Friday, February 27, 2009

Cool Technology of the Week

I recently wrote about the technology I own and emphasized my parsimony principle - own the smallest amount of technology possible to minimize the maintenance and support burden. Less is more.

I recently used my iPod Touch and the Apple App Store to retire two pieces of technology.

On my nightstand I had an iHome clock radio for iPod that works perfectly with older iPod devices but is not compatible with the iPhone/iPod Touch or the current generation of iPod nanos. Rather than purchase a new iHome, I asked myself what I really use it for. It's just a digital clock and alarm that also plays music. Since the iPod touch has a built in speaker that's good enough for nightstand use, I really just needed the iPod to function as a nightstand alarm clock. The iPod native alarm clock software does not continuously display the time (the screen times out) so it is not very useful when you wake up and wonder what time it is.

Using the App Store, I found "Nightstand" from

Night stand displays digital clock in both portrait and landscape mode, and disables the iPod screen time out. It displays a standard LED clock or retro flip clock, offers 12/24 hour time format and can show seconds/day of the week. It also enables iPod music to play in the background.

After installing Nightstand, I found that it perfectly replaced the iHome, enabling me to retire it.

Similiarly, I asked the question about my ebook reader, an Amazon Kindle. Although the Kindle is a great device with many features that we've used at Harvard Medical School to support medical education, it is another device that I have to maintain and support as the Home CIO.

After reading a Boston Globe article about eReader alternatives, I downloaded Stanza by LexCycle from the App Store.

After a few minutes mastering the user interface, I had a fully functional eBook reader on my iPod touch. The touch screen makes it easy to flip between pages, select chapters, scroll and change font sizes. Over 100,000 titles are available from the LexCycle Online Catalog.

Although the screen is a bit smaller than the Kindle, I found the convenience of a single device providing music, alarm clock, web browsing and eBook functionality to be very compelling. Thus, I retired the Kindle.

This means that the only technology I own is a Macbook Air, an iPod Touch, and a Blackberry Bold.

For now, that is parsimony. In the future, I may be even able to consolidate the iPod Touch and the Blackberry Bold into one device. At present, the Touch is not a great email platform and the Blackberry is not a great application platform. We'll see with the future brings.

The iPod Touch running Nightstand and Stanza, enabling me to retire two other devices. That's cool!

Thursday, February 26, 2009

My Favorite Japanese Food

As promised in my blog about Japanese Culture, today's blog will be devoted to a remarkable Japanese food - Okonomiyaki.

Okonomiyaki is a Japanese "pancake" made with fresh vegetables. Okonomi means "what you like" or "what you want", and yaki means "grilled" (as in yaki-soba or teriyaki). The Kansei region of Japan (Kyoto/Osaka) and the Hiroshima area are famous for Okonomiyaki. Toppings and batters tend to vary according to region.

Kansai style is a grilled batter cake, typically made from flour, grated yam, dashi(broth), eggs and shredded cabbage. As prepared in Japan, it's vegetarian but not vegan because of the eggs. When we make it at home, we use lecithin as a binder and skip the eggs. Okonomiyaki is topped with okonomiyaki sauce (similar to A1 steak sauce), aonori (seaweed flakes), Japanese soy mayonnaise and pickled ginger (beni shoga). Some restaurants bring the ingredients to your table and you prepare it yourself. Others grill it for you, while you sit on barstools around the cooking surface.

Hiroshima style is layered rather than mixed together and includes fried noodles. The layers are a pancake batter base followed by cabbage, noodles, egg and okonomiyaki sauce. The amount of cabbage used is usually much more substantial than in Kansai style. Hiroshima Okonomiyaki start out piled high and are pushed down as the cabbage cooks.

Both types are delicious, but I find the Hiroshima style more satisfying.

While in Kyoto, I had the opportunity to taste 3 different preparations of Okonomiyaki in one day. As is typical when I explore a city, I walked 25 miles, stopping for Okonomiyaki in the Gion (Geisha) district, in the Kyoto University district (Northeast) and in the Kyoto train station (Southwest).

While in Hiroshima, I had Okonomiyaki in at Okonomi-Mura (Okonomi Village) and on the island of Miyajima at Koumitei.

Along with vegan split pea soup and vegetable pot pies, Okonomiyaki is my "comfort food". Whenever my wife prepares Okonomiyaki at home, my daughter jokes that "mom must really want something special from Dad." Definitely a food worth trying.

Wednesday, February 25, 2009

A Quality Data Set for the Country

In yesterday's blog about novel data sources for quality measurement, I emphasized the need to embrace clinical data sets for measuring quality. To accelerate this effort, we must first develop a standardized quality data set (QDS) and identify healthcare workflow changes to enable automation of performance measures through electronic health records and health information exchanges.

The National Quality Forum's Health Information Technology Expert Panel has already laid the foundation for the use of clinical data in quality measurement.

Yesterday, the NQF convened HITEP II to build upon this work. I have the privilege of being part of HITEP II and I wanted to share with you the background and charges to the workgroups.

