Akos Ledeczi
Citation
Akos Ledeczi. "Model-Based Design Environment for Clinical Information Systems". Talk or presentation, 10, October, 2007.
Abstract
Many health-care organizations have migrated from paper-based to Electronic Medical Records (EMR), which have been shown to increase both staff productivity and patient safety. Expanding on the success of EMRs, Clinical Information Systems (CIS) incorporate a wide range of the informational and organizational components of the health-care environment.rnrnLocal and federal regulations concerning the management of patient information present challenges for CIS design and implementation. The Health Insurance Portability and Accountability Act (HIPAA) specifically grants patients the right to access their medical records and requires healthcare organizations to provide security protection for protected health information. Patient Portals are one method to provide patients with a simple method to access their medical records, disclosures, and audits. Designing such a system optimally to protect patient confidentiality and respect health-care providers’ rights is an open problem.rnrnWe begin to address this challenge by casting patient portals, a key portion of CIS, onto a Service-Oriented Architecture (SOA). We developed a domain-specific modeling environment called Model-based Design Environment for Clinical Information Systems (MODECIS) with which we create formal models of healthcare services and features for detailed analysis. Our initial research with MODECIS successfully demonstrates that patient portals can be modeled as SOA. The development of critical modeling abstractions adds the feature of scalability to our tool. Although MODECIS is a work-in-progress, it has been used to create high-fidelity models of the MyHealth@Vanderbilt patient portal.rnrnSOA has been previously proposed for the design of formally-composed CIS environments; however, current implementations are limited by the fact they do not model patient-provider interactions. In this paper, we show how SOA can be applied to a specific patient-associated environment. We propose to use the web service standards defined by OASIS, which includes the Business Process Execution Language (BPEL) for web service orchestration and the Extensible Access Control Markup Language (XACML) for policy representation.rnrnWorkflows provide a representation of the manner by which data is accessed, handled, and shared. Without formal representations of daily business processes and their interrelationships within the healthcare environment, it is not clearly evident why a patient's medical record is accessed or how the interactions between patient and provider are managed. Both underspecified and ad hoc workflow design can lead to malformed policies with unanticipated consequences, and even seemingly routine business processes can lead to serious privacy compromises when taken in combination. Taking this into account, formal workflow models are a starting point for the development and analysis of policy-driven operations supporting privacy and security.rnrnThis inspired the creation of the building of our tool suite, MODECIS, where the formal basis of our approach allows for the extension, reuse, and evolution of clinical information system. MODECIS has three main components: a) a graphical design environment for capturing the business logic of CIS through workflows, b) an analysis tool, which allows for the analysis of information flows and the exploration of security and privacy properties of a CIS system modeled with the graphical design environment, and finally c) a model translator that maps the CIS-specific workflows to BPEL, WSDL and XACML. By translating the domain models onto these SOA standards, the underlying alternative implementations of SOA platforms for the standards become applicable. This radically simplifies the fast prototyping, integration and testing tasks.rnrnBy capturing the appropriate level of abstraction, it is possible to satisfy utility, security, and policy requirements for CIS. In MODECIS, workflows provide us with this abstraction layer, which is suitable for patient-centered clinical information representation and management. It will allow us to perform vulnerability, security and privacy analyses through model verification and simulation-based testing tools. Additionally, model-based design provides the tools for automated system generation directly from the models.rnrnAt the heart of our approach, the domain-specific modeling language captures the system from multiple aspects. The workflow models can be thought of as a graphical equivalent of a simplified BPEL representation. They capture the orchestration logic with graphs that describe control, which specify the sequence of service invocations and data flows that represent the movement of information within a CIS system. One aspect allows for the orchestration of control flows that are defined as a composition of service invocations – which can either be asynchronous or synchronous – and the typical control structures – such as switch, join, while, and catch – which allows for the definition of arbitrary workflow logic. Anotherr aspect of workflow modeling describes the flow of data elements: how these elements are exchanged, processed and stored between and within various processes. This way each workflow model can be thought of as an available service with well-defined interfaces. Since the workflow models only describe how data elements are used, we have created the view for building datatype models making the language to be strongly typed.rnrnWorkflows in general allow system architects to follow the information traveling between entities and can represent diverse entities interacting with the system, such as physical databases or people. For this reason MODECIS incorporates two more types of models for the integration of workflows with the underlying architectures and physical entities. This means that a complex, explicitly represented social and technical architecture can be constructed that the services build on.rnrnThe creation of organizational models allows for the human coordination within CIS. These models are used to specify the architecture of the enterprise itself, such as the roles of different people. Organizational models reflect inter- and intradepartmental interactions, as well as people’s roles within departments specifying tasks and groups to whom these tasks are assigned to. This enables the specification