Experimental Platform for Model-Integrated Clinical Information - - PowerPoint PPT Presentation

experimental platform for model integrated
SMART_READER_LITE
LIVE PREVIEW

Experimental Platform for Model-Integrated Clinical Information - - PowerPoint PPT Presentation

Dec 31, 2023 296 likes •814 views

Experimental Platform for Model-Integrated Clinical Information Systems Janos Mathe , Jan Werner , Yonghwan Lee , Akos Ledeczi , Bradley Malin # , Janos Sztipanovits Department of Electrical Engineering and Computer

slide-1
SLIDE 1

TRUST Review, April 2, 2008

Experimental Platform for Model-Integrated Clinical Information Systems

Janos Mathe‡, Jan Werner‡, Yonghwan Lee‡, Akos Ledeczi‡, Bradley Malin‡#, Janos Sztipanovits‡

‡Department of Electrical Engineering and Computer Science #Department of Biomedical Informatics

Vanderbilt University

slide-2
SLIDE 2

Context

Electronic Medical Records (EMR) is an integrative project with three main goals:

Build a credible testbed for EMR research

Contribute to solving privacy and security challenges of EMR systems applications

Use EMR application testbeds for the integration, testing, and evaluation of new technologies on core TRUST research areas, including:

  • Model-based design for security and privacy
  • Formal modeling, verification, enforcement of privacy &

security policies

  • Data mining & representation of real clinical workflows
  • Security & privacy technologies for sensor networks
  • Public policy to technology interactions

2

slide-3
SLIDE 3

Summary

1.

Experimental platform for Model-Integrated Clinical Information Systems (MICIS)

– Provide a common integration testbed for security and

privacy aware Clinical Information Systems (CIS).

2.

Component integration platform

– Based on a standard Service-Oriented Architecture

framework (SOA)

– Extended Prolog-based Policy Evaluation Point & Policy

Enforcement Point components (MICIS-PROPER)

 Reusable  Platform-Independent

– Integrated with the Apache Orchestration Director Engine

(ODE)

slide-4
SLIDE 4

Summary

3.

Model integration platform

– Built on Vanderbilt's metaprogrammable Model-Integrated

Computing (MIC) tool suite

– System models capture environment

 Workflows  Services  Deployment  Messages  Message Attributes

– Privacy modeling language based on Stanford's work on

contextual integrity

 Enables formal representation of permitted communications  Considers past, as well as future, communication instances  Organizations  Roles  Access control policies  Security policies

slide-5
SLIDE 5

Summary

3.

Model integration platform

– Experimental platform has several components:  Set of domain-specific modeling languages

– Captures relevant architectural components – Captures policy modeling aspects of selected CIS

applications

 Model transformations

– Map domain-specific models on the MICIS

component integration platform

 Example application models  Running experiments for analytic analysis

slide-6
SLIDE 6

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture (Big Picture)

slide-7
SLIDE 7

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture: Applications

slide-8
SLIDE 8

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture: Execution / Control

slide-9
SLIDE 9

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture: Modeling

slide-10
SLIDE 10

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture: Model Transforms

slide-11
SLIDE 11

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Architecture: Model Transforms

MICIS-PROPER a.k.a. Specification & Enforcement

slide-12
SLIDE 12

Modeling Integration Platform (MICIS-MIP) Model Transformation Layer

Policy Translator

Modeling Environment Model Editor Policy Models Data Models Workflow Models

MICIS-PROPER architecture

Prolog-based Policy Evaluation Point and Policy Enforcement Point (MICIS-PROPER)

slide-13
SLIDE 13

Web Service Container (Axis2 running on Tomcat) Policy Decision Point (PDP) Policy Set

Policy Store Policy Engine Policy Enforcement Point (PEP) Context Handler Web Service Web Service Policy Description Web Service Web Service

MICIS-PROPER architecture

Prolog-based Policy Evaluation Point and Policy Enforcement Point (MICIS-PROPER)

slide-14
SLIDE 14

Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Policy Translator

Modeling Environment Model Editor

Policy Models Data Models Workflow Models

Web Service Container (Axis2 running on Tomcat) Policy Decision Point (PDP) Policy Set

Policy Store Policy Engine Policy Enforcement Point (PEP) Context Handler

Web Service Web Service

Policy Description

Web Service Web Service

MICIS-PROPER architecture

slide-15
SLIDE 15

Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Policy Translator

Modeling Environment Model Editor

Policy Models Data Models Workflow Models

Web Service Container (Axis2 running on Tomcat) Policy Decision Point (PDP) Policy Set

Policy Store Policy Engine Policy Enforcement Point (PEP) Context Handler

Web Service Web Service

Policy Description

Web Service Web Service

MICIS-PROPER architecture

  • Integrated with Apache Orchestration Director Engine (ODE)
  • Enabler
  • construct rigorous specification via privacy & security languages
  • experimental analysis of specification in complex system
  • description of security and privacy constraints with temporal aspects
  • rich user-defined contextual dependence
slide-16
SLIDE 16

