April, 2017 - osehra

0 downloads 193 Views 307KB Size Report
6 Open Source Software and Intellectual Property . .... technology life cycle, including requirements determination, dev
An Open Source Community Vision for a National Health IT Ecosystem Using Open Source for Public-Private Collaboration



April, 2017

An Open Source Community Vision

1

Table of Contents Executive Summary ............................................................................................................ 3 1 The US Healthcare System in Transition: an Emerging Health IT Ecosystem .......... 5 2 Unique Challenges of VA as a National Healthcare System ...................................... 5 3 Best Practice – Relevant Lessons from “Mega” Systems ........................................... 6 4 VA’s Past Contribution to National Health IT ........................................................... 7 5 VA’s Open Source Strategy ........................................................................................ 8 6 Open Source Software and Intellectual Property ...................................................... 10 7 Open Source and Commercial Off the Shelf ............................................................ 11 8 An Open Source Operating Ecosystem..................................................................... 11 9 Making Open Source Work – Beyond Policy........................................................... 12 10 Public-Private Partnership Models ....................................................................... 13 11 Conclusions ........................................................................................................... 14

An Open Source Community Vision

2

Executive Summary The U.S. Department of Veterans Affairs (VA) has been a national leader in leveraging information technology (IT) to improve patient access, reduce costs, and improve healthcare outcomes for our nation’s Veterans. Given the scope and complexity of healthcare that they address as the nation’s largest provider, what VA does has a profound impact upon the national health system. In fact, the private sector often looks to VA for leadership in addressing some of the difficult issues as a model for the private sector. The VA ‘s open source initiative of 2011 remains a ground-breaking strategy of public private partnership, a core concept in open source operations. A powerful global community has accelerated innovation in VA and the private sector through the Open Source Electronic Health Record Alliance (OSEHRA). The VA’s healthcare system operates as a single provider network for nearly 9 million Veterans. VA is also the only provider that maintains a lifetime longitudinal record for all patients. Recently, VA has recognized that their health IT systems need an upgrade. However, the genesis of VA’s VistA system has hindered attempts to upgrade. Historically, VA hospitals customized the underlying IT systems based on local needs and preferences, making standardization across VA extremely difficult. The Veterans Choice Act has increased the urgency for standardization and upgrade, since it will significantly increase the number of Veterans receiving care from commercial providers in their local community. This will require VA IT systems to exchange health data with virtually every electronic health record (EHR) system in use today. Thus, the VA’s existing IT system (which includes its VistA EHR system) must now quickly evolve to meet the challenges of a much more complex ecosystem, one that will accommodate extensive data exchange and analytics. The emergence of multiple, highly successful “mega” IT systems developed by companies like Google, Amazon, PayPal, and Netflix, as well as mobile technology such as the Android Operating System offer an effective roadmap for designing a VA health IT ecosystem. One thing these systems have in common is a strong dependence upon open source technology that leverages expertise from the global open source community. While these systems involve a combination of open and proprietary subsystems, the trend is to replace proprietary systems with open versions that can be easily tuned for higher performance. Open source products allow system operators to avoid vendor lock-in, shorten the time from development to deployment, and reduce the cost of product life cycle management. OSEHRA was chartered to be the custodian of Open Source VistA and related technologies while building a global community of experts from VA and the private sector. OSEHRA established a comprehensive source code repository to house key technologies such as VistA, the Enterprise Health Management Platform (eHMP), and Blue Button. eHMP is being delivered as open source; interim “code in flight” deliveries have generated much excitement in the healthcare IT community, and the code has been An Open Source Community Vision

3

downloaded from the OSEHRA repository more than a thousand times. In addition, VA’s recent public-private partnership called the Digital Health Platform (DHP) proofof–concept is an open source effort following the best practices of mega IT systems. DHP, eHMP, and VistA provide a foundation for the VA’s next generation healthcare IT. This foundation, together with newly-developed open source applications and interfaces to other existing systems will allow VA to establish its own ecosystem modeled on the successful commercial “mega” systems listed above. However, the culture lags the concept, especially in government agencies. Within VA, the culture and strategy of open source must become as fundamental to the organization as their commitment to serving the Veteran. The concept of open collaboration with the community (both inside and outside the VA) must permeate the entire information technology life cycle, including requirements determination, development, acquisition, testing, deployment, and decommissioning. As the nation’s largest provider, VA can become the center of a national healthcare IT ecosystem that uses the same concepts and tools that have produced the world’s most successful large-scale IT solutions.