In 2007, the Agency for Healthcare Research and Quality (AHRQ) commissioned the NQF to convene HITEP to address the ability of EHRs to create and aggregate data for quality measurement. HITEP recommended a high-priority set of quality measures; identified a set of required data types that were incorporated into the Healthcare IT Standards Panel (HITSP) Interoperability Specification for Quality; developed a framework for evaluating the quality of these data types; and, identified gaps and made recommendations to enable automated quality measurement. The American Health Information Community (AHIC) Quality Workgroup recommended further development of these data types into the QDS. In addition to improving quality measurement, the QDS will provide a base of core data needed to bridge clinical guidelines with Clinical Decision Support (CDS), the key effector arm for quality improvement using EHRs in clinical settings The AHIC Quality Workgroup further recommended an environmental scan of existing automated quality reporting initiatives to identify existing and preferred workflows to generate data needed for performance measurement. The second HITEP will identify workflows and recommend the QDS to quality stakeholders including HITSP. NQF will also incorporate HITEP recommendations into the NQF measure endorsement process.

HITEP‐II Quality Data Set (QDS) Workgroup Objective
NQF, through HITEP, will define a draft quality data set framework that would support quality measurement that is automated, patient‐centric, and longitudinal. NQF and HITEP will review existing data sets used for quality measurement, including those developed by the Centers for Medicare and Medicaid Services for its CARE tool, by the HITEP in its initial work, by the Joint
Commission for transfers of care, and by others as appropriate, as the basis of a harmonized minimum set of data types or elements that can be used for automating quality measures. HITEP should also incorporate into the draft harmonized quality data set those data types or elements needed to support measure sets and national priority areas. HITEP should assign a data quality score and a priority level to each data type or element within the draft quality data set as an aid to implementation. The draft quality data set will be populated with quality data elements for the high priority conditions defined in HITEP I, and include, at a minimum, relevant data captured during inpatient and physician office visits, and data required to support transitions of care among other provider settings.

HITEP‐II Quality Data Set (QDS) Workgroup Objective
Provide a centralized, maintained repository of quality data requirements (concepts, data types, data elements, code sets) and data definitions used by multiple stakeholders to develop, specify, and use quality measures.

HITEP-II Workflow Workgroup Objective
The Workflow Workgroup will explore ways of describing efficient capture of standard data elements from appropriate sources. The work product will define the qualitative and quantitative aspects of data by examining quality data flow maps. Such quality data management will address three requirements for data: validity (the authority and accountability of the source), integrity (the methods for maintaining validity of the data), and appropriateness of secondary use of the data.

HITEP-II Workflow Workgroup Objective
The workgroup will determine mechanisms and opportunities within quality data management workflows for identifying patients who meet inclusion criteria in measure populations, for gathering performance measurement data, and for providing clinical decision support to optimize performance in targeted areas. In addition to a generic framework that could be used across many clinical conditions, the deliverable should include at least one scenario for how the workflows operate for targeted conditions.

I am confident that HITEP II will provide the detailed Quality Data Set specifications that will enable HITSP to refine its previous work on Quality measurement. Over time, these standards will be required as part of EHR certification and will be incorporated into health information exchanges. HITEP II's work will ensure that we can measure the quality impact of the accelerated EHR rollout funded by the American Recovery and Reinvestment Act. Once we can measure quality, we can then reform healthcare, paying for quality instead of quantity. HITEP II's work is critical to that vision.

Tuesday, February 24, 2009

Novel data sources for quality measurement

On Thursday, I'll give a presentation to the National Committee on Vital and Health Statistics (NCVHS) about measuring quality using "traditional" and emerging, novel sources of healthcare data.

My definition of traditional data sources that are currently used to measure quality includes administrative claims data aggregated from hospital-based claims databses (for example, BIDMC has an Oracle respository called Casemix), payer-based databases (all have a claims warehouse to support disease management), physician organizations (Beth Israel Deaconess Physicians Organization has worked with Heathcare Data Services to create all payer business intelligence tools ) and health data consortia (such as the Massachusetts Health Data Consortium offers de-identified aggregated claims to enable institutional comparisons)"

New sources of data for quality analysis go beyond administrative data and include EHR, PHR, and Healthcare Information Exchange resources. Here are a few examples:

*At BIDMC all our laboratory, radiology, pharmacy and care process data is available in business intelligence datamarts. We use these internally for scorecards, benchmarking and workflow improvement projects.

*Massachusetts has a long history of payer/provider collaboration, such as NEHEN. Recently, the Eastern Massachusetts Healthcare Initiative (EMHI) has developed a new set of clinical data exchange use cases to support regional payer/provider collaboration. One of those use cases is the automated exchange of quality data via a secure publish/subscribe web service that eliminates the need for providers to create bulk data extracts for payer quality measures.

*The Massachusetts eHealth Collaborative has created a quality data warehouse for its 600 participating clinicians. This warehouse is so good that the BIDMC Physicians Organization (BIDPO) has elected to use it for aggregating the quality measure data on its physicians.

*Surescripts/Rx Hub provides national medication list data that is helpful for clinical care and quality measurement

*Commercial labs such as Quest and LabCorps are implementing HITSP standards for lab transactions which include the data elements needed for biosurveillance, public health reporting and quality analysis.

