Cool Technology of the Week

A major theme in healthcare IT lately has been the value of unstructured healthcare data, which can be mined using natural language processing and search technologies to produce meaningful knowledge

Although the transformation of unstructured data into structured data is a new concept in healthcare, there's a commercial website that illustrates its power - Tripit.com

TripIt, it is an itinerary consolidation and sharing tool that's very simple to use.   You email any trip confirmations (air, car, hotel etc) to plans@tripit.com and TripIt combines all of the elements into one itinerary. That itinerary can be then saved to your calendar, viewed on the web, accessed via mobile devices and shared with others.

There are three major functions – itinerary collation, itinerary management and itinerary sharing.

To test itinerary collation, I emailed an Expedia confirmation from an upcoming Alaska trip (I'm keynoting a HIMSS event in Anchorage in June then climbing for a few days).    The free text was transformed perfectly into the structured data shown in the graphic above, including automatic weather and map information.   There's an iPhone, Android and Blackberry app to access this structured data via mobile devices.  The iPhone app worked perfectly.

I use Apple Mail and by simply clicking on the calendar integration feature of Tripit, my full itinerary was automatically added to my calendar

I shared my itinerary with my wife by inviting her to join Tripit via her gmail account.  I also added my Tripit itinerary to my Facebook wall.

A natural language processing application that turns unstructured confirmation emails into web, mobile and social networking accessible structured data.   That's cool!

My 2011 Garden Plan

It's Spring in New England and I'm preparing my gardens.

This year, I planted oak leaf lettuce and spinach in a cold frame and selected seeds for a Summer raised bed garden of eggplant, cucumbers,peas, beans, and heirloom cherry tomatoes.

5 years ago, my wife and I joined the waiting list for a space in the Wellesley Community Garden on Brookside Road.   We were just notified that we'll be granted a space this year.   This means that we'll have a 32 x 25 foot plot to share with another family.   Our plan is to install several raised beds and plant Japanese pumpkins (Kabocha) and other vegetables that require generous amount of sunny, well-drained flat ground that we do not have in our backyard because of the 100 foot hemlocks causing shade much of the year.

All our seeds come from the Kitazawa Seed Company, a truly remarkable supplier.

For the next few weekends, I'll be tilling soil, hauling mulch, building fences, and installing raised beds.    My plan for new fencing to keep rabbits, squirrels and chipmunks from eating our fresh produce is pictured above.   I found two great design resources - one about wire fencing and one about raised beds.

We've lived in New England for 15 growing seasons so I've learned not to plant tender seedlings until after mid May.   It's still possible to have a hard freeze in April despite the temptation to plant induced by occasional 70 degree days.

As my daughter goes off to college and we enter the next stage of life (51-60),  the time in our backyard garden and our new community garden space will be very therapeutic.

The rituals of the planting/harvesting cycle, the anticipation of fresh vegetables, and physical labor of small scale farming  melt away all the problems of the week.   I look forward to a weekend in the dirt!

National Strategy for Trusted Identities in Cyberspace

On April 15, 2011, the Whitehouse released the National Strategy for Trusted Identities in Cyberspace (NSTIC) during a launch event that included U.S. Sec. of Commerce Gary Locke, other Administration officials, and U.S. Senator Barbara Mikulski, as well as a panel discussion with private sector, consumer advocate, and government ID management experts. 

What is it a trusted identity in Cyberspace?   This animation describes the scope of the effort.  It includes smartcards, biometrics, soft tokens, hard tokens, and certificate management applications.

NSTIC envisions a cyber world - the Identity Ecosystem - that improves upon the passwords currently used to access electronic resources. It includes a vibrant marketplace that allows people to choose among multiple identity providers - both private and public - that will issue trusted credentials proving identity. 

Why do we need it?

NSTIC provides a framework for individuals and organizations to utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice and innovation.

Shopping, banking, social networking, and accessing employee intranets result in greater opportunities for innovation and economic growth, but the online infrastructure for supporting these services has not evolved at the same pace. The National Strategy for Trusted Identities in Cyberspace addresses two central problems impeding economic growth online - 1) Passwords are inconvenient and insecure 

2) Individuals are unable to prove their true identity online for significant transactions.

