WEBVTT

00:00.000 --> 00:11.240
Okay, sure to start. So, hello. My name is Bianca. I'm going to talk about a project that

00:11.240 --> 00:16.400
has something to do with OpenSource, and that's why I'm here for. The project is called

00:16.400 --> 00:21.600
Gia Luce, which is translated to something like health department pilot. It's a software

00:21.600 --> 00:27.440
that tries to help health departments. My name is Bianca, and I'm the product owner,

00:27.440 --> 00:35.440
tech lead of this product. That's created an interesting consolation, because I work

00:35.440 --> 00:41.440
for the 100's at the city of Frankfurt, so the health department office. But we get the

00:41.440 --> 00:48.560
money from the health ministry of health in Germany, which gets the money from the health

00:48.560 --> 00:53.040
ministry of Germany, which basically gets the money from the European Union. So, basically,

00:53.120 --> 01:00.560
we have all the different levels of Paris involved, where it comes to money from who speaks

01:00.560 --> 01:07.200
to whom and who does what. So, I work for the city of Frankfurt, but we developed the software

01:07.200 --> 01:17.520
for the state of health in Germany. So, probably you ask, what do public, the most important

01:17.600 --> 01:23.680
slide here is how to get governments to do open source software. I think there's three

01:23.680 --> 01:30.000
ingredients that you need. You need someone that encourages the use of open source software

01:30.000 --> 01:37.200
inside the government. So, basically, if you're working for a government, you can be that person

01:37.200 --> 01:43.600
too. You need to have a good lawyer that has some experience for different topics like procurement,

01:43.680 --> 01:50.000
contracts, licensing, and so on and so forth. And you also need to find software providers.

01:50.000 --> 01:57.120
They want to build solutions that don't try to sell you ready-made products, because ready-made

01:57.120 --> 02:03.120
products won't work for any government software, because governments are complicated.

02:04.800 --> 02:10.080
So, you're probably going to ask, what do you public have departments do? So,

02:10.880 --> 02:16.000
in Sherman, that's the Gesundheit's Amt, and you probably know us from the pandemic. We

02:16.000 --> 02:24.240
had a people with effects machines. And, no, we do. Usually, our main goal is to protect and

02:24.240 --> 02:29.920
prove the people's health. So, the usual topics that we have are infectious diseases,

02:29.920 --> 02:38.880
like vaccinations, like hygiene, supervision. We also do, well, some probably

02:40.400 --> 02:44.960
problematic things for people, which are sexual, transmission,

02:44.960 --> 02:53.280
timisable diseases, HIV, with children of youth health. We do, for example,

02:53.280 --> 02:59.360
the school entry examinations. When children go to school, we check for their health.

02:59.360 --> 03:05.440
We also do a check-up for their dental status, and also do things like when civil

03:05.440 --> 03:11.920
service officers want to start working for the government. They get a health report that they

03:11.920 --> 03:16.720
are healthy enough to work for the government. These are things that public health departments

03:16.720 --> 03:23.680
do at least in Germany, and very important things that we're doing are statistics. We need to

03:24.080 --> 03:32.080
know based on data how good a better the health situation of the population is. So, basically,

03:32.080 --> 03:39.680
a perfect task for digital tools and software, but yeah, you knew pandemic,

03:39.680 --> 03:49.680
effects machines was a problem at least in Germany. So, we had seen, yeah, we don't really know

03:49.680 --> 03:56.320
how many COVID cases we had in a pandemic, not in real time, but we had an opportunity to get

03:56.320 --> 04:02.240
the funding from the European Union from the project next generation EU. And we already had

04:02.240 --> 04:06.400
a corporation from the health department of Frankfurt, where I worked for an administrative

04:06.400 --> 04:14.880
for socially fairs in Germany. So, that's good. We also have a lot of money, at least,

04:15.840 --> 04:21.840
for a project like this, 23 million euros. It's basically tax-pires money. It's our common

04:21.840 --> 04:26.800
money, so we try to spend it in a meaningful way. So, we say public money public code,

04:27.520 --> 04:34.080
and create open source software, not alone from my side, because I also have a second product owner,

04:34.080 --> 04:38.160
shout out to Tim, who is basically my backup for this project. We have

04:39.120 --> 04:46.480
developers inside the city of Frankfurt, one data analyst, a team of technical people,

04:47.120 --> 04:52.560
and we have, of course, support from a professional software provider up to 60 developers

04:53.600 --> 04:59.520
from the company Chrome that is located in Bond, and we had 11 software development teams

04:59.520 --> 05:06.400
to build the software itself. We also had some external security experts, that were sections,

05:06.480 --> 05:14.000
experts, accessibility experts, so up to 130 people were involved in this project at this peak.

