|By Gene Dragotta and Sachin Agarwal||
|January 13, 2014 01:15 PM EST||
Slide Deck from Gene Dragotta and Sachin Agarwal's Cloud Expo Presentation: A Peek into the Future of Mobile-Enabled Health Care
While unprecedented technological advances have been made in healthcare in areas such as genomics, digital imaging and Health Information Systems, access to this information has not been easy for both the healthcare provider and the patient themselves. Regulatory compliance and controls, information lock-in in proprietary Electronic Health Record systems and security concerns have made it difficult to share data across health care providers.
The opportunities inherent in mobile technology are dramatically changing the way healthcare business gets done. Healthcare provider professionals are adopting mobile devices and tablets as an alternative to desktops/laptops and using mobile applications to augment gaps in existing patient management system capabilities. Developing mobile applications for the healthcare industry has some unique challenges, particularly protecting your backend data services while making them available to mobile application frameworks and SDKs.
Mobile applications utilize messaging patterns similar to the client/server and AJAX patterns, however unlike desktop clients, mobile devices have to minimize client side processing to maximize battery life and also keep network chatter to a basic minimum. This is achieved by using RESTful APIs with machine-readable formats like JSON. The availability, reliability and performance of these API-based services are critical to the successful deployment and operating of your application. Now add some healthcare domain requirements (encryption, security, etc.,) to this environment and there is a lot of work to do in addition to the actual coding of your mobile application. An API management system will simplify exposing and consuming backend healthcare services through a variety of different channels. To successfully implement an API, you will need a tool that will enable simple enforcement of API controls, continuous monitoring capabilities, performance management, and assurance of high availability.
An API management system will typically provide capabilities for creating and registering service as follows:
- Secure API Services
- Manage API Lifecycles
- Mediate and Virtualize Services
- Govern Access to Services
- Integrate Services and their Data
- Support Authentication and Authorization for all APIs and Services, including OAuth, OpenID, SAML, Kerberos, WS-Security, LDAP and XACML
- Support for all Major Security Standards, including WS*and WS-I
The focus of this article is to discuss how a unified API management and SOA governance platform can accelerate your organization's ability to deliver reliable, scalable and secure mobile applications for healthcare providers. First we will begin with the major technical challenges encountered when deploying healthcare-based mobile applications. Then we will discuss API management and governance platform expectations that can help you overcome these challenges such as the following:
- Data Encryption
- Access Control - Role and Application-based Access
- Integration / Orchestration of data from Multiple Provider Systems
- Quality of Service Control
- Usage Analytics / Event Management
Security - Encryption, Authentication and Authorization
A PKI facilitates users, applications and systems to exchange insecure data safely by encrypting it prior to transmission. Unlike traditional cryptography that uses private keys also known as symmetric cryptography, the public key infrastructure utilizes public key cryptography or asymmetric cryptography. This is used to authenticate a user or manage message encryption.
With asymmetrical cryptography, a public and private key are created simultaneously using the same algorithm (such as RSA) by the certificate authority. The private key is given to the requesting party and the public key is made publicly available (embedded within the certificate) in a location that all parties can access. The private key is used to decrypt text that has been encrypted with the public key. The certificate is used to authenticate the user.
Typically a PKI provides:
- A certificate authority (CA) who issues and verifies the digital certificate. A certificate includes the public key or information about the public key
- A registration authority (RA) acts as the verifier for the certificate authority before a digital certificate is issued to a requestor
- Persistent storage of the certificates and keys
- A certificate management system (creation, import, export, revocation, etc.)
In addition to authenticating with a validated digital certificate, using SAML, an SSO token, basic HTTP authentication, an X.509 certificate, an application token or a third-party IAM system are all popular approaches that can be used to securely connect your mobile application to back-end systems and data services residing with the HIE enterprise.
