Monday, December 31, 2007

My New Year's resolutions

It's the time of year to synthesize the lessons learned from the past year and think about new approaches for the coming year. Remember - the definition of "insanity" is doing the same thing in the same way and expecting a different result. Here are my 2008 New Year's resolutions:

We're implementing a $4 million hosted electronic health record solution for our non-owned doctors, subsidizing 85% of the start-up costs for clinician offices. The effort involves collaborating with several vendor and implementation partners (I'll provide all the details in an upcoming post). Only by subsidizing costs, providing the resources to transform practices from paper to electronic workflow, and supporting clinicians post go live can we reduce the barriers to adopting electronic health records. My resolution is to reduce the total cost of implementing an EHR for private doctor's offices from the historical average of $40,000-60,000 to $25,000 per physician.

Over the past 10 years, I've been able to centralize all infrastructure purchases and support, phasing out most departmental IT spending. Currently we have just a few applications that are managed by departments. Over the next year I want to align the change management and communications processes for all applications, including those maintained by departments, with IT standard processes. My resolution is to create an ecosystem of change management processes followed by all.

Although we have strong governance processes, there are occasional projects that engage IT at the 11th hour, imposing unrealistic deadlines for phone, network, and desktop support. My resolution is to develop and widely communicate guidelines to all stakeholders imposing a 90 day notification period on opening new locations needing network, telecom, and desktop support.

The Dean's strategic planning process is likely to create a demand for more collaboration tools. We'll migrate from Web 1.0 tools that focused on content management to Web 2.0 tools that focus on collaboration among users from many Harvard affiliated organizations. Another aspect of this is providing the tools to locate people, equipment and knowledge - call it a matchmaking service for 18,000 faculty. Maybe Harvard's version of for science? My resolution is evolve our web frameworks to meet the needs of next generation collaboration.

My IT budget administrator is transitioning to another HMS position on January 4 and I would like to recast the position as the Business Manager of IT, producing all the data needed to make most IT purchases an annuity i.e. a desktop with a 4 year life results in operating budgets to replace 1/4 of all desktops each year. Even new FTEs can be algorithmically linked to growth in demand for support, storage, and high performance computing. My resolution is to create a highly predictable, data driven annual budget process.

The current scope of IT services at Harvard is infrastructure support (desktop, server, network, storage) and enterprise applications. However, we do not have the staff to support ad hoc web design, assist researchers with database creation or coordinate niche application programming in support of grants. My resolution is to extend the scope of IT services to include the application support that will empower researchers to get new grants which include innovative IT methods.

The Massachusetts Regional Health Information Organization (RHIO) provides Health Information Exchange services for e-Prescribing and secure clinical data sharing in Massachusetts. My resolution is to expand the number of hospitals, clinicians, and payers connected to this infrastructure.

The New England Health EDI Network, a regional financial data exchange, connects payers and providers with 100 million transactions per year. Over the the past year we've worked to make this advanced IT system available to every doctor in the state, even small solo practitioner offices. My resolution is to increase the number of small community practices using this technology.

The Healthcare Information Technology Standards Panel has harmonized electronic data standards for 3 use cases in 2006, 5 use cases in 2007 and has been assigned 6 use cases for 2008. My resolution is to harmonize standards for consumer healthcare devices, remote consultation, referral management, the genome/family history, public health case reporting and immunizations by October 2008.

Since a blog can be a personal glimpse into the life of the author, here are my personal resolutions:
  • Donate 10% of my income to fund technology for those on the other side of the digital divide
  • Continue to reduce my carbon footprint by
    1. Eating regionally grown vegan foods, freshly prepared each day, eliminating the need for wasteful packaging
    2. Reducing my airline travel by 20%
    3. Consuming less by reusing, recycling, and renewing - the end result being less churn of my belongings
  • Take walks with my wife and daughter (the picture above) through a local forest three times per week
  • Play a Japanese flute concert on the top of Eichorn Pinnacle in Yosemite
I look forward to a great 2008 with all my staff, my customers, and the industry. A toast to all of you!

IT Governance

One of the most important steps a CIO can take to ensure alignment of IT with the business strategy of the organization is to create robust governance committees. It's also the best way for a CIO to satisfy customers, respond to the tyranny of the urgent, and keep the CIO employed!

I've mentioned governance issues in several previous posts:
Time Scope and Resources

How to Say No
Tyranny of the Urgent
It's not a Job it's a Lifestyle

In the interest of transparency, I'd like to describe my governance successes and failures plus my 2008 plans for IT governance.

At Beth Israel Deaconesss, I have committees for each of my major groups of IT customers:
  • Laboratory Information Systems co-chaired by the Senior Vice President (SVP) for Operations and the Chief of Pathology (an MD)
  • Radiology Information Systems co-chaired by the SVP for Operations and the Chief of Radiology (an MD)
  • Critical Care Information Systems chaired by the Director Trauma, Anesthesia and Critical Care (an MD)
  • Inpatient Information Systems (includes Provider Order Entry) chaired by the Senior Director of Clinical Resource Management (an MD)
  • Ambulatory Information Systems chaired by the SVP of Ambulatory & Emergency Services (an RN)
  • Health Information Management Information Systems chaired by the Director of the Hospital Medicine Program (an MD)
  • Community Information Systems chaired by the Executive Director of the Physician's Organization and the SVP for Network Development (an MD)
  • Decision Support Steering Committee chaired by the Director of Business Planning & Decision Support and the SVP forHealthcare Quality (an MD)
  • Enterprise Resource Planning (ERP) Information Systems chaired by the Director of Business Services and the Controller
  • Revenue Cycle Information Systems chaired by the Chief Financial Officer
This structure worked very well for the past 10 years, ensuring that each application had a lifecycle prioritized by the clinicians and not the IT department. However, in 2007, we needed to make a change. As BIDMC grew into a 1.2 billion dollar organization, an emphasis was placed on achieving an operating margin which would yield the capital budgets needed for expansion. This meant that IT budgets did not grow at the same pace as the clinical budgets and led to competition for IT resources among my governance committees. Existing governance committees set the right priorities within each business area, but we did not have a governance construct to set priorities among all the business areas. Thus, we created an overall IT Steering Committee comprised of the chairs of each of the existing governance committees. The terms of reference for this new committee are here.

At Harvard Medical School (HMS), I also have committees for each of my major groups of IT customers:
  • Administrative Information Technology chaired by the Executive Dean for Administration
  • Educational Applications Committee chaired by the Executive Director of Curriculum Programs
  • Research Information Technology chaired by the Director of the Research Information Technology Group
Like BIDMC, these three committees functioned very well over the past 5 years to ensure priorities were set within the domains of the three core businesses of HMS - research, teaching and administration. A new Dean of HMS took office on September 4, 2007 and launched a strategic planning process. The result of this process could be a substantially broader scope for IT, requiring new resources and scalability. Depending on the outcome of the planning processes, IT governance may need to be revised. Harvard University just completed a governance audit of IT departments and the following are the unedited conclusions about Harvard Medical School:

"A school-wide committee overseeing coordination of IT resources among HMS’ three primary business groups does not exist. HMS has functioned as three core businesses: research, education and administration. HMS IT has established governance processes for each of these three businesses which have led to a high degree of customer satisfaction.