Tying it Together: An Example Scenario

Outpatient

Outpatient monitoring system Wearable sensors, video capture, wireless networking TRUST Project: Berkeley Cornell Vanderbilt

slide-17
SLIDE 17

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O) Outpatient Outpatient monitoring system

  • 1. send AlertMessage
slide-18
SLIDE 18

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 2. Log AlertMessage

EMR System

CIS DB

slide-19
SLIDE 19

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 3. Pull PatientRecord

EMR System

CIS DB

slide-20
SLIDE 20

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 3. Show AlertMessage

Alert Monitor System

slide-21
SLIDE 21

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

I need to see this patient’s vitals!

slide-22
SLIDE 22

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

slide-23
SLIDE 23

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 4. Request

PatientRecord

Alert Monitor System

slide-24
SLIDE 24

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 5. Request Patient

Record

EMR System

CIS DB

slide-25
SLIDE 25

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 6. Pull Patient

Record

EMR System

CIS DB

slide-26
SLIDE 26

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 7. Send Patient Record

Alert Monitor System

slide-27
SLIDE 27

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

Bob (the patient) needs help!

slide-28
SLIDE 28

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

Validate Alert

slide-29
SLIDE 29

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

slide-30
SLIDE 30

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system Alert Monitor System Nurse Monitors & verifies alerts

slide-31
SLIDE 31

Tying it Together: An Example Scenario

Clinical Information System

CIS Orchestrator (CIS-O)

Outpatient

Outpatient monitoring system

  • 8. Relay Message

Message Delivery System

slide-32
SLIDE 32

Tying it Together: An Example Scenario

Clinical Information System

Outpatient

Outpatient monitoring system

  • 9. Transform &

Notify

Message Delivery System Pager

slide-33
SLIDE 33

Tying it Together: An Example Scenario

Clinical Information System

Outpatient

Outpatient monitoring system Verified alert indicates a serious condition Message Delivery System Pager Doctor

Many options: e.g., Call  provide directions to patient e.g., Alert EMS  bring patient to hospital e.g., …

slide-34
SLIDE 34

Tying it Together: An Example Scenario

Clinical Information System

  • 1. send AlertMessage
  • 3. show AlertMessage
  • 6. send PatientRecord
  • 9. Send message
  • 4. request PatientRecord
  • 7. store AlertMessage

EMR System

CIS DB Alert Monitor System

Pager

Doctor Nurse

Message Delivery System CIS Orchestrator (CIS-O) Outpatient

  • 2. log AlertMessage
  • 5. pull PatientRecord
  • 8. Insert AlertMessage

Outpatient monitoring system Wearable sensors, video capture, wireless networking TRUST project (Berkeley, Cornell, Vanderbilt) Nurse monitors and verifies alerts Doctor is notified when a verified alert indicates a serious condition

  • Clinical information system

services, workflows, policies, roles are all captured in the models

  • The system is automatically

generated and deployed

slide-35
SLIDE 35

Receive AlertMessage Invoke MessageRender Receive EMRRequest Invoke EMR Reply Invoke AlertMessage Reply Alert Message Render WS Message Sender WS Reply EMR Receive OPMAlert Invoke LogService Invoke EMRStore Receive EMRStore EMR WS Invoke MessageSender

Asynchronous Message exchange Synchronous Message exchange OPMAlertMain OPMAlertMonitor Access Control Policy Execution Point

Example: A Little Deeper

slide-36
SLIDE 36

Receive AlertMessage Invoke MessageRender Receive EMRRequest Invoke EMR Reply Invoke AlertMessage Reply

Alert Message Render WS Message Sender WS

Reply EMR Receive OPMAlert Invoke LogService Invoke EMRStore Receive EMRStore

EMR WS

Invoke MessageSender

Asynchronous Message exchange Synchronous Message exchange

OPMAlertMain OPMAlertMonitor

Access Control Policy Execution Point

Example Scenario

  • When an anomaly is

detected, the outpatient monitoring service issues an alert

  • The clinical information

system orchestrator (CIS-O) receives the alert message

  • After logging alarm status in

the EMR system, CIS-O sends the message to Alert Monitor System to render it on a monitoring station

  • When the nurse checks the

message  requests the patient’s medical record to evaluate the situation

slide-37
SLIDE 37

Example Scenario

  • Patient information includes

medical history & contact information which can be used by the nurse to validate the alert

  • If the alert is deemed

important, she writes the status to the patient medical record

  • Finally, CIS-O forwards the

alert message to the designated doctors by using the Message Delivery System

  • Otherwise, the alert message

is stored in the EMR system and the process is terminated

Receive AlertMessage Invoke MessageRender Receive EMRRequest Invoke EMR Reply Invoke AlertMessage Reply

