Model-based Design of Clinical Information Systems

 

 Buy Article Permissions and Reprints

Summary

Objective: The goal of this research is to provide a framework to enable the model-based development, simulation, and deployment of clinical information system prototypes with mechanisms that enforce security and privacy policies.

Methods: We developed the Model-Integrated Clinical Information System (MICIS), a software toolkit that is based on model-based design techniques and highlevel modeling abstractions to represent complex clinical workflows in a service-oriented architecture paradigm. MICIS translates models into executable constructs, such as web service descriptions, business process execution language procedures, and deployment instructions. MICIS models are enriched with formal security and privacy specifications, which are enforced within the execution environment.

Results: We successfully validated our design platform by modeling multiple clinical workflows and deploying them onto the execution platform.

Conclusions: The model-based approach shows great promise for developing, simulating, and evolving clinical information systems with formal properties and policy restrictions.

• References

• 1 Kaushal A, Jha A, Franz C, Glaser J, Shetty K, Jaggi T. et al. Return on investment for a computerized physician order entry system. J Am Med Inform Assoc 2006; 13 (03) 261-266.
  CrossrefPubMedGoogle Scholar
• 2 Shabo A. A global socio-economic-medico-legal model for the sustainability of longitudinal electronic health records. Methods Inf Med 2006; 45 (03) 240-245.
  Article in Thieme ConnectPubMedGoogle Scholar
• 3 Simon SJ, Simon SJ. An examination of the financial feasibility of Electronic Medical Records (EMRs): a case study of tangible and intangible benefits. Int J Med Inform 2006; 2 (02) 185-200.
  PubMedGoogle Scholar
• 4 Menachemi N, Brooks RG. Reviewing the benefits and costs of electronic health records and as-sociated patient safety technologies. J Med Syst 2006; 30 (03) 159-168.
  CrossrefPubMedGoogle Scholar
• 5 Lo HG, Newmark LP, Yoon C, Volk LA, Carlson VL, Kittler AF. et al. Electronic health records in specialty care: a time-motion study. J Am Med Inform Assoc 2007; 14 (05) 609-615.
  CrossrefPubMedGoogle Scholar
• 6 Pizziferri L, Kittler AF, Volk LA, Honour MM, Gupta S, Wang T. et al. Primary care physician time utilization before and after implementation of an electronic health record: a time-motion study. J Biomed Inform 2005; 38 (03) 176-188.
  CrossrefPubMedGoogle Scholar
• 7 Silver MR, Lusk R. Patient safety: a tale of two systems. Qual Manag Health Care 2002; 10 (02) 12-22.
  CrossrefPubMedGoogle Scholar
• 8 Frank L, Galanos H, Penn S, Wetz Jr HF. Using BPI and emerging technology to improve patient safety. J Healthc Inf Manag 2004; 18 (01) 65-71.
  PubMedGoogle Scholar
• 9 Shepherd M, Zitner D, Watters C. Medical portals: web-based access to medical information. In: Sprague, RH Jr. (ed.).. Proceedings of the 33rd Annual Hawaii International Conference on System Sciences (HICSS-33); 2000 Jan 4-7; Maui, HI. New York: IEEE Computer Society; 2000. pp 5003-5013.
  Google Scholar
• 10 Barnett GO, Barry MJ, Robb-Nicholson C, Morgan M. Overcoming information overload: an information system for the primary care physician. In: Fieschi M, Coiera E, LiY C. (eds.). Proceedings of the 11th World Congress on Medical Informatics (Medinfo 2004);. 2004 Sept 7-11; San Francisco, CA. Amsterdam: IOS Press; 2004. 11 Pt 1 273-276.
  Google Scholar
• 11 Masys D, Baker D, Butros A, Cowles KE. Giving patients access to their medical records: the PCASSO experience. J Am Med Inform Assoc 2002; 9: 181-191.
  CrossrefPubMedGoogle Scholar
• 12 Cimino JJ, Patel VL, Kushniruk AW. The patient clinical information system (PatCIS): technical solutions for and experience with giving patients access to their electronic medical records. Int J Med Inform 2002; 68: 113-127.
  CrossrefPubMedGoogle Scholar
• 13 U.S.. Department of Health and Human Services. Standards for privacy of individually identifiable health information; Final Rule. Federal Register, 2002 Aug 12; 45 CFR: Parts 160-164.
  PubMedGoogle Scholar
• 14 U.S.. Department of Health and Human Services, Office for Civil Rights. Standards for protection of electronic health information; Final Rule. Federal Register, 2003 Feb 20; 45 CFR: Part 164.
  PubMedGoogle Scholar
• 15 Yanchuk A, Ivanyukovich A, Marchese M. Towards a mathematical foundation for serviceoriented applications design [cited 2008 Jul 21]. Available from: http://www.science.unitn.it/~marchese/pdf/Towards_SOAD_JoS_06.pdf
  PubMedGoogle Scholar
• 16 Portier B. SOA terminology overview, Part 1: Service, architecture, governance, and business terms [cited 2008 Jul 21]. Available from: http://www-128.ibm.com/developerworks/library/wssoa-term1/index.html
  PubMedGoogle Scholar
• 17 Portier B. SOA terminology overview, Part 2: Development processes, models, and assets [cited 2008 Jul 21]. Available from: http://www-128.ibm.com/developerworks/library/ws-soa-term2/index.html
