eCare Technical Workshop

Data Sharing & Standards Division

eCare Technical Workshop

Inverness

23rd November 2005

23rd Novemeber 2005 eCare Technical Workshop 2


Agenda

• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A



Agenda




eCare Safe Haven

Agency Network

Messaging Zone

Framework Zone

Message

MessagingBusiness Logic

Data

DatabasesIndexes

SQL

Adaptor

IntegrationMessaging

SOAP

Agency System

System Business Logic and Data

The Messaging Service provides Agency Applications with an interface to the eCare Framework

eCare Safe Haven or DMZ is a secure perimeter network that connects the Agency networks with the network in which the eCare Framework’s hardware is located.

The Multi Agency Store is the repository used to store consented data for the purpose of information being shared between different agencies

An Adaptor is a software component that enables communications between agency systems and the eCare Framework […] the Adaptor can be a logical software component built into an agency system or on a separate physical machine

Agency Systems are MIS applications within the varying agencies that perform client/patient/person processing functions



Indexing & Matching• Systems must have a person record prior to sharing or viewing of data in the MAS

• Systems must create an index entry in the MAS from a matching solution employing a national process as per the eCare Matching Overview strategy document

• eCare maintains a multi-agency index of all connected systems person reference numbers; systems have no access to this index which contains no shared data

• Systems must have an index entry to receive MAS notifications

• This index permits systems to view data regardless of consent or disclosure authority. The ability to lock a person record in the MAS from viewing is a separate – and currently unrelated – function.



Consent & Disclosure Authority

• Conditions for data sharing are:

– Either the Subject (or a proxy for the Subject) has given informed consent to the sharing of data or a competent professional within the disclosing agency has taken a considered decision to override the absence of consent; and

– It is necessary and relevant to share the data.



Consent• Consent is collected once per person in the MAS

– A subset of data is stored

– A full history of changes is maintained

– All systems with an index entry are notified when the status changes

– Does not physically enable data sharing



consent process (cross-partnership)

MAS notifies each system with an Index entry that

consent has changed

Systems update their own consent status

MSG: CONSENT_STATUS

RefNoConsent Data

SYSTEM-A

MAS

MAS maintains a history of all consent

MSG: NOTIFICATION

SYSTEM-N



Disclosure Authority• Authority is stored once per system per person in the MAS

– A full history of changes is maintained

– All systems with an index entry are notified when the status changes

– Physically enables data sharing – no system can send data to the MAS without authority

– Does not restrict viewing data from the MAS – all systems with an index entry can retrieve data



disclosure process

MSG: AUTHORITY_STATUS

RefNoAuthority Data

SYSTEM-A

MAS

MSG: NOTIFICATION

SYSTEM-N

MAS notifies system admin thatauthority has

changedMAS maintains a history of all authority



Agenda




What is the eCare Framework

Agency Application

MessagingServices

Adaptor

eCare DMZ

Agency

MatchingMAS

Matching Services

Auto Matcher

Manual Matcher

NHS

CHI Services



What are web services

• Standards based

• Simple Object Access Protocol 1.1 (SOAP)

• Web Service Definition Language (WSDL)



Security

• Encryption– SSL Encryption

• Authentication– WS-Security (Username Token)

• Authorisation– WS-Security / Policy



WS-Security• Oasis standard• Supported by :

– IBM– Microsoft (WSE) – Sun– Oracle– Bea

• Message level security• http://docs.oasis-open.org/wss/2004/01/oasis-

200401-wss-soap-message-security-1.0.pdf



Services Documentation Set

• Messaging Integration Guide

• Messaging Admin Guide

• Matching Integration Guide

• Matching Admin Guide

• Viewer Tool Guide

• + Other National Documentation Set….



Application Design Decisions

• Interoperability

• Service Granularity

• Authentication and Authorisation

• Data Changes

• Unique Message Requests

• Error Feedback



Interoperability

• Apply best practise

• Validate against WS-I Basic Profile

WS-I is an open industry organisation chartered to promote Web services interoperability across platforms, operating systems, and programming languages.