An Open Source Community Vision

4

1

The US Healthcare System in Transition: an Emerging Health IT Ecosystem

The US healthcare system is undergoing many dramatic changes. Care models that were acceptable in the past are evolving towards patient-centric models. Digital technologies have fostered powerful tools that support the changing healthcare systems and bring together clinicians, patients, payers, policy makers and managers to achieve excellent outcomes at lower costs. A myriad of technologies deployed to solve critical issues in healthcare often result in fragmentation of care and inefficiencies. Patients must deal with bewildering situations involving multiple care organizations and providers that don’t offer personalized coordination. The current health IT system is fragmented and broken. In response to the fragmentation of current health IT systems, we propose a Health IT Ecosystem that is not a single large software system, but rather an environment of many interacting systems. Most medical centers operate 20 to 30 different systems such as • • • • • • • •

Electronic Health Records Connected Health Systems for Telemedicine, e-Health, Personal Health Records Population Health Management Clinical Decision Support Patient Generated Data Big Data and Analytics Regional Health Information Exchange Others

Various major healthcare delivery systems in the US are investing in building an ecosystem suitable for their own local environments. They are finding that many of today’s technologies may be building blocks for integration, but the emergence of a highperforming ecosystem, as described in a recent document published by the Office of the National Coordinator for Health Information Technology (ONC), may still be a decade away. In commerce, banking, and social networking we have seen the emergence of “mega” global systems that work with massively heterogeneous component systems. The tools, concepts and expertise from these “mega system” environments are increasingly applicable to the modern health IT ecosystem.

2

Unique Challenges of VA as a National Healthcare System

The Department of Veterans Affairs provides healthcare services to approximately 9 million veterans who reside all around the nation. Some of the unique features of VA’s mission include the following: An Open Source Community Vision

5

• • • • •

Operate 150 hospitals and 1,000 clinics as a single seamless enterprise Maintain lifetime longitudinal health records on all beneficiaries Provide seamless connected healthcare access at the national scale Accommodate seasonal movement of beneficiaries between regions Tightly integrate the health IT systems with a benefit management system

The Veterans Health Care Choice Improvement Act of 2015 allows more veterans to obtain healthcare in the private sector, while mandating that VA must coordinate care received in the community with care received inside the VA system. This new law affects eligibility management, billing, reimbursement, and other functions that facilitate the purchasing of care in the private sector. At the same time, medical records arising from community-based care must be shared with, and subsequently managed by, VA. Today, VA handles medical records from the Department of Defense, but in the near future they will need to integrate medical records from many private sector systems as well. If VA moves toward an open Health IT Ecosystem at the national level, they will be able to integrate data coming from multiple electronic health record systems and as well as the other advanced capabilities of medical systems mentioned above.

3

Best Practice – Relevant Lessons from “Mega” Systems

Open source methods have gained momentum in recent years. Many enterprises are adopting open source processes and are integrating open source software into their products. The business case for adopting open source varies. For example, Airbus adopted open source in response to the requirement to support the deployment of aircraft for up to 75 years. They recognized the risk of attempting this life cycle commitment solely with in-house expertise. The solution was to “future-proof” their software by creating a worldwide open source community around their software, thus maintaining access to engineering expertise inside and outside of their own organization. This provides a much greater support base than Airbus could ever have achieved internally. This is a very important concept that is often overlooked, but highly relevant to VA. Over the years, many VistA pioneers and experts have left the government either through retirement or by joining the private sector, and yet many are willing to remain engaged with VA though community-based collaborative projects. According to Pedro Alves, Senior Vice President of Pentaho (a leading IT corporation): Although we can’t predict the future, we can be prepared to adapt. A global IT architecture touches a lot of different areas and departments, each with their own An Open Source Community Vision

