tag:blogger.com,1999:blog-23743884552872927952024-03-14T03:20:45.671-04:00Adventures in ComputingVidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.comBlogger94125tag:blogger.com,1999:blog-2374388455287292795.post-80817646743348627032014-11-02T19:48:00.000-05:002015-05-07T19:42:04.191-04:00Toward a Reference Architecture for Intelligent Systems in Clinical Care<h3>
A Software Architecture for Precision Medicine </h3>
<br />
Intelligent systems in clinical care leverage the latest innovations in machine learning, real-time data stream mining, visual analytics, natural language processing, ontologies, production rule systems, and cloud computing to provide clinicians with the best knowledge and information at the point of care for effective clinical decision making. In this post, I propose a unified open reference architecture that combines all these technologies into a hybrid cognitive system for clinical decision support. Indeed, truly intelligent systems are capable of reasoning. The goal is not to replace clinicians, but instead to provide them with cognitive support during clinical decision making. Furthermore, Intelligent Personal Assistants (IPAs) such as Apple's Siri, Google's Google Now, and Microsoft's Cortana have raised our expectations on how intelligent systems interact with users through voice and natural language.<br />
<br />
In the strict sense of the term, a reference architecture should be abstracted away from concrete technology implementation. However in order to enable a better understanding of the proposed approach, I take liberty in explaining how available open source software can be used to realize the intent of the architecture. There is an urgent need for an open and interoperable architecture which can be deployed across devices and platforms. Unfortunately, this is not the case today with solutions like Apple's HealthKit and ResearchKit.<br />
<br />
The specific open source software mentioned in this post can be substituted with other tools which provide similar capabilities. The following diagram is a depiction of the architecture (click to enlarge).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdbJxxCiFYdBQYtiNFKlB8BGGW8AmP9whrdQHHSAaJNLEInho3K5bebVv02IXHhn1FpwKao5Pu6g5669YRcPdWo_c8TWZOKHkRg_Y_SyXx0Lwf1c3rdH-A_IxjRilap5kqLgVQSo7t1Riv/s1600/arch.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdbJxxCiFYdBQYtiNFKlB8BGGW8AmP9whrdQHHSAaJNLEInho3K5bebVv02IXHhn1FpwKao5Pu6g5669YRcPdWo_c8TWZOKHkRg_Y_SyXx0Lwf1c3rdH-A_IxjRilap5kqLgVQSo7t1Riv/s1600/arch.png" width="400" /></a></div>
<h3>
</h3>
<h3>
</h3>
<h3>
Clinical Data Sources </h3>
<br />
Clinical data sources are represented on the left of the architecture diagram. Examples include electronic medical record systems (EMR) commonly used in routine clinical care, clinical genome databases, genome variant knowledge bases, medical imaging databases, data from medical devices and wearable sensors, and unstructured data sources such as biomedical literature databases. The approach implements the <i>Lambda Architecture </i>enabling both batch and real-time data stream processing and mining.<br />
<br />
<br />
<h3>
Predictive Modeling, Real-Time Data Stream Mining, and Big Data Genomics </h3>
<br />
The back-end provides various tools and frameworks for advanced analytics and decision management. The analytics workbench includes tools for creating predictive models and data streaming mining. The decision management workbench includes a production rule system (providing seamless integration with clinical events and processes) and an ontology editor.<br />
<br />
The incoming clinical data likely meet the Big Data criteria of volume, velocity, and variety (this is particularly true for physiological time series from wearable sensors). Therefore, specialized frameworks for large scale cluster computing like Apache Spark are used to analyze and process the data. Statistical computing and Machine Learning tools like R are used here as well. The goal is knowledge and patterns discovery using Machine Learning model builders like Decision Trees, k-Means Clustering, Logistic Regression, Support Vector Machines (SVMs), Bayesian Networks, Neural Networks, and the more recent Deep Learning techniques. The latter hold great promise in applications such as Natural Language Processing (NLP), medical image analysis, and speech recognition.<br />
<br />
These Machine Learning algorithms can support diagnosis, prognosis, simulation, anomaly detection, care alerting, and care planning. For example, anomaly detection can be performed at scale using the k-means clustering machine learning algorithm in Apache Spark. In addition, Apache Spark allows the implementation of the <i>Lambda Architecture</i> and can also be used for genome Big Data analysis at scale.<br />
<br />
In another post titled <a href="http://efasoft.blogspot.com/2015/01/how-good-is-your-crystal-ball-utility.html" target="_blank"><i>How Good is Your Crystal Ball?: Utility, Methodology, and Validity of Clinical Prediction Models</i></a>, I discuss quantitative measures of performance for clinical prediction models. <br />
<br />
<br />
<h3>
Visual Analytics </h3>
<br />
Visual Analytics tools like D3.js, rCharts, ploty, googleVis, ggplot2, and ggvis can help obtain deep insight for effective understanding, reasoning, and decision making through the visual exploration of massive, complex, and often ambiguous data. Of particular interest is Visual Analytics of real-time data streams like physiological time series. As a multidisciplinary field, Visual Analytics combines several disciplines such as human perception and cognition, interactive graphic design, statistical computing, data mining, spatio-temporal data analysis, and even Art. For example, similar to Minard's map of the Russian Campaign of 1812-1813 (see graphic below), Visual Analytics can help in comparing different interventions and care pathways and their respective clinical outcomes over a certain period of time by displaying causes, variables, comparisons, and explanations.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj24BeVN2qYoVemn_RL7xUUnox7Hg1gNk3q1Wt7I3jJoWYKFpSOopPFdB3yGpeQb3ITnQuHYL18WImeX6HXC4eRVKRDSOazkN3-JXq1fke9EL7GJ28BkYrOnX6NiCJstAdRQ5TRepoDMOj4/s1600/900px-Minard.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj24BeVN2qYoVemn_RL7xUUnox7Hg1gNk3q1Wt7I3jJoWYKFpSOopPFdB3yGpeQb3ITnQuHYL18WImeX6HXC4eRVKRDSOazkN3-JXq1fke9EL7GJ28BkYrOnX6NiCJstAdRQ5TRepoDMOj4/s1600/900px-Minard.png" width="400" /></a></div>
<br />
<br />
<br />
<h3>
Production Rule System, Ontology Reasoning, and NLP</h3>
<br />
The architecture also includes a production rule engine and an ontology editor (Drools and Protégé respectively). This is done in order to leverage existing clinical domain knowledge available from clinical practice guidelines (CPGs) and biomedical ontologies like SNOMED CT. This approach complements machine learning algorithms' probabilistic approach to clinical decision making under uncertainty. The production rule system can translate CPGs into executable rules which are fully integrated with clinical processes (workflows) and events. The ontologies can provide automated reasoning capabilities for decision support.<br />
<br />
NLP includes capabilities such as:<br />
<ul>
<li>Text classification, text clustering, document and passage retrieval, text summarization, and more advanced clinical question answering (CQA) capabilities which can be useful for satisfying clinicians' information needs at the point of care; and</li>
<li>Named entity recognition (NER) for extracting concepts from clinical notes.</li>
</ul>
The data tier supports the efficient storage of large amounts of time series data and is implemented with tools like Cassandra and HBase. The system can run in the cloud, for example using the Amazon Elastic Compute Cloud (EC2). For real-time processing of distributed data streams, cloud-based solutions like Amazon Kinesis and Lambda can be used.<br />
<br />
<h3>
</h3>
<h3>
Clinical Decision Services</h3>
<br />
The clinical decision services provide intelligence at the point of care typically using deployed predictive models, clinical rules, text mining outputs, and ontology reasoners. For example, Machine Learning algorithms can be exported in predictive markup language (PMML) format for run-time scoring based on the clinical data of individual patients, enabling what is referred to as <i>Personalized Medicine</i>. Clinical decision services include:<br />
<br />
<ul>
<li>Diagnosis and prognosis</li>
<li>Simulation</li>
<li>Anomaly detection </li>
<li>Data visualization</li>
<li>Information retrieval (e.g., clinical question answering)</li>
<li>Alerts and reminders </li>
<li>Support for care planning processes.</li>
</ul>
The clinical decision services can be deployed in the cloud as well. Other clinical systems can consume these services through a SOAP or REST-based web service interface (using the HL7 vMR and DSS specifications for interoperability) and single sign-on (SSO) standards like SAML2 and OpenID Connect. <br />
<br />
<br />
<h3>
Intelligent Personal Assistants (IPAs)</h3>
<br />
Clinical decision services can also be delivered to patients and clinicians through IPAs. IPAs can accept inputs in the form of voice, images, and user's context and respond in natural language. IPAs are also expanding to wearable technologies such as smart watches and glasses. The precision of speech recognition, natural language processing, and computer vision is improving rapidly with the adoption of Deep Learning techniques and tools. Accelerated hardware technologies like GPUs and FPGAs are improving the performance and reducing the cost of deploying these systems at scale.<br />
<br />
<br />
<h3>
Hexagonal, Reactive, and Secure Architecture</h3>
<br />
Intelligent Health IT systems are not just capable of discovering knowledge and patterns in data. They are also scalable, resilient, responsive, and secure. To achieve these objectives, several architectural patterns have emerged during the last few years:<br />
<br />
<ul>
<li><b>Domain Driven Design (DDD)</b> puts the emphasis on the core domain and domain logic and recommends a layered architecture (typically user interface, application, domain, and infrastructure) with each layer having well defined responsibilities and interfaces for interacting with other layers. Models exist within "bounded contexts". These "bounded contexts" communicate with each other typically through messaging and web services using HL7 standards for interoperability. </li>
<br />
<li>The <b>Hexagonal Architecture</b> defines "ports and adapters" as a way to design, develop, and test an application in a way that is independent of the various clients, devices, transport protocols (HTTP, REST, SOAP, MQTT, etc.), and even databases that could be used to consume its services in the future. This is particularly important in the era of the Internet of Things in healthcare.</li>
<br />
<li><b>Microservices </b>consist in decomposing large monolithic applications into smaller services following good old principles of service-oriented design and single responsibility to achieve modularity, maintainability, scalability, and ease of deployment (for example, using Docker).</li>
<br />
<li><b>CQRS/ES: </b>Command Query Responsibility Segregation (CQRS) and Event Sourcing (ES) are two architectural patterns which consist in the use of event-driven messaging and an<b> Event Store</b> for separating commands (write-side) from queries (read-side) relying on the principle of <b>Eventual Consistency</b>. CQRS/ES can be implemented in combination with microservices to deliver new capabilities such as temporal queries, behavioral analysis, complex audit logs, and real-time notifications and alerts. </li>
<br />
<li><b>Functional Programming</b>: Functional Programming languages like Scala have several benefits that are particularly important for applying Machine Learning algorithms on large data sets. Like functions in mathematics, functions in Scala have no side effects. This provides referential transparency. Machine Learning algorithms are in fact based on Linear Algebra and Calculus. Scala supports high-order functions as well. Variables are immutable witch greatly simplifies concurrency. For all those reasons, Machine Learning libraries like Apache Mahout have embraced Scala, moving away from the Java MapReduce paradigm.</li>
<br />
<li><b>Reactive Architecture</b>: The Reactive Manifesto makes the case for a new breed of applications called "Reactive Applications". According to the manifesto, the Reactive Application architecture allows developers to build <i>"systems that are event-driven, scalable, resilient, and responsive."</i> Leading frameworks that support Reactive Programming include Akka and RxJava. The latter is a library for composing asynchronous and event-based programs using observable sequences. <b>RxJava </b>is a Java port (with a Scala adaptor) of the original Rx (Reactive Extensions) for .NET created by Erik Meijer.<br /> <br />Based on the Actor Model and built in Scala, <b>Akka </b>is a framework for building highly concurrent, asynchronous, distributed, and fault tolerant event-driven applications on the JVM. Akka offers location transparency, fault tolerance, asynchronous message passing, and a non-deterministic share-nothing architecture. <b>Akka Cluster</b> provides a fault-tolerant decentralized peer-to-peer based cluster membership service with no single point of failure or single point of bottleneck.<br /> <br />Also built with Scala, <b>Apache Kafka</b> is a scalable message broker which provides high-throughput, fault-tolerance, built-in partitioning, and replication for processing real-time data streams. In the reference architecture, the ingestion layer is implemented with Akka and Apache Kafka.</li>
</ul>
<ul>
<br />
<li><b>Web Application Security</b>: special attention is given to security across all layers, notably the proper implementation of authentication, authorization, encryption, and audit logging. The implementation of security is also driven by deep knowledge of application security patterns, threat modeling, and enforcing security best practices (e.g., OWASP Top Ten and CWE/SANS Top 25 Most Dangerous Software Errors) as part of the continuous delivery process.</li>
</ul>
<br />
<h3>
An Interface that Works across Devices and Platforms</h3>
<br />
The front-end uses a <b>Mobile First</b> approach and a <b>Single Page Application (SPA)</b> architecture with Javascript-based frameworks like AngularJS to create very responsive user experiences. It also allows us to bring the following software engineering best practices to the front-end:<br />
<br />
<ul>
<li>Dependency Injection </li>
<li>Test-Driven Development (Jasmine, Karma, PhantomJS)</li>
<li>Package Management (Bower or npm)</li>
<li>Build system and Continuous Integration (Grunt or Gulp.js)</li>
<li>Static Code Analysis (JSLint and JSHint), and </li>
<li>End-to-End Testing (Protractor). </li>
</ul>
For mobile devices, Apache Cordova can be used to access native functions when desired. The main goal is to provide a user interface that works across devices and platforms such as iOS, Android, and Windows Phone.<br />
<br />
<h3>
Interoperability</h3>
<br />
Interoperability will always be a key requirement in clinical systems. Interoperability is needed between all players in the healthcare ecosystem including providers, payers, labs, knowledge artifact developers, quality measure developers, and public health agencies like the CDC. These standards exist today and are implementation-ready. However, only health IT buyers have the leverage to demand interoperability from their vendors.<br />
<br />
Standards related to clinical decision support (CDS) include:<br />
<br />
<ul>
<li>The HL7 Fast Healthcare Interoperability Resources (FHIR) </li>
<li>The HL7 virtual Medical Record (vMR)</li>
<li>The HL7 Decision Support Services (DSS) specification</li>
<li>The HL7 CDS Knowledge Artifact specification</li>
<li>The DMG Predictive Model Markup Language (PMML) specification.</li>
</ul>
<br />
<h3>
Overcoming Barriers to Adoption</h3>
<br />
<ul>
</ul>
In a previous post, I discussed a practical approach to <a href="http://efasoft.blogspot.com/2013/04/addressing-challenges-to-adoption-of.html" target="_blank">addressing challenges to the adoption of clinical decision support (CDS) systems</a>.<br />
<br />
<br />
<ul>
</ul>
Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-39469811150333235122014-09-15T07:17:00.002-04:002015-03-07T09:03:03.837-05:00Single Sign-On (SSO) for Cloud-based SaaS ApplicationsSingle Sign-On (SSO) is a key capability for Software as a Service (SaaS) applications particularly when there is a need to integrate with existing enterprise applications. In the enterprise world dominated by SOAP-based web services, security has been traditionally achieved with standards like WS-Security, WS-SecurityPolicy, WS-SecureConversation, WS-Trust, XML Encryption, XML Signatures, the WS-Security SAML Token Profile, and XACML.<br />
<br />
During the last few years, the popularity of Web APIs, mobile technology, and Cloud-based software services has led to the emergence of light-weight security standards in support of the new REST/JSON paradigm with specifications like OAuth2 and OpenID Connect.<br />
<br />
In this post, I discuss the state of the art in standards for SSO. <br />
<br />
<h3>
SAML2 Web SSO Profile</h3>
<br />
SAML2 Web SSO Profile (not to be confused with the WS-Security SAML Token Profile mentioned earlier) is not a new standard. It was approved as an OASIS standard in 2005. SAML2 Web SSO Profile is still today a force to reckon with when it comes to enabling SSO within the enterprise. In a post titled <a href="http://architects.dzone.com/articles/saml-versus-oauth-which-one" target="_blank"><i>SAML vs OAuth: Which One Should I Use?</i></a>, Anil Saldhana, former Lead Identity Management Architect at Red Hat offered the following suggestions:<br />
<br />
<blockquote class="tr_bq">
<ul>
<li><i>If your usecase involves SSO (when at least one actor or participant is an enterprise), then use SAML.</i></li>
<li><i>If your usecase involves providing access (temporarily or permanent) to resources (such as accounts, pictures, files etc), then use OAuth.</i></li>
<li><i>If you need to provide access to a partner or customer application to your portal, then use SAML.</i></li>
<li><i>If your usecase requires a centralized identity source, then use SAML (Identity provider).</i></li>
<li><i>If your usecase involves mobile devices, then OAuth2 with some form of Bearer Tokens is appropriate.</i></li>
</ul>
</blockquote>
<blockquote class="tr_bq">
</blockquote>
<br />
Salesforce.com who is arguably the leader in cloud-based SaaS services supports SAML2 Web SSO Profile as one of its main SSO mechanisms (see the <a href="http://help.salesforce.com/help/pdfs/en/salesforce_single_sign_on.pdf" target="_blank">Salesforce Single Sign-On Implementation Guide</a>)<i>. </i>The Google Apps platform supports <a href="https://developers.google.com/google-apps/sso/saml_reference_implementation" target="_blank">SAML2 Web SSO Profile</a> as well. <br />
<br />
Federal Identity, Credential, and Access Management (FICAM), a US Federal Government initiative has selected SAML2 Web SSO Profile for the purpose of Level of Assurance (LOA) 1 to 4 as defined by the NIST Special Publication 800-62-2 (see <a href="http://www.idmanagement.gov/sites/default/files/documents/SAML20_Web_SSO_Profile.pdf" target="_blank"><i>ICAM SAML 2.0 Web Browser SSO Profile</i></a>). This is significant given the challenges associated with identity federation at the scale of a large organization like the US federal government.<br />
<br />
SAML bindings specify underlying transport protocols including:<br />
<br />
<ul>
<li>HTTP Redirect Binding</li>
<li>HTTP POST Binding</li>
<li>HTTP Artifact Binding</li>
<li>SAML SOAP Binding.</li>
</ul>
<br />
SAML profiles define how the SAML assertions, protocols, and bindings are combined to support particular usage scenarios. The Web Browser SSO Profile and the Single Logout Profile are the most commonly used profiles.<br />
<br />
Identity Provider (idP) initiated SSO with POST binding is one the most popular implementations (see diagram below from the OASIS SAML Technical Overview for a typical authentication flow).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuvMkOhpB51bO0MATESEAgX9BYH4rCHyL7UeAwh7r6Rwq3VwBQpjIStmqZFpMvKFNosLD-3T9JhKrpUjjNJNHV8a_eaGMdRUIIXRxJWzFGmmTP9tAOmSIGG2_Kc3STrAX7Y1SS0c7Gkra2/s1600/idpsso.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuvMkOhpB51bO0MATESEAgX9BYH4rCHyL7UeAwh7r6Rwq3VwBQpjIStmqZFpMvKFNosLD-3T9JhKrpUjjNJNHV8a_eaGMdRUIIXRxJWzFGmmTP9tAOmSIGG2_Kc3STrAX7Y1SS0c7Gkra2/s1600/idpsso.png" height="311" width="400" /></a></div>
<br />
<br />
The SAML2 Web SSO ecosystem is very mature, cross-platform, and scalable. There are a number of open source implementations available as well. However, things are constantly changing in technology and identity federation is no exception. At the Cloud Identity Summit in 2012, Craig Burton, a well known analyst in the identity space declared:<br />
<br />
<blockquote class="tr_bq">
<i> SAML is the Windows XP of Identity. No funding. No innovation. People still use it. But it has no future. There is no future for SAML. No one is putting money into SAML development. No one is writing new SAML code. SAML is dead.</i></blockquote>
Craig Burton further clarified his remarks by saying:<br />
<br />
<blockquote class="tr_bq">
<i>SAML is dead does not mean SAML is bad. SAML is dead does not mean SAML isn’t useful. SAML is dead means SAML is not the future</i>. </blockquote>
At the time, this provoked a storm in the Twitterverse because of the significant investments that have been made by enterprise customers to implement SAML2 for SSO. <br />
<br />
<br />
<h3>
WS-Federation</h3>
<br />
There is an alternative to SAML2 Web SSO Profile called WS-Federation which is supported in Microsoft products like Active Directory Federation Services (ADFS), Windows Identity Foundation (WIF), and Azure Active Directory. Microsoft has been a strong promoter of WS-Federation and has implemented WS-Federation in several products. There is also a popular open source identity server on the .NET platform called<a href="https://github.com/thinktecture/Thinktecture.IdentityServer.v2/wiki" target="_blank"> Thinktecture IdentityServer v2</a> which also supports WS-Federation.<br />
<br />
For enterprise SSO scenarios between business partners exclusively using Microsoft products and development environment, WS-Federation could be a serious contender. However, SAML2 is more widely supported and implemented outside of the Microsoft world. For example, Salesforce.com and Google Apps do not support WS-Federation for SSO. Note that Microsoft ADFS implements the SAML2 Web SSO Profile in addition to WS-Federation.<br />
<br />
<h3>
OpenID Connect </h3>
<br />
OpenID Connect is a simple identity layer on top of OAuth2. It has been ratified by the OpenID Foundation in February 2014 but has been in development for several years. Nat Sakimura's <a href="http://nat.sakimura.org/2011/05/15/dummys-guide-for-the-difference-between-oauth-authentication-and-openid/" target="_blank"><i>Dummy’s guide for the Difference between OAuth Authentication and OpenID</i></a> is a good resource for understanding the difference between OpenID, OAuth2, and OpenID Connect. In particular, it explains why OAuth2 alone is not strictly an authentication standard. The following diagram from the OpenID Connect specification represents
the components of the OpenID Connect stack (click to enlarge).<br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirXSTBfXLX1hknveKNZb60QNEJQI5lLFelCo-NuFjxbMb-3pjFKfDsbGjlhZZpVBpZr8Dm9i2azzGuTUeAWDw2s4aStn1F4hX6rOhqmIGfas4f2RVS_YIDtClBnwttghPzWMDoyy_vzB9j/s1600/OpenIDConnect-Map-4Feb2014.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirXSTBfXLX1hknveKNZb60QNEJQI5lLFelCo-NuFjxbMb-3pjFKfDsbGjlhZZpVBpZr8Dm9i2azzGuTUeAWDw2s4aStn1F4hX6rOhqmIGfas4f2RVS_YIDtClBnwttghPzWMDoyy_vzB9j/s1600/OpenIDConnect-Map-4Feb2014.png" height="340" width="400" /></a> </div>
<br />
<br />
Also note that OAuth2 tokens can be <a href="https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-10" target="_blank">JSON Web Token (JWT)</a> or <a href="https://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-21" target="_blank">SAML assertions</a>. <br />
<br />
The following is the basic flow as defined in the OpenID Connect specification:<br />
<br />
<blockquote class="tr_bq">
<ol>
<li><i>The RP (Client) sends a request to the OpenID Provider (OP).</i></li>
<li><i>The OP authenticates the End-User and obtains authorization.</i></li>
<li><i>The OP responds with an ID Token and usually an Access Token.</i></li>
<li><i>The RP can send a request with the Access Token to the UserInfo Endpoint.</i></li>
<li><i>The UserInfo Endpoint returns Claims about the End-User. </i></li>
</ol>
</blockquote>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92Yz73GtVbbNzLKBwr7KjmoTY2vlEnuBLlZmk0JPuRK3GxI6GJ7ETSYrk6DP8iI_awnouMXMs9JVLYu9O2_z27aWuzU2WRk7H-MAyk1-pV_zgYM5q1bdvQxOm6QMnONSzVOodF_GxyjZ2/s1600/opienidconnect.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92Yz73GtVbbNzLKBwr7KjmoTY2vlEnuBLlZmk0JPuRK3GxI6GJ7ETSYrk6DP8iI_awnouMXMs9JVLYu9O2_z27aWuzU2WRk7H-MAyk1-pV_zgYM5q1bdvQxOm6QMnONSzVOodF_GxyjZ2/s1600/opienidconnect.png" height="241" width="400" /></a></div>
<br />
There are two subsets of the Core functionality with corresponding implementer’s guides:<br />
<br />
<ul>
<li><i>Basic Client Implementer’s Guide</i> –for a web-based Relying Party (RP) using the OAuth code flow</li>
<li><i>Implicit Client Implementer’s Guide</i> – for a web-based Relying Party using the OAuth implicit flow</li>
</ul>
<br />
<br />
OpenID Connect is particularly well-suited for modern applications which offer RESTful Web APIs, support JSON payloads, run on mobile devices, and are deployed to the Cloud. Despite being a relatively new standard, OpenID Connect also boasts an impressive list of implementations across platforms. It is already supported by big players like Google, Microsoft, PayPal, and Salesforce. In particular, Google is consolidating all federated sign-in support onto the OpenID Connect standard. Open Source OpenID Connect Identity Providers include the Java-based OpenAM and the .Net-based <a href="https://identityserver.github.io/Documentation/" target="_blank">Thinktecture Identity Server v3</a>.<br />
<br />
<br />
<h3>
From WS* to JW* and JOSE</h3>
<br />
As can be seen from the diagram above, a complete identity federation ecosystem based on OpenID Connect will also require standards for representing security assertions, digital signatures, encryption, and cryptographic keys. These standards include:<br />
<br />
<ul>
<li>JSON Web Token (JWT)</li>
<li>JSON Web Signature (JWS)</li>
<li>JSON Web Encryption (JWE)</li>
<li>JSON Web Key (JWK) </li>
<li>JSON Web Algorithms (JWA). </li>
</ul>
<br />
There is a new acronym for these emerging JSON-based identity and security protocols: JOSE which stands for <i>Javascript Object Signing and Encryption</i>. It is also the name of the IETF Working Group developing JWS, JWE, and JWK. A Java-based open source implementation called <a href="https://bitbucket.org/b_c/jose4j/wiki/Home" target="_blank">jose4j</a> is available.<br />
<br />
<br />
<h3>
Access Control with the User Managed Access (UMA)</h3>
<br />
According to the UMA Core specification,<br />
<br />
<blockquote class="tr_bq">
<i>User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policy. </i></blockquote>
