Case Study – NHS OpenChain Conformance

Code4Health OpenChain Case Study

THE CHALLENGE

Open Source software is actively used across multiple market segments and is a proven model for enterprise level software. Open Source uses different licensing models to more traditional proprietary software, and requires a certain amount of institutional learning for effective use and adherence to compliance requirements.
Open Source compliance fundamentally relies on understanding how third party software is distributed and under what terms. The collaboration between the NHS Digital, Source Code Control and the OpenChain Project addressed these requirements via training and process adoption.

“This is another important step to bring yet further assurance to the health and care system by evidencing good governance and best practice in the development and use of opensource solutions,” says Peter Coates, Head of Ecosystem Development, and leader of NHS Digital’s support of Code4Health.

THE COLLABORATION

NHS England and NHS Digital seek sustainable digital solutions for healthcare via the Code4Health initiative. They selected Source Code Control to provide guidance around Open Source code governance. Source Code Control proposed adopting the OpenChain specification to manage Open Source supply chains and creates an environment for continuous compliance.
An initial training course was delivered to Code4Health and several SME Service providers.
Subsequently the OpenEyes EMR for Ophthalmology provided by AB EHR was selected as a pilot programme for conformance to the OpenChain Specification.

THE STAKEHOLDERS

NHS England - Health Care Provider
NHS Digital - national provider of information, data and IT systems
Code4Health - initiative to enable the best use of digital tools and technology
Source Code Control - System Training and Integrator
OpenChain Project - Originator of Training Material and Compliance Specification
AB EHR - Open Source Solution Provider
OpenEyes EMR - A Collaborative Open Source Project

BENEFITS

The OpenChain Project builds trust in Open Source by making Open Source license compliance simpler and
more consistent. The OpenChain Specification defines a core set of requirements which every quality
compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for Open
Source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. Open-
Chain Conformance allows organisations to display their adherence to these requirements. The result is that
Open Source license compliance becomes more predictable, understandable and efficient for participants of
the software supply chain.

"Community is at the heart of OpenChain as a project,” says Shane Coughlan, OpenChain Project Director. “This goes beyond the narrow confines of one industry segment or one market approach. It is about every entity that makes, uses or supports open source software. We are delighted to demonstrate this broad applicability in close partnership with organizations like AB EHR and Source Code Control.”

HIGHLIGHTS

The Open Source training provided by Source Code Control using the OpenChain Curriculum provided a simple but comprehensive introduction to the licensing and governance models involved.
Expanding this training into practical OpenChain Conformance allowed institutional knowledge to become codified into practical processes that help manage inbound software, internal usage and potential further distribution to partners and suppliers as required. The adoption of OpenChain materials can be understood as a three-step programme:

1. Initial training and education
2. Conformance analysis
3. Confirmation that all the required processes exist

Due to the open nature of the education and training material, and the cross-organisational communication inherently facilitated by Open Source, these three steps could be completed in a relatively short timeframe.

Future

The OpenChain Conformance of OpenEyes provides a strong foundation for sustainable use of the solution. Because OpenChain requires processes, it provides a foundation for quality assurance and transparency in software development. Moving forward this institutional learning can be applied to adjacent areas such as security and the adoption of third party components. This drives further improvements in the software used in medical services. It is expected that Code4Health will use OpenChain across further projects in its community supply chain, leveraging the solution as an assurance of quality in professional re-usable software solutions that can only be accomplished using Open Source software.

“Open Source software is the foundation of modern business, research and connected technology,” says Shane Coughlan, OpenChain Project Director. “The NHS has taken a leadership position in European healthcare with its approach to adoption.”

Download the full case study here:

Adobe Reader

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *