Company Overview
Founded in 1956, MedicAlert^® is a nonprofit membership organization with a mission to protect and save lives. The company is headquartered in the United States and has international affiliates in nine countries.

MedicAlert services are built around a repository of health information that enables members to manage their personal health records while maintaining security, privacy and confidentiality. As the trusted third-party custodian of comprehensive personal health information, MedicAlert provides critical medical information between patients, providers, payers and first responders twenty-four hours a day, anywhere in the country. The company has more than 4 million members worldwide.

The MedicAlert repository uses Web service interfaces to support standard Electronic Health Records (EHRs) for patient record interoperability. A new service from MedicAlert, the E-HealthKEY, stores critical medical information to a USB memory stick, which customers attach to a keychain to ensure that a complete personal health record is with them at all times. Customers can view and update their personal medical information via the MedicAlert web portal or the E-HealthKey, which seamlessly sync with one another.

Services-based Medical Information Repository
Seeking greater agility and flexibility from their systems, which must interoperate with partners’ and customers’ applications, MedicAlert has implemented a services-based system that comprises approximately twenty .NET Web services. Microsoft BizTalk Server 2004 is the Process Integration and Rules Engine, while Forum Systems is used for perimeter security. To ensure the operational health and address “last-mile” security requirements for their distributed services, MedicAlert called on AmberPoint.

“The governance challenge is no easy thing,” said Jorge Mercado, Architect of MedicAlert’s Advanced Technology Group. “We needed to focus on solving the business problem and leave the management issues to the experts. As a result of bringing in AmberPoint, we were able to take the system into production 75% faster.”

Comprehensive Runtime Governance Capabilities
AmberPoint monitors system traffic to provide detailed performance metrics in real time. MedicAlert teams are able to see the performance of service and other system components from a single AmberPoint console, and can then manage governance and security policies running on all their servers.

“Thanks to AmberPoint, we’re able to see such things as the overhead of encrypting the data, or system performance during peak hours,” said Tim Freeman, Senior Developer at MedicAlert. “It enables us to fine-tune the system as we move forward.”

“We’re also able to easily understand the impact of system changes and better perform root-cause analysis,” said Freeman. “AmberPoint’s visualization capabilities provide a clear view of all the service interdependencies.”

MedicAlert also uses AmberPoint to detect, diagnose and remedy system errors. By monitoring messages flowing across the system, AmberPoint can flag unexpected conditions, such as service level violations or the number of decryptions that faulted. It alerts the appropriate personnel and can automatically remedy the issue through such actions as failing over to a back-up service.

AmberPoint also provides service virtualization, which allows MedicAlert to aggregate internal services into a single unified interface for use by outside parties. Additionally, AmberPoint enables MedicAlert to perform online upgrades seamlessly.

System Security
In light of the sensitivity of the message data, system security is paramount. MedicAlert uses AmberPoint to encrypt and decrypt messages, ensuring that unauthorized users are unable to access or tamper with customer information. By using AmberPoint’s plug-in agents that transparently reside in the same container as the managed services MedicAlert never exposes unencrypted messages on the network. They use Forum Systems for message validation and protection of Web services against external attack, such as denial of service attack. The combination of AmberPoint and Forum Systems provides an implementation that addresses both perimeter and endpoint security.

The Right Architecture for SOA
“AmberPoint had the right architecture and the features we needed,” said Mercado. “We were impressed by the way they looked at the issues of management and security, addressing things we hadn’t yet considered. Since our Web services are .NET, AmberPoint’s native support for .NET was a must-have. No other vendor offered that. We’ll benefit from their native support for J2EE as well.”

“With AmberPoint as an abstracted layer for management and security, we’re able to attain a highly adaptive application framework,” said Freeman. “We got into SOA for the flexibility of the architecture, the ability to change our applications quickly to meet new opportunities. Now we can add new services and data sources to the system without having to recode the management layer.”

Going Forward
As they continue to build-out their Service-Oriented Architecture and add new application functionality, MedicAlert looks to leverage AmberPoint for additional service level management capabilities. For example, they will soon establish more formal service level agreements for their Web services and are considering providing more finely grained levels of service as a means of bringing new business utility to the system.