query
0 5 10 15 20 25 30 35 40 45 50
Messages per Second
CONNECT 4.0
CONNECT 3.3
CONNECT 3.2.1
CONNECT 3.1
24
Large Payloads and Messages
• CONNECT supports ability to exchange and process large payload sizes of up to 1 GB at the gateway– Achieved through streaming
and pass by reference
BENEFITS
• Increased ability to support the data exchange needs of adopters
• Enable additional use cases that require the exchange of larger file sizes
• Positive impact on performance of gateway when handling larger payloads
25
Document
Submission
Document Submission
Deferred Req
Document Retrieve
1 - GB Message 119 s* 143 s 63 s
2 - 500 MB Messages 84 s 87 s 29 s
10 - 100 MB Messages 48 s 45 s 25 s
20 - 50 MB Messages 45 s 48 s 24 s
50 - 20 MB Messages 50 s 50 s 25 s
100 - 10 MB Messages 54 s 55 s 30 s
Large Payloads and Messages
Large Payload (Combinations of Messages with payloads totaling 1 Gigabyte)
*Seconds 26
Support for Multiple App Servers
• CONNECT is supported and tested on multiple application servers, supported JEE application server containers include:– WebSphere (8.5. x)– WebLogic 12c (12.1.1/12.1.3)– JBoss (7.1.1)– JBoss EAP 6.3– GlassFish (3.1.2)
• Other containers– Tomcat 7.x/8.x– WildFly 8.1– GlassFish 4.1 (using JDK 1.8)
BENEFITS
• More deployment options
• Remove any tech stack waivers
• Model for the community to add support for other app servers
• Adopters can use their preferred app servers and take advantage of internal system admin expertise for security, scalability, etc.
27
27
Improved Logging
• Event Logging – Provide more comprehensive
event logging and metric data (counts and duration) using improved logging in CONNECT
• Transaction logging– Provide the ability to determine
the state of a transaction across messages in order to better analyze the operation of CONNECT and adopters’ trading partners
BENEFITS
• Allows adopters to better understand usage and performance
• Supports better planning and management of deployment
• Provides opportunity for automated monitoring and dynamic scaling based on load
• Provides a more holistic view of a complete transaction with any given exchange partner
• Increased insight for troubleshooting and issue resolution
28
System Administration Module
• Goals– Manage gateway
configuration– Provide gateway statistics– View log files
• Features– Connection Management– Configuration Management– Gateway Dashboard and
Status– Cross Gateway Query Client– Direct configuration
BENEFITS
• Allows adopters that do not have deep technical abilities to manage CONNECT instance
• Savings in time and energy and less need to have specialized staff
• Simple and ease of use resulting in greater acceptance of product
• Accelerate implementation timeframes
• Increase adoption and exchange partner expansion
29
Security Scan and Findings
• Goals– Ensure that with every
release the CONNECT product is secure and code quality meets requirements for federal partners
– Coordinate closely with the DoD SCQC application security team
• Tools – HP Fortify / OWASP• Features
– Address Critical, High and Medium findings
– Fortify report executed regularly
BENEFITS
• Provide a starting point for the federal partners as they continue with their C&A process and ATO requirements
• Provide a stable and secure code base to the community
• Faster implementation time
30
Security Testing CONNECT
• Example of Progression Resolving Security Findings
• Key Takeaways– Improvements in coding practices and security scanning methods– Working more proactively with DoD Security Team– Prior to Release 4.3 CONNECT was scanned after release
o Now findings are resolved or mitigated prior to releaseo Resolved 223 Critical and High findings in Release 4.4
31
Testing CONNECT
32
• Code Submission— Build, Installation, and Validation Suite
• Nightly— Regression Suites
• Release Testing— Manual Regression Suites— UI Scripts— Interoperability Testing— Installation Testing— Verification— Certification Testing (NIST, eHealth Exchange, Direct-a-thon)
32
CONNECT Technology Stack
• CXF – Web Services Stack– WS-*
• OpenSAML– Security
• Hibernate– Persistence
• Spring– DI Container– Batch (Task Scheduler)
• User Interface– JSF– Primefaces – Twitter Bootstrap
• CI/SCM Tools– Jenkins– Git
• Build Tools– Maven– Ant
• Testing Framework– JUnit– Mockito– Soap/Load UI
• Static Analysis Tools– FindBugs– Cobertura– PMD
• Security Scan Tools– HP Fortify– OWASP Dependency Checker
• Workflow/Community Tools– Atlassian (JIRA/Confluence)– Nabble
33
CONNECT is Open Source Software
CONNECT was released as open source code to keep costs low and to
promote widespread adoption to encourage health information exchange
• Open source license (Modified BSD – BSD-3)
• Use of open source tools to promote
accelerated development
• Open source community contributes in multiple
ways (development, documentation, testing)
• ONC/FHA-sponsored product management,
curation, development
• Open source code contribution
3434
Tools for Sharing and Coordinating with the CONNECT Community
CONNECT Forum
• Support and Guidance
• Sharing of Ideas
JIRA Ticketing • Make Requests• Track Work• Capture
Requirements• Prioritization
CONNECT Wiki • Documentation• Knowledge
Repository• Outreach• Release
Information
GitHub• Open Source
Code Hosting• Code Reviews• Testing• Documentation• Collaboration/
Contribution
www.connectopensource.org35
CONNECT Capabilities Review
CONNECT Capabilities Summarized Overview
• Supported Specifications: – NwHIN (Patient Discovery, Query for Documents, Retrieve Documents, Document
Submission, Administrative Distribution, Access Consent Policies, Web Services Registry
– NwHIN CAQH Core X12 Document Submission – Direct (Applicability Statement for Secure Health Transport, XDR and XDM for Direct
Messaging and implementation guides)• Application Servers (Tested): GlassFish 3.0, JBoss 7/Wildfly, WebLogic 11.x/12.x,
WebSphere 8.x• Operating Systems (Tested): Linux, Microsoft, Solaris, SPARC Solaris• Capability with multi-tier architectures• Support for deployment into a clustered environment• Application has gone through successful review by Carnegie Mellon Software
Engineering Institute Configurable Services at deployment for reduced footprint• Operates in FIPS mode, passes all security scans by leading industry tools• Simultaneous support for mulitple versions NwHIN specifications• Parallel Message initiation and processing (Fan out)• Large payload support through streaming • Performance and throughout levels to support national use cases• Capture and utilize more comprehensive event logging and metric data • Transaction Logging across multiple NwHIN messages• Support for Certifications (eHealth Exchange/ Product, NIST/ MU2), passing test suites• Testing and Automation enhancements allowing deployment of sprint tags• Database-less Audit and Event Logging• System Admin Module (GUI for dashboard, testing utilities, configuring and managing
CONNECT)36
Questions and DiscussionOpen to all Attendees
Useful Links and Contact Information
www.connectopensource.org
https://connectopensource.atlassian.net/wiki/display/CONNECT4/CONNECT+4
https://github.com/CONNECT-Solution/CONNECT
https://connectopensource.atlassian.net/secure/Dashboard.jspa
http://www.connectopensource.org/developer-resources/forums/developer-forum
38
CONNECT:
Release info:
GitHub:
JIRA:
Forums:
38
Thank You