  PubMedGoogle Scholar
• 18 Gray J. A conversation with Werner Vogels, CTO, Amazon.com. Web Services. 2006 [cited 2008 Jul 21]. Available from: http://portal.acm.org/ft_gateway.cfm?id=1142065&type=pdf
  PubMedGoogle Scholar
• 19 Service-Oriented Architecture [cited 2008 Jul 21]. Available from: http://www.oracle.com/ technologies/soa/index.html
  PubMed
• 20 Service-Oriented Architecture (SOA) [cited 2008 Jul 21]. Available from: http://www.sun.com/ products/soa/index.jsp
  PubMed
• 21 SOA Software – Solutions – SOA Fabric [cited 2008 Jul 21]. Available from: http://www.soa.com/index.php/section/solutions/soa_fabric/
  PubMed
• 22 WS-BPEL Extension for People – BPEL4People, http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-bpel4people/BPEL4People_white_paper.pdf
  PubMed
• 23 Werner J, Mathe J, Duncavage S, Malin B, Lédeczi Á, Jirjis J, Sztipanovits J. Platform-based design for clinical information systems. In: Dietrich D, Hancke G, Palensky P. (eds.). Proceedings of the 5th IEEE International Conference on Industrial Informatics (INDIN); 2007 June 23-27; Vienna, Austria. New York: IEEE Computer Society; 2007. pp 749-755.
  Google Scholar
• 24 Duncavage S, Mathe J, Werner J, Malin B, Lédeczi Á, Sztipanovits J. A modeling environment for patient portals. In: Teich JM. (ed.). Proceedings of the 2007 American Medical Informatics Association Annual Symposium (AMIA); 2007 Nov 10-14; Washington, DC. Philadelphia: Hanley & Belfus; 2007. pp 201-206.
  Google Scholar
• 25 Long E, Misra A, Sztipanovits J. Increasing productivity at Saturn. IEEE Computer Magazine 1998; 31 (08) 35-43.
  PubMedGoogle Scholar
• 26 Völgyesi P, Maróti M, Dóra S, Osses E, Lédeczi Á. Software composition and verification for sensor networks. Science of Computer Programming 2005; 56 (1-2): 191-210.
  CrossrefPubMedGoogle Scholar
• 27 Lédeczi Á, Davis J, Neema S, Agrawal A. Modeling methodology for integrated simulation of embedded systems. ACM Trans on Modeling and Computer Simulation 2003; 13 (01) 82-103.
  CrossrefPubMedGoogle Scholar
• 28 The Generic Modeling Environment website [cited 2008 Jul 21].. Available from: http://www.isis.vanderbilt.edu/projects/gme/
  PubMed
• 29 Kawamoto K, Lobach D. Proposal for fulfilling strategic objectives of the U.S. roadmap for national action on decision support through a service- oriented architecture leveraging HL7 services. JAm Med InformAssoc 2007; 14: 146-155.
  PubMedGoogle Scholar
• 30 Jürjens J, Rumm R. Model-based security analysis of the German health card architecture. Methods Inf Med 2008; 47: 409-416.
  Article in Thieme ConnectPubMedGoogle Scholar
• 31 Sloman MS. Policy driven management for distributed systems. Journal of Network and Systems Management 1994; 2 (04) 333-360.
  CrossrefPubMedGoogle Scholar
• 32 Alam M, Hafner M, Breu R. A constraint based role based access control in the SECTET: a model-driven approach. Journal of Computer Security 2008; 16 (02) 223-260.
  CrossrefPubMedGoogle Scholar
• 33 Alam M, Breu R, Hafner M. Modeling permissions in a (U/X)ML world. In: Wagner R, Pernul G, Takizawa M, Quirchmayr G, Tjoa A. (eds.). Proceedings of the 1st International Conference on Availability, Reliability, and Security (ARES); 2006 April 20-22; Vienna, Austria. New York: IEEE Computer Society; 2006. pp 685-692.
  Google Scholar
• 34 Zhang N, Ryan M, Gueley D. Synthesising verified access control systems in XACML. In: Backes B, Basin D, Waidner M. (eds.). Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering (FMSE); 2004 Oct 29; Washington DC. New York: ACM Press; 2004. pp 56-65.
  Google Scholar
• 35 Barth A. et al. Privacy and utility in business processes. In: Proc. IEEE CSF; 2007. pp 279-294.
  Google Scholar
• 36 OASIS Web Services Business Process Execution Language (WS-BPEL) [cited 2008 Jul 21]. Available from: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wsbpel
  PubMed
• 37 Apache Foundation, Apache Orchestration Director Engine [cited 2008 Jul 21]. Available from: http://ode.apache.org.
  PubMed
• 38 Oracle BPEL Process Manager website [cited 2008 Jul 21].. Available from: http://www.oracle.com/technology/bpel/index.html
  PubMed
• 39 ActiveBPEL Open Source Engine Project website [cited 2008 Jul 21].. Available from:. http://www.active-endpoints.com/active-bpel-engineoverview.htm
  PubMedGoogle Scholar
• 40 SOAP standard [cited 2008 Jul 21]. Available from: http://www.w3.org/TR/soap/
  PubMed
• 41 Sun’s XACML Implementation [cited 2008 Jul 21]. Available from: http://sunxacml.sourceforge.net/
  PubMed
• 42 OASIS eXtensible Access Control Markup Language (XACML) TC [cited 2008 Jul 21]. Available from: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
  PubMed
• 43 SWI-Prolog engine [cited 2008 Jul 21]. Available from: http://www.swi-prolog.org
  PubMed
• 44 Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC).. “Breakglass – an approach to granting emergency access to healthcare systems” [cited 2008 Jul 21]. Available from: http://www. nema.org/prod/med/security/.
  PubMedGoogle Scholar