Friday, October 30, 2009

The Implementation Workgroup Testimony

Yesterday I spent the day in Washington with the HIT Standards Committee's Implementation Workgroup . The online forum to comment about standards adoption and implementation is now available.

The first article was posted by Aneesh Chopra, the US CTO. The second, my summary of the standards work thus far, will be posted this morning. Additional articles will be posted by others members of the HIT Standards Committee in the next week.

Whenever I hear testimony from teams of smart people, I try to distill everything I've heard into "Gold Star Ideas" - those themes that surfaced over and over. Here are a few:

1. We've learned from other industries that starting with simple standards works well. Mastering web transport standards such as REST takes minutes. Learning RSS takes an hour. Learning HTML takes a day. In the healthcare domain, I learned the basics of HL7 2.x, X12 and NCPDP in about a day.

2. Keep the standards as minimal as possible to support the business goal. Design for the little guy so that all participants can adopt the standard and not just the best resourced. Do not try to create a one size fits all standard - it will be too heavy for the simple use cases.

3. Start immediately rather than waiting for the perfect standard. Use early implementation experiences to create great documentation. Leave aspects of the standard open for future expansion and let innovation occur after adoption.

4. Declare a long term goal for new standards implementation but in the short term map what exists to new standards at the border of the organization rather than convert all existing legacy systems.

5. In early phases of implementation, allow ambiguity in the standard (what Adam Bosworth called Hysteresis) so that implementers can start simply and improve the completeness of their interfaces over time.

These are all reasonable principles. How do we apply them to the meaningful use standards we're all working on?

I asked one group of testifiers to tell me their views about the maturity of standards for the 4 required data exchanges in 2011. Here are their answers, interpreted against the 5 criteria above

ePrescribing - we have a mature standard (NCPDP Script 8.x) that is being enhanced to support new features (NCPDP Script 10.x) on a reasonable timeframe with minimal burden. We have test harnesses, middleware and clearinghouses that will accelerate adoption. We have an ecosystem of application developers. There is work to do to encourage more transactions to flow, but we're in generally good shape.

Lab - we have a mature standard for messaging (HL7 2.x), however we have numerous versions already implemented that will require mapping to HL7 2.51, since replacing all HL7 2.x in legacy systems will be burdensome. The real problem is not the HL7 but the lack of a single national lab compendium of the minimal set of LOINC codes for the most commonly ordered tests that should be implemented by all labs (commercial and hospital). CLIA is also an issue, requiring validation of every interface even if the same interfaced is cloned over and over for the same products. HITSP has already prepared a LOINC subset (700 codes instead of 20,000). The work ahead is part policy (reform CLIA) and part standards. The HIT Standards Committee has established a new workgroup on vocabularies and one of its first charges should be to ensure the appropriate LOINC subsets are available for general use. Regulation should require use of these subsets for lab ordering in 2013.

Administrative transactions (Benefits/Eligibility, Claims etc) - we have a mature standard for messaging (X12 4010) and transport (CAQH Core II). We have new enhancements on the way (X12 5010) that provide value. We have test harnesses, middleware, and clearinghouses that will accelerate adoption. We have many companies that build applications to support administrative transaction exchange. There is work to do to encourage more transactions to flow, but we're in generally good shape.

Quality - a consistent complaint is that every stakeholder (payers, government, specialty specific registries) require different quality measures with different data elements and definitions. There was broad agreement that the work the NQF has done and is doing to select a few consistent measures, with clearly defined data types, and retooling them to be EHR-based (not paper record) is the right thing to do. The measures will likely require controlled vocabularies and we need to be sure the right SNOMED-CT, LOINC, and RXNorm vocabularies plus mapping tools are available to report data in a normalized format for quality measurement.

My synthesis of the advice we received from all the panels is:

Creating controlled vocabularies/code sets is consistent with the simple standards goal. You can imagine an implementation guide that defines an XML format and then points to a website that contains publicly available vocabulary content (such as that developed by NLM or licensed for public use such as SNOMED-CT). Engineers would have no problem downloading and implementing a publicly available vocabulary code set.

Keep transport simple. Several testifiers noted that content and transmission should be separate standards, leveraging the web when possible for transport so that implementers do not need to learn new transport standards.

Get everyone to send the basics - medications (highlighted by everyone as a high value data exchange), problem lists, and labs before focusing on the esoteric.

Security is very important but privacy policy is even more urgent. We can very significantly constrain the number of security standards if a policy framework outlines our goals. For example - do we need a standard-based audit trail for every organization or is it sufficient to create a policy that an audit trail must be available to patients showing who accessed what and when?

What action items should we take?

I would like to get the input from other HIT Standards Committee members, but action items seem to be

1. Work hard on vocabularies and try to get them open sourced for the entire community of stakeholders

2. Consider adding a simple REST-based transport method for point to point exchanges

3. Work jointly with the HIT Policy Committee to establish a privacy framework that enables us to constrain the number of security standards

4. As we continue our work, try to use the simplest, fewest standards to meet the need

5. Continue to gather feedback on the 2011 exchanges - eRx, Lab, Quality, Administrative - to determine if there are opportunities to enhance testing platforms and implementation guidance that will accelerate adoption.

I look forward to continued discussion.

Thursday, October 29, 2009

That 70's Show

My parents recently remodeled their 1970's home, removing the formica, shag carpeting, and textured ceilings.

Seeing their modern home made me reflect on my personal history in 1976 when their home was built.

I had just started high school at Palos Verdes High. I was a cross country runner and a geeky engineering type wearing aviator glasses, a shaggy haircut and weighing 120 pounds. This photo is of me, Will Snow (my best friend from high school), and a team of engineers from Rockwell. We had the opportunity to tour the Columbia Space shuttle and explore its engine components as they were being built in Southern California. Will and I stay in touch and he recently completed a 125 mile bicycle ride for Multiple Sclerosis in honor of his first wife and my father. He's a senior engineer at SUN (now Oracle).

To give you a real flavor of the 1970's, take a look at my Prom picture (above), now 30 years old. Hillary Stoltz and I attended the prom in Santa Monica, with me in blue velvet including a frilly 1970's tuxedo shirt. By this time, my haircut was evolving to the short and simple way I wear it today. Hillary went to Georgetown and I went to Stanford. I've not reconnected with her since 1980.

The 1970's were a simpler time - no email, no mobile devices, no global village. The competition to get into college was easier and the pace of life was slower. The economy had its ups and downs, we had gas lines, and we had the disco craze (which I ignored). The folk music was soulful, the living was casual, and the fashions were awful.

It was a generally happy time that prepared me well for the challenges to come.

If any folks from my 1970's past are readers of my blog feel free to comment! I'd welcome an update from any of my high school cohort - Phil Talbert, David Kratz, Adrienne Lee, Hillary Stoltz, Gretchen Zimmerman, or Marcia Rorty.

Wednesday, October 28, 2009

Implementation and Adoption Hearings

Tomorrow from 9am to 4pm at the Omni Shoreham Hotel in Washington DC, the Implementation Workgroup of the HIT Standards Committee will hold hearings to identify enablers and barriers to the adoption and implementation and standards.

We've assembled a great group from non-healthcare industries, providers, vendors and quality measurement organizations. Testimony will include

Non-Healthcare Industries Panel
Skip Best and Davis Miller, Covisint
Adam Bosworth, XML and SQL
Clarence So, Salesforce.com

Providers Panel
Andy Wiesenthal, MD, Kaiser Permanente (IDN)
Dick Taylor, MD, CMIO, Providence Health, Portland, OR (IDN)
Rick Warren, VP/CIO, Allegiance Health, MI (Community Hospital)
Lisa Bewley, RN, VP/CIO, Regional West Medical Center, Scotts Bluff, NE (Community Hospital)
Louis Spikol, MD, Allentown, PA (Small Practice)
Floyd "Tripp" Bradd, MD, Front Royal, VA (Small Practice)

Vendors Panel
Rick Ratliff, SureScripts
Arien Malec, Relay Health
Sean Nolan, MicroSoft
Girish Kuman, eClinicalWorks
Chris Stevens, Orion Health

Quality Measures Panel
Ralph Brindis, American College of Cardiology
Richard Gliklich, CEO, Outcome Sciences
Jesse Singer, NYC Health
Barbara Rabson, Massachusetts Health Quality Partners
Jack Bowhan, Wisconsin Collaborative for Healthcare Quality

What kind of testimony can you expect?

