eCare Technical Workshop

1
eCare Technical Workshop

• Inverness
• 23rd November 2005

2
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

3
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

4
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

5
Agency Systems are MIS applications within the
varying agencies that perform client/patient/perso
n processing functions
An Adaptor is a software component that enables
communications between agency systems and the
eCare Framework the Adaptor can be a logical
software component built into an agency system or
on a separate physical machine
eCare Safe Haven or DMZ is a secure perimeter
network that connects the Agency networks with
the network in which the eCare Frameworks
hardware is located.
The Messaging Service provides Agency
Applications with an interface to the eCare
Framework
The Multi Agency Store is the repository used to
store consented data for the purpose of
information being shared between different
agencies
6
Indexing Matching

• Systems must have a person record prior to
  sharing or viewing of data in the MAS
• Systems must create an index entry in the MAS
  from a matching solution employing a national
  process as per the eCare Matching Overview
  strategy document
• eCare maintains a multi-agency index of all
  connected systems person reference numbers
  systems have no access to this index which
  contains no shared data
• Systems must have an index entry to receive MAS
  notifications
• This index permits systems to view data
  regardless of consent or disclosure authority.
  The ability to lock a person record in the MAS
  from viewing is a separate and currently
  unrelated function.

7
Consent Disclosure Authority

• Conditions for data sharing are
• Either the Subject (or a proxy for the Subject)
  has given informed consent to the sharing of data
  or a competent professional within the disclosing
  agency has taken a considered decision to
  override the absence of consent and
• It is necessary and relevant to share the data.

8
Consent

• Consent is collected once per person in the MAS
• A subset of data is stored
• A full history of changes is maintained
• All systems with an index entry are notified when
  the status changes
• Does not physically enable data sharing

9
consent process (cross-partnership)
MAS notifies each system with an Index entry that
consent has changed
MAS maintains a history of all consent
10
Disclosure Authority

• Authority is stored once per system per person in
  the MAS
• A full history of changes is maintained
• All systems with an index entry are notified when
  the status changes
• Physically enables data sharing no system can
  send data to the MAS without authority
• Does not restrict viewing data from the MAS all
  systems with an index entry can retrieve data

11
disclosure process
MAS notifies system admin thatauthority has
changed
MAS maintains a history of all authority
12
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

13
What is the eCare Framework
Agency
Agency Application
NHS
Auto Matcher
eCare DMZ
Messaging Services
Adaptor
Matching Services
Manual Matcher
Matching
MAS
CHI Services
14
What are web services

• Standards based
• Simple Object Access Protocol 1.1 (SOAP)
• Web Service Definition Language (WSDL)

15
Security

• Encryption
• SSL Encryption
• Authentication
• WS-Security (Username Token)
• Authorisation
• WS-Security / Policy

16
WS-Security

• Oasis standard
• Supported by
• IBM
• Microsoft (WSE)
• Sun
• Oracle
• Bea
• Message level security
• http//docs.oasis-open.org/wss/2004/01/oasis-20040
  1-wss-soap-message-security-1.0.pdf

17
Services Documentation Set

• Messaging Integration Guide
• Messaging Admin Guide
• Matching Integration Guide
• Matching Admin Guide
• Viewer Tool Guide
• Other National Documentation Set.

18
Application Design Decisions

• Interoperability
• Service Granularity
• Authentication and Authorisation
• Data Changes
• Unique Message Requests
• Error Feedback

19
Interoperability

• Apply best practise
• Validate against WS-I Basic Profile

WS-I is an open industry organisation chartered
to promote Web services interoperability across
platforms, operating systems, and programming
languages.
20
Service Granularity

• Document Message Pattern
• Coarse grained messages
• Simplify message sequencing
• Reduce network performance overhead
• Simplify transaction management

21
Service Granularity

• Standard message formats

22
Authentication Authorisation

• Authenticate host application not user
• Implemented through WS-Security
• Support Role based authorisation (Policy)

23
Unique Message Request

• All messages must include a unique identifier
• Validated on every service request

24
Error Feedback

• Soap Fault
• Client Details XML formatted error messages
  codes
• ClientUtilities DLL (for .Net)

25
Web Services Supported

• Focuses on
• Core Demographics
• Disclosure Authority
• Matching
• Processes
• Events
• Status Episodes

26
Agency Boundary
1. New Service User
MatchingProcess
Host Application
2. Poll for new service users
Adaptor
8. Match Notification
3. New Match Request
eCare DMZ
NHS Boundary
Messaging
Manual Matcher
CHI
4. Store Request
Matching
MAS
7. Index Created
Auto Matcher
6. Search CHI
5. Attempt Match
27
Web Services Supported

• Matching Service
• NewMatchRequest
• Index Service
• IsMatched
• Not AddIndex etc.

