Thursday, July 30, 2009

Cycling to Meetings - a Progress Report

The month of July is drawing to a close. Here's a report on my experiment to replace car travel with bike travel for a month.

What did I find?

*There is no place in the city of Boston that is faster to reach by car than bike. I average 15 miles per hour on bike and 10 miles per hour by car. A car on Fenway Red Sox days can be a painful 5 mph experience.

*My Harvard and CareGroup offices are 1.2 miles apart. I can go from desk to desk in 6 minutes, since my Strida folding bike travels in and out of the building with me. Car travel is between 15 and 30 minutes, depending on traffic.

*Parking in downtown Boston runs about $30 for the first hour. I saved more than the cost of the bike in one month of cycling.

* The streets of Boston are narrow, the potholes are deep, and the drivers are psychotic. I wore a helmet at all times, even for 1 mile rides between offices. The key to my success was to cycle in a predictable straight line, never darting in and out of traffic.

*Pedestrians and other bikes are even more hazardous than cars. I had numerous pedestrians (often walking into traffic while talking on their cell phones) nearly run into me.

*Rain can make cycling problematic. My Strida has fenders which protect me from tire spray, but wearing a suit while cycling in the rain can be tricky.

The bottomline - using a bike to commute in Boston saves me 30 minutes per day, saves gas, saves parking, and burns calories. If the rain stops, the pedestrians get off the phone, and the potholes are filled, life will be grand.

The experiment has been a success and I will continue to bike to all my meetings in Boston, April to November, weather permitting.

Wednesday, July 29, 2009

Next Steps for the HIT Standards Committee

At the July 21 meeting of the HIT Standards, we approved an initial set of standards for quality, clinical operations and security/privacy. We were told to refine these initial efforts by the next meeting of the Committee, August 20, so that ONC and CMS can incorporate the work into the interim final rule. Here's an update on the deliberations of the workgroups.

Privacy and Security
We received several public comments about our selected privacy and security standards - those used for authentication, authorization, auditing, encryption, and secure transmission. It's important to note that the sending and receiving of transactions for healthcare information exchange is part of the scope of the Privacy and Security Workgroup. Clinical Operations specifies the vocabulary/codesets/value sets and the actual message or document to send. Privacy and Security ensures it is sent in a secure fashion, consistent with HIPAA and ARRA. Our recent decisions in response to comments are

*Although the IHE ATNA profile for securing transmission via TLS allows use of Null Cipher (i.e. no encryption) as an option for private networks, we will require all health information exchange transactions between organizations, even those running on private networks to be encrypted via the AES_SHA cipher by 2011.

*SOAP is an approach to data exchange that enables programmers to use the web to call remote servers using the HTTP POST syntax. POST means the URL does not contain any specific information i.e.

I use POST to talk to a server at http://mymedicalrecords.com and request information about my medical record number and the kind of information I want to retrieve using hidden exchanges between the servers, not by embedding the details of my request in the URL.

SOAP has a learning curve and generally requires a toolkit to make the implementation easier. It has been a favored approach in healthcare because it has many standardized security tools.

*REST is an approach to data exchange the enables programmers to use the web to call remote servers using the HTTP GET syntax. It's easy to use without a toolkit. For example, you could use a browser to call a URL like the following to retrieve your allergies

http://mymedicalrecords.com?myMRN=1234567&show=allergies

Although it's simple, there are fewer standardized security tools. REST is increasingly popular and Amazon, Google, and most e-commerce companies have embraced REST, creating their own unique security tools.

*The Security and Privacy Workgroup recognizes that both approaches, SOAP and REST, should be allowable for data exchange. Here's a list of the HITSP Capabilities and Services supporting these transactions

TP13 - Manage Sharing of Documents (XDS.a), SOAP and REST
TP13 - Manage Sharing of Documents (XDS.b), SOAP
TP13 - Cross-Community Access (XCA), SOAP
TP21 - Query for Existing Data, SOAP
T31 - Document Reliable Interchange, SOAP
T42 - Medication Dispensing Status, SOAP
TP49 Sharing Radiology Results, SOAP and REST
TP50 - Retrieve Form for Data Capture, REST
T63 - Emergency Message Distribution Element, SOAP
T66 - Terminology Service, SOAP and REST
T81 - Retrieval of Medical Knowledge, REST
T85 - Administrative Transport to Health Plan, SOAP
TP89 - Sharing Imaging Results, SOAP and REST

For a more detailed discussion of the pros/cons of SOAP and REST, see my blog entry on the topic.