Service Granularity• Document Message Pattern• Coarse grained messages

– Simplify message sequencing– Reduce network performance overhead– Simplify transaction management



Service Granularity…

• Standard message formats

Messages::eCareMessageContainer

Messages::eCareMessagePayload

1

1

+LocalUniqueMessageId : string+AuditReference : string

Messages::eCareMessageHeader1

1



Authentication & Authorisation

• Authenticate host application not user

• Implemented through WS-Security

• Support Role based authorisation (Policy)



Unique Message Request

• All messages must include a unique identifier

• Validated on every service request



Error Feedback

• Soap Fault

• Client Details – XML formatted error messages & codes

• ClientUtilities DLL (for .Net)



Web Services Supported

• Focuses on – Core Demographics– Disclosure Authority– Matching– Processes– Events – Status Episodes



MatchingProcess

Matching MAS

Messaging

eCare DMZ

Host Application

Agency Boundary

AutoMatcher

NHS Boundary

Adaptor

ManualMatcher

CHI

7. Index Created

1. New Service User

8. Match Notification

3. New MatchRequest

2. Poll for new service users

4. Store Request

5. Attempt Match

6. SearchCHI



Web Services Supported…

• Matching Service– NewMatchRequest

• Index Service– IsMatched– Not AddIndex etc.



MASNew Match Request

Match

Req

uest

Matching DB

Matching Tool

Get Pending Match Request

Cre

ate

Ind

ex

Successful Match

Adaptor

Matching Process




• Notifications Service– GetNotifications– AcknowledgeNotifications



MASNew Match RequestAdaptor

Matching ProcessIndex

Created

Get Notifications

Acknowledge Notifications



Matching Demo…

• Automatic Matcher

• Manual Matcher

• CHI Simulator


Data Sharing & Standards DivisionData Sharing

MAS

Messaging

eCare DMZ

Host Application

Agency Boundary

Adaptor Viewer

1. Service UserInteraction

2. Store DisclosureAuthorisation

3. Store Service User Data

5. View SharedData

Host Application

Agency Boundary

Adaptor

4. Other Agencies Share Data

Adaptor monitorsChanges



Web Services Supported…• Disclosure Service

– StoreDisclosureAuthority– StorePartnershipConsent

• Person Service (Person, Associate & Professional)

– StorePerson• Must be matched first• CurrentData

– GetPerson• Current Data Only

– GetPersonByMasId• Person Status



Web Services Supported…• Organisation Service

– StoreOrganisation– GetOrganisation

• StatusEpisode Service– StoreStatusEpisode– GetStatusEpisodeForSubject– GetStatusEpisode

• Process Service– StoreProcess– GetProcessesForSubject– GetProcess

• Event Service– StoreEvent– GetEventsForSubject– GetEvent




• Viewer Service– GetPersonView– GetPersonViewXML



Extensions• Supported by

– Processes– Events– Status Episodes

• Allows custom data to be stored– E.g. Referral Process:

• Reason• Received Date• ConcernFactorCV



Viewer

• What is the Viewer and what can you do?– Access MAS Data– No searching– Embed in web page– .Net User Control (Web Page)– No inherent authentication / authorisation



Web Service / Embedded Viewer Demo…



Viewer Usage

• ASP.Net page

• Parameterised reference data

• Access Rights – tab visibility

• Configurable Tabs text / CSS



Version 0.7 Viewer Demo



eCart Demo eCart eCare

eCart User Interface

eCart Application

eCart Data

Directory Service

eCare Messaging Service

MAS



Agenda




Forms Web Services

• Two Phases– 0.7: Store and Retrieve Completed Form– 0.8(?): Retrieve full Form definition



Storing a Form

• Form Definition must exist in MAS (Excel Tool)

• Forms belong to a process

• Agencies can collaborate on a single form

• Pessimistic locking is implemented

• Form ‘updates’ do not overwrite old forms (FormState)



Storing a Form

• New Form– Execute StoreForm web service

• Update Form– GetForm (with lock)– StoreForm



eCareStoreForm (New)

System A

Store Form

System B

Get Form

(for e

dit)

Store

Form

Get Form (for edit)

Error!