As the new HMS strategic planning process creates new projects and stakeholders, the individual governance committees will evolve to align with the new strategic needs, including the creation of a school-wide IT Steering Committee if appropriate. There is a risk that IT resources could be allocated inequitably among the three core businesses and decisions made without the involvement of key business stakeholders.

The HMS CIO will participate in HMS strategic planning, identifying and documenting governance requirements and school-wide committee needs to ensure appropriate allocation and prioritization of IT resources by May 1, 2008. "

Thus, there may be a need for an overall IT Steering Committee at HMS. Bigger committees are not always better committees and creating a committee to objectively balance the heterogeneous needs of research, education and administration will be challenging. However, I'm very willing to do it if the demand for resources by any one group of customers significantly conflicts with the requirements of other customers.

A few lessons learned from the governance experience above:

In a hospital, it is key that clinicians (MDs and RNs) run the IT governance committees. You'll note that I do not chair any committee other than serving as co-chair of the overall steering committee. My role in that committee is a facilitator only and I do not vote on priority setting.

It's very important to have governance committees that are focused enough to really grasp the details of stakeholders needs. It may appear that I have too many governance committees, but this is the parsimonious number required to ensure that priorities are set at the application level.

Governance must evolve with the needs of the business. I am a servant of the organizations which employ me and I do not have an agenda of my own. Hence I will gladly change governance as needed to be maximally responsive to changes in the business environment around me.

I want to thank the Harvard Risk Management and Audit Services for their work this Fall which truly enabled me to evaluate the effectiveness of all my IT governance groups.

Thursday, December 27, 2007

Cool Technology of the Week

Over the past 2 months, I've been evaluating technologies to support flexible work arrangements such as working from home. I've tried MSN messaging, Yahoo IM, AOL AIM, Second Life, Wikis, Blogs, Facebook and Webex. Each one of these sites required me to establish a new user account. To be honest, I cannot remember which username and password is used with which site. OpenID is the cool technology of the week that can help solve this mess by creating "single sign on" across many vendor products.

The idea is simple - a web site serves as a trusted site for OpenID credentials. Other websites then trust this site, using it to authenticate users via simple well known internet standards ((URI, HTTP, SSL, Diffie-Hellman). By using OpenID, websites such as AOL, Technorati, Blogger, and Plaxo make it easy to signup and login, empowering users with one credential for all their instant messaging, blogging and social networking needs. The complete directory of all internet applications which support open ID is here. It's estimated that there are over 160-million OpenID users with nearly ten-thousand sites supporting OpenID logins.

There are caveats. Anyone can sign up to be a source of OpenIDs, so an unsuspecting user may sign up for credentials on an inscrutable site. Once their OpenID credentials are known, they could be used to by a hacker to break into banking or other sites not specifically OpenID enabled, since most users tend to reuse similar credentials at every site they access. There is no concept of certifying an OpenID provider or running a criminal record information check on folks who operate OpenID sites.

That being said, the OpenID, is certainly useful for those sites where security and identity pose little risk such as social networking and informational web sites. Also, OpenID could be very useful for intranets, where the provider of the OpenID is the institution itself and users then use OpenID to access applications running within the institution. In my next revision of the Harvard portal called eCommons, I will support OpenID as a means of linking together all the various domain credentials used in the Harvard environment.

In my opinion, the internet will eventually move to the concept of federated trust for authentication such as OpenID. OpenID will become even more powerful and useful when there is a credentialing mechanism to certify providers are trustworthy.

Wednesday, December 26, 2007

It's all about workflow

On occasion, the business owners I serve suggest that new software will solve all their workflow problems. Time and time again, we learn that it's not the software that really matters, but good processes. Automating a broken workflow does not achieve a positive result. Re-engineering workflow, then automating it, results in a successful project for everyone.

Since it's the day after Christmas and many people are rushing to malls for after Christmas sales and returns, here's a seasonal tale of my recent experience with workflow from an IT perspective.

My wife asked me to return a few holiday items to Target. They had an efficient queuing system set up to enable four clerks to serve a well ordered line. The process is simple - hand the receipt to the clerk, then hand the items to the clerk. Each receipt is archived for 90 days and has a unique bar code at the top. The clerks do not need to read the receipt, they simply scan the bar code and all the items are retrieved into a local cache. The clerk then scans each returned item and it is checked against the local cache for price, verification of purchase, and the fact that it has not already been returned previously. This prevents fraudulent return of items not purchased from Target. Most importantly, Target has decided that this verification workflow is all that is needed to return an item. No manager/supervisor approval is needed, no key is used to open a register and no credit card is needed. All returns are automatically credited against whatever method of payment was used for the original purchase. By empowering the clerks to process returns this way, the customers are very satisfied, no manual keying of data is needed so accuracy is high, and I'm motivated to buy again from Target, knowing that I can easily return anything I purchase.

My wife also asked me to return 10 extra towels/linens to Bed, Bath, and Beyond. As I entered the store it was clear that the workflow was broken. I found no orderly queue and unclear responsibilities as to who provides specific customer services. I found a very helpful enthusiastic employee who began to manually match the 16 digit bar codes on my receipt with the bar codes on each towel to verify that I had the correct receipt. Once she manually circled each bar code and initialed them, she then scanned them into the register. She was not empowered to actually process any return transaction, so after 20 minutes of manual paperwork she then paged a manager. The manager was busy so he suggested the supervisor, who was busy ringing up new sales. After trying to interrupt the supervision unsuccessfully, it was clear that another page to the manager was necessary. This time, the manager responded, reviewed the bar codes on each of the towels again, checking the receipt again, then inserting a key in the register to enable a return. I then was asked to produce the original credit card used so that it could be credited. Luckily I had a copy of my wife's Visa card with me. Finally, after 30 minutes, 3 people and manual paperwork, my 10 towels were credited and the $50 dollars was placed back on my credit card. I'm reluctant to purchase from Bed, Bath, and Beyond again, since I know any return will take more of my time than I have available. Considering the time and gas involved, it would have actually been more cost effective to donate the towels to a worthy cause. The very nice folks at Bed, Bath, and Beyond said that IT was working on a software solution for 2008. Let's hope they re-engineer the workflow first to empower clerks to process returns!

So next time you're told that software will solve the customer's business process problems, be sure to study the workflow first!

Safe Wireless Practices

Many of us consider wireless devices to be enablers that make our jobs possible. I'm a Blackberry Advocate, carrying my 8707G or 8820 from the Board room to the top of Mt. Fuji.

