At MedicAlert we have vividly seen how a Service Oriented Architecture (SOA) can enable business agility and elevate the value of the IT organization's work. Since we launched our SOA initiative two years ago, we have laid the foundation for vital new forms of collaboration with partners and accelerated the introduction of new products and services that can strengthen the business.

MedicAlert, a non-profit organization with four million members worldwide, is best known for the medical bracelets worn by our members. The bracelets let doctors and other healthcare providers know if there's a particular medical condition - such as an allergy or illness - that must be recognized in an emergency situation.

While we have provided services that protect and save lives for 50 years, we have moved more deeply into healthcare information services in recent years. We now enable members to log into our systems and manage their personal health records while maintaining security, privacy, and confidentiality. The MedicAlert repository relies on Web Service interfaces to support standard Personal Health Records (PHR), including electronic drug prescriptions and for patient record interoperability. The repository of personal health information facilitates the delivery of critical medical information between patients, providers, payers, and emergency responders around the clock and across the world.

We realized two years ago that our growth, improvement, and continued success were dependent on creating greater interoperability with other health service organizations such as hospitals, doctors' offices, labs, pharmacies, and healthcare payers. We wanted to be able to accept information from these partners and populate our members' medical records on their behalf. Unfortunately, the systems we had in place were not designed to effectively populate data in this fashion.

SOA for Interoperability
Recognizing this challenge, we embarked on an initiative to implement a services-based system. We now have approximately 20 Web Services in production - and many more in development.

We began with a bottom-up approach that enabled us to start small and get results quickly. As time progressed and business needs continued to come forth, we began to engage in more of a top-down approach to our SOA delivery strategy. More specifically, we embarked on an approach whereby both strategies would converge.

We looked at how to get our systems implemented quickly using Web Services in ways that would support our business. We were most concerned with the security and management of these services, and evaluated management tools and industry-standard security mechanisms that would meet our architectural requirements. We were able to move fast; while remaining aware of the business objectives we needed to address processes we intended to model. Ultimately, we deployed Microsoft BizTalk Server 2004 as the process integration and rules engine and AmberPoint for runtime governance and Web Services management.

Our SOA system has dramatically enhanced partner interoperability. In the past, we would have to rely on S/FTP-based solutions that would involve crawling through data and writing records directly to a database. While that may be a "classic" way of conducting this sort of activity, it wasn't a scalable one.

A better approach is to have a generalized set of services that can be offered up to these partners either directly or indirectly. While one has to be prepared to address custom requirements as necessary, the objective is now to create a scalable system and be able to wrap custom policies around the services that are produced. Our new policy engine enables us to execute different policies to accomplish a vast array of tasks in a scalable and secure way.

Runtime Governance
Runtime governance is critical to the success of any services-based system. We took a long look at our options here. Our selection of AmberPoint has enabled our architecture and infrastructure teams to concentrate on Web Services implementation and performance as opposed to the litany of low-productivity tasks that would have been necessary in its absence. Among the benefits of the "policy-based approach" that we've taken to governance are:

• Performance Metrics. We are now capable of monitoring system traffic in real-time using a single console. Detailed performance metrics help us monitor traffic volume, response times, and other key performance indicators.
• Visualization. This capability enables us to see and understand the impact of system changes and perform root-cause analyses if there are problems. Further, we can clearly see all the service interdependencies, which are visually mapped out by the software.
• Flags and Alerts. Having a system that can alert us to unexpected conditions enables us to detect, diagnose and address system errors rapidly - whether they're service level violations or faulted decryptions.
• Virtualization. Service virtualization enables us to aggregate internal services into a single, unified, composite offering for use by external parties including partners and members.

Business Agility and New Product Rollouts
One of the most compelling examples of our new business agility came when we launched our E-HealthKEY service. This service enables our members to store comprehensive personal medical information to a USB memory stick, which they then can attach to a key chain and carry with them at all times. It's a Windows-based desktop application that runs on a member's PC. The member plugs it in, the application loads up the data, and the member can manage health records on the PC - synchronizing all of his or her health data off our back-end system.

As a result of our investments in SOA and Web Services, we were able to roll this service out far more rapidly and effectively than would have been possible otherwise. E-HealthKEY consumes XML documents with the member's medical information. Orchestrations then parse that data out and route it to the right systems to update the member's medical record. This underlying support infrastructure enabled the rapid rollout of the service and has positioned us to continue introducing new ones. While present efforts have focused on managing inbound information, we will increasingly be focusing on securely distributing health information - ensuring that it's available in real-time at the clinics and labs where it's needed.

Our SOA infrastructure also lays the groundwork for others to OEM some of our offerings as Web Services. Other organizations can add our services to their own to enhance the value they bring to their customers. In this way, SOA and Web Services have brought our company and our industry partners new opportunities for growth.

It should come as no surprise that these kind of capabilities strengthen ties between IT and the business. Business leaders at MedicAlert want to be able to react more quickly and make our services more valuable. They want to bring on more members at a faster rate. Being able to respond more rapidly to business opportunities addresses their objectives - and now they realize that SOA can help the organization meet those goals.

This has changed how IT systems teams collaborate with the business. The department heads from our business development group, marketing and sales group, operations, and finance all get together when new objectives emerge. They lay out opportunities and business objectives. Typically, there are one or two representatives from the IT and the engineering side at these meetings. It's very informal. We work out feasibility, necessary resources, and timeframes.

In the past, IT often wouldn't get enough information or the right information from stakeholders to develop effective systems, as the classic requirements-gathering processes didn't work for MedicAlert. We move quickly and make decisions quickly. But we've learned to ask the right questions and get the right information to build systems that will advance the business. If you build your systems in relation to your business model, then you'll have more success with your SOA.

From a Web Services management perspective, we demonstrate our agility through rapid service rollout, versioning, and upgrades. We believe it's vital to introduce new versions of services seamlessly to build confidence in and commit to our approach. For internal services, and with a service policy engine, we dynamically re-route requests to appropriate service versions, and transform requests and responses to maintain backward and forward compatibility between clients and Web Services.

By taking this approach and having the capabilities to deliver, our architecture and infrastructure teams have developed greater confidence and respect among the company's business leaders. Our company is now investing significantly to enable us to build and enhance our services-based architecture, our systems, and our talent pool further.

What we recognize is that success for us comes down to two things: scalability and agility. We must be able to scale the processes necessary to support the business. We must also be able to help the business create and respond to opportunities in the marketplace.

We could probably do all (or most) of the things we're doing now without SOA. But it would be very difficult and it wouldn't scale. It wouldn't be agile or adaptive in the least. It would take months to carve out each solution. SOA is not, at heart, about the technology. It's about making your business more agile - about being able to seize new business opportunities rapidly.