Clinical Quality
Leveraging the completed HITEP report, the Clinical Quality Workgroup has proposed 27 initial quality measures and the data types required to capture each electronically. The challenge is that several quality measures contain exclusionary criteria i.e. when considering HbA1c levels, remove patients on comfort care measures from the denominator. When considering tobacco cessation counseling, remove patients who really like smoking and lack readiness to quit from the denominator. Such exclusionary criteria are really challenging to support with existing EHRs. It is likely that either these exclusions will have to be removed from the measures until EHRs and standards support them, or that self attestation of quality measures rather than electronic measurement be done in the short term until EHRs can capture these more esoteric data elements. The Clinical Quality workgroup is examining every data type for its readiness/adoption and will then make final recommendations on the quality measures and data types to use in 2011.

Clinical Operations
We're refining the matrix of vocabulary, messaging and document standards to respond to comments from HIT Standards Committee members and the public. We've heard such things as

*Allow HL7 2.51 messaging as well as XML-based document formats for transmission of data in HIEs, at least for the next several years

*Although care coordination and patient experience data exchanges may benefit from unstructured documents such as a PDF exchanged electronically along with metadata, quality measurement really requires codified data, even if it is just ICD9. SNOMED-CT is the preferred vocabulary for clinical observations and eventually should be used for all quality measures, but it will take several years for SNOMED-CT to be fully implemented in healthcare information exchanges, so ICD9 and ICD10 will be allowed along the way

*The HIT Standards Committee focuses on healthcare information exchange - from the edge of one organization to another organization. All the vocabularies we are discussing - LOINC, RxNorm, SNOMED-CT and UNII (for allergies) are for exchange, not necessarily required within internal systems of organizations. This is the realistic approach that is needed to give organizations the time they need to implement controlled vocabularies for data exchange.

We'll continue our work for the next two weeks and then present it publicly on August 20. Thanks to all the Committee, Workgroup, and HITSP volunteers who have spent many hours on this effort.

Tuesday, July 28, 2009

The Making of the Third Generation Prius Ad

It's Summer, so time for some lighter fare (don't worry, more news from Washington is coming later this week.)

I'm a Prius driver and will likely be replacing our older Toyota Highlander with another Prius, which will be my wife's and my daughter's car.

The Third Generation Prius advertisement features a unique combination of people, amazing graphics, and digital assembly - over 1,000,000 people were created from 200 extras.

Here's a You Tube Video that explains how the entire commerical was created. Incredible.

Monday, July 27, 2009

A Glossary of the Data Center

I'm serving as a subject matter expert for a panel studying the IT capabilities of the Food and Drug Administration. In preparing our report, the team recognized that many FDA stakeholders are not well versed in the terms used to describe data centers. Here's the glossary that the team developmented, which I thought you might find useful for your own reports and presentations.

Classification of Data Centers (Tier 1 – 4). The Telecommunication Industry Association (TIA) has published the TIA-942 standard for classification of data center capabilities.

Tier 1 – Basic: 99.671% Availability
Susceptible to disruptions from both planned and unplanned activity
Single path for power and cooling distribution, no redundant components (N)
May or may not have a raised floor, UPS, or generator
Takes 3 months to implement
Annual downtime of 28.8 hours
Must be shut down completely for perform preventive maintenance

Tier 2 – Redundant Components: 99.741% Availability
Less susceptible to disruption from both planned and unplanned activity
Single path for power and cooling direction, includes redundant components (N+1)
Includes raised floor, UPS, generator
Takes 3 to 6 months to implement
Annual downtime of 22.0 hours
Maintenance of power path and other parts of the infrastructure require a processing shutdown

Tier 3 – Concurrently Maintainable: 99.982% Availability
Enables planned activity without disrupting computer hardware operation, but unplanned events will still cause disruption
Multiple power and cooling distribution paths but with only one path active, includes redundant components (N+1)
Takes 15 to 20 months to implement
Annual downtime of 1.6 hours
Includes raised floor sufficient capacity and distribution to carry load on one path while performing maintenance on the other.

Tier 4 – Fault Tolerant: 99.995% Availability
Planned activity does not disrupt critical load and data center can sustain at least one worst-case unplanned event with no critical load impact
Multiple active power and cooling distribution paths, includes redundant components (2 (N+1), i.e. 2 UPS each with N+1 redundancy)
Takes 15 to 20 months to implement
Annual downtime of 0.4 hours


Cloud Computing (and Storage). Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

NAS (Network Attached Storage). The Network Attached Storage is file-level computer data storage connected to a computer network providing data access to heterogeneous network clients.

Reference Architecture. The reference architecture provides a proven template solution for an architecture for a particular domain. It also provides a common vocabulary with which to discuss implementations, often with the aim to stress commonality.

Reference Architecture can be defined as different levels of abstraction. A highly abstract one might show different pieces of equipment on a communications network, each providing different functions. A lower level one might demonstrate the interactions of procedures (or methods) within a computer program defined to perform a very specific task.