05:14.000 --> 05:21.360
So, what were the problems and what we try to improve with open source software? Well,

05:22.080 --> 05:28.240
the thing is that Germany is a really federated state, and you cannot tell

05:28.880 --> 05:34.960
when you know how one municipality works, how the other one works even if it's close to the other.

05:35.040 --> 05:43.520
So, basically all the municipalities can choose whatever software they want, and they can basically

05:43.520 --> 05:51.840
choose what services they offer, because not all our mandatory, somehow optional, and so

05:51.840 --> 05:57.520
you realize when you're trying to build a software for entire federal state, you're going to build

05:57.520 --> 06:03.120
a software that is built on very different business modules and on very different configurations.

06:04.080 --> 06:10.480
And you're also going to build a specialist application, not something like a office

06:10.480 --> 06:17.680
office program, but the software that helps in, I don't know, the school entry

06:17.680 --> 06:26.560
examination of a school child. So, which tries to calculate things like a score in a certain

06:27.600 --> 06:32.800
rating. We also have a very high bar for the queue, the data protection, because we basically

06:32.880 --> 06:40.640
always work with medical data. Not so dangerous things are personal data, but we usually work with

06:40.640 --> 06:47.840
medical data, and we have a varying level of IT know-how in the various health departments. So,

06:47.840 --> 06:56.640
basically our software should run in 25 different municipalities, and that's a little bit interesting

06:56.640 --> 07:05.520
when you have probably one or two in two competent IT administrators, but not in all of them.

07:06.640 --> 07:10.640
So, the software should be scalable and accessible, and we had a very tight timeline,

07:10.640 --> 07:18.080
our software was developed in under one year, from start coding protection, and the interesting

07:18.080 --> 07:26.240
thing is that we decided as to control this entire project from within the administration.

07:26.400 --> 07:31.760
Usually, in Germany, it's the way like, okay, the government tries to build a software.

07:31.760 --> 07:39.520
It doesn't know what to do. So, there comes consulting with agency one that makes the concept of

07:39.520 --> 07:45.360
the software, then comes consulting agency two that does something with the concept,

07:46.160 --> 07:53.600
and in the end, it doesn't really work. So, we tried to say, let's make it completed different.

07:53.600 --> 08:01.200
We know what we want. We need someone who wants to implement this, and then we try to build

08:01.200 --> 08:09.120
better software, and I think it turned out pretty well. So, these are challenges.

08:11.440 --> 08:17.360
The concept is that we also thought about, okay, if Germany is such a federated state,

08:17.360 --> 08:23.200
let's build a federated system, because changing systems is hard, but adapting software

08:23.200 --> 08:29.840
to a working system is probably easy, we thought about. But we realized, yeah,

08:31.680 --> 08:36.000
running the software is probably a little bit complicated. So, we thought about, okay, we

08:36.720 --> 08:43.360
use a centralized cloud environment, but we built a decentralized infrastructure on the top of it.

08:43.360 --> 08:50.080
We embraced all the new, new, mass things that we should use, because of security,

08:50.080 --> 08:55.120
is zero trust, secured by design and privacy, but it's designed. I'm going to show you

08:55.120 --> 09:03.200
afterwards how we achieved some of that, and we developed this in a insect approach,

09:03.200 --> 09:09.680
and we provide all the software as software as a software to the different municipalities.