28
Matching Process
New Match Request
MAS
Adaptor
Match Request
Create Index
Get Pending Match Request
Matching Tool
Matching DB
Successful Match
29
Web Services Supported

• Notifications Service
• GetNotifications
• AcknowledgeNotifications

30
Matching Process
Index Created
New Match Request
MAS
Adaptor
Get Notifications
Acknowledge Notifications
31
Matching Demo

• Automatic Matcher
• Manual Matcher
• CHI Simulator

32
Data Sharing
Agency Boundary
Host Application
1. Service User Interaction
5. View Shared Data
Adaptor
Adaptor monitors Changes
Viewer
2. Store Disclosure Authorisation
3. Store Service User Data
4. Other Agencies Share Data
eCare DMZ
Messaging
MAS
33
Web Services Supported

• Disclosure Service
• StoreDisclosureAuthority
• StorePartnershipConsent
• Person Service (Person, Associate Professional)
• StorePerson
• Must be matched first
• CurrentData
• GetPerson
• Current Data Only
• GetPersonByMasId
• Person Status

34
Web Services Supported

• Organisation Service
• StoreOrganisation
• GetOrganisation
• StatusEpisode Service
• StoreStatusEpisode
• GetStatusEpisodeForSubject
• GetStatusEpisode
• Process Service
• StoreProcess
• GetProcessesForSubject
• GetProcess
• Event Service
• StoreEvent
• GetEventsForSubject
• GetEvent

35
Web Services Supported

• Viewer Service
• GetPersonView
• GetPersonViewXML

36
Extensions

• Supported by
• Processes
• Events
• Status Episodes
• Allows custom data to be stored
• E.g. Referral Process
• Reason
• Received Date
• ConcernFactorCV

37
Viewer

• What is the Viewer and what can you do?
• Access MAS Data
• No searching
• Embed in web page
• .Net User Control (Web Page)
• No inherent authentication / authorisation

38

• Web Service / Embedded Viewer Demo

39
Viewer Usage

• ASP.Net page
• Parameterised reference data
• Access Rights tab visibility
• Configurable Tabs text / CSS

40

• Version 0.7 Viewer Demo

41
eCart Demo
42
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

43
Forms Web Services

• Two Phases
• 0.7 Store and Retrieve Completed Form
• 0.8(?) Retrieve full Form definition

44
Storing a Form

• Form Definition must exist in MAS (Excel Tool)
• Forms belong to a process
• Agencies can collaborate on a single form
• Pessimistic locking is implemented
• Form updates do not overwrite old forms
  (FormState)

45
Storing a Form

• New Form
• Execute StoreForm web service
• Update Form
• GetForm (with lock)
• StoreForm

46
Store Form
StoreProcess
eCare
System A
StoreForm (New)
Get Form (for edit)
Error!
Get Form (for edit)
Store Form
System B
47
Webservice Validation

• Question mapping based on Question Code
• Definitions validated e.g. CVs, Validation
  Types etc.
• Mandatory fields not validated change?
• Calculations not validated
• Locking validated

48
Entities

• Form (Form State)
• Form Sections (Multiple Occurrences)
• Form Question Grouping (Multiple Occurrences)
• Responses

49
Other Forms Services

• GetFormsForProcess
• GetForm
• UnlockForm
• LinkFormToProcess

50
0.7 Enhancements

• Logical sorted results (e.g. Processes)
• Improved database indexing
• Support multiple Person Roles (single operation)
• Some new CVs
• Various Viewer improvements (cosmetic)
• Matching Simulator improvements