SAN (Storage Area Network). The Storage Area Network (SAN) is an architecture to attach remote computer storage devices (such as disk arrays, tape libraries, and optical jukeboxes) to servers in such a way that the devices appear as locally attached to the operating system. Although the cost and complexity of SANs are dropping, they are uncommon outside larger enterprises. Network attached storage (NAS), in contrast to SAN, uses file-based protocols where it is clear that the storage is remote, and computers request a portion of an abstract file rather than a disk block.

Virtualization (Server Virtualization). Virtualization is a method of partitioning a physical server computer into multiple servers such that each has the appearance and capabilities of running on its own dedicated machine. Each virtual server can run its own full-fledged operating system, and each server can be independently rebooted. (Best practice for reducing cost and increasing performance in large enterprises).

Friday, July 24, 2009

Documents and Messages, a Guest Blog

Yesterday on a call of the HIT Standards Committee Privacy and Security Workgroup, we had a great discussion about Common Data Transport and Health Information Exchange. This is a guest blog describing that conversation by David McCallie at Cerner, a member of the Committee.

"These are some principles that we try to follow in our work.

*Be aware of the difference between a document and a message

*A document should ideally contain data that is assembled to represent a specific clinical context – the data in the document should cohere in some meaningful way. For example, a document (e.g., a CCD) could represent a summary of an encounter, or a response to a query for a current_medication_profile, or you could have a CDA representing a radiology report with structured findings, etc.

*A message communicates some kind of discrete change in state, and is capable of standing in isolation from other messages. For example, a reference lab sends a test result back to the ordering physician via messages. Messages should have sufficient metadata to allow for idempotency (timestamps to avoid duplicate data errors on replay) and to allow for transactional updates to the discrete content of the message (externally-valid identifiers that can be used to send corrections or amendments, etc.) Documents do not need to contain idempotency or transactional information about the discrete structures contained within. The arrival of a document does not imply that all of the contained structures have been updated, whereas the arrival of a discrete message usually does indicate a change in state of the discrete.

*Of course, a message could be used to send a document, in which case the message will have metadata about the overall document (though that does not imply that the metadata is relevant to each discrete element within the document.)

*However, in general, a document should not be used to send a message. For example, a document (like a CCD) should not be used to update discrete information such as specific problems in an external problem list. If a provider chooses to (manually) extract discrete data from the document into his EMR, he should be aware of the context of the overall document to determine the validity of making the extraction. (He may reject the extraction because he is already aware of the discrete information, or his EMR already contains more accurate or more refined knowledge than what is contained in the document.)

*Discrete information should not be automatically extracted from a structured document (except under carefully controlled circumstances.)

*It is tempting to consider a structured document to be the same thing as a structured message, but the semantics are different and trouble will follow

*An HIE that allows only for document submission will be unable to accommodate capture of messages (unless some of the above principles are violated.)

*Yet messages are far more common in HIT transactions today than are documents (labs, claims, eRx, etc.)

Ideally, an HIE should be able to utilize both documents and messages to capture and share patient clinical state."

I thought that these ideas were important to share with the Health Information Exchange and Standards stakeholders who read my blog.

Thursday, July 23, 2009

The SNOMED-CT Problem List has arrived

As promised in my earlier blog, the National Library of Medicine has created a "best practices" subset of SNOMED-CT which is highly usable by clinicians for documenting the symptoms and conditions used on a typical Problem List.

I've discussed previously the hazards of using ICD-9 as problem list vocabulary. It's an administrative billing vocabulary, not a clinical observation vocabulary.

You need a free SNOMED license (if you're in one of the countries that has licensed SNOMED, such as the US) to retrieve the SNOMED Problem List document.

The present subset is based on datasets submitted by 7 institutions - Beth Israel Deaconess Medical Center, Intermountain Healthcare, Kaiser Permanente, Mayo Clinic, Nebraska University Medical Center, Regenstrief Institute and Hong Kong Hospital Authority.

We're implementing this problem list vocabulary in our home grown systems first, then we'll work with eClinicalWorks to incorporate it into their EHR. We'll test it extensively with a few clinicians and then roll it out broadly if we achieve a good balance of functionality and clinician satisfaction.

The HIT Standards Committee will likely recommend SNOMED-CT as the preferred problem list vocabulary, so this release by the NLM is very important to all EHR stakeholders.

Tuesday, July 21, 2009

The HIT Standards Committee Deliverables

Over the past 60 days, the HIT Standards Committee and its workgroups have been hard at work mapping standards to meaningful use. Here are their deliverables:

Clinical Quality

The Clinical Quality Workgroup Report describes the approach used to specify the 27 performance measures for 2011 which support meaningful use.