However, are wireless devices safe to use in hospitals? Many hospitals have signs "Turn off your cell phone" posted at their entrances. When I recently visited Addenbrookes hospital in Cambridge, UK, a cell phone detector picked up my wireless devices as I entered the hospital and I was asked to power them down.

There are anecdotal stores about wireless devices causing cardiac monitors to display inaccurate waveforms, IV pumps to discharge their medications, and even ventilators to malfunction. Many of these reports are linked to very high power radios such as 5 watt security walkie-talkies and not the lower power digital cell phones we use today.

In 2001, I assembled 100 bioengineers to review the question of safety of wifi/cellular/bluetooth technologies in hospitals. The policy we issued is here, concluding that the heat and radio power experienced by patients 36 inches from a modern digital device is biologically insignificant. Since 2002, we've allowed all modern digital devices in our hospital as long as the 36 inch rule is followed. We do not allow patient families to use random wireless devices in critical care units, since we do not know what kind of device they may have and we cannot reasonably inspect every device they own. It's possible that a family member could have an old analog phone or walkie talkie that could broadcast sigificant electromagnetic interference. Feel free to use these policies in your hospital if they are useful to you.

Although the 36 inch rule works well for patients, we have not yet answered what happens when you keep laptop with wifi sitting over your reproductive organs for hours every day. What happens when you keep a cell phone transmitter against your ear for hours? Is it better to use a bluetooth headset with your phone to minimize heating and radio effects on brain tissue? Of course, that generally means your phone is strapped to your belt which puts the signal close to reproductive tissues.

I do not have the answers to any of these questions and the evidence from the literature that cell phones/wireless placed close to the body cause side effects is inconclusive. Recently, an engineer at Los Alamos sent me a link to the Bioinitiative, which is a consortium investigating possible long term effects of all the signals around us. Many studies have concluded safety, but as the radio signals around us increase there may be a reason to enforce some limits so that we do not all become saturated. In the meantime, I recommend moderation. In my Prius, my cell phone bonds to the car via bluetooth and I keep the phone 3 feet from my body. I use wired connections with my laptop when possible. I generally use my mobile devices for data communications which transmit in short bursts rather than voice which is a continuous signal. A balanced use of wireless, while research continues into long term effects works for me.

Tuesday, December 25, 2007

Happy Holidays to All

Just as Thanksgiving is an introspective time for me, the Holiday season is a time I look back on the year and reflect on all the good things that have happened.

In 2007:

At BIDMC, IS and clinicians came together in the midst of the Joint Commission visit to create some of the most innovative medication reconciliation and e-prescribing functionality in the country. We've had 99.9% uptime of our infrastructure. All our application and infrastructure vendor relationships are strong. We're working well with all our customers and among all our IS teams.

At Harvard, a new Dean has arrived and the Dean's strategic planning process is proceeding successfully. We've opened a new data center, created a new vision for collaboration tools among all the stakeholders in the Harvard community, and we've had 99.9% uptime of our infrastructure.

At NEHEN, we're made administrative data sharing among payers and providers available to every clinician in the state.

At MA-Share, we've created an e-prescribing and continuity of care document health information exchange for the state.

At HITSP, we've harmonized standards for electronic health records, personal health records, labs, medications, quality and public health.

Personally, I've flown 166 times without losing my sanity or optimism. My wife and daughter are happy and healthy. My Japanese flute playing is progressing and I've climbed many of the classic rock and ice climbs in New England.

All of this would not have been possible without the thousands of people who gave so much of their time, support and enthusiasm to make 2007 a remarkable success.

Thank you to my family, friends, and colleagues at CareGroup, Harvard, NEHEN, MA-Share, HITSP and the IT industry. You're making the world of healthcare better for everyone.

The holidays are about celebrating the good, highlighting the spiritual, and forgetting the stress of the rest of the year whenever possible. So, revel in best characteristics of your personal and work life, turn off the email/pager/cellphone for a few hours, and recharge your batteries. 2007 may have had its ups and downs, but we've moved forward in so many positive ways that you can be completely satisfied with a job well done.

Friday, December 21, 2007

The Weather Outside is Frightful

Since many people outside of New England read this blog, you may want to know what I do for fun at this time of year. It's around zero degrees with 25mph winds on Mt. Washington in the White Mountains, so it's time for a stroll.

There are 48 mountains over 4000 feet in New Hampshire, so for fun, I climb each of them in the winter. Hikes range from 7 miles up Mt. Tecumseh to 26 miles up Mt. Bond. The rules of winter hiking require that it must take place between the winter solstice (Dec 21/22) and the Spring equinox (March 20/21) in order to count as a winter ascent. Snow drifts can be 6 feet deep, ice covers every rock up to a foot thick and waterfalls become solid and climbable. Temperatures vary from +20 to -20F. Wind speeds can gust to 70mph. Windchills of -40F are not unusual. At -40F, the battery life of a Blackberry is 2 minutes (I thought you'd want to know), exposed skin lasts about 3 minutes and eyeballs freeze solid. But, there is no such thing as bad weather, just bad planning.

Here's a few photos to put you in the New England Holiday spirit

Ice Climbing the Frankenstein Cliffs in Crawford Notch

Feeding a hungry Grey Jay on Mt. Wiley

Lonesome Lake on Mt. Kinsman

Life at -40F

Happy Holidays from the land of ice and snow!

Thursday, December 20, 2007

Cool Technology of the Week

Over the past year, High Definition Television (HDTV) has gained market momentum and many households are eliminating the last generation of video technologies. The combination of LCD HDTV, digital camcorders, and computer-based video editing software is truly a cool technology.

Figuring out what to buy is challenging. My household has a Sharp Aquos 46" LCD television (2006), a Sony DCR-HC40 MiniDV Camcorder (2005), and an iMac 20" running iMovie (2007)

If you are buying a suite of tools today, here are my recommendations:

HDTV - you want well-defined blacks, a wide viewing angle, and 1080p resolution. I recommend the Sharp Aquos or Sony Bravia that fits your wall and your budget.

Camcorder - you want one that can work easily with computer-based editing tools such as Apple's iMovie or Final Cut Pro. Camcorder options include standard definition (SD) verses high definition (HD) video, recording to tape using MiniDV, recording to hard disk, and recording to DVD. In the under $1000 category, I recommend:

Standard definition
Panasonic PV-GS500 3-CCD Mini DV Camcorder
- $699.
This camera is the smallest form-factor 3-CCD camera that I've seen. With 3 CCDs, you will get a comparable image to that of a pro-sumer camera at the cost, size, and ease-of-use of a consumer model. Just like photography, you can have the highest megapixel camera available, but if the optics are sub-standard you're just getting a hi-res capture of a poor image.

High definition
Canon HV20 HDV Camcorder
- $749.
This looks like the best tape-based HD camcorder on the market. I personally prefer digital tape for the reliability of the footage. The HV20 can shoot in 4:3 or 16:9 mode (4:3 is a slightly higher resolution) and captures in full 1080p (1920 x 1080). iMovie can import and edit high definition video and still output to standard video DVD, making the technology future and backward compatible. There is no additional overhead to high definition other than slightly larger files during the editing stage.

