SOA Governance and its challenges

By Sadi R Melbouci

From DSOFT Technologies

Introduction

Service Oriented Architecture enables enterprises to pursue business and technical strategies that promote the exposure of business functionality within and between enterprises in consistent, published, secure and contractual fashion.
However, Service Oriented Architecture is not a solution that comes in tidy box. It is more about new way of design, it is more about culture then it is about technology.
To ensure success of any SOA implementation, it is necessary to include some type of governance that define the policies and practices all services should follow.

Why some SOA implementations failed?

SOA Governance is probably the most talked and most delicate topics in SOA nowadays. About 5 to 6 years ago, many organizations approached SOA as implementing a web service. There was no attention to SOA Governance. This may be explained differently, but the situation reminds me of a practice of the some IT managers – just get it to work and take a look at the design later. As we all know, any temporal fix becomes a permanent solution with consequences dealt with later and at higher cost.
In one of the my consulting jobs, the organization thought that SOA was a new integration technology that will magically integrate all their existing assets. One of the managers asked me to start looking at the code to perform this funny integration. When I told him what SOA meant, he got a chock of his life. Without going into details, many organizations built hundreds of services/components and run into scalability, performance, manageability and integration problems.
One of the main reasons of this type of difficulties is that service-oriented, design, implementation was not governed at all or governed with traditional software development without any clues on service orientation [1] methodologies.
In this article, we will present SOA and its Governance policies to address these problems.

What is SOA?
Multiple definitions of SOA were presented in the literature, I will summarize some of them in here. SOA is architectural style who's goal is to achieve re-usability and loosely coupling paradigm among interacting agents. Within SOA, services are mechanisms by which needs and capabilities are brought together.
SOA operates in an integrated business-technical context as opposed to traditional business-IT separation.
Anne Thomas Manes from Burton Group said, “SOA is a style of systems architecture, not integration architecture. It’s about refactoring capabilities into services, not about integrating application silos”.

What is SOA Governance?
Governance is set of rules, policies and regulations under which an organization functions as well as the processes that ensure compliance. SOA governance refers to processes that ensures that services and applications are developed so that they are aligned with :

• Best practices
• Business requirements
• Laws
• SLAs
  

SOA Governance has two main component:

• Design Time Governance also called "SOA governance framework", captures information about the services and policies.
  
• Runtime Governance or sometimes called as "Service life cycle management", enforces the policies during the execution, management and service discovery.
  

The need for enterprise governance is business oriented to integrate business initiatives (supply chain, order management,...) with IT initiatives (EAI, Web service, ...). The companies needs to move from "develop now and integrate later" to "develop for integration". To ensure business continuity, reduce cost and complexity and limit corporate liability, the companies shall define the policies and procedures early in project life cycle to allow:

• Prevention of service proliferation and promote reuse
• Define Services with the right granularity
• Utilize a formal service description model with appropriate metadata
• Develop and implement best practices for interoperability
• Approach SOA on how it will be deployed and consumed
  
• Manage and monitor service health, performance and Quality of service
• Audit and measure compliance
  
• Define and manage Policies and contracts centrally
  
• Central registry-repository to describe all services and associated metadata
• Service mediation and discovery
  

Design Time Governance (Governance Framework)
There are mainly four phases to SOA governance framework: Plan, define, Enable and Measure.

• Plan Phase, the overall business and IT requirements are understood and documented
• Define Phase, the SOA governance approach is established based on corporate, enterprise and IT governance environments
• Deploy Phase, governance mechanisms are put into place, the organization is educated, and governance policies are deployed.
• Measure Phase, policy compliance and effectiveness are monitored and audited.

Runtime Governance Compliance (Service Lifecyle management)
The runtime governance encapsulate the phases to model, assemble and deploy. These 3 phases are broken into two separate facets:

• Service Development and Delivery Management
• Support Infrastructure and Management

Service Development and Delivery Management
Service Development and Delivery addresses the essential needs to govern the services development through the established governance framework. The areas of focus are mostly:

• Change and release management - What, When and by whom a service can be changed
• Requirements and Quality Management - Ensure services are developed in compliances with business requirements and compliance.
• Design and Construction - Ensure the best practices and design principles are appied for maximum.
• Asset reuse.
• Service Versioning
• Service Retirement
  
• Process Management - Continual auditing to make sure that the process is followed

Support Infrastructure and Management

Environment

• Distributed, cross-boundary services and access present security risks
• Rapid deployment and loose coupling of services
• Performance and prioritization of services

Service Security

• Need to manage identities and access control cross multiple platform, applications, business partners and entities
• Need for E2E security architecture that can be deployed and integrated with existing and disparate security models
• Need to define encryption policies
  
• Need to consistently enforce security policies

Service Management

• Federate identity and access control
• Secure services and applications
• Consistently enforce security policy

Service Virtualization

• Support scaling infrastructure resources
• Prioritize infrastructure across multiple services and/or business processes (composite/dynamic applications)
• Accelerate application performance by distributing the composites across multiple infrastructure resources.
  