The Clinical Quality Workgroup Recommendation matrix includes all the detailed EHR data types used to compute quality measures plus a matrix of sites of care and relevant specialties. This matrix will be expanded to reflect the readiness of measures for implementation and proposed levels of performance expectations (i.e. what threshold constitutes good performance for each measure)

Clinical Operations

The Clinical Operations Workgroup Report describes the approach used to specify standards for 2011, 2013, and 2015 linked to each meaningful use metric.

The Clinical Operations Workgroup Recommendation matrix includes all the detailed standards supporting quality measures and health information exchanges as well as identification of standards gaps requiring harmonization or commission of new standards.

Privacy and Security

The Privacy and Security Workgroup Report describes the approach used to specify standards in support of meaningful use and the ARRA 8 statuatory requirements. This report also includes an overview directed at the consumer, explaining the reason all this work protects their confidentiality.

The Privacy and Security Workgroup Recommendation matrix includes all the detailed security standards and an indicator of their readiness for implementation.

An immense amount of work has gone into the effort thus far. I want to thank the HIT Standards Committee members, the Workgroups, and the HITSP staff and volunteers who joined the Workgroups. Well done!

Monday, July 20, 2009

Securing our Blackberries

New Massachusetts Data Protection regulations require us to secure mobile devices.

At BIDMC, we have nearly a 1000 Blackberries and hundreds of iPhones. The Blackberry has well developed enterprise control features, so we're starting our mobile security effort with them.

In the interest of sharing our experience with the IT Community, you'll find our proposed policies here. It's a work in progress and we're still fine tuning our approach. To better under the impact on users, several IT staff including me will be testing these new settings.

There are an amazing array of settings to secure Blackberries - you'll find the complete configuration guide here.

It's clear that organizations are finding the balance between security and ease of use to be challenging. Here's a few describing others experiences:

Timeout issues

Password Policy issues

I'll let you know how our IT pilot goes and publish our final policies/settings as we rollout to our users.

Friday, July 17, 2009

An Update to Meaningful Use

On June 16, I wrote about the release of the draft definition of meaningful use.

Today, at the HIT Policy Committee meeting, the final definition of meaningful use was released and adopted. What was changed?

1. For inpatient CPOE, only 10% of orders must be entered electronically
2. For problem lists, ICD9 or SNOMED must be used
3. Advanced directives must be recorded
4. Smoking status must be recorded
5. Quality measures must be reported to CMS
6. Clinicians and Hospitals must implement at least one clinical decision rule relevant to a high clinical priority
7. Administrative transactions, including eligibility and claims, must be completed electronically

Also, the timing of meaningful use was clarified in this presentation on Slide 12 and 13

The Meaningful Use Workgroup recommended use of an 'adoption year' timeframe (i.e., '2011 measures' applies to first adoption year even if HIT adopted in 2013; '2013 measures' applies to 3rd adoption year.

Thus, clinicians can still receive partial stimulus funds if they implement 2013-2015 instead of 2011-2013, and they can follow the same path as early adopters instead of an increasingly difficult set of criteria.

The Committee also discussed options for certification which I encourage you to read.

A very important meeting today. Now that meaningful use has been defined and approved, the HIT Standards Committee can complete its initial standards and certification criteria recommendations, which will be delivered next Tuesday.

Thursday, July 16, 2009

Going Home Again

Last weekend, my wife and I flew to Northern California with my daughter to connect her with a group of students traveling to Japan for intensive language study this summer. After dropping my daughter off on her flight to Tokyo, my wife and I drove to every site that played a role in our 30 year relationship.

We met in 1980 at Stanford in the dorm complex next to Lake Lagunita. I was in Granada, she was in Eucalypto. We visited our old dorms and found the forests we walked in replaced with construction over the past 30 years.

In 1982, we served as live-in companions to Dr. Fred Terman, the former provost and Dean of engineering. We visited his former home, in an enclave of faculty housing, on El Escarpado. It was getting a new driveway, but otherwise had not changed.

In 1983, after Dr. Terman died, we moved to a cabin in La Honda, California on Shelden Road. Fritz Maytag, the founder of Anchor Steam brewery had lived there before us. La Honda had not changed much, and the biker bar called Applejacks was still a popular town gathering spot.

Each night in 1983-1984 we would drive from La Honda to the San Gregorio Stage stop, then to Pompano Beach and onward to Pescadero, a small farming town. We'd talk about the future and speculate where our Stanford education would take us. We did that drive again and stopped at Pompano to walk through the waves around the sandstone cliffs.