Both of these cameras use the IEEE1394 cable standard so iMovie can control them without issue. The baseline requirements for utilizing iMovie for video capture is that video compression needs to be DV for standard definition format and HDV for high definition format, and use IEEE1394/iLink (Firewire Protocols) for capture.

Computer - the latest iMac's with OS X Leopard are amazing multimedia machines, equipped with all the tools you need to create professionally edited movies. My 14 year old daughter just completed a movie for school using our Sony camcorder, an IEEE1394 cable, and iMovie. The results were stunning. Here is a great page from Apple with the details about using Camcorders with Macs.

Thanks to David Bozzi at Harvard Medical School for help with this research.

Wednesday, December 19, 2007

Build AND Buy

In my role at CIO at Harvard Medical School and CareGroup, I'm often asked if we build or buy our enterprise applications. The answer is that we build AND buy, a strategy that has worked very well for over 20 years and I anticipate will serve us well for the next 20.

The trend in IT today is outsourcing, offshoring, buying software as a service (SAAS), and retiring home built legacy systems. Since I've just declared that we build software and will continue to do so, have I lost touch with the latest Gartner and Forrester reports?

Several healthcare application vendors are my close partners (I'm writing this at the Elephant Walk in Waltham just before dinner with 3 vendor partners). Vendors can produce full featured software on a regular release schedule and can be very innovative. Buying software means that I do not have manage developers and can leverage product development costs that are spread over many customers. Buying software means that the internal politics of development prioritization can be bypassed by relying on the vendor to adjudicate which features are included in upgrade releases. With reduced management responsibility, shared development costs and relief from institutional politics, what's not to love?

In complex organizations like Harvard and Caregroup, we have hundreds of applications. If we purchased all these applications, it's likely they would have dozens of different user interfaces, many navigation paradigms, several passwords, incomplete data integration and a high training burden. In 1998, my team and our stakeholders made the decision to implement a service oriented architecture (SOA) throughout the enterprise and own the "front end" of our applications. This means that our clinical systems have a single sign on, a single means of navigating the application and appear to have all our clinical data integrated completely, even though there are dozens of applications involved behind the scenes. We've built just about every system that our clinicians touch directly but buy the underlying departmental systems such as laboratory/blood bank, PACS imaging, critical care systems that interface with patient monitors and drug dispensing systems that require FDA approval. When we purchase a system from a vendor we require "Web 2.0" XML exchanges that enable us to link together the data housed in each application with our front end user interfaces. In a sense we've become experts at the plumbing that connects web applications.

This build and buy approach benefits the users with "virtual integration", ease of use and significant reduction in training requirements, but the real power in the strategy is that we can control the pace of innovation. Here's a case in point.

BIDMC was visited by the Joint Commission on July 23, 2007. A major focus of their visit was medication reconciliation, ensuring an accurate medication list at every transition of care. Very few vendor applications provide the tools necessary to do this. In a matter of weeks we built a community wide medication history health information exchange empowering physicians and patients to add, edit, delete and correct medications in every site of care. We brought this application live on July 24, 2007 and passed an audit for 100% utilitization of the software by October 1, 2007. It's highly unlikely this pace of innovation could have been accomplished with vendor software.

When folks ask about my build and buy strategy, I refer to them to the book "Built to Last" by Jim Collins and Jerry Porras, which highlights a concept called the "Tyranny of the OR verses the Genius of the AND". The authors suggest that highly successful companies are not dogmatic in their choices. It's ok to embrace Open Source AND Microsoft technologies. It's ok to embrace Linux, Mac OSX AND Windows. This does not mean that we're indecisive, it means that we use the right tools for the right task.

Hopefully, our broadly communicated strategy that we buy those applications which are mature, highly functional and widely deployed while we build the front end, the data integration and those applications which are cutting edge for which no vendor products are available will be viewed as the "genius of the AND" when the next generation of IT professionals looks back on our work.

Tuesday, December 18, 2007

A Chip in My Shoulder

I'm often asked about the RFID chip containing my medical records which is implanted in my right arm.

As a physician and chief information officer, I felt qualified to evaluate the medical, legal, moral, and privacy aspects of the device. After using the device for three years, I am not an evangelist for implanted RFID, but I believe it can be valuable for some patients who understand the risks and benefits. My implantation process in December 2004 was simple—a five minute office procedure, which included disinfection of the implant site on my upper right arm, a few cubic centimeters of lidocaine, and insertion of the injector into my subcutaneous fascia. I did not experience pain, bleeding, or any post-procedure infection. The implant is not palpable, does not migrate, and has no physical side effects such as itching, irritation, or changes in skin appearance. The RFID device does not impede my activities; even while rock or ice climbing I have hit the implant site many times without any problems. The device is undetectable by airport security metal detectors and hand scanners.

One possible side effect is that my RFID device can be scanned by retail security systems using 134.2 kHz RFID technology, the frequency of my implant. I have had experiences at Home Depot and Best Buy where my device seemed to set off the anti-theft systems. My personal data are not readable by such systems, but they may be able to detect the presence of an implanted RFID tag.

Given my experience, what are the risks and benefits? The medical risks of any implant are infection, pain, keloid formation at the puncture site, and reaction to the local anesthetic. There are quite a range of nonmedical risks. After my implant, I received many e-mails saying that I had become a “Borg” and had lost some of my humanity because I was now a hybrid human/machine. Some e-mails even referred to the Book of Revelation, noting that I now carried the number of the Beast. Thus, chip carriers have a risk of being social outcasts.

The chip holds a static and unencrypted 16 digit number, which is used to point to a Web site containing personal health record data. The Web site requires a username and password, ensuring appropriate security. It is conceivablethat a person on a subway could scan a patient’s number without their knowledge and steal their medical identity by creating an identical chip and implanting it. This is a very theoretical risk because hospitals are not widely using implanted RFID chips as a means of identification. If the implanted chip were used for security purposes, such as opening a door to a secure area, the person who scanned the patient on the subway could replay the RFID signal and gain access to the secure area. Again, this is purely theoretical since implanted RFID devices are not often used as security authenticators.

If these are the potential risks, what are the benefits? Since we have no universal health identifier in the US, there is no simple way to uniquely identify a patient at all sites of care. The result is a fractured medical record scattered in inpatient, outpatient, laboratory, pharmacy, and emergency department sites. The implanted RFID devices enable patients to establish health care identities and become the stewards of their own data. The patient can assemble a reconciled medication list, a complete problem list, and a list of diagnostic study results, and then apply personal privacy preferences—for example,deleting information about mental health, HIV, or substance abuse. This patient-controlled record is available to treating clinicians in the case of emergency via the implanted device.

It is a personal choice whether or not to be fitted with an RFID device, but for some patients such a record has value. For example, such devices may be particularly helpful for a patient with Alzheimer disease who cannot give a history, a patient prone to syncope who may not be initially conscious during an emergency department visit, or a very active person who engages in extreme sports activities and could be noncommunicative due to injury.