When health provider personnel authenticate themselves on systems that access patient health records; it's likely that different employees will require and qualify for various levels of data access based on their job description. For this reason, a role-based authentication / authorization framework is recommended. For example, the front office personnel may only have a need to see basic information such as patient demographics, insurance and medication information and a nurse might be required to have access to the entire patient's medical record. Having a framework for implementing role-based access will easily help filter and mask patient data attributes from un-authorized use.
Mediation and Service Orchestration
Where are your patient's medical records, how many sources of data needed to be aggregated, transformed and merged to assemble them, what formats of data do these sources of patient record fragments support etc.? Architects and developers typically face these questions when working with multiple systems both internally and externally to assemble a patient's holistic and contiguous health history or continuity of care document (HL7 CCD). Often developer are using integration engines such as Rhapsody, Mirth, etc., to transform HL7 messages, legacy EDI messages, database data, along with other source of patient information into in XML and usually exposed via a SOAP service.
In addition to mediation, service orchestration and the creation of compound services are a common requirement for health care oriented mobile applications. As an example, in order to create a patient's HL7 CCD, patient data usually resides within multiple systems, data service requests (primitives) to these systems will need to be orchestrated to form the resulting CCD dataset. In some cases, data returned from some of the primitive service requests may require some transformation or may be used as input to a subsequent request. Encapsulating and abstracting multiple primitive requests and any associated logic into a single composite service operation will reduce overall mobile application implementation complexity and message traffic between the mobile device and the HIE data center.
Policy-based Governance Controls for API Services
In most cases, we probably want different licenses with different levels of service (and access) to the backend APIs that enable our mobile applications. The levels of service could be measured in throughput, the bandwidth consumed over time, concurrency and availability.
Within the realm of health care you might want to have some specific controls or governance policies regarding the use of the HIE's back-end system services or APIs. Below are some QoS and SLA examples.
- Allow APIs to be called no more than 10 times per minute per device
- Allow devices to consume no more than 100MB per hour
- Prevent devices from outside the trusted country list (user-defined)
- Allow devices with this IP address range x.x.x.x-x.x.x.x to access the service layer
- Prevent Denial-of-Service attacks with quota management and white/blacklisting
- Only allow certain APIs to be called by specific user roles
The back-end services within the HEI should be deployed within an infrastructure that can provide a similar level of API governance.
In order to understand how your HEI back-end service layer is performing and being utilized by its application consumers, the API management platform should provide access to real-time API usage statistics, API status and event and SLA violation monitoring. These analytics can be used for troubleshooting, performance tuning, threat detection and various usage reports.
Most enterprises utilize a dashboard and reporting system that ingests telemetry data from a variety of systems within the enterprise. Data from these systems are combined to create a complete picture of enterprise system activity. Therefore it may become important to have a capability that can export or publish API management system telemetry data to an enterprise activity monitoring system or reporting data warehouse.
Healthcare-focused mobile applications contain complex use cases and have strict operational requirements. Security models, message protocol mediation services, service usage statistic collection, data transformations and service orchestration functions are all features that can easily be added to your mobile application by leveraging and integrating an API management and governance system with your service oriented architecture.
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
Mar. 29, 2015 07:00 PM EDT Reads: 5,222
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
Mar. 29, 2015 06:00 PM EDT Reads: 1,481
The WebRTC Summit 2014 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
Mar. 29, 2015 06:00 PM EDT Reads: 1,594
Temasys has announced senior management additions to its team. Joining are David Holloway as Vice President of Commercial and Nadine Yap as Vice President of Product. Over the past 12 months Temasys has doubled in size as it adds new customers and expands the development of its Skylink platform. Skylink leads the charge to move WebRTC, traditionally seen as a desktop, browser based technology, to become a ubiquitous web communications technology on web and mobile, as well as Internet of Things compatible devices.
Mar. 29, 2015 06:00 PM EDT Reads: 1,849
Docker is an excellent platform for organizations interested in running microservices. It offers portability and consistency between development and production environments, quick provisioning times, and a simple way to isolate services. In his session at DevOps Summit at 16th Cloud Expo, Shannon Williams, co-founder of Rancher Labs, will walk through these and other benefits of using Docker to run microservices, and provide an overview of RancherOS, a minimalist distribution of Linux designed expressly to run Docker. He will also discuss Rancher, an orchestration and service discovery platf...
