This is my 1000th blog post. Readers have visited the geekdoctor blog over a million times. The discipline of writing every day has helped me become a better communicator in my work and personal lives. Thanks for being a part of it.
Today, I'm publishing the BIDMC FY12 Information Systems Operating plan which includes all the high priority projects I identified in my earlier post about preparing for a new CEO.
In the Clinical Information Systems area there are numerous important goals, but five that deserve a more focused discussion:
ICD-10 - A challenging and expensive compliance project that must be done because 70% of the revenue cycle is at risk. The scope of the project includes BIDMC, it's community hospital affiliate BIDH-Needham, the owned physician group APG, the academic affiliated group HMFP and the private physicians in BIDPO. The likely budget - $5-10 million. The likely safety, quality, efficiency improvements - none at all. Many in the industry recognize ICD-10 as a colossal waste of time and effort. I've tried very hard to communicate this broadly and will continue that effort in articles, lectures and personal meetings in Washington.
Clinical Documentation - although all the ambulatory areas and ICU areas of BIDMC have online documentation, progress notes in the wards are still written on paper. In order to improve care coordination, decision support, and provide the granularity necessary for ICD-10 coding, we will work hard to create multi-disciplinary documentation in our ward areas.
Electronic Medication Administration Records - We're redesigning medication management from the supply chain to the bedside. We'll adopt innovative tools to automate the new idealized processes.
Healthcare Information Exchange - Accountable Care Organizations will require increased health information exchange analytics. All the stakeholders in Massachusetts have worked together on an HIE plan that connects every provider, payer and patient. Now we need to build it.
Analytics - Turning data into information, knowledge and wisdom will require a new generation of analytics. We're building those now.
The Fiscal Systems area includes several important compliance goals such as 5010 and enhancements to our human resources management systems.
Knowledge services will continue curation of our electronic library resources.
Media Services will enhance our streaming and conference room infrastructure.
In the Infrastructure area, there are important 15 important themes:
Data Protection - Develop and implement a strategy for protecting BIDMC authentication credentials and sensitive data accessed from personally owned computers including mobile devices.
Patch Management - Improve patch management sufficiently to reduce vulnerabilities by 50 percent or more on I.S. managed systems.
Voice Mail System - Replace the current voice mail system that supports over 6,000 accounts with a more up-to-date, IP-based system without incurring extended disruption of service or loss of old content.
Clinical Systems Service Level - Implement high availability features using Cache ECP and Red Hat Enterprise Linux clustering technologies. Increase service levels from 99.9 percent to 99.99 percent due to Cache or Linux related problems.
DR Data Network - Virtualize the distribution layer of the data network in the disaster recovery center to permit more flexible repositioning of assets without regard to VLAN assignment.
Life Cycle Management - Replace one-third of the approximately 120 data network access switches in the east and west campuses with more up-to-date and efficient devices.
Security Dashboard – Develop metrics that in combination provide a way to quantify the risk, by subnet, of devices attached to our data network. Using this information, apply security measures that are tailored to the relative risk each subnet presents.
Vulnerability Assessments – Deploy a commercial Vulnerability scanner along with updated processes and procedures to enhance our ability to identify and remediate vulnerable systems network wide.
Windows 7 – Upgrade all kiosk/public managed workstations to Windows 7 to enhance the user experience, improve security, and take advantage of better management features. Upgrade at least 50 percent of business builds to Windows 7 with the balance targeted for FY13.
SQLServer Enterprise Edition – Migrate two-thirds or more of the 32 data bases still using Standard Edition to Enterprise Edition. EE provides higher availability, larger hardware, improved auditing, and other features.
Rights Management – Improve the utility of the Varonis rights management system to include surveillance of unusual access patterns that may indicate a security issue.
Exchange 2010 – Plan the upgrade and deployment from Exchange 2007 to Exchange 2010.
Internet Access – Develop and implement a strategy that reduces the exposure of BIDMC IT technical resources and sensitive data to Internet-based malware that strikes a workable balance between the security threat and business need for Internet access.
Service Level Monitoring – Extend the use of Nagios software monitoring to 75 percent or more of the data center assets to improve the reliability, granularity, and accuracy of system alerts.