I believe that in the near future, patients will own their medical records and be the stewards of their own health care data. Implantation of RFID devices is one tool, appropriate for some patients based on their personal analysis of risks and benefits, that can empower patients by serving as a source of identity and a link to a personal health record when the patient cannot otherwise communicate.

Monday, December 17, 2007

New Healthcare Data Standards for the Country

Over the past 2 years, I've had the priviledge of working with 350 organizations as part of the US national effort to standardize healthcare data, supporting the secure exchange of healthcare records among patients, providers and payers with patient consent. On Thursday, December 13, the Healthcare Information Technology Standards Panel (HITSP), completed its 2007 work and approved 4 new "interoperability specifications"

Quality - all the initial standards needed to support the process and outcome measures for the Institute of Medicine's highest priority diseases.

Consumer Empowerment - all the initial standards needed to support personal health records exchanged via networks or via removable media (such as thumb drives). These standards make products like Microsoft Health Vault, the upcoming Google Health, Dossia, Medem, and Relay Health much more useful for patients, as they make the patient the stewards of their own data.

Lab - all the initial standards to order and result laboratories including a consistent description of lab types, reasons for ordering and units of measure. Today, the thousands of labs throughout the US use a heterogeneous collection of standards which require custom programming/configuration to connect them with electronic health records and public health reporting systems.

Emergency Responder - all the initial standards needed to support transfer of information among hospitals and emergency first responders such as paramedics when delivering care in the field, such as might occur in a Katrina-like event.

Also on December 13, the panel approved a Privacy Framework which provides a mechanism to categorize all the various privacy policies that exist in this country. This is important, since security technology to protect confidentiality can only be implemented by first understanding the policies which need to be enforced.

What are the next steps? All of the work done by HITSP on consumer empowerment, labs and biosurveillance will be "recognized" by HHS Secretary Michael Leavitt this month, except for the HL7 2.5.1 message (used to communicate lab results) and the OASIS HAVE standards (used to report hospital resources) which will be recognized in June 2008. Recognition means that federal procurement will require these standards to be included in systems deployed for federal government use. Also, these standards will be included in the Certification Commission for Healthcare Information Technology in 2008 and 2009, encouraging vendors to incorporate them into electronic health records, personal health records and hospital information systems.

As more and more clinicians use electronic health records and interoperability standards become more common, care will become more coordinated, improving quality and reducing costs. Standardization also lays the foundation for patients to be move involved with their care by getting access to all their healthcare data.

Creating a secure, interconnected healthcare system is a journey, but the completion of these healthcare standards for the country is a major first step down that path.

Embracing Innovation

I'm almost 46 years old and am in the prime of my capacity to adapt to mental and physical change. I crave innovation just as I crave my weekend time climbing ice and scaling mountains. However, I know that my mental and physical capacity to embrace change are likely to diminish over time.

My Grandmother (passed away in the 1990's) spent her youth learning the Palmer method of perfect handwriting. When I learned to type in 6th grade and began typing all my correspondence, she could not embrace the notion that cursive handwriting was an anachronism.

As a college student, I had the privilege of living with Dr. Frederick Terman, former Provost of Stanford University and the person who brought Bill Hewlett/David Packard together in the 1930's. Dr. Terman was known for his foundational work in radio engineering, especially the creation of novel amplifier circuits. One night in the early 1980's, I brought Dr. Terman an integrated circuit that cost under $1 dollar and did the work of his most complex radio engineering designs in a single device smaller than a dime. I proudly explained that his foundational work made this integrated circuit possible. His response was that he could not understand the technology inside the device and thus he had no interest in it.

Recently, in her Nobel acceptance speech, Doris Lessing explained that the Internet is destroying creativity and intelligence because it enables anyone to be a publisher and it removes rigorous training in the history of literature as a barrier entry to authorship. Although I have the greatest respect for anyone who earns a Nobel prize, these statements reminded me of my conversation with Dr. Terman. Just because the new forms of social networking, blogging, wikis, and instant messaging are different than previous forms of scholarship does not mean they are inherently flawed. In the past, I would have not shared my experiences as CIO with everyone because the barriers to writing a book about it were too great. Now, anyone can benefit from my decade of successes and failures as a CIO for free, anytime, anywhere. In a sense, the internet has democratized access to knowledge.

My committment to my staff is that if I ever become the rate limiting step in adoption of new technologies, then it will be time for me to go. In the meantime, bring on the AJAX, the Continuous Data Replication, Host-based Intrusion Protection and all the new acronyms that cross my desk every day. I may not immediately understand every new technology, but I look forward to being a student, learning about the latest innovations, for life.

Tuesday, December 11, 2007

Cool Technology of the Week

This week's cool technology is truly for the nerdy - it's about bandwidth and fiberoptics now available in our homes, made possible by new products from Corning. Infrastructure in the walls is often ignored because it's not sexy. To me it's necessary and deserving of a cool technology highlight.

The kinds of technologies that are enabling fiber to be run to houses, apartments and dorm rooms is illustrated here. The streaming video is worth watching. Gone are the days of fragile glass fibers that were instantly destroyed when bent or stepped on. These new fiber products empower HDTV, support high fidelity voice over IP and turn our homes into data centers. The future of nearly limitless, low cost bandwidth is arriving.

When I first began software development at the age of 12, I used a dial up acoustic coupler at 110 baud. In college, I was first in my dorm with a CP/M computer that included a 300 baud modem. When I did research at Lawrence Livermore Labs as a Sophomore, I was given a state of the art 9600 baud connection to the Arpanet, the Internet predecessor. In medical school, I had my own 1200 baud dial up, then 14.4K as a post doctoral fellow. In my early days as CIO I had 28.8K then 56K. I was Media One's (predecessor to Comcast) third customer for Broadband in the home at 1 Megabit speeds.

Today, I use Verizon FIOS, which includes a complete fiberoptic infrastructure in my basement. I average 20 Megabit download speeds and 5 megabit upload speeds. My home has 802.11g in every room. My sofa has nearly the same bandwidth as my office as work.

All this connectivity has enabled me to work wherever my laptop is located. Home video teleconferencing is no problem. Skype works well for world wide voice over IP calling. My family is completely connected with me via our home infrastructure regardless of where I am in the world.

Of course, there is a dark side to all this bandwidth - the digital divide. I live in Wellesley - one of the 'W' towns in Massachusetts (including Weston and Wayland ) that havehigh median household incomes. Verizon FIOS is not yet available to all towns, especially less populated rural locations. I hope that the future brings high bandwidth wireless technologies such as free community Wifi and WiMax that enable anyone with a computing device, including the $188 One Laptop per Child device, to experience all the benefits of connectivity to knowledge resources, personal healthcare applications, and social networks that are available today to those living in higher income locations.