In the UMA protocol, OpenID Connect provides federated SSO and is also used to convey user claims to the authorization server. In a previous post titled <a href="http://efasoft.blogspot.com/2013/02/patient-privacy-at-web-scale.html" target="_blank"><i>Patient Privacy at Web Scale</i></a>, I discussed the application of UMA to the challenges of patient privacy.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-40460871976126469122014-08-25T18:24:00.000-04:002015-02-22T17:06:28.484-05:00Ontologies for Addiction and Mental Disease: Enabling Translational Research and Clinical Decision SupportIn a previous post titled <a href="http://efasoft.blogspot.com/2011/08/why-do-we-need-ontologies-in-healthcare.html" target="_blank"><i>Why do we need ontologies in healthcare applications</i></a>, I elaborated on what ontologies are and why they are different from information models of data structures like relational database schemas and XML schemas commonly used in healthcare informatics applications. In this post, I discuss two interesting applications of ontology engineering related to addiction and mental disease treatment. The first is the use of ontologies for achieving semantic interoperability in translational research. The second is the use of ontologies for modeling complex medical knowledge in clinical practice guidelines (CPGs) for the purpose of automated reasoning during execution in clinical decision support systems (CDS) at the point of care.<br />
<br />
<h3>
Why Semantic Interoperability is needed in biomedical translational research?</h3>
<br />
In order to accelerate the discovery of new effective therapeutics for mental health and addiction treatment, there is a need to integrate data across disciplines spanning biomedical research and clinical care delivery [1]. For example, linking data across disciplines can facilitate a better understanding of treatment response variability among patients in addiction treatment. These disciplines include:<br />
<br />
<ul>
<li>Genetics, the study of genes.</li>
<li>Chemistry, the study of chemical compounds including substances of abuse like heroin.</li>
<li>Neuroscience, the study of the nervous system and the brain (addiction is a chronic disease of the brain)</li>
<li>Psychiatry which is focused on the diagnosis, treatment, and prevention of addiction and mental disorders. </li>
</ul>
<br />
Each of these disciplines has its own terminology or controlled vocabularies. In the clinical domain for example, DSM5 and RrxNorm are used for documenting clinical care. In biomedical research, several ontologies have been developed over the last few years including:<br />
<ul>
<li>The Gene Ontology (GO)</li>
<li>The Chemical Entities of Biological Interest Ontology (CHEBI)</li>
<li>NeuroLex, an OWL ontology covering major domains of neuroscience: anatomy, cell, subcellular, molecule, function, and dysfunction.</li>
</ul>
<br />
To facilitate semantic interoperability between these ontologies, there are best practices established by the Open Biomedical Ontology (OBO) community. An example of best practice is the use of an upper-level ontology called the Basic Formal Ontology (BFO) which acts as a common foundational ontology upon which new ontologies can be created. OBO ontologies and principles are available on the <a href="http://www.obofoundry.org/" target="_blank">OBO Foundry</a> web site.<br />
<br />
Among the ontologies available on the OBO Foundry is the <a href="https://code.google.com/p/mental-functioning-ontology/" target="_blank">Mental Functioning Ontology (MF)</a> [2, 3]. The MF is being developed as a collaboration between the University of Geneva in Switzerland and the University at Buffalo in the United States. The project also includes a Mental Disease Ontology (MD) which extends the MF and the Ontology for General Medical Science (OGMS). The Basic Formal Ontology (BFO) is an upper-level ontology for both the MF and the OGMS. The picture below is a view of the class hierarchy of the MD showing details of the class "Paranoid Schizophrenia" in the right pane of the windows of the beta release of Protege 5, an open source ontology development environment (click on the image to enlarge it).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlPwSkrG7A0UnaQGloQcQ-Fl5VViAGJlC-8GLx1KEUhyvWFdnnRrxEvSm6iWUv76T1g_IwbGTMDFG9VEBxKnTts3x7BLKWMH1xsHG6onmqti2vHcdzTLm5fWwI8kYa5MDdbHE7lRKjRALg/s1600/protegeMDOwl.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlPwSkrG7A0UnaQGloQcQ-Fl5VViAGJlC-8GLx1KEUhyvWFdnnRrxEvSm6iWUv76T1g_IwbGTMDFG9VEBxKnTts3x7BLKWMH1xsHG6onmqti2vHcdzTLm5fWwI8kYa5MDdbHE7lRKjRALg/s1600/protegeMDOwl.png" height="320" width="400" /></a></div>
The following is a tree view of the "Mental Disease Course" class (click on the image to enlarge it):<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgU0eS6ZGUskGJgUy9swaCbdIB2zQehSuOBrDi9ix6nCumEyMqaBu1TzH8FiZlMIZ5huPceFuiVObE_9t0c1ryDihX4VZHZ59qKt_wYqjQeCZ26qtUY4V-WcQOK4Fm-_Rn9__JzAVvHWYU/s1600/mdowl2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgU0eS6ZGUskGJgUy9swaCbdIB2zQehSuOBrDi9ix6nCumEyMqaBu1TzH8FiZlMIZ5huPceFuiVObE_9t0c1ryDihX4VZHZ59qKt_wYqjQeCZ26qtUY4V-WcQOK4Fm-_Rn9__JzAVvHWYU/s1600/mdowl2.png" height="228" width="400" /></a></div>
<br />
<br />
Ontology constructs defined by the OWL2 language can help establish common semantics (meaning) and relationships between entities across domains. These constructs provide automated inferencing capabilities such as equivalence (e.g., <i>owl:sameAs</i> and <i>owl:equivalentClass</i><i></i>) and subsumption (e.g., <i>rdfs:subClassOf</i>) relationships between entities. <br />
<br />
In addition, publishing data sources following Linked Open Data (LOD) principles and semantic search using federated SPARQL queries can help answer new research questions. Another application is semantic annotation for natural language processing (NLP) applications.<br />
<h3>
</h3>
<h3>
Ontologies as knowledge representation formalism for clinical decision support (CDS)</h3>
<br />
As knowledge representation formalism, ontologies are well suited for modeling complex medical knowledge and can facilitate reasoning during the automated execution of clinical practice guidelines (CPGs) and Care Pathways (CPs) based on patient data at the point of care. Several approaches to modelling CPGs and CPs have been proposed in the past including PROforma, HELEN, EON, GLIF, PRODIGY, and SAGE. However, the lack of free and open source tooling has been a major impediment to a wide adoption of these knowledge representation formalisms. OWL has the advantage of being a widely implemented W3C Recommendation with available mature open source tools.<br />
<br />
In practice, the medical knowledge contained in CPGs can be manually translated into IF-THEN statements in most programming languages. Executable CDS rules (like other complex types of business rules) can be implemented with a production rule engine using forward chaining. This is the approach taken by OpenCDS and some large scale CDS implementations in real world healthcare delivery settings. This allows CDS software developers to externalize the medical knowledge contained in clinical guidelines in the form of declarative rules as opposed to embedding that knowledge in procedural code. Many viable open source business rule management systems (BRMS) are available today and provide capabilities such as a rule authoring user interface, a rules repository, and a testing environment.<br />
<br />
However, production rule systems have a limitation. They do not scale because they require writing a rule for each clinical concept code (there are more than 311,000 active concepts in SNOMED CT alone). An alternative is to exploit the class hierarchy in an ontology so that subclasses of a given superclass can inherit the clinical rules that are applicable to the superclass (this is called subsumption). In addition to subsumption, an OWL ontology also support reasoning with description logic (DL) axioms [4].<br />
<br />
An ontology designed for a clinical decision support (CDS) system can integrate the clinical rules from a CPG, a domain ontology like the Mental Disorder (MD) ontology, and the patient medical record from an EHR database in order to provide inferences in the form of treatment recommendations at the point of care. The OWL API [5] facilitates the integration of ontologies into software applications. It supports inferencing using reasoners like Pellet and HermiT. OWL2 reasoning capabilites can be enhanced with rules represented in SWRL (Semantic Web Rule Language) which is implemented by reasoners like Pellet as well as the Protege OWL development environement. In addition to inferencing, another benefit of an OWL-based approach is transparency: the CDS system can provide an explanation or justification of how it arrives at the treatment recommendations.<br />
<br />
Nonetheless, these approaches are not mutually exclusive: a production rule system can be integrated with business processes, ontologies, and predictive analytics models. Predictive analytics models provide a probabilistic approach to treatment recommendations to assist in the clinical decision making process.<br />
<br />
<h3>
References</h3>
<br />
[1] Janna Hastings, Werner Ceusters, Mark Jensen, Kevin Mulligan and Barry Smith. Representing mental functioning: Ontologies for mental health and disease. Proceedings of the Mental Functioning Ontologies workshop of ICBO 2012, Graz, Austria.<br />
<br />
[2] Ceusters, W. and Smith, B. (2010a). Foundations for a realist ontology of mental disease. Journal of Biomedical Semantics, 1(1), 10.<br />
<br />
[3] Hastings, J., Smith, B., Ceusters, W., and Mulligan, K. (2012). The mental functioning ontology. http://code.google.com/p/mental-functioning-ontology/, last accessed August 24, 2014<br />
<br />
[4] Sesen MB, Peake MD, Banares-Alcantara R, Tse D, Kadir T, Stanley R, Gleeson F, Brady M. 2014 Lung Cancer Assistant: a hybrid clinical decision support application for lung cancer care. J. R. Soc. Interface 11: 20140534. <br />
<br />
[5] Matthew Horridge, Sean Bechhofer. The OWL API: A Java API for OWL Ontologies Semantic Web Journal 2(1), Special Issue on Semantic Web Tools and Systems, pp. 11-21, 2011.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-36461947563839451282014-08-17T16:54:00.004-04:002015-03-17T20:05:05.430-04:00Natural Language Processing (NLP) for Clinical Decision Support: A Practical ApproachA significant portion of the electronic documentation of clinical care is captured in the form of unstructured narrative text like psychotherapy and progress notes. Despite the big push to adopt structured data entry (as required by the Meaningful Use incentive program for example), many clinicians still like to document care using free narrative text. The advantage of using narrative text as opposed to coded entries is that narrative text can tell the story of the patient and the care provided particularly in complex cases. My opinion is that free narrative text should be used to complement coded entries when necessary to capture relevant information.<br />
<br />
Furthermore, medical knowledge is expanding very rapidly. For example, PubMed has more than 24 millions citations for biomedical literature from MEDLINE, life science journals, and online books. It is impossible for the human brain to keep up with that amount of knowledge. These unstructured sources of knowledge contain the scientific evidence that is required for effective clinical decision making in what is referred to as Evidence-Based Medicine (EBM).<br />
<br />
In this blog, I discuss two practical applications of Natural Language Processing (NLP). The first is the use of NLP tools and techniques to automatically extract clinical concepts and other insight from clinical notes for the purpose of providing treatment recommendations in Clinical Decision Support (CDS) systems. The second is the use of text analytics techniques like clustering and summarization for Clinical Question Answering (CQA).<br />
<br />
The emphasis of this post is on a practical approach using freely available and mature open source tools as opposed to an academic or theoretical approach. For a theoretical treatment of the subject, please refer to the book <i>Speech and Language Processing</i> by Daniel Jurafsky and James Martin.<br />
<br />
<br />
<h3>
Clinical NLP with Apache cTAKES </h3>
<br />
Based on the Apache Unstructured Information Management Architecture (UIMA) framework and the Apache OpenNLP natural language processing toolkit, Apache cTAKES provides a modular architecture utilizing both rule-based and machine learning techniques for information extraction from clinical notes. cTAKES can extract named entities (clinical concepts) from clinical notes in plain text or HL7 CDA format and map these entities to various dictionaries including the following Unified Medical Language System (UMLS) semantic types: diseases/disorders, signs/symptoms, anatomical sites, procedures, and medications.<br />
<br />
cTAKES includes the following key components which can be assembled to create processing pipelines:<br />
<br />
<ul>
<li>Sentence boundary detector based on the OpenNLP Maximum Entropy (ME) sentence detector.</li>
<li>Tokenizor</li>
<li>Normalizer using the National Library of Medicine's Lexical Variant Generation (LVG) tool</li>
<li>Part-of-speech (POS) tagger</li>
<li>Shallow parser</li>
<li>Named Entity Recognition (NER) annotator using dictionary look-up to UMLS concepts and semantic types. The Drug NER can extract drug entities and their attributes such
as dosage, strength, route, etc. </li>
<li>Assertion module which determines the subject of the statement (e.g., is the subject of the statement the patient or a parent of the patient) and whether a named entity or event is negated (e.g., does the presence of the word "depression" in the text implies that the patient has depression).</li>
</ul>
Apache cTAKES 3.2 has added YTEX, a set of extensions developed at Yale University which provide integration with MetaMap, semantic similarity, export to Machine Learning packages like Weka and R, and feature engineering.<br />
<br />
The following diagram from the <a href="https://cwiki.apache.org/confluence/display/CTAKES/cTAKES" target="_blank">Apache cTAKES Wiki</a> provides an overview of these components and their dependencies (click to enlarge):<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvTY5bRNHlMW4xwZZRoF-xH6BnwKYq9fQQXVFrMKaFnzSD2KG-SV2lnHWyS_4VblF20pOZ7AcrpWeRljVPZDK-REvIVGczVNf06_ynZpmtKPk9N2EHZPNO0-vsdin_UXZPmitjS0K-Z8mh/s1600/ctakes-3.1-dependencies.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvTY5bRNHlMW4xwZZRoF-xH6BnwKYq9fQQXVFrMKaFnzSD2KG-SV2lnHWyS_4VblF20pOZ7AcrpWeRljVPZDK-REvIVGczVNf06_ynZpmtKPk9N2EHZPNO0-vsdin_UXZPmitjS0K-Z8mh/s1600/ctakes-3.1-dependencies.png" height="320" width="240" /></a></div>
<br />
<div style="text-align: right;">
Source: <a href="https://cwiki.apache.org/confluence/display/CTAKES/cTAKES" target="_blank">Apache cTAKES wiki</a> </div>
<h3>
Massively Parallel Clinical Text Analytics in the Cloud with GATECloud</h3>
<br />
The General Architecture for Text Engineering (GATE) is a mature, comprehensive, and open source text analytics platform. GATE is a family of tools which includes:<br />
<br />
<ul>
<li><i>GATE Developer</i>: an integrated development environment (IDE) for language processing components with a comprehensive set of available plugins called CREOLE (Collection of REusable Objects for Language Engineering).<i> </i></li>
<li><i>GATE Embedded</i>: an object library for embedding services developed with GATE Developer into third-party applications.<i> </i></li>
<li><i>GATE Teamware</i>: a collaborative semantic annotation environment based on a workflow engine for creating manually annotated corpora for applying machine learning algorithms.<i> </i></li>
<li><i>GATE Mímir</i>: the "Multi-paradigm Information Management Index and Repository" which supports a multi-paradigm approach to index and search over text, ontologies, and semantic metadata.</li>
<li><i>GATE Cloud</i>: a massively parallel clinical text analytics platform (Platform as a Service or PaaS) built on the Amazon AWS Cloud. </li>
</ul>
What makes GATE particularly attractive is the recent addition of GATECloud.net PaaS which can boost the productivity of people involved in large scale text analytics tasks.<br />
<h3>
</h3>
<h3>
Clustering, Classification, Text Summarization, and Clinical Question Answering (CQA)</h3>
<h3>
</h3>
<h3>
</h3>
An unsupervised machine learning approach called Clustering can be used to classify large volumes of medical literature into groups (clusters) based on some similarity measure (such as the Euclidean distance). Clustering can be applied at the document, search result, and word/topic levels. Carrot2 and Apache Mahout are open source projects that provide several methods for document clustering. For example, the Latent Dirichlet Allocation learning algorithm in Apache Mahout automatically clusters words into topics and documents into mixtures of topics. Other clustering algorithms in Apache Mahout include: Canopy, Mean-Shift, Spectral, K-Means and Fuzzy K-Means. Apache Mahout is part of the Hadoop ecosystem and can therefore scale to very large volumes of unstructured text.<br />
<br />
Document classification essentially consists in assigning predefined set of labels to documents. This can be achieved through supervised machine learning algorithms. Apache Mahout implements the Naive Bayes classifier.<br />
<br />
Text summarization techniques can be used to present succinct and clinically relevant evidence to clinicians at the point of care. MEAD (http://www.summarization.com/mead/) is an open source project that implements multiple summarization algorithms. In the biomedical domain, SemRep is a program that extracts semantic predications (subject-relation-object triples) from biomedical free text. Subject and object arguments of each predication are concepts from the UMLS Metathesaurus and the relation is from the UMLS Semantic Network (e.g., TREATS, Co-OCCURS_WITH). The SemRep summarization provides a short summary of these concepts and their semantic relations. <br />
<br />
AskHermes (Help clinicians to <i>Extract and aRrticulate Multimedia information for answering clinical quEstionS</i>) is a project that attempts to implement these techniques in the clinical domain. It allows clinicians to enter questions in natural language and uses the following unstructured information sources: MEDLINE abstracts, PubMed Central full-text articles, eMedicine documents, clinical guidelines, and Wikipedia articles.<br />
<br />
The processing pipeline in AskHermes includes the following: <i>Question Analysis, Related Questions Extraction, Information Retrieval, Summarization and Answer Presentation</i>. AskHermes performs question classification using MMTx (MetaMap Technology Transfer) to map keywords to UMLS concepts and semantic types. Classification is achieved through supervised machine learning algorithms such as Support Vector Machine (SVM) and conditional random fields (CFRs). Summarization and answer presentation are based on clustering techniques. AskHermes is powered by open source components including: JBoss Seam, Weka, Mallet , Carrot2 , Lucene/Solr, and WordNet (a lexical database for the English language).Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com1tag:blogger.com,1999:blog-2374388455287292795.post-19601699078621111722014-08-09T19:05:00.002-04:002014-10-30T16:38:32.183-04:00Enabling Scalable Realtime Healthcare Analytics with Apache Spark<br />
Modern and massively parallel computing platforms can process humongous amounts of data in real time to obtain actionable insights for effective clinical decision making. In this blog, I discuss an emerging Big Data platform called Apache Spark and its application to remote real-time healthcare monitoring using data from medical devices and wearable sensors. The goal is to provide effective remote care for an increasingly aging population as well as public health surveillance.<br />
<br />
<br />
<h3>
The Apache Spark Framework</h3>
<br />
Apache Spark has emerged during the last couple of years as an innovative platform for Big Data and in-memory cluster computing capable of running programs up to 100x faster than traditional Hadoop MapReduce. Apache Spark is written in Scala, a functional programming language (see my previous post titled <a href="http://efasoft.blogspot.com/2014/01/navigating-in-scala-land.html" target="_blank"><i>Navigating in Scala land</i></a>). Spark also offers a Java and a Python APIs. The Scala API allows developers to interact with Spark by using very concise and expressive Scala code. <br />
<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUGAO4NEQPKikbqTH3SD8G6FqDnE406zTnE2rkGg7TvuMYf_RyMwwuCz6JKmGE801WnCZxdzj5dc8cW3zpaWafkyze1OgXB5H89jo8HC5PcfeBQtf7gpNr2u0M-eBk8xwSB4BD7wPRLE4v/s1600/spark-stack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUGAO4NEQPKikbqTH3SD8G6FqDnE406zTnE2rkGg7TvuMYf_RyMwwuCz6JKmGE801WnCZxdzj5dc8cW3zpaWafkyze1OgXB5H89jo8HC5PcfeBQtf7gpNr2u0M-eBk8xwSB4BD7wPRLE4v/s1600/spark-stack.png" height="150" width="320" /></a></div>
<br />
The Spark stack also includes the following integrated tools:<br />
<br />
<ul>
<li><i>Spark SQL</i> which allows relational queries expressed in SQL, HiveQL, or Scala to be executed using Spark through a data abstraction called SchemaRDD. Supported data sources include Parquet files (a columnar storage format for Hadoop), JSON datasets, or data stored in Apache Hive.</li>
<br />
<li><i>Spark Streaming</i> which enables fault-tolerant stream processing of live data streams. Data can be ingested from many sources like Kafka, Flume, Twitter, ZeroMQ or plain old TCP sockets. The ingested data can be directly processed with Spark built-in Machine Learning algorithms.</li>
<br />
<li><i>MLlib </i>(Machine Learning Library) provides a library of practical Machine Learning algorithms including support vector machines (SVM), logistic regression, decision trees, naive Bayes, and k-means clustering. </li>
<br />
<li><i>GraphX </i>which provides graph-parallel computation for graph-analytics application like social networks.</li>
</ul>
<br />
<br />
Apache Spark can also play nicely with other frameworks within the Hadoop ecosystem. For example, it can run standalone or on a Hadoop 2's YARN cluster manager, on Amazon EC2 or a Mesos cluster manager. Spark can also read data from HFDS, HBase, Cassandra or any other Hadoop data source. Other noteworthy integrations include:<br />
<br />
<ul>
<li><i>SparkR</i>, an R package allowing the use of Spark from R, a very popular open source software environment for statistical computing with more that 5800 packages including Machine Learning packages; and</li>
<br />
<li><i>H2O-Sparkling</i> which provides an integration with the H2O platform through in-memory sharing with Tachyon, a memory-centric distributed file system for data sharing across cluster frameworks. This allows Spark applications to leverage advanced distributed Machine Learning algorithms supported by the H2O platform like emerging Deep Learning algorithms. </li>
</ul>
<br />
<h3>
</h3>
<h3>
Wearable Sensors for Remote Healthcare Monitoring </h3>
<br />
Three factors are contributing to the availability of massive amounts of clinical data: the rising adoption of EHRs by providers thanks in part to the Meaningful Use incentive program; the increasing use of medical devices including wearable sensors used by patients outside of healthcare facilities; and medical knowledge (for example in the form of medical research literature).<br />
<br />
One promising area in Healthcare Informatics where Big Data architectures like the one provided by Apache Spark can make a difference is in applications using data from wearable health monitoring sensors for anomaly detection, care alerting, diagnosis, care planning, and prediction. For example, anomaly detection can be performed at scale using the k-means clustering machine learning algorithm in Spark.<br />
<br />
These sensors and devices are part of a larger trend called the "<i>Internet of Things</i>". They enable new capabilities such as remote health monitoring for personalized medicine and chronic care management for an increasingly aging population as well as public health surveillance for outbreaks and epidemics.<br />
<br />
Wearable sensors can collect vital signs data like weight, temperature, blood pressure (BP), heart rate (HR), blood glucose (BG), respiratory rate (RR), electrocardiogram (ECG), oxygen saturation (SpO2), and Photoplethysmography (PPG). Spark Streaming can be used to perform real-time stream processing on sensors data and the data can be processed and analyzed using the Machine Learning algorithms available in MLlib and the other integrated frameworks like R and H2O. What makes Spark particularly suitable for this type of applications is that sensor data meet the Big Data criteria of volume, velocity, and variety. <br />
<br />
Researchers predict that internet use on mobile phones will increase 20-fold in Africa in the next five years. The number of mobile subscriptions in sub-Saharan Africa is expected to reach 635 millions by the end of this year. This unprecedented level of connectivity (fueled in part by the historical lack of land line infrastructure) provides opportunities for effective public health surveillance and disease management in the developing world.<br />
<br />
Apache Spark is the type of open source computing infrastructure that is needed for distributed, scalable, and real-time healthcare analytics for reducing healthcare costs and improving outcomes.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-50487549546059248602014-02-02T19:15:00.000-05:002014-12-04T18:27:09.302-05:00Building business sustainability: why Agile needs Lean Startup principles?In his book on leadership titled <i>On Becoming a Leader</i>, Warren Bennis wrote: <i>"Managers do things right while leaders do the right thing".</i> This quote can help explain why Agile needs Lean Startup principles.<br />
<br />
<h3>
Toward Product Leadership</h3>
<br />
Lean Startup is about Product Leadership. In business, the ultimate goal of the enterprise is to eventually generate revenue and profit and that requires having enough customers who are willing to pay for a product or service. This is the key to sustainability in a free market system. The concept of the Lean Startup was first introduced by Eric Ries in his book titled: <i>The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses</i>. Steve Blank wrote an article in the Harvard Business Review last year titled: <i>Why the Lean Start-Up Changes Everything</i>.<br />
<br />
Agile is about the management of Product Development. When applied properly using techniques such as Test Automation and Continuous Delivery, Agile (and its various flavors like XP, Scrum, or Kanban) is a proven methodology for successful software delivery. However, a purely ceremonial approach (daily standup, sprint planning, review, retrospective, story pointing, etc.) may not yield best results.<br />
<br />
Having the best software developers in town and building a well-designed and well-tested software on time and under budget will not necessarily translate into market success and business growth and sustainability. So what is the missing piece? How do we ensure that Agile is delivering a product that users are willing to buy? How do we know that the software itself and the many features that we work hard to implement every sprint are actually going to be needed, paid for, and used by our customers?<br />
<br />
<h3>