We drove north to San Francisco. Even in the late 1980's and early 1990's we had an affinity for Japan and frequented Japantown in San Francisco. We strolled the shops, restaurants, and markets, nostalgic for the easy access to all things Japanese that is missing from Boston.

In 1984, we moved to Marin County and bought a small home on Rose Avenue, near Panoramic Highway in Mill Valley. That isolated neighborhood of older homes is now filled with expensive new construction. Our starter home is now 10 times the price we paid for it. We were both amazed that we commuted through the narrow, steep, potholed roads of upper Mill Valley from 1984-1986. We had a great time back then with hot tubs, star gazing, and weekend sushi dinners, but we would not want to drive the cliffs of Rose Avenue today.

In 1986, we built a home on Mt. San Pedro in San Rafael overlooking China Camp State Park. It was the go-go 1980's when owning a large home was a sign of success. Our home, Woodcliff, had 5 pods - a living area, an underground winery, an artist studio, a library/office wing, and a lab space for wine chemistry. We sold the home to Dr. Dean Edell in 1993. We learned many lessons about living large during that era and that led to the simpler existence we have embraced today. The house is still there, although the grape vines have been replaced with fields of lavender and the mountainside is now a destination for mountain bikers who seem at battle with private property owners.

During our Marin County years, I ran a software company called Colossus at 100 Smith Ranch Road while going to medical school at UCSF and graduate school at UC Berkeley. The office space is still there, occupied by another software company.

During weekends, we hiked West Marin locations - Pt. Reyes, Tomales Bay, and Bolinas. We did an 8 mile hike down the Bear Valley trail to Arch Rocks and visited the Tule Elk at Pierce Point. We stopped for dinner in Bolinas, a hidden town without any road signs to identify it. As we drove toward the Palomarin headlands, a rainbow appeared without any clouds or rain (the photo above).

Would we go back? Would we want to relive the Palo Alto, Mill Valley or San Francisco of our 20's? The great wines, the energy, and the outdoors of our youth?

Nope.

Northern California is a great place, but today we have different needs.

We're approaching 50 and our focus is on a great education for our daughter, time with family, career, and community service - locally and in Washington.

Just as Northern California was a perfect fit for our 20's, New England is a perfect fit for our 40's and 50's. We have easy access to great educational institutions, healthcare, museums, New York, Washington, and colleagues across the Eastern Seaboard. The outdoors still beckons and we have easy access to hiking, biking, and kayaking. We have local farms and look forward to the variation of 4 seasons.

Our 60's may bring another set of needs. My daughter will be starting her own family, my parents may need more frequent visits, and our work activities may evolve. It's hard to know what tomorrow will bring, so we're leaving our options open. Maybe a small farm in Vermont? Maybe an ecofriendly cabin with a Japanese lifestyle? If my daughter lives and works in Japan after college, her current dream, then we might create a new life in Kyoto.

You can go home again and for me it was a great opportunity to refresh the memories that made me who I am today.

I look forward to each day and the potential it brings. The past is filled with great experiences, joys, and struggles. I would rather move forward guided by the past than try to relive it in the future.

Wednesday, July 15, 2009

Dispatch from Washington

Today I was in Washington attending two important meetings - an Institute of Medicine gathering to discuss healthcare information exchange and the HIT Policy Committee Certification/Adoption Workgroup.

The Institute of Medicine meeting brought together 30 experts from computer science, informatics, and the health information exchange community to discuss the applications of grid computing technologies to health information exchange.

I presented an overview of the HIE work in Massachusetts and Indiana using these slides. Ken Buetow from NCI presented an overview of the major concepts from Grid Computing efforts to date.

We discussed the possibility of using Grid Computing methodologies in healthcare clinical care, population health, and research. Here's an overview of the vision (NCHI) presented by Patrick Soon-Shiong and his scientific advisory board chaired by Dr. Ian Foster and Carl Kesselman, two grid computing pioneers. As I next step, I will work with Dr. Kesselman to learn more about the standards and architectures used in Grid Computing to understand how they may help solve some of the challenges facing healthcare stakeholders, especially the research community.

The HIT Policy Committee Certification/Adoption Workgroup is charged with examining the certification and standards harmonization processes, making recommendations for improvements. I presented the latest update from HITSP's Tiger Teams.

Mark Leavitt provided an overview of recent enhancements to the certification process including module certification, self built certification and support for open source initiatives.

Brian Klepper commented on his experiences with certification to date and emphasized the need for independence and multi-stakeholder participation in the certification process.

Steve Waldren commented on the needs of small practioners who need flexibility in the way they deploy EHRs, highlighting the need for an approach to certification which recognizes the variation among different specialties and care settings.

