aws re:invent 2016: case study: data-heavy healthcare: upmce’s transformative approach to...
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ben Snively, Senior Solutions Architect, Amazon Web Services
Casey Helfrich and Stuart Ingram, UPMC Enterprises
12/1/2016
Healthcare Data LiberationPHI in AWS
Build everything on a constantly improving security baseline
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones
Edge Locations
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data Encryption
Server-side Data Encryption
Network Traffic Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer contentC
ust
om
ers
Let AWS do the heavy lifting for you
Customers are
responsible for
their security and
compliance IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
AWS HIPAA Program
Strong presence in healthcare and life
sciences from our roots
Business Associates & January, 2013
Omnibus Final Rule
Starting signing Business Associate
Agreements (BAA) in Q2 2013
Program is based on Shared Security
Responsibility Model
AWS HIPAA Program is aligned to
NIST 800-53 & FedRAMP
Authorizations
Alignment to HIPAA Security Rule
HIPAA Security Rule(45 CFR Part 160 and Subparts
A and C of Part 164)
NIST 800-66An Introductory Resource Guide
for Implementing the Health
Insurance Portability and
Accountability Act (HIPAA)
Security Rule
NIST 800-53 Moderate baseline + FedRAMP
Controls
AWS HIPAA Eligible Services
You may use all services within a “HIPAA Account”
You may process, store, or transmit PHI using only Eligible Services
Amazon EC2Elastic Load
BalancingAmazon S3Amazon EBS Amazon Glacier Amazon Redshift
Amazon RDS
(MySQL & Oracle)Amazon
DynamoDBAmazon EMR
1) Provider
2) Payer
3) Other Stuff
UPMC Factoids
$13 billion integrated global health
enterprise
More than 20 academic, community, and regional hospitals 5,000+ licensed beds
UPMC Health Plan: over 3 million total
members; network of 125+ hospitals,
11,500+ physicians
Affiliated with the University of Pittsburgh
285,000+ inpatient admissions
185,000 surgeries performed annually
3.9 million+ outpatient visits
710,000 emergency visits
$1.5 billion invested in technology over the
past five years
Western PA’s largest employer:65,000 employees
UPMC Enterprises
Value-based care and IDFS
development (Population
Health)
Cost management
(Business Services &
Infrastructure)
Risk adjustment
(Population Health)
Neurocognitive/concussion
assessment
(Clinical Tools)
Online mental health
wellness tool
(Consumer)
Clinical decision support
and data acquisition
(Clinical Tools)
Automated clinical
interpretation of genomes
(Clinical Tools)
Cognitive supply chain
(Business Services &
Infrastructure)
Revenue cycle services
(Business Services &
Infrastructure)
Supply chain efficiency
(Business Services &
Infrastructure)
Clinical decision support
for cancer
(Clinical Tools)
Remote patient monitoring
(Population Health)
UPMC (Clinical) Data Sources Inventory
Healthcare Data Landscape
Discrete
Structured
Unstructured
Notes
Semi-Static or Batch
Real-time
Healthcare Data Landscape
Discrete
Structured
Unstructured
Notes
Semi-Static or Batch
Real-time
Electronic Medical Records
Healthcare Data Landscape
Discrete
Structured
Unstructured
Notes
Semi-Static or Batch
Real-time
Data Liberation Project
Electronic Medical Records
Transactional vs. Analytical, Individual vs. Aggregate, Clinical User vs. 3rd Party
Data Liberation Project (DLP) Requirements
Secure and
CompliantResilient Cost Effective
Federal Regulations
Data Governance
Full Traceability of all
Data movement
BAA Zone
IAM/CloudTrail
Independent of
Clinical operations
(workload and failure)
“Well Architected”
