In-Depth

MedicAlert, Advanced Technology Group

2006 ADT Innovator Awards

I. Project Information

a. Company and division name

MedicAlert, Advanced Technology Group

b. Web site URL: http://www.medicalert.org

c. Project designation: MedicAlert’s E-HealthKEY System
d. Brief explanation of the goals of the project

Non-profit healthcare leader MedicAlert has introduced a new offering, E-HealthKEY, which enables customers to keep an up-to-date record of their medicines and doctors with them at all times and stored to an online repository. In order to accomplish this, MedicAlert required a highly flexible, adaptive system that would interoperate with partners and client applications. They chose to move to a loosely coupled services-based system. However, before they could deploy this medical repository system or launch the E-HealthKEY product itself, they first had to ensure the operational health and security of the distributed, loosely coupled system. Project goals were manageability, security and visibility into the inner-workings of their services network.

e. Brief description of the business risks involved

The challenges of taking a business-driving system based on Web services are many. MedicAlert needed to meet the service level agreements they’d established internally and agreed to with partners. They needed to mediate unexpected conditions quickly, before they could impact business. They needed insight into the distributed system. And, due to the sensitive nature of the information passing through the system, they needed to ensure security across the distributed components of the application. This called for a services-based infrastructure to be implemented to handle management and security requirements in advance of taking the application into production.

f. Brief description of how the system helps users

The MedicAlert repository uses Web service interfaces to support standard Electronic Health Records (EHRs) for patient record interoperability. A new service from MedicAlert, the E-HealthKEY, stores critical medical information to a USB memory stick, which customers attach to a keychain to ensure that a complete personal health record is with them at all times. Customers can view and update their personal medical information via the MedicAlert web portal or the E-HealthKey, which seamlessly sync with one another. Because the system is built on Web services, it is easy to update, adapt and grow. MedicAlert uses AmberPoint runtime governance software to manage the system and secure the endpoints across the system, meeting MedicAlerts requirements for visibility into the system, ability to set, adhere to and manage service level agreements, and providing comprehensive exception handling abilities.


II. Organizational Objectives

a. What short-term and long-term benefits did the organization achieve from the project? Did the solution meet the projected goals for saving time and money? How were benefits measured? Was the system mission critical to the organization?

Seeking greater agility and flexibility from their systems, which must interoperate with partners’ and customers’ applications, MedicAlert has implemented a services-based system that comprises approximately twenty .NET Web services. Microsoft BizTalk Server 2004 is the Process Integration and Rules Engine, while Forum Systems is used for perimeter security. MedicAlert uses AmberPoint to ensure the operational health and address "last-mile" security requirements for their distributed services.


Goals for the project:

  • Deliver a valuable new life-saving service to clients
  • Build and deploy a reliable services-based system
  • Ensure the operational health of the services-based system
  • Meet internal and external service level agreements
  • Secure the system for privacy of transactions and updates via encryption and decryption of messages, for example.
  • Detect, diagnose and correct any faults discovered in the services network

The solution immediately met the projected goals. They have delivered a valuable new service in time and under budget. Rather than building its own management infrastructure, MedicAlert chose to implement AmberPoint SOA runtime governance software. As a result, they were able to take the system into production an estimated 75% faster than they would have otherwise. The services-based system has achieved 100% availability since going into production.

b. Describe the business purpose of the new system.

MedicAlert was seeking greater agility and flexibility from their information systems, which must interoperate with partners’ and customers’ applications. When looking at how best to deliver the E-HeathKEY offering, they realized the cross-platform interoperability that they’d require. They decided to build a services-based system for this new product offering, building a collection of 20 services on the Microsoft .NET Framework.


Business mandates included:

  • Flexibility
  • Agility
  • Cross-platform interoperability
  • Ability to meet internal and external service level objectives
  • Privacy of data
c. Describe the features of the new system. p>The MedicAlert repository uses Web service interfaces to support standard Electronic Health Records (EHRs) for patient record interoperability. A new service from MedicAlert, the E-HealthKEY, stores critical medical information to a USB memory stick, which customers attach to a keychain to ensure that a complete personal health record is with them at all times. Customers can view and update their personal medical information via the MedicAlert web portal or the E-HealthKey, which seamlessly sync with one another. Because the system is built on Web services, it is easy to update, adapt and grow.

d. Explain the functions of the new system.

To achieve the goals of the project MedicAlert implemented a services based system that comprised of approximately twenty .NET Web services. Microsoft BizTalk Server 2004 was the Process Integration and Rules Engine, while Forum Systems was used for perimeter security. And AmberPoint was chosen to ensure the operational health and address "last-mile" security requirements for the distributed services.


AmberPoint monitors system traffic to provide detailed performance metrics in real time. MedicAlert teams are able to see the performance of service and other system components from a single AmberPoint console, and can then manage governance and security policies running on all their servers.