I'll be back in Washington next Tuesday for the HIT Standards Committee presentation of its major deliverables - a matrix which includes all the clinical operations, quality, and privacy/security standards needed to support meaningful use/the ARRA 8 as well as a measure of the deployability of each standard and recommended certification criteria. I'll post all this work on my blog as soon as it is presented at the meeting.

Tuesday, July 14, 2009

Device Convergence

My daughter is spending the summer in Japan and needed a platform that includes:

* A comprehensive English/Japanese dictionary with support for hiragana, katakana, and kanji

* Support for flashcards, tutorials, and other types of interactive educational multimedia

* 3G Wireless with an option for WiFi (WiFi is not widely available in Japan because Wide Area Wireless is so good)

* Browser support including Facebook, which her class is using as a kind of groupware

* Music support

* Camera/video support

* Compact size with reasonable battery life

As the home CIO, I have access to many platforms - Windows, Linux and MacOS laptops, subnotes, netbooks etc. She tried many devices.

In the end, she chose an iPhone 3GS, retiring her existing cell phone, iPod, netbook and camera.

My wife is also studying Japanese and wanted to run the same applications (Japanese Flip, Kanji LS Touch, My Japanese Coach, Human Japanese) so she retired her cell phone and iPod.

Because we all have great local 3G coverage on my Blackberry and their iPhones, we retired our Femtocell which we were using to boost 2G coverage for their cell phones.

Thus, we've replaced 7 devices (2 ipods, 2 cell phones, 1 netbook, 1 camera, and 1 Femtocell) with 2 iPhones. The 3 megapixel camera and video capability provides good enough photo support for most "recreational" applications.

I'm all for parsimony - owning as few devices as possible. Although the input capabilities of the iPhone 3GS are better than previous iPhones and now supports cut and paste, it is still challenging to use an iPhone to respond to 1000 emails a day, so I'll continue to use my Blackberry.

My wife and my daughter have converged their lives to a single mobile device for all computing support while they travel. Their learning curves were short and today they are more active in the digital world than ever before. From our first few weeks as iPhone 3GS users, it's clear that less is more!

Friday, July 10, 2009

Cool Technology of the Week

In an era of ubiquitous WiFi, many meeting rooms have guest wireless connections available for visitors.

However, some government agencies, some larger firms and some healthcare facilities are concerned about the security implications of uncontrolled wireless access points and do not offer connectivity to visitors.

How do you solve this problem? The Verizon Intelligent Mobile Hotspot (MiFi) brings a WiFi network wherever you need it.

I recently had the opportunity to test it in a meeting. I put the MiFi device (about the size of a pack of cards) in the room, turned it on and a few seconds later 5 people in the room had 802.11 b/g WiFi at 1 meg/second speeds.

How does it work? The small Novatel manufactured device is mostly battery (which lasts about 4 hours), an EVDO/3G Mobile Broadband chip that connects to the Verizon Cell Network, and an WiFi access point all packed into a 2 ounce package.

The price is under $100 with a 2 year contract and two plans are available. The 5 Gigabyte plan for $60 per month is the most attractive.

Here are the specs:
• 1x EV-DO Revision A (Rev. A) /0; 1xRTT; 800, 1900 MHz
• Wi-Fi Mode: 802.11 b/g

Security
• CDMA authentication and identification
• Dynamic MIP key update; CHAP
• Wi-Fi: WEP/WPA/WPA2-PSK, SPI firewall
• MAC/Port filtering
• NAPT/DHCP server enable
• VPN Pass-through

It's also usable as a USB connected device via the VZAccess Manager and support is available for both Windows and Mac platforms. OF course, in WiFI mode it's operating system neutral.

An ultraportable WiFi access point wherever you need it using a 3G cell phone network - that's cool.

Thursday, July 9, 2009

Blog Spamming

As folks who visit my blog may have noticed, I have activated Word Verification for comments. This prevents automated systems from adding comments to my blog, since it takes a human being to read the word graphic and interpret it.

I also turned on Comment Moderation for comments older than 14 days.

A few weeks ago, blog spammers posted advertisements to every one of my 400+ blog entries. I've not found a way to bulk delete comments, so I've been reviewing every previous comment and deleting the spam.

With the new settings, I can bulk reject dozens of spammed comments that are posted to my blog each day.

It's a shame that spammers believe junk comments on blogs are an effective means of advertising. I apologize for the Word Verification and the Comment Moderation, but its the only way I can keep the blog maintained.

Let's hope that blog spammers find a better use of their time in the future!