*The Social Security Administration's Megahit pilot demonstrated automated submission of electronic medical records between hospitals and the SSA with patient consent to improve turn around time for disability claims adjudication.

*The Centers for Disease Control has implemented Biosense, an automated surveillance system for detecting variations in disease frequency using de-identified emergency department and hospital data.

*The Massachusetts Medical Society is working with the Massachusetts eHealth Collaborative (MAeHC) to pilot quality scorecards for its members using the MAeHC quality warehouse.

*Departments of Public Health in Massachusetts receive automated data feeds from local hospitals to enable early detection of outbreaks

*The AEGIS system developed by Children's hospital uses automated data feeds from Massachusetts hospitals to create real time influenza prevalence maps

*A new generation of consumer healthcare devices from the Continua Alliance enables remote monitoring of patients in the home, transmitting data to EHRs and PHRs.

*Personal Health Records includes those tethered to an EHR, those sponsored by employers, hosted by health plans and vendor-based systems such as Microsoft HealthVault and Google Health enable patients to aggregate, enter, and manage their own data. PHRs may be an appropriate way to measure quality by asking the patients to subscribe/contribute their data to quality measurement organizations. The trusted third party model in Google enables patients to share data with their consent. Some patients may feel altruistic enough to contribute their data for quality measurement.

*Google Trends shows search term trends over time. This can be used to quantify searches on symptoms such as flu-related illnesses, providing early detection of changes in the frequency of users searching for fever/cough/flu etc. It would be interesting to track the Google trend for searches on Chest Pain/Heart attack before and after the introduction of Vioxx as measure of pharmaco-vigilence.

*As part of the Clinical and Translational Science Awards, all Harvard Medical School affiliates must work together as single virtual unit, sharing data for clnical research. SHRINE is an innovative, web-services based federated data mining tool that enables clinical research among all the data at all Harvard hospitals with appropriate privacy protection and IRB oversight.

All of these new approaches go behind claims data to provide novel indicators that can be used to measure quality. I predict that all these novel sources of data will become increasingly important as stimulus funds become available and clinicians are incentivized based on quality, not quantity, of care delivered.

Monday, February 23, 2009

In Pursuit of Peace

I've returned from Japan and had many amazing experiences there, both professional and personal. One of the more interesting experiences demonstrated to me that we are truly connected and it is a very small world.

While in Tokyo at a seminar arranged by Fujitsu, I met Yoshio Leeper from the Fujitsu Economic Research Center. He mentioned that his father Steven Leeper, was Director of Peace Park, the museum/monuments at the site of the Hiroshima atomic bomb blast. I told Yoshio that I would be visited Hiroshima on February 18 and would welcome the opportunity to meet his father.

Yoshio emailed his father. Steve Leeper graciously offered to take my family to lunch at Okonomi Mura, a building filled with Okonomiyaki restaurants (Okonomiyaki are a remarkable layered pancake with noodles and vegetables that deserves its own blog entry. Hiroshima is famous for them) and to give us a guided tour of Peace Park, based on his experience as Director.

We arrived in Hiroshima and went to lunch. Steve described his role as ambassador for peace to the world as Chairperson of the Hiroshima Peace Culture Foundation. He knew of my various roles in technology and policy and asked if I would like to meet the mayor of Hiroshima, Tadatoshi Akiba PhD and the CIO of Hiroshima, Asako Toyoda, (who is also Deputy Mayor).

One call to the Mayor's office and it was arranged.

We drove to city hall and were escorted to the mayor's private meeting room.

Dr. Akiba is a remarkable man. He's a graduate of MIT and is passionate about technology. Hiroshima is one of the most wired cities in Japan with near universal Broadband and 3G wireless coverage. He's passionate about Peace and specifically hired Steve Leeper to bring strong leadership to Hiroshima's peace activities. Dr. Akiba also has turned the city around financially by trimming expenses, scaling back public works projects and implementing tight fiscal management.

Asako Toyoda is one of the few CIOs in japan. Her energy and diligence have led to Hiroshima's IT pre-eminence. It was all accomplished with a very frugal budget.

My conversation with Dr. Akiba ranged from electronic health records and regional information exchanges to personal health records/Google Health. He was very familiar with my background including the unusual fact that I was Edward Teller's ('father' of the H-bomb) research assistant from 1981-1983. He asked for my help supporting the cause of peace, a critical issue over the next two years as the Nuclear Non-Proliferation Treaty is renegotiated in 2010. Depending on the outcome of that treaty, we can begin a path of global nuclear disarmament or see an increase in countries throughout the world becoming nuclear weapons capable.

I gave him my commitment to work with my contacts in the House, Senate, and White House staff to raise awareness on this issue. Let's hope that the new administration finds the path to peace appealing as a way to bring stability and economic cooperation to the world.

