Many open source software projects consist of a body of source code, in some cases a very large one, for a standalone application. Examples include the Apache Web server project, the Firefox Web browser project, and the Cyberduck Mac ftp client mentioned earlier. However, it’s instructive to consider a low-profile but extremely complex and sophisticated project called OpenEMed as an example of what an open source approach to software development can produce beyond a body of source code, in this case an architectural design and expert selection of software technologies and standards taking into account their security vulnerabilities.
This example is particularly interesting because it’s a case in which specialized software is being developed as open source. Some have argued that only general-use software is amenable to open source development, and, according to Michael Goulde and Eric Brown’s authoritative 2006 report, Open Source Software: A Primer for Health Care Leaders several earlier attempts to apply the open source model to health care software development have failed, due in part to an inability to attract a sufficient number of knowledgeable programmers, a point discussed in a previous chapter.
Hospitals, medical clinics, and doctors’ offices must all maintain and archive medical records for their patients, including immunization records and medical charts. Records must be retrieved and updated in conjunction with patient visits.
Most large U.S. medical institutions have been shifting from paper records to electronic medical records systems over the past decade. OpenEMed is basically a distributed electronic medical records management and retrieval system. A number of commercial electronic medical records systems have been available for some time, so OpenEMed can’t be said to address an unfilled need. Its appeal is on the cost side.
Medical records have a number of special requirements that boost the cost of developing viable commercial software products to manage them. They must be available for quick retrieval by heath care providers in emergency situations, but thoroughly protected against unauthorized access due to legal privacy requirements. A successful hacker attack would be disastrous. They must also be protected against loss by frequent off-site backups in case of fire, earthquake, flooding, hurricane, or tornado.
Medical records may need to be shared among multiple locations like a hospital and satellite clinics. And, unlike, say, electronic bank records, which have similar requirements in many respects, they may include extremely large, detailed graphical images, including x-rays and CAT scans.
Thus an electronic medical records system requires large amounts of data storage, high bandwidth, and tight security. It takes specialized expertise to design and construct such a system. This is definitely not the place for taking major risks by adopting a trial-and-error approach and planning on learning by experience!
In the case of OpenEMed, much of this expertise was originally contributed by Los Alamos National Laboratory (LANL), which as a nuclear weapons laboratory has long been known for its supercomputing facilities and extraordinary IT security. What LANL has contributed is, first and foremost, an overall architectural design based on a careful assessment of the strengths and weaknesses of available software technologies, especially their security vulnerabilities. This expertise is extremely valuable because proponents of various software technologies, whether commercial or open source, tend to tout their strengths and downplay their weaknesses. Security flaws and vulnerabilities are particularly difficult to assess because of their esoteric subtlety.
Without going into great detail, the basic design of the OpenEMed system involves three different servers: a medical data server storing patient medical charts and medical histories, a media server to store images, video, and audio, and a patient ID server to handle authorization and authentication, as shown in the following diagram reproduced from the project documentation.
OpenEMed Architectural Design from openemed.net
Because the OpenEMed project is open source, and therefore built on other open source standards and technologies, electronic medical records are accessed using a platform-independent client written in the Java programming language. After authorization via an authenticator, for example by entering a password or using a biometric security device, a health care provider can access the patient ID server and retrieve records and images stored on the medical data and media servers, which need not be located nearby, via a secure Web server.
Although this design is clearly conceptually well-suited to the electronic medical records management problem, it’s deceptive in its apparent simplicity, and arriving at it was probably not a trivial exercise, even for a national laboratory like LANL. A weakness of any one of its various components would undermine the utility and reliability of the entire system.
In 2004 the Alliance for Rural Community Health (ARCH) in California, a coalition of six privately-owned health centers and clinics in the Mendocino area, began implementing OpenEMed to enable its members to operate more efficiently and improve the health care they provide. Although the software base in the form of source code is free, there are substantial costs involved in setting up the system, including hardware acquisition and software modification. By pooling their financial resources, the members of the Alliance can reduce their individual expenses in the ramp-up phase.
Once the system is in operation, these Alliance members will receive a return on their investment from the capabilities it provides, with the additional benefit of not incurring annual licensing fees, which are typically substantial for comparable commercial products. Because the software modifications and enhancements members have funded are added to the project’s open source code base, adopting OpenEMed will be more attractive to other health care institutions. The original adopters, however, can anticipate future benefits at no cost to them as later adopters contribute their own enhancements to the code base.
OpenEMed is an example of a well-conceived and highly beneficial open-source software project with a coherent architectural design and unusually reliable security features.
