Wednesday, November 25, 2009

Context Management, CCOW & HealthCare

What is Context Management?

Context Management is a dynamic computer process that uses 'subjects' of data in one application, to point to data resident in a separate application also containing the same subject.
Context Management allows users to choose a subject once in one application, and have all other applications containing information on that same subject 'tune' to the data they contain, thus obviating the need to redundantly select the subject in the varying applications.
In the healthcare industry where context management is widely used, multiple applications operating "in context" through use of a context manager would allow a user to select a patient (i.e., the subject) in one application and when the user enters the other application, that patient's information is already pre-fetched and presented, obviating the need to re-select the patient in the second application.
In other words it enables clinicians to select a patient's name once in an application and have their screen automatically populate with links to that patient in other applications.
  • Context management is especially used in Patient Information Aggregation Platforms (PIAP) such as Portals.
  • Context Management can be utilized for both CCOW and non-CCOW compliant applications.

What is CCOW?

Context Management is gaining in prominence in healthcare due to the creation of the HL7 Clinical Context Object Workgroup standard committee (CCOW) which has created a standardized protocol enabling applications to function in a 'context aware' state.
The CCOW standard exists to facilitate a more robust, and near "plug-and-play" interoperability across disparate applications.
The Health Level Seven Context Management Standard (CMS) defines a means for the automatic coordination and synchronization of disparate healthcare applications that co-reside on the same clinical desktop.

The clinical context is comprised of a set of clinical context subjects. Each subject represents a real-world entity, such as a particular patient, or concept, such as a specific encounter with a patient.
By sharing context, applications are able to work together to follow the user's thoughts and actions as they interact with a set of applications. These applications are said to be "clinically linked."

The CMS is extremely prescriptive, but as it is only a standard it can only go so far in terms of guiding how applications are actually designed and implemented. Variability among the decisions that application developers make can lead to various amounts of confusion for users of multiple independently-developed CCOW-compliant applications.

  • HL7 CCWO HL7 Context Management Specification acronyms:
    • CMA: Technology and Subject-Independent Component Architecture
    • SDD: Subject Data Definitions
    • UIS: User Interface (Microsoft Windows and Web Browsers)
    • ATM: Component Technology Mapping (ActiveX)
    • WTM: Component Technology Mapping (Web)
CCOW - Context Management Architecture (CMA)

At the most abstract level, the Context Management Architecture (CMA) provides a way for independent applications to share data that describe a common clinical context. However, the CMA must provide solutions for the following problems:
  • What is the general use model for a common context, from the user's perspective?
  • Where does the responsibility for context management reside?
  • How are changes to context data detected by applications?
  • How is context data organized and represented so that it can be uniformly understood by applications?
  • How is context data accessed by applications?
  • How is the meaning of context data consistently interpreted by applications?
  • CMA characteristics:
    • Centralized scheme: The responsibility for managing the common context is centralized in a common facility that is responsible for coordinating the sharing of the context among the applications.
      • The consequence of the service being a single point of failure is offset by the fact that the service and the applications it serves are typically co-resident on the same personal computer.
      • The consequence of the service being a performance bottleneck is offset by the fact that the applications are far more likely to become the performance bottlenecks
    • Robust push-model: This is a push model that deals with synchronization and partial failure issues.
    • Context Data Representation uses Name-value pairs:
      • A set of name-value pairs represent only key summary information about the common context (e.g., just the patient's name and medical record number).
      • The symbolic name for an item describes its meaning.
      • The data types for the items come from a set of simple primitive data types
    • CMA maintains a single authentic copy of the common context for each common context system.
      • Applications can choose to cache context data or they can simply access the authentic copy whenever they need to.
      • Applications can also selectively read or write specific context data name-value pairs.
      • When the context changes, an application is only informed about the change and is not provided with the data that has changed.
      • The application can selectively access this data when it needs to.
    • Context Data Interpretation
      • Standard HL7 CMA subjects and associated context data items includes the core subjects of patient, encounter, observation, user, and certificate, and their respective context data items.
      • Organizations, such as healthcare provider institutions and vendors, may define their own context subjects and data items. These items are in addition to the standard subjects and the standard items defined for the standard subjects.
      • Context item names are case insensitive.
Existing solutions using Context Management
  • Fusionfx from Carefx
    • A Context Manager function is responsible for establishing the links among the applications, which serve as Context Participants.
    • Context Participants synchronize after querying the Context Manager to determine the current context and when to update the context.
    • Context Management also supports Mapping Agents, which map equivalent identifiers when the context is updated so that all participating applications can interoperate.
    • Fusionfx includes JSR-168 based front-end viewers (java portlets) running on IBM Websphere portal solution.
  • Vergence from Sentillion
    • Vergence Wizard (April 2009) a tool configure Single Sign-On (SSO) and Context Management Application Interfaces
      • Fast single sign-on and managing expired passwords
      • Graceful termination of applications at sign-off
      • Support for single sign-on and patient context management use cases
      • Point and click interface to select application controls and associated actions for Windows and Web-based applications
      • Pre-defined actions, which include common navigation, text entry and event monitoring tasks such as Click, Enter Text, Select Menu ..
      • Integrated playback mechanism for testing individual steps
      • Optional display of detailed logs during playback
      • Extensible interface simplifies insertion of custom actions and preserves customizations when regenerating the Bridge
      • Plug-in architecture enables extensibility to incorporate new actions and events and for accommodating new application development technologies
    Sentillon has a patent on context management (US 6,993,556)
Existing solution using CCOW as a participant