Japan has high hopes for the Obama administration, and according to all the Japanese senior people I spoke with, there is a fresh look at America now that the administration has changed. The previous administration created a tide of negative public opinion about Americans which is now turning! Just north of Kyoto, there's a town called Obama City. So it's fair to say that while in Japan, I had a visit to see Obama. I hope that Mr. Obama follows Secretary Clinton's lead and visits the far east. Two of Obama's goal's are ending our unpopular wars and reinvigorating the economy. Pursuing the cause of peace by taking a leadership role in nuclear non-proliferation and strengthening American ties to the second largest economy in the world (Japan also holds much of the US national debt) are two good ways to further the administration's top priorities.

Friday, February 20, 2009

Cool Technology of the Week

A somewhat unusual Cool Technology of the Week - the internet itself.

The image to the right contains the current statistics on adoption of the internet worldwide.

You can see that the US leads internet adoption, but that just above every country is seeing enough adoption to significant impact the way the human race receives news and information.

When I think of the acceleration of communication in my lifetime, it's dizzying. When I was born in 1962, Western Union telegrams were the fastest way to communicate text. As I grew up, acoustic coupler modems became available to high tech government and corporate users. Then came fax machines. Then proprietary dialup data networks.

I remember creating my first bulletin board to enable 300 baud downloads of software updates for my small software company in 1987.

Today, I have folks asking me to arrange high speed terabyte data transfers.

We're all connected, with high bandwidth, wired and wireless, worldwide. Who could have imagined this 15 years ago when the first web browser was created.

All of humanity, connected, that's cool!

Thursday, February 19, 2009

Japanese Culture

On Thursdays, I write about something more personal than my technology and policy blog entries. Since I'm in Japan, here is my homage to Japanese culture. What is it I admire so much about this country?

The Food - as a vegan, I've been enjoying meals made with fresh, regional ingredients prepared in a way that appears to all the senses. Shojin Ryori, the vegan meals created by Buddhist monks, are made from Tofu, Yuba (the skin created by heating soy milk), Okara (the fiber left over after soy milk is made), fresh seasonable vegetables, rice, and green tea. These meals are low fat, high fiber, contain no cholesterol and are among the most delicious foods I have ever tasted.

The Clothing - traditional Japanese clothing is extremely comfortable. There is nothing more refreshing after 24 hours of travel than a soak in a Japanese bath (described below), putting on a Yukata (Japanese cotton robe) tied with an Obi (Japanese cotton sash), and then a Haori (overcoat) and Geta (wooden shoes) for a stroll to a forested shrine. This is what we do on Miyajima, the sacred island off the coast of Hiroshima.

The Living Spaces - Japan is a small country in that it is so mountainous that the majority of it's 127 million people live in the plain between Tokyo and Osaka, making the amount of space per person some of the smallest in the world. This means that the Japanese people must live low impact lives - small homes, small cars, small amount of belongings. People think about the needs of the many - they wear masks to prevent the spread of respiratory illness. They carry small towels to avoid the need for wasteful paper towels in public bathrooms (Japan is where Douglas Adams, the author of Hitchiker's Guide to the Galaxy, got the idea that you always need to carry your towel with you). A traditional Japanese living space has a futon for sleeping that may be put away during the day. Zabuton are pillows for sitting on. Eating may be done on small tables set on the floor. Dinnerware consists of lacquerware, pottery, and chopsticks. Belongings may be minimalist, but they are of great beauty and utility. The concept of green living combined with great aesthetics truly appeals to me.

The Onsen/Baths - Japanese love their hot baths - natural hot springs (onsen), outdoor baths (Rotenburo), and even simple cedar tubs for soaking. You wash off outside the bath, then soak in 104F (or hotter) water. Americans may find the idea of public baths (always gender specific) to be a bit odd, but it really works as a cultural experience.

The Arts - Japanese arts include Cha no yu (tea ceremony), ink painting, zen gardens, Kabuki (theater), Honkyoku (Shakuhachi meditation music), and Koh do (incense). These art forms are great for the soul.

The Religion - Shintoism celebrates the miracle of nature and the Japanese landscape. Buddhism celebrates the achievement of the individual to find enlightenment. Both are very peaceful religions and do not attempt to convert others, impose political beliefs, or criticize other religions. Western religions could learn much from this approach.

Japan is truly my favorite country to visit and I try to visit every year. In my own home and life I try to include as many of these cultural principles as is possible. My daughter hopes to live and work in Japan after college. I'll welcome her lessons learned.

Tuesday, February 17, 2009

Healthcare Interop and the ARRA: Hope Happens

The following is a guest blog, written by Gartner's Wes Rishel, reposted on my blog with his permission. He makes several great points:

For a while, we will all be trying to estimate how the American Recovery and Reinvestment Act of 2009 (ARRA) will impact our bailiwicks. On list servers some writers read the tea leaves to see a much broader and more systematic look at healthcare informatics and interoperability than has been pursued by the ONCHIT. They argue with some justification that the true “electronic health record” is more about information and the way individual health IT systems are interconnected than it is another term for the EMR with some unspecified interoperability thrown in.

Soothsayers, however, should say a different sooth. Congress is clearly not looking to go back to the drawing boards. The ARRA encodes in law the approach adopted by the Bush administration through executive orders and administrative actions.