How Agile projects can become big failed experiments</h3>
<br />
Agile promotes the use of cross-functional teams that include business users, subject matter experts (SMEs), software developers, and testers. There is also the role of Product Owner in Agile teams. The Product Owner and the business users help the team define and prioritize backlog items. The issue is that most of the time, neither the Product Owner nor the business users are the people who are actually going to sign a check or use their credit card to buy the product. This is the case when the product will be marketed and sold to the market at large. Implementing the wrong design and building the wrong product can be very costly to the enterprise. So the result is that the design and the features that are being implemented by the development team are just assumptions and hypotheses (by so called experienced experts and product visionaries) that have never been validated. Not surprisingly, many Agile projects have become big failed experiments.<br />
<br />
<br />
<h3>
Untested assumptions and hypotheses </h3>
<br />
What we call vision and strategy are often just untested assumptions and hypotheses. Yet, we invest significant time and resources pursuing those ideas. A deep understanding (acquired through lengthy industry experience) of the business, customers' pain points, regulatory environment, and the competitive landscape will not always produce the correct assumptions about a product. This is because the pace of change has accelerated dramatically over the last two decades.<br />
<br />
Traditional management processes and tools like strategic planning and the <i>Balanced Scorecard</i> do not always provide a framework for validating those assumptions. Even newer management techniques like the <i>Blue Ocean Strategy</i>
taught by business schools to MBA candidates contain significant
elements of risk and uncertainty when confronted with the brutal reality
of the marketplace.<br />
<br />
This reminds me of my days in aviation training. Aviation operations are characterized by a high level of planning. The Flight Plan contains details about the departure time, route, estimated time enroute, fuel onboard, cruising altitude, airspeed, destination, alternate airports, etc. However, pilots are also trained to respond effectively to uncertainty. Examples of these critical decision points are the well known "Go/No Go" decision during takeoff and the "Go-Around" during the final approach to landing. According to the Flight Safety Foundation, a lack of go-arounds is the number one risk factor in approach and landing accidents and the number one cause of "runway excursions".<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieGlKRK9uBBKIMQJ8JyIXxmiDAq_INivX1koCYG1gRFCL6jhUShKrphZuIO4OxAGrwQM6Tr208QCvxeH7IUv11qhug9vpDjek5-jSJnKKKVpeZ32BjgXKDOaLT43MtdR54-tfCqx4aOtBq/s1600/goaround.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieGlKRK9uBBKIMQJ8JyIXxmiDAq_INivX1koCYG1gRFCL6jhUShKrphZuIO4OxAGrwQM6Tr208QCvxeH7IUv11qhug9vpDjek5-jSJnKKKVpeZ32BjgXKDOaLT43MtdR54-tfCqx4aOtBq/s1600/goaround.png" height="145" width="400" /></a></div>
<br />
The following is how the FAA Airplane Flying Handbook describes the go-around:<br />
<br />
<blockquote class="tr_bq">
<i>The assumption that an aborted landing is invariably the consequence of a poor approach, which in turn is due to insufficient experience or skill, is a fallacy. The go-around is not strictly an emergency procedure. It is a normal maneuver that may at times be used in an emergency situation. Like any other normal maneuver, the go-around must be practiced and perfected.</i></blockquote>
<h3>
</h3>
<h3>
</h3>
<h3>
Applying Lean Startup engineering Principles</h3>
<br />
A software development culture that tolerates risk-taking and failure as a source of rapid learning and growth is actually a good thing. The question is how do we perform fail-safe experiments early and often to validate our assumptions and hypotheses about customers' pain points and the business model (how money is made), quickly learn from those experiments, and pivot to new ideas and new experiments until we get the product right? The traditional retrospective in Agile usually involves discussion about what went wrong and how we can improve with a focus on the activities performed by team members. The concept of pivot in Lean Startup engineering is different. The pivot is about being responsive to customer feedback and demands in order to build a sustainable and resilient product and business. The pivot has significant implications on the architecture, design, and development of a product. As Peter Senge wrote in his book titled <i>The Fifth Discipline: The Art and Practice of the The Learning Organization</i>:<br />
<br />
<blockquote class="tr_bq">
<i>The only sustainable competitive advantage is an organization's ability to learn faster than the competition.</i></blockquote>
<br />
The Lean Startup recipe is to create Minimum Viable Products (MVPs) that are tested early and often with future customers of the product. An MVP can be created through rapid prototyping or by incrementally delivering new product features through Continuous Delivery, while leveraging cloud-based capabilities such as a Platform as a Service (PaaS) to remain lean. Testing MVPs requires the team (including software developers) to get out of their cubicles or workstations and meet with customers face-to-face whenever possible to obtain direct feedback and validation. MVPs can also be tested through analytics, A/B testing, or end-user usability testing. Actionable metrics like the System Usability Scale (SUS) should be collected during these fail-safe experiments and subsequently analyzed.<br />
<br />
These fail-safe experiments allows the Product Owner and team to refine the product vision and business model through validated learning. Lean Startup principles are not just for startups. They can also make a big difference in established enterprises where resource constraints combined with market competition and uncertainty can render the traditional strategic planning exercise completely useless.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-84128643961512515672014-01-12T14:43:00.000-05:002014-07-26T14:01:00.533-04:00Navigating in Scala Land<br />
In a previous post titled <i><a href="http://efasoft.blogspot.com/2013/11/toward-polyglot-programming-on-jvm.html" target="_blank">Toward Polyglot Programming on the Java Virtual Machine (JVM)</a></i>, I described my preliminary exploration of the other languages and frameworks on the JVM including Groovy, Gradle, Grails, Scala, Akka, Clojure, and the Play Framework. I made the switch from Maven to Gradle, a Groovy-based build language that combines the best of Ant and Maven. I was seduced by the scaffolding capabilities of Grails, but decided to make the jump to Scala and functional programming. So I have been navigating in Scala land recently. In this post, I described my journey.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQZRcbiHaTBqguVCKGVptrfbKwADDvM3VbkdJffl_YMJ_6WWcvoP8J1qr2Bny0rITdQzd78XSOHw0E0S_WpejLpM0Z5gVpWBTQDWc3tA9pg8IxL9XkXR1Ulzas5dID7B1WoQ0VcgRoBW-9/s1600/scala.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQZRcbiHaTBqguVCKGVptrfbKwADDvM3VbkdJffl_YMJ_6WWcvoP8J1qr2Bny0rITdQzd78XSOHw0E0S_WpejLpM0Z5gVpWBTQDWc3tA9pg8IxL9XkXR1Ulzas5dID7B1WoQ0VcgRoBW-9/s1600/scala.jpg" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
I am still learning, but I can tell you that I never had so much fun learning a new programming language. It probably has something to do with the use of pure mathematical functions in Scala. I did spend a year studying pure mathematics at the <a href="http://www.uac.bj/public/index.php/fr/" target="_blank">University of Abomey-Calavi</a> after graduating from high school. My first exposure to functional programming was with XSLT and XQuery and I very much enjoyed programming without side effects when using those languages. XSLT 3.0 is a fully-fledged functional programming language with support for functions as first class values and high-order functions. XQuery 3.0 is a typed functional language for processing and querying XML data.<br />
<br />
<br />
Scala is a complex and ambitious language as it supports both object-oriented and functional programming. When I started to learn Scala, I took the wrong directions several times and had to make several U-turns. So the following steps have been effective for me:<br />
<br />
<ul>
<li>The Coursera class <i><a href="https://www.coursera.org/course/progfun" target="_blank">Functional Programming Principles in Scala</a> </i>taught by Martin Odersky (the designer of Scala) is a good place to start. It explains the motivations behind Scala and emphasizes its mathematical and functional nature without trying to map pre-existing knowledge (of Java or Python, or any other language) to Scala. This is a refreshing approach because Scala is a different language although it can interoperate with Java. A good companion to this course is the book <i>Programming in Scala: A Comprehensive Step-by-Step Guide, 2nd Edition</i> by Martin Odersky, Lex Spoon and Bill Venners.</li>
<br />
<li>If you're a Java programmer moving to Scala, then the book <i>Scala for the Impatient </i>by Cay S. Horstmann would be a good reference. </li>
<br />
<li>If you're interested in building a web application in Scala, then I would recommend the book <i>Play for Scala </i>by Peter Hilton, Erik Bakker and Francisco Canedo. Scala and Play come with their own ecosystem of tools. This includes a Scala-based build system called sbt (simple build tool), testing tools (like Spec2 and ScalaTest), IDEs (Eclipse-based Scala IDE and IntelliJ), database drivers (like ReactiveMongo and Slick), and authentication/authorization (SecureSocial and Deadbolt). Play has first-class support for JSON and REST, supports asynchronous responses (based on the concepts of "Future" and "Promise"), reactive programming with Akka, caching, iteratees (for processing large streams of data), and real-time push-based technologies like WebSockets and Server-Sent Events.</li>
<br />
<li>A this point, if you decide to dive into the deep waters of Scala, you might want to consider learning Reactive Programming and purely functional data structures. </li>
<br />
<li>There is a second Scala course at Coursera titled <a href="https://www.coursera.org/course/reactive" target="_blank"><i>Principles of Reactive Programming</i></a> taught by Martin Odersky, Erik Meijer, and Roland Kuhn. The <a href="http://www.reactivemanifesto.org/" target="_blank"><i>Reactive Manifesto</i></a> makes the case for a new breed of applications called "Reactive Applications". According to the manifesto, the Reactive Application architecture allows developers to build <i>"systems that are event-driven, scalable, resilient, and responsive."</i> In Scala land, there are currently two leading frameworks that support Reactive Programming: Akka and <a href="https://github.com/Netflix/RxJava" target="_blank">RxJava</a>. The latter is a library for composing asynchronous and event-based programs using observable sequences. RxJava is a Java port (with a Scala adaptor) of the original Rx (Reactive Extensions) for .NET created by Erik Meijer. Based on the Actor Model, Akka is a framework for building highly concurrent, asynchronous, distributed, and fault tolerant event-driven applications on the JVM (it supports both Java and Scala).</li>
<br />
<li>For purely functional data structures, there is a Scala-based library called <a href="https://github.com/scalaz/scalaz" target="_blank">Scalaz</a>. The book <i>Functional Programming in Scala</i> by Paul Chiusano and Rúnar Bjarnason is a good resource for exploring Scalaz.</li>
<br />
<li>Readers of this blog probably know that I am a proponent of Domain Driven Design (DDD) in building complex software systems. So I have been investigated how DDD principles can be implemented with a functional and reactive approach. Vaughn Vernon recently presented a podcast on <a href="http://skillsmatter.com/podcast/design-architecture/reactive-ddd-with-scala-and-akka" target="_blank"><i>Reactive DDD with Scala and Akka</i></a>. In a post titled <a href="http://debasishg.blogspot.com/2014/05/functional-patterns-in-domain-modeling.html" target="_blank"><i>Functional Patterns in Domain Modeling - Anemic Models and Compositional Domain Behaviors</i></a>, Debasish Ghosh provides an interesting perspective on the subject of <i>anemic domain models</i> in DDD done within a functional programming language as opposed to an object-oriented one.</li>
<br />
<li>For me, Big Data is real, not just a buzzword. I believe in analyzing humongous amounts of data to find hidden patterns and obtain insight for solving complex problems. Dean Wampler called <a href="http://polyglotprogramming.com/papers/CopiousData_TheKillerAppForFP.pdf" target="_blank"><i>copious data, the killer app for functional programming</i></a>. <a href="https://github.com/twitter/scalding" target="_blank">Scalding </a>by Twitter can be used for writing MapReduce jobs in Scala. Apache Spark which is written in Scala can run Machine Learning programs up to 100x faster than Hadoop MapReduce in memory. A talk titled <i><a href="http://polyglotprogramming.com/papers/Spark-TheNextTopComputeModel.pdf" target="_blank">Why Spark is the Next Top Compute Model</a> </i>by Dean Wampler explains why Spark has emerged as the most likely replacement for MapReduce in Hadoop applications.</li>
</ul>
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-72784084100853269722013-12-29T18:23:00.001-05:002014-06-19T13:22:29.779-04:00Improving the quality of mental health and substance use treatment: how can Informatics help?<div id="p-3">
</div>
<br />
According to the 2012 National Survey on Drug Use and Health, an estimated 43.7 million adults aged 18 or older in the United States had mental illness in the past year. This represents 18.6 percent of all adults in this country. Among those 43.7 million adults, 19.2 percent (8.4 million adults) met criteria for a substance use disorder (i.e., illicit drug or alcohol dependence or abuse). In 2012, an estimated 9.0 million adults (3.9 percent) aged 18 or older had serious thoughts of suicide in the past year.<br />
<br />
Mental health and substance use are often associated with other issues such as:<br />
<br />
<ul>
<li>Co-morbidity involving other chronic diseases like HIV, hepatitis, diabetes, and cardiovascular disease. </li>
<br />
<li>Overdose and emergency care utilization.</li>
<br />
<li>Social issues like incarceration, violence, homelessness, and unemployment.</li>
</ul>
It is now well established that addiction is a chronic disease
of the brain and should be treated as such from a health and social policy standpoint.<br />
<br />
<br />
<h3>
The regulatory framework</h3>
<ul>
<li>The Affordable Care Act (ACA) requires non-grandfathered health plans in the individual and small group markets to provide essential health benefits (EHBs) including mental health and substance use disorder benefits. </li>
<br />
<li>Starting in 2014, insurers can no longer deny coverage because of a pre-existing mental health condition.</li>
<br />
<li>The ACA requires health plans to cover recommended evidence-based prevention and screening services including depression screening for adults and adolescents and behavioral assessments for children.</li>
<br />
<li>On November 8, 2013, HHS and the Departments of Labor and Treasury released the final rules implementing the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA). </li>
<br />
<li>Not all behavioral health specialists are eligible to the Meaningful Use EHR Incentive program created by the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009. </li>
</ul>
<br />
<h3>
</h3>
<h3>
Implementing Clinical Practice Guidelines (CPGs) with Clinical Decision Support (CDS) systems</h3>
<h3>
</h3>
<h3>
</h3>
Clinical Decision Support (CDS) can help address key challenges in mental health and substance use treatment such as:<br />
<br />
<ul>
<li>Shortages and high turnover in the addiction treatment workforce.</li>
<br />
<li>Insufficient or lack of adequate clinician education in mental health and addiction medicine.</li>
<br />
<li>Lack of implementation of available evidence-based clinical practice guideline (CPGs) in mental health and addiction medicine.</li>
</ul>
For example, there are a number of scientifically validated CPGs for the Medication Assisted Treatment (MAT) of opioid addiction using methadone or buprenorphine. These evidence-based CPGs can be translated into executable CDS rules using business rule engines. These executable clinical rules should also be seamlessly integrated with clinical workflows.<br />
<br />
The complexity and costs inherent in capturing the medical knowledge in clinical guidelines and translating that knowledge into executable code remains an impediment to the widespread adoption of CDS software. Therefore, there is a need for standards that facilitate the sharing and interchange of CDS knowledge artifacts and executable clinical guidelines. The ONC Health eDecision Initiative has published specifications to support the interoperability of CDS knowledge artifacts and services.<br />
<br />
Ontologies as knowledge representation formalism are well suited for modeling complex medical knowledge and can facilitate reasoning during the automated execution of clinical guidelines based on patient data at the point of care. <br />
<br />
The typical Clinical Practice Guideline (CPG) is 50 to 150 pages long.
Clinical Decision Support (CDS) should also include other forms of
cognitive aid
such as Electronic Checklists, Data Visualization, Order Sets, and
Infobuttons.<br />
<br />
The issues of human factors and usability of CDS systems as well as CDS integration with clinical workflows have been the subject of many research projects in healthcare informatics. The challenge is to be bring these research findings into the practice of developing clinical systems software.<br />
<br />
<br />
<h3>
Learning from Data</h3>
<br />
Learning what works and what does not work in clinical practice is important for building a learning health system. This can be achieved by incorporating the results of Comparative Effectiveness Research (CER) and Patient-Centered Outcome Research (PCOR) into CDS systems. Increasingly, outcomes research will be performed using observational studies (based on real world clinical data) which are recognized as complementary to randomized control trials (RCTs). For example, CER and PCOR can help answer questions about the comparative effectiveness of pharmacological and psychotherapeutic interventions in mental health and substance abuse treatment. This is a form of Practice-Based Evidence (PBE) that is necessary to close the evidence loop.<br />
<br />
Three factors are contributing to the availability of massive amounts of clinical data: the rising adoption of EHRs by providers (thanks in part to the Meaningful Use incentive program), medical devices (including those used by patients outside of healthcare facilities), and medical knowledge (for example in the form of medical research literature). Massively parallel computing platforms such as Apache Hadoop or Apache Spark can process humongous amounts of data (including in real time) to obtain actionable insights for effective clinical decision making.<br />
<br />
The use of predictive modeling for personalized medicine (based on statistical computing and machine learning techniques) is becoming a common practice in healthcare delivery as well. These models can predict the health risk of patients (for pro-active care) based on their individual health profiles and can also help predict which treatments are more likely to lead to positive outcomes.<br />
<br />
Embedding Visual Analytics capabilities into CDS systems can help clinicians obtain deep insight for effective understanding, reasoning, and decision making through the visual exploration of massive, complex, and often ambiguous data. For example, Visual Analytics can help in comparing different interventions and care pathways and their respective clinical outcomes for a patient or population of patients over a certain period of time through the vivid showing of causes, variables, comparisons, and explanations.<br />
<br />
<br />
<h3>
Genomics of Addiction and Personalized Medicine</h3>
<br />
Advances in genomics and pharmacogenomics are helping researchers understand treatment response variability among patients in addiction treatment. Clinical Decision Support (CDS) systems can also be used to provide cognitive support to clinicians in providing genetically guided treatment interventions.<br />
<br />
<br />
<h3>
Quality Measurement for Mental Health and Substance Use Treatment</h3>
<br />
An important implication of the shift from a fee-for-service to a value-based healthcare delivery model is that existing process measures and the regulatory requirements to report them are no longer sufficient. <br />
<br />
Patient-reported outcomes (PROs) and patient-centered measures include essential metrics such as mortality, functional status, time to recovery, severity of side effects, and remission (depression remission at six and twelve months). These measures should take into account the values, goals, and wishes of the patient. Therefore patient-centered outcomes should also include the patient's own evaluation of the care received. <br />
<br />
Another issue to be addressed is the lack of data elements in Electronic Medical Record (EMR) systems for capturing, reporting, and analyzing PROs. This is the key to accountability and quality improvement in mental health and substance use treatment.<br />
<br />
<br />
<h3>
Using Natural Language Processing (NLP) for the automated processing of clinical narratives</h3>
<br />
Electronic documentation in mental health and substance use treatment is often captured in the form of narrative text such as psychotherapy notes. Natural Language Processing (NLP) and machine learning tools and techniques (such as named entity recognition) can be used to extract clinical concepts and other insight from clinical notes.<br />
<br />
Another area of interest is Clinical Question Answering (CQA) that would allow clinicians to ask questions in natural language and extract clinical answers from very large amounts of unstructured sources of medical knowledge. PubMed has more than 23 millions citations for biomedical literature from MEDLINE, life science journals, and online books. It is impossible for the human brain to keep up with that amount of knowledge.<br />
<br />
<span style="-webkit-text-stroke-width: 0px; background-color: white; color: #333333; display: inline !important; float: none; font-family: Verdana, Arial, sans-serif; font-size: 12.727272033691406px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 16.889204025268555px; orphans: auto; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><br /></span>
<br />
<h3>
Computer-Based Cognitive Behavioral Therapy (CCBT) and mHealth</h3>
<br />
According to a report published last year by the California HealthCare Foundation and titled <a href="http://www.chcf.org/publications/2012/06/online-couch-mental-health" target="_blank"><i>The Online Couch: Mental Health Care on the Web</i></a>:<br />
<br />
<blockquote class="tr_bq">
<i>"Computer-based cognitive behavioral therapy (CCBT) cost-effectively leverages the Internet for coaching patterns in self-driven or provider-assisted programs. Technological advances have enabled computer systems designed to replicate aspects of cognitive behavior therapy for a growing range of mental health issues"</i>. </blockquote>
An example of a successful nationwide adoption of CCBT is the online behavioral therapy site <a href="http://www.beatingtheblues.co.uk/" target="_blank">Beating the Blues</a> in the United Kingdom which has been proven to help patients suffering from anxiety and mild to moderate depression. Beating the Blues has been recommended for use in the NHS by the National Institute for Health and Clinical Excellence (NICE).<br />
<br />
In addition, there is growing evidence to support the efficacy of mobile health (mHealth) technologies for supporting patent engagement and activation in health behavior change (e.g., smoking cessation).<br />
<br />
<h3>
</h3>
<h3>
Technologies in support of a Collaborative Care Model </h3>
<br />
There
is sufficient evidence to support the efficacy of the collaborative
care model (CCM) in the treatment of chronic mental health and substance
use conditions.The CCM is based on the following principles:<br />
<ul>
<li>Coordinated care involving a multi-disciplinary care team.</li>
<br />
<li>Longitudinal care plan as the backbone of care coordination.</li>
<br />
<li>Co-location of primary care and mental health and substance use specialists.</li>
<br />
<li>Case management by a Care Manager. </li>
</ul>
Implementing an effective collaborative care model will require a
new breed of advanced clinical collaboration tools and capabilities
such as: <br />
<ul>
<li>Conversations and knowledge sharing using tools like video conferencing for virtual two-way
face-to-face communication between clinicians (see my previous post titled <a href="http://efasoft.blogspot.com/2013/08/health-it-innovations-for-care.html" target="_blank"><i>Health IT Innovations for Care Coordination</i></a>).</li>
<br />
<li>Clinical content management and case management tools.</li>
<br />
<li>File sharing and syncing allowing
the longitudinal care plan to be synchronized and shared among all
members of the care team.</li>
<br />
<li>Light-weight and simple clinical data exchange standards and protocols for content, transport, security, and privacy. </li>
</ul>
<h3>
</h3>
<h3>
Patient Consent and Privacy</h3>
<br />
Because of the stigma associated with mental health and substance use, it is important to give patients control over the sharing of their medical record. Patients consent should be obtained about what type information is shared, with whom, and for what purpose. The patient should also have access to an audit trail of all data exchange-related events. Current paper-based consent processes are inefficient and lack accountability. Web-based consent management applications facilitate the capture and automated enforcement of patient consent directives (see my previous post titled <a href="http://efasoft.blogspot.com/2013/02/patient-privacy-at-web-scale.html" target="_blank"><i>Patient privacy at web scale</i></a>).Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-50591675578082984672013-11-10T19:48:00.000-05:002013-12-15T11:25:10.069-05:00Toward Polyglot Programming on the JVMIn my previous post titled <a href="http://efasoft.blogspot.com/2013/10/treating-javascript-as-first-class.html" target="_blank"><i>Treating Javascript as a first class language</i></a>, I wrote about how the Java Virtual Machine (JVM) is evolving with new languages and frameworks like Groovy, Grails, Scala, Akka, and the Play Framework. In this post, I report on my experience in learning and evaluating these emerging technologies and their roles in the Java ecosystem.<br />
<br />
<h3>
A KangaRoo on the JVM </h3>
<br />
On a previous project, I used Spring Roo to jumpstart the software development process. Spring Roo was created by Ben Alex, an Australian engineer who is also the creator of Spring Security. Spring Roo was a big productivity boost and generated a significant amount of code and configuration based on the specification of the domain model. Spring Roo automatically generated the following:<br />
<br />
<ul>