  • Centricity Framework from GE
    • Centricity Framework offers GE developers a way to integrate separate GE products, while consolidating sign-on and security to a single point of entry.
    • Developed by the Advanced Technologies Group (ATG), Centricity Framework provides a consistent presentation of login, navigation (menus), and patient banner.
    • Hosted products share context information and can offer cross-product workflows, regardless of their UI technology.
    • Centricity Framework 5.0 (CF 5.0) offers a choice of two client desktop solutions (both require .NET 2.0 on the client desktop):
      • Traditional browser-based Web client (as provided in 4.x)
      • Iris, a .NET-based client solution that does not require Internet Explorer (based on Microsoft smart client technology)
    • Centricity Framework 5.0 supports the Sentillion single sign-on (SSO) solution and Carefx's context manager. The Carefx library is loaded only if CCOW is enabled for the workstation/user.
    • Communications with the Web Framework (WF) server is done via XML-based service calls. Each instance of the CF exposes a certain URL as the handler for all service calls. This URL can be found in the DataURL tag in the ServerInfo.xml file which is located in the WF's main web folder:
      • servlet/IDXWFServlet (for Tomcat-based installs)
      • IDXWFData.asp (for IIS-based installs)
    • CF enable the use of a security plug-in to implement an alternate authentication mechanism in place of the standard Framework username/password check. If a security plug-in is used, the plug-in performs any server-side authentication of users or of authentication tokens generated on the client. The Framework currently provides plug-ins for
      • Kerberos (v4.01)
      • RSA SecurID (v5.0)
      • CCOW userlink (v4.0)
      • CCOW/LDAP integration (v4.03)

Alternatives to CCOW

Worth noting is the Global Session Manager (GSM) developed at Siemens which offers features almost equal to a CCOW environment but is much easier to implement.
The patented system includes:
  • A system that enables (Web) applications to be integrated into process involving concurrent operation of applications
  • The system specifies the rules for conveying URL data and other data between applications
  • The system employs a managing application and services (session manager) to facilitate application session management
  • The system employs by a first (parent) application for supporting concurrent operation with other (children) applications.
  • The system involves an entitlement processor for authorizing user access to the first (parent) application in response to validation of user identification information.
  • The system involves a communication processor for communicating a session initiation request to a managing application to initiate generation of a session identifier particular to a user initiated session.
  • The session manager is used by the managed applications to reference global data that is essential to a workflow. Such global data includes:
    • user identification information
    • a shared key used for the encryption of URL data
    • a common URL to be used for handling logoff and logon function.
  • The session manager is regularly notified of activities from the applications to prevent an inactivity timeout while a user is active in another concurrent application.
  • The session manager employs a system protocol for passing session context information between applications via URL query or form data.
    • The session context information comprises:
      • a session identifier (used by the managed applications to identify a user initiated session in communicating with manager)
      • a hash value (used by the managed applications to validate that a received URL has not been corrupted)
      • application specific data (can be encrypted)
  • The session manager uses a unique session identifier (SID) for each new session (to protect against corruption and replay of a URL)
  • In addition to this, to avoid redirection, the parent application needs to generate a URL link with an embedded hash value from the domain, port and filepathname of the URL (e.g. using RSA MD5)
  • The communication protocol between the client browser and the applications is HTTP
  • The communication protocol between the applications and the Session manager is TCP/IP.
Siemens has a patent on this technology (US 7,334,031).