Standards for Personal Health Records

In my post about Personal Health records , I identified the 4 major types of Personal Health records - provider-hosted, payer-based, employer-sponsored and commercial. As more products are offered, it's key that all the stakeholders involved embrace national healthcare data standards to ensure interoperability of the data placed in personal health records.

To illustrate the point, I am posting my entire lifelong medical record on my blog (this is with my consent, so there are no HIPAA issues) in two ways.

The first is a PDF which was exported from a leading electronic health record system. It's 77 pages long and contains a mixture of clinical data, administrative data, normal and abnormal results, numeric observations, and notes. It's a great deal of data, but is very challenging to understand, since it does not provide an organized view of the key elements a clinician needs to provide me ongoing care. It is not semantically interoperable, which means that it cannot be read by computers to offer me or my doctors the decision support that will improve my care.

The second is a Continuity of Care Document , using the national Health Information Technology Standards Panel (HITSP) interoperability specifications. It uses "Web 2.0" approaches, is XML based, machine and human readable, and uses controlled vocabularies enabling computer-based decision support.

It's critical that Vendors, Payers, Providers and Employers embrace these standards. A standards-based personal health record can be used to prevent medication errors, ensure best practice disease prevention, and serve as the basis for decision support systems which recommend optimal care. Using CCD, data can be turned into wisdom , can be incorporated into EHRs, transmitted between PHRs, and can be easily expanded by the patient throughout life.

Today (December 13), HITSP will deliver the harmonized standards for Personal Health Records, Labs, Emergency Records, and Quality measurement to HHS Secretary Leavitt. These "interoperability specifications" will become part of Federal contacting language and be incorporated into vendor system certification criteria (CCHIT) over the next two years.

Resolving Conflict

I've written about leading change, managing personnel transitions and the next in this series is resolving conflict. Most people do not enjoy conflict and want highly contentious situations to resolve themselves. Sometimes this works and some times it ends in chaos. I am convinced that to be a successful CIO, you must embrace conflict.

Here's the approach I use to resolving conflict.

1. Listen before talking. I find that many conflicts are the result of poor communication. Just understanding the issue deeply can resolve many conflicts. Being proactive by learning more about controversial situations early in the conflict is much easier than getting involved after the situation escalates.

2. Never use email to resolve complex issues. Anytime I receive more than 3 successive email exchanges about an issue, I call a "time out" and schedule a meeting or conference call.

3. Pick up the phone to diffuse emotion. Anytime I receive an emotional email, I do not respond via email. I pick up the phone, even if I know the conversation will be painful. Most people react differently in a person to person conversation than in email.

4. Never send an emotional email or make an emotional statement. If I ever feel a negative emotion while writing an email, I save as draft. Although an emotional email may feel like an effective weapon, it only wins the battle not the war. Emails last forever, can be circulated widely and make conflict resolution much harder in the long run. My experience with emotion, written or spoken, is that no one who responds to any issue with anger looks good while doing it. Those with polished executive presence are always emotionally neutral when dealing with conflict.

5. Talk a walk in the woods, a technique named after a famous story in which international negotiators at loggerheads over a nuclear arms treaty went for a walk in the woods near Geneva and discovered common interests that led to new solutions. The four negotiation steps developed by the Harvard Program for Health Care Negotiation and Conflict Resolution are:

Step one: self interests. Each participant articulates his or her view of key problems, issues, and options. Stakeholders are encouraged to actively listen, question, and interact with one another.

Step two: enlarged interests. The participants reframe their understanding of current problems and possible options with a wider perspective, based on the integrative listening and confidence-building that occurred in step one.

Step three: enlightened interests. The group is ready to engage in innovative thinking and problem-solving, generating ideas and perspectives that had not previously been considered.

Step four: aligned interests. Participants build common ground perspectives, priorities, action items, agreement, or plans for moving forward. Depending on the scope of the intended objectives, at this point they recognize the tangible contributions and opportunities accomplished through the meeting.

My "walks in the woods" usually take place at the Elephant Walk Restaurant on Beacon Street in Boston, so if you ever see someone dressed in all black eating a vegan meal at the Elephant Walk, it's a good guess that I'm resolving conflict!

Monday, December 10, 2007

When less is more

In the spirit of my Vegan Thanksgiving post, here are my thoughts about the holidays. I believe that a greater focus on people, experiences, and the world around us truly embodies the spirit of the holidays. When it comes to material goods, less is more.

As Americans, we're taught about the American Dream - a home, two cars in the garage, and an endless lawn for mowing on Saturday afternoons. That's reasonable, but every year the definition of "must have" is expanding. In just my lifetime, the American Dream vision has grown to a McMansion, a television in every room/home theater, appliances suitable for a major restaurant, and trendy designer furnishings. Watching television ads, it's clear that the must have holidays gifts this year include a Nintendo Wii, diamond jewelry, and expensive fragrances.

Malls become chaos, shopping becomes a contact sport, and traffic rules are tossed out the window. By the time the holidays are finished, we're so exhausted by the process that we need a vacation.

This year, I'm trying something different. My family and I are reducing our "stuff" by 30%. We're going through every closet, the garage, the attic, and the basement, analyzing their contents. Sealed boxes from our last move go straight to charity. If we have not touched an item in a couple of years, it goes into one of three piles - eBay, charitable donation or recycling.

We're regaining a knowledge of what we have, and why we have it. The end result will be a simpler lifestyle for all of us. We'll have an inventory that looks like:

For me, my black business wardrobe, my outdoor hiking/climbing gear, my Japanese flute, my Ubuntu laptop and my Toyota Prius hybrid.

For my wife, her New England crafted linen clothing that lasts a decade, her art supplies, and her MacBook.

For my daughter, her personally stylish but non-designer clothing, her iMac and her books.

In common, the early 1900's mission oak furniture that we've gathered for 20 years.

No massive caches of collectibles, no designer products, no need for a rented storage facility for keeping endless amounts of stuff. We'll be able to get the car in the garage, have more spacious rooms, and be able to find anything we need without searching for it.

But most importantly, we'll have the gift of time. With every purchase you make, there are are two costs - the cost of buying it and the time cost of maintaining it. Without having to polish the silver, buy containers to neatly store collections of clutter, and run around the malls to ensure we have the latest designer products, we have time for each other.

We'll have time to talk, to think, to read, and to recuperate from all the increased project workload at the office that the end of the year always brings.

Thus, for the first time, our gifts to each other will not be influenced by advertising, peer pressure, or the next door neighbors. We'll have a net reduction in the material, giving us the time we need to focus on people, experiences and the world around us.

How far can this go? Just as the journey from supersized obesity to healthy vegan was phased and incremental, I expect my efforts at living simpler will be incremental. Here's an article from the UK which describes a vision for the future. I'll report back how it goes!

Sunday, December 9, 2007

Managing Personnel Transitions

As a followup to my Leading Change post, one of the most challenging kinds of change to manage is personnel transitions. There are two major kinds of transitions - those which are done to you and those which are done by you.