6

requirements, constraints and goals. I’m a huge fan of picking the best tool for the job; what works very well for one job, may not work for another. Crucially, even if it’s the best tool today, it might not be down the road. So in my opinion, the best way to future-proof an IT architecture is to treat each individual component as a service provider, abstracting the technology itself and focusing instead on what it’s doing. If at any point it makes sense to swap the technology, all we need to do is make sure that the same service continues. This is where open source comes into its own. Compared to proprietary tools, open source software is interoperable by design. It comes with the ability to plug into any type of information source today or in the future, offering the best insurance policy against changes in the dynamic and unpredictable world of IT. All technologies sooner or later face obsolescence, but one can dramatically expand the life of the technology by building a powerful platform that cultivates an ecosystem of collaboration and technology enhancement among developers, partners, users and others around the globe. Google, Nextflix, Facebook, e-Bay, the pervasive mobile phone operating system Android, and many other high-tech products (even the Internet itself) would not have succeeded without an open source strategy. These systems demand scalability, reliability, usability, security, and cost containment to succeed. Many of these companies are moving off of proprietary platforms and towards open source technologies since they offer flexibility with real time state of the art capabilities and shorter time to market. The movement towards Open Source is starting to accelerate in the health IT community for all the same reasons.

4

VA’s Past Contribution to National Health IT

VistA technology is used at all VA hospitals and clinics to automate nearly every aspect of hospital operations associated with patient care. It includes a comprehensive electronic health record and all major patient care functions such as Laboratory and Pharmacy. It also includes modules for critical care delivery services such as scheduling, logistics, financial control, ordering, inventory control, and more. A recent analysis of VistA revealed 4.731 million lines of code, 2,762 files, 64,195 data fields, more than 1,300 print templates, 9,174 user options, and 1,777 menus. There are also multiple versions of VistA, since it was built by doctors and engineers working collaboratively at local VA hospitals to develop features and functionality. The enhancements were incrementally shared with other VA hospitals. Interestingly, VA was actually practicing agile development and open source programming before such methods became fashionable. VistA was initially developed by VA employees, and thus is not subject to copyright laws – the original code is considered “public domain.” Lacking a policy-based process for code release, VA chose to release the VistA source code to the public under the Freedom An Open Source Community Vision

7

of Information Act (FOIA), so that interested parties could have access to the code base. By 2000, VA became a best-in-class example of how health information technology could provide the best care possible with improved outcomes. At that time, the adoption rate of health information technology in the private sector was less than 20%, making VA the envy of healthcare systems around the world. VA became the global leader in health IT and set the national stage for the wider use of health information technology. “FOIA-VistA” was adopted by many organizations and individuals around the globe. Some of today’s most successful commercial EHR products, serving markets in the US and abroad, are based on this earlier VistA code. The following is a partial list of successful commercial products based on core technology that VA developed and contributed to the private sector: • • • • • •

vxVistA (DSS, Inc.) MEDITECH EPIC ALLSCRIPTS Sunquest MedSphere

While many of the innovations around VistA were being developed, there was no mechanism for incorporating innovations created outside of VA back into VA’s VistA system. The concept and practice of private-public collaboration for software development, known as the open source method, had not yet take hold in the healthcare IT community. VistA code was simply “thrown over the fence” by VA and used by various interested parties. The concept of a community based on open collaboration between contributors and users did not emerge until 2011. Today, according to MedScape annual reviews, VistA is still widely regarded as one of the best electronic medical information systems in existence, with the highest physician preference ratings.

5

VA’s Open Source Strategy

In 2011, VA made a strategic decision to embrace an open source policy that is essentially a public-private partnership model to accelerate innovation and reduce life cycle maintenance costs. This strategy was designed to allow VA to engage the global VistA user community in an interactive and open manner, as opposed to relying on rigid contractual processes. As a result, OSEHRA was established as an open source community hub to foster a community centered on development and use of VistA. This was the beginning of an evolutionary process to move from simple, one-way distribution of VistA code to a two-way process of co-development and code sharing. This process also necessitated the beginning of code convergence, which identified the common core applications that served as a starting point for standardization of VistA. Without a common core, it would not be possible to share enhancements. An Open Source Community Vision

