chino poster im/ifip

1
Low-Level Operations (LLO) Data Management Interfaces (DMI) Medical Record System Medical Record System Medical Record System Medical Record System Goals and Approach CHINO Process Definition and Execution Medical Record Sharing Jovan Stevovic, Fabio Casati, Bilal Farraj Dep. of Information Engineering and Computer Science University of Trento, Italy icons by http://dryicons.com EHR Electronic Health Record System The CHINO Business Process and Policy Execution Framework Healthcare services = joint work of many organizations Develop a system to easily share medical records while satisfying security, privacy and business requirements Compliance-Aware Cross-Organization Medical Record Sharing Record Store Data Filtering PEP Metadata Registry Business Rules Manager Access Rights PEP Shared Process Execution Environment The main modeler components are: A: List of all processes B: The Modeling framework C: List of the Custom CHINO elements D: Configuration of the custom elements DMI and LLO implemented using SOA and EDA architectural patterns Some of the used tools: Activiti BPM open source engine, Mule ESB, MySQL, ebXML Registry Security policies Access control Encryption strategy Data storage location Requirements and Case Study Jun Li, Hamid R. Motahari-Nezhad Hewlett-Packard Laboratories Palo Alto, California, USA Giampaolo Armellin CRG - Centro Ricerche GPI Trento, Italy 1. Identification of Business Requirements 2. Identification of Compliance Requirements 3. Definition of Compliance-Aware Data Management Scenarios 4. Definition of Executable Processes and Policies 5. Deployment and Execution inside Runtime Environment Chief Information Officer Business Analyst Business Analyst and Developer Developer Chief Compliance Officer Patient Doctor Specialist 0: specifies/accepts sharing policies 1: problem description 2: consultation request 4: request records 3: consultation request 7: Records / request denied 6: retrieve record from external store 5: check policies Doctor-consultation scenario in Italy EHR Electronic Health Record System Patient Doctor Specialist 6: approve/ deny 1: problem description 2: consultation request 4: request records 3: consultation request 7: Records / request denied Doctor-consultation scenario in UK 5: request approval Privacy policies Data owners Policy enforcement points Purposes of use of data Business specific requirements EHR standards Organizations’ requirements The CHINO Methodology Interactions Business req. Descriptions of services Security req. Privacy req. Compliance requirements High-level representation describing the interactions annotated with privacy, security and compliance req. input output input output output Executable compliance-aware business processes and rules. output Compliance-aware medical record sharing output It is challenging due to security, privacy and business requirements The Process Modeling and Policy Definition Framework Enable organizations to define their own data management processes and policies that manage their data and share them with others pushRecord getRecord grantRights pushMetadata The CHINO framework elements: Two categories of data: Records: detailed and privacy sensitive information Metadata: describes Records Rules: Access Right Rules: defines access control over Metadata and Records Privacy Filtering Rules: fine-grained data filtering mechanism for XML or HL7 data Data Management Interfaces (DMI): pushRecord, getRecord, grantRights to manage Records and Metadata Modeling Elements: BPMN 2.0 elements: supported by the Activiti engine. Custom CHINO BPMN elements: to facilitate access to LLO and interaction with external organizations trough DMI. Low Level Operations (LLO): pushRecord, getRecord, grantRights to access to internal components OpenMRS + CHINO integration 1. Doctor-consultation module for OpenMRS 2. Integrated with CHINO 3. 2 sets of processes to demonstrate cross- regulation record sharing. Validation Specialist Doctor The custom CHINO tasks are mapped on Low-Level Operations over data and policies Record requests trigger record owners’ processes and policies From requirements collection to process and policy execution demo Ongoing study with 2 Groups 1. Developers and Business Analysts to understand if it is feasible to model requirements with CHINO. - preliminary results are positive 2. Privacy Experts: to understand if CHINO process visibility can improve trust User Study our approachData sharing is essential but...