<li>The domain entities with support for JPA annotations. </li>
<li>Repository and service layers. In addition to JPA, Spring Roo also supports NoSQL persistence for MongoDB based on the Spring Data repository abstraction.</li>
<li>A web layer with Spring MVC controllers and JSP views with support for Tiles-based layout, theming, and localization. The JSP views were subsequently replaced with a combination of Thymeleaf (a next generation server-side HTML5 template engine) and Twitter Boostrap to support a Responsive Web Design (RWD) approach. Roo also supports GWT and JSF.</li>
<li>REST and JSON remoting for all domain types.</li>
<li>Basic configuration for Spring Security, Spring Web Flow, Spring Integration, JMS, Email, and Apache Solr.</li>
<li> Entity mocking, automatic generation of test data (<i>"Data on Demand"</i>), in-container integration testing, and end-to-end Selenium integration tests.</li>
<li>A Maven build file for the project and full integration with Spring STS. </li>
<li>Deployment to Cloud Foundry.</li>
</ul>
Roo also supports other features such as database reverse engineering and Ajax . Another benefit of using Roo is that it helped enforce Spring best practices and other architectural concerns such as proper application layering.<br />
<br />
For my future projects, I am looking forward to taking developer's productivity and innovation to the next level. There are several criteria in my mind:<br />
<br />
<ul>
<li>Being able to do more with less. This means being able to write code that is concise, expressive, requires less configuration and boilerplate coding, and is easier to understand and maintain (particularly for difficult concerns like concurrency which is a key factor in scalability). </li>
<li>Interoperability with the Java language and being able to run on the JVM, so that I can take advantage of the larger and rich Java ecosystem of tools and frameworks.</li>
<li>Lastly, my interest in responsive, massively scalable, and fault-tolerant systems has picked up recently.</li>
</ul>
<br />
<br />
<h3>
<b>Getting Groovy </b></h3>
<br />
Maven has been a very powerful build system for several projects that I have worked on. My goal now is to support continuous delivery pipelines as a pattern for achieving high quality software. Large open source projects like Hibernate, Spring, and Android have already moved to Gradle. Gradle builds are written in a Groovy DSL and are more concise than Maven POM files which are based on a more verbose XML syntax. Gradle supports Java, Groovy, and Scala out-of-the box. It also has other benefits like incremental builds, multi-project builds, and plugins for other essential development tools like Eclipse, Jenkins, SonarQube, Ivy, and Artifactory.<br />
<br />
Grails is a full-stack framework based on Groovy, leveraging its concise syntax (which includes Closures), dynamic language programming, metaprogramming, and DSL support. The core principle of Grails is <i>"convention over configuration"</i>. Grails also integrates well with existing and popular Java projects like Spring Security, Hibernate, and Sitemesh. Roo generates code at development time and makes use of AOP. Grails on the other hand generates code at run-time, allowing the developer to do more with less code. The scaffolding mechanism is very similar in Roo and Grails.<br />
<br />
Grails has its own view technology called Groovy Server Pages (GSP) and its own ORM implementation called Grails Object Relational Mapping (GORM) which uses Hibernate under the hood. There is also decent support for REST/JSON and URL routing to controller actions. This makes it easy to use Grails together with Javascript MVC frameworks like AngularJS in creating more responsive user experiences based on the Single Page Application (SPA) architectural pattern.<br />
<br />
There are many factors that can influence the decision to use Roo vs. Grails (e.g., the learning curve associated with Groovy and Grails for a traditional Java team). There is also a new high-productivity framework called Spring Boot that is emerging as part of the soon to be released Spring Framework 4.0.<br />
<br />
<br />
<h3>
<b>Becoming Reactive</b></h3>
<br />
I am also interested in massively scalable and fault-tolerant systems. This is no longer a requirement solely for big internet players like Google, Twitter, Yahoo, and LinkedIn that need to scale to millions of users. These requirements (including response time and up time) are also essential in mission-critical applications such as healthcare.<br />
<br />
The recently published "<a href="http://www.reactivemanifesto.org/" target="_blank"><i>Reactive Manifesto</i></a>" makes the case for a new breed of applications called <i>"Reactive Applications"</i>. According to the manifesto, the Reactive Application architecture allows developers to build <i>"systems that are event-driven, scalable, resilient, and responsive." </i>That is the premise of the other two prominent languages on the JVM: Scala and Clojure. They are based on a different programming paradigm (than traditional OOP) called Functional Programming that is becoming very popular in the multi-core era.<br />
<br />
Twitter uses Scala and has open-sourced some of their internal Scala resources like <a href="http://twitter.github.io/effectivescala/" target="_blank"><i>"Effective Scala"</i></a> and <a href="http://twitter.github.io/scala_school/" target="_blank"><i>"Scala School"</i></a>. One interesting framework based on Scala is Akka, a concurrency framework built on the Actor Model.<br />
<br />
The Play Framework 2 is a full-stack web application framework based on Scala which is currently used by LinkedIn (which has over 225 millions registered users worldwide). In addition to its elegant design, Play's unique benefits include:<br />
<br />
<ul>
<li>An embedded Java NIO (New I/O) non-blocking server based on JBoss Netty, providing the ability to call collaborating services asynchronously without relying on thread pools to handle I/O. This new breed of servers is called <i>"Evented Servers"</i> (NodeJS is another implementation) as opposed to the old <i>"Threaded Servers"</i>. Older frameworks like Spring MVC use a threaded and synchronous approach which is more difficult to scale.</li>
<li>The ability to make changes to the source code and just refresh the browser page to see the changes (this is called hot reload).</li>
<li>Type-safe Scala templates (errors are displayed in the browser during development).</li>
<li>Integrated support for Akka which provides (among other benefits) fault-tolerance, the ability to quickly recover from failure. </li>
<li>Asynchronous responses (based on the concepts of <i>"Future"</i> and <i>"Promise" </i>also found in AngularJS), caching, iteratees (for processing large streams of data), and support for real-time push-based technologies like WebSockets and Server-Sent Events.</li>
</ul>
The biggest challenge in moving to Scala is that the move to Functional Programming can be a significant learning curve for developers with a traditional OOP background in Java. Functional Programming is not new. Languages like Lisp and Haskell are functional programming languages. More recently, XML processing languages like XSLT and XQuery have adopted functional programming ideas.<br />
<br />
<br />
<h3>
<b>Bringing Clojure to the JVM</b></h3>
<br />
Clojure is a dialect of LISP and a dynamically-type functional programming language which compiles to JVM bytecode. Clojure supports multithreaded programming and immutable data structures. One interesting application of Clojure is <a href="http://incanter.org/" target="_blank"><i>Incanter,</i></a> a statistical computing and data visualization environment enabling big data analysis on the JVM. Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-14306251937119033152013-10-20T13:08:00.001-04:002013-12-14T20:51:43.159-05:00Treating Javascript as a first-class languageWith the emergence of the Single Page Application (SPA) architecture as an approach to creating more fluid and responsive user experiences in the browser, Javascript is gaining prominence as a platform for modern application development. Paypal, a large online payment service, announced recently that it has achieved significant performance and productivity gains by shifting its server-side development from Java to Javascript. From a software architecture and development perspective, what do expressions like <i>"Javascript as a first-class language"</i> or <i>"Javascript as a platform"</i> actually mean?<br />
<br />
Let's consider a well-established first-class language and platform like Java. By the way, I still consider Java a strong and safe bet for developing applications. What makes Java strong is not just the language, but the rich ecosystem of free and open source tools and frameworks built around it (e.g., Eclipse, Tomcat, JBoss Application Server, Drools, Maven, Jenkins, Solr, Hibernate, Spring, Hadoop to name just a few). The JVM is evolving with new languages and frameworks like Groovy, Grails, Clojure, Scala, Akka, and the Play Framework which aim to enhance developer's productivity. It is also well-known that big internet companies like Twitter have achieved significant gains in performance, scalability, and other architectural concerns by shifting a lot of back-end code from Ruby on Rails to the JVM. There are a number of architectural patterns and software development practices that have been adopted over the years in successfully building quality Java applications. These include:<br />
<br />
<ul>
<li>Design patterns such as the Gang of Four (GoF), Dependency Injection, Model View Controller (MVC), Enterprise Integration Patterns (EIP), Domain Driven Design (DDD), and modularity patterns like those based on OSGi.</li>
<li>Test-Driven Development (TDD) using tools like JUnit, TestNG, Mockito (mocking), Cucumber-JVM (for behavior-driven development or BDD), and Selenium (for automated end-to-end testing).</li>
<li>Build tools like Maven and Gradle.</li>
<li>Static analysis with tools like FindBugs, Checkstyle, PMD, and Sonar.</li>
<li>Continuous integration and delivery with tools like Jenkins.</li>
<li>Performance testing with JMeter.</li>
<li>Web application vulnerability testing with Burp.</li>
</ul>
<br />
As we move to a rich client application paradigm based on Javascript and the Single Page Application (SPA) architecture, it is clear that Javascript can no longer be considered a toy language for front-end developers and so we need to bring the same engineering discipline to Javascript. As I said previously, the JVM remains my platform of choice for back-end development. For example, I find that AngularJS (a client-side Javascript MVC framework) works well with Spring back-end capabilities (like Spring Security and REST support in Spring MVC, HATEOAS, or Grail). However, I also keep an eye on server-side Javascript frameworks like Node.js.<br />
<br />
The good news is that the community is coming up with patterns, tools, and practices that are helping elevate Javascript to the status of first-class language. The following is a list of patterns and tools that I find interesting and promising so far:<br />
<ul>
<li>Javascript design patterns including the application of the GoFs to Javascript<i>. </i>The MVC and Dependency Injection patterns are both implemented in AngularJS, my favorite Javascript MVC framework. There are also modularity patterns like <i>Asyncronous Module Definition (AMD)</i> supported by RequireJS.</li>
<li>Functional programming support in Javascript (e.g., higher-order functions and closures) is emerging as a best practice in writing quality Javascript code. </li>
<li>Behavior-Driven Development (BDD) testing with Jasmine.</li>
<li>Static analysis with Javascript code quality tools like JSLint and JSHint.</li>
<li>Build with Grunt, a Javascript task runner.</li>
<li>Karma, a test runner for Javascript.</li>
<li>Protractor, an end-to-end test framework built on top of Selenium WedDriverJS.</li>
<li>Single Page Applications are subject to common web application vulnerabilities like Cookie Snooping, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and JSON Injection. Security is mainly the responsibility of the server, although client-side frameworks like AngularJS also provide some features to enhance the security of Single Page Applications.</li>
</ul>
Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-74305018033303739912013-08-15T19:14:00.001-04:002013-12-08T10:38:53.604-05:00Health IT Innovations for Care Coordination<h4>
The Business Case</h4>
<br />
According to an article by Bodenheimer et al. published in the January/February 2009 issue of Health Affairs and titled <a href="http://content.healthaffairs.org/content/28/1/64.full" target="_blank"><i>Confronting The Growing Burden Of Chronic Disease: Can The U.S. Health Care Workforce Do The Job?</i></a>:<br />
<br />
<blockquote class="tr_bq">
<i>I<span class="sc">n</span> 2005, 133 <span class="sc">million americans were living</span> with at least one chronic condition. In 2020, this number is expected to grow to 157 million. In 2005, sixty-three million
people had multiple chronic illnesses, and that number will reach eighty-one million in 2020. </i></blockquote>
<br />
Patients with co-morbidities are typically treated by multiple
clinicians working for different healthcare organizations. Care Coordination is necessary for the effective treatment of these patients and reducing costs. Effective Care Coordination can reduce the number of redundant tests and procedures, hospital admissions and readmissions, medical errors, and patient safety issues related to the lack of medication reconciliation. <br />
<br />
According to a paper by Dennison and Hugues published in the Journal of Cardiovascular Nursing and titled<i> <a href="http://www.ncbi.nlm.nih.gov/pubmed/19390343" target="_blank">Progress in Prevention Imperative to Improve Care Transitions for Cardiovascular Patients</a></i>, direct communication between the hospital and primary care setting
occurred only 3 percent of the time. According to the same paper, at discharge, a summary was
provided only 12 percent of the time, and this occurrence remained
poor at 4 weeks post-discharge, with only 51 percent of practitioners
providing a summary. The paper concluded that this standard affected quality of care in 25 percent of follow-up visits.<br />
<br />
Health Information Exchanges (HIEs) and emerging delivery models like
the Accountable Care Organization (ACO) and the Patient-Centered Medical
Home (PCMH) were designed to promote care coordination. However, according to an article by Furukawa et al. published in the August 2013 issue of Health Affairs and titled <a href="http://content.healthaffairs.org/content/32/8/1346.abstract" target="_blank"><i>Hospital Electronic Health Information Exchange Grew Substantially In 2008–12</i></a>:<br />
<br />
<blockquote class="tr_bq">
<i>In 2012, 51 percent of hospitals exchanged clinical
information with unaffiliated ambulatory care providers, but only
36 percent exchanged information with other hospitals outside
the organization. . . . In 2012 more than half of hospitals exchanged
laboratory results or radiology reports, but only about one-third of
them exchanged clinical care summaries or medication lists with
outside providers</i>. </blockquote>
<br />
<br />
Furthermore, the financial sustainability of many HIEs remains an issue. According to another article by Adler-Milstein et al. published in the same issue of Health Affairs and titled <a href="http://content.healthaffairs.org/content/32/8/1486.abstract" target="_blank"><i>Operational Health Information Exchanges Show Substantial Growth, But Long-Term Funding Remains A Concern</i></a><i>, </i>"74 percent of health information
exchange efforts report struggling to develop a sustainable business
model"<i>. </i><br />
<br />
There are other obstacles to care coordination including the existing fee-for-service healthcare delivery model (as opposed to a value-based model), the lack of interoperability between healthcare information systems, and the lack of adoption of effective collaboration tools.<br />
<br />
According to a report by the Institute of Medicine (IOM) titled<i> <a href="http://www.nap.edu/catalog.php?record_id=12750" target="_blank">The Healthcare Imperative: Lowering Costs and Improving Outcomes</a>,</i> a program designed to improve care coordination could result in national annual savings of $240.1 billions.<i></i><br />
<br />
<h4>
What Can We Learn From High Risk Operations in Other Industries? </h4>
<i><br /></i>
Similar breakdowns in communication during shift handovers have also been observed in risky operating environments, sometimes with devastating consequences. In the aerospace industry, human factors research and training have played an important role in successfully addressing the issue. A research paper by Parke and Mishkin titled <a href="http://human-factors.arc.nasa.gov/publications/Parke_MER_SurfaceOps_Handovers_05.pdf" target="_blank"><i>Best Practices in Shift Handover Communication: Mars Exploration Rover Surface Operations</i></a><i> </i>included the following recommendations:<br />
<br />
<blockquote class="tr_bq">
<ul>
<li><i>Two-way Communication, Preferably Face-to-Face. . . . Two-way communication enables the incoming worker to ask questions and rephrase the material to be handed over, so as to expose these differences [in mental model].</i></li>
<br />
<br />
<li><i>Face-to-Face Handovers with Written Support. Face-to-face handovers are improved if they are supported by structured written material—e.g., a checklist of items to convey, and/or a position log to review. </i></li>
<br />
<br />
<li><i>Content of Handover Captures Intent. Handover communication works best if it captures problems, hypotheses, and intent, rather than simply lists what occurred.</i></li>
</ul>
</blockquote>
While the logistics of healthcare delivery does not always permit physical face-to-face communication between clinicians during transitions of care, the web has seen an explosion in online collaboration tools. Innovative organizations have embraced these technologies giving rise to a new breed of enterprise software known as Enterprise 2.0 or Social Enterprise Software. This new breed of software is not only social, but also mobile, and cloud-based. <br />
<br />
<h4>
Care Coordination in the Health Enterprise 2.0</h4>
<br />
<ul>
<li><b>Collaborative Authoring of a Longitudinal Care Plan</b>. From a content
perspective, the Care Plan is the backbone of Care Coordination. The Care Plan should be comprehensive and standardized (similar to the checklist in aerospace operations). It should include problems, medications, orders, results, care goals (taking into consideration the patient's wishes and values), care team members and their responsibilities, and actual patient outcomes (e.g., functional status).
Clinical Decision Support (CDS) tools can be used to dynamically
generate a basic Care Plan based on the patient's specific clinical
data. This basic Care Plan can be used by members of the care team to
build a more elaborate Longitudinal Care Plan. CDS tools can also automatically generate
alerts and reminders for the care team.</li>
<br />
<br />
<li><b>Communication and Collaboration using Enterprise 2.0 Software</b>. These tools should be used to enable collaboration between all members of the care team which include not only clinicians, but also non-clinician caregivers, and the patient herself. Beyond email, these tools allow conversations and knowledge sharing through instant messaging, video conferencing (for virtual two-way face-to-face communication), content management, file syncing (allowing the longitudinal care plan to be synchronized and shared among all members of the care team), search, and enterprise social networking (because clinical work is a social activity like most human activities). A providers directory should make it easy for users to find
a specific provider and all their contact information based on search criteria such as location,
specialty, knowledge, experience, and telephone number.</li>
<br />
<br />
<li><b>Light Weight Standards and Protocols for Content, Transport, Security, and Privacy</b>. The foundation standards are: REST, JSON,
OAuth2, and OpenID Connect. An emerging approach that could really help put patients in control of the privacy of their electronic medical record is the OAuth2.0-based <a href="http://kantarainitiative.org/confluence/display/uma/Home" target="_blank">User-Managed Access (UMA)</a> Protocol of the Kantara Initiative (see my previous post titled <a href="http://efasoft.blogspot.com/2013/02/patient-privacy-at-web-scale.html" target="_blank"><i>Patient Privacy at Web Scale</i></a>). Initiatives like the ONC-sponsored RESTful Health Exchange (RHEX) project and the HL7 <span class="st">Fast Healthcare Interoperability Resources (</span>FHIR) hold great promise.</li>
<br />
<br />
<li><b>Case Management Tools.</b> They are typically used by Nurse Practionners (Case Managers) in
Medical Homes, a concept popularized by the Patient-Centered Medical
Home healthcare delivery model to coordinate care. These tools integrate various capabilities such as risk stratification (using predictive modeling) to identify at-risk patients, content management (check-in, check-out, versioning), workflows (human tasks), communication, business rule engine, and case reporting/analytics capabilities. </li>
</ul>
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-67667665933093738912013-06-09T21:24:00.000-04:002013-08-06T22:42:35.732-04:00Essential IT Capabilities Of An Accountable Care Organization (ACO)The Certification Commission for Health Information Technology (CCHIT) recently published a document entitled <i>A Health IT Framework for Accountable Care</i>. The document identifies the following key processes and functions necessary to meet the objectives of an ACO:<br />
<br />
<ul>
<li>Care Coordination</li>
<li>Cohort Management</li>
<li>Patient and Caregiver Relationship Management</li>
<li>Clinician Engagement</li>
<li>Financial Management</li>
<li>Reporting</li>
<li>Knowledge Management.</li>
</ul>
<br />
The key to success is a shift to a data-driven healthcare delivery. The following is my assessment of the most critical IT capabilities for ACO success:<br />
<br />
<ul>
<li>Comprehensive and standardized care documentation in the form of electronic health records including as a minimum: patients' signs and symptoms, diagnostic tests, diagnoses, allergies, social and familiy history, medications, lab results, care plans, interventions, and actual outcomes. Disease-specific <i>Documentation Templates</i> can support the effective use of automated Clinical Decision Support (CDS). Comprehensive electronic documentation is the foundation of accountability and quality improvement.</li>
<br />
<li>Care coordination through the secure electronic exchange and the collaborative authoring of the patient's medical record and care plan (this is referred to as <i>clinical information reconciliation</i> in the CCHIT Framework). This also requires health IT interoperability standards that are easy to use and designed following rigorous and well-defined software engineering practices. Unfortunately, this has not always been the case, resulting in standards that are actually obstacles to interoperability as opposed to enablers of interoperability. Case Management tools used by <i>Medical Homes</i> (a concept popularized by the Patient-Centered Medical Home model) can greatly facilitate collaboration and Care Coordination.</li>
<br />
<li>Patients' access to and ownership of their electronic health records including the ability to edit, correct, and update their records. Patient portals can be used to increase patients' health literacy with health education resources. Decision aids comparing the benefits and harms of various interventions (<i>Comparative Effectiveness Research</i>) should be available to patients. Patients' health behavior change remains one of the greatest challenges in Healthcare Transformation. mHealth tools have demonstrated their ability to support <i>Patient Activation</i>. </li>
<br />
<li> Secure communication between patients and their providers. Patients should have the ability to specify with whom, for what purpose, and the kind of medical information they want to share. Patients should have access to an audit trail of all access events to their medical records just as consumers of financial services can obtain their credit record and determine who has inquired about their credit score.</li>
<br />
<li>Clinical Decision Support (CDS) as well as other forms of cognitive aids such as Electronic Checklists, Data Visualization, Order Sets, Infobuttons, and more advanced Clinical Question Answering (CQA) capabilities (see my previous post entitled <a href="http://efasoft.blogspot.com/2013/02/automated-clinical-question-answering.html" target="_blank"><i>Automated Clinical Question Answering: The Next Frontier in Healthcare Informatics</i></a>). The unaided mind (as Dr. Lawrence Weed, the father of the Problem-Oriented Medical Record calls it) is no longer able to cope with the large amounts of data and knowledge required in clinical decision making today. CDS should be used to implement clinical practice guidelines (CPGs) and other forms of Evidence-Based Medicine (EBM). <br /><br />However, the delivery of care should also take into account the unique clinical characteristics of individual patients (e.g., co-morbidities and social history) as well as their preferences, wishes, and values.<i> Standardized Clinical Assessment And Management Plans (SCAMPs)</i> promote care standardization while taking into account patient preferences and the professional judgment of the clinician. CDS should be well integrated with clinical workflows (see my my previous post entitled <a href="http://efasoft.blogspot.com/2013/04/addressing-challenges-to-adoption-of.html" target="_blank"><i>Addressing Challenges to the Adoption of Clinical Decision Support (CDS) Systems</i></a>).</li>
<br />
<li>Predictive risk modeling to identity at-risk populations and provide them with pro-active care including early screening and prevention. For example, predictive risk modeling can help identify patients at risk of hospital re-admission, an important ACO quality measure.</li>
<br />
<li>Outcomes measurement with an emphasis on patient outcomes in addition to existing process measures. Examples of patient outcome measures include: mortality, functional status, and time to recovery.</li>
<br />
<li>Clinical Knowledge Management (CKM) to disseminate knowledge throughout the system in order to support a learning health system.
The Institute of Medicine (IOM) released a report titled <a href="http://www.iom.edu/Reports/2011/Digital-Infrastructure-for-a-Learning-Health-System.aspx"><span style="font-style: italic;">Digital Infrastructure for the Learning Health System: The Foundation for Continuous Improvement in Health and Health Care</span></a>. The report describes the learning health system as:<br /><br /><blockquote>
<span style="font-style: italic;">"delivery
of best practice guidance at the point of choice, continuous learning
and feedback in both health and health care, and seamless, ongoing
communication among participants, all facilitated through the
application of IT."</span></blockquote>
</li>
<br />
<li>Applications of Human Factors research to enable the effective use of technology in clinical settings. Examples include: implementation of usability guidelines to reduce Alert Fatigue in Clinical Decision Support (CDS), Checklists, and Visual Analytics.
