Friday, September 28, 2012

Multitenancy and Healthcare Software Applications

Virtualization abstracts  the running stack and components in order to have services users to appear to run on a separate physical machine has been an earlier attempt to lower the cost of resources. In fact, virtualization has brought tremendous progresses in heath care for the development, testing and running applications during the past 10 years or so. However multitenancy goes one step further.

Multitenancy is at the core of the design of Web based applications offered as Software as a Service (SaaS). In a multitenant software application, the service offered to each client organization (e.g. in healthcare that would be a physician office, a lab, a clinic ...)  is virtually partitioned. Data and configuration are separate for each organization that use the service. This is required to ensure the confidentiality of the patient records.

In a multitenancy architecture, the same set of hardware, network resources, software stack, application code base are shared between all users of the service. As a result, SaaS applications are managed and delivered more efficiently at a lower cost.

Here is a subset of the services management tasks that can be greatly simplified by a multitenancy architecture :
  • patch deployments
  • GUI, API and platform/stack upgrades
  • data migration
  • customizations
  • customer support
  • monitoring
  • reporting
The amount of resource: hardware, network and IT staff, dedicated to a specific application is drastically reduced from a model where every organization has its own instance. In addition to this, multitenancy tends to benefit the whole user set of a particular service, since defects fixes and new features are deployed incrementally very frequently. Agile development process methodologies such as Scrum are particularly suitable for this technology since development and deployment cycles can be extremely short.

This can be critical in healthcare when several organizations such as hospitals, labs and pharmacies using the same service, need to exchange data across an Health Information Exchange or a Regional Health Information Organization). In this case, all end-points of the HIE have to use the same data format , the same protocols and security scheme. Is parts or all of the end-points are running in a multitenant architecture, then the orchestration of all end-points is facilitated greatly.  For example, every time a new service functionality is deployed available, all end-points have access to it and are compatible. Moreover, maintenance such are the provisioning and re-provisioning of user credentials and security certificates is simplified. Finally monitoring and  reporting such as meaningful use are much easier to implement and deploy.

The unified architecture and deployment topology (for development, QA testing, staging and production), makes the application cheaper to develop, deploy and maintain. In healthcare software development, it can take more than a year to acquire not only the necessary IT skills, but also knowledge of the domain.This is why it is very difficult to hire, train  and keep qualified engineers, support and administration specialists, and the demand is growing.  With a multitenancy model, more and better services can be developed and maintained with the same engineering and IT workforce. The support specialists can then refocus their efforts on solving end-users problems related to healthcare rather than pure IT infrastructure and improve customer satisfaction overall.

Further more, multitenancy provides much greater performance, scalability and maintainability as applications are generally hosted on elastic cloud infrastructures and platforms. Even though more and more vendors offer cloud based products from basic elastic resources through infrastructure as a Service (IaaS), or a full customizable development and deployment cloud based platform (PaaS), professional healthcare IT professionals are still reluctant to have their patient's records hosted on commercial public clouds. Obviously, offloading generic healthcare related services that do not contain any PHI information (e.g. ICDx, HL7, SNOMED taxonomy and terminology services) can certainly be realized from private to public cloud if needed. On the other hand, when any patient demographic information or clinical data is included, healthcare IT decision makers needs assurances that the data is always secure and the applications and processes involved are in compliance with HIPAA regulation. One minimum requirement for example is that all protected data must be encrypted at rest and in flight at all time. Other legal requirements in certain states also require that the patient's data stays within the limit of the states and this can be an issue when physical servers on public clouds can reside anywhere.

The migration of legacy single tenant applications to multitenant based services is definitively challenging and requires new paradigms (e.g. metadata driven architecture and data models, polymorphic applications), new tools and platforms and engineers and IT personnel familiar with this new model and its related technologies. Multitenancy is an essential part of the whole cloud computing market for the healthcare industry that is estimated to grow to $5.4 billion by 2017.

Multitenancy is certainly one of the most critical technologies that will drastically help improve the efficiency of healthcare, reduce cost and will be the base of business intelligence and data warehousing solutions to make better health predictions and decisions for the overall population.