Upload: jovan-stevovic

Post on 19-Jun-2015

89 views

Category:

Documents


1 download

DESCRIPTION

Poster presented at the Integrated Management (IM) conference in 2013

TRANSCRIPT

Page 1: CHINO poster IM/IFIP

Low-Level Operations (LLO)

Data Management Interfaces (DMI)

Medical Record System

Medical Record System

Medical Record System

Medical Record System

Goals and Approach

CHINO Process Definition and Execution

Medical Record Sharing

Jovan Stevovic, Fabio Casati, Bilal Farraj Dep. of Information Engineering and Computer Science

University of Trento, Italy

icons by http://dryicons.com

EHR Electronic Health Record System

The CHINO Business Process and Policy Execution Framework

Healthcare services = joint work of many organizations

Develop a system to easily share medical records while satisfying security, privacy and business requirements

Compliance-Aware Cross-Organization Medical Record Sharing

Record Store

Data Filtering PEP

Metadata Registry

Business Rules Manager

Access Rights PEP

Shared Process Execution Environment

The main modeler components are: A: List of all processes B: The Modeling framework C: List of the Custom CHINO elements D: Configuration of the custom elements

DMI and LLO implemented using SOA and EDA architectural patterns Some of the used tools: Activiti BPM open source engine, Mule ESB, MySQL, ebXML Registry

Security policies ¡ Access control

¡ Encryption strategy

¡ Data storage location

Requirements and Case Study

Jun Li, Hamid R. Motahari-Nezhad Hewlett-Packard Laboratories

Palo Alto, California, USA

Giampaolo Armellin CRG - Centro Ricerche GPI

Trento, Italy

1. Identification of Business Requirements

2. Identification of Compliance Requirements

3. Definition of Compliance-Aware Data Management Scenarios

4. Definition of Executable Processes and Policies

5. Deployment and Execution inside Runtime Environment

Chief Information

Officer

Business Analyst

Business Analyst and Developer

Developer

Chief Compliance

Officer

Patient

Doctor

Specialist

0: specifies/accepts sharing policies 1: problem

description

2: consultation request

4: request records

3: consultation request

7: Records / request denied

6: retrieve record from external store

5: check policies

Doctor-consultation scenario in Italy

EHR Electronic Health Record System

Patient

Doctor

Specialist

6: approve/ deny

1: problem description

2: consultation request

4: request records

3: consultation request

7: Records / request denied

Doctor-consultation scenario in UK

5: request approval

Privacy policies ¡ Data owners

¡ Policy enforcement points

¡ Purposes of use of data

Business specific requirements ¡ EHR standards

¡ Organizations’ requirements

The CHINO Methodology

•  Interactions •  Business req.

Descriptions of services

•  Security req. •  Privacy req.

Compliance requirements

High-level representation describing the interactions annotated with privacy, security

and compliance req.

input output input output

output

Executable compliance-aware business processes and rules.

output

Compliance-aware medical record sharing

output

It is challenging due to security, privacy and business requirements

The Process Modeling and Policy Definition Framework

Enable organizations to define their own data management processes and policies that manage their data and share them with others

pushRecord getRecord grantRights pushMetadata

The CHINO framework elements: ¡ Two categories of data:

•  Records: detailed and privacy sensitive information

•  Metadata: describes Records

¡ Rules:

•  Access Right Rules: defines access control over Metadata and Records

•  Privacy Filtering Rules: fine-grained data filtering mechanism for XML or HL7 data

¡ Data Management Interfaces (DMI):

•  pushRecord, getRecord, grantRights to manage Records and Metadata

¡ Modeling Elements:

•  BPMN 2.0 elements: supported by the Activiti engine.

•  Custom CHINO BPMN elements: to facilitate access to LLO and interaction with external organizations trough DMI.

¡ Low Level Operations (LLO):

•  pushRecord, getRecord, grantRights to access to internal components

OpenMRS + CHINO integration 1.  Doctor-consultation module for OpenMRS 2.  Integrated with CHINO 3.  2 sets of processes to demonstrate cross-

regulation record sharing.

Validation Validation

Specialist Doctor

The custom CHINO tasks are mapped on Low-Level Operations

over data and policies

Record requests trigger record owners’ processes and policies

From requirements collection to process and policy execution

demo

Ongoing study with 2 Groups 1.  Developers and Business Analysts to

understand if it is feasible to model requirements with CHINO. - preliminary results are positive

2.  Privacy Experts: to understand if CHINO process visibility can improve trust

Validation User Study

our approach… Data sharing is essential but...