Mar. 29, 2015 04:15 PM EDT Reads: 2,437
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
Mar. 29, 2015 04:00 PM EDT Reads: 1,419
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
Mar. 29, 2015 03:30 PM EDT Reads: 2,171
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional Social, Mobile and Cloud user experiences, our solutions help large and medium-sized organizations dr...
Mar. 29, 2015 03:00 PM EDT Reads: 2,852
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
Mar. 29, 2015 03:00 PM EDT Reads: 3,458
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the M2M space. This really allows some room for influential individuals to create more high value inter...
Mar. 29, 2015 01:45 PM EDT Reads: 4,665
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
Mar. 29, 2015 12:00 PM EDT Reads: 1,455
After making a doctor’s appointment via your mobile device, you receive a calendar invite. The day of your appointment, you get a reminder with the doctor’s location and contact information. As you enter the doctor’s exam room, the medical team is equipped with the latest tablet containing your medical history – he or she makes real time updates to your medical file. At the end of your visit, you receive an electronic prescription to your preferred pharmacy and can schedule your next appointment.
Mar. 29, 2015 12:00 PM EDT Reads: 788
The list of ‘new paradigm’ technologies that now surrounds us appears to be at an all time high. From cloud computing and Big Data analytics to Bring Your Own Device (BYOD) and the Internet of Things (IoT), today we have to deal with what the industry likes to call ‘paradigm shifts’ at every level of IT. This is disruption; of course, we understand that – change is almost always disruptive.
Mar. 29, 2015 11:45 AM EDT Reads: 1,115
SYS-CON Events announced today that SafeLogic has been named “Bag Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SafeLogic provides security products for applications in mobile and server/appliance environments. SafeLogic’s flagship product CryptoComply is a FIPS 140-2 validated cryptographic engine designed to secure data on servers, workstations, appliances, mobile devices, and in the Cloud.
Mar. 29, 2015 11:00 AM EDT Reads: 1,419
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
Mar. 29, 2015 11:00 AM EDT Reads: 2,096
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microservices, and more.
Mar. 29, 2015 08:30 AM EDT Reads: 2,053
GENBAND has announced that SageNet is leveraging the Nuvia platform to deliver Unified Communications as a Service (UCaaS) to its large base of retail and enterprise customers. Nuvia’s cloud-based solution provides SageNet’s customers with a full suite of business communications and collaboration tools. Two large national SageNet retail customers have recently signed up to deploy the Nuvia platform and the company will continue to sell the service to new and existing customers. Nuvia’s capabilities include HD voice, video, multimedia messaging, mobility, conferencing, Web collaboration, deskt...
Mar. 29, 2015 01:00 AM EDT Reads: 1,464
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
Mar. 28, 2015 08:00 PM EDT Reads: 1,805
SYS-CON Events announced today that Akana, formerly SOA Software, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Akana’s comprehensive suite of API Management, API Security, Integrated SOA Governance, and Cloud Integration solutions helps businesses accelerate digital transformation by securely extending their reach across multiple channels – mobile, cloud and Internet of Things. Akana enables enterprises to share data as APIs, connect and integrate applications, drive part...
Mar. 28, 2015 04:15 PM EDT Reads: 1,546
Cloud is not a commodity. And no matter what you call it, computing doesn’t come out of the sky. It comes from physical hardware inside brick and mortar facilities connected by hundreds of miles of networking cable. And no two clouds are built the same way. SoftLayer gives you the highest performing cloud infrastructure available. One platform that takes data centers around the world that are full of the widest range of cloud computing options, and then integrates and automates everything. Join SoftLayer on June 9 at 16th Cloud Expo to learn about IBM Cloud's SoftLayer platform, explore se...
Mar. 28, 2015 02:00 PM EDT Reads: 1,637