Some believe that the current approach is doomed to failure because of the lack of the aforementioned systematic framework for current interoperability efforts. Others, including me, believe that applications integration is always messy, if for no other reason than that the goal will always be to integrate systems that are in different points in their life cycle and have different information models. Successful application integration depends entirely on identifying specific scenarios that are in easy reach for a majority of systems in usage or have such a clear and measurable value to the owners of the system (not the vendors) that they will pay for the re-engineering.

In other words, national interoperability in the U.S. can not rise above rough-cut precision in the short term (say, ten years).

One can only hope that the US gets that far. Interoperability under HIPAA has been successful in a few cooperating communities but generally a disaster. HIPAA absolutely proved that the full Federal regulatory process is too lugubrious for promulgating IT standards.

The current U.S. approach is faster than HIPAA, but it suffers from one of HIPAA’s main problems, that the entity responsible for producing the specifications is not responsible for their being implemented. For some time, I have been speaking about the notion of a profiler-enforcer organization (PEOs). (Gartner clients can read a more detailed piece on this topic here.) Organizations such as Connecting for Health in England and Infoway in Canada take multiple standards, develop harmonized profiles and see the process through contracting with HIT vendors to implement them. Their charter is to get HIT implemented and standards are a part of the process. IHE is similar in that it at least takes responsibility for a full cycle through Connectathons.

The fundamental point is that interoperability is not achieved by a waterfall process, but by recycling. Early deliverable specifications are rough drafts to be tuned by implementation experience. Unless the entity responsible for creating the specs is responsible for them being used well, the feedback loop will remain open and confusion will prevail.

In the U.S., the work is split between HITSP, CCHIT, the NHIN Trial Implementation project and perhaps other implementation projects. The feedback loop is broken.

The ARRA allow a hopeful person some justification for short-term and long-term optimism for healthcare interoperability. In the short term, the language includes support for rejiggering the U.S. process so that the goal of creating actual interoperation might be under a tighter span of control.

Long term hope arises from language directing NIST to award academic grants for multidisciplinary “centers for health care information enterprise integration.” We can hope that NIST develops the grants in a way to support a more systematic look the challenges of healthcare interoperability. One also hopes potential applicants for such grants will work immediately to bone up on the excellent if incomplete work done by HL7, the Object Management Group and the National Cancer Institute in establishing a more rigorous basis for interoperability. Principles developed there can find their way into the architecture of HIT systems over time and can get us from rough-cut to a smooth finish, if not to finely honed cabinetry.

Monday, February 16, 2009

My Hopes and Expectations for the Next Year

Many people have asked about my hopes for the next year, now that $2 billion is being allocated for health information technology through the American Recovery and Reinvestment Act of 2009 (ARRA)

Here's a summary of the ARRA legislation as I understand it:

*20 billion for Healthcare IT stimulus activity

*2 billion to ONC, including grants and loans available through an HIT Extension Program, with a national center and regional centers that provide outreach to help providers adopt through advice on "good technologies and good implementation strategies

*New Standards and Policy Federal Advisory Committees.

*Standards are voluntary for private enterprises, but must be in place for all federal contracting and stimulus initiatives

*Competitive planning and implementation grants to states

*Competitive grants to providers that require providers to participate in quality reporting and present strategies for upgrading and
maintaining system in the future

*A demonstration program to apply health IT training to clinical curriculum

*Grants for IT professionals to expand health informatics training.

*Medicare and Medicaid incentives start in 2011. Year 1 will be the largest payment and over time will become a disincentive/penalty for non adoption.

After many discussions with the leadership of NeHC, CCHIT and HITSP, my hope is that NeHC becomes the Standards Committee referred to in the bill and that the great folks already chosen to serve on NeHC continue their service. The NeHC as configured is multi-disciplinary and not dominated by any one group. The new Standards Committee should continue to provide Value Case, as described in the NeHC charter, to prioritize standards harmonization, architecture and best practices needed to ensure interoperability.

It is my hope that HITSP continues to serve as the multi-stakeholder group doing the standards harmonization work requested by the Standards Committee. HITSP's current configuration is not dominated by any one group (vendor organizations are 44% and have not been a majority of any vote) and includes the following membership:

Consumer – 22 organizations
Govt – 45 organizations
Non-SDO – 458 organizations
SDO – 28 organizations
Project team – 12 organizations (non-voting)
Information only organizations – 91

Non-SDO breakdown:
Clinicians – 32
IT – 44
Payer – 21
Provider – 33
Public Health – 18
Purchasers – 4
Researchers – 20
SafetyNet – 10
Vendor – 252
Chose no subcategory – 24

I do believe HITSP will evolve its approach to producing interoperability specifications. Specifically, its deliverables in the future will include highly reusable service oriented architecture components for content, transport, and routing. Our HITSP meeting on Friday will include a discussion of the work we've done over the last year to evolve our future approaches into this SOA methodology. This means that HITSP documents will be much easier to read and implement, more reusable, and more nimble to rapidly support uses beyond the scope of the current use cases. We'll also complete a dictionary so that implementers can easily reference data elements and then create services themselves to exchange data. For example, if a vendor or HIE wanted to exchange problems, medications, allergies, notes, labs results, and radiology reports, then it would be as simple as referencing the data element dictionary, implementing the content standards (such as CCD with RxNorm and SNOMED-CT vocabularies), the transport standards (HTTPS with SOAP or REST), and the routing (query/response or publish subscribe framework such as XDS or XDR). I expect at least one of our 2009 Interoperabilty Specifications to pilot this approach and I am hopeful that this emphasis on XML and the standards of the web will accelerate implementation in 2010 and beyond.