In non-healthcare industries, standards have been used to coordinate the supply chain. What tools and techniques were used to encourage the entire manufacturing ecosystem to participate?

Do we need better educational materials such as implementation guides that include all the base standards so that there is no "indirection" - jumping between implementation guide websites and standards development organization websites?

Are there gaps in standards that need to be filled to encourage adoption in different healthcare environments?

The real purpose to the meeting is to encourage transparency and build a feedback loop that connects real world users of standards with the organizations that govern and create standards development.

During the meeting we'll kick off a new website that will enable the public to post comments about standards, privacy, and implementation experiences, including the ability to rank ideas via social networking tools. I'll post the URL to the new website tomorrow.

To participate in the meeting, join by audio conference or webcast.

I look forward to hearing your feedback!

Tuesday, October 27, 2009

"Project" and "Product" Certification

Last Friday night I testified to the President's Council on Science and Technology (PCAST). Many issues were discussed, but one of the most interesting was the idea of "project" verses "product" certification.

Here's the significance.

In Massachusetts, Partners Healthcare and Beth Israel Deaconess use home built EHR solutions based on Intersystems Cache. We both use Sun's eGate (now Oracle) and Intersystems Ensemble as middleware. We both use datamarts/data warehouses based on extracts from our clinical systems to support quality reporting, performance measurement and research. We both use NEHEN as our healthcare information exchange.

We'll achieve meaningful use via this combination of applications with many moving parts. Its totality provides the tools our stakeholders need. We need to certify the sum of the "project" and not the individual "products".

"Project" certification can be empowering in other ways.

Imagine that innovative products such as Microsoft Healthvault/Amalga or Google Health offer services to aggregate data from multiple data sources as part of quality reporting. They can become accelerators of meaningful use.

Imagine that a Modular EHR (such as Quest's Care360) plus a Healthcare Information Exchange can store the lab and medication data needed to coordinate care. Quest and iPhone app innovators can accelerate meaningful use.

My experience is that federated authorship - harnessing the talents of many companies and individuals - leads to the most rapid innovation.

Of course, some of the most advanced aspects of meaningful use, such as comprehensive decision support, may require larger, fully integrated EHRs. But other aspects such as the data exchanges required for 2011 - eRx, Lab, Quality reporting, and administrative transactions - can be empowered by assembling multiple products and services.

Since the theme of the work of the HIT Standards Committee for the next few months will be accelerating standards adoption and implementation (more on this in my blog tomorrow), encouraging all stakeholders to innovate by creating reusable components in support of meaningful use seems timely.

As the Notice of Proposed Rulemaking (NPRM) is written to define the certification process, I encourage policymakers to certify "projects" in addition to "products", encouraging innovation. I have no direct influence on this work, but I am hopeful that industry and clinician stakeholders will provide this input to those writing the policies.

Monday, October 26, 2009

Accelerating Implementation of Laboratory Standards

On October 20, the Information Exchange Workgroup of the HIT Policy Committee heard testimony from laboratory information exchange experts and stakeholders.

The agenda and testifiers included:

Business Issues related to the Electronic Exchange of Laboratory Data
Mike Nolte, GE Health Systems
Vasu Manjrekar, eClinicalWorks
Phil Marshall, WebMD
Tim Ryan, Quest Diagnostics
Susan Neill, Texas Department of State Health Services

Business Issues related to the Electronic Exchange of Laboratory Data
Laura Rosas, New York City Primary Care Information Project
Sarah Chouinard, Primary Care Systems, Inc. and Community Health Network
Raymond Scott, Axolotl Corporation
Areg Boyamyan and Jim Timmons, Foundation Library

Regulatory and Policy Issues
Joy Pritts, Georgetown University Health Policy Institute
Don Horton, LabCorp
Jonah Frohlich, California Health and Human Service Agency
Walter Sujansky, Sujansky & Associates

You'll find an unofficial transcript here. (Thanks Brian!)

The major themes of the day were

1) Labs are complicated - there is great variation in the standards used, vocabularies adopted, and the way labs are ordered (there is no universal ordering compendium, but this is a project that HITSP and the HIT Standards Committee are working on)

2) CLIA is considering allowing “simultaneous delivery” of results to a Health Information Exchange instead of just to the ordering clinician

3) State laws are highly heterogeneous, as is enforcement

4) We need adoption and implementation of robust messaging and vocabulary standards. We should focus on the 300-400 tests that make up the vast majority of ambulatory lab transactions, and create a national mapping for those.

5) Lab results/ordering according to a well-defined national standard should be part of EHR certification

6) Meaningful use payments to hospitals should be contingent on their delivering outpatient labs according to the same standards recommended for EHR vendor certification. (I agree with this - BIDMC has committed that all its lab delivery to external organizations will use HITSP and HIT Standards Committee recommended standards in time for 2011 Meaningful Use payments.)

7) EHRs need to be conformance tested against specific standards to reduce the cost of interfaces.

A great day of testimony. I know that change is difficult but universal adoption of the HITSP Lab Result Capabilities, which provide significant implementation guidance for HL7 2.51 messaging, LOINC, UCUM, and SNOMED-CT will reduce the cost of lab interfacing. This, combined with the HITSP Lab ordering Capabilities to be completed by January, will accelerate adoption and implementation.

I support universal conformance testing of products for certification and a requirement for all stakeholders to use these standards as part of meaningful use criteria to claim stimulus funds.

Since 2011 data exchanges for meaningful use require Laboratory result exchange, there is urgency to do this. Over the next few months, the HIT Standards Committee will be spending a great deal of time discussing the ways to reduce barriers and enhance adoption so that we achieve the interoperability we need.

Friday, October 23, 2009

Cool Technology of the Week

I'm sitting at Logan Airport awaiting a plane to Washington to testify at a meeting of the President's Council of Advisors on Science and Technology at the National Academic of Sciences.

A few minutes ago, I noticed that the tarmac was empty of planes and numerous black SUVs appeared. Then I noticed a few military folks running around the roof of Terminal C. I looked to the north and saw a large 747 approaching - Air Force One.

Realizing that today is Friday and its time for my Cool Technology blog, I'd like to declare Air Force One the cool technology of the week. I've always wondered what electronics are on board. Here's an overview from HowStuffWorks

"The most remarkable feature on the plane is it's extensive electronics. It has 85 onboard telephones, a collection of two-way radios, fax machines and computer connections. It also has 19 televisions and assorted office equipment. The phone system is set up for normal air to ground connections and secure lines. The president and his staff can reach just about anybody in the world while cruising tens of thousands of feet in the air.

The onboard electronics include about 238 miles of wiring (twice the amount you'd find in a normal 747). Heavy shielding is tough enough to protect the wiring and crucial electronics from the electromagnetic pulse associated with a nuclear blast.

Some of the most interesting parts of the plane -- it's advanced avionics and defenses -- are classified. But the Air Force asserts the two planes are definitely military aircraft, designed to withstand an air attack. Among other things, the plane is outfitted with electronic counter measures (ECM) to jam enemy radar. The plane can also eject flares to throw heat-seeking missiles off course."

And where did all those black SUVs and support equipment come from? In advance of every Air Force One flight, the Air Force crew sends C141 Starlifter cargo carrier planes, carrying the president's motorcade to the destination. This collection of bulletproof limousines and vans, loaded with weaponry, keeps the president safe on the ground.

Air Force One is effectively a secure, mobile data center - that's cool!