of policies to facilitate role-based access control, for example.rnrnWhile organizational models relate human-based workflow (i.e. workflows that describe expected behavior of and tasks preformed by the human players in CIS), deployment models specify the organization of computer servers, their conjunctive networks and interface with workflows in a similar manner to organizational models. They are often referred to as the network architecture (ex: they depict hospital servers and workstations along with the services they provide).rnrnThe final abstraction captures policy statements that crosscut workflow, organizational and deployment models. They place restrictions on accessing certain services and information.rnrnMODECIS includes a model translator capable of mapping domain-specific models to executable BPEL code. Despite its wide acceptance, BPEL provides no support for the detection of a) possible deadlocks or b) process paths that are not viable. MODECIS plans to capitalize on existing technologies, such as Petri Nets, the SPIN model checker, Process Algebras, and Abstract State Machines, for (BPEL) model verification to identify such erroneous workflows.rnrnAs a final system-integration step to guarantee correct flow of logic captured by the domain models, the tool suite interfaces with an execution engine, which manages the multiple instances of workflows after deployment. Specifically, the engine organizes and executes the services required by the CIS entities (e.g., a patient, primary care provider, and patient portal) and enforces policies.rnrnThe MODECIS tool suite provides a domain-specific, graphical design environment for precisely describing organizational, deployment, service, and data models in relation to patient portals. Through our collaboration with the Vanderbilt University Medical Center (VUMC), we were able to create a modeling language capable of representing a functional patient portal. The VUMC group was also able to confirm the expressiveness and correctness of our patient portal workflow models, which we have begun to deploy on the Oracle BPEL execution engine.rnrnAlthough MODECIS is a work-in-progress, models created with the tool suite serve as formal system specifications that can be mapped onto various SOA execution platforms for simulation. Consistency and wellformedness checking is already supported by MODECIS; support for policy verification and vulnerability and security analysis of the models is our next step, which will be supported through the use of existing analysis tools.rnrnMODECIS provides a scalable tool to evaluate design decisions and system changes before deploying costly healthcare infrastructure. The creation of patient portal models and simulations is one step toward designing robust CIS that are able to take into account the diverse privacy and security concerns of stakeholders.
Electronic downloads
Internal. This publication has been marked by the author for TRUST-only distribution, so electronic downloads are not available without logging in.
| Citation formats |
- HTML
Akos Ledeczi. <a href="http://www.truststc.org/pubs/295.html" ><i>Model-Based Design Environment for Clinical Information Systems</i></a>, Talk or presentation, 10, October, 2007.
- Plain text
Akos Ledeczi. "Model-Based Design Environment for Clinical Information Systems". Talk or presentation, 10, October, 2007.
- BibTeX
@presentation{Ledeczi07_ModelBasedDesignEnvironmentForClinicalInformationSystems, author = {Akos Ledeczi}, title = {Model-Based Design Environment for Clinical Information Systems}, day = {10}, month = {October}, year = {2007}, abstract = {Many health-care organizations have migrated from paper-based to Electronic Medical Records (EMR), which have been shown to increase both staff productivity and patient safety. Expanding on the success of EMRs, Clinical Information Systems (CIS) incorporate a wide range of the informational and organizational components of the health-care environment.rnrnLocal and federal regulations concerning the management of patient information present challenges for CIS design and implementation. The Health Insurance Portability and Accountability Act (HIPAA) specifically grants patients the right to access their medical records and requires healthcare organizations to provide security protection for protected health information. Patient Portals are one method to provide patients with a simple method to access their medical records, disclosures, and audits. Designing such a system optimally to protect patient confidentiality and respect health-care providers’ rights is an open problem.rnrnWe begin to address this challenge by casting patient portals, a key portion of CIS, onto a Service-Oriented Architecture (SOA). We developed a domain-specific modeling environment called Model-based Design Environment for Clinical Information Systems (MODECIS) with which we create formal models of healthcare services and features for detailed analysis. Our initial research with MODECIS successfully demonstrates that patient portals can be modeled as SOA. The development of critical modeling abstractions adds the feature of scalability to our tool. Although MODECIS is a work-in-progress, it has been used to create high-fidelity models of the MyHealth@Vanderbilt patient portal.rnrnSOA has been previously proposed for the design of formally-composed CIS environments; however, current implementations are limited by the fact they do not model patient-provider interactions. In this paper, we show how SOA can be applied to a specific patient-associated environment. We propose to use the web service standards defined by OASIS, which includes the Business Process Execution Language (BPEL) for web service orchestration and the Extensible Access Control Markup Language (XACML) for policy representation.rnrnWorkflows provide a representation of the manner by which data is accessed, handled, and shared. Without formal representations of daily business processes and their interrelationships within the healthcare environment, it is not clearly evident why a patient's medical record is accessed or how the interactions between patient and provider are managed. Both underspecified and ad hoc workflow design can lead to malformed policies with unanticipated consequences, and even seemingly routine business processes can lead to serious privacy compromises when taken in combination. Taking this into account, formal workflow models are a starting point for the development