Service Registry and Repository
Service Registry contains the policies, description and metadata for each service present in the enterprise. It provides a mechanism to find services and their metadata.



Conclusion
SOA governance requires policy control and audit framework that spans the security, service definition, identity domain, service consumption and people. A SOA governance framework requires some means to consistently define some policy and managing it through its lifecycle and provisioning from central accessible policy registry and enforcing its execution across distributed systems.
Enterprises will only benefit and further improve their competitive advantage and quality of service by utilizing an automated policy governance. By doing so, the organizations will be able to leverage both their IT assets and human capital.

References:
[1] SOA Design Patterns, Thomas Erl, 2009
[2] SOA-RA public Review
[3] Reference Model Service Oriented Architecture
[4] Does web service make a service for SOA

Medical Practice Management Software Promotion

February 1st, 2009
Pasadena, CA
USA

DSOFT Systems Inc. announced early this morning that they are providing a large promotion to booster the affordable Medical Management Software on the market, EzMedPro.
The 30% promotion will expire on Februray 28th, 2009.
Use the promotion code: FRTG02
DSOFT Systems Inc has made available EzMedPro product with 15 days trial period. The trial version has most the functions available at the exception of printing HCFA CMS-1500 form.
The electronic medical records, appointment scheduling, patient demographic, medical billing, invoicing and reporting are all available for trial.

Medical Billing Software

DSOFT Systems News

DSOFT Systems, Inc has announced on Friday Jan 16th of 2009 that EzMedPro 2.0 will be integrated with Medical Billing software and the customers can downloaded it at no additional charge.
The First release will contain medical claim management and will support the transaction 837P.
The other HIPAA transactions 276/277 and 270/271 will be released later with 2.1 release.

DSOFT Systems Inc also mentioned that EzMedPro 3.0 will support credit card processing.

References
http://www.dsoftsystems.com/medical-billing-news/medical-billing-jan2009.seam
http://www.dsoftsystems.com
http://www.dsoftsystems.com/web/medical_billing_software.seam

Page Rank 4 in 60 days

How to accomplish google page rank 4 in 60 days?

By Sadi Melbouci

At the end of this year - 2008, I got a nice christmas surprise. My site went from google rank 0 "zero" to 4 in 60 days.

My web site, Practice Management Software, was first crawled sometime in the end of October. I decided to increase the rank of my site and traffic with a minimum budget. I laid out a plan and below, I will discuss the tasks that I executed in the sequence that they appear.

Page Header Elements

Designed the pages to be SEO friendly with modern web page build design. Paid attention to the following:

- Page title

The name of web page has the name of the title

- Page header

The title has the first H1 header in the page

- Meta description

The page description has the title in it as the first sentence.

- Meta tag keyword

3 to 4 keywords per page.

Page Design

- Usage of CSS

Take advantage of modern web page design. Styles should be defined in a CSS document that references the elements, IDs, and classes in the XHTML document.

- Page size

Google only crawls the first 100k. Kept the page to less then 50k

- Eliminate Obsolete or deprecated HTML

Use modern design techniques and used proper combination of XHTML and CSS

Link popularity

- Submitted the site to the major search engines including Yahoo, Google, Altavista, ...etc

- Submitted the site to web directories: Yahoo, DMOZ, Allweb, BOTW ...etc, submitted the site to the correct caegories. This will provide one way link to your site.

- Started a blog and wrote articles on the subject related to my site.

- I commented on other blogs related to my site

- Added an RSS feed to my site

- Made the keywords as the anchors

- Finally, I have exchanged links with other sites on the same subject domain as my site. Making sure that the anchor in the link is one of my keywords.

Keyword Density

- I focused on 3 to 4 keywords per page that were defined in the keyword meta data header element.

- I wrote the text in the body for the potential customers describing my product without repeating too much the same keywords and used bold where needed.