StoreProcess



Webservice Validation

• Question mapping – based on Question Code

• Definitions validated – e.g. CVs, Validation Types etc.

• Mandatory fields not validated – change?

• Calculations not validated

• Locking validated



Entities

• Form (Form State)

• Form Sections (Multiple Occurrences)

• Form Question Grouping (Multiple Occurrences)

• Responses



Other Forms Services

• GetFormsForProcess

• GetForm

• UnlockForm

• LinkFormToProcess



0.7 Enhancements

• Logical sorted results (e.g. Processes)• Improved database indexing• Support multiple Person Roles (single

operation)• Some new CVs• Various Viewer improvements (cosmetic)• Matching Simulator improvements



Agenda




Conceptual ImplementationeCare Partnership Boundary

Education BoundaryEducation BoundarySocial Care BoundaryHealth Care Boundary

Health CareApplication

eCare Adaptor

eCare Framework

MAS Index

Security Messaging

Social Care Application

eCare Adaptor

Education Application

eCare Adaptor

Other Application

eCare Adaptor

Matching

CHI

Agency Boundary

Agency Application

eCare Adaptor

Viewer Web Server

eCARTWeb Server

eCARTDatabase

Server

eCARTAdaptor

Optional Components

MatchingClients

CHI XMLGateway

Only in Health



Agency Responsibilities:• Agency Applications (or eCART)

• eCare Viewer (Optional)

• Application Adaptors

• Matching Tools

• eCare Connectivity

• Security



Partnership Responsibilities

• eCare Safe Haven– MAS Database– Application Servers– Secure Infrastructure

• Administration / Maintenance

• Disaster Recovery

• Resiliency



Technologies

• Microsoft Technology stack

• Windows 2003

• SQL Server 2000

• Microsoft .Net 1.1 Framework



The Options….

• Local Implementation– Partnership jointly responsible for eCare Safe

Haven implementation and on going support

• Managed Service– Centrally managed eCare Safe Haven



Option 1 – Local Hosting



Basic Connectivity

Network Intrusion Protection System

Connection Networks

WAN Router

eCare Firewall 100 Mbps LAN Switch with VLAN

capability

eCare Data

eCareManagement

eCare Applications

(if any)

eCare Messaging

Agency B

Agency A



ServersSmall Scale Solution

Large Scale Solution

DatabaseServer

Management Server

Application Server(if any)

MessagingServer

eCare Management LAN

eCare LAN

DatabaseServer

Management Server

Application Server(if any)

MessagingServer

eCare Management LAN

eCare LAN

MessagingServer

DatabaseServer

Network Load Balanced A-P Clustered



Security

eCare ‘Safe Haven’ or DMZ

Agencies

Health Care Social Care Education etc.

eCare Data

Firewall

Multi-Agency Store

Index

Matching Data

Message Logs &

Audit Data

eCare Applications(none currently)

eCare Messaging(Web Services)

External Zone

Exposed Zone

Internal Zone

Outer Perimeter

Inner Perimeter

FirewallFirewallFirewallFirewall

Framework Defences

Framework Defences(e.g. IDS, DOS, Content Inspection, Anti-Virus, etc)



GSX

Local Authority LAN

Health Board LAN

NHSnet

eCare DMZ

Option 2 – Hosted Service


Data Sharing & Standards DivisionOption 2 – Hosted Service

Local Partnership B

Local Partnership A

NHSNet

Local Authority Health Board

GSx

Local Authority Health Board

Managed Service

Firewalls

Switch

Routers

CJG



Managed Service – Re-use of infrastructure and associated costs– Improved Scalability – Improved Resiliency– Disaster recovery capabilities– Potentially higher service levels (24x7 support)– Improved Security– Risk Management– Reduced learning curve– Support staff training overheads– Simplifies future national connectivity– Partners focus on local integration issues