Storage – Migrate all new image acquisition PACs to Atmos and begin conversion of all Centera assets to Atmos.
We'll do all of this within the FTE, operating budget (less than 2% of the BIDMC Operating budget) and capital budget assigned.
I look forward to a great year ahead and share with all of you the lessons learned along the way.
Tuesday, October 11, 2011
Friday, October 7, 2011
Cool Technology of the Week
As the discussion of the functionality to be included in a Nationwide Health Information Network (NwHIN) continues, there are 3 different secure transports being evaluated:
Exchange: “NHIN Messaging Platform Specification”, which uses SOAP for transport and WS-I Basic Security Profile for security (TLS + XML signature + WSDL + AES + X.509 + SAML)
Direct: “Applicability Statement for Secure Health Transport”, which uses SMTP for transport and S/MIME for security (AES + X.509)
Secured REST: specification to be done, but will use HTTP for transport; candidates for security include TLS, X.509, and OAuth.
Each has different characteristics and different strengths. The barrier to RESTful implementation is lack of a consistent implementation guide.
The folks at MITRE have implemented project hData noting that "Current electronic health data standards are complex, hard to implement, and difficult to manage”.
hData separates transport and packaging from content – something the HIT Standards Committee has supported. This FAQ provides more details. Clearly hData is still in development and not yet adopted, but I do think they are pursing an appropriately simple approach to transport.
The hData content format has been balloted by HL7 and a Draft Standard for Trial Use (DTSU) is expected this month. The hData transport format (RESTBinding) is in the Open Management Group comment resolution phase.
A RESTful implementation guide for healthcare that separates content and transport, providing easy to implement, secure transport. That's cool.
Exchange: “NHIN Messaging Platform Specification”, which uses SOAP for transport and WS-I Basic Security Profile for security (TLS + XML signature + WSDL + AES + X.509 + SAML)
Direct: “Applicability Statement for Secure Health Transport”, which uses SMTP for transport and S/MIME for security (AES + X.509)
Secured REST: specification to be done, but will use HTTP for transport; candidates for security include TLS, X.509, and OAuth.
Each has different characteristics and different strengths. The barrier to RESTful implementation is lack of a consistent implementation guide.
The folks at MITRE have implemented project hData noting that "Current electronic health data standards are complex, hard to implement, and difficult to manage”.
hData separates transport and packaging from content – something the HIT Standards Committee has supported. This FAQ provides more details. Clearly hData is still in development and not yet adopted, but I do think they are pursing an appropriately simple approach to transport.
The hData content format has been balloted by HL7 and a Draft Standard for Trial Use (DTSU) is expected this month. The hData transport format (RESTBinding) is in the Open Management Group comment resolution phase.
A RESTful implementation guide for healthcare that separates content and transport, providing easy to implement, secure transport. That's cool.
Thursday, October 6, 2011
The Vortexes of Sedona
Last weekend, I gave a keynote address at the eClinical Works National User Conference in Phoenix, Arizona. As is usual when I travel, I look for interesting places to explore in the natural world within driving distance of conferences. I flew in at 2am on Saturday morning, giving me the entire day on Saturday to explore before my Sunday morning lecture and redeye back to Boston.
Sedona is 120 miles north of Phoenix and is well known for its red rock vistas, its spirituality, and great hiking trails.
Most intriguing to me was the concept of the Sedona "vortexes", which have been described as swirling centers of energy emanating from the surface of the earth.
Whether or not you believe in the physical manifestation of such energy centers, there are 4 great hikes to visit the vortex locations.
As you enter the Sedona area on Highway 179, you'll pass Bell Rock and Courthouse Butte. There's a trailhead on the right side of the highway with access to numerous loop trails from 1 mile to 4 miles in length. I highly recommend the Courthouse Butte loop, which passes the Bell Rock Vortex.
The photo above is the Cathedral Rock Vortex which is accessed via a .7 mile walk/climb accessed from Back-O-Beyond Road off Highway 179. It's easy slab climbing and a 700 foot elevation gain from the parking lot to a beautiful vista. I'm not sure if it recharged my spiritual batteries, but the breeze cascading through the pillars at the peak was refreshing on a 100 degree day and the shade of the Cathedral Rock walls boosted my hiking endurance.
