Personal Healthcare IOT on PCF Using Spring

Unless o therw ise ind ica ted , these s l ides are © 2013-2016 P ivo ta l So f tware , Inc . and l i censed under a Creat ive Commons At t r ibu t ion-NonCommerc ia l l i cense: h t tp : / / c rea t ivecommons.org / l i censes /by-nc /3 .0 /

Personal Healthcare IOT on PCF using Spring

By Jim Shingler @JShingler

[email protected]

mailto:[email protected]


Who is Jim ShinglerDirector of Engineering at Fuse by Cardinal Health.

Domain Experience: Healthcare, Insurance, Financial Services, Retail

Works at: Fuse, a Cardinal Health innovation center focused on connecting technology with healthcare to build the future of health and wellness.

Passion: Applying leading edge technology to create sustainable solutions.

2


IOT What is it

3


Arthur C Clark

Three "laws" of prediction: • When a distinguished but elderly scientist states that

something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.

• The only way of discovering the limits of the possible is to venture a little way past them into the impossible.

• Any sufficiently advanced technology is indistinguishable from magic.

4

British science fiction writer (2001: A Space Odyssey)


Where did IOT come from?

5

IOT = “Internet of Things”

Kevin Ashton coined the phrase in 1999 in a presentation he made at Proctor and Gamble (P&G)

“The problem is, people have limited time, attention and accuracy—all of which means they are not very good at capturing data about things in the real world.”

“We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory. “

“RFID and sensor technology enable computers to observe, identify and understand the world—without the limitations of human-entered data. “


What is IOT

• IETF DefinitionThe term Internet of Things generally refers to scenarios where network connectivity and computing capability extends to objects, sensors and everyday items not normally considered computers, allowing these devices to generate, exchange and consume data with minimal human intervention.

• Oxford Definition Internet of things(noun): The interconnect via the Internet of computing devices embedded in everyday object, enabling them to send and receive data

6

There is no one universal definition


What Are Things

• Sensors - What is going on in the environmentTemp, Humidity, Weight, Blood Pressure, Glucose, …

• Actuators - Do something to the environment Latch, Alarm, Motor, Turn on/off

• Tags - What is in the environmentRFID (active/passive), Barcode, Finger Print, Eyeball, ….

7

Sensors, Actuators, and Tags


Everyday

8

Sensor

Tag (Card)

Actuator (Door Lock)


Everyday

9

SensorTag (Eyes)

Actuator (Door Lock)


It is here now, You might even have some yourself

10

https://www.amazon.com/oc/dash-replenishment-service/ref=s9_acss_bw_tm_changeme_1_i?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=merchandised-search-bottom-2&pf_rd_r=1S6JKDNYA42RPFKWF6RE&pf_rd_t=101&pf_rd_p=2176002462&pf_rd_i=10667898011


This isn’t Science Fiction

11

Unless o therw ise ind ica ted , these s l ides are © 2013-2016 P ivo ta l So f tware , Inc . and l i censed under a Creat ive Commons At t r ibu t ion-NonCommerc ia l l i cense: h t tp : / / c rea t ivecommons.org / l i censes /by-nc /3 .0 / 12


Are we too late? NO

13


Players / Potential Partners

14

Watson IOT

AWS IoT is a platform that enables you to connect devices to AWS Services and other devices, secure data and interactions, process and act upon device data, and enable applications to interact with devices even when they are offline.

IBM IOTF and Bluemix (Built on Cloud Foundry) IBM's Internet of Things Foundation is where you can set up and manage your connected devices. IBM's Bluemix platform is the place to quickly and easily create applications that can use real-time and historical data from your connected devices.

GE Predix (Built on Cloud Foundry) A cloud purpose-built for industrial data and analyticsAt the intersection of people, machines, big data, and analytics stands Predix: The cloud-based platform powering innovative Industrial Internet apps that turns real-time operational data into insight for better and faster decision-making.

At Pivotal, we see this IoT journey to the new normal made possible by the mobile revolution, inexpensive sensors and the falling cost of compute and storage resources. In aggregate, these trends provide the ability to analyze (and react to) very large amounts of information in real time. Sharing our observations, Silicon Valley guru Tim O’Reilly argues that collectively we are underestimating the impact of IoT, citing its potential to disrupt age old industries like healthcare.

Feb 2015, Ben Black (one of the creators of Amazon Elastic Compute Cloud ) joins Pivotal to focus on IOT. Designed and Implemented IOT Platform for a major US Car Maker.


Personal Healthcare

15


Aging Population

• Baby Boomers (Born 1946-1964)2012 - Started turning 65

16


Aging Population

17

• Silent Generation (Born 1928-1945) 28 Million Declining Quickly

• Baby Boomers (Born 1946-1964) 75 Million 2012 - Started turning 65 Peaked at 78.8 Million people in 1999.

• Gen Xers (1965-1980) 66 Million 2015 - Started turning 50

Rough Math: 169 Million PeopleThat is a lot!!!!