Alert Message Render WS Message Sender WS

Reply EMR Receive OPMAlert Invoke LogService Invoke EMRStore Receive EMRStore

EMR WS

Invoke MessageSender

Asynchronous Message exchange Synchronous Message exchange

OPMAlertMain OPMAlertMonitor

Access Control Policy Execution Point

slide-38
SLIDE 38

Step 1 Step 2 Step 3 Step 4 Step 5

6

Workflow: OPMAlertStore process

Example: Sample Workflow Model

slide-39
SLIDE 39

1 2 3 4 5 6

Example: Sample Workflow Model

OPMAlertStore Process Goal: store the result of nurse’s alert validation Steps:

  • 1. Alert status is assigned to the

OPMAlert data type

  • 2. Invoke EMRStore activity invokes

the PatientInformation web service a) Store the validation results in the EMR System b) Privacy policies applied when invokeEMRStore activity invokes Patient Information web service Workflow: OPMAlertStore process

slide-40
SLIDE 40

1 2 3 4 5 6

Example: Sample Workflow Model

OPMAlertStore Process Goal: store the result of nurse’s alert validation Steps: 3. After the receive activity receives the acknowledge message from the web service, it assigns it to the AlertMessage variable

  • 4. The InvokeMessageSender

activity invokes the MessageSender web service to forward the alert message to the designated doctors via the Message Delivery System Workflow: OPMAlertStore process

slide-41
SLIDE 41

Workflow: OPMAlertStore process

1 2 3 4 5 6

Example: Sample Workflow Model

OPMAlertStore Process Goal: store the result of nurse’s alert validation Steps: 5. After the MessageSender web service is completed, 6. The OPMAlertstore process returns.

slide-42
SLIDE 42

Example: Policy Models

slide-43
SLIDE 43

Example: Policy Models

Policies Defined for Scenario

  • Only medical staff is allowed to

access alert messages

  • Only primary care physicians

are allowed to access patient’s medical record

  • The nurse is allowed to access

the records of patients monitored by the OPM system

  • Medical staff is allowed to

access patient’s record in emergency situation triggering the Break Glass policy

slide-44
SLIDE 44

Example: Policy Models

 Policy description includes

– Definition of incoming & outgoing data – Evaluation point – Obligations – Additional datasets for policy evaluation

 Model contains information required to generate the

policy:

– Query evaluated to determine access rights – Attribute relations used for policy evaluation – Textual policy description

slide-45
SLIDE 45

Example: Policy Models

 Example query:

– retrievedata(PatientID, staffID)

after the service has been executed

– Use a redefined set of

predicates and attribute relations (is_critical() , treats(staffID,MRN))

 These are generated from

– incoming data – outgoing data

by the Policy Enforcement Point (PEP)

slide-46
SLIDE 46

Component Integration Platform (MICIS-CIP) User Interface Layer

Execution Environment

CIS-DB

Web Service Web Service Web Service

Enterprise Service BUS Enterprise Service BUS Front End (Webpage)

Application B

Web Services Container

Web Service

CIS Orchestrator (CIS-O) Execution Environment Execution Engine Orchestration Logic

Work- flow Work- flow Work- flow

Application C

Front End (GUI)

Application A

Execution Engine

Orchestration Logic

Work- flows Work- flows

Front End (Webpage) Modeling Integration Platform (MICIS-MIP)

Model Transformation Layer Verification Tool Translator

Verification Tool

Execution Env. Translator Policy Translator

Modeling Environment

Metamodel Translator

Model Editor Metamodel Editor Metamodels User Models MICIS-PROPER Policy Decision Point (PDP) Policy Set (Prolog Rules) Policy Engine Policy Enforcement Point (PEP)

Magic: Transform  Code de

slide-47
SLIDE 47

Policy Description Policy Document

Code Generation

Policy Translator

slide-48
SLIDE 48

Execution Environment Translator Deploy.xml

Code Generation

BPELDocument (OPMAlertMain Process)

slide-49
SLIDE 49

WSDL for OPMAlertMain Process WSDL for Patient Information Web Service

Code Generation

Execution Environment Translator

slide-50
SLIDE 50

Conclusions

 Experimental Platform for EMR research

– Helping to solve privacy and security challenges of

EMR systems applications

– Usable for the integration, testing and evaluation of

new technologies

 Ongoing technology transition: Experimental

Sepsis Management System for ICUs:

– Sepsis management protocol is formally defined:

evidence-based medicine

– Sepsis Management System is mapped on SOA

platform

– Model-Integrated systems approach

slide-51
SLIDE 51

Acknowledgements

 NSF TRUST (CCF-0424422)  Research Team

Akos Ledeczi, Ph.D. Brad Malin, Ph.D. Janos Sztipanovits, Ph.D. Yonghwan Lee Janos Mathe Jan Werner