The Airport Vortex is located on Airport Road off Highway 89A. The view of Sedona from Airport Mesa is spectacular.
The Boynton Canyon Vortex is located at Dry Creek Road off Highway 89A. I'm a fan of old Juniper trees (said to be an indicator of strong vortex energy) and you'll find plenty in Boynton Canyon.
After climbing/hiking 4 vortexes, I enjoyed a vegan lunch in a shaded outdoor garden at the Chocolatree Cafe , a very hip spot on Highway 89A. Highly recommended.
Sedona proved to be a very invigorating place, well worth the day trip from Phoenix and preparing me for the double redeye flights of the weekend.
Wednesday, October 5, 2011
A Moment for Steve Jobs
Earlier this evening, I emailed my staff about the passing of Steve Jobs. Many responded that they were genuinely sad.
It's not about being Apple "fanboys" or disliking the competition. It's about recognizing the possibilities for what might have been if Steve had lived longer.
In some ways, his death seems like Faustian bargain - revolutionize the world with products beyond our imagination, then die too young.
In my life, I crossed paths twice with Steve Jobs.
As an undergraduate at Stanford from 1980-1984, I met Steve Wozniak and Steve Jobs at the Stanford Computer Club and saw early demonstrations of Apple II, III, and Lisa products. I taught the first undergraduate personal computer course at Stanford in1981, using Apple products in an era when the Stanford Computer Science department told me that personal computers were a fad that soon would end.
In 1983, Steve Wozniak's mom called me and asked me to design an electronic greeting card for the Woz's 33rd birthday. To this day, I hold the patent on all e-cards, both the paper type that play music and those you send over the internet.
Steve Jobs was at the party where my card was demonstrated for the first time.
I bought a Mac SE30 in 1990.
I was an early adopter of the NeXT cube and used it to develop all my early web applications at BIDMC when I first arrived in 1996.
My Windows years were limited to 1995-2006. Since then I've used MacBooks, iPads and iPods as my hardware devices. This year, I'll retire my Blackberry and replace it with an iPhone 4S.
Thanks Steve, you really made a difference.
It's not about being Apple "fanboys" or disliking the competition. It's about recognizing the possibilities for what might have been if Steve had lived longer.
In some ways, his death seems like Faustian bargain - revolutionize the world with products beyond our imagination, then die too young.
In my life, I crossed paths twice with Steve Jobs.
As an undergraduate at Stanford from 1980-1984, I met Steve Wozniak and Steve Jobs at the Stanford Computer Club and saw early demonstrations of Apple II, III, and Lisa products. I taught the first undergraduate personal computer course at Stanford in1981, using Apple products in an era when the Stanford Computer Science department told me that personal computers were a fad that soon would end.
In 1983, Steve Wozniak's mom called me and asked me to design an electronic greeting card for the Woz's 33rd birthday. To this day, I hold the patent on all e-cards, both the paper type that play music and those you send over the internet.
Steve Jobs was at the party where my card was demonstrated for the first time.
I bought a Mac SE30 in 1990.
I was an early adopter of the NeXT cube and used it to develop all my early web applications at BIDMC when I first arrived in 1996.
My Windows years were limited to 1995-2006. Since then I've used MacBooks, iPads and iPods as my hardware devices. This year, I'll retire my Blackberry and replace it with an iPhone 4S.
Thanks Steve, you really made a difference.
The Responsibility of Formal Authority
You probably expected me to write about the new iPhone 4S today, but the press has analyzed it well, especially Computerworld. Next week I will write about the impact of accelerated consumer IT product releases on CIOs, including managing customer expectations for business IT innovation.
In the meantime, a few thoughts on the wise use of formal authority i.e. that job description we were handed when we first became CIOs.
In previous blog posts I've reflected on the fact that none us of really have authority. Instead, we have responsibility and risk.
The work that I do in all my lives - Federal, State, BIDMC, Harvard Medical School, and my home life as father/husband/son - do not rely on formal authority. They rely on my informal authority to inspire, align, and communicate.