There are many lessons to be learned from other mission-critical industries that have adopted automation. Following several incidents and accidents related to the introduction of the <i>Glass Cockpit</i> about 25 years ago, Human Factors training known as <i>Cockpit Resource Management (CRM)</i> is now standard practice in the aviation industry.</li>
</ul>
Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-33734647176793654182013-04-28T19:35:00.001-04:002013-05-10T15:55:36.833-04:00How I Make Technology DecisionsThe open source community has responded to the increasing complexity of software systems by creating
many frameworks which are supposed to facilitate
the work of developing software. Software developers spend a considerable amount of time researching,
learning, and integrating these frameworks to build new software
products. Selecting the wrong technology can cost an organization millions of dollars. In this post, I describe my approach to selecting these frameworks. I also discuss the frameworks that have made it to my software development toolbox.<br />
<br />
<h3>
Understanding the Business </h3>
<br />
The first step is to build a strong understanding of the following:<br />
<br />
<ul>
<li>The business goals and challenges of the organization. For example, the healthcare industry is currently shifting to a value-based payment model in an increasingly tightening regulatory environment. Healthcare organizations are looking for a computing infrastructure that support new demands such as the Accountable Care Organization (ACO) model, patient-centered outcomes, patient engagement, care coordination, quality measures, bundled payments, and Patient-Centered Medical Homes (PCMH).</li>
<br />
<li>The intended buyers and users of the system and their concerns. For example, what are their pain points? which devices are they using? and what are their security and privacy concerns?</li>
<br />
<li>The standards and regulations of the industry.</li>
<br />
<li>The competitive landscape in the industry. To build a system that is relevant, it is important to have some ideas about the following: what is the competition? what are the current capabilities of their systems? what is on their road map? and what are customers saying about their products. This knowledge can help shape a <i><a href="http://en.wikipedia.org/wiki/Blue_Ocean_Strategy" target="_blank">Blue Ocean Strategy</a></i>.</li>
<br />
<li>Emerging trends in technologies.</li>
</ul>
<br />
This type of knowledge comes with industry experience and a habit of continuously paying attention to these issues. For example, on a daily basis, I read industry news as well as scientific and technical publications. As a member of the American Medical Informatics Association (AMIA), I receive the latest issue of the Journal of the American Medical Informatics Association (JAMIA) which allows me to access cutting-edge research in medical informatics. I <a href="http://efasoft.blogspot.com/2011/07/service-oriented-clinical-decision.html" target="_blank">speak at industry conferences</a> when possible and this allows me not only to hone my presentation skills, but also attend all sessions for free or at a discounted price. For the latest in software development, I turn to publications like InfoQ, DZone, and TechCrunch.<br />
<br />
To better understand the users and their needs and concerns, I perform early usability testing (using sketches, wireframes, or mockups) to test design ideas and obtain feedback before actual development starts. For generating innovative design ideas, I recommend the following book: <i>Universal Methods of Design: 100 Ways to Research Complex Problems, Develop Innovative Ideas, and Design Effective Solutions</i> by Bruce Hanington and Bella Martin. <br />
<br />
<h3>
</h3>
<h3>
Architecting the Solution</h3>
<br />
Armed with a solid
understanding of the business and technological landscape as well as the
domain, I can start creating a solution architecture. Software development projects can be chaotic. Based on my
experience working on many software development projects across
industries, I found that Domain Driven Design (DDD) can help foster a
disciplined approach to software development. For more on my experience with DDD, see my previous post
entitled<a href="http://efasoft.blogspot.com/2013/03/how-not-to-build-big-ball-of-mud-part-2.html" target="_blank"><i> How Not to Build A Big Ball of Mud, Part 2</i></a>.<br />
<br />
Frameworks evolve over time. So, I make sure that the architecture is framework-agnostic and focused on supporting the domain. This allows me to retrofit the system in the future with new frameworks as they emerge.<br />
<br />
<br />
<h3>
</h3>
<h3>
Due Diligence </h3>
<br />
Software development is a rapidly evolving field. I keep my eyes on the radar and try not to drink the vendors Kool-Aid. For example, not all vendors have a good track record in supporting standards, interoperability, and cross-platform solutions.<br />
<br />
The<a href="http://www.thoughtworks.com/insights" target="_blank"><i> ThoughtWorks Technology Radar</i></a> is an excellent source of information and analysis on emerging trends in software. Its contributors include software thought leaders like Martin Fowler and Rebecca Parson. I also look at surveys of the developers community to determine the popularity, community size, and usage statistics of competing frameworks and tools. Sites like InfoQ often conduct these types of surveys like the recent InfoQ survey on <a href="http://www.infoq.com/research/top-javascript-mvc-frameworks?utm_source=infoq&utm_medium=popular_links_homepage" target="_blank"><i>Top JavaScript MVC Frameworks</i></a>. I also like Matt Raible's<a href="http://www.slideshare.net/mraible/comparing-jvm-web-frameworks-devoxx-france-2013" target="_blank"><i> Comparing JVM Web Frameworks</i></a>.<br />
<br />
I value the opinion of recognized experts in the field of interest. I read their books, blogs, and watch their presentations. Before formulating my own position, I make sure that I read expert opinions on opposing sides of the argument. For example, in deciding on a pure Java EE vs. Spring Framework approach, I read arguments by experts on both sides (experts like Arun Gupta, Java EE Evangelist at Oracle and Adrian Colyer, CTO at SpringSource).<br />
<br />
Finally, consider a peer review of the architecture using a methodology like the <a href="https://en.wikipedia.org/wiki/Architecture_tradeoff_analysis_method" target="_blank"><i>Architecture Tradeoff Analysis Method (ATAM)</i></a>. Simply going through the exercise of explaining the architecture to stakeholders and receiving feedback can significantly help in improving it.<br />
<br />
<br />
<h3>
Rapid Prototyping </h3>
<h3>
</h3>
It's generally a good idea to create a rapid prototype to quickly learn and demonstrate the capabilities and value of the framework to the business. This can also generate excitement in the development team, particularly if the framework can enhance the productivity of developers and make their life easier.<br />
<br />
<h3>
</h3>
<h3>
The Frameworks I've Selected</h3>
<br />
<h4>
The Spring Framework</h4>
I am a big fan of the Spring Framework. I believe it is really designed to support the need of developers from a productivity standpoint. In addition to dependency injection (DI), Aspect Oriented Programming (AOP), and Spring MVC, I like the Spring Data repository abstraction for JPA, MongoDB, Neo4J, and Hadoop. Spring supports Polyglot Persistence and Big Data today. I use Spring Roo for rapid application development and this allows me to focus on modeling the domain. I use the Roo scaffolding feature to generate a lot of Spring configuration and Java code for the domain, repository (Roo supports JPA and MongDB), service, and web layers (Roo supports Spring MVC, JSF, and GWT). Spring also support for unit and integration testing with the recent release of Spring MVC Test.<br />
<br />
I use Spring Security which allows me to use AOP and annotations to secure methods and supports advanced features like <i>Remenber Me</i> and regular expressions for URLs. I think that JAAS is too low-level. Spring Security allows me to meet all OWASP Top Ten requirements (see my previous post entitled <a href="http://efasoft.blogspot.com/2013/01/application-level-security-in-health-it.html" target="_blank"><i>Application-Level Security in Health IT Systems: A Roadmap</i></a>).<br />
<br />
Spring Social makes it easy to connect a Spring application to social network sites like Facebook, Twitter, and LinkedIn using the OAuth2 protocol. From a tooling standpoint, Spring STS supports many Spring features and I can deploy directly to Cloud Foundry from Spring STS. I look forward to evaluating Grails and the Play Framework which use convention over configuration and are built on Groovy and Scala respectively.<br />
<br />
<h4>
Thymeleaf, Twitter Boostrap, and JQuery</h4>
I use Twitter Boostrap because it is based on HTML5, CSS3, JQuery, LESS, and also supports a Responsive Web Design (RWD) approach. The size of the components library and the community is quite impressive.<br />
<br />
Thymeleaf is an HTML5 templating engine and a replacement for traditional JSP. It is well integrated with Spring MVC and supports a clear division of labor between back-end and front-end developers. Twitter Boostrap and Thymeleaf work well together.<br />
<br />
<br />
<h4>
AngularJS</h4>
For Single Page Applications (SPA) my definitive choice is AngularJS. It provides everything I need including a clean MVC pattern implementation, directives, view routing, Deep Linking (for bookmarking), dependency injection, two-way databinding, and BDD-style unit testing with Jasmine. AngularJS has its own dedicated debugging tool called <a href="https://github.com/angular/angularjs-batarang" target="_blank"><i>Batarang</i></a>. There are also several learning resources (including books) on AngularJS.<br />
<br />
Check this page comparing the <a href="http://jsperf.com/angularjs-vs-knockoutjs/8" target="_blank"><i>performance of AngulaJS vs. KnockoutJS</i></a>. This is a survey of the popularity of Top <a href="http://www.infoq.com/research/top-javascript-mvc-frameworks?utm_source=infoq&utm_medium=popular_links_homepage" target="_blank"><i>JavaScript MVC Frameworks</i></a>.<br />
<h4>
</h4>
<h4>
D3.js </h4>
D3.js is my favorite for data visualization in
data-intensive applications. It is based on HTML5, SVG, and Javascript.
For simple charting and plotting, I use <a href="http://www.jqplot.com/" target="_blank">jqPlot </a>which is based on JQuery. See my previous post entitled <i><a href="http://efasoft.blogspot.com/2013/01/visual-analytics-for-clinical-decision_13.html" target="_blank">Visual Analytics for Clinical Decision Making</a></i>. <br />
<h4>
</h4>
<h4>
R </h4>
I use R for statistical computing, data analysis, and predictive analytics. See my previous post entitled <a href="http://efasoft.blogspot.com/2013/03/statistical-computing-and-data-mining.html" target="_blank"><i>Statistical Computing and Data Mining with R</i></a>.<br />
<br />
<br />
<h4>
Development Tools</h4>
<br />
My development tools include: Git (Distributed Version Control), Maven or Gradle (build), Jenkins (Continuous Integration), Artifactory (Repository Manager), and Sonar (source code quality management). My testing toolkit includes Mockito, DBUnit, Cucumber JVM, JMeter, and Selenium. <br />
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-83712447808360722542013-04-14T23:29:00.000-04:002015-03-13T18:19:45.560-04:00Addressing Challenges to the Adoption of Clinical Decision Support (CDS) Systems: A Practical Approach<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho0Xh2zs1nlMwkFBK_yHNRvD47Kv1g9_dQoCmfHoDSoa2l030uE2MNfF05gK5lGQjs-Om-jrJJAPLO6kps6ejmMk3xEh0rjDrz-zRqtH40m0crwsLX6JDiFJQvjXfN0fik5NhsWEi1KXY0/s1600/cds.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEho0Xh2zs1nlMwkFBK_yHNRvD47Kv1g9_dQoCmfHoDSoa2l030uE2MNfF05gK5lGQjs-Om-jrJJAPLO6kps6ejmMk3xEh0rjDrz-zRqtH40m0crwsLX6JDiFJQvjXfN0fik5NhsWEi1KXY0/s1600/cds.jpg" height="265" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Laptop and stethoscope by <a href="https://www.flickr.com/photos/67272961@N03/" target="_blank">jfcherry </a>is licensed under <a href="https://creativecommons.org/licenses/by-sa/2.0/" target="_blank">CC BY-SA 2.0</a></td></tr>
</tbody></table>
<b>This post has been updated on February 15, 2015.</b><br />
<br />
Despite its potential to improve the quality of care, CDS is not widely used in health care delivery today. In technology marketing parlance, CDS has not crossed the chasm. There are several issues that need to be addressed including:<br />
<br />
<ul>
<li>Clinicians' acceptance of the concept of automated execution of evidence-based clinical practice guidelines. </li>
<br />
<li>Integration into clinical workflows and care protocols.</li>
<br />
<li>Usability and human factors issues including alert fatigue and the human factors that influence alert acceptance.</li>
<br />
<li>With the expanding use of clinical prediction models for diagnosis and prognosis, there is a need for a better understanding of the probabilistic approach to clinical decision making under uncertainty.</li>
<br />
<li>Standardization to enable the interoperability and reuse of CDS knowledge artifacts and executable clinical guidelines.</li>
<br />
<li>The challenges associated with the automatic concurrent execution of multiple clinical practice guidelines for patients with co-morbidities. </li>
<br />
<li>Integration with modern information retrieval capabilities which allow clinicians to access up-to-date biomedical literature. These capabilities includes text mining, Natural Language Processing (NLP), and more advanced Clinical Question Answering (CQA) tools. CQA allows clinicians to ask clinical questions in natural language and extracts answers from very large amounts of unstructured sources of medical knowledge. PubMed has more than 23 millions citations for biomedical literature from MEDLINE, life science journals, and online books. The typical Clinical Practice Guideline (CPG) is 50 to 150 pages long. It is impossible for the human brain to keep up with that amount of knowledge. </li>
<br />
<li>The use of mathematical simulations in CDS to explore and compare the outcomes of various treatment alternatives.</li>
<br />
<li>Integration of genomics to enable personalized medicine as the cost of whole-genome sequencing (WGS) continues to fall.<br /> </li>
<br />
<li>Integration of outcomes research in the context of a shift to a value-based healthcare delivery model. This can be achieved by incorporating the results of Comparative Effectiveness Research (CER) and Patient-Centered Outcome Research (PCOR) into CDS systems. Increasingly, outcomes research will be performed using observational studies (based on real world clinical data) which are recognized as complementary to randomized control trials (RCTs) for discovering what works and what doesn't work in practice. This is a form of Practice-Based Evidence (PBE) that is necessary to close the evidence loop.</li>
<br />
<li>Support for a shared decision making process which takes into account the values, goals, and wishes of the patient.</li>
<br />
<li>The use of Visual Analytics in CDS to facilitate analytical reasoning over very large amounts of structured and unstructured data sources.</li>
<br />
<li>Finally, the challenges associated with developing hybrid decision support systems which seamlessly integrate all the technologies mentioned above including: machine learning predictive algorithms, real-time data stream mining, visual analytics, ontology reasoning, and text mining.</li>
<br />
</ul>
In response to a paper titled <i>Grand challenges in clinical decision support</i> by Sittig et al. [1], Fox et al. [2] outlined four theoretical foundations for the design and implementation of CDS systems: <i>decision theory, theories of knowledge representation, process design, and organizational modeling</i>. The practical approach discussed in this post is grounded in those four theoretical foundations.<br />
<br />
<br />
<h3>
CDS Interoperability</h3>
<br />
The complexity and cost inherent in capturing the medical knowledge in clinical guidelines and translating that knowledge into executable code remain a major impediment to the widespread adoption of CDS software. Therefore, there is a need for standards for the interchange and reuse of CDS knowledge artifacts and executable clinical guidelines.<br />
<br />
Different formalisms, methodologies, and architectures have been proposed over the years for representing the medical knowledge in clinical guidelines. Examples include but are not limited to the following:<br />
<br />
<ul>
<li>The Arden Syntax</li>
<li>GLIF (Guideline Interchange Format)</li>
<li>GELLO (Guideline Expression Language Object-Oriented)</li>
<li>GEM (Guidelines Element Model)</li>
<li>The Web Ontology Language (OWL)</li>
<li>PROforma</li>
<li>EON</li>
<li>PRODIGY</li>
<li>Asbru</li>
<li>GUIDE</li>
<li>SAGE.</li>
</ul>
More recently, HL7 has published the Clinical Decision Support (CDS) Knowledge Artifact Specification which provides guidance on shareable CDS knowledge artifacts including event-condition-action rules, order sets, and documentation templates.<br />
<br />
The HL7 Context-Aware Knowledge Retrieval (Infobutton) specifications provide a standard mechanism for clinical information systems to request context-specific clinical knowledge to satisfy clinicians and patients' information needs at the point of care.<br />
<br />
Enabling the interoperability of executable clinical guidelines requires a standardized domain model for representing the medical information of patients and other contextual clinical information. The HL7 Virtual Medical Record (vMR) is a standardized domain model for representing the inputs and outputs of CDS systems. The ability to transform an HL7 CCDA document into an HL7 vMR document means that EHR systems that are Meaningful Use Stage 2 certified can consume these standard-compliant decision support services.<br />
<br />
Because of the complexity and cost of developing CDS software, CDS software capabilities can be exposed as a set of services (part of a service-oriented architecture [16]) which can be consumed by other clinical systems such as EHR and Computerized Physician Order Entry (CPOE) systems. When deployed in the cloud, these CDS software services can be shared by several health care providers to reduce costs. The HL7 Decision Support Service (DSS) specification defines a REST and a SOAP web service interfaces using the vMR as message payload for accessing interoperable decision support services.<br />
<br />
In practice, executable CDS rules (like other complex types of business rules) can be implemented with a production rule system using forward chaining. This is the approach taken by OpenCDS and some other large scale CDS implementations in real-world healthcare delivery settings. This allows CDS software developers to externalize the medical knowledge contained in clinical practice guidelines in the form of declarative rules as opposed to embedding that knowledge in procedural code. Many viable open source business rule management systems (BRMS) are available today and provide capabilities such as a rule authoring user interface, a rules repository, and a testing environment. Furthermore, a rule execution environment can be integrated with business processes, ontologies, and predictive analytics models (more on that later).<br />
<br />
The W3C Rule Interchange Format (RIF) specification is a possible solution to the interchange of executable CDS rules. The RIF Production Rule Dialect (RIF PRD) is designed as a common XML serialization syntax for multiple rule languages to enable rule interchange between different BRMS. For example, RIF-PRD would allow the exchange of executable rules between existing BRMS like JBoss Drools, IBM ILOG JRules, and Jess. RIF is currently a W3C Recommendation and is backed by several BRMS vendors. Consentino et al. [3] described a model-driven approach for interoperability between IBM's proprietary ILOG rule language and RIF.<br />
<br />
<br />
<h3>
Seamless Integration into Clinical Workflows and Care Pathways</h3>
<br />
One of the main complaints against CDS systems is that they are not well integrated into clinical workflows and care protocols. Existing business process management standards like the Business Process Modeling Notation (BPMN) can provide a proven, practical, and adaptable approach to the integration of CDS rules and clinical pathways and protocols. Some existing open source and commercial BRMS already provide an integration of business rules and business processes out-of-the box and there are well-known patterns for integrating rules and processes [4, 5, 6] in business applications.<br />
<br />
In 2014, the Object Management Group (OMG) released the Decision Model and Notation (DMN) specification which defines various constructs for modeling decision logic. The combination of BPMN and DMN [7, 8] provides a practical approach for modeling the decisions in clinical practice guidelines while integrating these decisions with clinical workflows. BPMN and DMN also support the modeling of decisions and processes that span functional and organizational boundaries.<br />
<br />
<br />
<h3>
Human Factors in the Use of Clinical Decision Support Systems</h3>
<br />
We need to do a better job in understanding the human factors that influence alert acceptance by clinicians in CDS. We also need clear and proven usability guidelines (backed by scientific research) that can be implemented by CDS software developers. Several research projects have sought to understand why clinicians accept or ignore alerts in medication-related CDS [9, 10]. Zacharia et al. [11] developed and validated an <i>Instrument for Evaluating Human-Factors Principles in Medication-Related Decision Support Alerts</i> (I-MeDeSA). I-MeDeSA measures CDS alerts on the following nine human factors principles:<i> alarm philosophy, placement, visibility, prioritization, color learnability and confusability, text-based information, proximity of task components being displayed, </i>and<i> corrective actions</i>.<br />
<br />
The British National Health Service (NHS) Common User Interface (CUI) Program has created standards and guidance in support of the usability of clinical applications with inputs from user interface design specialists, usability experts, and hundreds of clinicians with a diversity of background in using health information technology. The program is based on a rigorous development process which includes: research, design, prototyping, review, usability testing, and patient safety assessment by clinicians. In the US, the National Institute of Standards and Technology (NIST) has also published some guidance on the usability of clinical applications.<br />
<br />
Studies have also shown that like in aviation, checklists can provide cognitive support to clinicians in the decision making process. <br />
<br />
<br />
<h3>
Integrating Genomic Data with CDS</h3>
<br />
The costs of whole-genome sequencing (WGS) and whole-exome sequencing (WES) continue to fall. Increasingly, both WGS and WES will be used in clinical practice for inherited disease risk assessment and pharmacogenomic findings [21]. There is a need for a modern CDS architecture that can support and facilitate the introduction and use of WGS and WES in clinical practice.<br />
<br />
In a paper titled <i>Technical desiderata for the integration of genomic data with clinical decision support </i>[14], Welch et al. proposed technical requirements for the integration of genomic data with clinical decision support. In another paper titled<i> A proposed clinical decision support architecture capable of supporting whole genome sequence information</i> [15], Welch et al. proposed the following clinical decision support architecture for supporting whole genome sequence information (click to enlarge):<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK-O_dKIkdgwyTlAEgRvlI5CjelzPYCsqYPbaNBzH5CO4HP2NH4KPmBkTKp3hOmY2Nr_2d8Weg8WcwwwPlCk7p63KXuwZElGaFw1MkOHm_9mwtqkwxdcAEGvmxFOt1kGeCBxPwLO_OUHmV/s1600/wgs.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK-O_dKIkdgwyTlAEgRvlI5CjelzPYCsqYPbaNBzH5CO4HP2NH4KPmBkTKp3hOmY2Nr_2d8Weg8WcwwwPlCk7p63KXuwZElGaFw1MkOHm_9mwtqkwxdcAEGvmxFOt1kGeCBxPwLO_OUHmV/s1600/wgs.png" height="220" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="http://www.mdpi.com/2075-4426/4/2/176" target="_blank">Proposed service-oriented architecture (SOA) for whole genome sequence (WGS)-enabled CDS</a> by Brandon M. Welch, Salvador Rodriguez Loya, Karen Eilbeck, and Kensaku Kawamoto is licensed under <a href="http://creativecommons.org/licenses/by/3.0/" target="_blank">CC BY 3.0</a></td></tr>
</tbody></table>
<br />
The proposed architecture includes the following components:<i> the genome variant knowledge base, the genome database, the CDS knowledge base, a CDS controller and the electronic health record (EHR)</i>. The authors suggest separating the genome data from the EHR data.<br />
<br />
<br />
<h3>
Practice-Based Evidence (PBE) needed for closing the evidence loop</h3>
<br />
Prospective randomized controlled trials (RCTs) are still considered the gold standard in evidence-based medicine. Although they can control for biases, RCTs are costly, time consuming, and must be performed under carefully controlled conditions.<br />
<br />
The retrospective analysis of existing clinical data sources is increasingly recognized as complementary to RCTs for discovering what works and what doesn't work in real world clinical practice [23]. These retrospective studies will allow the creation of clinical prediction models which can provide personalized absolute risk and treatment outcome predictions for patients. They also facilitate what has been referred to as <i>"rapid learning health care.</i>" [24]<br />
<br />
<h3>
Toward Data-Driven Clinical Decision Support (CDS)</h3>
<br />
Williams Osler (1849-1919) [19] famously said that <i>"Medicine is a science of uncertainty and an art of probability." </i><br />
<br />
The use of clinical prediction models for diagnosis and prognosis is becoming common practice in clinical care. These models can predict the health risks of patients based on their individual health data. Clinical Prediction Models provide absolute risk and treatment outcome prediction for conditions such as diabetes, kidney disease, cancer, cardiovascular disease, and depression. These models are built with statistical learning techniques and introduce new challenges related to their probabilistic approach to clinical decision making under uncertainty [20]. In his book titled <i>Super Crunchers: Why Thinking-By-Numbers Is The New Way To be Smar</i>t, Ian Ayres wrote:<br />
<br />
<blockquote class="tr_bq">
<i>Traditional experts make better decisions when they are provided with the results of statistical prediction. Those who cling to the authority of traditional experts tend to embrace the idea of combining the two forms of knowledge by giving the experts 'statistical support'. The purveyors of diagnostic software are careful to underscore that its purpose is only to provide support and suggestions. They want the ultimate decision and discretion to lie with the doctor. [12]</i></blockquote>
<br />
Furthermore, in order to leverage existing clinical domain knowledge from clinical practice guidelines and biomedical ontologies [22], machine learning algorithms' probabilistic approach to decision making under uncertainty must be complemented by technologies like production rule systems and ontology reasoners. Sesen et al. [18] designed a hybrid CDS for lung cancer care based on probabilistic reasoning with a Bayesian Network model and guideline-based recommendations using a domain ontology and an ontology reasoner.<br />
<br />
Fox et al. [2] proposed an argumentation approach based on the construction, summarization, and prioritization of arguments for and against each generated candidate decision. These arguments can be both qualitative or quantitative in nature. On the importance of presenting evidence-based rationale in CDS systems, Fox et al. wrote:<br />