Regarding changes done to you, the most important role of the CIO is to foster stability while embracing the change the follows a major transition in leadership. Over the course of tenure as CIO there have been many changes to senior management around me which directly impacted IT. I've experienced the transitions of 3 COOs, 3 CFO's and 3 CEOs. Each time there is a change in senior leadership, the anxiety in the entire organization is palpable. Everyone wants to know what the change will mean to them. Will their project be canceled or their job eliminated? There is generally a frenzy of activity as many folks in the organization jockey for power or try to resurrect projects that were put on hold by the former administration. The largest transition done to me was 10 years ago today when I became the new CIO of CareGroup/Beth Israel Deaconess. Although I was an inexperienced leader at that time, I think my basic beliefs about fostering stability were already in place. One of my staff recently sent me a copy of the broadcast email I sent a few hours after taking the job:

From: John D. Halamka MD
12/10/97 01:01 PM
To: IS Employees
Subject: All is well


You may have heard that a change is taking place in Information Systems leadership.

I realize that many of you may be feeling anxiety and are wondering what the future holds.

Over the next several weeks, I will get to know each of you, understand your projects and identify your challenges. My role will be to create an environment that empowers each of you. I will begin each conversation with "How can I help you?"

Working together, we can make Information Systems an even better place. We have a great deal of talent in the organization and I look forward to serving, learning and growing with each one of you.


Regarding changes done by you, I've personally led several transtions in IT, ensuring that the organization is always optimally structured to support the strategy of the company. Every time I do any reorganization, I've found that communication is key. Communicating often and transparently, engaging all those affected in the reorganization process really helps. Some organizations do reorganizations behind closed doors and even hire security staff to escort separated employees to their cars. I've never done reorganizations that way. I have treated people with dignity and respect, working hard to ensure their transitions are as painless as possible. There are 3 ways to transition people:

1. Work together on a separation over several weeks giving the affected staff the opportunity to move on to a new position outside the organization. This is by far the best approach, since it often leads to new opportunities for the separated employee and can be a win/win for everyone involved.
2. Work with Human Resources and the affected staff via oral/written warnings, counseling, and progressive discipline. Whenver I work through a termination via this approach, I follow all HR recommendations to the letter.
3. Termination for cause done precipitously. I am lucky that I have never had to do such a transition. It's very challenging to transition an IT professional abruptly because of the lack of time for knowledge transfer.

Although managing personnel transitions is not one of the more pleasurable aspects of being a CIO, it is one of the most essential. Ensuring that no one on the IT team impedes the work of others improves morale, accelerates projects, and minimizes human single points of failure in the organization.

Thursday, December 6, 2007

Cool Technology of the Week

In several of my previous posts have I described the increasing burden of triaging email

I've described the need to filter out Spam , block Industry related advertising , and prioritize the high volume of email we all receive.

New products are now being introduced to automate personal email management. The Wall Street Journal presented an overview of these recently.

Clear Context is an application that works with Outlook to automatically score email based on relevance - the sender (in your personal contacts or not?), the topic, and the history of your personal email response behavior. This seems to be the first product to implement my Top 10 Rules for Email Triage. As our email burden continues to grow and consume more than 50% of our work time, we will need intelligent agents like Clear Context to automate email management.

Another cool technology with seasonal relevance is ElfYourself . Give it a try and put yourself in the Holiday Spirit!

Wednesday, December 5, 2007

Leading Change

Ten years ago this week, I became CIO of CareGroup. On that day, I learned an important lesson about leading change.

Just hours after getting the job I decided that we'd embrace a service oriented architecture (SOA), standardize all desktop/server/storage infrastructure, and implement centrally managed applications. At 8am the next morning, I was scheduled to meet with my 300 staff members and share with them my vision for the future.

Luckily, experienced leaders counseled me on that first day. I discussed my vision with three Board members - Warren McFarlan (Professor at Harvard Business School), John Keane Sr. (CEO of Keane Inc.) and Sam Fleming (CEO of DRI/McGraw Hill). They told me that announcing a strategic plan without engaging all the stakeholders in the process would lead to mixed support and adoption.

Instead of arriving at the 8am meeting with all the answers, I arrived with questions. I explained to the staff that we wanted to improve customer service, encourage innovation, and ensure our work was aligned with the needs of our stakeholders. I challenged them to tell me what they thought we should do. In the first 30 days of my CIO tenure, I met with every staff member in IS as well as every senior manager in CareGroup to gather their priority lists, synthesize their input, and ensure they had a voice in the future. The result was a new IS operating plan focused on getting the basics done right. We clearly communicated the work to be done, the organizational structure which supported that work and the right people to staff the structure. The next step was to implement the changes.

I've long been a fan of John Kotter and his work on leading change in organizations. His broad recommendations to effect change include:

a. Defrost the status quo
b. Take actions that bring about change
c. Anchor the changes in the corporate culture

The planning meetings described above defrosted the status quo. The actions I took to bring about change included:

Create a Vision for Change
- the community came together with a vision of a web-centric organization and I broadly communicated it.

Establish a Sense of Urgency - everyone recognized that IT innovation was essential to coordinate clinical care, improve safety and enhance our competitiveness, especially after the merger of Beth Israel and Deaconess

Elicit Executive and Peer Sponsorship - The CEO declared that medication safety, personal health records, and enhanced communication to all levels of the organization were the strategic goals of the entire organization for that year

Communicate Vision to Implement Change - we established steering committees, project charters, project plans, and communication plans

Empower Employees to Implement Change - we aligned responsibility, accountability and authority throughout the IT organization so that managers had the resources and authority they needed to support our improvement efforts. We created a Special Projects team to coordinate the improvement projects without disrupting day to day operations.

Establish Short-term Goals - we created the first web application in healthcare to share data (with patient consent) among multiple organizations. We created the first web-based provider order entry system, and we created the first personal health record to share all hospital data with patients

Encourage Additional Changes - we created a non-punitive culture in which everyone was encouraged to identify mistakes and opportunities for process improvement

Reinforce Changes Made as Permanent - we built standard processes to deliver service, prioritize new projects, and communicate our multi-year plans to the community

That first year, we implemented strong project management methodologies, eliminated unnecessary work, and focused on getting basic services like email, networks, storage, and electronic result reporting rolled out to everyone in the community. Managing this work required resources, vision, and communication. All the pieces were in place to effect change.

Occasionally, I try to execute a change management project more quickly than usual, bypassing these steps. Whenever I do that I find that adoption of the new technology is delayed, budgets are at risk of overrun, and frustration escalates.

My decade of experience executing change suggests that Kotter was right. Building a guiding coalition, broadly communicating the vision, and celebrating a series of short term successes really works. I've watched projects without vision, resources or communication cause pain and anxiety throughout the organization. The good news is that we now know how to execute change and it is the role of senior management to enforce Kotter's principles in every change project.