I have never "ordered" a change. The best I can do is to facilitate consensus and follow Harvard Business School Professor John Kotter's principles for change management:
1. Establish urgency.
2. Form a powerful guiding coalition.
3. Create a vision.
4. Communicate the vision.
5. Empower others to act on the vision.
6. Plan for and create short-term wins.
7. Consolidate improvements, creating more change.
8. Institutionalize new approaches.
Relationship building and fostering trust bring me the informal authority I need to lead people through change.
Although the formal authority I have is never used, there are behavioral responsibilities that come with the title CIO. I have to be careful what I say, who I speak with, and what I do, because the hierarchy of the organization assigns power relationships to the role I serve. There are five guidelines I've assigned myself:
1. Respect hierarchical boundaries - if I bypass my direct reports and communicate directly with their direct reports, I always ensure the communication includes everyone in the chain of command. If I did not do this, I would disempower my managers and directors.
2. Communicate consistently with everyone - it's bad behavior is to tell different versions of the truth to people based on what you believe various audiences want to hear. By communicating consistently, I create a culture of collaboration. The last thing I want to do is create discord in the organization by encouraging people to work against each other or foster dissension among teams.
3. Work via standard processes - it may seem expedient to invent your own processes, bypass hierarchies, or work around established lines of communication in an effort to accelerate projects. My experience is that such an approach causes confusion, misalignment of priorities, and wasted effort. Just as I respect hierarchical boundaries, I follow standard processes when problems need to be resolved.
4. Communicate broadly and honestly - if there is problem in the organization, I communicate it to all stakeholders. It is far better to over communicate, even if the news is challenging/difficult, than to work in silos and try to hide failures for fear of embarrassment.
5. Work openly and transparently - we've all worked in organizations with office politics that happen behind the scenes. Back channel conversations, blind cc's on email, escalation around hierarchical boundaries, different conversations in the open verses behind closed doors, and undermining the authority of others can occur in any organization. If someone suggests solving a problem by working on it clandestinely, I refuse. Problems should be solved openly and transparently with all the stakeholders in the room.
These are the responsibilities of formal authority. Although you may never use the power you've been given in your job description, your actions every day can impact your peers and your staff in subtle ways. Once you understand that your every word and behavior can inspire, influence, or irritate, you'll have mastered the responsibility of formal authority.
In the meantime, a few thoughts on the wise use of formal authority i.e. that job description we were handed when we first became CIOs.
In previous blog posts I've reflected on the fact that none us of really have authority. Instead, we have responsibility and risk.
The work that I do in all my lives - Federal, State, BIDMC, Harvard Medical School, and my home life as father/husband/son - do not rely on formal authority. They rely on my informal authority to inspire, align, and communicate.
I have never "ordered" a change. The best I can do is to facilitate consensus and follow Harvard Business School Professor John Kotter's principles for change management:
1. Establish urgency.
2. Form a powerful guiding coalition.
3. Create a vision.
4. Communicate the vision.
5. Empower others to act on the vision.
6. Plan for and create short-term wins.
7. Consolidate improvements, creating more change.
8. Institutionalize new approaches.
Relationship building and fostering trust bring me the informal authority I need to lead people through change.
Although the formal authority I have is never used, there are behavioral responsibilities that come with the title CIO. I have to be careful what I say, who I speak with, and what I do, because the hierarchy of the organization assigns power relationships to the role I serve. There are five guidelines I've assigned myself:
1. Respect hierarchical boundaries - if I bypass my direct reports and communicate directly with their direct reports, I always ensure the communication includes everyone in the chain of command. If I did not do this, I would disempower my managers and directors.
2. Communicate consistently with everyone - it's bad behavior is to tell different versions of the truth to people based on what you believe various audiences want to hear. By communicating consistently, I create a culture of collaboration. The last thing I want to do is create discord in the organization by encouraging people to work against each other or foster dissension among teams.