Thursday, October 22, 2009

The Books on My Nightstand

A year ago I wrote about the books on my nightstand. Here's an update of what I'm currently reading:

The Deadly Dinner Party by Jonathan Edlow - a great collection of medical mysteries written by my colleague in the BIDMC emergency department. You'll find hard to solve cases with diagnoses such as botulism, typhoid, and bath water infected with tropical organisms from piraña. House meets Sherlock Holmes.

The Lady and the Monk by Pico Iyer - The story of world traveler Pico Iyer's year in Kyoto and his immersion into Japanese culture. As a fan of Japan, I can certainly relate to the rich experiences he describes in his travels. Some folks have suggested that my disciplined life, black attire, and continual pursuit of a simpler existence gives me a monk-like character.

The China Study by T. Colin Campbell - A great overview of the relationship between nutrition and health, including the consequences of eating an animal-based diet.

Food for Life by Neal Barnard - I've been chatting with a few policymakers about the importance of nutrition and recently exchange emails with Dr. Barnard. In the book, he suggests his own food groups (grains, vegetables, fruits, and legumes), then discusses the positive impact of a vegan diet on health.

Blue Book of Bike Repair by Calvin Jones - Having recently replaced my hybrid mountain bike drive train , I found this book by the Park Tool Company to be an invaluable guide to modern bicycle components and repair.

Mushrooms Demystified by David Aurora - This book is the mycologists bible and is what I use for the hundreds of mushroom consults I do every year. I recently worked with the ICU team at BIDMC on an Amanita ingestion and this book was a great guide for me.

Dogs and Demons by Alex Kerr - Alex is a great observer of Japanese culture and he explains how the Japanese economy is built on public works projects that are destroying the natural beauty of the country.

Anthology of Japanese Literature by Donald Keene - Donald Keene is the finest editor of Japanese traditional literature for English Language readers. This book contains selections of just about every genre of Japanese literature from No plays to novels.

A self published book of sonnets - 30 years ago when I was 17 I wrote sonnets in memory while cycling up and down the California coast one summer. My 16 year old daughter is writing sonnets in her AP English class, so I pulled my collection from my archives. Here's a sample (I was 17 at the time, so be kind)

An Ageless Plea

If old age brings the wisdom new lives seek,
Then why am I here writing all alone?
With well earned trophies of triumphs to speak,
An withered hands that built your cornerstone.
For pity I won't grovel or request,
Remember - what I've done you'll later do.
And if you somehow think your youth is best,
Remember - what I am will soon be you.
Through years of angst and conflict I have run,
Though now in worthless solace I'm confined.
Replaced as some machine whose task is done,
An obsolescent prisoner of time.
I stare through frozen windows in self doubt,
Wondering if it's colder in or out.

The books I wrote a little later in college were actually published and you'll find them on Amazon.

Other than my own works, I can highly recommend these books as great reads.

Wednesday, October 21, 2009

National eHealth Collaborative Forums

I'm posting this on behalf of the National eHealth Collaborative.

Please join the National eHealth Collaborative (NeHC) Board of Directors as it hosts a series of interactive discussions with experts and stakeholders on important and timely topics in health information technology.

Bedside to Bench: How Health IT Can Power Better Clinical Research
NeHC Board Member Stephen Ruberg, PhD will talk with a panel of experts about how interoperable electronic health records and other technology tools can significantly improve the quality and efficiency of clinical research. The discussion will cover a number of perspectives in this area, from clinical trials and drug surveillance to government-funded research to cure chronic disease.

The Backbone of the Healthcare System: Nurses’ Critical Role in Health IT Implementation
NeHC Federal Liaison Linda Fischetti, RN will lead a discussion among national nurse leaders about how including nurses in health IT implementation projects can mean the difference between success and failure. Panelists will bring a wide variety of perspectives gleaned from years of experience in improving the quality of patient-centered care through the use of health IT.

WHERE: Sheraton Crystal City
1800 Jefferson Davis Highway
Arlington, VA 22202
Metro Stop: Crystal City

WHEN: Wednesday, October 21, 2009
9:00 am – 12:30 pm ET

9:10 – 10:40 am: Bedside to Bench: How Health IT Can Power Better Clinical Research

10:50 am – 12:20 pm: The Backbone of the Healthcare System: Nurses’ Critical Role in Health IT Implementation

WHO: National eHealth Collaborative Board of Directors
Chair: John Tooker, MD, MBA – Executive Vice President and Chief Executive Officer, American College of Physicians

Bedside to Bench: How Health IT Can Power Better Clinical Research
Moderator: Stephen Ruberg, PhD – NeHC Board Member and Senior Research Fellow, Eli Lilly & Company
Panelists:
• Gregory Downing, DO, PhD – Director, Personalized Health Care Initiative, U.S. Department of Health and Human Services
• Daniel Ford, MD, MPH – Vice Dean of Clinical Investigation, Johns Hopkins University
• Stephen Ruberg, PhD – NeHC Board Member and Senior Research Fellow, Eli Lilly & Company
• Steve Schwartz – Senior Vice President, Corporate Business Development, Allscripts

The Backbone of the Healthcare System: Nurses’ Critical Role in Health IT Implementation
Moderator: Linda Fischetti, RN, MS – NeHC Federal Liaison and Chief Health Informatics Officer, U.S. Department of Veterans Affairs
Panelists:
• Victoria Bradley, DNP, RN – Chief Nursing Informatics Officer, Eclipsys Corporation (Representing American Nursing Informatics Association and CARING)
• Curtis Dikes, RN, MSN, ACNP-BC – National Director, Clinical Informatics Technology Integration, Kaiser Permanente Foundation Hospitals
• Rosemary Kennedy, RN, MBA, FAAN – Senior Director, Nursing and Healthcare Informatics, National Quality Forum
• Joyce Sensmeier, MS, RN-BC – Vice President, Informatics, HIMSS (Representing Alliance for Nursing Informatics)

VISUALS: Recorded video, webinar and presentation slides will be available live and on the NeHC website (www.nationalehealth.org) following the event.

Webinar: https://nationalehealthevents.webex.com/nationalehealthevents/onstage/g.php?d=669279178&t=a

Audioconference: (866) 699-3239 or (408) 792-6300
(Please join the event with a computer system first and follow the audio instructions on the screen.)
Access/Event Code: 669 279 178
Attendee ID: You will receive this number when you join the event first with a computer connection.

Streaming Video: http://www.freedocast.com/nationalehealth

My conflicts of interest - FY10 edition

Every year I publish my conflicts of interest publicly, such 2008 and 2009

It's that time again.

My salary is paid by Beth Israel Deaconess Medical Center for my duties as CIO.

BIDMC invoices Harvard Medical School for the time I spend there.

In 2009, NEHEN and MA-Share merged, so my only position in state-level healthcare IT is Chair of NEHEN, an unpaid position with no benefits/authority/special treatment of any kind.

I will serve as the chair of HITSP until January 31, 2010 when my term expires. For the past 4 years of HITSP service, I have not received any compensation or benefits. My plane flights to Washington have been reimbursed at cost.

I will serve at the vice-chair of the HIT Standards Committee for as long as it suits ONC and the Committee. I will not receive any compensation or benefits.

In the past I have served on many Boards and advisory panels. Knowing that ARRA would completely consume my free time at BIDMC, NEHEN, and the Federal standards committees, I resigned from all Boards and advisory panels except one - AnvitaHealth, a decision support service provider. The only reason I continue to serve on this Board is because I so strongly believe in their work which normalizes disparate data streams from clinical and administrative sources then provides real time decision support to clinicians at the point of care and to administrative decision makers. All this is done via a web-services architecture. I wish more companies provided Software as a Service decision support via web services that could be easily plugged into existing applications without significant IT effort. I have received a grant of options, none of which I have executed. Thus, I receive no compensation and have no stock ownership in the company.