8

The open source community has grown steadily since 2011, and OSEHRA has led a number of community initiatives. One of the most important was the development of a code standard and certification process focused on the usability of open source code. This standard was developed collaboratively, and then accepted as a deliverable VA. The next step is to promote it as a national consensus standard. To that end, OSEHRA has become a Standards Developing Organization (SDO) accredited by American National Standard Institute (ANSI), and plans to convene a consensus body in 2017. In the meantime, the code base for a certified open source version of VistA has been built and can be downloaded from the OSEHRA repository. Additionally, several communitydeveloped applications that either work with or modify VistA were accepted and certified through the OSEHRA certification process. Perhaps the most important community contribution to VA VistA was Fileman 22.2, a major update to VistA’s file management package. OSEHRA brokered the creation of a properly licensed version of this code with two of its members, and prepped it for VA intake. While some further modifications were required to meet VA requirements, more than a thousand bug fixes were provided in this package, with significant savings in time and cost. Since February 2016 OSEHRA has been working under contract to identify open source products that meet VA’s requirements and certify them for VA code “intake” and adoption. OSEHRA has recommended a number of high priority candidates to be adopted by VA, and those recommendations are currently under review. Additionally, VA interacts with the OSEHRA community on an open consultative basis on a number of strategic issues such as licensing, cybersecurity, eHMP, and the evolution of VistA. This relationship has proven highly useful to VA leadership as they can obtain expert community assessments and feedback in real time. VA also took a major step forward by mandating that the code from its eHMP program be delivered as open source code licensed under the Apache License Version 2.0. The project is also making open source “code in flight” releases to the OSEHRA repository. These releases are giving the community insight into the direction and capabilities of eHMP and its potential impact. This is an excellent example of how VA can future-proof its endeavors while developing the best, lowest cost IT solutions for Veterans. If VA can open its processes to accept improvements and bug fixes from the community, this will greatly increase eHMP sustainability, and set an example for future programs. VA’s investment in an open source strategy as part of its modernization program has created the potential for accelerated improvements towards an open digital health platform. We view VA’s recent open Digital Health Platform (DHP) as a continuation of VA’s long history of innovation: DHCP, VistA, FOIA VistA, open source, and eHMP. Although the journey has not always been smooth, the lessons learned from the past provide the necessary guidance for VA to reclaim its preeminent position in healthcare IT for Veterans and the Nation.

An Open Source Community Vision

9

6

Open Source Software and Intellectual Property

Source code is any collection of computer instructions, possibly with comments, written using a human-readable programming language, usually as ordinary text. The source code of a program is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source code. The source code is either directly “interpreted” for immediate execution, or transformed by an assembler or compiler into binary machine code and stored for execution at a later time. The term "open source" refers to a strategy through which a particular set of source code is licensed to allow public access. Programmers who have access to a computer program's source code can improve that program by adding features to it or fixing parts that don't always work correctly. Open source software allows anyone to inspect, modify, enhance, share and collaborate. It is important to understand that without a license, software is not open source. This is a source of widespread misunderstanding among those who mistakenly equate “license” with “royalty.” The existence of the license has nothing to do with cost – the license merely provides the terms under which the code can be distributed and reused. Note that merely loading software into a public repository (such as OSEHRA or Github) does not make it open source! Open source software is the result of a deliberate action by the copyright holder (generally the author) to formally designate the terms and conditions through which the code will be available to the public. The resulting license agreement outlines (depending upon the specific license) the various rights to study, change, and distribute the software. Open source licensing thus recognizes the intellectual property rights of the software developer while promoting collaborative development of open source code. Another widespread misconception is that code developed under contract to the Federal Government always belongs exclusively to the Government, or is considered in the public domain. In fact, unless code is developed by an employee of the Federal Government during the course of his/her normal duties, there is always a copyright, and the conveyance or non-conveyance of rights to the software is determined by the contract. Finally, the fact that software is open source does not necessarily mean that there are no costs involved. For example, even though the code may be free of licensing fees, it may require resources to test, integrate, implement, train and maintain a system based on the code. Most community-based open source software, such as VistA, have no associated fees. However, the open source business model provides multiple fee-based options for support, subscription, training, installation, and other support services, as described in the next section.