3. Work via standard processes - it may seem expedient to invent your own processes, bypass hierarchies, or work around established lines of communication in an effort to accelerate projects. My experience is that such an approach causes confusion, misalignment of priorities, and wasted effort. Just as I respect hierarchical boundaries, I follow standard processes when problems need to be resolved.
4. Communicate broadly and honestly - if there is problem in the organization, I communicate it to all stakeholders. It is far better to over communicate, even if the news is challenging/difficult, than to work in silos and try to hide failures for fear of embarrassment.
5. Work openly and transparently - we've all worked in organizations with office politics that happen behind the scenes. Back channel conversations, blind cc's on email, escalation around hierarchical boundaries, different conversations in the open verses behind closed doors, and undermining the authority of others can occur in any organization. If someone suggests solving a problem by working on it clandestinely, I refuse. Problems should be solved openly and transparently with all the stakeholders in the room.
These are the responsibilities of formal authority. Although you may never use the power you've been given in your job description, your actions every day can impact your peers and your staff in subtle ways. Once you understand that your every word and behavior can inspire, influence, or irritate, you'll have mastered the responsibility of formal authority.
Tuesday, October 4, 2011
Simvastatin Safety and Information Systems
The following is a broadcast email written by Dr. David Feinbloom, Medical Director, Medication Safety and Information Management at BIDMC. It nicely illustrates the collaboration among clinicians, pharmacists, and Information Systems:
To all –
I am writing to update you on the simvastatin patient alert process that was initiated in July. As you will remember, this initiative was prompted by the recent Food and Drug Administration (FDA) warning for patients taking simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
In response to this alert, the Medication Safety Subcommittee, in concert with Healthcare Quality, decided that an institutional response was warranted and we proceeded with the plan described in the original email below. In brief, we reached out to all stakeholders, developed a data query to help providers identify these patients, allowed sufficient time for providers to reach out to these patients, and then sent letters to all the remaining patients who were still taking simvastatin, at a high dose and/or in combination with several other medications. Last Monday we sent 2800 letters to the remaining patients.
This size of this initiative was unprecedented for BIDMC, and although it was largely successful, there were many important observations and lessons learned which will inform our process going forward; these include:
1. The volume of alerts, and the number of patients affected, continues to grow (see the recent FDA warning on Celexa and abnormal heart rhythms).
2. Sorting through the level of evidence and clinical relevance of these alerts is difficult and time consuming.
3. Running queries on our patient’s medication lists with sufficient sensitivity and specificity to meet our provider’s needs is not always possible.
4. Provider preference on how, or whether, to address each alert with their patients is variable.
5. Resources, at both the institutional and provider level, are insufficient to support this work.
We have assembled a group to evaluate how to meet this challenge, and anyone who would like to join is welcome. I will provide you with updates as they become available.
Thanks for your help and support.
David Feinbloom
----------
Email to Providers
As you know, the Food and Drug Administration (FDA) recently issued a new warning for patients and healthcare professionals regarding simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
(FDA Drug Safety Communication: Simvastatin). Although it is not uncommon for the FDA to issue safety warnings when surveillance data identifies unanticipated adverse drug effects, this case is somewhat unique because simvastatin is such a common medication among our patients at BIDMC. In addition, we know from previous medication safety initiatives in that past that most of providers do not have the time or resources necessary to identify and contact all of their patients who may require notifications. For these reasons, we are proposing the following strategy:
Healthcare Quality will work with IT to generate of list of patients that have an active simvastatin prescription, either at a dose, or in a combination identified by the FDA to be associated with an increased risk for adverse events (see Search Query below). We will then send a list to each provider by email to give them an opportunity to reach out to their patients and update their medication list.
In several weeks time we will run the same query on all patient medications again. Patient that still have a prescriptions for simvastatin in a dose or combination of concern will then be sent a standard letter asking that they contact the prescribing provider to discuss whether any medication changes should be made (see Patient Letter below).
If you have already contacted your patient and made changes to their medication list such that they no longer have a dose or combination of concern, they will not be receiving a letter. Unfortunately, if you have made the clinical decision to continue your patient on a dose, or in a combination of concern, we will not be able to suppress the letter. We expect this will happen infrequently, and if it does, the language of the patient letter is clear that if they have already discussed this you they need not re-contact you.