09:09.680 --> 09:14.000
So, they don't have to care about maintaining, running and updating these things,

09:14.640 --> 09:25.520
and they have just to use the software, the wages. So, what do we do? Yeah, we built a service

09:25.520 --> 09:33.920
mesh, because we have varying number of business modules, and business modules with different

09:33.920 --> 09:39.200
community from the duration in different health departments. For example, here's the health department

09:39.200 --> 09:46.880
of Frankfurt, which has his school entry module, and has his inspection module on top of a

09:46.880 --> 09:51.600
base module, all of their own key cloud instance, then we have some connection,

09:52.160 --> 09:59.840
connecting software, and we also have some other organics, like probably the health department of

09:59.840 --> 10:06.080
Weesbaden, which has probably a completely different configuration, because yeah, federalism.

10:06.400 --> 10:15.680
Health department of instance, basically looks the way the shown in this deployment view,

10:15.680 --> 10:23.200
we have different microservices or building blocks, we have a key cloud. As I am, we have

10:23.200 --> 10:28.960
different business modules for the different various use cases, like inspection,

10:28.960 --> 10:35.680
missile protection, like school entry and travel medicine, but we also have some core components for

10:36.720 --> 10:43.600
I don't know, administration of resources or inventory, and things like user management,

10:43.600 --> 10:51.920
calendar, and vines or forf. The entire application is built after the federal trust paradigm.

10:51.920 --> 10:58.560
So, we have MTLS connections, we have reverse proxies, we don't have any passwords,

10:58.560 --> 11:06.640
anymore, so we are a pass key only, and we are without any virtual networking in between.

11:07.440 --> 11:13.680
And yeah, we have also some central services to connect all these health departments to

11:13.680 --> 11:22.640
gather. So, if we want to exchange, for example, some report templates, we can exchange them from

11:22.720 --> 11:29.200
one health department to the other, and we can also exchange data for statistics,

11:29.200 --> 11:35.920
because we want to gain data from different cities and compare them how the situation of the

11:35.920 --> 11:44.800
health of the population is in the entire federal state or in entire country. So, I also told you

11:44.800 --> 11:49.520
about security and privacy by the design, how do we achieve that? Here's an example that we're

11:49.600 --> 11:59.600
using for a concept called central file. You probably can think about that we have a lot of

11:59.600 --> 12:08.000
personal data, different addresses of people, different spelling of names and so on. So, we have

12:08.000 --> 12:15.920
a centralized base data like the address and the name, but we have completely separated business

12:15.920 --> 12:26.640
modules with the real medical data. So, we have divided these data in different microservices

12:26.640 --> 12:36.240
or modules, and so we have the opportunity to use this real-use the data, but to create completely

12:36.240 --> 12:42.800
different separate identify for all the different reasons the people were at the health department.

12:42.800 --> 12:48.640
So, we have no unique identify across the entire system. So, we do not know if you were here,

12:48.640 --> 12:55.200
we're at a healthy partner for a skill entry examination that you probably have been here

12:55.200 --> 13:03.680
for an examination. So, we are completely divided into different modules and we have put it

13:03.680 --> 13:12.800
work into the entire architecture. All right. So, that's the technology. It's a lot of technology

13:12.800 --> 13:23.600
that we have to orchestrate. We run on Kubernetes on top of OpenShift. We have up to 21 modules

13:23.600 --> 13:30.080
for a healthy partner in the service mesh, and we also have completely separated database

13:30.080 --> 13:34.800
instances, which is very interesting for our data protection officers, because they're happy

13:34.800 --> 13:43.680
because nothing is mixed, and they're quite happy with it. So, what are other things to we have?

13:43.680 --> 13:48.640
Well, we have for the user sessions some redness. We have three different reverse

13:48.640 --> 13:56.240
process, because we have three different target groups. We have the employees of the health department.

13:56.240 --> 14:04.000
We have a portal for the citizens, and we have the administration of the user data. So, I have

14:05.040 --> 14:10.720
told you some theory about it. I'm going to show you how it looks like and what it is.

14:12.240 --> 14:17.040
These are German screenshots, but I explained it shortly, what it is. It's basically

14:17.600 --> 14:24.400
yeah, a web application. So, this is basically the dashboard, the starting page for the

14:24.480 --> 14:30.320
employees in the administration. They are seeing what they have worked on. If they have some

14:30.320 --> 14:38.800
task that they should fulfill, then I told you that it's a specialist application or that it's

14:38.800 --> 14:48.800
more than one specialist application. This is a form for an socio-pediatric development screening.