Identity theft is costly, inconvenient and all-too common

*In 2010, 8.1 million U.S. adults were the victims of identity theft or fraud, with total costs of $37 billion.

*The average out-of-pocket loss of identity theft in 2008 was $631 per incident.

*Consumers reported spending an average of 59 hours recovering from a “new account” instance of ID theft.

Phishing continues to rise, with attacks becoming more sophisticated

*In 2008 and 2009, specific brands or entities were targeted by more than 286,000 phishing attacks, all attempting to replicate their site and harvest user credentials. 

*A 2009 report from Trusteer found that 45% of targets divulge their personal information when redirected to a phishing site, and that financial institutions are subjected to an average of 16 phishing attacks per week, costing them between $2.4 and $9.4 million in losses each year.5

Managing multiple passwords is expensive

*A small business of 500 employees spends approximately $110,000 per year on password management. That’s $220 per user per year.

Passwords are failing

*In December 2009, the Rockyou password breach revealed the vulnerability of passwords. Nearly 50% of users’ passwords included names, slang words, dictionary words or were extremely weak, with passwords like “123456”.

Maintenance of multiple accounts is increasing as more services move online

*One federal agency with 44,000 users discovered over 700,000 user accounts, with the average user having 16 individual accounts.

Improving identity practices makes a difference

*Implementation of strong credentials across the Department of Defense resulted in a 46% reduction in intrusions.

*Use of single sign-on technologies can reduce annual sign-in time by 50 hours/user/year.

The next step is creation of a national program office to manage the project and coordinate public-private efforts.    I look forward to a voluntary, opt in strong identity for e-commerce.   Who knows, if this effort is successful, maybe we can move forward with a voluntary, opt in strong identity for healthcare.

Business Spam

Our Proofpoint Spam filters remove the Nigerian businessmen and Viagra ads from my email stack.   However, it's really challenging to auto-delete legitimate business email from major companies that I would just rather not read.

Business Spam (BS) is what I call the endless stream of chaff filling my inbox with sales and marketing fluff.  If a colleague emails me about a cool new emerging technology, I'm happy.   If a trusted business partner gives me a preview of a new product and offers me the opportunity to beta test it, I'm thrilled.  If Bob at XYZ.com describes their cloud-based, software as service, offshore, outsourced, app store compliant product line that's compiled in powerpoint (i.e. does not yet exist except in sales and marketing materials), I press delete as fast as I can.

Since there are multiple domains that can be used to reach me - bidmc.harvard.edu, caregroup.harvard.edu, caregroup.org etc. many email list sellers vend 5 or 6 variations of my email address, resulting in 5 or 6 copies of each life changing offer in my inbox.

Now I know why some say email is dead.   Email is a completely democratic medium.  Anyone can email anyone.  There are no ethical or common sense filters.  The result is that Business Spam will soon outnumber my legitimate email.

Social networking architectures offer an alternative.   I'm on Facebook, Twitter, LinkedIn, Plaxo etc.   In those applications, individuals request access to me.   Based on their relationships to my already trusted colleagues and my assessment of their character, I either allow or deny access.  Once I "friend" them, appropriate communications can flow. If the dialog becomes burdensome or inappropriate, I can "block" them.

In order to stay relevant, email needs to incorporate social networking-like features.   It should be easy to block individuals, companies, or domains that I do not want to hear from.   Today, when a vendor ignores my pleas to remove me from their emailing list (demonstrating a lack of compliance with anti-spamming policies), I ask our email system administrator to blacklist their entire domain, preventing the flow of their Business Spam across the enterprise.

For those of you who use unsolicited business email as a marketing technique, beware.   Your message is not only diluted by the sheer volume of companies generating Business Spam, but it also creates a negative impression among your recipients.

My advice - send your customers a newsletter describing your products and services.  Ask them to opt in to receive future messages.  If they do not respond, stop sending them.   It's just a like a Facebook request - you pick your friends and your friends pick you.

The alternative is that all your communications will be deemed Business Spam and blocked at the front door.    Do you really want all your customers to say your emails are BS (Business Spam)?