Wednesday, July 8, 2009

It's the Era of ARRA

Today at the HITSP Panel meeting, we approved the work our Tiger Teams completed over the past 60 days to support ARRA:

*EHR-Centric Interoperability Specification

*Exchange Architecture & Harmonization Framework Technical Note

*Data Architecture Technical Note

*Access Control Service Collaboration

*Security Audit Service Collaboration

*Patient Identification Management Service Collaboration

*Knowledge and Vocabulary Service Collaboration

*Healthcare Document Management Service Collaboration

*Query for Existing Data Service Collaboration

*Administrative Transport to Health Plan Service Collaboration

*HL7 Messaging Service Collaboration

*Emergency Message Distribution Service Collaboration


What is a Capability?

A HITSP capability is an implementable business service that specifies interoperable information exchanges using HITSP constructs. It supports stakeholder requirements and as part of its design, it includes information content, infrastructure, security and privacy. Capabilities have options- subsets of the data content can be sent or received as appropriate by a system implementing a capability.

What is a Service Collaboration?

A service collaboration describes the orchestration of data flow such as publish/subscribe, query/response, patient identification, and audit trail creation.

This work is a great simplification of prior HITSP efforts, but there is still work to do.

We will continue to work on our Electronic Publishing framework so that these capabilities are more easily accessible to vendors, HIEs, and other interoperability stakeholders. It will also make them easier to maintain.

The Capabilities point to components, transactions, transaction packages, and base standards. Since SDOs license their content, we cannot include the Standards Development Organization implementation guides. We provide pointers to SDO work products and state the constraints that clarify the details needed to streamline interoperability. In the future, we'll provide additional constraints and work with SDOs to make the implementation guidance available electronically as simple as possible.

What about the future?

It is likely that additional work on standards will be needed to meet all the objectives and metrics of meaningful use for 2013 and 2015.

HITSP will work to address those gaps. HITSP Program Management will leverage the successes of the Tiger Teams and ensure our team structure and processes are optimized to support the HIT Policy and Standards Committees.

We'll also finish work already in process such as Remote Monitoring, Quality, and Clinical Research.

On July 16, the HIT Policy Committee will present the next revision of meaningful use.

On July 21, the HIT Standards Committee will present the standards and certification criteria that support meaningful use, incorporating HITSP work.

We're moving very fast, but we're doing it very openly and by consensus. My thanks to the hundreds of people and thousands of volunteer hours that resulted in the HITSP capabilities and service collaborations that were approved today.

Tuesday, July 7, 2009

A Single Point of Disclosure

The American Recovery and Reinvestment Act of 2009 (ARRA) states that the HIT Policy Committee shall make recommendations on standards, implementation specifications, and certifications criteria in eight specific areas (the ARRA 8) including "Technologies that support accounting of disclosures made by a covered entity" .

The first draft of meaningful use includes three requirements for Population and Public Health data disclosure:

-Submit electronic data to immunization registries where required and can be accepted
-Submit electronic reportable lab results to public health agencies
-Submit electronic syndrome surveillance data to public health agencies according to applicable law and practice

How can Massachusetts enable these data exchanges and at the same time document disclosure?

The answer lies in the New England Healthcare Exchange Network which has served as the Massachusetts healthcare data exchange since 1998.

I've recently met with many stakeholders:

- the Boston Public Health Commission
- local, state and federal biosurveillance organizations
- quality registry hosting entities
- the Social Security Administration

All have agreed that instead of point to point heterogeneous interfaces, data should be disclosed via a standards-based gateway for secure electronic communication.

Here's a vision for Massachusetts:

- Today, all our payers and providers host a NEHEN gateway or have access to a hosted NEHEN Software as a Service called NEHEN.NET

- public health and population health organizations such as the Public Health Commission, Department of Public Health, Massachusetts eHealth Collaborative Quality Registry, and the Social Security Administration should add a NEHEN gateway to their organization. They could then stop using FTP, VPNs, leased lines, or proprietary web uploads for data collection.

- As part of our NEHEN architecture, we have a Participant Directory that contains gateway to gateway routing information. In addition to providers, this directory can contain public health and population health organizations.

- All future disclosures will be made from payers and providers to data collection organizations via NEHEN gateways.

-This means that one set of policies, one set of gateway software, and one set of standards is used for data transmission and disclosure logging throughout Massachusetts.

I have volunteered to move the BIDMC's Social Security Administration transmissions and the Public Health Commission data exchanges from proprietary transmission approaches to the NEHEN gateway.

Although there is still much work to do to ensure the NEHEN gateway can connect to all local, state and federal data gathering entities, the economies of scale of building one transmission/routing mechanism and just changing the payload as needed is appealing to everyone.

NEHEN is currently completing healthcare information exchange work in support of ARRA clinical coordination goals. Once that is done, it is clear that a single point of disclosure for Population and Public Health data exchange is a high priority next step.