HITSP has had a great relationship with CCHIT to ensure interoperability specifications are introduced in a stepwise manner to ensure all stakeholders can adapt to the changes without too great a burden. I am hopeful that CCHIT will continue its task doing certification. I believe NIST will also be involved, advising us all on best practices for standards conformance testing and certification.

The next year will also bring much planning for the implementation of EHRs regionally and locally. My top expectations for 2009-2010 are

1. ONC will be recognized and will become a sub-cabinet organization, given the authority and resources needed to accelerate the adoption of electronic health records and standards-based information exchanges.

2. ONC will fund regional "IT Extension Centers" to provide project management and implementation services to small practices nationwide.

3. NeHC will become the standards committee and will create value cases that contain standards and architecture for HITSP to harmonize and CCHIT to certify.

4. Medicare and private insurer incentives will accelerate implementation of a few basic data exchanges - laboratory, e-Prescribing and clinical summaries. Local, regional, and domain-based (such national lab vendors, Surescripts/RxHub) health information exchanges using mandated standards will provide a network of networks for such exchange.

5. Public good data exchanges such as quality measurement, biosurveillance and public health reporting will be required for participation in Medicare HIT incentives. Other data exchanges such as home monitoring devices and clinical research will follow.

$2 billion is a great deal of money. However, the scope of the work to be done - providing electronic health records to over 600,000 doctors, it will only lay the foundation. Through a focus on regional IT extension centers, great governance via the Standards Committee working with HITSP/CCHIT/NIST, and a prioritized list of required information exchanges, ONC will be empowered to bring EHRs in the US to the next level.

Saturday, February 14, 2009

Lost in Translation

For next 5 days, I will be traveling in various rural locations in Japan. I am writing blog posts but may not be able t0 post them. In the meantime, you can follow me on

Friday, February 13, 2009

Cool Technology of the Week

I'm in Japan this week and have had the opportunity to review the clinical applications and infrastructure of information systems in Tokyo hospitals (St. Luke's, Japan Federation for Cancer Research, and Tokyo Medical University), Nagoya hospitals (Nagoya University Hospital, Higashi Nagoya National Hospital) and Kyoto Hospitals (Kyoto University Hospital).

A few observations about clinical applications in Japan, which are my cool technology of the week.

*The majority are client server, except Tokyo Medical University which is web based using a Java client. Nagoya University uses a Visual Basic client with a Cache database server, similar to the Brigham and Women's design. The reason for the client-server preference in Japan is strict privacy and security regulation. There is great concern that the web/HTTPS is not secure enough because of the possibility of IP spoofing, man in the middle attacks and attacks from the public internet. In the pilot HIE efforts, SSLVPN is used in addition to HTTPS to minimize these risks. I received several email from Japanese colleagues asking me to clarify the notion that EHRs and PHRs in the US use HTTPS with firewalls/intrusion detection and prevention, requiring no additional client-side software or certifications. I was told that no clinical information systems in the country are connected to the public internet except at Tokyo Medical University. In all the spots I visited, I could not reach the public internet with my laptop via a wired or wireless connection - I had to configure a secure proxy server in my network settings and Firefox before the internet was accessible.

*While most EHRs in the US focus on clinical data - problem lists, medication lists, allergy lists, notes, and result reporting - I found that most clinical applications in Japan focus on workflow. How is the work done and how do we ensure processes are optimized via IT. I found the use of bar codes for positive patient identification, medication identification, and electronic medical administration records to be more widely adopted than the US. I found integration of supply chain/just in time inventory with clinical applications. This focus on workflow is consistent with the country that invented the Toyota Production System and a focus on the work which happens on the "factory floor".

*While most EHRs in the US are very spreadsheet like, using screen position and columns/rows to represent data, Japanese systems are very visual - using colors, different font sizes and graphical icons to provide dashboards of information such as the process of drug ordering and administration. They also use colors to indicate the kind of data available about the patient on a given date in the historical medical record.

The Japanese have not yet implemented e-Prescribing, largely due to policy restrictions and regulation. Health Information Exchange is implemented in Kyoto in the very forward thinking Dolphin project, which obtains patient consent to transfer data from a hospital to a citywide repository and then enables the patient to make this data available to other hospitals by enabling the patient to grant access at the institutional level.

Because of concerns about privacy and the complex regulations surrounding healthcare information exchange in Japan, it's likely that the PHR will be their most successful short term approach to sharing electronic records. I've encouraged Google Health to consider Japan their first international pilot site. My friends in the Japanese informatics community - Dr. Tanaka, Dr. Akiyama, Drs. Yoshida (Shigetsu and Jun), and Dr. Yoshihara - are very enthusiastic to accelerate PHR use in Japan.

