Title Design and Implementation Issues of a Secure Cloud-Based Health Data Management System Frank Steimle, Matthias Wieland, Bernhard Mitschang, Sebastian Wagner, and Frank Leymann Funded By:
Agenda Title Introduction to the ECHO project Problem description Solution Design and Implementation Issues ECHO: An Active Health Data Management System System Architecture RESTful Interfacing the Health Data Management Layer Health Data Management Automated Provisioning and Management of the Health Data Management Layer Summary and Future Work 2
Introduction: What Title the Problem is Chronic disease patients may not have regular communication with physicians Lack of time, economic difficulties or negligence This may induce exacerbation of their condition, possible hospitalization But closer connectivity can ensure uninterrupted care and crisis avoidance Field of Application is COPD - chronic obstructive pulmonary disease 3
Introduction: What Title We Want to Do Combine human medical expertise with state-of-the-art technologies, like cloud computing, data mining, and smart phones Enable regular monitoring of patients and avoidance of medical emergencies Patients enter Data on a daily basis The system analyzes the incoming data If the system recognizes a dangerous situation it notifies the patient and the doctor 4
Title Design & Implementation Issues 5
Design and Implementation Title Issues (1) Data Privacy & Security Health data are sensitive data and have to be protected by means of encryption, access control, SQL injection prevention, input verification... Support of User Roles Separation of patients and physicians Different Access Channels Support many possbilities how a client can access the system: web, mobile, etc. Support of multiple hospitals The system has to be easily adaptable to different hospitals. Cloud readiness Enable automatic management and deploying in cloud environments. 6
Design and Implementation Title Issues (2) Easy Development of Applications Provide Uniform API, good documentation, and tool support. Scalability System should react fast even if many users access it. Plus, it has to deal with more and more data. Automatic Health Data Analysis and Active Behavior The System should automatically analyze data provided by the patient and react to possible health problems by generating notifications. Data Quality The system has to implement mechanisms that ensure data quality. Extensible service-based Architecture It should be possible to create new services by composing existing services, like Health Services which manage patients data or Analytic Services which analyze patients data. 7
Title The ECHO System: An Active Health Data Management System 8
ECHO System: Title Architecture Smartphone Pa(ents App Smartphone Browser Browser Doctors App Doctors Portal Pa(ents Portal Applica'on Layer: ECHO Frontend Health Status Health Risk (& SMS) Push No(fica(on (& SMS) Recommenda(ons Enquiries Enquiries Enquiries Enquiries Health API (RESTful) Orchestra(ons Health Services Analy(cs Analy(cs Management & Provisioning Engine Health Data Health Data Management Layer: ECHO Pla=orm Health Server (Cloud Service) 9
Health API: Title Resources Health API used to store data/query the system. RESTful HTTP-API to simplify application development Resources: Questions 1 Notifications 1 Accounts 1 Patients 1 * Question Subresources of Patient 1 * * 1 0..1 Account Patient 1 1 1 1 1 1 1 Daily Reports CATs CCQs Charlsons Readings Treatments Death 1 1 1 1 1 1 * * * * * * Daily Report CAT CCQ Charlson Reading Treatment 1 10
Health API: Title Security Transport Security: SSL Authentication: Token-Based OAuth 2.0 Library JSON Web Token Token is digitally signed and contains user information Token has to be send in the Authentication-Header Token can expire Refresh Token can be used to get a new Token 11
Health API: Title Implementation Implemented using node.js & Express-Framework Calling a Health Service via the Health API: Request+ Authen'ca'on+ Error+ Input+Parser+ Health+Service+ Response+ Error+Handling+ Error+Message+ 12
Health API: Title Documentation Swagger is used for Documentation of the Health API It is a Description Language for REST Services based on JSON Swagger enables: Service Discovery Model Definitions Generation of Client and Server Stubs ECHO System comes with SwaggerUI interactive documentation 13
Health Data Title Management: Health Data Model MySQL for Health Data Management RDBMS because it enforces data integrity and has security features like views Health Data Model: Accounts Daily Reports CCQs CATs Pa1ents Death Charlsons Readings Treatments No1fica1ons 14
Health Data Title Management: Simple Analyses Data entered by the patient: Q1: Did your shortness of breath increase? Q2: Did your cough increase? Q3: Did your sputum change? Q4: Did you have chest pain or discomfort? Q5: Did you take the same medications? Or increased them?...and some measurements, like heart rate and temperature Rule-based Analysis: e.g., Q1, Q2 & Q3 answered with yes Call your physician! 15
Health Data Title Management: Security Database user for each system user This user is used by the health service to store/query data Views filter data depending on logged in user Right management of Database is used to secure data User Roles Available roles: patient, doctor, admin MySQL does not support user roles Stored Procedure sets appropriate access privileges Injection Prevention Node.js has no support for prepared statements Stored procedures for writing Health Services 16
Automated Provisioning Title and Management of the Health Data Management Layer System has to be easily deployable in different IT environments Management tasks (e.g., backup/workload-depending scaling) should be automated. We used the TOSCA standard to achieve this Topology and Orchestration Specification for Cloud Applications TOSCA is used to describe the platform and the management functions in a machine-readable and self-contained manner TOSCA descriptions can be deployed in any supported cloud environment 17
Title ECHO TOSCA Topolgy (SQLConnec*on), OpenStack,VM, (Server), OpenStack,VM, (Server), OpenStack,VM, (Server), Ubuntu,14.04, (Opera*ng, System), Ubuntu,14.04, (Opera*ng, System), Ubuntu,14.04, (Opera*ng, System), Node.JS,0.10.25, (Node.JS), Tomcat,7.0, (ApacheTomcat), MySQL,5.5, (DBMS), Analy*cs,Service, (Axis2,Web, Service), Health,Data,DB, (Database), WSO2, (BPEL,Engine), Service, Orchestra*on, (BPEL,Process), Health,API, (JavaScript), Health,Service, (JavaScript), (SQLConnec*on), (calls), (calls), (calls), (calls), (calls), 18
Title Summary 19
Design and Implementaion Title Issues: Revisited Issue Data Security User Roles Access Channels Mul1ple Hospitals Cloud Readiness Easy App Development Ac1ve Behavior Scalabil1y Extensible Architecture Solu(on Views, Encryp1on, Token- based Authen1fica1on Roles: doctor, pa1ent and admin Mobile/Web via REST Interface HDML can provide Ques1ons TOSCA REST Interface, Swagger Descrip1ons System analyzes Data and creates No1fica1ons REST, Node.js can easily be scaled up New services can be composed from exis1ng ones 20
Summary and Title Future Work We have build an active Health Data Management System Our system can be deployed in many different cloud environments We identified issues and showed how to solve them Future Work: HL7 support Data Mining Customizable Analyzes 21
Title THANK YOU http://chroniconline.eu