Monday, July 6, 2009

International EHR Adoption

I was recently asked to compare EHR adoption in the US to other countries. Based on my own experience and the comments I received from colleagues, there are three aspects to consider:

* Use of Ambulatory EHR
* Use of Inpatient EHR
* Interoperability

Ambulatory
The most widely implemented are England, Denmark, Netherlands, and certain regions of Spain which are close to 100%. Sweden, Norway are at 80% and behind and Germany/France are at 50%. The US is somewhere between 2 and 20%, depending on how you classify a comprehensive EHR. Based on my definition - codified problem lists, e-prescribing, and decision support, the US is below 10% adoption.

Inpatient
Teaching institutions are generally well equipped, although less sophisticated on average than the US. Coverage in mid-low tier hospitals is high in England, Sweden, Norway, Denmark, and Finland, followed by Germany and Spain. In the US, CPOE adoption nationally is less than 25%

Interoperability
Denmark has the most signification implementation of production HIE with over 90% of encounters shared electronically. Certain regions in Spain, English, and Sweden have significant HIE. Canada Health Infoways has done excellent work with standards harmonization and incentivizing data exchange at the Province level. In the US, e-Prescribing is high is some states such as Massachusetts, Rhode Island and Nevada, but quite low in others. Clinical Summary exchange is done in some regions (Indiana, New York, Massachusetts, Tennessee, Minnesota, Arizona, Virginia) but most regions are just beginning implementation.

I've visited several sites in Sweden over the past 5 years, and the most innovative County is Jönköping

Qulturum is the organization in Jönköping that organizes the most innovative aspects of healthcare quality improvement including IT implementation.

As we think of lessons learned to guide US EHR installations, Scandinavia is definitely a region that has done IT right.

I welcome comments based on your own international experiences.

Thursday, July 2, 2009

The Joy of a Local Hardware Store

Let me describe two experiences:

I walk into a big box home improvement store and ask for advice about screens for storm windows that were popular in Wellesley, Massachusetts in the 1960's. No one has any idea what I'm talking about. Not just about my storm windows, but any storm windows. The store is 40 aisles of 20 foot high racks without an easy to navigate map. Oddly, screens are not in the Windows section, they're in the Building Materials area. No one knows what tools I need or how much screen I should purchase, so I make several trips back and forth from home to store. I spend hours in the process and throw away an entire roll of screen I've wasted.

I walk into my neighborhood hardware store. A cheerful, experienced salesperson greets me at the door and asks to help with my project. The person instantly knows the type of windows I have, the tools needed, the best materials, and a few tips to get the job done right. The person wanders around the 5000 square foot store, picks up all the materials I need and rings me up. I spend minutes in the process, do the job perfectly the first time, and have no waste.

Just as I have extolled the virtues of embracing locavore food culture and community supported agriculture, I suggest supporting your local hardware store - let's take back the neighborhood from the big box stores.

Life is short and I really care about the quality of my day to day experiences. I want to shop locally from farmers, craftsmen, vendors, and salespeople that I know. I realize that in our complex world that is not always possible. If you have a choice of buying a bolt for fifty cents from a helpful, knowledgeable shopkeeper OR buying a bolt of lesser quality for forty cents that takes an hour to find a big box store, I suggest that you and your wallet shop locally.

I'm so impressed with Green's Hardware in Wellesley, that I actually seek out home projects to do on weekends, just so that I can enjoy the experience of getting sound advice and quality products from people who teach me how to maintain my home. My house was built in the 1930's but every part of it - from electrical to plumbing to carpentry - is perfectly maintained thanks to the partnership I've developed with Green's, my local hardware store.

Wednesday, July 1, 2009

The HIT Symposium at MIT

This morning I joined a panel discussion about Standards at the HIT Symposium at MIT.

We had a great panel discussion, moderated by Janet Marchibroda (Chief Healthcare Officer at IBM) that included Christine Bechtel (Vice President, National Partnership for Women and Families Patrick Gallagher (Deputy Director at NIST) and me.

Patrick provided an overview of NIST and the work the government is doing to ensure selected healthcare standards perform as advertised, are implementable, and usable.

Christine described the role of the HIT Policy Committee and its workgroups.

I described the current HITSP Tiger Team work, the standards committee/workgroups including their charge, purpose, milestones.

Here's my presentation that describes all the latest standards work for the country.

On the last slide, you'll see our deadlines:

HITSP ARRA Deliverables will be approved and delivered to ONC on July 8

The HIT Standards Committee Workgroups finish their initial naming of standards and certification criteria by July 15

All this work is presented publicly at the HIT Standards Committee on July 21.

The Notice of Proposed Rulemaking process then begins and we'll see a finished Interim Final Rule by December 31.

A whirlwind of activity!