Your list may include some patients for whom you are not the primary provider, or may omit some patients who you consider to be part of your panel. Similarly, problems may occur for patients whose medication list is not up to date, contains errors, or includes prescriptions for split doses.
Please let me know if this plan is acceptable to your practices. The queries we are running include
1. All patients in who have an active prescription for simvastatin 80 mg prescribed < 1 year ago.
2. All patients in who have an active prescription for simvastatin > 10 mg and any of the following medications:
· Amiodarone
· Verapamil
· Diltiazem
3. All patients in who have an active prescription for simvastatin > 20 mg and any of the following medications:
· Amlodipine
· Ranolazine
4. All patients in who have an active prescription for simvastatin (any dose) and any of the following medications:
· Itraconazole
· Ketoconazole
· Posaconazole
· Clarithromycin
· Erythromycin
· Telithromycin
· Amprenavir
· Atazanavir
· Darunavir
· Fosamprenavir
· Indinavir
· Lopinavir/ritonavir
· Nelfinavir
· Ritonavir
· Saquinavir
· Tipranavir
· Cyclosporine
· Danazol
· Gemfibrozil
· Nefazodone
----------
Letter to Patients
Dear Patient –
You are receiving this letter because according to our records you are currently taking the cholesterol-lowering medication simvastatin. Simvastatin is also sold under the brand name Zocor, and is found in the combination medications Vytorin and Simcor.
The Food and Drug Administration (FDA) recently issued a new warning for patients and healthcare professionals regarding simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
The risk of muscle damage is low and we do NOT recommend that you stop any of your medications without first talking to your healthcare provider. Simvastatin is an excellent cholesterol-lowering medication and in many instances continuation of the medication is appropriate. However, we are recommending that you contact the provider who prescribed the simvastatin to discuss whether any medication changes should be made. You may have already had a discussion with your healthcare provider about this issue; if so, it is not necessary for you to re-contact him or her. You should immediately contact your healthcare provider if you experience muscle pain, tenderness or weakness, or dark or red colored urine.
To all –
I am writing to update you on the simvastatin patient alert process that was initiated in July. As you will remember, this initiative was prompted by the recent Food and Drug Administration (FDA) warning for patients taking simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
In response to this alert, the Medication Safety Subcommittee, in concert with Healthcare Quality, decided that an institutional response was warranted and we proceeded with the plan described in the original email below. In brief, we reached out to all stakeholders, developed a data query to help providers identify these patients, allowed sufficient time for providers to reach out to these patients, and then sent letters to all the remaining patients who were still taking simvastatin, at a high dose and/or in combination with several other medications. Last Monday we sent 2800 letters to the remaining patients.
This size of this initiative was unprecedented for BIDMC, and although it was largely successful, there were many important observations and lessons learned which will inform our process going forward; these include:
1. The volume of alerts, and the number of patients affected, continues to grow (see the recent FDA warning on Celexa and abnormal heart rhythms).
2. Sorting through the level of evidence and clinical relevance of these alerts is difficult and time consuming.
3. Running queries on our patient’s medication lists with sufficient sensitivity and specificity to meet our provider’s needs is not always possible.
4. Provider preference on how, or whether, to address each alert with their patients is variable.
5. Resources, at both the institutional and provider level, are insufficient to support this work.
We have assembled a group to evaluate how to meet this challenge, and anyone who would like to join is welcome. I will provide you with updates as they become available.
Thanks for your help and support.
David Feinbloom
----------
Email to Providers
As you know, the Food and Drug Administration (FDA) recently issued a new warning for patients and healthcare professionals regarding simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
(FDA Drug Safety Communication: Simvastatin). Although it is not uncommon for the FDA to issue safety warnings when surveillance data identifies unanticipated adverse drug effects, this case is somewhat unique because simvastatin is such a common medication among our patients at BIDMC. In addition, we know from previous medication safety initiatives in that past that most of providers do not have the time or resources necessary to identify and contact all of their patients who may require notifications. For these reasons, we are proposing the following strategy:
Healthcare Quality will work with IT to generate of list of patients that have an active simvastatin prescription, either at a dose, or in a combination identified by the FDA to be associated with an increased risk for adverse events (see Search Query below). We will then send a list to each provider by email to give them an opportunity to reach out to their patients and update their medication list.