Actors and Stakeholders

• Patient• Caregiver• Physician• Hospital• Pharmacist

18

• Payor• Pharma• Manufacture

Unless o therw ise ind ica ted , these s l ides are © 2013-2016 P ivo ta l So f tware , Inc . and l i censed under a Creat ive Commons At t r ibu t ion-NonCommerc ia l l i cense: h t tp : / / c rea t ivecommons.org / l i censes /by-nc /3 .0 / 19

patient

caregiver(s)

physician

pharmacist

payor

pharma

non-adherence is a $290B problem

hospital


Adherence and Compliance

Adherence and Compliance are not the same thing.

Suppose I am instructed: 1 tablet 3 times a day.

If I take all 3 tablets at once, I am Compliant BUT not Adherent Possible Outcomes:

• Permanent Damage • Death • ….

20


Intervention Strategies

• How do we get people to take their medications as prescribed?

• How do we find out if the medications aren’t helping

21

It requires that Stake Holders know whats going on


Security and Privacy

“While a Social Security number can be purchased on the Dark Web for around $15, medical records fetch at least $60 per record because of that additional information, such as addresses, phone numbers and employment history. “

http://www.cnbc.com/2016/03/10/dark-web-is-fertile-ground-for-stolen-medical-records.html

22

http://www.cnbc.com/2016/03/10/dark-web-is-fertile-ground-for-stolen-medical-records.html


Legal and Regulatory

• Health Insurance Portability and Accountability Act of 1996(Section 1171 of Part C of Subtitle F of Public Law 104-191)

• HITECH Act provisions of the American Recovery and Reinvestment Act of 2009

• PHI / ePHI

• HIPAA Omnibus Rule of 2013

• FDA

23


HIPAA - 18 Protected Data Points

24

1. Names2. All geographical subdivisions smaller than a State including street address, city, county, precinct, zip code, …3. All elements of dates (except year) for dates directly related to an individual including birth date, admission date, discharge date, date of death; and all ages over 89, ….4. Phone numbers5. Fax numbers6. Electronic mail addresses7. Social Security numbers8. Medical record numbers9. Health plan beneficiary numbers


HIPAA - 18 Protected Data Points

25

10. Account numbers11. Certificate/license numbers12. Vehicle identifiers and serial numbers, including license plate numbers13. Device identifiers and serial numbers;14. Web Universal Resource Locators (URLs);15. Internet Protocol (IP) address numbers;16. Biometric identifiers, including finger and voice prints;17. Full face photographic images and any comparable images; and18. Any other unique identifying number, characteristic, or code


HIPAA - Omnibus Rule

26

• Strengthening the privacy and security protection for individuals' personal health information (PHI).

• Increasing penalties for noncompliance based on the level of negligence, with a maximum penalty of $1.5 million per violation.

Most extensive changes to the HIPAA Privacy and Security Rules since they were first implemented


FDA - We won’t cover

27

• The FDA is Very Serious about Protecting the Patient

• The FDA can make you withdraw the product from market

• The FDA has a lot to say about the Product

• How its built,

• How its ManufacturedAdvice: Work with Partners that have done this before

WOW


How?

28


How it works

29

IOT is the extension of classic Enterprise Integration (EAI) patterns outside the 4 walls of the enterprise.

Gat

eway

Application

Application

Application

Application

Application

SensorHub

Device

Sensor

Sensor

Peripheral

Peripheral

TCP/

IP

http://www.amazon.com/Enterprise-Integration-Patterns-Designing-Addison-Wesley-ebook/dp/B007MQLL4E/ref=sr_1_2?ie=UTF8&qid=1444656113&sr=8-2&keywords=enterprise+Integration


Primary Concerns• Constrained vs Unconstrained Networks• Volume of data and taking action on data• Reliability and Management of Things and Data• Extending Services outside the walls• Security (Authentication, Authorization)

Personal Healthcare Concerns• Privacy (HIPAA, HITECH, PHI/ePHI, OmniBus)• FDA

30


How to succeed

• Register and Manage remote Things

• Securely Communicate from a constrained environment

• Process and persist large amount of relatively simple data

• Analyze data for potential triggers for action

31


Lets take a deeper look

• 4 IOT Communication Models• Short and Long Haul Communications• Components of an IOT Solution• Cloud Foundry and Spring

32


4 IOT Communication Models

• Device-To-Device

• Device-To-Cloud

• Device-To-Gateway

• Back-End Data-Sharing

33

http://www.thewhir.com/web-hosting-news/the-four-internet-of-things-connectivity-models-explained

http://www.thewhir.com/web-hosting-news/the-four-internet-of-things-connectivity-models-explained


Device-To-Device

34


Device-To-Cloud

35


Device-To-Gateway

36


Back-End Data-Sharing

37


Components of an IOT Solution

38

StakeholderDashboards

EventProcessor

Device Registry

Security

Push Notifications

Application

Analytics

Big Data


Spring and PCF Helps

39

StakeholderDashboards

EventProcessor

Device Registry

Security

Push Notifications

Application

Analytics

Big Data


Even at the Application Infrastructure level

40

Dashboards

EventProcessor

Device Registry

User Account &

Authentication

Push

App

Analytics

Big Data

Micro Proxy /

API Gateway

(Zuul)Service Registry (Eureka)