The focus on workflow, the graphic user interfaces and the early focus on patient controlled data exchange make Japanese EHRs my cool technology of the week.

Thursday, February 12, 2009

The Japanese Dr. Koop

As readers of my blog know, I'm a great fan of the Japanese culture, lifestyle, and people. I'm on a speaking tour of the country this week, meeting with government, academia, and industry leaders in Tokyo, Nagoya and Kyoto. Every time I visit Japan I learn more about the language, the arts, and tradition. The trip thus far has been remarkable with many insights into the challenges of their healthcare system, their plans for EHRs and their emerging interest in PHRs. I've met many friends and colleagues, had great vegetarian meals, and mastered the Tokyo subway system.

One of the most interesting experiences was having lunch with Dr. Shigeaki Hinohara, the most famous physician in Japan. He's 97 years old and loved by everyone - the Japanese version of Dr. Koop. He has published over 150 books since his 75th birthday, including one "Living Long, Living Good" that has sold more than 1.2 million copies. As the founder of the New Elderly Movement, Hinohara encourages others to live a long and happy life, a quest in which no role model is better than the doctor himself.

I asked Doctor Hinohara to describe the secrets of his exemplary physical health and sharp mental acuity.

His response was simple - sleep little, eat modestly, and work hard.

Every night he goes to bed at midnight and wakes at 5:30am. His breakfast is coffee, a glass of milk and orange juice with a tablespoon of olive oil in it. (He notes that olive oil is great for the arteries and keeps his skin healthy). Lunch is milk and a few cookies, or nothing when he is too busy to eat (we ate Soba noodles together). Dinner is mostly vegetables with a bit of fish and rice, and, twice a week, 100 grams of lean meat. His total intake is about 1800 calories a day.

He always takes the stairs and walks everywhere. He volunteers at St. Luke's Hospital in Tokyo (he's the Chairman of the Board) 18 hours a day, 7 days a week.

If I have half his energy at 97, I'll be happy!

Wednesday, February 11, 2009

Regional Health IT Extension Centers

In an editorial I wrote this week for Health Affairs (to be published in the March IT issue), I emphasized the need for Regional Health IT Extension Centers - local support organizations that help doctors install electronic health records and use them to achieve improved quality, efficiency, and continuity of care.

Farzad Mostashari, MD, MSc (Assistant Commissioner, Primary Care Information Project New York City Department of Health and Mental Hygiene) and Micky Tripathi (President and CEO Massachusetts eHealth Collaborative) took the lead in writing a white paper about this important concept.

This very important briefing describes the approach that I believe will ensure the successful rollout of EHRs in the US.

I encourage you to read it!

Tuesday, February 10, 2009

The American Recovery and Reinvestment Act

Today the Senate voted 61-37 to approve the American Recovery and Reinvestment Act of 2009, which includes important investments in health information technology and in research on the comparative effectiveness of various health care tests and treatments. These investments will quickly increase jobs in healthcare and eventually improve the quality of health care for every American. It's a milestone achievement.

Commentary has recently appeared in the press which misinterprets provisions in the bill.

Staff in the Senate have provided this FAQ to dispel any rumors you may read.

If your colleagues see any misinformation in the press, please point them to this FAQ. We do not want inaccurate commentary to undermine this thoughtful legislation.

A Shared Roadmap and Vision for Health IT

Today, the chairs of CCHIT, HITSP, and NeHC (AHIC Successor) issued a joint statement of their commitment to work together on the healthcare IT work ahead. I've attached the text of the statement.

I look forward to a very promising future for us all.

Today’s economic crisis has highlighted our need for breakthrough improvements in the quality, safety and efficiency of healthcare. The nation’s business competitiveness is threatened by growing healthcare costs, while at the same time our citizens risk losing access to care because of unemployment and the decreasing affordability of coverage. Meanwhile, the quality variations and safety shortfalls in our care system have been well documented.

Health IT is not a panacea for all of these challenges, but it is a critical first step toward addressing many of them. Before we can restructure payment systems to reward quality, we need reliable, near real time data on outcomes. Before we can reward teamwork and collaboration that re-integrates care, we need applications that let clinicians communicate patient information instantly and securely. And in order to reverse the growing burden of chronic diseases, we need online connections that engage individuals in their care and motivate them to make healthier lifestyle choices.

Our current, paper-based health information process wastes hundreds of billions of dollars annually. Transforming this into a streamlined 21st century electronic system will require many components: a conversion to interoperable electronic health records (EHRs) at healthcare facilities, the adoption of online personal health records (PHRs) for individuals, health information organizations that support and connect these systems to allow information sharing, and finally a national health information network that allows instantaneous secure access – always with appropriate consent from the individual -- wherever and whenever their records are needed.

Where we stand today

There are hundreds of stakeholders in the development and adoption of interoperable healthcare information technology including consumers, providers, patients, payers, employers, researchers, government agencies, vendors, and standards development organizations. Over the past 20 years, these groups have worked together informally, but until recently there has not been a process to create a single list of priorities or a coordinated project plan. This fragmented approach in many ways mimics the fragmented healthcare delivery system within the US.