and analysis of policy-driven operations supporting privacy and security.rnrnThis inspired the creation of the building of our tool suite, MODECIS, where the formal basis of our approach allows for the extension, reuse, and evolution of clinical information system. MODECIS has three main components: a) a graphical design environment for capturing the business logic of CIS through workflows, b) an analysis tool, which allows for the analysis of information flows and the exploration of security and privacy properties of a CIS system modeled with the graphical design environment, and finally c) a model translator that maps the CIS-specific workflows to BPEL, WSDL and XACML. By translating the domain models onto these SOA standards, the underlying alternative implementations of SOA platforms for the standards become applicable. This radically simplifies the fast prototyping, integration and testing tasks.rnrnBy capturing the appropriate level of abstraction, it is possible to satisfy utility, security, and policy requirements for CIS. In MODECIS, workflows provide us with this abstraction layer, which is suitable for patient-centered clinical information representation and management. It will allow us to perform vulnerability, security and privacy analyses through model verification and simulation-based testing tools. Additionally, model-based design provides the tools for automated system generation directly from the models.rnrnAt the heart of our approach, the domain-specific modeling language captures the system from multiple aspects. The workflow models can be thought of as a graphical equivalent of a simplified BPEL representation. They capture the orchestration logic with graphs that describe control, which specify the sequence of service invocations and data flows that represent the movement of information within a CIS system. One aspect allows for the orchestration of control flows that are defined as a composition of service invocations – which can either be asynchronous or synchronous – and the typical control structures – such as switch, join, while, and catch – which allows for the definition of arbitrary workflow logic. Anotherr aspect of workflow modeling describes the flow of data elements: how these elements are exchanged, processed and stored between and within various processes. This way each workflow model can be thought of as an available service with well-defined interfaces. Since the workflow models only describe how data elements are used, we have created the view for building datatype models making the language to be strongly typed.rnrnWorkflows in general allow system architects to follow the information traveling between entities and can represent diverse entities interacting with the system, such as physical databases or people. For this reason MODECIS incorporates two more types of models for the integration of workflows with the underlying architectures and physical entities. This means that a complex, explicitly represented social and technical architecture can be constructed that the services build on.rnrnThe creation of organizational models allows for the human coordination within CIS. These models are used to specify the architecture of the enterprise itself, such as the roles of different people. Organizational models reflect inter- and intradepartmental interactions, as well as people’s roles within departments specifying tasks and groups to whom these tasks are assigned to. This enables the specification of policies to facilitate role-based access control, for example.rnrnWhile organizational models relate human-based workflow (i.e. workflows that describe expected behavior of and tasks preformed by the human players in CIS), deployment models specify the organization of computer servers, their conjunctive networks and interface with workflows in a similar manner to organizational models. They are often referred to as the network architecture (ex: they depict hospital servers and workstations along with the services they provide).rnrnThe final abstraction captures policy statements that crosscut workflow, organizational and deployment models. They place restrictions on accessing certain services and information.rnrnMODECIS includes a model translator capable of mapping domain-specific models to executable BPEL code. Despite its wide acceptance, BPEL provides no support for the detection of a) possible deadlocks or b) process paths that are not viable. MODECIS plans to capitalize on existing technologies, such as Petri Nets, the SPIN model checker, Process Algebras, and Abstract State Machines, for (BPEL) model verification to identify such erroneous workflows.rnrnAs a final system-integration step to guarantee correct flow of logic captured by the domain models, the tool suite interfaces with an execution engine, which manages the multiple instances of workflows after deployment. Specifically, the engine organizes and executes the services required by the CIS entities (e.g., a patient, primary care provider, and patient portal) and enforces policies.rnrnThe MODECIS tool suite provides a domain-specific, graphical design environment for precisely describing organizational, deployment, service, and data models in relation to patient portals. Through our collaboration with the Vanderbilt University Medical Center (VUMC), we were able to create a modeling language capable of representing a functional patient portal. The VUMC group was also able to confirm the expressiveness and correctness of our patient portal workflow models, which we have begun to deploy on the Oracle BPEL execution engine.rnrnAlthough MODECIS is a work-in-progress, models created with the tool suite serve as formal system specifications that can be mapped onto various SOA execution platforms for simulation. Consistency and wellformedness checking is already supported by MODECIS; support for policy verification and vulnerability and security analysis of the models is our next step, which will be supported through the use of existing analysis tools.rnrnMODECIS provides a scalable tool to evaluate design decisions and system changes before deploying costly healthcare infrastructure. The creation of patient portal models and simulations is one step toward designing robust CIS that are able to take into account the diverse privacy and security concerns of stakeholders.}, URL = {http://www.truststc.org/pubs/295.html} }
Posted by Larry Rohrbough on 16 Oct 2007.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.