In several weeks time we will run the same query on all patient medications again. Patient that still have a prescriptions for simvastatin in a dose or combination of concern will then be sent a standard letter asking that they contact the prescribing provider to discuss whether any medication changes should be made (see Patient Letter below).
If you have already contacted your patient and made changes to their medication list such that they no longer have a dose or combination of concern, they will not be receiving a letter. Unfortunately, if you have made the clinical decision to continue your patient on a dose, or in a combination of concern, we will not be able to suppress the letter. We expect this will happen infrequently, and if it does, the language of the patient letter is clear that if they have already discussed this you they need not re-contact you.
Your list may include some patients for whom you are not the primary provider, or may omit some patients who you consider to be part of your panel. Similarly, problems may occur for patients whose medication list is not up to date, contains errors, or includes prescriptions for split doses.
Please let me know if this plan is acceptable to your practices. The queries we are running include
1. All patients in who have an active prescription for simvastatin 80 mg prescribed < 1 year ago.
2. All patients in who have an active prescription for simvastatin > 10 mg and any of the following medications:
· Amiodarone
· Verapamil
· Diltiazem
3. All patients in who have an active prescription for simvastatin > 20 mg and any of the following medications:
· Amlodipine
· Ranolazine
4. All patients in who have an active prescription for simvastatin (any dose) and any of the following medications:
· Itraconazole
· Ketoconazole
· Posaconazole
· Clarithromycin
· Erythromycin
· Telithromycin
· Amprenavir
· Atazanavir
· Darunavir
· Fosamprenavir
· Indinavir
· Lopinavir/ritonavir
· Nelfinavir
· Ritonavir
· Saquinavir
· Tipranavir
· Cyclosporine
· Danazol
· Gemfibrozil
· Nefazodone
----------
Letter to Patients
Dear Patient –
You are receiving this letter because according to our records you are currently taking the cholesterol-lowering medication simvastatin. Simvastatin is also sold under the brand name Zocor, and is found in the combination medications Vytorin and Simcor.
The Food and Drug Administration (FDA) recently issued a new warning for patients and healthcare professionals regarding simvastatin because of an increased risk of muscle damage when taken at high doses or in combination with several other medications.
The risk of muscle damage is low and we do NOT recommend that you stop any of your medications without first talking to your healthcare provider. Simvastatin is an excellent cholesterol-lowering medication and in many instances continuation of the medication is appropriate. However, we are recommending that you contact the provider who prescribed the simvastatin to discuss whether any medication changes should be made. You may have already had a discussion with your healthcare provider about this issue; if so, it is not necessary for you to re-contact him or her. You should immediately contact your healthcare provider if you experience muscle pain, tenderness or weakness, or dark or red colored urine.
Monday, October 3, 2011
Bring Your Own Device
At BIDMC, I oversee 10,600 desktops and 2000 laptops. They are all locked down with System Center Configuration Manager 2007 and McAfee ePolicy Orchestrator.
Given that most of our applications are thin client and web-based, we can stretch the lifetimes of our desktops to 5-6 years and our laptops to 3-4 years. Capital funding puts limits on how much hardware we can buy and how long we keep it.
Like many IT departments, we have to balance many priorities - security, cost, software compatibility, performance and the user experience.
This balance means that the locked down, image managed, economical device provided by the IT department will almost always be older, lower powered, and less capable than the device in your home.
The same is true of mobile devices like Blackberries which are a one time purchase and are only replaced when they stop functioning.
Consumer devices are more than just technology, they've become lifestyle accessories. Are you an iPad2 or a Macbook Air 11 person? Does Android tickle your fancy or are you holding out for the Samsung tablet with Windows 8?
The cost of these devices is low enough that consumers can buy them on their own and may upgrade yearly as new models are released.
All of this has led to the BYOD movement - Bring Your Own Device to work.
