Clinical Decision Support (CDS) Project SOA Services Demonstration HL7 SOA September, 2014

Agenda Review of Prior Work Accomplishments since May Services Demonstration – Security Labeling and Message Escalation Technical Highlights 2 Welcome

Abbreviations Used SOA services –EPS– Event Publish & Subscription Service –OS – Order Service –UCS – Unified Communication Service Other abbreviations –CDS – Clinical Decision Support –PEP – Policy Enforcement Point –CPRS – Computerized Patient Record System –VistA – Veteran Health Information Systems and Technology Architecture –FHIR – Fast Health Interoperable Resources 3

4 EPS Topic EPS Topic CDS OS UCS HL7 May WG Meeting VistA

Accomplishments Since May Implemented core conformance profiles for the three SOA service reference implementations Refined order requirement model and interface definitions based on feedback from the May demonstration and implementation experience Submitted DSTU ballot material for the three SOA services. Enhanced the reference implementations to address: –Stability –Scalability –API completeness Added two new security uses cases to the clinical scenario demonstration: Rule-based security labeling and security policy validation Also added an escalation use case to clinical the scenario demonstration –escalation via failover –Implemented additional UCS adapters for SMS and Text-to-Voice protocols 5

Enhanced Clinical Scenario

Patient Eighteen is admitted to the hospital and treated with Gentamicin for a urinary tract infection. The patient has a signed consent directive that limits disclosure of HIV and substance abuse information except for emergency situations. His attending physician, Dr. One Provider, orders a routine chemistry lab test in VistA. When the lab is completed, the hospital’s CDS system evaluates the results and recognizes that the patient is on Gentamicin. It then sends an alert to Dr. Provider informing him of the elevated creatinine level (1.8 mg/dL) and that an unsigned order for a Gentamicin dose adjustment has been placed in VistA. Dr. Provider is requested to either sign or cancel the recommended order. The Core Story

The CDS Service also calls Dr. Provider on his desktop phone with a text-to-voice message. If Dr. Provider does not answer his phone, an SMS message is then sent to his registered SMS-enabled mobile device. Escalating the communication

Based on the organization’s policy, two newly resulted labs for patient Eighteen (an HIV blood test and a cocaine drug screening) and their corresponding alerts are treated as protected content. Given the patient’s consent policy vis-à- vis protected content, these are not accessible except under emergency conditions. The creatinine lab result and its alert, however, are not so restricted. While the patient is awake and conscious in the hospital, the physician only sees the gentamicin alert. The Security Context – Patient Able to Consent

Later, the patient develops florid urosepsis, becomes unconscious, needs mechanical ventilation and treatment for unstable hypotension. To ensure a comprehensive differential diagnosis, the physician elects to ‘break the glass’ in order to access any protected health information and advisories that may be relevant to the care required should such filtering exist. In this context, ‘break the glass’ overrides the patient’s consent directive, allowing the provider access to the full medical record, including restricted data and alerts. The Security Context – Patient Unable to Consent

11 EPS Topic EPS Topic CDS OS Updated Scenario Three Lab Orders Cocaine, HIV, Creatinine Three labeled messages sent VistA

12 CDS UCS TTV PEP

Event Publish and Subscribe Service (EPS) –VistA (via Mirth) is registered as an event publisher –VistA (via Mirth) publishes events –A CDS service subscribes to a topic –A CDS service receives event notification –A Publication Intervention intercepts the message to: Normalize the payload to FHIR Add security metadata to the message Order Service (OS) –A CDS service creates an order using OS –OS invokes VistA’s order fulfillment system Unified Communication Service (UCS) –A CDS service issues three alert to the UCS carrying forward all security metadata –The CDS service places a call to the physician’s work phone via UCS –Should the clinician not answer the voice call the CDS service reformats and escalates the message to SMS –The UCS delivers the alerts via the portal adapter Use Cases

The updated scenario Demonstrates a powerful and extensible UCS API Illustrates how UCS can provide more timely and proactive notification Showcases and validates new services in a live lab environment –HL7 Security Labeling Service and the need for enforceable, fine-gained access control of healthcare information –Mike Davis and the VA’s contributions to the HL7 Security Working Group Illustrates how our three new services can be integrated with, and enhanced by, the Security Labeling Service to provide sophisticated functionality 14