- Put one keyword in alt image attribute and title

- Put one keyword in name and title of the link attribute

Advertising

I have noticed that some of the ads from Google and Yahoo advertised as content (This type of ad appear on some articles related to subject described in the ad). When these sites get crawled, The search engine counted it as one way link.

I guess this might be a temporal link but counts to increase both the organic and advertised traffic.

That's all. It worked like charm.

Medical Practice Software

Download Medical Practice Software

HIPAA Compliance

In this article, I will address HIPAA as it relates to the software and tools used by clinicians to manage their practice. The congress has put a set of rules under the HIPAA law, we will explain what's this law is about and how it applies to medical software.


What is HIPAA?

The Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. As the industry adopts these standards for the efficiency and effectiveness of the nation's health care system will improve the use of electronic data interchange.

The Entities covered by HIPAA law are:

• Health Plans

• Health Care Providers who use certain electronic transactions

• Health Care Clearinghouses

The HIPAA provisions are summarized as:

• Transaction Standards and Code Sets
• Privacy
• Security
• National Standard Identifiers for the Provider, Employer, Health Plan and Individual

HIPAA in Practical terms

Administrative Simplification is a method of making medical practice (the billing, claims, computer systems and communication) uniform in order for providers and payers to interact with each other through each other's proprietary systems. The changes will affect such activities as:

• Enrolling an individual in a health plan

• Paying health insurance premiums

• Checking eligibility

• Obtaining authorization to refer a patient to a specialist

• Processing claims

• Notifying a provider about the payment of a claim

HIPAA Privacy Right and Security

HIPAA contains a provision that is related to Electronic Data Transactions to standardize the exchange of the data between trading partners. These transactions are mandated to be in the ANSI ASC X12 version 4010 format.
In Addition to the transactions, Software industry has introduced Electronic Medical Records. To guarantee the privacy rights and secure the access to the medical records, HIPAA provided guidlines to protect the patient's privacy.

Privacy rights

The HIPAA regulations establish standards for protecting individually identifiable health information and for guaranteeing the rights of individuals to have more control over such information. Here is the summary of these regulations:

1- Right to ask and see a copy of your records
2- Have Correction made to you records
3- Receive a notice that your information will be shared
4- Decide whether to accept that your information can be shared
5- Get a report of when and why your record is shared
6- Ask that your information shall not be shared
7- File a complaint

Security 101

The HIPAA regulations have establish standards for all health plans, clearing houses, and storage of health care information to ensure the integrity, confidentially, and availability of electronic protected health information.
The Security Rule covers only protected health information that is in electronic form and we can summarize the security standard into the following requirements.

- Administrative Safeguard
These are administrative functions that should be implemented to meet the security standards. These include assignment or delegation of security responsibility to an individual and security
training requirements.

More details on Administrative Safeguard Reference

- Physical Safeguard
These are the mechanisms required to protect electronic systems, equipment and the data they hold, from threats, environmental hazards and unauthorized intrusion.

More details on Physical Safeguard and recovery


- Technical Safeguard
These are primarily the automated processesused to protect data and control access to data. They include using authentication controls to verify that the person signing onto a computer is authorized to access that.

More details on on Technical Safeguard who has accesses what information?

Is X12 technology right for healthcare

Is X12 Format right for Healthcare.

In every corner, we hear about the rise of healthcare costs and how to reduce them. I would like to add one area where the cost can be reduced significantly.
We all agree that the cost can be reduced by automating certain procedures, such as the medical billing, electronic medical records, scheduling, reporting and so on.
The first question I asked was, what if the cost of automation is so huge that it will raise even more the costs of healthcare.
So, how can we reduce the cost of the automation.
The scheduling, automation can be accomplished at very minimal cost.
The Electronic Medical Records is specialty dependent, but there is some common data that can be defined as "standard" for each practice.
The medical billing is the big elephant in the room. The cost of its automation is significant and its implementation is complex. We will look at two aspects:

• Medical Coding
• Claim Processing
  

Medical Coding specialists are in high demand because of rapid growth in the number of medical tests, treatments, and procedures that will be increasingly scrutinized by health insurance companies, regulators, courts, and consumers." (See U.S. Department of Labor, Bureau of Labor Statistics.) , It is probably the fastest growing profession withing the healthcare industry. The 2005 statistics from the United States Department of Labor and Bureau of Statistics, showed the healthcare information industry is expected to grow faster than normal through 2014.

In practical terms, the medical coder adds cost to the clinician and that cost will be transferred to the patient. But this is required position that we may not be able to cut. So, where can we cut costs ?
We will look at how to reduce the cost HIPAA transactions processing.