An Open Source Community Vision

10

7

Open Source and Commercial Off the Shelf

Discussions about “open source” versus “commercial off the shelf (COTS)” software are based upon the misconception that the two are mutually exclusive. There are many examples of open source COTS code, such as the Red Hat Enterprise Linux operating system. The proper nomenclature for comparison should be “open source” versus “proprietary” software. Open source code is often delivered as a commercial product, offered to a user under a commercial transactional agreement with additional services such as warranty, training, subscription update, and installation and integration services that the customer would require to successfully implement the open source code. In addition, some organizations incorporate open source code into proprietary products, as is the case with many electronic health records based on the VistA code base. Some people are concerned about the robustness of open source software. However, with any software product, quality and robustness are the result of a disciplined product management strategy regardless of whether the end product is open source or proprietary. In fact, using an open source strategy provides more options for peer review and collaborative enhancement. Open source product management can be done by a single responsible entity, a managed community, or a service provider operating under a commercial agreement. The relationship between Red Hat and Fedora is an excellent example of commercial open source strategy. As described by Red Hat, “Fedora is an operating system based on the Linux kernel, developed by the community-sponsored Fedora Project, and sponsored by Red Hat”. The Fedora Project is focused on community-based rapid innovation and concept validation. In fact, many engineers actively participate in the Fedora Community, which has members from around the globe. Community members can freely download the Fedora code for their own use and development. They in turn contribute code back to Fedora. The best of these contributions to the Fedora code base then undergo extensive testing and disciplined product management by Red Hat prior to incorporation into the commercial Enterprise Linux product.

8

An Open Source Operating Ecosystem

An open source ecosystem consists of three components: software, community, and governance. OSEHRA has established such an ecosystem around VistA by building powerful tools to manage software, develop and manage a community of experts, and establish the governance to facilitate efficient collaboration among community members around the globe.

An Open Source Community Vision

11

An open source ecosystem is more than just access to free software. As shown in the diagram above, the ecosystem’s three components must work harmoniously and seamlessly. As described in previous sections, open source licenses contain rules of engagement that affect the governance of the community activities. In 2015, IBM commissioned an Innovation Series Report entitled Making Open Innovation Ecosystems Work: Case Studies in Healthcare. This scholarly report in part examined VA’s effort to build a “new ecosystem around its VistA in order to better facilitate the flow of innovations, practices and processes between VA and external agencies and private firms.” The authors argued, “government agencies can increase the benefits from their open innovation efforts through the use of sponsored participation in technology ecosystems.”

9

Making Open Source Work – Beyond Policy

The concept of open source software goes beyond “giving away” source code. The full realization of the potential of open source software happens when innovative ideas and improvements are returned to the originator by individuals or organizations that have tested and used the released code. To date, VA has not progressed much beyond the simple release of VistA code to others, thus foregoing the cost savings and accelerated innovation offered by “true” open source operations. As discussed earlier, Red Hat is an excellent example of how to use and benefit from the open source community. Their use of Fedora as a fast-cycle platform to capture community improvements and bug fixes gives them a cost-effective force multiplier for their development and maintenance activities. After evaluating the latest code submissions in the Fedora environment, Red Hat brings the best of the innovations An Open Source Community Vision

