DEPENDABLE

SYSTEMS
FOR QUALITY CARE
 SYSTEM
RELIABILITY

SAFETY AVAILABILITY

DEPENDABIL
ITY
RESPONSIV CONFIDENTIALI
ENESS TY

DATA
INTEGRITY
DEPENDABILITY
 HOLISTIC measurement of the extent to which
a system can justifiably be relied on to deliver
the services expected of it
 always in a PROGRESSION rather than
RETROGRESSION
ATTRIBUTES OF DEPENDABILITY

ATTRIBUTE DESCRIPTION
System reliability system consistently
behaves in the same
way
Service availability required services are
present and usable
when they are needed

Confidentiality sensitive information

is disclosed only to
ATTRIBUTES OF DEPENDABILITY

ATTRIBUTE DESCRIPTION
Data integrity Data are not
corrupted or
destroyed
Responsiveness The system responds
to user input within an
expected and
acceptable time
period

Safety the system does not

WHAT IF SOME OR MOST OF THE
ATTRIBUTES FOR DEPENDABILITY
ARE MISSING???

DEPENDABILITY ISSUES
ARISE…
DEPENDABILITY ISSUES
 CareGroup catastrophe (2003)
 Worm attack at Covenant Health
 Power outage at Kaiser Permanente
 Blaster and SoBig worm attacks
WHAT IS THEN THE SOLUTION
FOR
THESE ISSUES?

ANSWER: GUIDELINES FOR

DEPENDABILITY
DEPENDABLE SYSTEMS
GUIDELINES
 Guideline 1: Dependability Architecture

 Guideline 2: Anticipate Failures

 Guideline 3: Anticipate Success

 Guideline 4: Hire Meticulous Managers

 Guideline 5: Don’t Be Adventurous

GUIDELINE ARCHITECT FOR
1 DEPENDABILITY
SIMPLIFIED, INTEGRATED STRUCTURE AND
YET, NO-SINGLE DEPENDABILITY

 “No critical component is dependent on a

component less trustworthy than itself” (Fig. 15.1)
– CREATION FROM BOTTOM-UP
 Security and safety services are only as
dependable as the operating systems, networks,
and other system services on which they depend
GUIDELINE ARCHITECT FOR
1 DEPENDABILITY
 Vulnerabilities from the bottom structure will
create a domino effect
 No single component should be capable of
bringing the system down should that
component fail
GUIDELINE
2
ANTICIPATE FAILURES

↑COMPLEXITY → ↑VULNERABILITY

 “Design flaws increase in proportion to the

increasing complexity and speed of the
processors (Moor’s Law)”
 This vulnerability makes the system prone to
malicious softwares (malwares)
GUIDELINE
2
ANTICIPATE FAILURES

 Availability of fail-safe options, fault detector

softwares, anti-malware and backup recovery
programs
 Application-specific features should be
implemented
 Safety-critical systems should be designed and
built to fail in a SAFE state
GUIDELINE
3
ANTICIPATE SUCCESS

 The systems planning process should anticipate

business success---and the consequential need
for larger networks, more systems, new
applications, and additional integration
E.g. Use-case scenarios that anticipate hospital and
clinic mergers, acquisitions, and a growing
patient/customer base
 It enhances future planning and possible

integration
GUIDELINE HIRE METICULOUS
4 MANAGERS
 Hiring individuals who are good FORECASTERS
- who know that failures will occur and accept that
failures are most likely to occur when they are
least expected

 Applying good managerial skills in managing and

monitoring the system and network performance,
managing the workload, and practicing good
decision-making skills
GUIDELINE
5
DON’T BE ADVENTUROUS

PROVEN = BEST → SUCCESS

 USE ONLY the PROVEN methods, tools,

technologies, and products that have been in
production, under conditions, and at a scale
similar to the intended environment
IF THE HEALTH CARE SYSTEMS
ARE TO BE EXAMINED,

WILL THE SYSTEMS BE

DEPENDABLE?
ASSESSING THE
HEALTHCARE INDUSTRY

OBSERVATIONS OF DEPENDABILITY IN
HEALTH SYSTEMS
GUIDELIN GRADE
E1
ARCHITECTURE D

Healthcare HIPAA security

organizations regulation:
compose their Security mgmt.
systems from the top Secured responsibility
down Information access
Selection of users mgmt.
Security awareness
interface → IT
and training
analyst-vendor Security incident
negotiation → procedures
production Contingency planning
Isolated, complex Evaluation
departmental Business associate
GUIDELINE ANTICIPATE GRADE
2 FAILURES D

Commercial, clinical FDA Improvement

software applications are in the reporting
NOT subject to FDA
system and
certification or any other
type of certification development of
Complex architecture procedures and
further increases failures, guidelines specific
and may lead to loss of for software
human life
e.g. Therac-25 failure
PC’s that connect to the
enterprise network from
outside serve as channels
for transporting malicious
GUIDELINE ANTICIPATE GRADE
3 SUCCESS C

Healthcare
organizations expect
their software
applications,
computer systems,
 Sharing the
and networks to experience to other
work organizations by
However, they do the CIO of
not foresee that theirCareGroup
success may increase
need for processing
power and
GUIDELIN IT GRADE
E4 MANAGEMENT C

Health care organizations may hire

IT managers who may understand
the healthcare business, but may not
understand the fragile nature of IT or
the importance of the Guideline 1
(Architecture) for dependability,
leading to LOOSE composites of
departmental systems
Very low investment in IT (2%) and
subsequent meager budget for IT
GUIDELINE ADVENTUROUS GRADE
5 TECHNOLOGY C

Historically: Fallback:
clinician’s Wireless potential
resiliency to of broadcasting vital
change sensitive data to
Today: More enterprises
Handheld devices –
adventurous
weak authentication,
approaches to
no separation of
health care
execution domain,
e.g. wireless weak encryption,
networking, vulnerability to