Facebook's Green Data Center

In my roles as CIO at Harvard Medical School and Beth Israel Deaconess Medical Center, I oversee 4 data centers (one primary and one disaster recovery site for each institution).   Over the past several years, I've not been challenged by data center real estate, I've been challenged by power and cooling demands.

My teams have invested substantial time and effort into enhancing our power usage effectiveness (PUE) - the ratio of total power consumption including cooling and transformer losses divided by how much of the power is actually used by computing equipment.

In the graphic above, BIDMC has achieved a PUE of 1.82, which is low compared to many corporations.  We've done cold aisle containment, floor tile ventilation, and hot air recapture to reduce our Computer Room Air Conditioning (CRAC) needs substantially.  We've matched the average of most green computing initiatives.

Despite all our efforts, we are limited by the constraints of the standard commercial hardware we run and the building we use.

Facebook has designed its own buildings and created its own servers via its  Open Compute Project .   Initial power usage effectiveness ratios are 1.07, compared with an average of 1.5 for their existing facilities.

Here's an overview of how they did it.

They've removed uninterruptible power supplies and centralized chilling units, which we cannot do because of architectural/engineering limitations of our building design.   We're likely to achieve a PUE of 1.5, but could only achieve 1.07 by opening a new, fresh-built data center.

Here's a look at the kind of energy efficiency that cloud providers are achieving by creating dedicated mega data center buildings.

On April 28, I'm keynoting the Markley Group's annual meeting and you can be sure that I'll include power and cooling in my list of the things that keep me up at night.

Congratulations, Facebook!

Cool Technology of the Week

I'm a great fan of creating networks of networks for healthcare information exchange.   Point to point interoperability does not scale but creating local or regional collaborations that enable large numbers of organizations to connect with minimal interfacing works very well.

Today, Surescripts announced the Lab Interoperability Cooperative to connect hospital labs with public health agencies.

In Massachusetts, NEHEN has worked with the Boston Public Health Commission and the Massachusetts Department of Public Health to enable all the hospitals in Eastern Massachusetts to send reportable lab, syndromic surveillance, and immunization information by simply connecting HL7 2.5.1 transmissions to a single gateway.

Surescripts has the same plan but on a national scale. Hospitals interested in participating can register by completing the “Phase I Checklist” by April 29, 2011.

The project is funded by a grant from the Centers for Disease Control with participation from the American Hospital Association and the College of American Pathologists. During the two-year grant period, the project will recruit, educate and connect  a minimum of 500 hospital labs to the appropriate public health agencies.  At least 100 will be critical access or rural hospitals.

Based on the Surescripts Network for Clinical Interoperability, the project will support all federal and state policies and standards for health information exchange, including privacy and security standards.

A standards-based network to connect hospital labs and public health agencies.   That's cool!

Upcoming Conferences

Spring is speaking season and here are two upcoming conferences of interest.  I'll be moderating panels at both.

The first conference is "Enabling the Adoption of HIT to Transform Patient Care" on April 25, 2011 at the Harvard Club of Boston.

This conference features keynotes by Dr. David Blumenthal who will speak about his vision for modernizing health care delivery and Dr. David Bates who will discuss using health IT to improve patient safety.   The conference will also feature two panels. The first will focus on supporting providers to achieve meaningful use of EHR. The second will focus on new and innovative technologies to engage patients and providers in care delivery.

The conference is the result of hard work by the HSPH Public Health & Technology (PHAT) Forum, a graduate student organization whose mission is to provide an interactive, cross-disciplinary forum for exploration and innovation at the intersection of health, information, and technology.

The second conference is the Governor's Health IT Conference hosted by Deval Patrick at the DCU Center, Worcester, MA May 9-10.

Keynotes include Deval Patrick, Dr. David Blumenthal, and Sachin Jain, MD, MBA, Special Assistant to the National Coordinator.    Topics include:
*How the Office of the National Coordinator will fund the deployment of electronic health records and the exchange of data among these systems
*Governor Patrick's proposal for transforming the healthcare payment system
Medicare and Medicaid initiatives for quality improvement and shared savings
*The contributions that health IT will make to clinical quality, patient-centeredness, and the economic recovery in Massachusetts

See you at these conferences!