With regard to other stocks I own, I established a family trust in 1993 and all my investments are managed by a third party. I do not directly control these investments, nor track their day to day variation. I do not make any business decisions in any of my professional roles based on stocks held by the trust. On a day to day basis I do not even know what stocks are in the trust, although I have suggested that healthcare IT stocks be avoided to eliminate even the appearance of a conflict of interest. I checked this morning and the trust has no healthcare IT holdings.

That's it - in 2010, I will receive a BIDMC W2 and a series of travel reimbursements at cost - nothing more. Should there be any other income that I cannot yet forecast, I will donate it to BIDMC/Harvard for the benefit of my employees as I have done in the past.

Tuesday, October 20, 2009

What keeps me up at night - FY10 edition

Life as a CIO is never boring.

In Sunday's Boston Globe, Microsoft CEO Steve Ballmer said “What’s the old movie line from ‘Annie Hall’? Relationships are like sharks; they move forward, or they die. Well, technology companies either move forward, too, or they die. They become less relevant.”

No matter what an IT organization has accomplished in the past, what matters is daily infrastructure performance and the ability to constantly improve applications. I call this problem "changing the wings on 747 while its flying". Rapid change and complete stability must be achieved at the same time.

Here are the change management issues keeping me up at night in my various organizations.

BIDMC

Intranet - we're introducing a new intranet organized around social media concepts : tag clouds, blogs, and new media. Creating the security infrastructure to provide data confidentiality while at the same time encouraging use of social media anywhere on any browser is a delicate balance. We're looking at several new security appliances to help with this effort and I'll share the details in a future blog. Also, changing an intranet is one of the hardest projects that an institution can do, since so many people use it for their work every day. Even if the change is for the better, it's still a change. Balancing new functionality with ease of use and rapid adoption is challenging.

Enterprise Image Management - as storage needs increase and image exchange becomes a requirement throughout the organization and with our business associates, IT is becoming the focal point for image storage and life cycle management of all modalities. The days of local DVDs and departmental storage are gone. Using a combination of EMC products, IT is hosting short term cache, long term archiving, backup, and disaster recovery. Our projects over the next year will serve radiology, cardiology, and likely several other ologies that are seeking assistance. The challenge is building an infrastructure that is scalable, affordable and maintainable. We're using cutting edge products and technologies. There is always risk in implementing a new service based on highly innovative products.

EHR rollouts for meaningful use - I've described our EHR rollout efforts in several previous blogs, which are summarized in this document. We've solved the technology issues, but motivating clinicians to rapidly adopt EHRs is hard. Stimulus dollars help, but sometimes they are not enough, such as for specialists or "concierge medicine" PCPs. As a leadership team, the EHR steering committee needs to provide carrots and sticks to stimulate change.

Business Intelligence - I've written about the need to look beyond data and find information, knowledge and wisdom. We need to provide our stakeholders with innovative access to knowledge in our clinical and administrative systems using tools that are self service and do not require programming/IT expertise. The challenge is how to enable tools that anyone can use without requiring expert knowledge of the data itself - how it was gathered, who entered it, how accurate it is etc.

Interoperability - BIDMC strives to be one of the most interconnected healthcare organizations in the country. We have new projects that ensure we achieve meaningful use data exchanges in 2011 and beyond such as a exchanging quality metrics with the Massachusetts eHealth Collaborative Quality Data Center, exchanging clinical summaries with community EHRs, and enhancing our public health reporting using HITSP standards, all with the NEHEN gateway. This effort requires that we adopt new standards, enforce controlled vocabularies as the data is entered and appropriately address privacy/security concerns for data moving between organizations.


Harvard Medical School

High Performance Computing - The demand for computing is increasing exponentially and our challenge is not real estate but power/cooling. Over the next year, we need to substantially increase our electrical capacity and we're considering many options including a data center near hydroelectric power.

Storage - the research community at Harvard Medical School demands high performance, highly reliable storage at a low price. We've been able to offer high quality NAS with replication, attached to our high performance computing cluster for .67/gigabyte per year. Our challenge is to keep up with demand, always ensuring we have enough storage, but not over provisioning.

Content Management - Last year, I worked with BIDMC Corporate Communications to move BIDMC's web content to a commercial content management system with delegated content management. In FY10, we'll need to do the same with Harvard medical school including administrative websites, research websites, and departmental content. The stakeholders at Harvard Medical School are very diverse so the challenge will be selecting an information architecture and navigation approach that works for everyone.

Social Networking for research - Over the past year, we've worked as part of the Clinical and Translational Science Awards (CTSA) to build transparent access to researchers with active and passive social networking techniques. Expanding this work requires that we build trust among all our collaborating institutions and encourage transparency with the sharing of personal intellectual property. The more you share about your thinking, the better the social networking.

Governance - I'm a strong believer in IT governance. At HMS, I've always had good input from research, administrative, and educational stakeholders but this year I've worked with the Administrative Dean to launch an overall IT Governance Committee to ensure the needs of all stakeholders are balanced. Governance takes a great deal of time and energy, but it does mitigate surprises such as delayed projects, budget variances, and misaligned priorities.


NEHEN/State activities - The Office of the National Coordinator is distributing $600 million in Federal funds for health information exchange. In my role as chair of NEHEN, I want to be sure our state has a good strategic plan and stakeholder alignment to create health information exchange in support of meaningful use goals. As with many of my other projects, this work requires a huge commitment to governance and working with highly innovative technologies and emerging standards. It's all high risk.


HITSP/HITSC/Federal activities - The Standards Harmonization work at HITSP and the Implementation/Adoption work at the Healthcare IT Standards Committee requires constant communication, balancing of stakeholder interests, and embracing innovation. Like any Washington task, achieving consensus among all the various points of view requires patience, an open mind, and a steady hand. I'm learning every day how best to serve the country as a facilitator and communicator. The task is never easy.


Personal - On the personal side, my daughter is 16 and we've begun college planning. Applying to college these days is much different than in my youth. I'm convinced that if I applied now to the schools I attended (Stanford, UCSF, UC Berkeley, UCLA, Harvard, and MIT), I would not be admitted!

My parents recently retired and we helped move them to a new house where the living is easy and maintenance free. My wife and I have begun to think about our retirement 20 years from now.

My 2009 work schedule has reduced my outdoor activities a bit, so I've had less climbing and hiking opportunities. This winter, I'm committed to getting back on trail in the 4000 footers of New Hampshire

My flute playing has taken a backseat to Washington travel. This winter I'm committed to playing the Japanese flute at least 3 times per week.


Thus, overall my challenges are keeping customers happy, managing the risks of change, embracing innovation, and keeping my family/personal life balanced with a worklife that has no downtime.

That's what keeps me awake a night. It's a lifestyle, not a job, and I enjoy every minute.

Monday, October 19, 2009

Consumer Preferences and the Consumer NHIN

On October 5, the Office of the National Coordinator released the Consumer Preferences Draft Requirements Document which highlights the policy and technology requirements to ensure that all data exchange - PHRs, EHRs, HIEs, Public Health, Quality, and Research - protects confidentiality by following the preferences of the consumer for data sharing. It's an important document and definitely worth reading.

On October 13, HITSP held a Town Hall Meeting on Consumer Preferences to discuss the requirements document and collect public comments for submission to ONC. You'll find the audiocast here (as MP3) and the presentation here (as PDF).

At the October 14 HIT Standards Committee meeting, David Blumenthal emphasized that we need to expand the scope of our NHIN thinking to include consumer health information platforms in addition to the provider and government organizations that have been the focus to date.

What does this all mean? The focus on consumer consent, privacy, and security as the foundation of data exchange will accelerate interoperability.

A few thoughts:

1. As the Chairman of NEHEN, a Health Information Exchange in Massachusetts, I know that consent management (policy and technology) is a very important first step to implementing interoperability. To coordinate care, improve quality, and measure population health, we need data and patients need to trust our HIEs so that we can share data for their benefit.