14:49.440 --> 15:00.640
It tries to rate how good a batch compared to other children, a child is good in

15:00.640 --> 15:09.040
jumping over a rope. These are things that are medically rated. You'll see a lot of data,

15:09.040 --> 15:17.760
but the most important thing about it is that we then give the parents some recommendations

15:17.760 --> 15:22.320
when they sent a child to school, that they should probably check with a

15:24.800 --> 15:32.400
with a doctor for specific reasons. So, this is what comes out of these applications, and we also

15:32.400 --> 15:40.400
create all the different documents directly in the application. What you also do, we do a lot of

15:40.400 --> 15:48.080
statistics. So, basically, we have even getting a short overview over what is happening in my

15:48.880 --> 15:57.680
health department is quite challenging for some governments. So, we built a good overview

15:57.680 --> 16:02.800
what is happening right now, and what we are also doing is we do a lot of statistics.

16:03.520 --> 16:11.840
Therefore, we also have integrated some usable way of creating statistics. Not in a way

16:11.840 --> 16:19.840
like you have to build a scale query where some people then need to be database experts,

16:19.840 --> 16:27.200
but we have built a really usable interface for creating statistics, creating graphics,

16:27.280 --> 16:35.200
comparing graphics to each other, and this is probably the most sophisticated type of visualization

16:35.200 --> 16:43.440
that we have is a chloropathemath to highlight in what region a specific value is high or low compared

16:43.440 --> 16:48.800
to other regions of probably the city of Frankfurt, because this is the city of Frankfurt,

16:48.800 --> 16:56.320
but you could also compare it to other regions of the federal state and so on. So, that's basically

16:56.320 --> 17:05.760
important to realize if there's some health issue evolving that is specific to a specific region

17:05.760 --> 17:15.920
of a city or federal state, and we have created a usable fast interface to create these

17:17.440 --> 17:23.120
these evaluations very fast, because it's basically the daily business in health departments,

17:23.280 --> 17:27.280
but right now they are doing like a kid and need to make an extra file,

17:27.280 --> 17:34.320
they need to do it all by hand, so we build in my web interface. What we also did, we

17:35.680 --> 17:42.240
build some citizen services, so here's a service where you can change an appointment,

17:42.240 --> 17:48.080
we send you an appointment, you probably don't have to time at this time, so you can change the

17:48.080 --> 17:55.920
appointment, you can also send us some data before you appointment, basically some basic information

17:55.920 --> 18:02.720
that we need from you, and so the things that you would expect from a normal digital evolved

18:04.160 --> 18:11.360
government, yeah, we're working on it in Germany, let's say at least, and yeah,

18:11.760 --> 18:20.560
what also do we have? We are integrating matrix for every health department, every health department

18:20.560 --> 18:28.800
gets its own home server, it's also integrated, we are single sign-on with P-clock, and we are

18:28.800 --> 18:38.000
every ever, we are checking for deeper use cases of integration, for example, talking to other

18:38.000 --> 18:44.160
doctors in other regions of the health care system in Germany, because the health departments

18:44.160 --> 18:52.800
are just a part of the health care systems, this system, and we are also in the process of getting

18:52.800 --> 19:00.240
available, we are integrated as the official TI messenger built on top of the spec of the

19:00.240 --> 19:10.640
schematic which is responsible for the digital health care system in Germany, that is one part,

19:10.640 --> 19:18.240
we also do some technological experimental things right now, because we are thinking about

19:19.040 --> 19:25.200
we have built a very decentralized federated system with a very strict

19:25.200 --> 19:34.320
distribution of data in different data bases, and now we probably have the use case to link

19:34.320 --> 19:46.000
the data together, so we teamed up with the project Atlas to try to evaluate things like

19:46.320 --> 19:53.520
multi-public computation, because we are basically really good in having separate databases

19:53.520 --> 20:04.640
that we can connect on our infrastructure, but probably we don't want to throw all the data

20:04.640 --> 20:14.080
into more data lakes, so we thought about how about to use this concept, all right, so

20:14.480 --> 20:23.600
I'm going to leave you with probably the question, what license do we choose? We are

20:24.320 --> 20:30.400
the base components are very permissive, they are Apache 2, we also have some business modules

20:30.400 --> 20:38.400
which are HEPL, we free, because of the reason the market for public health stuff in Germany is