<br />
<blockquote class="tr_bq">
<i>In short, to improve usability of clinical user interfaces we advocate basing design around a firm theoretical understanding of the clinician’s perspective on the medical logic in a decision, the qualitative as well as quantitative aspects of the decision, and providing an evidence-based rationale for all recommendations offered by a CDS. [2]</i></blockquote>
In a paper titled <i>A canonical theory of dynamic decision-making</i> [13], Fox et al. proposed a canonical theory of dynamic
decision-making and presented the PROforma clinical guideline modeling
language as an instance of the canonical theory.<br />
<br />
Clinical predictive model presentation techniques include traditional score charts, nomograms, and clinical rules [17]. However Clinical Prediction Models are easier to use and maintain when deployed as scoring services (part of a service-oriented software architecture) and integrated into CDS systems. The scoring service can be deployed in the cloud to allow integration with multiple client clinical systems [20]. The Predictive Model Markup Language (PMML) specification published by the Data Mining Group (DMG) supports the interoperable deployment of predictive models in heterogeneous software environments.<br />
<br />
Visual Analytics or data visualization techniques can also play an important role in the effective presentation of Clinical Prediction Models to nonstatisticians particularly in the context of shared decision making.<br />
<br />
<br />
<h3>
Concurrent execution of multiple guidelines for patients with co-morbidities</h3>
<br />
According to the Medicare 2012 chart book, "over two-thirds of beneficiaries having two or more chronic conditions and 14% having 6 or more chronic conditions." [25] <br />
<br />
In <i>Grand Challenges in Clinical Decision Support </i>[1], Sittig et al. wrote:<br />
<blockquote class="tr_bq">
<i>The challenge is to create mechanisms to identify and eliminate redundant, contraindicated, potentially discordant, or mutually exclusive guideline-based recommendations for patients presenting with co-morbid conditions.</i></blockquote>
Michalowski et al. [26] proposed a mitigation framework based on a first-order logic (FOL) approach.<br />
<br />
<br />
<h3>
A CDS Architecture for the era of Precision Medicine</h3>
<br />
I proposed a scalable CDS architecture for Precision Medicine in another post titled <i><a href="http://efasoft.blogspot.com/2014/11/toward-reference-architecture-for.html" target="_blank">Toward a Reference Architecture for Intelligent Systems in Clinical Care</a></i>.<br />
<br />
<h3>
</h3>
<h2>
References</h2>
<br />
[1] Sittig D, Wright A, Osheroff JA, Middletone B, Jteich J, Ash J, et al. Grand challenges in clinical Decision support. J Biomed Inform 2008;41(2):387–92.<br />
<br />
[2] Fox, J., Glasspool, D.W., Patkar, V., Austin, M., Black, L., South, M., et al. (2010). Delivering clinical decision support services: there is nothing as practical as a good theory. J. Biomed. Inform. 43, 831–843<br />
<br />
[3] Valerio Cosentino, Marcos Didonet del Fabro, Adil El Ghali. A model driven approach for bridging ILOG Rule Language and RIF. RuleML, Aug 2012, Montpellier, France.<br />
<br />
[4] Mauricio Salatino. (Processes & Rules) OR (Rules & Processes) 1/X. http://salaboy.com/2012/07/19/processes-rules-or-rules-processes-1x/. Retrieved February 15, 2015.<br />
<br />
[5] Mauricio Salatino. (Processes & Rules) OR (Rules & Processes) 2/X. http://salaboy.com/2012/07/28/processes-rules-or-rules-processes-2x/. Retrieved February 15, 2015.<br />
<br />
[6] Mauricio Salatino. (Processes & Rules) OR (Rules & Processes) 3/X. http://salaboy.com/2012/07/29/processes-rules-or-rules-processes-3x/. Retrieved February 15, 2015.<br />
<br />
[7] Sylvie Dan. Modeling Clinical Rules with the Decision Modeling and Notation (DMN) Specification. http://sylviedanba.blogspot.com/2014/05/modeling-clinical-rules-with-decision.html. Retrieved February 15, 2015.<br />
<br />
[8] Dennis Andrzejewski, Eberhard Beck, Eberhard Beck, Laura Tetzlaff. The transparent representation of medical decision structures based on the example of breast cancer treatment. 9th International Conference on Health Informatics.<br />
<br />
[9] Phansalkar S, Zachariah M, Seidling HM, Mendes C, Volk L, Bates DW. Evaluation of medication alerts in electronic health records for compliance with human factors principles. J Am Med Inform Assoc. 2014 Oct;21(e2):e332-40. doi: 10.1136/amiajnl-2013-002279. <br />
<br />
[10] Seidling HM, Phansalkar S, Seger DL, et al. Factors influencing alert acceptance: a novel approach for predicting the success of clinical decision support. J Am Med Inform Assoc 2011;18:479–84.<br />
<br />
[11] Zachariah M, Phansalkar S, Seidling HM, et al. Development and preliminary evidence for the validity of an instrument assessing implementation of human-factors principles in medication-related decision-support systems--I-MeDeSA. J Am Med Inform Assoc 2011;18(Suppl 1):i62–72.<br />
<br />
[12] Ayres I. Super Crunchers: Why Thinking-By-Numbers Is The New Way To be Smart. Bantam.<br />
<br />
[13] Fox J., Cooper R. P., Glasspool D. W. (2013). A canonical theory of dynamic decision-making. Front. Psychol. 4:150 10.3389/fpsyg.2013.00150.<br />
<br />
[14] Welch, B.M.; Eilbeck, K.; Del Fiol, G.; Meyer, L.; Kawamoto, K. Technical desiderata for the integration of genomic data with clinical decision support. 2014,<br />
<br />
[15] Welch BM, Loya SR, Eilbeck K, Kawamoto K. A proposed clinical decision support architecture capable of supporting whole genome sequence information. J Pers Med. 2014 Apr 4;4(2):176-99. doi: 10.3390/jpm4020176.<br />
<br />
[16] Loya SR, Kawamoto K, Chatwin C, Huser V. Service oriented architecture for clinical decision support: a systematic review and future directions. J Med Syst. 2014 Dec;38(12):140. doi: 10.1007/s10916-014-0140-z.<br />
<br />
[17] Ewout W. Steyerberg. Clinical Prediction Models. A Practical Approach to Development, Validation, and Updating. New York: Springer, 2010.<br />
<br />
[18] Sesen MB, Peake MD, Banares-Alcantara R, Tse D, Kadir T, Stanley R, Gleeson F, Brady M. 2014 Lung Cancer Assistant: a hybrid clinical decision support application for lung cancer care. J. R. Soc. Interface 11: 20140534. http://dx.doi.org/10.1098/rsif.2014.0534<br />
<br />
[19] Bean RB, Bean, BW. Sir William Osler: aphorisms from his bedside teachings and writings. New York; 1950.<br />
<br />
[20] Joel Amoussou. How good is your crystal ball?: Utility, Methodology, and Validity of Clinical Prediction Models. http://efasoft.blogspot.com/2015/01/how-good-is-your-crystal-ball-utility.html. Retrieved February 15, 2015.<br />
<br />
[21] Dewey FE, Grove ME, Pan C, et al. Clinical Interpretation and Implications of Whole-Genome Sequencing. JAMA. 2014;311(10):1035-1045. doi:10.1001/jama.2014.1717.<br />
<br />
[22] Joel Amoussou. Ontologies for Addiction and Mental Disease: Enabling Translational Research and Clinical Decision Support. http://efasoft.blogspot.com/2014/08/ontologies-for-addiction-and-mental.html. Retrieved February 2015.<br />
<br />
[23] Future radiotherapy practice will be based on evidence from retrospective interrogation of linked clinical data sources rather than prospective randomized controlled clinical trials. Dekker, Andre L. A. J. and Gulliford, Sarah L. and Ebert, Martin A. and Orton, Colin G., Medical Physics, 41, 030601 (2014), DOI:http://dx.doi.org/10.1118/1.4832139<br />
<br />
[24] Lambin, Philippe et al. 'Rapid Learning health care in oncology' – An approach towards decision support systems enabling customised radiotherapy. Radiotherapy and Oncology , Volume 109 , Issue 1 , 159 - 164.<br />
<br />
[25] Centers for Medicare & Medicaid Services. Chronic Conditions Among Medicare Beneficiaries, Chartbook: 2012 Edition. http://www.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/Chronic-Conditions/Downloads/2012Chartbook.pdf. Accessed Feb. 15, 2015.<br />
<br />
[26] Szymon Wilk, Martin Michalowski, Xing Tan, Wojtek Michalowski: Using First-Order Logic to Represent Clinical Practice Guidelines and to Mitigate Adverse Interactions. KR4HC@VSL 2014: 45-61.<br />
<br />
<br />
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-85218886017542471742013-03-24T22:40:00.000-04:002014-07-26T16:15:12.580-04:00Statistical Computing and Machine Learning with RThe use of predictive risk models for personalized medicine is becoming a common practice in healthcare delivery. These models can predict the health risk of patients based on their individual health profiles. Examples include models for predicting breast cancer, stroke, cardiovascular disease, Alzheimer's disease, chronic kidney disease, diabetes, hypertension, and operative mortality for patients undergoing cardiac surgery. These predictive models are created through data analysis using statistical computing.<br />
<br />
Predictive risk modeling can be used to identity at-risk populations and
provide them with pro-active care including early screening and
prevention. For example, predictive risk modeling can help identify
patients at risk of hospital re-admission, an important Accountable Care Organization (ACO) quality
measure.<br />
<br />
Another important challenge in healthcare is to discover what works and what does not work in clinical practice. Comparative Effectiveness Research (CER), an emerging trend in Evidence Based Practice (EBP), has been defined by the Federal Coordinating Council for CER as "<i>the conduct and synthesis of research comparing the benefits and harms of different interventions and strategies to prevent, diagnose, treat, and monitor health conditions in 'real world' settings.</i>"<br />
<br />
Despite their inherent methodological challenges (lack of randomization leading to possible bias and confounding), observational studies (using real world clinical data) are increasingly recognized as complementary to Randomized Control Trials (RCTs) and an important tool in clinical decision making and health policy. <br />
<br />
Statistical Computing and Machine Learning are essential components of intelligent health IT systems. Over the last few years, the free and open source R Project for Statistical Computing has emerged as one the most popular tools for data analysis. This poll by kdnuggets.com shows the <a href="http://www.kdnuggets.com/polls/2011/tools-analytics-data-mining.html" target="_blank">breakdown </a>in popularity of various data mining and analytic tools.<br />
<br />
R supports several Machine Learning algorithms including:<br />
<br />
<ul>
<li>Nearest Neighbor</li>
<li>Naive Bayes</li>
<li>Decision Trees</li>
<li>Logistic Regression</li>
<li>Neural Networks</li>
<li>Support Vector Machines</li>
<li>Association Rules</li>
<li>k-Means Clustering </li>
</ul>
A technique called "Ensemble Methods" which consists in combining multiple models into one can be used to achieve a higher level of accuracy than its components. There are also R packages for niche methods like the <a href="http://methodology.psu.edu/downloads/lcca" target="_blank">Latent Class Causal Analysis (LCCA) Package for R</a>. LCA is used in behavioral health research. <br />
<br />
The following are very useful resources for doing statistical computing and data mining with R:<br />
<br />
<ul>
<li><a href="http://www.rstudio.com/" target="_blank">RStudio</a>: an Integrated Development Environment (IDE) for R</li>
<br />
<li><a href="http://ggplot2.org/" target="_blank">ggplot2</a>: statistical graphics and plotting system for R</li>
<br />
<li><a href="http://cran.r-project.org/web/packages/sqldf/index.html" target="_blank">sqldf</a>: a package for manipulating R data frames using SQL</li>
<br />
<li><a href="http://cran.r-project.org/web/packages/RMySQL/index.html" target="_blank">RMySQL</a>: R interface to the MySQL database</li>
<br />
<li><a href="http://cran.r-project.org/web/packages/RMongo/index.html" target="_blank">RMongo</a>: MongoDB Database interface for R<br /> </li>
<br />
<li><a href="http://www.datadr.org/" target="_blank">RHIPE</a>: Big Data analysis using R and Hadoop. RHIPE stands for R and Hadoop Integrated Programming Environment. This approach is referred to as D&R (Divide and Recombine) Analysis of Large Complex Data (see this <a href="http://ml.stat.purdue.edu/rhipe.org/documents/dr.rhipe.techreport.2012.pdf" target="_blank">tech report</a> on D&R from the RHIPE team)</li>
<br />
<li><a href="https://github.com/RevolutionAnalytics/RHadoop/wiki" target="_blank">RHadoop</a>: Big Data analysis using R and Hadoop. This tool provides Hadoop MapReduce functionality in R</li>
<br />
<li><a href="http://rattle.togaware.com/" target="_blank">Rattle</a>: A Graphical User Interface for Data Mining using R. This tool can export predictive models in Predictive Model Markup Language (PMML) format.</li>
</ul>
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-67261361148897966792013-03-10T19:58:00.000-04:002013-03-11T07:22:06.086-04:00How Not to Build A Big Ball of Mud, Part 2In a previous post entitled <a href="http://efasoft.blogspot.com/2010/12/how-not-to-build-big-ball-of-mud.html" target="_blank"><i>How not to build a big ball of mud</i></a>, I described the complexity of modern software systems and the challenges faced today by software developers and architects. Domain Driven Design (DDD) is a proven pattern language that can foster a disciplined approach to software development. DDD was first introduced by Eric Evans nine years ago in a seminal book entitled: <i>Domain-Driven Design: Tackling Complexity in the Heart of Software</i>. Over the last 9 years, a community of practice has emerged around DDD and many lessons have been learned in applying DDD to real world complex software development projects. During that time, software complexity has also increased significantly. Changes in the field of software development during the last few years include:<br />
<br />
<ul>
<li>The proliferation of client devices which requires a Responsive Web Design (RWD) approach. RWD is made possible by open web standards like HTML5, CSS3, and Javascript which have displaced proprietary user interface technologies like Flex and Silverlight. RWD frameworks like Twitter Boostrap and Javascript Libraries like JQuery have become very popular with developers. The demands put on Javscript on the client side have created the need for Javascript MVC frameworks like AngularJS and EmberJS.</li>
<br />
<li>The importance of the user experience in a competitive online marketplace. Performing usability testing early in the software development life cycle (using wireframes or mockups) to test design ideas and obtain early feedback from future users is extremely valuable for creating the right solution. Metrics such as the System Usability Scale (SUS) can be used to assess the results of usability testing.</li>
<br />
<li>The prevalence of REST, JSON, OAuth2, and Web APIs for achieving web scale.</li>
<br />
<li>The emergence of Polyglot Persistence or the use of different persistence mechanisms such as relational, document, and graph databases within the same application. Developers are discovering that modeling data for NoSQL databases has many benefits, but also its own peculiarities.</li><br />
<li>The demands for quality and faster time-to-market have led to new techniques like test automation and continuous delivery. </li>
</ul>
<br />
The open source community has responded to these challenges by creating
many frameworks which are supposed to facilitate
the work of developing software. Software developers spend a
considerable amount of time researching, learning, and integrating these
various frameworks to build a system. Some of these frameworks can indeed be very helpful when used properly. However, DDD puts a big emphasis on understanding the domain. Here is what I learned from applying DDD over the last few years:<br />
<br />
<br />
<ul>
<li>DDD is a significant intellectual investment, but with a potential for big rewards. To be successful in applying DDD, one must take the time to understand and digest the underlying principles, from the building blocks (entities, aggregates, value objects, modules, domain events, services, repositories, and factories) to the strategic aspects of applying DDD. For example, understanding the difference between an aggregate, a value object, and an entity is essential. Learning the right approach to designing aggregates is also very important as this can significantly impact transactions and performance. I highly recommend reading the recently published <i>Implementing Domain Driven Design</i> by Vaughn Vernon. The book provides a contemporary approach to applying DDD. For example, it covers important topics in applying DDD to modern software systems such as: sub-domains, domain events, event stores and event sourcing, rules for aggregate design, transactions, eventual consistency, REST, NoSQL, and enterprise application integration with concrete examples.</li>
<br />
<li>Proper application layering (user interface, application, domain, and infrastructure), understanding the responsibility of each layer (for example, an anemic domain model and a fat application layer are anti-pattern), and coding to interfaces. DDD is object-oriented (OO) design done right. The <a href="http://en.wikipedia.org/wiki/SOLID_%28object-oriented_design%29" target="_blank">SOLID Principles</a> of OO design are still applicable.</li>
<br />
<li>Determine if DDD is right for your project. Most of my work
during the last few years has been in the healthcare domain. The HL7 CCDA and the Virtual Medical Record (vMR) define an
information model for Electronic Healthcare Records (EHR) and
Clinical Decision Support (CDS) systems respectively. Interoperability
is an important and challenging issue in healthcare. DDD concepts such as
"<i>Strategic Design</i>", "<i>Context Map</i>", "<i>Bounded Context</i>", and "<i>Published Language</i>" are very
helpful in addressing and navigating this type of complexity.</li>
<br />
<li>As I mentioned earlier, DDD puts a big emphasis on understanding the domain. Developers applying DDD should be prepared to dedicate a considerable amount of time to learning about the domain, for example by collaborating and carefully listening to domain experts and by reading as much as they can about the domain. This is also the key to creating a rich domain model with behavior (as opposed to an anemic one). I found that simply reading industry standards and regulations is a great way to understand a domain. So understanding the domain is not just the responsibility of the Business Analyst. The code is the expression of the domain, so the coder needs to understand the domain in order to express it with code.</li>
<br />
<li>Some developers blame popular frameworks for encouraging anemic domain models. I found that a lack of understanding of the domain and its business rules is a major contributing factor to anemia in the domain model. A rule engine like Drools can help externalize these business rules in the form of declarative rules that can be maintained by domain experts through a DSL, spreadsheet, or web-based user interface.</li>
<br />
<li>There are opportunities in using recent ideas like Event Sourcing and the Command Query Responsibility Segregation (CQRS). These opportunities include: scalability, true audit trails, data mining, temporal queries, application integration. However, being pragmatic can help avoid unnecessary complexity. </li>
<br />
<li>I recommend exploring tools that are specifically designed to support a DDD or Model-Driven Development (MDD) approach. <a href="http://isis.apache.org/" target="_blank">Apache Isis</a>, <a href="http://www.romaframework.org/" target="_blank">Roma Meta Framework</a>, <a href="http://tynamo.org/" target="_blank">Tynamo</a>, and <a href="http://nakedobjects.codeplex.com/" target="_blank">Naked Objects</a> are examples of such tools. These tools can automatically generate all the layers of an application based on the specification of a domain model. By doing so, these tools allow you to really focus your time and attention on exploring and understanding the domain as opposed to framework and infrastructure concerns. For architects, these tools can serve as design pattern automation, constraining the development process to conform to DDD principles and patterns. I believe this is part of a larger trend in automating software development which also includes the essential practice of test automation. We software developers like to automate the job of other people. However, many tasks that we perform (including coding itself) are still very manual. Aspect-Oriented Programming (AOP) (using AspectJ for example) can also be used to enable this type of design pattern automation through compile-time weaving.</li>
<br />
<li>Check my previous post for <a href="http://efasoft.blogspot.com/2012/12/a-journey-into-software-excellence.html" target="_blank">20 techniques for achieving software excellence</a>.</li>
</ul>
Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-66551535595150399862013-02-24T20:48:00.001-05:002013-02-27T17:59:15.492-05:00State of the Semantic Web in the Clinical DomainIn a previous post entitled <a href="http://efasoft.blogspot.com/2011/08/why-do-we-need-ontologies-in-healthcare.html" target="_blank"><i>Why Do We Need Ontologies in Healthcare Applications</i></a>, I explained the important difference between ontologies, coding systems, and information models of data structures. I also outlined the benefits of using Semantic Web technologies like RDF, RDFS, OWL, SWRL, R2RML, SPARQL, SKOS, and Linked Open Data (LOD). These benefits include:<br />
<br />
<ul>
<li>Reasoning and inferencing which are essential characteristics of <a href="http://efasoft.blogspot.com/2012/12/prediction-for-2013-intelligent-health.html" target="_blank">intelligent Health IT Systems</a> (iHIT) </li>
<li>Model consistency checking</li>
<li>Open World Assumption (OWA) and Non-Unique Naming Assumption enabling the integration of heterogeneous data sources and knowledge bases using Linked Open Data (LOD) principles. This integration can be accomplished by providing an RDF view over existing relational databases using R2RML (RDB to RDF Mapping Language) and by performing <a href="http://www.w3.org/TR/sparql11-federated-query/" target="_blank">SPARQL federated queries</a>. Intelligent queries can retrieve inferred facts using <a href="http://www.w3.org/TR/sparql11-entailment/" target="_blank">SPARQL 1.1 Entailment Regimes</a>.</li>
<li>Linking to other biomedical ontologies like SNOMED and the <a href="http://code.google.com/p/translationalmedicineontology/" target="_blank">Translational Medicine Ontology</a></li>
<li>Clinical Knowledge Management (CKM) using OWL to model and execute Clinical Practice Guidelines (CPGs) and Care Pathways (CPs). </li>
</ul>
<br />
<h3>
Semantic Web in Clinical and Translational Research </h3>
<br />
The following are papers on how Semantic Web technologies are being used to realize these benefits in the healthcare domain: <br />
<ul>
<li><a href="http://jamia.bmj.com/content/early/2012/12/24/amiajnl-2012-001326.abstract?sid=fa4d93dd-c59a-4f56-8b41-b03ed75ea9be" target="_blank"><i>A semantic-web oriented representation of the clinical element model for secondary use of electronic health records data</i></a> in the Journal of the American Medical Informatics Association (JAMIA)<i> </i></li>
<li><a href="http://www.jbiomedsem.com/content/3/1/10" target="_blank"><i>Applying semantic web technologies for phenome-wide scan using an electronic health record linked Biobank</i></a> in the Journal of Biomedical Semantics</li>
<li><a href="http://ppr.cs.dal.ca/sraza/papers/MEDINFO07b.pdf" target="_blank"><i>Ontology-based Modeling of Clinical Practice Guidelines: A Clinical Decision Support System for Breast Cancer Follow-up Interventions at Primary Care Settings</i></a></li>
</ul>
<br />
<h3>
Apache Stanbol</h3>
<br />
I recently came across <a href="http://stanbol.apache.org/" target="_blank">Apache Stanbol</a>, a new Apache project which is described as <i>"a set of reusable components for semantic content management"</i>. What I really like about Apache Stanbol is that it not only works on unstructured data sources, but also integrates a number of other popular Apache open source software which can be used to add a semantic layer to modern RESTful content-oriented applications. These components include:<br />
<br />
<ul>
<li>Apache Tika for text and metadata extraction from a variety of commonly used document formats</li>
<li>Apache OpenNLP for natural language processing and named entity recognition (NER)</li>
<li>Apache Solr for document store and semantic search</li>
<li>Apache Jena as the RDF and Semantic Web framework.</li>
</ul>
Other open source components like Apache Mahout (a scalable Machine Learning library) can be integrated to provide document recommendation and clustering services.<br />
<br />
The <i>Content Enhancers</i> in Stanbol can perform named entity recognition (NER) and link text annotations to external datasets such as DBPedia. In the clinical domain, these enhancers can be used to extract entities from medical records, journal articles, and clinical guidelines. These entities can then be linked to other clinical data sources such as drug and disease databases using Linked Data techniques.<br />
<br />
Apache Stanbol also provides <i>Reasoners </i>based on Jena RDFS, OWL, and OWLMini Reasoners as well as the <a href="http://www.hermit-reasoner.com/" target="_blank">HermiT OWL Reasoner</a>. These reasoners can perform consistency checking and classification. Stanbol supports <i>Inference Rules</i> in the following formats: SWRL, Jena Rules, and SPARQL (by converting Stanbol Rules into SPARQL CONSTRUCTs).Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-52816651610532012762013-02-17T09:15:00.001-05:002013-02-19T18:09:31.841-05:00Automated Clinical Question Answering: The Next Frontier in Healthcare InformaticsIn a previous post, I predicted that 2013 will be the year <i><a href="http://efasoft.blogspot.com/2012/12/prediction-for-2013-intelligent-health.html" target="_blank">I</a><a href="http://efasoft.blogspot.com/2012/12/prediction-for-2013-intelligent-health.html" target="_blank">ntelligent Health IT Systems (iHIT) go mainstream</a>.</i> I based my prediction on a number of factors, notably the transformation of healthcare to a value-based delivery system driven by the latest scientific evidence (evidence-based practice and practice-based evidence).<br />
<br />
Last week, IBM<i> </i>together with health insurer WellPoint Inc., and New York’s Memorial Sloan-Kettering Cancer Center announced the commercialization of Watson (the supercomputer which beat human champions in "Jeopardy!" on February 16, 2011) for question answering (QA) in the clinical domain. The following are some interesting facts released by IBM as part of this <a href="http://wraltechwire.com/ibm-s-dr-watson-supercomputer-ready-to-fight-cancer/12083522/" target="_blank">announcement</a>:<br />
<br />
<ul>
<li>The supercomputer has ingested 1,500 lung cancer cases from Sloan-Kettering records, plus 2 million pages of text from journals, textbooks and treatment guidelines. This is what I called Big Data in medicine.</li>
<li>In 2012, Watson became 240 percent faster and 75 percent smaller so it can run on a single server. No surprise here and I expect this trend to continue.</li>
</ul>
<br />
The following YouTube video entitled <i>Oncology Diagnosis and Treatment</i> explains how IBM envisions using Watson for Clinical Question Answering (CQA):<br />
<br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/HZsPc0h_mtM" width="420"></iframe><br /></div>
<br />
<h3>
The User Experience in the Watson Demo</h3>
<h3>
</h3>
<ul>
<li>Clinical questions can be posed in natural language (spoken or typed in by the clinician using a keyboard). </li>
<li>The sources used for answering clinical questions include both structured (EMR databases) and unstructured information (journal articles, clinical guidelines, etc.).</li>