Technical Highlights

Mirth > Publication Interface > Publication Interface EPS CDS > PSSubscription Interface > PSSubscription Interface > Publication Intervention FHIR Normalization Security Labeling > Publication Intervention FHIR Normalization Security Labeling Reference Implementation VA Integration Points Security Labeling Health Care Classification Service if(observation.name IN {…}) …

17 <category scheme=" term=" label=”Restricted"/> Security Labeling – Leverages FHIR Tags

CDS > Client Interface > Client Interface UCS Portal > UCS Alerting > UCS Alerting Reference Implementation VA Integration Points Security Policy Enforcement Rule-based Security Policy Enforcement Endpoint Input 1.User type: MD/Allopath 2.Purpose of use: Treat 3.Patient information via FHIR resource PeP 1.Parses security labels 2.Evaluates data against patient consent directives and org policy Output 1.Denied or Permitted 2.Displays only if ‘Permitted’

19 Escalation CDS UCS TTV Adapter TTV Adapter Text-to-Voice Message type sent to UCS Routed to Text-to-Voice Adapter CDS UCS Exception forwarded back to caller No response to call triggers timeout exception via UCS Client Interface CDS UCS SMS Adapter SMS Adapter SMS Message type sent to UCS Routed to SMS Adapter Telecom Device Telecom Device Invokes VoIP TTV Service Invokes SMS Service

Next Steps 20

DSTU Ballot in Sept 2014 (DSTU Ballot Material Published) OMG presentation after Sept WGM (TBD) OMG RFP (TBD) Proposal selection and standards definition phase (TBD) OMG ratification (TBD) 21 Service Specification Plan

The three Service Functional Models and their reference implementations showcase the functional utility of the services, especially for patient care coordination activities across organizational boundaries Important in developing service functional requirements, APIs, and how they fit into the security and privacy fabric of healthcare. Also raise provocative questions for Clinical Decision Support: –As data flows through the information system infrastructure, when and where should security and policy enforcement occur? –Should a CDS system ever evaluate data that a patient might restrict by consent directives evaluate that data at all? –Is the typical SAML / XCAML policy approach a scalable solution for building fine-grained access control systems The CDS Evaluation Lab provides a unique opportunity to better understand the functional, technical, and medical-legal implications of applying technology to healthcare 22 Closing Remarks

Context Slides From May 2014 Demonstration 23

A lab order is placed using CPRS Lab test results entered using scroll-n-roll VistA pushes lab results to Mirth via its HL7 Streaming Package as an HL7 V2 message Triggering the Event Chain

Mirth > Publication Interface > Publication Interface EPS CDS > PSSubscription Interface > PSSubscription Interface > Publication Intervention > Publication Intervention Reference Implementation VA Integration Points

CDS > Order Management > Order Management Order Service VistA (via Cache) VistA (via Cache) > Fulfillment > Fulfillment Reference Implementation VA Integration Points

CDS > Client Interface > Client Interface UCS Portal > UCS Alerting > UCS Alerting Reference Implementation VA Integration Points

Physician view alert in inbox Physician signs the order in CPRS Human Intervention via the Universal Portal/CPRS

Reference Service Implementation Overview

Improve the quality of patient care Lower cost of care Deliver higher patient/provider satisfaction 30 Why SOA Services

Brokered service Topic-based Decouples interface between providers and consumers of new clinical content Notification vs Polling Content Intervention Content brokering (e.g., deferred content delivery, content negotiation) Not a query interface to a data repository 31 Event Publish and Subscribe Service (EPS)

Common interface providing common governance and orchestration of orders and order-related artifacts. Covers the creation, update, monitoring, metadata discovery, and deletion of orders and related order components Catalog management services provide similar services for order items and order sets Provides facilities for order fulfillment and fulfillment updates 32 Order Service (OS)

33 Example Deployment

Brokered communication service Decouples sender from receiver Supports the notion of a ‘conversation’ Standardized interface for message-based notifications Bi-directional communication Dynamic routing and escalation Supports multiple modalities through the use of ‘adapters’ Supports multiple message transport protocols 34 Unified Communication Service (UCS)