A host of changes: moving a PHR to the managed cloud
- 4 October 2018
After six years of growth – and with the promise of more on the horizon – staff at University Hospital Southampton NHS Foundation Trust decided to move the organisation’s online patient service into the managed cloud. According to Kevin Hamer, the trust’s IT development service manager, it is a change which was not challenge-free but from which benefits have almost immediately flowed.
Southampton’s online patient service is, somehow, already six years old. In this time, My medical record has undergone three significant user interface transformations and a whole host of back end changes. But this year we set out on the biggest upgrade of them all – one which turned out to be something of a necessary journey into the unknown.
We were already approaching 10,000 live patient records but we knew the original architecture could not adequately keep pace with our future needs. We needed to open up the back end record; get it somewhere more accessible while ensuring we had a secure and scalable cloud-based platform. In short, we felt we should no longer be hosting the service ourselves.
We chose to port the back end to OpenPHR – a platform with full FHIR integration – for obvious interoperability reasons. Other hospitals already use our service and we wanted to enable other providers and apps to connect too. We felt this would also give us more scope to align with the national picture, such as the Citizen Identity programme.
The front end user interface also underwent a significant upgrade. At the same time we decided to push the whole thing into Microsoft Azure.
Why do it?
A question we are continually (and rightly) asked is: “How secure is the system?” We all know the risks of doing anything online, and people are understandably particularly cautious when it does to health data.
This was a key factor in going down the route of professional hosting. Another factor was our ability to keep pace with the rate of demand for personal health record services, including the associated hardware and setup required to ensure appropriate capacity and availability.
Professional hosting takes care of both areas for us. We were impressed by the instant scalability offered by Azure, 24/7 service (with back-ups as routine), and a security setup that we couldn’t have hoped to match without spending a lot of money. We’re also not in the business of hosting internet-facing websites, and we had no reason to do so other than for My medical record. Transferring it to a professionally hosted service meant removing a security risk to our network that we previously had to manage.
We chose to go down the route of ‘platform as a service’ on Azure, as this sees Microsoft taking care of everything from the operating system down. It required a more complex setup (versus booting up ordinary virtual machines), but it means that more of the security is taken care of, such as patching, and it also offers more flexibility.
And Get Real Heath, the supplier of our data store OpenPHR, work closely with Microsoft and had experience of running the platform in Azure.
Despite all this, we hit a number of problems. You always expect some in a project of this size, but there were also a lot of unknowns.
The key issue in all of this was the size of the project itself and the fact that we were migrating an embedded service to a cloud provider. While Get Real Health had other customers using Azure ‘platform as a service’, they had all started their journeys there and had no need to migrate anything. Starting off a new PHR in Azure would have been unquestionably easier. So would have porting everything to virtual machines and then thinking about moving to platform as a service. There is no question that we did it the hard way.
The benefit of someone else doing it
Despite the challenges, we did quickly find benefits to the move to professional hosting. A couple of clicks can up the service level to increase CPU cores and RAM. And the number of instances can also be increased. We soon found that we were able to optimise the service to make it quicker than it had previously been before, for both patients and clinicians.
This is something we continue to work on as we look to maximise response times and performance for our users, while also securing maximum value for money. An obvious next step is to scale up in core hours and scale down on evenings and weekends, though we have to remember our patients – they are more likely to access the service in the evening. Azure allows you to configure the times and days when you increase or reduce resources and when resources hit a threshold, so you can take complete control over your environment without forever needing someone at the wheel.
What else? We no longer need to security patch the servers, worry about fail-over or back-up – Azure takes care of this for us. We’ve also implemented a ‘sync service’ that allows you to keep a copy of certain data tables locally. This supports local audit and offline reporting, which can be done quickly and without affecting the live environment.
Moving forward
We now have an open environment that other apps and providers can connect to through FHIR. And as more services at Southampton go live – and more hospitals use My medical record – the back end hardware will scale as required.
Linking the shared record for Hampshire and the Isle of Wight into Open PHR is an obvious next step, and we may also have the opportunity to do something similar with Dorset. Within the LHCRE (Local Health and Care Record Exemplar) programme, meanwhile, we want third party suppliers of NHS commissioned bespoke app to feed the same patient record. We believe it can help suppliers come to the market if they do not have to stand up a record infrastructure and the surrounding security.
The job is not yet done – in many ways it feels almost like we’re at the beginning. But the original vision of an interoperable comprehensive cloud-based record that the patient owns now feels a step closer and a lot more tangible.
Kevin Hamer is IT development service manager at University Hospital Southampton NHS Foundation Trust.
14 Comments
People should be able to choose WHAT data they wish to coose with WHICH organisations, so if Trust X collects the data that does not mean that Trust X gets to see it, sounds a bit wired but in 2018 that is how things should be working …
I spent four years trying EVERYTHING in Online Dating, and through a huge amount of trial and error, I produced a system that I will share for you. This book will take you, step by step, through everything you need to know to double, triple or even quadruple the number of women you meet online.
is it free? virtually all new couples connect on line NOW, and businesses and organisations like the NHS use social media to market and get their message out, thank you for your honesty ladies, embrace social media do not criticise it, you have made my day, good luck with your book
People are nomadic, a national approach is required
Looks like an amazing initiative and very likely many others will follow. Would help if a High Level Architecture design along with key challenges (and how they were addressed) – would surely help other NHS Trusts / Orgs as I am sure many are skeptical to use Cloud (even now!). Thanks
Much as I approve of what you are doing it falls short of being a truly open platform as defined by the Apperta Foundation as you are still dependent on a single vendor for the repository.
In a true open platform there is substitutabilty of all components. For example if you had chosen openehr you would have a choice of at least 4 proprietary implementationds and 2 mature open source clinical data repositories (CDRs)
BTW inidus have built an open source FHIR API that will provide FHIR on any openehr CDR.
As you say Ewan we agree on many things. As we have full access to the platform and can move the complete data I’d challenge the “reliance ” bit. It is different though as you say with OpenEHR you can replace your system vendor without moving the data. Moot point I guess as you’re “stuck” with OpenEHR in that, not that that’s a problem. In theory OpenPHR can change app vendors without moving the data too.
It’s an evolving market.
They are both positive movements IMO
Ade
The key word in your reply is … Market.
Is openPHR in any way related to openEHR standards?
“Is openPHR in any way related to openEHR standards”
Standards is an interesting word but no not directly. OpenEHR uses AQL to get at data whereas other open platforms tend to be moving towards FHIR.
OpenPHR is a service that we have stood up rather than a particular technology. We may put some OpenEHR in there in time, but the main thrust is open data with FHIR and API management, trusted connected apps sharing data in the platform.
Ade
Yes you are right about OpenPHR
Ade
I think the reference to OpenEPR in the second sections should actually read OpenPHR
You’re of course quite right, Andy – it should. Now corrected. Apologies for the mistake, which crept in during the editing of the article.
The key word in your reply is … Market.
Comments are closed.