20:38.400 --> 20:46.800
very, has very many proprietary vendors, so we don't want to give them the opportunity to sell

20:46.800 --> 20:54.640
all software, but we wanted to give the government opportunity to build new business modules, new

20:54.640 --> 21:04.320
specialists, special list applications on top of our stack, and that's our stack, and I leave

21:04.320 --> 21:10.880
you with the QR quotes from the code of open code, but I go and hand over into the questions,

21:12.640 --> 21:24.640
because I think we have three minutes left, right, yes, thank you very much for the thought,

21:24.640 --> 21:32.640
there are two questions that actually you have, so did you deploy in your ex-designer and do

21:32.640 --> 21:38.720
some user acceptance on your ex, and the second question is, how is the plumbing once the

21:38.720 --> 21:45.440
EU money is found out? Yeah, so I will repeat the question, so the first question was, what

21:45.440 --> 21:53.360
is about your ex research, and the second question was, what is about funding when the EU funding

21:53.360 --> 22:00.480
runs out, so we have an entire EU ex team in the development team, and we also do a very

22:00.480 --> 22:08.960
user-centric requirements engineering, so we always have some specific meeting to kick off

22:08.960 --> 22:18.880
and business module, then we have a normal HR development process with two weeks, two weeks

22:19.440 --> 22:25.440
and so what you would expect from normal digital product development, but it's probably

22:25.440 --> 22:33.200
renewed for government software, and for the funding thing we have a good news, because

22:34.960 --> 22:40.640
the software was planned as a software for one federal state only, so, but now we are realized

22:40.640 --> 22:46.160
that the very year which is weird when you know how Germany is divided into different

22:47.120 --> 22:53.120
federal states, because participates in this platform and builds a new business module on top

22:53.120 --> 23:00.080
of our software, so they're paying for that, and we also in the process that we have realized,

23:00.080 --> 23:06.560
okay, they have something we want to integrate, and we are right now in talks with I think about

23:06.560 --> 23:14.880
one third of Germany in reusing the software, so the chances are quite high that the software

23:14.960 --> 23:28.960
will survive, next question, yeah, what would the hardest challenges for you on the project,

23:28.960 --> 23:34.640
and if you're starting today, what would you do? I think the hardest challenge,

23:34.640 --> 23:39.760
what are the hardest challenges in the project and what would I do differently, when I would start again,

23:40.640 --> 23:54.320
I think, that's a hard question, no, I think I'm probably a tough person that tries to get

23:57.360 --> 24:04.080
when I want something, then I get something, that's not good for a government, because the governments

24:04.960 --> 24:17.520
are not in the right way for having people which also, yeah, so tough in talking about things,

24:17.520 --> 24:26.960
but I think what I would do differently is getting more federal states in the beginning in the process,

24:26.960 --> 24:33.200
but not too many, because the problem in Germany is that you can have too much discussion about

24:33.280 --> 24:39.280
things, but starting with probably one or two or three from the beginning is probably a good

24:39.280 --> 24:47.520
basis to have a really stable funding and background for support, the problem in Germany is that we

24:47.520 --> 24:56.800
always try to discuss with 16 states and the country level and then we have too much discussion,

24:56.800 --> 25:05.920
but I think from when you start with a bigger base, it's probably the easier,

25:07.840 --> 25:13.600
yeah, next question, I think we have one minute left, yes,

25:13.680 --> 25:19.680
can we let you complete it in this row, but in somehow, when I think you're a better person,

25:19.680 --> 25:25.120
I think you're a better space for this level of interaction, could you repeat that?

25:25.120 --> 25:28.880
Can you open a hell of better space when I can somehow hold this?

25:28.880 --> 25:34.960
Oh, okay, there was the question, if there's the connection to European health data space,

25:35.520 --> 25:43.680
and the interesting thing about European health data space is that we would be able to

25:43.680 --> 25:49.920
be a primary use case and from being the primary use case, we put it into the infrastructure

25:49.920 --> 25:56.240
of the European health data space, but right now we are not really connected to the German

25:56.240 --> 26:01.360
electronic health care record and so on and so forth, and so it will take some time,

26:01.360 --> 26:07.680
probably be. All right, so