Config Server


OAuth2 - Authorization Grants

• XXX

41


OAuth2 - Authorization Grants

• XXX

42


Cloud Foundry and Spring

• Spring Boot

• Spring Data

• Spring Cloud Services

• Micro / API Proxy (Zuul)

• Service Registry (Eureka)

• Configuration (Config Server)

• Data Flow (Spring Cloud Data Flow, XD, Integration)

• Spring Security

• SSO for PCF / CF UAA

43


Review

44


IOT / PCF / SCS / YOU - A Great Start

• Real opportunity to use our super powers for good• IOT - Not really NEW

• Extension of EAI Patterns and Big Data• Security and Privacy - REALLY IMPORTANT• PCF / SCS - Cloud computing platform as a service (Paas)

• Elastic Runtime and Infrastructure Services• Components that make creating an IOT Cloud Computing Solution Possible

45


Now What?

46


Next Steps

• Learn about SSO for PCF or Cloud Foundry UAA• Learn about Spring Cloud and Spring Cloud Services• Investigate:

• RxJava• Spring Cloud Data Flow• Spring Integration

47


Related 2016 Sessions

• OpenID Connect & OAuth - Demystifying Cloud Identity 8/2 11:30am-12:40PMhttps://2016.event.springoneplatform.io/schedule/sessions/openid_connect_oauth_demystifying_cloud_identity.html

• Data Science-Powered Apps for Internet of Things 8/2 4:20PM-4:50PM

• To Spring Security 4.1 and Beyond 8/3 5:00PM-6:10PMhttps://2016.event.springoneplatform.io/schedule/sessions/to_spring_security_4_1_and_beyond.html

48

https://2016.event.springoneplatform.io/schedule/sessions/openid_connect_oauth_demystifying_cloud_identity.html

https://2016.event.springoneplatform.io/schedule/sessions/to_spring_security_4_1_and_beyond.html


Resources• IETF - The Internet of Things: An Overview

http://www.internetsociety.org/doc/iot-overview• The OAuth 2.0 Authorization Framework

https://tools.ietf.org/html/rfc6749

• IAB - Architectural Considerations in Smart Object Networkinghttps://tools.ietf.org/html/rfc7452

• Authorization for the Internet of Things using OAuth 2.0 https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00

• Use Cases for Authentication and Authorization in Constrained Environmentshttps://tools.ietf.org/html/draft-ietf-ace-usecases-10

• Authorization for Internet of Things using OAuth 2.0http://www.slideshare.net/HannesTschofenig/authorization-for-internet-of-things-using-oauth-20

• GitHub URL

49

http://www.internetsociety.org/doc/iot-overview



https://tools.ietf.org/html/draft-seitz-ace-oauth-authz-00

https://tools.ietf.org/html/draft-ietf-ace-usecases-10

http://www.slideshare.net/HannesTschofenig/authorization-for-internet-of-things-using-oauth-20


Resources

• Mobile Application SSO Developers Guidehttps://developer.pingidentity.com/en/resources/napps-native-app-sso.html

• http://cloud.spring.io/spring-cloud-security/spring-cloud-security.html

• https://spring.io/guides/gs/centralized-configuration/ • https://spring.io/guides/gs/service-registration-and-discovery/ • https://github.com/xetys/spring-cloud-oauth2-example

50

https://developer.pingidentity.com/en/resources/napps-native-app-sso.html

http://cloud.spring.io/spring-cloud-security/spring-cloud-security.html

https://spring.io/guides/gs/centralized-configuration/

https://spring.io/guides/gs/service-registration-and-discovery/

https://github.com/xetys/spring-cloud-oauth2-example


Big Thanks• Will Tran @fivetenwill

https://github.com/william-tran/freddys-bbq/tree/brixtonhttps://github.com/william-tran/microservice-security

• Ralph Meira• Kenny Bastani @kennybastani

http://www.kennybastani.com/2016/04/event-sourcing-microservices-spring-cloud.htmlhttps://github.com/kbastani/spring-cloud-event-sourcing-example

• Oleg Iavorskyi @jugglinhatshttps://github.com/oiavorskyi/microverse

51

https://github.com/william-tran/freddys-bbq/tree/brixton

https://github.com/william-tran/microservice-security

http://www.kennybastani.com/2016/04/event-sourcing-microservices-spring-cloud.html

https://github.com/kbastani/spring-cloud-event-sourcing-example

https://github.com/oiavorskyi/microverse


Bonus Material

@springcentral spring.io/blog

@pivotal pivotal.io/blog

@pivotalcf http://engineering.pivotal.io


HIPAA - Health Information

53

“Health information means any information, whether oral or recorded in any form or medium, that–

(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(B) relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”


HIPAA - Individually Identifiable

54

“Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:

(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or

(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.”


HIPAA - PHI / ePHI

55

• PHI - Protected Health Information sometimes called Personal Health Information

• ePHI - electronic Protected Health Informationproduced, saved, transferred, or received in electronic form

Technology

Personal Healthcare IOT on PCF Using Spring