51
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

52
Conceptual Implementation
Optional Components
Only in Health
53
Agency Responsibilities

• Agency Applications (or eCART)
• eCare Viewer (Optional)
• Application Adaptors
• Matching Tools
• eCare Connectivity
• Security

54
Partnership Responsibilities

• eCare Safe Haven
• MAS Database
• Application Servers
• Secure Infrastructure
• Administration / Maintenance
• Disaster Recovery
• Resiliency

55
Technologies

• Microsoft Technology stack
• Windows 2003
• SQL Server 2000
• Microsoft .Net 1.1 Framework

56
The Options.

• Local Implementation
• Partnership jointly responsible for eCare Safe
  Haven implementation and on going support
• Managed Service
• Centrally managed eCare Safe Haven

57
Option 1 Local Hosting
58
Basic Connectivity
59
Servers
Small Scale Solution
Large Scale Solution
60
Security
61
Option 2 Hosted Service
62
Option 2 Hosted Service
63
Managed Service

• Re-use of infrastructure and associated costs
• Improved Scalability
• Improved Resiliency
• Disaster recovery capabilities
• Potentially higher service levels (24x7 support)
• Improved Security
• Risk Management
• Reduced learning curve
• Support staff training overheads
• Simplifies future national connectivity
• Partners focus on local integration issues

64
Local Implementation

• Locally controlled / Managed
• Minimises dependency on other partnerships

65
Connectivity Options

• Nick Blundell Cable Wireless
• James MacGregor Atos Origin

66
eCare presentation, Inverness 23-Nov-05

• Collaboration across GSX
• enabling shared eCare Service
• Using GSX for council access
• Using Closed-User Groups

CW Personnel Nick Blundell, Client
Manager 07795 254571 Nick.blundell_at_cw.com Paul
Hulme, Solutions Consultant 07715494995 Paul.hulme
_at_cw.com
67
Background
68
Existing Scottish Infrastructure
69
eCare collaboration in Scotland
70
Collaboration using the Critical National
Infrastructure

• ADVANTAGES
• Available immediately at no extra cost (except
  for new joiners or increases in bandwidth)
• Accredited by government to carry Restricted data
  (NHS Confidential)
• Many to many connectivity, not just eCare
• Closed user group is a community within the
  secure infrastructure with its own 51.63 IP
  schema
• All councils comply to best practise manual of
  protective security
• Working within centrally organised security
• Purchase off GSi Framework
• Allows voluntary sector to join

• DISADVANTAGES
• Singular cost comparison with point to point
  leaseline

71
Closed-User Group working over GSi

• GSi tariff CHARGES
• Establish CUG (reserve MPLS VPN)
• Setup 10,250 (one-off) payable by CUG
  owner/sponsor
• Attach each GSI/xGSI site to CUG
• Setup 2,050 per site (one-off) payable by
  connecting department
• Terminate CUG VPN on existing GSI/xGSI router
  (additional LAN interface)
• Install 971, Rental 1,025/annum payable by
  connecting department
• Connect non-GSi organisations to CUG
• Applicable circuit charge (install/rental)
  payable by CUG owner/sponsor

72
Closed-User Group working over GSi

• Security Assurance considerations
• CUGs are separate MPLS VPNs procured using the
  GSi framework
• The network infrastructure used for CUGs is the
  same as that used for GSI CESG Fast-track
  approved to EAL2 (Restricted)
• CUGs are outside the jurisdiction of NISCC
  effectively a private WAN
• GSI/xGSI organisations joining CUGs must ensure
  continued compliance with Code of Connection
• If non-GSi organisations are being connected by
  the CUG sponsor it is recommended that there are
  minimum security assurance standards mandated on
  the outside body.

73
NHSNet / N3

• Managed service to support NHSNet N3
• Provides Health Board connectivity
• National policy to migrate to N3
• N3 Higher bandwidth
• N3 not implemented everywhere (yet)
• No closed user groups (ISSG)
• SSL Encryption
• Initial investment connecting to N3

74
NHSNet / N3
75
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A

76
Agenda

• Introduction
• Architecture Overview Technical Context
• Current Release Features Demos
• Next Release Features
• Hosting Options
• Partner Perspective
• Q A