Accelerating and Sustaining EHR Innovations Seong K. Mun, PhD President and CEO OSEHRA Wednesday, May 7, 2014 Innovation and Ecosystem “Why great innovations fail: It's all in the Ecosystem” Forbes-2012 The Wide Lens: A New Strategy for Innovation By Ron Adner of Dartmouth JASON Report* “EHRs should not be things that one buys, but rather things that evolve through cultural change aided by technology” *A Robust Health Data Infrastructure JASON Report: November 2013 2 Open Source EHR Ecosystem Community Software Governance 3 Innovation Strategy is Organic to OS Operations Community Governance Software “Greatness on your part is not enough. • You are no longer an autonomous innovator. • You are now an actor within a broader innovation ecosystem. • Success in a connected world requires that you manage your dependence. • But before you can manage your dependence, you need to see it and understand it. ” The Wide Lens: A New Strategy for Innovation By Ron Adner of Dartmouth 4 VistA Innovation Areas I. II. III. IV. V. VI. Managing Vulnerability Scheduling Contest Managing Code Product Management & Tools Code Transparency Sustained Innovation 5 I: Managing Vulnerability • M2M Broker Vulnerability discovered by Georgia Tech grad student Doug Mackey on 7/31 • Work under NDA – VA, IHS – DSS, Medsphere, iCare, Oroville • • • • NDA lifted Mid-October Coordination with VA for release Code Convergence Effort Eventual FOIA Release 6 Two Security Models OPEN SOURCE PROPRIETARY TRUST US Complete Control of Implementation Partial Control of Implementation Open source operating systems such as Android & Linux offer the ability to implement security policies down to the kernel level. 7 II: VA MASS* Scheduling Contest • Goals: – Knowledge Gathering exercise – Risk reduction for future RFP and Acquisition • Overview: Two Phases – Phase 1: Evaluate level of integration and compatibility with open source VistA. – Phase 2: Evaluate broad features and functionalities *Medical Appointment Scheduling System 8 Contest Implementation • America Competes Act • Identify Solutions to Replace Medical Scheduling Package – Possibly with Open Source • OSEHRA Tested Submissions for VistA Interoperability and Open Source Content • 3 Winners • Future Activity – Under Discussion 9 VistA Evolution VA701-14-I-0147 SOURCES SOUGHT Office of Health Informatics and Analytics (OIA) VistA Evolution Program (VEP) Challenges with Competition and Prizes 10 Ecosystem Open and Proprietary OS Products Open Community Activities Proprietary Products 11 III: Managing Code • Managed – – – • Code subject to formal review/certification Changes reviewed and subject to configuration management Examples: FOIA VistA, OSEHRA VistA Hosted – – – – Code placed into repository by community Storage and retrieval only Could be certified Could be incorporated into managed code base 12 Managed Code Submission Path Dashboard Forum Community Notification Instrumented VistA Instance Managed Code Submission Gerrit Review Approval VistA Patch Repositor y Mirrors M i r r o r s Automated Tool New Code Submission OSEHRA Technical Journal Github Github and Gitorious FOIA VistA Reference Instance VistA-M Repository OSEHRA VistA Reference Instance 13 Open Source Software Repositories OSEHRA Repositories Tools Generic Repositories 14 Open Source Software Quality Certification • Improves/ensures the quality of Open Source code • Critical to making code reusable for code intake by the community • NOT a replacement for acceptance, integration, or regression testing by new user organization 15 OSEHRA Certification Standard Usable: Appropriate licensing and documentation Safe: Individual code units do not cause errors in other components of the system and the code is robust to all code paths and conditions Compliant: Code meets agreed upon interface specifications and code conventions, and complies with all applicable laws and regulations Functional: Code has a defined set of requirements that are met when the code executes Maintainable: Integral unit tests are provided to facilitate regression testing 16 Certification Levels Level 1 Name/ Number Space Dependency / SAC Open Source License Documentation Code Review Test Installation Regression Testing Functional Testing Pass Pass Apache 2 None Large # Noncritical Issues Large # Noncritical Issues Existing Tests Pass Large # Noncritical Issues Small # Noncritical Issues Existing + Some R. Tests Small # Noncritical Issues No Issues Existing + >= 50% Coverage No Issues No Issues Existing + >= 90% Coverage No Issues Level 2 Pass Pass Apache 2 Basic Small # Noncritical Issues Level 3 Pass Pass Apache 2 Substantial No Issues Level 4 Pass Pass Apache 2 All Required No Issues • Level 1 is reserved for VistA legacy code. • Levels 2-4 are growing certification compliance. • For new code developed under VA contracts, OESHRA recommends a minimum certification level of Level 3. 