Public Trust in Health Information: Foundational Principles for Dependable Systems

1
Public Trust in Health Information
Foundational Principles for Dependable Systems

• Dixie B. Baker, Ph.D.
• Vice President for Technology
• CTO, Enterprise and Infrastructure Solutions
  Group
• Presented by Kathleen A. McCormick, Ph.D.
• Senior Scientist/Vice President SAIC, Health
  Solutions

2
Realization of the Vision Brings Risk
Time
RISK

• Stage 3 The Digital Doctor
• Patient ownership of record
• Integrated EMR available anywhere, exchangable
  across caregivers, minable for syndromic
  surveillance
• Integrated, individualized decision support
• Data exchanged over shared, public networks
  (Internet)

• Stage 2 The Bewildered Doctor
• System of systems through the miracle of
  integration engines
• Electronic clinical data
• Electronic administrative transactions with
  trading partners
• General-use decision-making tools (e.g.,
  drug-drug interactions)

eHealth Realization of NHIN

• Stage 1 The Family Doctor
• Minimal use of IT in clinical care
• Departmental systems
• Private networks
• Decision making as an art

IT Dependency and Value
3
Confronting Risk Assuring Public Trust
As provider organizations increase their
dependence on information technology in the
delivery of clinical care, DEPENDABILITY becomes
essential for business success, quality care, and
patient safety!

• System reliability
• Service availability
• Information confidentiality
• Data integrity
• Software safety

4
5 Guidelines for Dependability

• 1. Architect for dependability.
• Architect enterprise systems from the bottom up
  so that no critical component is dependent upon a
  component less trustworthy than itself.
• Minimize complexity the simplest design and
  integration strategy will be the most
  understandable, maintainable, and recoverable.
• Avoid/eliminate single-point failures
  distributed architectures can tolerate failure
  more easily than large, centralized systems.
• Incorporate redundancy fail-over for critical
  components.
• Implement security in depth to protect sensitive
  information from unauthorized disclosure,
  critical data from corruption and destruction,
  and essential services from interruption.

5
Dependability Requires Architectural Assurance

• Confidence that enterprise systems will
• Deliver services as described in functional
  specification
• Not exhibit behaviors that are unexpected,
  malicious, or harmful and
• Be available when they are needed.

6
Dependable Architectures Recognize Dependencies
7
5 Guidelines for Dependability

• 2. Expect failures.
• Implement application-transparent features to
  detect faults, failover to redundant components,
  and recover from infrastructure failures.
• Implement application-specific features to handle
  exceptions in software execution.
• Implement features to detect, recover from, and
  survive malicious attacks while preserving system
  stability and security.
• Design and build safety-critical systems to fail
  in a safe state.
• 3. Expect success.
• Plan for scalability.
• Plan for integration with other systems.
• Model use-case scenarios and associated data
  flows, system loading, and network impact.

8
5 Guidelines for Dependability

• 4. Hire meticulous managers (with just a touch of
  paranoia) to manage your systems and networks.
• Use middleware to manage workload.
• Use out-of-band tools to monitor and manage
  system and network performance.
• Develop and execute plans and procedures for
  managing emergencies and recovering from
  disasters.
• 5. Dont be adventurous.
• Use proven methods, tools, technologies, and
  products that have been in production, under
  conditions and at a scale similar to yours.
• Dont be the first (or second) to adopt a new
  technology.

9
Contact Information
10
Local Health Solutions

• Kathleen A. McCormick, Ph.D.
• Senior Scientist/Vice President
• SAIC Health Solutions
• Falls Church, VA and Rockville, MD
• 703 575-7209
• Kathleen.a.mccormick_at_saic.com