2. Policymaking can constrain technological complexity. If every possible permutation of consent (opt in, opt out, segmentation of the record, approval for sharing at the institution level, approval for sharing at the provider level, approval based on the situation - emergent care or not, etc.) needs to be supported by every stakeholder exchanging data, then the number of standards needed will be significant. Ensuring comformance with a large number of standards at every point of data exchange will be challenging. In my experience, something simple such as opt-in consent for data sharing at the institution level, will result in much more privacy because the security technologies required to support it are simple and easy to understand.

3. Although provider to provider data sharing will always be important, the notion of sharing data with the patient who then shares it with others per their consent preferences is a viable alternative approach. However, we need to maintain the integrity of the data from its source to its use by ensuring the data is not modified or the context of the data changed along the way. Jamie Ferguson from Kaiser Permanente wrote a great blog about this issue.

My ideal plan for consumer preferences would be

1. We develop national policy which clearly delineates the types of consents we need to support. Ideally, this will be a short list. I prefer consumer opt-in at the institution level. To be compliant with ARRA and state laws I can imagine this being expanded a bit to include very basic segmentation of the record into mental health, HIV results, and everything else.

2. This consent will be recorded electronically and made available via a health information exchange, the PHR of the patient's choice, or via a mobile storage device such as a USB drive. When a patient presents for care, the consent is queried, and all data exchanges follow this declaration of confidentiality preferences.

3. The standard for recording consent would be XML-based and not require a "wet signature" or an image of a signature. I realize that some state laws still require handwritten consents, so policy work is needed here.

Given all this activity regarding consumer preferences, control, and empowerment, let's hope the policymaking gets done by 2011 and the standards to support the policy can be simple to deploy and manage. The more complex meaningful use data exchanges in 2013 and 2015 depend upon it.

Addendum: John Moehrke has published an excellent blog outlining how current HITSP standards can support this vision.

Friday, October 16, 2009

Cool Technology of the Week

Keyboards can be a major vector for infection.

Imagine that "typhoid Mary" types on on keyboard then walks away.

Imagine that an H1N1 carrier coughs on a keyboard and you are the next to use it.

My cool technology of the week is a self disinfecting keyboard from Vioguard.

How does it work?

Using high power germicidal UV C light at a 254nm wavelength, it disinfects the keyboard after each use, killing bacteria and H1N1.

It's expensive - about $899 - but certainly could be an important part of hospital infection control.

My own experience is that membrane covered keyboards which can be wiped with sterilizing cleaners are hard to use and messy to disinfect.

A regular keyboard with self disinfecting features that is easy to use and simple to maintain.

That's cool!

Thursday, October 15, 2009

Apple Picking Time

One of the reasons I enjoy living in New England is seasonal expectations- the renewal of Spring, the outdoor joys of Summer, the colors and harvest of Fall, and walks in the silent forests of a snowy Winter.

In the Fall, we harvest our squash, pumpkins, and root vegetables, pack up our garden for the winter, and go apple picking.

Our favorite spot is Old Ciderpress Farm in Westmoreland, NH with 65 varieties of heirloom apples. You'll not find many of these species in your grocery store.

Angie and Marius Hauri are the very friendly owners who provide great advice about the best varieties to pick on a given day. In addition to a pound of chestnuts and a gallon of cider (which we helped press), we picked (descriptions are from University of Massachusetts Cold Spring Orchard)

Empire - This cross between the best-selling red varieties Red Delicious and Mcintosh was introduced in 1966. Empire has proved superior to the parent it most resembles, Mac, in redness, flavor and post-harvest life. The creamy white flesh is crisp and juicy. Right off the tree, Empire is an excellent choice for eating out of hand if you like a loud, snapping apple that's sweeter than it is tart. Empires are frequently added to cider blends and can be used for cooking. In storage these apples keep their quality well.

Fuji - Fuji was developed from American parents, Ralls Janet and Red Delicious. It signals the reemergence of taste and texture as the main reasons for growing an apple. The cream-colored , firm, fine-grained flesh seems something special from the first bite, as it fills the mouth with sweetness and juice. In taste tests Fuji consistently scores at or near the top, and among late-maturing varieties it is a standout. Fuji is regarded as the best keeper of any sweet variety, and the apples retain their firmness for up to a year in refrigeration

Gala - Gala was developed in New Zealand by J.H. Kidd, crossing Golden Delicious and his own Kidd's Orange Red. The pale, creamy flesh is crisp and dense, with a mild, sweet flavor and good aroma. The fruit is not large, but medium in size. In taste tests, Gala easily outscores McIntosh and is considered more sprightly than Golden Delicious. Gala is also used in many cider blends. This apple stores well when refrigerated.

Golden Russet - Golden Russet is an early American apple, believed to have sprouted from a seed of an English Russet, It was a commercially marketed variety by the early 1800's. The yellow flesh is crisp, fine-textured, and brightly flavorful, with a noticeable sweetness that made it a traditional favorite for hard cider. The apples can be used for cooking and drying. As with most russets, the apples keep well.

Liberty - Described as the most trouble-free of all apples, Liberty is the result of years of work by fruit breeders to develop an apple that would free growers from the endless rounds of repetitive spraying. Released in 1978 by the New York State Agricultural Experiment Station, Liberty has lived up to expectations. A cross of Macoun and an experimental apple variety, it is a deep red apple with great eating and baking qualities. The fruit is medium to large with rich yellow skin overlaid with dark red stripes and splashes. The pale yellow flesh is crisp, tender, juicy, and quite flavorful. Ripens in October and improves in flavor over a couple of months of storage.

Our favorites - I'm a Fuji lover, my daughter likes Liberty, and my wife likes Empire.

A crisp apple and a mug of cider on a cold New England Day with a light wind and falling leaves. Definitely apple picking time.

Wednesday, October 14, 2009

The October HIT Standards Committee meeting

As I discussed in yesterday's blog, the focus of the October HIT Standards Committee was Standards adoption and implementation.

The day started with comments from David Blumenthal. He briefly described the Nationwide Healthcare Information Network (NHIN) as an evolving vital element of our national health information strategy. He emphasized that we need to expand the scope of our NHIN thinking to include consumer health information platforms in addition to the provider and government organizations that have been the focus to date. He also noted that we need to move from pilots/prototypes to scalable real world implementations, establishing the right governance mechanism for the NHIN.

The Clinical Operations update followed and included a discussion of gaps in the current work. We started with a discussion of patient access to an EHR. Should we include clinical summaries, the entire record, or the standard data elements that can be exported to commercial PHRs such as Google Health and Microsoft Healthvault? We heard about experiences at Kaiser, Geisinger, BIDMC and others. It's clear that PHR data sharing is very heterogeneous at the moment and that convenience transactions such as appointment making, medication renewal, and referral management may be more important to patients than full access to every aspect of their record. The HIT Policy committee will be asked to define minimum requirements for patient access to EHR data.

We discussed needed enhancements to vocabularies including a national SNOMED-CT to ICD9/ICD10 mapping, RxNorm mapping to National Drug File Reference Terminology (NDF-RT) and Standard Product Labeling (SPL), a standard lab compendium for ordering, UCUM guidance and testing, and a national infrastructure to distribute and maintain codesets. I discussed this need for enhanced vocabulary tools in yesterday's blog. Our action item today was to create a Vocabulary sub-Workgroup that will address these issues and propose priorities and solutions to the entire Committee and ONC.

We heard an update from the Clinical Quality Workgroup about the re-tooling of quality measures to be more EHR-centric. Good progress is being made.

Next, we focused on privacy & security. Dixie Baker and Steve Findlay summarized a few updates to the standards matrix - SOAP 1.2 is the current recommended version and per evolving federal guidelines (NIST SP 800-63-1), Kerberos will be allowed but not required for 2011 because Federal systems will begin disallowing Kerberos in 2013. NIST SP 800-63-1 is cited as implementation guidance for "Level 2" certification criteria for authentication, but we've been careful not to impose Federal FISMA criteria on the private sector.