<li>Personalized medicine: the proposed interventions are driven by the data in the patient's medical record and the system can prompt the clinician for additional information on the patient if necessary. The displayed evidence and recommendations are updated to reflect changes in the patient's clinical data.</li>
<li>Human Factors: the clinician is always in the loop. She can ask Watson how it arrives at a specific care recommendation and can even remove a specific evidence (if deemed irrelevant or not appropriate). </li>
<li>The use of confidence scoring and evidence highlighting. </li>
<li>Patient-centeredness and shared decision making: the treatment plans take into account the values, goals, and wishes of the patient (<i>patient preferences</i>). Treatment options are discussed with the patient.</li>
<li>Comparative effectiveness is used to compare the benefits and harms of different interventions.</li>
<li>Information is displayed using data visualization (dashboard) to help meet key performance indicators in the context of a value-based payment model.</li>
</ul>
<br />
<br />
<h3>
The Science Behind Watson</h3>
<br />
The real question is how do we make intelligent health IT systems like Watson widely available to all patients. A landmark report published by the Institute of Medicine in 2001 and titled <i><a href="http://www.iom.edu/Reports/2001/Crossing-the-Quality-Chasm-A-New-Health-System-for-the-21st-Century.aspx" target="_blank">Crossing the Quality Chasm - A New Health System for the 21st Century</a> </i>contained the following recommendation:<br />
<br />
<blockquote class="tr_bq">
<i>Patients should receive care based on the best available scientific knowledge. Care should not vary illogically from clinician to clinician or from place to place.</i></blockquote>
<br />
For the scientifically (and Artificial Intelligence) inclined, the following are some pointers on the science behind Watson:<br />
<br />
<ul>
<li><a href="http://www.aaai.org/Magazine/Watson/watson.php" target="_blank">The AI Behind Watson - The Technical Article</a></li>
<li><a href="http://www.aaai.org/ojs/index.php/aimagazine/article/view/2303" target="_blank">Building Watson: An Overview of the DeepQA Project</a></li>
<li><a href="http://researchweb.watson.ibm.com/journal/sj43-3.html" target="_blank">Unstructured Information Management (The IBM Journal of Research and Development)</a></li>
<li><a href="http://iswc2011.semanticweb.org/tutorials/semantic-web-technology-in-watson/" target="_blank">Semantic Web Technology in Watson.</a></li>
</ul>
<br />
The picture below represents a high level architecture of Watson (click on the image to enlarge it).<br />
<br />
<br />
<a href="http://commons.wikimedia.org/wiki/File%3ADeepQA.svg" title="By Pgr94 (Own work) [CC0], via Wikimedia Commons"><img alt="DeepQA" src="//upload.wikimedia.org/wikipedia/commons/thumb/4/41/DeepQA.svg/512px-DeepQA.svg.png" width="512" /></a>
<br />
<br />
<br />
<br />
<h3>
</h3>
<h3>
AskHermes and MiPACQ</h3>
<br />
IBM Watson is not the only effort to develop automated CQA capabilities. Some earlier CQA efforts used the <a href="http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1839740/" target="_blank">PICO framework </a>(Problem/Population, Intervention, Comparison, Outcome) to facilitate processing. More recent efforts have focused on the use of clinical questions posed in natural language. <br />
<br />
<a href="http://www.askhermes.org/index2.html" target="_blank">AskHermes</a> (<i>Help clinicians to Extract and aRrticulate Multimedia information for answering clinical quEstionS</i>) allows clinicians to enter questions in natural language and uses the following unstructured information sources: MEDLINE abstracts, PubMed Central full-text articles, eMedicine documents, clinical guidelines, and Wikipedia articles.<br />
<br />
The processing pipeline in <a href="http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3433744/" target="_blank">AskHermes</a> includes the following: <i>Question Analysis, Related Questions Extraction, Information Retrieval, Summarization and Answer Presentation</i>. AskHermes performs question classification using <a href="http://ii.nlm.nih.gov/MMTx.shtml" target="_blank">MMTx</a> (MetaMap Technology Transfer) to map keywords to UMLS concepts and semantic types. Classification is also achieved through supervised machine learning algorithms such as Support Vector Machine (SVM) and conditional random fields (CFRs). Summarization and answer presentation are based on clustering techniques.<br />
<br />
<a href="http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3243235/" target="_blank">MiPACQ</a> (<i>Multi-source Integrated Platform for Answering Clinical Questions</i>) is based on Natural Language Processing (NLP) and Information Retrieval (IR) and utilizes data sources such as Electronic Medical Record (EMR) databases and online medical encyclopedia like Medpedia. MiPACQ uses a processing pipeline based on UIMA (<i>Unstructured Information Management Architecture</i>) and machine learning-based as well as rule-based scoring. NLP capabilities are provided by ClearTK and cTakes (<i>clinical Text Analysis and Knowledge Extraction System</i>).<br />
<br />
<br />
<br />
<h3>
The Road Ahead</h3>
<br />
Automated Clinical Question Answering (CQA) is really hard. However, that is the future of computing: intelligent machines we can have meaningful conversations with. CQA is a multidisciplinary field which combines disciplines like statistical
computing, information retrieval, natural language processing, machine
learning, rule engines, semantic web technologies, knowledge representation and reasoning, visual analytics, and massively parallel computing. There are several open source projects that provide the building blocks. Many EHR software today are glorified data entry systems. We need to move to the next level and that will require technical leadership.<br />
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-54930720418785521102013-02-03T20:27:00.000-05:002013-02-04T18:55:32.502-05:00Patient Privacy At Web ScaleA study entitled <i><a href="http://jamia.bmj.com/content/20/1/7.full" target="_blank">Patients want granular privacy control over health information in electronic medical records</a> </i>by Kelly Caine and Rima Hanania in the current issue of the Journal of the American Medical Informatics Association (JAMIA) clearly indicates that patients want a granular level of control over the sharing of their medical information. Patients also want to control with whom their health information is shared and for what purpose. The study looks at how the presence of sensitive health information in a medical record affects patient privacy preferences. In this post, I discuss how current and emerging standards can be used to enforce patient privacy preferences at web scale.<br />
<br />
First, I think the key to achieving patient privacy at web scale is to adopt proven light-weight protocols and standards such as REST, JSON, OAuth2, and OpenID Connect. The <a href="http://wiki.siframework.org/RHEx" target="_blank">RESTful Health Exchange (RHEx) </a>project funded by the Federal Health Archicture (FHA) was a step in the right direction. These protocols have also been embraced by large internet identity providers like <a href="https://developers.google.com/accounts/docs/OAuth2" target="_blank">Google</a>, Facebook, and Microsoft. To increase the strength of authentication when using these existing online identities in patient-facing healthcare applications, techniques like multi-factor authentication (e.g., two-factor authentication using the user's phone) and adaptive risk authentication can be used. These light-weight standards and protocols contrast with enterprise-centric
alternatives like SOAP and SAML which are the foundation for Integrating
the Health Enterprise (IHE) standards including XDS.b, XDR, and XUA.<br />
<br />
An emerging approach that could really help put patients in control of the privacy of their electronic medical record is the <a href="http://kantarainitiative.org/confluence/display/uma/Home" target="_blank">User-Managed Access (UMA)</a> Protocol of the Kantara Initiative. According to the UMA Core specification: <br />
<blockquote class="tr_bq">
<i>User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policy.</i></blockquote>
<div class="separator" style="clear: both; text-align: center;">
</div>
That sounds a lot like a healthcare environment where a typical patient has her health information residing in the Electronic Health Record (EHR) systems of multiple healthcare providers. A frequent use case is when the patient's health information is shared among providers during primary care physicians' referrals to specialist outpatient clinics. The following are the benefits for the patient privacy of a centralized authorization server as defined in UMA:<br />
<br />
<ul>
<li>The ability to manage her consent directives (<i>scope of access</i> in UMA parlance) from a central location (ideally in the cloud) as opposed to the current paper-based environment where the patient signs a consent form for each provider and has no visibility into how the consent is being used and enforced.</li>
<li>It facilitates the update and revocation of the consent directives by the patient. </li>
<li>It would give the patient a full audit trail of requests and access events related to her health information. </li>
<li>The patient user experience of managing their privacy preferences online can be significantly enhanced by data visualization. A study titled <a href="http://www.slideshare.net/domcat/exploring-visualization-techniques-to-enhance-privacy-control-ux-for-usermanaged-access-8673854" target="_blank"><i>Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access</i></a><i> </i>introduced the notion of a <i>"UMA Connection"</i> for helping users visualize the context of a data sharing policy (e.g., contacts, allowed actions, access restrictions, and trusted claims). </li>
</ul>
<br />
In UMA, trusted claims (e.g., information about a requesting healthcare provider such as email, name, role, organization, and NPI) can be conveyed using OpenID Connect. The <a href="http://oauthssodemo.appspot.com/step/1" target="_blank">Google OpenID Connect Demo</a> provides a step by step guide to OpenID Connect and Nat Sakimara's <a href="http://nat.sakimura.org/2011/05/15/dummys-guide-for-the-difference-between-oauth-authentication-and-openid/" target="_blank"><i>Dummy’s guide for the Difference between OAuth Authentication and OpenID</i></a> is a good explanation of how OpenID Connect complements OAuth2. A separate specification entitled <a href="http://docs.kantarainitiative.org/uma/draft-uma-trust.html" target="_blank"><i>Binding Obligations on User-Managed Access (UMA) Participants</i></a> proposes a legal framework that defines the obligations of parties that operate and use UMA-conforming software programs and services.<br />
<br />
A recent post by Domenico Catalono entitled <a href="http://identitycube.blogspot.co.uk/2013/01/uma-approach-to-protect-and-control.html" target="_blank"><i>UMA Approach to Protect and Control Online Reputation</i></a> describes a UMA-based approach for supporting privacy based on reputation and trust. An example in the post is a <i>"global reputation ranking"</i> in the context of an online e-commerce site. In the context of healthcare privacy, when deciding to share their sensitive medical information with a specific healthcare provider, the same concept could be used to display the number and severity of security breaches experienced by the healthcare provider in the past. Section 13402(e)(4) of the HITECH Act actually requires posting a list of breaches of unsecured protected health information affecting 500 or more individuals. The list is available <a href="http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html" target="_blank">here</a>.<br />
<br />
The recently approved XACML 3.0 standard is a powerful mechanism for expressing and evaluating privacy policies. It provides capabilities such as obligation and advice expressions as well as delegation of authorization. In this <a href="http://kantarainitiative.org/confluence/download/attachments/17760302/UMA+and+XACML+2012-10-18.pdf" target="_blank">presentation</a>, Eve Maler discusses possible integration points between UMA and XACML. The <a href="https://www.oasis-open.org/committees/download.php/48018/xacml-rest-v1.0-wd07.doc" target="_blank"><i>REST Profile of XACML 3.0</i></a> and the <a href="https://www.oasis-open.org/committees/download.php/47775/xacml-json-http-v1.0-wd09.doc" target="_blank"><i>Request/Response Interface based on JSON and HTTP for XACML 3.0</i></a> proposals introduce the notion of <i>"RESTful Authorization-as-a-Service (AZaaS)"</i> which can facilitate the use of XACML in a UMA-based access control environment.<br />
<br />
<br />Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-27568539098742142592013-01-20T20:35:00.000-05:002014-04-01T21:35:57.590-04:00Application-Level Security in Health IT Systems: A RoadmapAn investigative report titled "<i>Health-care sector vulnerable to hackers, researchers say</i>" published last month in the Washington Post on the state of cybersecurity reveals that:<br />
<br />
<blockquote class="tr_bq">
<i>"...health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems."</i></blockquote>
<br />
When it comes to application-level security, the healthcare industry is indeed lagging when compared to other industries that handle consumer sensitive information. The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle cardholder information. The PCI DSS certification includes requirements for security code reviews, penetration testing, and compliance validation by an external Qualified Security Assessor (QSA). <br />
<br />
This week, the Department of Health and Human Services (HHS) issued a final omnibus rule on the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules. The rules impose the following:<br />
<br />
<ul>
<li>Increased and tiered civil money penalty structure for security breaches depending on "<i>reasonable diligence</i>", "<i>willful neglect</i>", and "<i>timely correction</i>". The penalty amount varies from $100 to $50,000 per violation with a maximum penalty of $1.5 million annually for all violations of an identical provision.</li>
<li>Expansion of accountability and liability for Business Associates (BAs) and subcontractors.</li>
<li>Increased privacy protections under the Genetic Information Nondiscrimination Act (GINA).</li>
</ul>
<br />
Furthermore, the Security and Privacy Tiger Team of the US Office of the National Coordinator (ONC) for health IT released a set of recommendations related to the Meaningful Use (MU) Stage 2 requirements for patients access to health record portals. The need for patient engagement as a prerequisite to a successful transformation of healthcare means that particular attention should be paid to the security needs of consumer-facing web applications.<br />
<br />
<br />
<h3>
</h3>
<h3>
<b>Security in the Software Development Life Cycle (SDLC) </b></h3>
<br />
Unfortunately, security as a non-functional requirement, is often relegated to an afterthought in the software development life cycle (SDLC). As an afterthought, security is added to the software later or at the end of the development cycle. At that point, adding adequate security is difficult and costly, requiring significant rework. In some cases, penetration testing is not performed at all before the application is deployed into production.<br />
<br />
This situation can be exacerbated by an interpretation of the Agile methodology that puts the emphasis on the early and frequent demonstrations to the customer of functional (as opposed to non-functional) features of the system under development.<br />
<br />
Another issue is that developers and architects often over-rely on 3rd-party security infrastructure, as opposed to (1) developing a Threat Model for the application they are building and (2) creating a security implementation approach to address the Threat Model. 3rd-party security infrastructure can be helpful, but should serve the security implementation strategy as opposed to driving it. As Bruce Schneier, a well-known cryptographer and computer security specialist said in an article titled "<i>Computer Security: Will We Ever Learn?</i>": <br />
<blockquote class="tr_bq">
<i>"Security
is a process, not a product. Products provide some protection, but the
only way to effectively do business in an insecure world is to put
processes in place that recognize the inherent insecurity in the
products. The trick is to reduce your risk of exposure regardless of the
products or patches."</i></blockquote>
<br />
<br />
<h3>
<b>Understanding Potential Security Vulnerabilities</b></h3>
<br />
Application Security is a mature discipline. Developers and architects should build a deep understanding of web application security vulnerabilities as opposed to completely relying on 3rd-party security infrastructure for addressing security concerns. The following are well documented bodies of knowledge on security vulnerabilities:<br />
<br />
<ol>
<li>The <i>OWASP Top 10 Web Application Security Risks</i> (cheat sheets explaining each of those vulnerabilities and how to address them are available on the OWASP web site):<br /><br />
<i>A1: Injection</i><br /><i>A2: Cross-Site Scripting (XSS)</i><br /><i>A3: Broken Authentication and Session Management</i><br /><i>A4: Insecure Direct Object References</i><br /><i>A5: Cross-Site Request Forgery (CSRF)</i><br /><i>A6: Security Misconfiguration</i><br /><i>A7: Insecure Cryptographic Storage</i><br /><i>A8: Failure to Restrict URL Access</i><br /><i>A9: Insufficient Transport Layer Protection</i><br /><i>A10: Unvalidated Redirects and Forwards. </i>
<br /><br />
</li>
<li>The <i>CWE/SANS Top 25 Most Dangerous Software Errors</i>, the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe.</li>
<li>Programming language-specific vulnerabilities such as those listed in the <i>Cert Oracle Secure Coding Standard for Java</i>.</li>
<li>Well-documented security vulnerabilities introduced by the use of 3rd-party open source application development frameworks.</li>
<li>The <i>National Vulnerability Database</i> </li>
<li>The <i>Common Weakness Enumeration (CWE)</i> which is currently maintained by the MITRE Corporation with support from the National Cyber Security Division (DHS). The diagram below from the CWE web site shows a portion of the CWE hierarchical structure. Click on the image below to enlarge it. </li>
<li>Obviously, developers should be on the lookout for new and emerging threats to web application security.</li>
</ol>
<ol>
</ol>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFR5ocVBJb2A3-r6PxBq9iPwlM1WFVhgLXotJ16SOadiDKwWTb8ZNBsoF2R-nFe8CoamKVPMHIMVdBDDCnhgn7Ps4iPVKpODej11URTeCVdPgVC2iw5c3RegIhJSo3kfPKNPlMHtwPk0N2/s1600/cwe_cross_section_large.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFR5ocVBJb2A3-r6PxBq9iPwlM1WFVhgLXotJ16SOadiDKwWTb8ZNBsoF2R-nFe8CoamKVPMHIMVdBDDCnhgn7Ps4iPVKpODej11URTeCVdPgVC2iw5c3RegIhJSo3kfPKNPlMHtwPk0N2/s320/cwe_cross_section_large.jpg" height="254" width="320" /></a></div>
<br />
<b><br /></b>
<br />
<h3>
<b><span style="font-weight: normal;"></span></b></h3>
<h3>
<b>Application Threat Modelling</b></h3>
<br />
Armed with a deep understanding of potential vulnerabilities, developers and architects can build a Security Policy (who has what type of access to which resource in the system) and a Threat Model including:<br />
<br />
<ul>
<li>An analysis of the attack surface of the application.</li>
<li>Identification of potential threats and attackers (both inside and outside the organization and its business associates and subcontractors) and their characteristics, tactics, and motivations. A threat categorization methodology such as STRIDE can be used. STRIDE defines the following threat categories: <i>Spoofing of user identity, Tampering, Repudiation, Information disclosure (privacy breach or Data leak), Denial of Service (D.o.S.), and Elevation of privilege</i>. </li>
<li>The consequences of those attacks for patients and the healthcare organization serving them.</li>
<li>Countermeasures and a risk mitigation strategy. The Application Security Frame (ASF) defines the following categories of countermeasures: <i>Authentication, Authorization, Configuration Management, Data Protection in Storage and Transit, Data Validation/Parameter Validation, Error Handling and Exception Management, User and Session Management, Auditing and Logging</i>.</li>
<li>How the deployment environment will impact privacy and security. NIST and the Cloud Security Alliance (CSA) provide specific security guidance for cloud deployment.</li>
<li>New software architectures like the Single Page Application (SPA) approach present new challenges in securing web applications. Single Page Applications are subject to common web application vulnerabilities like Cookie Snooping, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and JSON Injection. Security is mainly the responsibility of the server, although client-side frameworks like AngularJS also provide some features to enhance the security of Single Page Applications.</li>
</ul>
<h3>
<b> </b></h3>
<h3>
<b>Developing a Security Implementation Strategy</b></h3>
<br />
To address the issues of secure software development in the context of
Agile, the Software Assurance Forum for Excellence in Code (SAFECode)
published a guide titled "<i>Practical Security Stories and Tasks for Agile Development Environment</i>".<br />
<br />
<i></i><br />
<h3>
<b>Secure Coding Standards, Static Analysis, and Security Code Review </b></h3>
<br />
Many developers are aware of coding conventions (such as the Code Conventions for the Java Programming Language), and the benefits of peer code reviews and static code analysis (using tools like Checkstyle, PMD, FindBugs, and Sonar). These practices should be expanded to cover secure coding as well. The following resources can help:<br />
<br />
<ul>
<li>The <i>Cert Oracle Secure Coding Standard for Java</i>. </li>
<li>The <i>OWASP Code Review Guide.</i></li>
<li>The "<i>Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today</i>" published by the Software Assurance Forum for Excellence in Code (SAFECode)</li>
<li>The Payment Card Industry Data Security Standard (PCI DSS) "<i>Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified</i>" is an example of secure code review requirements in an industry vertical. </li>
</ul>
<br />
There are secure code static analysis tools that can be particularly useful when used in combination with a secure code review process. If possible, the static code analysis should be integrated into the build and continuous integration process to provide specific secure code metrics as well as the evolution of those metrics over time.<br />
<br />
<br />
<h3>
<b>Penetration Testing</b></h3>
<br />
Finally, the application should go through penetration testing before it is deployed into production. Application-level penetration testing should be done in addition to network-level penetration testing. OWASP provides a detailed Testing Guide and a number of open source and commercial penetration testing tools are available as well.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-67946804261317093012013-01-13T21:13:00.002-05:002014-01-24T17:23:11.073-05:00Visual Analytics for Clinical Decision MakingIn my last post, I talked about the era of Big Data in medicine, Evidence-Based Practice (EBP), Practice-Based Evidence (PBE), and the need for a human-centered approach to building intelligent health IT (iHIT) systems. In this post, I discuss Visual Analytics, an emerging discipline in Data Science. In a report titled "<i>Illuminating the Path: The R&D Agenda for Visual Analytics</i>" published in 2004 by the National Visualization and Analytics Center (NVAC), Visual Analytics is defined as "<i>the science of analytical reasoning facilitated by visual interactive interfaces.</i>"<br />
<br />
The goal of Visual Analytics is to obtain deep insight for effective understanding, reasoning, and decision making through the visual exploration of massive, complex, and often ambiguous data. As a multidisciplinary field, Visual Analytics combines several disciplines such as human perception and cognition, interactive graphic design, statistical computing, data mining, spatio-temporal data analysis, and even art.<br />
<br />
In his book titled "<i>Beautiful Evidence</i>", Edward Tufte illustrates the
fundamental principles of analytical design by using Charles Minard's famous map known as "<i>Carte figurative des pertes successives en hommes de l'Armée Française dans la campagne de Russie 1812-1813</i>" (Figurative
Map of the successive losses in men of the French Army in the Russian Campaign 1812-1813). The map is a dramatic account of the heavy losses of the french army during Napoleon's Russian campaign of 1812. Edward Tuffe calls the map the "<i>best statistical graphics ever</i>". Click on the image below to enlarge it.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhykRoe1kd3P6UURfSa4fMTQp_4JDTBo0ufM0Hve2D-mZZIFTikc5uyzyV75drDbEoh6DPQim0tmBWEdz-STwTeZW_WeYVs1rrz5wfWv_hSDamtvpqgVwswqO-guJjmj4jqzENRt-owTMEW/s1600/Minard1024.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhykRoe1kd3P6UURfSa4fMTQp_4JDTBo0ufM0Hve2D-mZZIFTikc5uyzyV75drDbEoh6DPQim0tmBWEdz-STwTeZW_WeYVs1rrz5wfWv_hSDamtvpqgVwswqO-guJjmj4jqzENRt-owTMEW/s320/Minard1024.png" width="320" /></a></div>
<br />
<br />
Visual Analytics is also an emerging discipline in healthcare informatics. For example, similar to Minard's map of the Russian Campaign of
1812-1813, Visual Analytics can help in comparing different interventions and care pathways and their respective clinical outcomes over a certain period of time through the vivid showing of causes, variables, comparisons, and explanations. This approach contrasts with the traditional display of clinical data in table rows that is so common in electronic health record (EHR) systems interfaces.<br />
<br />
Another Visual Analytics technique called Visual Cluster Analysis can be particularly helpful in Comparative Effectiveness in clinical care settings where the goal is to compare the benefits and harms of different interventions for different subgroups (groups of patients sharing similar clinical characteristics such as age, gender, race, genetic profile, and comorbidities). Given a specific patient, Visual Cluster Analysis can help the clinician visually explore what works and what doesn't work for "similar patients".<br />
<br />
You can find interesting examples of research projects and implementations in the proceedings of the Visual Analytics in Healthcare Workshop which has been held in conjunction with the IEEE VisWeek for the past three years. The 2013 Visual Analytics in Healthcare Summit (VHAC 2013) will be held in conjunction with the AMIA 2013 conference in Washington DC. There are a number of open source toolkits that can be used to implement Visual Analytics. Some of them are based on open web standards such as HTML5, CSS3, SVG, and Javascript. My favorite is D3.js. DC.js and Crossfilter are built on top of D3.js and facilitate the creation of interactive visualization of multivariate datasets in the browser. Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-74164223739058903162012-12-30T12:20:00.000-05:002013-01-06T14:02:33.309-05:00Prediction for 2013: Intelligent Health IT Systems (iHIT) Go MainstreamiHIT systems represent an evolution of clinical decision support (CDS) systems. Traditionally, CDS systems have provided functionalities such as Alerts and Reminders, Order Sets, Infobuttons, and Documentation Templates. iHIT systems go beyond these basic functionalities and are poised to go mainstream in 2013. This evolution is enabled by recent developments in both computing and healthcare. Notably in computing:<br />
<br />
<ul>
<li>The emergence of Big Data and massively parallel computing platforms like Hadoop.