12

into its Enterprise Linux code base. Red Hat “future-proofs” its code by integrating the worldwide community into its continuous development and maintenance processes. VA could and should do the same. OSEHRA was created for that purpose, and while it has been highly successful, it has never been utilized fully. VA needs to expand its open source leadership and go beyond the minimum requirements of the new Federal policy on open source; it needs to actively enlist the open source community in the development and maintenance process of VistA and other open source technologies. VA established OSEHRA in 2011 to ramp up its open source commitment by establishing an outside custodial agent for its open source code. The past five years have seen steady incremental progress in community engagement and code availability, including “code-in-flight” releases of code still under development. Perhaps the most important accomplishment was the first truly collaborative development program, led by the Immunizations Work Group. More recently, the eHMP program has provided multiple “code-in-flight” releases to the community, and has set an example for future contractor-developed code by licensing their software under the Apache License, Version 2.0. Output from VA code releases is a part of thousands of external electronic health record implementations, including various implementations at state facilities such as the New York Office of Mental Health, and a national implementation by the Hashemite Kingdom of Jordan. What VA has not done successfully is take in code from the community. As mentioned earlier, the most visible intake program to date is the adoption of Fileman 22.2, a major upgrade to the core of the VistA EHR. However, it took a major contract effort to condition the code for intake, and the community was unable to participate in that process. Thus, a delta was created between the version submitted by the community and the version ultimately adopted by VA. That delta must be addressed, or the code will be permanently “forked,” making it more difficult to collaborate downstream. While many smaller enhancements and corrections have been available to VA, none have been successfully adopted. There are perhaps hundreds of open source applications that can be incorporated into VistA, however the path for inserting these new functionalities into the hands of users are limited. This inability to incorporate external code (even the output of VA’s own funded innovation projects) results from multiple cultural and business process issues, and it is the single most important impediment to incorporating health IT innovations in the VA’s application systems.

10 Public-Private Partnership Models The goals of VA’s health IT ecosystem cannot be achieved by VA in isolation, but rather must be sought in concert with the broader community of clinicians, users, and developers. Promoting community input on the needs and desires of users is only part of what is required for a healthy ecosystem. Community buy-in on the solutions that address the needs and desires is even more important. VA must seek collaboration between the An Open Source Community Vision

13

private and public sectors to create successful examples of open source software that use emerging standards and the latest technologies to garner broad community acceptance. The health IT ecosystem will be an evolving concept that cannot be codified in a handful of task orders. VA needs to have a substantial and flexible means to engage the community. Task-specific contracting mechanisms have limited the VA’s ability to engage the open source community to develop innovative solutions and ideas based on the lessons learned from non-federal entities to help inform public policy. Instead, VA should engage the open source community through a cooperative agreement where substantial VA involvement is expected and welcomed. A cooperative agreement would allow VA the flexibility to enter into agreements and/or partnerships on an “as needed” basis to respond to emerging opportunities and solve fundamental problems facing Veterans and their families to improve their wellbeing. Cooperative agreements provide the flexibility that the Secretary of Veterans Affairs needs to test innovative ideas to solve emerging issues and problems, evaluate results, and scale up successful IT solutions across the enterprise.

11 Conclusions •

VA’s health IT ecosystem needs are uniquely vast in scope and expansive in scale.



There is no commercial system available that addresses either the scope or scale of the VA’s “mega system” needs.



Many “mega system” builders successfully developed systems that are global in scope and scale by adopting open source strategies that offer flexibility and scalability with shorter time to market. Many proprietary components are being replaced with open source components in these systems.



VistA, eHMP and DHP are excellent examples of proven technologies, robust clinical platforms, and advanced concepts based on open source strategies that can be harnessed to build a health IT ecosystem for VA and a prototype for the nation.



Open source software can be deployed as Commercial Off the Shelf (COTS), and models such as Red Hat/Fedora demonstrate how to combine the flexibility and collaborative power of open source with the stability and maintainability of commercial products.



VA should commit to adopting the full cycle of open source strategy from design, testing, integration, to deployment.

An Open Source Community Vision

14

About this document: • • •

• •

OSEHRA is a community of 1,000 members from both public and private sectors, specializing in the best practices of open source in health IT. A workgroup was formed and a number of open web meetings conducted during January, 2017. The community meetings were recorded, and the recordings and comments are available at the OSEHRA website, www.osehra.org. This report is a synthesis of the many inputs and meeting discussions associated with this workgroup, and describes the community’s consensus vision for a future healthcare IT ecosystem for the VA. It includes key components of a healthcare IT ecosystem that would ensure effective healthcare delivery, security, and continued rapid innovation. This vision is predicated upon the Department of Veterans Affairs continuing its leadership in healthcare IT as the nation’s largest provider and their desire to be a leader in the use of Open Source. The envisioned ecosystem would become a national resource for the government’s major providers (VA, IHS) as well as the private sector.

An Open Source Community Vision

15