We discussed enhancements to privacy and security standards efforts, especially for 2013, including:

* A healthcare specific XML schema and vocabulary for representing subject, resource, action, and environmental attributes in security assertions i.e. SAML for healthcare
* A standard XML schema and vocabulary for representing consumer consents i.e. my CAML proposal
* Baseline security and privacy policies for the exchange of EHR information
* Standards for exchanges between the healthcare enterprise and the consumer
* Specification of Health Information Exchange assumptions and associated privacy and security policy. This relates to my blog yesterday in which I noted that policy guidance is really essential to pick the simplest set of security constructs needed to protect confidentiality.

Our action items today were

1. To spend the entire November HIT Standards Committee meeting hearing testimony from stakeholders on Security issues.

2. To work with ONC to ensure seamless communication and coordination between the HIT Policy Committee and HIT Standards Committee regarding privacy and security issues

3. To specify our assumptions for HIE information exchanges and share those assumptions with the Policy Committee so that they could specify a policy framework that then could serve as the basis for constraining security and privacy standards. One of our committee members noted that policy constrains architectural possibilities, enabling selection of the simplest set of standards needed to meet requirements.

Given the emphasis of the meeting on adoption and implementation, we discussed next steps regarding our new Implementation Workgroup. Specifically we will arrange for a day of testimony on October 29 from many stakeholder groups to better understand adoption and implementation issues, needs for enhanced implementation guidance, and identification of enablers that would accelerate interoperability such as new tools or filing standards gaps. We'll also conduct an online forum and accept written testimony. This feedback process is very important to ensure rapid cycle improvement in the standards making and standards selection processes. Per my blog yesterday, this will help with resolving the outstanding common data transport issues.

We ended the meeting with a discussion of the results from the privacy hearings conducted by the HIT Policy Committee on September 18.

Thus, we have action steps to resolve all the issues I raised on my blog yesterday - alignment of policy and standards activities to create the parsimonious set of security standards to protect confidentiality, a working group to resolve outstanding vocabulary issues, and a feedback process to resolve common data transport and other standards adoption/implementation issues.

A great meeting and I look forward to our day of implementation testimony on October 29 and our day of security testimony on November 19.

Tuesday, October 13, 2009

Adoption and Implementation of Standards

In the past 4 years, many standards have been harmonized, many gaps closed, and many controversies resolved. Stakeholders have come together and the conversations have evolved from emotion to problem solving. Some of these standards are widely adopted and implemented. Others are so new that implementations are limited to prototypes and pilots. To me, the work ahead is continued evolution of the work we've done to ensure adoption of the standards is widespread and implementation is accelerated.

Tomorrow's HIT Standards Committee meeting will focus on these issues - adoption and implementation.

The theme of 2011 will be getting data into electronic form and beginning data exchange via simple architectures - pushing data from organization to organization. As a country, I think we can move forward with consensus on the 2011 Meaningful Use data exchanges - laboratories (HL7 2.x messaging, CDA document summaries, UCUM for units of measure, and LOINC for lab names), medications (NCPDP Script 10.x for messaging, RxNorm for medication names), administrative transactions (X12 for content, CAQH Core for vocabulary), and quality (HL7 2.x messaging, CDA documents). Transmission of all this content will be done using common web standards - TLS to establish a mutually authenticated channel for data exchanges over the internet, SHA to protect the integrity of data transmissions, and AES to encrypt data for transmission.

The theme of 2013 will be enhanced data exchange among payers, providers and patients, encouraging more participants to get involved in data exchanges using a variety of architectures - push from point to point, publish/subscribe, secure email, and mobile devices.

The theme of 2015 will ubiquitous data sharing with patient consent from all stakeholders to all stakeholders. This level of data exchange requires sophisticated consent management and architectures such as pulling from multiple sources that require a master patient index or voluntary universal healthcare identifier.

What evolution will be required for the transition from 2011 to 2013?

1. Policies that help streamline security frameworks - Currently, HITSP and the HIT Standards Committee have selected standards and implementation guides that can support the entire range of possible policies. This means that the list of standards for authentication, authorization, access control, secure transmission, document exchange and auditing looks intimidating. Ideally, the Policy Committee and the Standards Committee will work together to develop data exchange policies that will narrow the architecture choices and simplify the list of security standards. We'll discuss this at the HIT Standards Committee.

2. Common Data Transport - Currently there is little controversy about the secure transmission standards (TLS plus SHA and AES). However, there is ongoing debate among stakeholders about SOAP verses REST and the use of the various profiles to support document exchange - XDS (document sharing in an organization), XCA (document sharing between organizations), XDR (point to point document exchange), and XDM (document exchange on mobile devices). Sometimes this debate is framed as large established companies verses small innovative Health 2.0 companies. Ideally, we'll come to a meeting of the minds in which the right tools are used for the right applications. I can certainly appreciate the pros/cons of the various approaches - SOAP has well developed security tools but is more challenging to implement than REST. In some ways, SOAP is losing popularity among web application developers. XDS, XCA, XDR and XDM contain pieces of the somewhat challenging to implement ebRS standards used in the SOAP headers for metadata and message routing. REST is very easy to implement but lacks generalizable security tools, forcing each implementer to create their own application specific security controls, such as Microsoft and Google have done with their PHRs. We'll discuss this at the HIT Standards Committee.

3. Vocabulary tools - The vocabularies suggested by HITSP and the HIT Standards Committee - SNOMED-CT for problem lists, LOINC for lab names, RXNorm for medication names, UCUM for units of measure, and UNII (for allergies) will be more easily implementable in Health Information Exchanges if mapping tools are created which enable existing proprietary or older codesets to be mapped to these newer standards. This means that existing legacy systems inside an organization can be left untouched and vocabulary normalization can take place as data leaves applications for data exchange to other organizations or registries. We'll discuss this at the HIT Standards Committee.

In tomorrow's blog, I'll summarize the HIT Standards Committee meeting and the next steps we'll take to evolve the work to date so that adoption and implementation are accelerated.

Monday, October 12, 2009

Sunrise on Mt. Monadnock

Today, Columbus Day, my daughter and I hiked Mt. Monadnock in the dark and cold of a Fall New Hampshire morning - 4:30am, 20 degrees F. By headlamp we ascended the rock and ice of the Marlboro trail. We reached the summit plateau at 6:00am and walked to the peak against 40 mph winds.

We found a nook facing east near the summit and talked while the twilight of dawn illuminated the falling leaves at peak color 3000 feet below.

At 6:53am, the first pixel of the sun appeared in a horizon shaded in blue, violet, orange, and yellow. We watched as it rose into a circular fireball too bright to view, then began our hike down. By 8:45am we were enjoying hot oatmeal and green tea at nearby East Hill Farm.

A sunrise together on the mountaintop with windchills below zero - priceless.

Friday, October 9, 2009

Cool Technology of the Week

In many crime solving police procedural programs (NCIS, CSI, Criminal Minds etc), the perpetrator has used an untraceable, disposable cell phone.

But what is a disposable cell phone and where do you buy one? I've never seen one in my travels.

The answer - Walmart

The vendor - TracFone

The idea is that you buy an inexpensive phone (there are many options ranging from $15 to $50 dollars for Motorola and Samsung phones)

and then prepay for minutes - 60, 120, 200 without any contracts or bills.
The minutes are a single rate plan - national, international and roaming at local call rates.

The only hitch is that the minutes expire after 90 days or you can buy 400 minutes good for one year.

Since there are no contracts, you can use the phone as much or as little as you want, when you want. You just add minutes as needed.

The features of the service include

* A GSM phone
* A single Rate Plan - Call nationally, internationally or roam at local call rates
* Nationwide Network Coverage
* Features text messaging, voice mail, free caller ID, free call waiting
* Bluetooth Wireless Technology
* Hearing Aid Compatible (HAC) Rating: M3
* Battery life with up to 7.5 hours of talk time and up to 10 days of standby time - it is rechargeable, so you do not toss it when the battery runs out.
* TracFone Airtime Balance Display shows you how much airtime you've used and how much is left, so you control your costs
*Includes up to 20 minutes of starter airtime upon activation

A full featured cell phone without a contract for $15.00 That's cool!