</li>
<li>The entrance of the following disciplines into the mainstream of computing: Machine Learning (a branch of Artificial Intelligence), Statistical Computing, Visual Analytics, Natural Language Processing, Information Retrieval, Rule engines, and Semantic Web Technologies (like RDF, OWL, SPARQL, and SWRL). These disciplines have been around for many years, but have been largely confined into Academia, very large organizations, and niche markets.</li>
<li>The availability of open source tools, platforms, and resources to support the technologies mentioned above. Examples include: R (a statistical engine), Apache Hadoop, Apache Mahout, Apache Jena, Apache Stanbol, Apache OpenNLP, and Apache UIMA. The number of books, courses, and conferences dedicated to these topics has increased dramatically over the last two years signalling an entrance into the mainstream.</li>
</ul>
In addition, the healthcare industry itself is currently going through a significant transformation from a business model based on the number of patients treated to a value-based payment model. The Accountable Care Organization (ACO) is an example of this new model. This model puts an increased emphasis on meeting certain quality and performance metrics driven by the latest scientific evidence (this is called Evidence Based Practice or EBP). <br />
<br />
Although very costly, Randomized Control Trials (RCTs) are considered the strongest form of evidence in EBP. Despite their inherent methodological challenges (lack of randomization leading to possible bias and confounding), observational studies (using real world data) are increasingly recognized as complementary to RCTs and an important tool in clinical decision making and health policy. According to a report titled <i>"Clinical Practice Guidelines (CPGs) We Can Trust"</i> published by the Institute Of Medicine (IoM):<br />
<blockquote class="tr_bq">
<i>"Randomized trials commonly have an under representation of important subgroups, including those with comorbidities, older persons, racial and ethnic minorities, and low-income, less educated, or low-literacy patients."</i></blockquote>
Investments into Comparative Effectiveness Research (CER) are increasing as well. CER, an emerging trend in Evidence Based Practice (EBP), has been defined by the Federal Coordinating Council for CER as <i>"the conduct and synthesis of research comparing the benefits and harms of different interventions and strategies to prevent, diagnose, treat and monitor health conditions in 'real world' settings."</i> CER is important not only for discovering what works and what doesn't work in practice, but also for an informed shared decision making process between the patient and her provider.<br />
<br />
The use of predictive risk models for personalized medicine is becoming a common practice. These models can predict the health risks of patients based on their individual health profiles (including genetic profiles). These models often take the form of logistic regression models. Examples include models for predicting cardiovascular disease, ICU mortality, and hospital readmission (an important ACO performance measure).<br />
<br />
Thanks to the Meaningful Use incentive program, adoption of electronic health record (EHR) systems by providers is rapidly increasing. This translates into the availability of huge amount of EHR data which can be harvested to provide Practice Based Evidence (PBE) necessary to close the evidence loop. PBE is the key to a learning health system. The Institute of Medicine (IOM) released a report last year titled <i>"Digital Infrastructure for the Learning Health System: The Foundation for Continuous Improvement in Health and Health Care"</i>. The report describes a learning health system as:<br />
<blockquote class="tr_bq">
<i>"...delivery of best practice guidance at the point of choice, continuous learning and feedback in both health and health care, and seamless, ongoing communication among participants, all facilitated through the application of IT."</i></blockquote>
Both EBP and PBE will require not only rigorous scientific methodologies, but also a computing platform suitable for the era of Big Data in medicine. As Williams Osler (1849-1919) famously said: <br />
<blockquote class="tr_bq">
<i>"Medicine is a science of uncertainty and an art of probability."</i></blockquote>
Lastly, to be successful, the emergence of iHIT systems will require a human-centered design approach. This will be facilitated by the use of techniques that can enhance human cognitive abilities. Examples are: Electronic Checklists (an approach that originates from the aviation industry and has been proven to save lives in healthcare delivery as well) and Visual Analytics.<br />
<br />
Happy New Year to You and Your Family! Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-62240204240055788772012-12-08T19:38:00.000-05:002013-10-20T10:36:03.225-04:00A Journey into Software ExcellenceI am back in the blogosphere after a seven month hiatus. It was about time I get my blogging act together. Software development has never been so much fun. In this post, I will share some thoughts on using tools, methods, and practices that can really help in your search for software excellence from the initial prototyping of the user interface to deployment.<br />
<br />
<ul>
</ul>
<ol>
<li>With the rapid proliferation of mobile and desktop devices, adopt a Responsive Wed Design (RWD) strategy to reach the largest audience possible. </li>
<li>Create responsive sketches, wireframes, or mockups and apply usability guidelines during the initial prototyping. The NHS Common User Interface (CUI) Program is a good example of usability guidelines for healthcare IT applications. Usability.gov also has many interesting resources as well.</li>
<li>Perform usability testing to test your design ideas and obtain early feedback from future users of your product before actual development starts. Use metrics such as the System Usability Scale (SUS) to assess the results.</li>
<li>Carefuly select the right HTML5, CSS3, and Javascript libraries and frameworks. The Single Page Application (SPA) architecture is becoming popular and can provide a more fluid user experience.</li>
<li>Consider "Specification By Example" and Behaviour Driven Development
(BDD) tools like Cucumber-JVM to create executable user stories. </li>
<li>Pattern languages like Domain Driven Design (DDD) can help you avoid a "Big Ball of Mud" in architecting your software. DDD concepts such as "Strategic Design", "Bounded Context", "Published Language", and "Anti-Corruption Layer" can help you put your architecture in the right perspective, particularly if there is a need to support industry interoperability standards such as HL7 and IHE. However, beware that the practice of DDD has evolved over the last 8 years and new lessons have been learned particularly in the area of "Aggregate" design. So keep up-to-date with new developments in the field in order to leverage the experience of the community. I also found the concept of "Hexagonal Architecture" very helpful in visualizing the complexity of an architecture from different angles. </li>
<li>Consider a peer review of the architecture using a methodology like the Architecture Tradeoff Analysis Method (ATAM). </li>
<li>Embrace Polyglot Persistence (the use of different persistence mechanisms such as relational, document, and graph databases within the same application). However, use the right application development framework to make this easy. Beware of the peculiarities of modeling data for NoSQL databases and remember that "Persistence Ignorance" is not always easy to achieve in practice.</li>
<li>Add a social dimension to your product by integrating the user experience with existing social networking sites that your users already belong to.</li>
<li>Make your application more intelligent through the use of techniques such as Machine Learning (e.g., a recommendation engine), ontologies and rule engines (e.g., automated reasoning), and Natural Language Processing (NLP) (e.g., automated question answering). As Richard Hamming said: <i>"The purpose of computing is insight, not numbers"</i>.</li>
<li>To enhance the user experience, adopt HTML5, SVG, and Javascript-based graphing and data visualization techniques for data-intensive applications. </li>
<li>Consider the benefits of deploying the application to the cloud and if you decide to deploy to the cloud, factor that into your entire design and development process including the selection of development tools. Choosing the right Platform-as-a-Service (PaaS) provider can facilitate the process.</li>
<li>Create a Continuous Delivery pipeline based on the core concept of automated testing. Leverage tools like Git (Distributed Version Control), Gradle (build), Jenkins (Continuous Integration), and Artifactory. Continuous Delivery allows you to go to market faster and with confidence in the quality of your product. Save infrastructure costs by using these tools in the cloud during development.</li>
<li>Although there is still a place for manual testing, all tests should be automated as much as possible. In addition to the traditional unit tests (using tools like JUnit, TestNG, and Mockito), embrace automated cross-device, cross-browser, and cross-platform user interface (UI) testing using a tool like Selenium.</li>
<li>Web services and performance testing should also become part of your build and Continuous Delivery pipeline using tools like soapUI and JMeter respectively. Performance testing should not be an afterthought.</li>
<li>Adopt automated code quality inspection with tools like Sonar, Checkstyle, FindBugs, and PMD. This can supplement your peer code review process and can provide you with concrete code quality metrics in addition to automatically flagging bugs (including insecure code) in your code base.</li>
<li>Write secure code by carefully studying the OWASP Top Ten. Adopt OWASP guidelines related to security testing and secure code reviews. Perform penetration testing to find vulnerabilities in your application before it is too late.</li>
<li>Do your due diligence in protecting the privacy of your users data. Put the users in control of their privacy in your system by adopting standards such as OAuth2, OpenID Connect, and the User Managed Access (UMA) protocol of the Kantara Initiative. Consider increasing the strength of authentication using multi-factor authentication (e.g., two-factor authentication using the user's phone).</li>
<li>Invest in learning and training your development team. Software excellence can only be achieved by skilled professionals.</li>
<li>Relax, have fun, and remember that software excellence is a journey. </li>
</ol>
<ul>
</ul>
Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-73518437926959944832012-05-05T17:06:00.000-04:002012-05-06T09:16:13.593-04:00How to Add Arbitrary Metadata to Any Element of an HL7 CDA DocumentThere has been a lot of buzz lately about metadata tagging in the health IT community. In this blog, I describe an approach to annotating HL7 CDA documents (or any other XML documents) without actually editing the document that is being annotated. Metadata tagging is just an example of annotation. The underlying principle of this approach is that Anyone can say Anything about Anything (the AAA slogan) which is well know in the Semantic Web community. In other words, anyone (e.g., patient, care giver, physician, provider organization) should have the ability to add arbitrary metadata to any element of a CDA document. For the sake of "Separation of Concerns" which is a fundamental principle in software engineering, the metadata should be kept out of the CDA document. The benefits of keeping the metadata or annotations out of the CDA document include:<br />
<ul>
<li>Reuse of the same metadata by distinct elements from potentially multiple clinical documents.</li>
<li>The ability to update the metadata without affecting the target CDA documents.</li>
<li>The ability for any individual, organization, or community of interest (e.g., privacy or medical device manufacturers) to create a metadata vocabulary without going through the process of modifying the normative CDA specification (or one of its offsprings like the CCD, the C32, or the Consolidated CDA) or the XDS metadata specifications. </li>
</ul>
<br />
<h3>
History and Current Status of Metadata Standards in Health IT</h3>
<br />
The CDA specification defines some metadata in the header of a CDA document. In addition, the XD* family of specifications (XDS, XDR, and XDM) also defines a comprehensive set of metadata to be used in cross enterprise document exchange. NIEM is being used currently in several health IT projects. In a previous post titled "<a href="http://efasoft.blogspot.ca/2010/12/toward-universal-exchange-language-for.html" target="_blank"><i>Toward a Universal Exchange Language for Healthcare</i></a>", I described how the NIEM metadata approach could be adapted to the healthcare domain.<br />
<br />
The President's Council of Advisors on Science and Technology (PCAST)
published a report in December 2010 entitled: "<i>Realizing the Full Potential
of Health Information Technology to Improve Healthcare for Americans:
The Path Forward</i>". To describe the proposed approach to metadata tagging, the report provides an example based on the exchange of mammograms:<br />
<blockquote>
<span style="font-style: italic;">"The physician would be able to securely search for, retrieve, and display these privacy protected data elements in much the way that web surfers retrieve results from a search engine when they type in a simple query.</span></blockquote>
<blockquote>
<span style="font-style: italic;">What enables this result is the metadata attached to each of these data elements (mammograms), which would include (i) enough identifying information about the patient to allow the data to be located (not necessarily a universal patient identifier), (ii) privacy protection information-who may access the mammograms, either identified or deidentified, and for what purposes, (iii) the provenance of the data-the date, time, type of equipment used, personnel (physician, nurse, or technician), and so forth."</span></blockquote>
The HIT Standards Committee (HITSC) Metadata Tiger Team made specific recommendations to the ONC in June 2011. These recommendations included the use of:<br />
<br />
<ul>
<li>Policy Pointers: URLs that point to external policy documents affecting the tagged data element.</li>
<li>Content Metadata: the actual metadata with datatype (clinical category) and sensitivity (e.g., substance abuse and mental health).</li>
<li>Use of the HL7 CDA R2 with headers.</li>
</ul>
<br />
Based on those recommendations, the ONC published a Notice of Proposed Rule Making (NPRM) in August 2011 to receive comments on proposed metadata standards.<br />
<br />
The Data Segmentation Working Group of the ONC Standards and Interoperability Framework is currently working on metadata tagging for compliance with privacy policies and consent directives. <br />
<br />
<br />
<h3>
The Annotea Protocol </h3>
<br />
The capability to add arbitrary metadata to documents without modifying them has been available in the Semantic Web for at least a decade. Indeed, it is hard to talk about metadata without a reference to the Semantic Web. I will use the W3C Annotea Protocol (which is implemented by the Amaya open source project) to demonstrate this capability. I will also show that this approach does not require the use of the Resource Description Framework (RDF) format and related Semantic Web technologies like OWL and SPARQL. The approach can be adapted to alternative representation formats such as XML, JSON, or the Atom syndication format.
Let's assume that I need to add metadata tags to the CDA document below. The CDA document has only one problem entry for substance abuse disorder (SNOMED CT code 66214007) and my goal is to attach privacy metatada prohibiting the disclosure of that information (the most relevant elements are highlighted in red):<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;"><ClinicalDocument></span><br />
<span style="font-family: "Courier New",Courier,monospace;">.....<br /><component><br /><structuredBody><br /><component><br /><!--Problems--><br /><section><br /><templateId root="2.16.840.1.113883.3.88.11.83.103"<br /> assigningAuthorityName="HITSP/C83"/><br /><templateId root="1.3.6.1.4.1.19376.1.5.3.1.3.6"<br /> assigningAuthorityName="IHE PCC"/><br /><templateId root="2.16.840.1.113883.10.20.1.11" assigningAuthorityName="HL7 CCD"/><br /><!--Problems section template--><br /><code code="11450-4" codeSystem="2.16.840.1.113883.6.1" codeSystemName="LOINC"<br /> displayName="Problem list"/><br /><title>Problems</title><br /><text>...</text><br /><b style="color: red;"><entry typeCode="DRIV"></b><br /><act classCode="ACT" moodCode="EVN"><br /> <templateId root="2.16.840.1.113883.3.88.11.83.7"<br /> assigningAuthorityName="HITSP C83"/><br /> <templateId root="2.16.840.1.113883.10.20.1.27"<br /> assigningAuthorityName="CCD"/><br /> <templateId root="1.3.6.1.4.1.19376.1.5.3.1.4.5.1"<br /> assigningAuthorityName="IHE PCC"/><br /> <templateId root="1.3.6.1.4.1.19376.1.5.3.1.4.5.2"<br /> assigningAuthorityName="IHE PCC"/><br /> <!-- Problem act template --><br /> <id root="6a2fa88d-4174-4909-aece-db44b60a3abb"/><br /> <code nullFlavor="NA"/><br /> <statusCode code="completed"/><br /> <effectiveTime><br /> <low value="1950"/><br /> <high nullFlavor="UNK"/><br /> </effectiveTime><br /> <performer typeCode="PRF"><br /> <assignedEntity><br /> <id extension="PseudoMD-2" root="2.16.840.1.113883.3.72.5.2"/><br /> <addr/><br /> <telecom/><br /> </assignedEntity><br /> </performer><br /> <entryRelationship typeCode="SUBJ" inversionInd="false"><br /> <b style="color: red;"><observation classCode="OBS" moodCode="EVN"></b><br /> <templateId root="2.16.840.1.113883.10.20.1.28"<br /> assigningAuthorityName="CCD"/><br /> <templateId root="1.3.6.1.4.1.19376.1.5.3.1.4.5"<br /> assigningAuthorityName="IHE PCC"/><br /> <!--Problem observation template - NOT episode template--><br /> <id root="d11275e7-67ae-11db-bd13-0800200c9a66"/><br /> <code code="64572001" displayName="Condition"<br /> codeSystem="2.16.840.1.113883.6.96"<br /> codeSystemName="SNOMED-CT"/><br /> <text><br /> <reference value="#PROBSUMMARY_1"/><br /> </text><br /> <statusCode code="completed"/><br /> <effectiveTime><br /> <low value="1950"/><br /> </effectiveTime><br /> <b style="color: red;"><value displayName="Substance Abuse Disorder" code="66214007" codeSystemName="SNOMED" codeSystem="2.16.840.1.113883.6.96"/></b><br /> <entryRelationship typeCode="REFR"><br /> <observation classCode="OBS" moodCode="EVN"><br /> <templateId root="2.16.840.1.113883.10.20.1.50"/><br /> <!-- Problem status observation template --><br /> <code code="33999-4" codeSystem="2.16.840.1.113883.6.1"<br /> displayName="Status"/><br /> <statusCode code="completed"/><br /> <value code="55561003"<br /> codeSystem="2.16.840.1.113883.6.96"<br /> displayName="Active"><br /> <originalText><br /> <reference value="#PROBSTATUS_1"/><br /> </originalText><br /> </value><br /> </observation><br /> </entryRelationship><br /> </observation><br /> </entryRelationship><br /></act><br /></entry><br /></section><br /></component><br /></structuredBody><br /></component><br /></ClinicalDocument></span><br />
<br />
<br />
<br />
The following is a separate annotation document containing some metadata pointing to the Substance Abuse Disorder entry in the target CDA document:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<r:RDF xmlns:r="http://www.w3.org/1999/02/22-rdf-syntax-ns#"<br />
xmlns:a="http://www.w3.org/2000/10/annotation-ns#"<br />
xmlns:d="http://purl.org/dc/elements/1.1/"><br />
<r:Description><br />
<r:type r:resource="http://www.w3.org/2000/10/annotation-ns#Annotation"/><br />
<r:type r:resource="http://www.w3.org/2000/10/annotationType#Metadata"/><br />
<b style="color: red;"><a:annotates r:resource="http://hospitalx.com/ehrs/cda.xml"/></b><br />
<div style="color: red;">
<b> <a:context>http://hospitalx.com/ehrs/cda.xml#xpointer(/ClinicalDocument/component/structuredBody/component[1]/section[1]/entry[1])</a:context></b></div>
<d:title>Sample Metadata Tagging</d:title><br />
<d:creator>Bob Smith</d:creator><br />
<a:created>2011-10-14T12:10Z</a:created><br />
<d:date>2011-10-14T12:10Z</d:date><br />
<b style="color: red;"> <a:body>Do Not Disclose</a:body></b><br />
</r:Description><br />
</r:RDF></div>
<br />
Please note a few interesting facts about the annotation document:<br />
<br />
<ul>
<li>As explained by the original specification: <i>"The Annotea protocol works without modifying the original document; that is, there is no requirement that the user have write access to the Web page being annotated." </i></li>
<li>The annotation itself has metadata using the well known Dublin Core metadata specification to specify who created this annotation and when.</li>
<li>The document being annotated is cda.xml located at <span style="font-family: "Courier New",Courier,monospace;">http://hospitalx.com/ehrs/cda.xml</span>. This is described by the element <span style="font-family: "Courier New",Courier,monospace;"><a:annotates r:resource="http://hospitalx.com/ehrs/cda.xml"/>.</span></li>
<li>The specific element that is being annotated within the target CDA document is specified by the <span style="font-family: "Courier New",Courier,monospace;">context </span>element:
<span style="font-family: "Courier New",Courier,monospace;"><a:context>http://hospitalx.com/ehrs/cda.xml#xpointer(/ClinicalDocument/component/structuredBody/component[1]/section[1]/entry[1])</a:context></span><span style="font-family: "Courier New",Courier,monospace;"> </span>using <a href="http://www.w3.org/TR/2003/REC-xptr-framework-20030325/" target="_blank">XPointer</a>, a specification described by the W3C as <i>"the language
to be used as the basis for a fragment identifier for any URI reference that
locates a resource whose Internet media type is one of <span style="font-size: small;"><code>text/xml</code>, <code>application/xml</code>, <code>text/xml-external-parsed-entity</code>,
or <code>application/xml-external-parsed-entity</code>.</span>"</i></li>
<li style="font-family: inherit;">The XPath expression <span style="font-family: "Courier New",Courier,monospace;">/ClinicalDocument/component/structuredBody/component[1]/section[1]/entry[1]</span> within the XPointer is used to target the <span style="font-family: "Courier New",Courier,monospace;">entry</span> element in the CDA document.</li>
<li style="font-family: inherit;">Using XPath (1.0 or 2.0) allows us to address any element (or node) in an XML document. For example, this XPath <span style="font-family: "Courier New",Courier,monospace;">//value[@code='66214007']/ancestor::entry</span> will point to any <span style="font-family: "Courier New",Courier,monospace;">entry </span>element which contains a <span style="font-family: "Courier New",Courier,monospace;">value </span>element with an attribute <span style="font-family: "Courier New",Courier,monospace;">code='66214007'</span> (essentially targeting all <span style="font-family: "Courier New",Courier,monospace;">entry </span>elements which contain a Substance Abuse Observation). The combination of XPath, XPointer, and standard medical terminology codes gives the ability to attach any annotation or metadata to any element having interoperable semantics.</li>
<li style="font-family: inherit;">The <span style="font-family: "Courier New",Courier,monospace;">body </span>element contains the actual annotation: <span style="font-family: "Courier New",Courier,monospace;"><a:body>Do Not Disclose</a:body>. </span>However, the <span style="font-family: "Courier New",Courier,monospace;">body </span>of the annotation can also be located outside of the annotation (e.g., in a shared metadata registry) in which case the <span style="font-family: "Courier New",Courier,monospace;">body </span>element will be marked up as in the following example:<span style="font-family: "Courier New",Courier,monospace;"> <a:body r:resource="http://metadataregistry.com/myconsentdirectives.xml"/></span></li>
</ul>
<br />
<h3>
Alternative Representations</h3>
<h3>
</h3>
As mentioned before, for those who for one reason or another don't want to use RDF and related Semantic Web technologies, the annotation can be easily converted to a pure XML (as opposed to RDF/XML), JSON, or Atom representation. The original <a href="http://www.w3.org/2002/12/AnnoteaProtocol-20021219" target="_blank">Annotea Protocol</a> describes a RESTful protocol which includes the following operations: posting, querying, downloading, updating, and deleting annotations. The <a href="http://www.ietf.org/rfc/rfc5023.txt" target="_blank">Atom Publishing Protocol (APP)</a> is a newer RESTful protocol that is well adapted to the Atom syndication format.<br />
<br />
<br />
<h3>
Processing Annotations with XPointer</h3>
<br />
How the annotations are processed and consumed is only limited by the requirements of a specific application and the imagination of the developers writing it. For example, an application can read both the annotation document and the target CDA document and overlay the annotations on top of the entries in the CDA document while displaying the latter in a web browser. Another example is the enforcement of privacy policies and preferences prior to exchanging the CDA document. The issue that will be raised is how to process the XPointer fragment identifiers. XPointer uses XPath which is a well established XML addressing mechanism supported by many XML processing APIs across programming languages. For those of you who use XSLT2 to process CDA documents, there is the open source <a href="http://www.rotorz.com/xml/2009/XPointer/" target="_blank">XPointer Framework for XSLT2</a> for use with the Saxon XSLT2 engine.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0tag:blogger.com,1999:blog-2374388455287292795.post-49367183736245617462012-02-06T21:15:00.021-05:002012-02-10T09:50:21.549-05:00Toward Intelligent Health IT (iHIT) Systems: Getting Out of the BoxIn this post, I describe a new type of application that I refer to as iHIT. iHIT stands for Intelligent Health IT.<br /><br /><span style="font-weight:bold;">The Architecture of Traditional Health IT systems</span><br /><br />Traditional software architectures for health IT systems typically include the following:<br /><ul><br /><li>Dependency Injection (DI)<br /><br /><li>Object Relational Mapping (ORM)<br /><br /><li>An architectural pattern for the presentation layer such as the Model View Controller (MVC) pattern<br /><br /><li>HTML5, CSS3, and a JavaScript library like JQuery/Mobile<br /><br /><li>Other architectural patterns including GoF Design Patterns, SOLID Principles, and Domain Driven Design (DDD)<br /><br /><li>Structured Query Language (SQL)<br /><br /><li>Enterprise Integration Patterns (EIPs) implemented through an Enterprise Service Bus (ESB) using HL7 messages as the "Published Language"<br /><br /><li>REST or SOAP-based web services.<br /></ul><br />An entire generation of developers has been trained in these techniques. They represent proven best practices accumulated over several decades of object-oriented design and relational data management. Although pervasive in today's clinical systems, these applications lack basic intelligent features such as the ability to capture and execute expert knowledge, make inferences, or make predictions about the future based on the analysis of historical data. Some of these systems actually look like glorified data entry systems.<br /><br />With the availability and explosion of medical knowledge and real world observational EHR data, these intelligent features will become important in assisting clinicians in the medical decision making process at the point of care by reducing their cognitive load.<br /><br /><span style="font-weight:bold;">Intelligent Health IT (iHIT) Systems</span><br /><br />iHIT systems process huge quantities of both structured and unstructured data to provide clinicians with specific recommendations. iHIT systems play an important role in translating Comparative Effectiveness Research (CER) findings into clinical practice. Comparative effectiveness Research (CER), an emerging trend in Evidence Based Medicine (EBM), has been defined by the Federal Coordinating Council for CER as "<span style="font-style:italic;">the conduct and synthesis of research comparing the benefits and harms of different interventions and strategies to prevent, diagnose, treat and monitor health conditions in 'real world' settings.</span>" For example, based on the clinical profile of a patient, CER can help determine the best treatment option for breast cancer among the various options available such as: chemotherapy, radiation therapy, and surgery (Masectomy and Lumpectomy).<br /><br />The following are examples of key characteristics displayed by iHIT systems:<br /><ul><br /><li>The ability to analyze patient data as well as very large historical observational data sets in order to make probability-based predictions about the future and recommend specific actions that can yield the best clinical outcomes given the clinical profile of a patient.<br /><br /><li>The ability to capture and execute expert knowledge such as the medical knowledge contained in Clinical Practice Guidelines (CPGs). This includes the ability to mediate between different CPGs to arrive at a specific recommendation by merging and reconciling the medical knowledge in multiple CPGs as is the case with patients with comorbidities.<br /><br /><li>The ability to perform automated reasoning by inferring new implicit clinical facts from existing explicit facts and by exploiting semantic relationships between concepts and entities.<br /><br /><li>The ability to retrieve knowledge from unstructured data sources such as the biomedical research literature from sources like PubMed in order to answer clinical questions sometimes posed in natural language.<br /><br /><li>The ability to learn over time (and hence become smarter) as the amount of processed data continues its exponential growth.<br /><br /><li>Very fast response time to queries over very large data sets.<br /></ul><br /><br />Sounds like Artificial Intelligence (AI)? I believe we are indeed witnessing the resurgence of AI and even the ideas of the Semantic Web in the healthcare industry. As healthcare costs and quality become national priorities for many countries around the world, the boundaries of computing will continue to be pushed further. Actually, some of the underlying principles of intelligent systems were originally developed decades and even centuries ago in the field of biomedical research. Williams Osler (1849-1919) famously said: <br /><blockquote><br /><span style="font-style:italic;">Medicine is a science of uncertainty and an art of probability</span>.</blockquote><br />Technologically advanced and competitive industries like financial services (e.g., credit eligibility and fraud detection), online retail (e.g., recommendation engine), and logistics (e.g., delivery route optimization) have adopted some of these technologies. Health IT developers now need to embrace them as well. This will require thinking out of the box.<br /><br /><br /><span style="font-weight:bold;">The Ingredients of iHIT Systems</span><br /><br />iHIT systems represent not one, but the integration of many different technologies. Mathematical Models, Statistical Analysis, and Machine Learning algorithms play an important role in iHIT systems. Examples include:<br /><ul><br /><li>Logistic Regression models<br /><br /><li>Decision Trees<br /><br /><li>Association Rules<br /><br /><li>Bayesian Network<br /><br /><li>Neural Networks<br /><br /><li>Random Forests<br /><br /><li>Time Series for temporal reasoning<br /><br /><li>k-means Clustering <br /><br /><li>Support Vector Machines (SVM)<br /><br /><li>Probabilistic Graphical Models (PGMs) based on methods such as Bayesian networks and Markov Networks for making clinical decisions under uncertainty.<br /></ul><br />These algorithms can be used not only for making therapeutic predictions (e.g., the future hospitalization risk of a patient with Asthma), but also for dividing a population into subgroups based on the clinical profile of patients in order to achieve the best treatment outcomes. <br /><br />Clinical Practice Guidelines (CPGs) are usually-based on Systematic Reviews (SRs) of Randomized Controlled Trials (RCTs) which are essentially scientific experiments. According to a report titled "<span style="font-style:italic;">Clinical Practice Guidelines (CPGs) We Can Trust</span>" which was published last year by the Institute Of Medicine (IoM):<br /><br /><blockquote><span style="font-style:italic;">However, even when studies are considered to have high internal validity, they may not be generalizable to or valid for the patient population of guideline relevance. Randomized trials commonly have an under representation of important subgroups, including those with comorbidities, older persons, racial and ethnic minorities, and low-income, less educated, or low-literacy patients. Many RCTs and observational studies fail to include such "typical patients" in their samples; even when they do, there may not be sufficient numbers of such patients to assess them separately or the subgroups may not be properly analyzed for differences in outcomes.</span></blockquote><br />On the other hand, observational studies using statistical analysis and machine learning algorithms operate on large real world observational data and can therefore provide feedback on the effectiveness of the actual use of different therapeutic interventions. Although very costly, RCTs are still considered the strongest form of evidence in EBM. Despite their inherent methodological challenges (lack of randomization leading to possible bias and confounding), observational studies are increasingly recognized as complementary to RCTs and an important tool in clinical decision making and health policy. iHIT systems play an important role in translating Comparative Effectiveness Research (CER) findings into clinical practice in the form of clinical decision support (CDS) interventions at the point of care.<br /><br />iHIT systems also use business rules engines to capture and execute expert knowledge such as the medical knowledge contained in Clinical Practice Guidelines (CPGs). Examples include rules engines based on forward chaining inference, also known as production rule systems. These rules engines can be combined with Complex Event Processing (CEP) and Business Process Management (BPM) for intelligent decision making.<br /><br />iHIT systems support ontologies such as those represented by the web ontology language (OWL) providing reasoning capabilities as well as the ability to navigate semantic relationships between concepts and entities.<br /><br />More advanced iHIT systems have Natural Language Processing (NLP) and Automatic Speech Recognition (ASR) capabilities in order to answer clinical questions posed in natural language. They rely on Information Retrieval techniques like probabilistic methods for scoring the relevance of a document given a query and the application of supervised machine learning classification methods such as decision trees, Naive Bayes, K-Nearest Neighbors (kNN), and Support Vector Machines (SVM).<br /><br />In some cases, the responsibilities of an iHIT system are performed by Intelligent Agents which are autonomous entities capable of observing the clinical environment and acting upon those observations.<br /><br />For scalability and performance, iHIT systems often sit on NoSQL databases and run on massively parallel computing platforms like Apache Hadoop while leveraging the elasticity of the cloud.<br /><br />Integrating these technologies is the main challenge posed by iHIT systems. An example is the integration between statistical and machine learning models, business rules, ontologies, and more traditional forms of computing such as object-oriented programming. Various solutions to these challenges have been proposed and implemented.<br /><br /><span style="font-weight:bold;">Human-Centered Design</span><br /><br />Finally, iHIT systems fully embrace a human-centered design approach. They provide a seamless integration between automated decision logic and clinical workflows. They provide the clinician with detailed explanations of the rationale behind the actions they recommend. In addition, they use techniques like Visual Analytics to enhance human cognitive abilities in order to facilitate analytical reasoning over very large data sets.Vidjinnagni Amoussouhttp://www.blogger.com/profile/06437681488603449364noreply@blogger.com0