MedicAlert also uses AmberPoint to detect, diagnose and remedy system errors. By monitoring the messages flowing across the system, AmberPoint can flag unexpected conditions, such as service level violations or the number of decryptions that faulted. It alerts the appropriate personnel and can automatically remedy issues through such actions as failing over to a back-up service.


AmberPoint also provides service virtualization, which allows MedicAlert to aggregate internal services into a single unified interface for use by outside parties. Additionally, AmberPoint enables MedicAlert to perform online upgrades seamlessly.


Finally, MedicAlert uses AmberPoint to encrypt and decrypt messages, ensuring that unauthorized users are unable to access or tamper with customer information. By using AmberPoint’s plug-in agents that transparently reside in the same container as the managed services MedicAlert never exposes unencrypted messages on the network. MedicAlert uses Forum Systems for message validation and protection of Web services against external attack, such as denial of service attack. The combination of AmberPoint and Forum Systems provides an implementation that addresses both perimeter and endpoint security.

e. Who were the internal sponsors of the project? Which officials or groups were opposed to developing the application? Why?
f. Were users of the system involved in the project during the planning and development phases? If so, how?

Internal users were involved in the QA process. A beta release of the product involved the first external users to testing and debugging the system.

g. What were the greatest challenges in completing this project? How were they overcome?

One of the greatest challenges for deploying services-based applications is ensuring the operational health of the system. MedicAlert used AmberPoint runtime governance software to gain visibility into the system and actively control the performance and availability of the services network. Because AmberPoint is an abstracted management layer, it adapts to changes (new services, changing service interdependencies, etc.) without requiring changes to the coding of the Web services themselves. This greatly simplifies the management challenge.

h. Were the goals changed as the project progressed? If so, what were the changes and why were they made?

Maintained and eventually met initial goals for the project.


III. Category

Middleware/Application Integration

Emphasizes the use of middleware, integration and messaging technologies within an application architecture. Relevant tools can include transaction managers, object request brokers, RPC-based schemes, XML-based technologies, object transaction monitors, Web services, application integration tools, message-oriented middleware (MOM) alternatives, and publish and subscribe systems. Also emphasizes the use of middleware to link multiple packaged and/or packaged and internally developed applications, and multivendor DBMS systems to allow seamless integration between dissimilar systems.


THE PROJECT


IV. Methodology/Process

a. Describe how productivity tools or techniques were used in the project.

Microsoft Visual Studio 2003, Visio, SharePoint Portal, etc.

b. Were testing tools used during development? If so, when were they used? Was the testing cost-effective?

Yes. During the complete life cycle of the project. Followed some of the Test Driven Methodologies.

c. Was a formal or informal software development life-cycle methodology employed? If yes, please describe it.

A combination of both; formal life cycles were used for the entire project but less formal processes were used for smaller sub-projects. Tried to find the right balance of formality. (This is not easy to do)

d. What formal or informal project management methodologies and/or tools were used to manage the project? If used, please describe how.

Formal life cycles used a tailored version of RUP. Less formal life cycles used Agile methodologies

e. Were software quality metrics used? If so, what were they, and did using them significantly help the project?

No


V. Technology

a. What were the major technical challenges that had to be overcome to complete the project successfully? How did the team respond to those challenges?

Web services in general are deceptively easy to develop and deploy. Not until well after several prototypes did we realize what web services really were, how to develop them, how to deploy them, version them, secure etc. Making sure the right code is implemented in the right place was a learning process.

b. What software tools, including databases, operating systems and all development tools, were selected for the project? Why were they selected over competing tools? What process was used to select development tools and software platforms?

We are mainly a Microsoft shop so selected MSFT Visual Studio 2003, SQL Server 2000 on Windows Server 2003. We chose and continue to choose Microsoft development tools because they provide the most productive environment available today. There are a lot of cool things in the new suite of Microsoft products and having fun while your code is a huge plus.

c. Describe the overall system architecture. Were elements of the technical infrastructure put in place to support the new system? Please describe.
  • Development in Microsoft .NET
  • Other offices, partners and customers using Java
  • Forum Systems Sentry for perimeter security and message validation
  • Microsoft BizTalk Server 2004 for Business Process Integration
d. What characteristics of the tools and technologies used were most important in achieving the business purposes of the system?

Ease of implementation, ability to run natively in .NET, cross platform interoperability.


VI. Project Team

a. What was the size of the development team?

8

b. Describe the software development experience of the team members.

Rapid and very cyclical.

c. What was the composition and skill level of the team? Did development teams require training to work with the technology?

Yes. There are two technical leads that understand web services very well. All other developers had to come up to speed on new technologies, standards, etc.

d. Please list team members and their titles.
e. How many person-months/days did the project take, and over what calendar time frame? Was a formal schedule created at the start of the project? Did the project stay on schedule?
f. Did management and the user community consider the project a success?

Yes.

g. If you had to do the project over again, would you do anything differently? If yes, please explain why.

Of course; hind-site is always 20-20. :) More asynchronous messaging.