HIPAA Transactions.
HIPAA defined a set of transactions to support Electronic data exchange:

• Health Care Claims or equivalent encounter information (837);
• Eligibility for a Health Plan (270/271);
• Referral Certification and Authorization (278 or NCPDP for retail pharmacy);
• Health Care Claim Status (276/277);
• Enrollment and Disenrollment in a Health Plan (834);
• Health Care Payment and Remittance Advice (835);
• Health Plan Premium Payments (20); and
• Coordination of Benefits (837 or NCPDP for retail pharmacy).

While many entities in the health sector have developed, or are in the process of developing, electronic data interchange (EDI) format standards, the lack of common, industry-wide standards is a major obstacle to realizing potential efficiency and savings.

The problem starts with the choice of EDI format, X12. For those who had some experience with X12, they know what I'm talking about. It is a complex format that is very hard to maintain and terribly complex to implement.

Today, the software industry offers other technologies that can actually reduce the cost of the implementation of the HIPAA transactions and HIPAA specifications. One of these technologies is XML Web services (Dont confuse it with a web site) that operates under SOAP (Simple Object Adapter Protocol) or REST.
The data for each transaction can be defined with an interface called WSDL (Web Service Definition Language) and the companies can implement the business behind each transaction independently.
This protocol is platform independent (Windows, Mac, Unix, Linux, MVS ...etc) and it can reduce the implementation costs by 500% and increase efficiency at every level of claim processing because this technology provides hooks to validate, secure, transport data. This reduction of cost in claim processing will imply reduction in insurance premiums as well as the reduction of the cost of billing systems.
Compared to EDI where the claims are submitted in batch format, the Web Service technology can submit the claims in realtime or immediate send or in batch mode. The number of errors will be reduced to under 1%.

The combination of efficient medical coding along with web services technology as the protocol of choice for HIPAA transactions will reduce the cost of claim processing by at 200%.

Conclusion

The ultimate goal is to take care of the patient at reduced cost. Many things need to come together in order to accomplish this goal. One of them is Medical Practice Management Systems implemented at reasonable cost that offers the functions that will optimize the provider time and costs. I believe that it start by applying the right technology that can help the business.

Medical Practice Management Software - EzMedPro

Introduction

With today's rising healthcare costs and the baby boomers needing care, it is important to automate medical records, billing, ...etc in the everyday provider's tasks. For patients, they want the best care. They want to get an appointment with a doctor when they are not feeling well and not wait few days for a possible care. And when they show up at the doctor's office, they want the best care.
The best care comes when the provider knows our medical history and can be accessed quickly on each visit.


How do we make the provider more efficient?
Well, we need to look at how to optimize the time the provider spends in tasks other then seeing patients.
I will try to list some that every patient may have seen:

1- Medical Records are on paper and hard to find, the doctor does not go through every pages of our record. He looks at the last visit. We need to have a way to show the medical history summary of the patient that can be seen by the provider without going through 30 pages.
2- Medical Coding is another area of headache. To put it in simple words, a visit to doctor has a code (that's a CPT code) and diagnosis is another code (that's the ICD code). These codes are used to submit the claim to the insurance company.
3- Billing is critical to raise revenue for a practice. Having a system that generates a bill for each visit and manage the receivable accounts will help the providers save time. However, I have seen that these two functions are usually managed by two different systems. EzMedPro
is a software that integrates these 2 functions.
4- Insurance Claims , this is an area I believe needs the most improvement. The Insurance companies make it hard for both the provider and the patient when it comes to pay a claim. Today there are two way to get a claim processed:
- HCFA form and send it by mail
- Electronic Claims
5- Scheduling is not really an issue but need to be mentioned for large practices to run reports and send reminders to the patients prior to their appointment.

The potential solution
The solution is to automate the daily tasks as much as possible. Basically we need to automate at the least the 5 tasks I listed above: Scheduling, billing, insurance claims, medical coding and medical records.
Not only do these task need automation but they need to be integrated within one system in compliance with HIPAA.

There are certain number of systems that provide some type of solution. However, for most of the providers, affordability is an issue, until now. EzMedPro is a Medical Practice Management Software that integrates all the tasks I listed above and is available for a price under $300.

The Objective is to make the provider focus on the patient. EzMedPro Software from DSOFT Systems provides the lead way for affordable software with efficiency for providers.

Add to Technorati Favorites