Review
Operational Cost:
S3, EC2
Development Cost:
NIST Cloud
Formation Templates
DLP Architecture
The Holding Tank
(S3)
Opera
tional S
erv
ices
Asset
Metadata
(RDS MySQL)
DLP Architecture
The Holding Tank
(S3)
Inbound Services
Outbound Services
Opera
tional S
erv
ices
Asset
Metadata
(RDS MySQL)
Project Specific Data
(S3)
DLP Architecture
The Holding Tank
(S3)
Inbound Services
Outbound Services
Opera
tional S
erv
ices
Asset
Metadata
(RDS MySQL)
Project Specific Data
(S3)
Assets are Immutable in
Steady State
Write Only on Inbound
Read Only on Outbound
Software is
fundamentally incapable
of displaying PHI
Minimal Surface Area
BAA Zone
Outbound Data is
ephemeral
Inbound Asset
facilitation Software is
ephemeral
DLP Example Use Cases
Genomics
Imaging
Bioinformatics
Machine Learning
Investment and Strategic Business decisions
Verification of vendor/partner capabilities
Quality Initiatives
Commercial Research (Pharma etc…)
Healthcare Data Landscape
Discrete
Structured
Unstructured
Notes
Semi-Static or Batch
Real-time
Data Liberation Project
Electronic Medical Records
Neutr
ino
Clinical Documentation
“Unstructured Data” ~80% of the data>5000 known variants at
UPMC alone
Txt, Rtf, Doc, Pdf, Pdf
scan
Use cases
Population Analytics
Institutional
Compliance
Patient Centric
Use cases
Population Analytics
Institutional
Compliance
Patient Centric
Documentation Aggregation Challenges – 4 V’s
Variety Veracity Volume
Sources
Content
Format
Workflow
Identity Management 3M Plan subscribers
6M patient events
Velocity
Average 700,000
documents per week
Spikes @ 300
documents per
minute
Documentation Aggregation Challenges – 5 V’s
Variety Volume
Source
Content
Format
Workflow
3M Plan subscribers
6M patient events
Velocity
Average 700,000
documents per week
Spikes @ 300
documents per
minute
Veracity
Identity Management
Versioning
Neutrino
• Centralized enterprise repository of truth
• Real-time ingestion
• Document normalization
• Document verification
• Patient crosswalk
• Durable, scalable & reliable
• Exposure of NLP derived information
• Multi engine capable
Neutrino
API
Doc
Source 1
Doc
Source 2
Message
Router1
APIAPI
Load
BalancerMirth
AWS S3
MongoDB
cluster
HL7 TCP/IP
JSON
HMAC & HTTPS
External
Broker
APIAPIWorkersInternal
Broker
Neutrino
API
Doc
Source 1
Doc
Source 2
Message
Router1
APIAPI
Load
BalancerMirth
AWS S3
MongoDB
cluster
HL7 TCP/IP
JSON
HMAC & HTTPS
API
ADT Src1
ADT Src2
APIPatient
Identity
SecondaryPrimary
EMPI
Memcached protocol
External
Broker
APIAPIWorkersInternal
Broker
Data & access characteristics
Meta
Document
Index
NLP
Data & access characteristics
Meta
Asset
Index
Annotator
Data & access characteristics
• HIPAA Compliance &
Security model
Meta
Asset
Index
Annotator
AWS Development Accelerator - S3
• S3 – Simple Storage Service
• 3x9 Uptime
• 11x9 Durability
• Secure by default
• IAM & ACL
• TLS
• SSE
• VPC Endpoints
• Access log
• Cost
AWS Development Accelerator - Infrastructure
• CloudFormation
• Infrastructure as code
• Rapid, reliable, repeatable & reviewable deployments
• Library of standards increases acceleration (ServiceCatalog)
• CloudTrail
In Summary
• Use cases demonstrated
• Low velocity, high volume, batch (DLP)
• High velocity, high volume, real-time (Neutrino)
• Platform security, compliance, reliability and durability
• Cost profile
In Summary
• Use cases demonstrated
• Low velocity, high volume, batch (DLP)
• High velocity, high volume, real-time (Neutrino)
• Platform security, compliance, reliability and durability
• Cost profile
Enterprise volume PHI in the cloud is here and ready
Thank you!
Remember to complete
your evaluations!
Related Sessions