17 IV: Product Management & Tools VIVIAN Visualizing VistA and Name Space 18 Root view from VIVIAN “Collapse All” option. Clicking the “VistA” button expands the tree... 19 ...Now we see several categories of capabilities. (We can scroll down to view the ones that aren’t now visible.) We’ll select “Provider Services”... 20 ...and that subtree comes into view. Now we select “Order & Results Management”... 21 ...now we see the Order & Results Management capabilities. 22 When we click on “Order Entry Results Reporting”... 23 We see the namespaces of the M routines and globals that the package uses. (The leading exclamation points designate partial namespaces that are excluded.) 24 A “Dependencies & Code View” hyperlink lets us see lists of dependencies, globals, Fileman files and M routines... 25 The Dependencies window includes a hyperlink to package documentation in the Vista Documentation Library. 26 When we scroll further down the Dependencies window, we see a list of routines. Order Entry Results Reporting has over 1,000 routines! We can select a routine... 27 ...to get a screen of routine information and dependencies. A “Source Code” hyperlink can be clicked... 28 ...to get a view of the M source code. 29 Back on the modal window, an Interfaces frame contains hyperlinks to M APIs, Remote Procedure Calls, Web Service APIs, and HL7 messages. 30 The M API link lets us see all of the entry points in M code that have been documented for database integration agreements. 31 Here we see the routine names, tags, and additional descriptive information that is displayed for M-language application programmer interfaces. 32 We can click a hyperlink to see all of the remote procedure calls that the package provides through the VistA RPC Broker. 33 The Remote Procedure Call view shows RPC names, tags, routines, and availability within the VA Enterprise. 34 Another hyperlink lets us see all the package’s web services that can be invoked through VA’s MDWS (Medical Domain Web Services). 35 The Web Services view lists web service names, facades, parameter and descriptive information. We can select a web service... 36 ...to get descriptions and sample syntax for all the operations that the web service supports. 37 The last hyperlink in the modal window’s “Interfaces” frame lets us get a list of supported HL7 Version 2 messages. 38 V: Code Transparency 39 ADOPT • Leverage Previous Investment ADAPT • Re- Purpose • Re-Architect INNOVATE • New Solutions • Continuous Innovation ACCELERATE ACCELERATE Transparency Enables Innovation Community Actors 40 OSEHRA Today • • • • • 2,400+ Individual Members around the Globe 13 Corporate Members, 3 Collaborative Partners Approximately 15 staff members Headquartered in Arlington, Virginia Annual Budget: App. $5 Million 41 VistA is Deployed World-Wide 42 Working Group Roster Group Name Type Group Name Type Academic Affiliates Work Group Interoperability Work Group Architecture Work Group M2M Code Intake Open Source Project Group Certification Work Group MDWS Open Source Project Group Code Convergence Work Group Open AHLTA Project Group Open Source Project Group Development Tools Discussion Group Patient-Centered Care Work Group Education Work Group Product Management Open Source Project Group Fileman and Lab Agile Project (FLAP) Open Source Project Group Reminders VA Work Group Forum Open Source Project Group VistA Dialects Work Group Genomics Open Source Project Group VistA Evolution CITE Discussion Group Imaging Work Group VistA Novo Open Source Project Group Immunization Open Source Project Group Visualization Open Source Project Group 43 Sustaining Innovation Key Issues OS Approach I. Vulnerability • Security during collaboration • Temporary security via NDA until patch available II. Contest: Scheduling • Evaluation Criteria • • • Collaborative definition of OS code quality Requirement for Open APIs III. Managing Code • • • Adapt/Adopt Contribution Licensing • Certification Standard VI. Product Management • Architecture • • Open APIs Governance V. Code Transparency • • Finding code Sharing code and interfaces • Communication and Collaboration Maximum exposure to submitted code OS Licensing • • 44 State of Open Source • Industry Feeling Limits in Closed Code – Apple vs Dominance of Android – Closed Systems Embracing OS Methods – Spectacular Success of Netflix • Main Challenges Today – Ownership vs. Sharing – Control vs. Open Innovation – Community Management 45 Where do we stand among our peers? Foundation Weak Copyleft Linux Kernel Openstack Firefox NonCopyleft The Apache Foundation GENIVI Eclipse Permissive License Strong Copyleft The OSEHRA Android Ad Hoc Opinion Leaders Single Moderator CommitteeBased Commercial Support Governance Model (how contributions are managed and accepted) - Courtesy of MARK RADCLIFF Members Only Closed WHO DECIDES? 46 Open Global Collaboration Total Transparency in Software www.osehra.org 47