Tuesday, December 4, 2007

Time, Scope, and Resources

Over the past few weeks, the number of new infrastructure project requests has peaked to unprecedented levels. The usual triage mechanisms described in my previous blog entry work well for applications, but infrastructure is different. Adding a new network port, a new telephone, or a new desktop is viewed a service business that can be ordered on demand, making it very challenging to say 'no'.

The sudden surge in requests re-emphasized to me the basic law of all IT projects - timeline, scope and resources are inter-related. If scope increases, timeline or resources must increase. If timeline is shortened, scope must be decreased or resources increased. Increasing scope, shortening timeline while leaving resources constant is not possible.

Of course, we can all work harder. There are 168 hours in a week, vacations can be postponed and nights/weekends filled. This works in the short term, but is not sustainable. "Lean" and "mean" organizations pushed too hard become "bony" and "angry" organizations.

New FTEs are not typically the short term answer. Getting new positions raises expectations of delivery capacity but hiring and training new staff take resources from existing capacity, so paradoxically getting new positions actually reduces capacity for a few months.

This means there is only one short term answer for unplanned, unbudgeted, unscheduled infrastructure requests - the scope of these requests needs to be reduced/phased or the time to do them increased.

For my requests this week, I've done the following
a. Assigned my staff to develop a standard worksheet which outlines the major time limiting steps (i.e. network connections take 90 days to provision) and thus specifies the minimum lead time for building IS support for a new location
b. Negotiated a change in scope with phasing - the initial request for a high bandwidth connection and new telephone system was morphed into a low bandwidth connection and use of the existing telephone system for now.
c. Reordered priorities - previous request were placed on hold in order to service the new 'once in a lifetime' opportunities
d. Asked for new staff - with the caveat that they will not add to capacity/throughput for 6 months
e. Requested governance changes - to ensure a central committee triages and communicates infrastructure requests for new offsite locations

There is one other strategy that I could employ if this surge in requests becomes chronic. In the past, I've staffed to average work load, not peak workload. This means that staff can put in extra hours for short term urgent increases in demand. However, I may have to staff to peak so that excess capacity is always available for the continuous infrastructure tyranny of the urgent I'm a frugal guy, doing a great deal on a limited budget , so I've never built in excess capacity.

As I work through these issues, I'll keep you updated on my progress.

Monday, December 3, 2007

It's time to take back the internet

Today, I've received over 250 unsolicited email advertisements for IT related products, services and seminars. This is not the usual egregious SPAM (Viagra ads, Nigerian businessmen, or phoney eBay phishing emails) which are already filtered out (see my previous post). These are legitimate emails that I do not want to receive from real companies. At the bottom of these emails are the words "This is not SPAM because you have opted in to receive these emails from us or our partners". I have never opted in to receive any such emails from anyone.

My email address appears in the masthead of many of the columns I write for print and web-based media. This has led to my inclusion in just about every IT mailing list on the internet.

I've tried opting out. Removing myself from 250 mailing lists each day can take an hour, so that's clearly not a sustainable part of my schedule. Also, some unsubscribe links just do not work. What are our options?

Short term, I advocate that CIOs start blacklisting the email domains that pummel us with unsolicited IT advertising. I'm a kind and gentle soul, so I'm willing to give companies a chance to redeem themselves. This month, I'm responding to these companies with a polite request to never send me emails again. If they continue to fill my inbox, I will blacklist their domain on my local email servers, preventing delivery of their advertising throughout my enterprise.

Thus far, I have received courteous responses from my first few companies i.e.

"Thank you for your response. Receiving 250 business solicitations each day is too much of a burden. I will happily remove your name. Your feedback is appreciated"

Long term, I'd recommend a national "do not call list" for email just as we use to discourage telemarketers from making unsolicited calls to households which have opted out on the national list. I would happily submit my name to a national email opt out list.

Other long term alternatives - we could create local whitelists of companies we do business with, but maintaining such a whitelist is challenging for companies and individuals. Other possibilities include expansion of Spam legislation and enforcement which provides sanctions for violators of unsolicited email rules.

I'm ok with "pull" advertising on websites that is customized to me, but is easy to ignore. However, I consider "push" unsolicited email contact an invasion of a personal communication vehicle.

Thus, for companies that send out endless unsolicited emails, watch for my responses begging you to stop sending me email advertising! The only recourse I have left is to block your domain if you continue.

Sunday, December 2, 2007

Safe Driver Discounts for Technology

Automobile insurers have long seen the sense of giving drivers an incentive, in the form of safe-driver discounts, to avoid taking risks when they’re behind the wheel. In health care, more and more payers are rewarding doctors for the quality of care they deliver and not the quantity. Aligning incentives with outcomes makes good sense.

Vendors of technology should follow those examples and revise their pricing models for yearly hardware and software maintenance contracts. If they rewarded customers who adhere to best practices, they would essentially pay customers for their performance.

As a CIO of multiple companies, I have to sign off on a lot of maintenance contracts every year. These contracts have a list price, and there’s usually a discount that the manufacturer passes along to the value-added reseller (VAR). The VAR decides how much of the discount to pass along to customers. No extra consideration is given to customers who abide by the vendor's best practices for the implementation and management of its products.

But why not? Why not give technology buyers the equivalent of a safe-driver discount? If customers were given incentives to hire highly competent internal staff, follow all the vendor-recommended configurations and install all the latest upgrades, life would be better for both the vendor and the customer. The vendor would receive fewer support calls and requests for emergency priority service. The customer would get higher reliability, better performance and lower maintenance costs.

Five years ago this month, we experienced a devastating network outage that led me to change a lot of our practices. Before the outage, my only incentive to adopt best practices was fear of downtime. The cost of support was certainly not a factor. We could make hundreds of support calls and send out an SOS during numerous high-priority emergencies, and the cost would be the same as it would be with a spotless performance record. The outage led me to replace much of our infrastructure, enhance my support team and ensure that our engineering practices are world class. We now place an extremely low burden on our vendors, but our maintenance discounts for all the technology we operate today don’t reflect that.

Here’s my idea. Vendors would give each customer a yearly technology safety rating, starting at, say, 100 points. If you miss an upgrade, 10 points would be deducted. Deviate significantly from a recommended configuration and you lose another 10 points. Make a support call that’s due to your lack of appropriate IT staffing and more points are taken away.

Discounts would no longer be arbitrary. Instead, they would be a direct function of the yearly safety rating. The harder a customer worked to avoid calls for help, the less the maintenance would cost. The best customer of the year could even be rewarded with completely free maintenance.

Of course, there are potential problems. Vendors could abuse the system by defining best practices as the elimination of all competing products, or they could take away points if customers didn’t buy all the optional add-on software they recommend. But such tactics would defeat the spirit of this proposal. Any vendor that adopted them could expect a good deal of pushback from customers; hopefully, they would see that such transparently cynical ploys have no real value.

So let me publicly ask my good friends at Cisco, EMC, Dell, HP and IBM, What do you think? You'll find that my driving record is exemplary.