One of my passions as a CIO has been to create web-based applications that run anywhere on anything. That approach has enabled our applications to run on every version of the iPad, iPhone and iPod touch as well as Android and Blackberry devices like the Playbook.
However, I'm also accountable for the privacy and security of each byte of person identified data and we have over 1.5 petabytes to protect.
The internet is an increasingly hostile place. Clicking on a picture of Heidi Klum results in a 1 in 10 chance that your device will become infected.
Online apps distributed via social networks are filled will malware.
Hacked websites can bring malware onto our device. A CIO at the recent Information Week 500 conference described that hackers inserted malware, which was only one pixel by one pixel, into a public-facing website his lab supported. All internal users who browsed to the website and did not have the latest version of Adobe Flash were infected. Once infected, their workstations scanned for other vulnerabilities on the network.
Breach reporting regulations in HITECH are strict. If a keystroke logger embedded in malware results in username/password compromise and a hacker downloads files or views data for more than 500 people, the prominent media needs to be notified. It is unlikely that the media will see much difference between an infected personal device and something under the CIO's control - the CIO will be held accountable!
BIDMC has over 1000 iPads and over 1600 iPhones accessing its network for email and web applications. I absolutely see the value of the Bring Your Own Device movement.
However, the compliance and regulatory requirements that grow more complex every day make the BYOD movement very problematic.
It may be that we'll find some compromise, such as encouraging BYOD, noting that little support will be available, and requiring mobile device security solutions such as Good Technologies before a personal device is allowed on the network.
BYOD can be empowering to users. Let's hope we can mitigate the risk and afford the applications needed to comply with federal and state laws.
Given that most of our applications are thin client and web-based, we can stretch the lifetimes of our desktops to 5-6 years and our laptops to 3-4 years. Capital funding puts limits on how much hardware we can buy and how long we keep it.
Like many IT departments, we have to balance many priorities - security, cost, software compatibility, performance and the user experience.
This balance means that the locked down, image managed, economical device provided by the IT department will almost always be older, lower powered, and less capable than the device in your home.
The same is true of mobile devices like Blackberries which are a one time purchase and are only replaced when they stop functioning.
Consumer devices are more than just technology, they've become lifestyle accessories. Are you an iPad2 or a Macbook Air 11 person? Does Android tickle your fancy or are you holding out for the Samsung tablet with Windows 8?
The cost of these devices is low enough that consumers can buy them on their own and may upgrade yearly as new models are released.
All of this has led to the BYOD movement - Bring Your Own Device to work.
One of my passions as a CIO has been to create web-based applications that run anywhere on anything. That approach has enabled our applications to run on every version of the iPad, iPhone and iPod touch as well as Android and Blackberry devices like the Playbook.
However, I'm also accountable for the privacy and security of each byte of person identified data and we have over 1.5 petabytes to protect.
The internet is an increasingly hostile place. Clicking on a picture of Heidi Klum results in a 1 in 10 chance that your device will become infected.
Online apps distributed via social networks are filled will malware.
Hacked websites can bring malware onto our device. A CIO at the recent Information Week 500 conference described that hackers inserted malware, which was only one pixel by one pixel, into a public-facing website his lab supported. All internal users who browsed to the website and did not have the latest version of Adobe Flash were infected. Once infected, their workstations scanned for other vulnerabilities on the network.
Breach reporting regulations in HITECH are strict. If a keystroke logger embedded in malware results in username/password compromise and a hacker downloads files or views data for more than 500 people, the prominent media needs to be notified. It is unlikely that the media will see much difference between an infected personal device and something under the CIO's control - the CIO will be held accountable!
BIDMC has over 1000 iPads and over 1600 iPhones accessing its network for email and web applications. I absolutely see the value of the Bring Your Own Device movement.
However, the compliance and regulatory requirements that grow more complex every day make the BYOD movement very problematic.
It may be that we'll find some compromise, such as encouraging BYOD, noting that little support will be available, and requiring mobile device security solutions such as Good Technologies before a personal device is allowed on the network.
BYOD can be empowering to users. Let's hope we can mitigate the risk and afford the applications needed to comply with federal and state laws.
Subscribe to:
Posts (Atom)