Thursday, October 8, 2009

Hiking Mt. Monadnock

It's Columbus Day weekend, which means it's the peak of Fall color in New Hampshire. Mount Monadnock provides a 3165 foot vantage point to see the changing leaves of New England and I hike it every Columbus Day.

You'll find a trail map online.

My thoughts on the trails:

Marlboro trail - a favorite of mine, since it is the road less traveled. The upper 1/3 is a bit steeper than most trails and challenging when wet/icy but the views are spectacular and the terrain is a great balance of forest, rock and mud.

Pumpelly trail - this longest trail up the mountain begins in Dublin, NH (near Yankee Magazine headquarters). My wife drops me off at the trail head and I walk the Pumpelly to the top, then Marlboro to the bottom, and run to East Hill Farm, where my family stays each Columbus Day weekend.

Birchtoft trail - a remarkable wooded trail that is a favorite of locals. It's often missing from guidebooks because it's the jewel of the mountain.

White Cross trail/White Dot trail - a well marked, well traveled trail. Good if you like hiking with a group.

Old Toll Road to White Arrow trail- the shortest, easiest trail. Good for families.

There are a few side trails I recommend

Cascade link - beautiful waterfalls and foliage
Marian trail to Great Pasture to Smith Summit - a largely untraveled wilderness path. I play my Japanese flute along these trails and have never seen another hiker
Amphitheater trail - access to a climbing area hidden near the top of the mountain

I've hiked the mountain hundreds of times in all weather conditions at all times of year. It's the 3rd most climbed mountain the world (after Mt. Fuji in Japan and Mount Tai in China) and definitely worth the trip.

Wednesday, October 7, 2009

My Privacy and Security lessons learned

The editor at Computerworld gave me permission to share my monthly column with you on my blog:

Privacy and security are foundational to health care reform. Patients will trust electronic health care records only if they believe their confidentiality is protected via good security.

As vice chairman of the federal Healthcare Information Technology Standards Committee, I have been on the front lines in the debate over the standards and implementation guidance needed to support the exchange of health care information. Over the past few months, I've learned a great deal from the committee's privacy and security workgroup. Here are my top five lessons:

1. Security is not just about using the right standards or purchasing products that implement those standards. It's also about the infrastructure on which those products run and the policies that define how they'll be used. A great software system that supports role-based security is not so useful if everyone is assigned the same role and its accompanying access permissions. Similarly, running great software on an open wireless network could compromise privacy.

2. Security is a process, not a product. Hackers are innovative, and security practices need to be constantly enhanced to protect confidentiality. Security is also a balance between ease of use and absolute protection. The most secure library in the world -- and the most useless -- would be one that never loaned out any books.

3. Security is an end-to-end process. The health care ecosystem is as vulnerable as its weakest link. Thus, each application, workstation, network and server within an enterprise must be secured to a reasonable extent. The exchange of health care information between enterprises cannot be secured if the enterprises themselves are not secure.

4. The U.S. does not have a single, unified health care privacy policy -- it has 50 of them. That means that products need to support multiple policies -- for example, those of a clinic that uses simple username/password authentication and those of a government agency that requires smart cards, biometrics or hardware tokens.

5. Security is a function of budget. Health care providers' budgets vary widely. New security requirements must take into account the implementation pace that the various stakeholders can afford. Imposing "nuclear secrets" security technology on a small doctor's office is not feasible. Thus, the privacy and security workgroup has developed a matrix of required minimum security standards to be implemented in 2011, 2013 and 2015, recognizing that some users will go beyond these minimums.

In debating how to enhance security for all stakeholders without creating a heavy implementation burden, the workgroup has come up with these ideas:

All data moving between organizations must be encrypted over the wire. Data moving in an organization's data center should be encrypted if open wireless networks could lead to the compromise of data as it is moved inside the organization. There is no need to encrypt the data twice -- if an organization implements appropriate secure wireless protocols such as WPA Enterprise, the data can be sent within the organization unencrypted.

All data at rest on mobile devices must be encrypted. Encrypting all databases and storage systems within an organization's data center would create a burden. But ensuring that devices such as laptops and USB drives, which can be stolen, encrypt patient-identified data makes sense and is part of new regulations such as Massachusetts' data protection law.

Such proposals strike a delicate balance, for while attaining the goal of care coordination through the exchange of health information depends on robust security technology, infrastructures and best practices, it can't succeed if safeguarding patients' privacy is unduly cumbersome.

Tuesday, October 6, 2009

Next Steps for Healthcare Information Exchange in Massachusetts

Tomorrow, I'm running a retreat of the New England Healthcare Exchange Network (NEHEN) Board of Managers and several invited stakeholders to discuss our 5 year plan for enhancing HIE functionality in the state. What are our guiding principles?

1. Create functionality that supports the workflow of our stakeholders

NEHEN's Board includes payers, providers, and patient advocates. As we think of the capabilities and functions supported by an HIE, we must meet the business needs of our stakeholders. Meaningful use is designed to foster healthcare information exchange and we want to facilitate meaningful use, but not at the expense of ignoring the needs of our stakeholders who have compliance, strategic, and customer driven needs.

2. Develop a framework of reusable functional components

In 2009, we've received 19 requests for new HIE projects. Each project is a "one off" with its own unique workflow and data exchange requirements. It is not scalable, sustainable or affordable to take on ad hoc projects that differ across each community. Ideally we'll be able to break down all our requests into a series of reusable capabilities that can be reassembled without significant IT effort to address the new project requests. Here's a list of candidate capabilities that we'll review:

Communicate Ambulatory Prescriptions
Communicate Structured Documents
Communicate Unstructured Documents
Communicate Clinical Referral Requests
Communicate Lab Results Messages
Communicate Lab Results Documents
Communicate Imaging Information
Communicate Quality Measures
Update Immunization Registry
Retrieve Immunization Registry Information
Communicate Emergency Alerts
Communicate Resource Utilization (hospital resource availability in a disaster or outbreak)
Communicate Benefits and Eligibility
Communicate Referral Authorization
Manage Consumer Preference and Consents
Access Control Service
Security Audit/Disclosure Service
Patient Identification Management Service
Knowledge and Vocabulary Service
Healthcare Document Management Service
Query for Existing Data Service
Administrative Transport to Health Plan Service
HL7 Messaging Service
Emergency Message Distribution Service

3. We need to prioritize these capabilities to guide our development efforts of over the next 5 years.

Given the business priorities of our stakeholders to achieve Medicare Part D incentives, Meaningful Use, ICD-10/5010 transition, and support Healthcare Reform, we'll develop a 5 year rollout plan for these services that will meet the greatest needs for the great number.

The outcome of this retreat will provide a foundation for the Massachusetts eHealth Institute's (our state government procurement organization for healthcare IT) ONC planning grant application.

I look forward to the retreat.

Monday, October 5, 2009

Of Bicycles and Printers

Bicycles and Printers? It's a parable, so humor me.

I ride a Trek 7.5 Fx Hybrid mountain bike. When I bought it in 2007, it cost $700 and it had Shimano Deore derailleurs, which are the lower end of Shimano's component sets. Although I have a great deal of experience adjusting bicycle components, I had many drivetrain problems - gears skipping, ghost shifting, low gears overshifted, high gears undershifted. No amount of adjustment left me a with stable, reliable ride.

Last weekend, I replaced the Deore components with Shimano XT, a higher end product. The difference between Deore and XT for my bike was about $100.00 or 15% of the cost of the bike. The new components worked perfectly and since I started using XT, I've not had a flawed shift or any adjustment problems. When I bought the bike, I would have happily paid 15% more to get a bike with a problem free drivetrain. The Deore components are now in the Wellesley Recycling Center and I'm a happy Shimano XT user.