Local Implementation

– Locally controlled / Managed– Minimises dependency on other partnerships



Connectivity Options

• Nick Blundell – Cable & Wireless

• James MacGregor – Atos Origin



eCare presentation, Inverness 23-Nov-05

Collaboration across GSX

enabling shared eCare Service

1. Using GSX for council access

2. Using Closed-User Groups

C&W Personnel:

Nick Blundell, Client Manager

07795 254571

[email protected]

Paul Hulme, Solutions Consultant

07715494995

[email protected]



Background

GSI Central Government – RESTRICTED-HIGH

xGSI Central Government – CONFIDENTIAL-HIGH

GSX Local Authorities – RESTRICTED

GSE Public Sector Supplier (& List-X) Extranet - Up to CONFIDENTIAL

GSiThe Framework



Existing Scottish Infrastructure

West DC

East DC

DundeeCouncil

LocalAuthority 3

INTERNET

GSX MPLS VPN

Comhairle NanEilean Sar

Barnodos

OrkneyCouncil

ShetlandCouncil

NHSnetFirewall

HeaithBoard 1

HealthBoard 2

Existingcollaboration

ISCJIS -District Courts,SCRO, SCRA,Crown Office

GRoS - Births,Deaths andMarriagesEmailingpartners -

Police, NHS,DWP, HMRCSharing datapeer to peer -Caird network

SCRO -CriminalHistories



eCare collaboration in Scotland

West DC

East DC

LocalAuthority A

LocalAuthority C

INTERNET

GSX MPLS VPN

LocalAuthority B

eCare CUGBarnodos

Other nongovt partner A

Other nongovt partner

B

NHSnet

FirewallHealth

Board 1

HealthBoard 2

eCare Framework 57.65.10.21Firewall

Firewall



Collaboration using the Critical National Infrastructure

ADVANTAGES• Available immediately at no extra cost (except for

new joiners or increases in bandwidth)

• Accredited by government to carry Restricted data (NHS Confidential)

• Many to many connectivity, not just eCare

• Closed user group is a community within the secure infrastructure with its own 51.63 IP schema

• All councils comply to best practise manual of protective security

• Working within centrally organised security

• Purchase off GSi Framework

• Allows voluntary sector to join

DISADVANTAGES

• Singular cost comparison with point to point leaseline



Closed-User Group working over GSi

GSi tariff CHARGES• Establish CUG (reserve MPLS VPN):

– Setup £10,250 (one-off) – payable by CUG owner/sponsor• Attach each GSI/xGSI site to CUG:

– Setup £2,050 per site (one-off) – payable by connecting department• Terminate CUG VPN on existing GSI/xGSI router (additional LAN interface):

– Install £971, Rental £1,025/annum – payable by connecting department• Connect non-GSi organisations to CUG:

– Applicable circuit charge (install/rental) – payable by CUG owner/sponsor



Closed-User Group working over GSi

Security Assurance considerations• CUGs are separate MPLS VPNs procured using the GSi framework• The network infrastructure used for CUGs is the same as that used for GSI –

CESG Fast-track approved to EAL2 (Restricted)• CUGs are outside the jurisdiction of NISCC – effectively a private WAN• GSI/xGSI organisations joining CUGs must ensure continued compliance with

Code of Connection• If non-GSi organisations are being connected by the CUG sponsor it is

recommended that there are minimum security assurance standards mandated on the outside body.



NHSNet / N3• Managed service to support NHSNet & N3• Provides Health Board connectivity• National policy to migrate to N3• N3 – Higher bandwidth• N3 not implemented everywhere (yet) • No closed user groups (ISSG)• SSL Encryption• Initial investment connecting to N3



GSx

Managed Service

N3

Health Board 3

HTTPS

Adaptor

NHSNet

Health Board 1

HTTPS

Adaptor

Health Board 2

HTTPs

Adaptor

MessagingFramework

NHSNet / N3



Agenda


eCare Technical Workshop

Documents

Transcript of eCare Technical Workshop