And now, the analogy. At home, I've always used Inkjet printers such as the HP K550 and HP K5400 Pro. I spent very little buying these printers but filled them with expensive cartridges. HP printer drivers seem to have one purpose in life - to tell you to order new supplies. Each year the inkjet print heads fail and no amount of head cleaning/alignment can revive them. Since the cost of print head supplies exceeds the cost of the printer, I just replace the printer yearly. It seems that the lifecycle of a printer model is about a year, so I cannot even replace the printer with a similar model. Often that means that existing cartridges are no longer usable in the new model.

This weekend, I decided to get off the inkjet revolving door. I will never use an inkjet printer again because they are not eco-friendly, not cost effective, not easily maintainable, not reliable, and have poor life cycle management.

At BIDMC our printer lifecycle is 7 years with the following equipment

Color Laser
HP Color LJ4700N (Departmental)
HP Color LJ CP3525N (Work Group)
HP Color LJ CP1215 ((Single)

Black and White
HP LJ p4015N/TN (Departmental)
HP LJ p2055DN/X (Work Group)
HP LJ p2035N (Two-person)

I purchased an HP P2035N black and white laser printer at Staples and turned in my inkjet for recycling, getting $50 cash back. Yes, this printer costs a bit more up front, but it has the reliability, cost effectiveness, and life cycle management I need.

Just as with my bike, buying the right parts the first time to meet your requirements is the right thing to do.

I now have a small laser printer on my home network and not a single inkjet cartridge left in the house.

Friday, October 2, 2009

Cool Technology of the Week

Yesterday I was traveling through Newark to Princeton, New Jersey and I checked into my flight with my Blackberry.

That's right - I handed my Blackberry to the TSA and they let me pass.

I handed my Blackberry to the Gate folks and they let me enter the plane.

How is the possible? A little known option on the Continental Website called "PDA check in" that is completely paperless and is my cool technology of the week.

When you check in, Continental offers the option to send a 2D bar code to your smartphone/email device via a pre-registered email address (photo above). The bar code is invalid if printed. At airports with Continental gates, there is a special bar code reader at security that reads your PDA directly and validates the 2D bar code.

The gate uses the standard bar code reader that's used for all boarding passes.

Interestingly, I was the only one on the entire plane who used this feature.

I think folks are so paranoid about delays in security that they are reluctant to try new technologies at the airport.

Case in point - I wrote about Clear on April 11, 2008. In June of 2009, the company ceased operations.

However, I think the idea of using a PDA for boarding passes is simple, ecofriendly and works well. Whizzing through security with only my Blackberry - that's cool.

Thursday, October 1, 2009

Japanese Artisans

This is another in my series of blogs about Kyoto. My August trip focused more on culture and people than on places and travel. Here's my mini-guide to the artisans of Kyoto.

First a bit about finding shops in Kyoto. In my quest for a lacquerware shop called Monju in the Gion (Geisha) region of eastern Kyoto, I needed to decode the address Hanami-koji Higashi-iru Minami-gawa, Shijo-dori, Higashiyama-ku.

Kyoto's addresses are purposely confusing. When Kyoto was the capital, addresses were designed to protect the emperor and his extended staff by obscuring the locations of buildings.

Here's a key:
Shi means city
Ku means ward within a city
Gun means municipality within a ward
Cho means town within a municipality
Mura means village
Dori means street
Kado means corner
Agaru means go to North
Sagaru means go to South
Higashi-iru means go to East
Nishi-iru means go to West
Kawa/gawa means river
Omotesando means shopping street

The system works by naming the intersection of two streets and then indicating if the address is north, south, east or west of the intersection. What this means is that a building can have more than one address depending on which intersection is chosen.

The official address to Kyoto Tower is Higashi-Shiokōji 721-1, Shimogyō-ku, Kyōto-shi, Kyōto-fu 600-8216

However, the informal address to Kyoto Tower, as given on its website is Karasuma-Shichijō-sagaru, Shimogyō-ku, Kyōto-shi, Kyōto-fu which means "south of the intersection of Karasuma and Shichijō streets.

So, the address of the Monju lacquerware shop means go to the corner of Hanamikoji and Shijo streets, then go East and wander around the block bounded by the former path of the Minami river (which now travels underground). I asked the local police station (Koban) and numerous shopkeepers. They had never heard of Monju and I did find an empty store front in a back alley off Shijo-dori. I presume it went out of business. I can recommend Urushi Art Lacquerware, manufacturer and wholesaler of Kyoto-style lacquer ware, which is located south of the Kyoto Imperial Palace at 637 Heinouchi-cho, Takakura Nishiiru, Takeyamachi-dori, Nakagyo-ku.

Other hints about finding your way around Kyoto :

The order of street names can be changed
Shijo dori Higashioji Nishi-iru
Higashioji dori Shijo Nishi-iru

The street names may be aliased
Shijodori Higashioji Nishi-iru
Shijodori Higashiyama Nishi-iru
Higashiyama dori is an alias of Higashioji dori

Compass directions can be combined
Higashi-iru agaru Kawaramachi dori Shijo dori

In fact, many shops are in alleyways or side streets and not on the main streets listed. When looking for an incense shop in Northwest Kyoto, my wife and I went to the general area and then followed the sweet smell of burning Aloeswood up a sidestreet for two blocks to find the shop.

Here are our favorite Japanese artisan shops:

Brooms - Americans may not think of brooms as a work of art. The Japanese weave natural materials into beautiful brooms that last for decades. The most amazing hand woven brooms in Kyoto are available at Naito on the west side of the Sanjo-dori bridge. We bought a broom and carried it back to the US. Carrying a broom around Japan definitely caused a few odd looks.

Fans - The Japanese make remarkable fans, decorated with finely detailed artwork. Although most people in Kyoto use free fans imprinted with advertisements, given away at train stations on the streets, the Geisha/Maiko and those wishing to experience Japanese traditional arts still purchase fans made by artisans. In Kyoto, I found a great fan shop, Miyawaki Baisen-an located at Tominokoji Nishi-iru, Rokkaku-dori, Nakagyo-ku.

Combs - In Japan, a woman's hair is considered one of the most important aspects of her appearance. Japanese women do no generally wear "bling" but they will add a finely crafted comb to their hair. Some of the most beautiful combs are available at Jusanya located at Otabi-cho, Shin-kyogoku Higashi-iru, Shijo-dori, Shimogyo-ku.

Washi paper - Japanese paper made from mulberry bark has great texture and natural character. The paper itself is a often a gift in itself. You'll find great washi paper at Morita Wagami located at Bukko-ji agaru, Higashi-no-toin-dori, Shimogyo-ku.

Chopsticks (Hashi) - Although Americans may think of chopsticks as simple throwaways, finely crafted chopsticks are a distinctive part of Japanense meal at fine restaurants and at home. When we travel, we carry our own folding chopsticks with us (saves trees) and at home we use beautiful handmade tiger bamboo chopsticks from Ichihara Heibei Shoten located at Sakai-machi, Shijo-sagaru, Shimogyo-ku.

Metalwork - Wonderful traditional and modern Japanese metalwork such as sake warming vessels are available at Seika-do located at Nijo-sagaru, Teramachi-dori, Nakagyo-ku. The owner, Mr. Yamanaka speaks English and is a wonderful teacher about Japanese metal artistry.

Ceramics - The Japanese make many styles of ceramics, often specific to the clays of a town or region. My favorite ceramics are the blue and white pottery sold by the shops in southeastern Kyoto near the Kiyomizu temple such as Asahi-do or Rakish-en.

Bamboo - Bamboo is an incredibly versatile material, used for fine Japanese flutes (such as the Shakuhachi I play), baskets for flowercraft (ikebana), and hundreds of household objects. The best store for bamboo craft is Kagoshin located at Shichi-ken-cho, Ohasi-higashi 4-chome, Sanjo-dori, Higashiyama-ku.

I hope you enjoy the journey to find these places at much as I did. Not only is it culturally enriching, it's good for you. I lost 5 pounds walking the streets of Kyoto and exploring its alleyways in search of the finest examples of Japanese traditional arts.