In 2004, the Office of the National Coordinator (ONC) within the Department of Health and Human Services (HHS) was established and charged with creating a single strategic plan for all these stakeholders to work together to harmonize healthcare data standards, create architectures for data exchange, document privacy principles, and certify compliant systems which adhere to best practices. Under ONC/HHS guidance, several groups have successfully implemented this work, leading to demonstrable progress in integrating some aspects of healthcare delivery.

An HHS advisory committee, the American Health Information Community (AHIC), prioritized needs and developed harmonized health IT standards for the country based on multi-stakeholder collaboration around a tool known as a “use case.” It produced 3 use cases in 2006, 4 use cases in 2007, 6 use cases in 2008, and a prioritized list of standards gaps to fill in 2009. The successor to AHIC, the National eHealth Collaborative, is a voluntary consensus standards body that extends the strengths of AHIC by enabling broader private sector and consumer representation. It will continue this work by developing and prioritizing initiatives to solve real implementation challenges in the field.

The Healthcare Information Technology Standards Panel (HITSP), a voluntary group of standards experts, received 13 use cases plus a privacy/security standardization request from AHIC. All of these use cases led to unambiguous interoperability specifications that were delivered within 9 months of receiving the request. The standards were chosen by consensus in an open transparent manner with many controversies resolved along the way. At this point, standards for personal health record exchange, laboratories, biosurveillance, medications, quality, emergency first responder access to clinical summary data, home health device monitoring, immunizations, genomic data, hospital to hospital transfers of records including imaging data, public health reporting and patient-provider secure messaging are finished. Consequently, standards are no longer a rate limiting step to data exchange in these cases.

The Certification Commission for Healthcare Information Technology (CCHIT) has certified over 160 electronic health record products based on detailed functional and standards conformance criteria. It has achieved broad industry recognition as the place to develop a roadmap for the features and interoperability requirements to include in the yearly revisions of health care IT products.

Using the harmonized standards, the Nationwide Health Information Network, a pilot initiative of HHS, demonstrated a successful architecture for pushing data between stakeholders, for query/response to pull data, and appropriate security protections. Many of these pilots have become production systems in their localities. 

Working together, thousands of volunteer hours in these organizations have led to policy and technology frameworks that have been embraced by several live healthcare exchanges including those at the Social Security Administration, eHealth Connecticut, Keystone Health Information Exchange, Boston Medical Center Ambulatory EMR, Vermont Information Technology Leaders, Inc. (VITL), MA-Share (a statewide data exchange), and Beth Israel Deaconess Medical Center.

New Framework for Collaboration
While much has been accomplished, much remains to be done to accelerate adoption and interoperability of health IT. After an 18 month process involving hundreds of stakeholders, the National eHealth Collaborative (NeHC) was created to carry forward this work. NeHC is structured as a voluntary consensus standards body to bring together consumers, the public health community, health care professionals, government, and industry to accelerate health IT adoption by providing a credible and transparent forum to help establish priorities and leverage the value of both the public and private sectors. As a public private partnership, it is able to reach broadly into all sectors of health care, including health professionals, government agencies, health systems, academic medicine, patient advocates, major employers, non-profits, technology providers, and others.

This balancing of interests and expertise is critical to accelerating adoption and would be difficult to replicate in a purely public or purely private sector setting. Past competing interests and priorities within each sector have contributed to the historically low creation and adoption of compatible enabling technologies. By expanding the role of the private sector beyond what was available through a public-driven forum, NeHC can leverage industry resources and best practices—at the same time, assured public sector and consumer participation engenders activities that are transparent and supportive of high-quality, patient-centric coordinated care. The National eHealth Collaborative has refined and expanded the process for establishing priorities developed under AHIC. The National eHealth Collaborative’s goals for the prioritization process are to:

Identify breakthrough strategies to increase interoperability by prioritizing stakeholder-initiated value cases for national action

Provide broader stakeholder input into which value cases and interoperability initiatives are pursued

Place more emphasis on the value proposition of each proposed set of interoperability initiatives.

Building on experiences with use cases, NeHC has developed the “value case,” a new tool for setting national priorities which describes the utility and projected benefits of an initiative addressing a specific obstacle to achieving interoperability. Value cases may focus on standards harmonization, but may also address other breakthrough strategies for driving interoperability, including model processes (such as a model of the “ideal” care coordination process); best practices (such as incorporation of ePrescribing into provider workflow or managing the communication of results out to the referring physician); and frameworks (such as a service oriented architecture for health information exchange). Each value case includes an assessment of the feasibility of implementing the proposed standard or other construct and the extent of stakeholder commitment required to ensure widespread adoption.

The processes and criteria to efficiently move the value case process forward begins with a national strategy and national call for submission of cases, both from government and the private sector. High level government participation plays a key role in guiding the value case process. As value cases are developed, NeHC will facilitate the appropriate action. If standards harmonization is required, HITSP will be consulted to develop use cases and recommend standards for adoption, or expert panels may be convened to address architectures, best practices, terminologies, or other issues. Once approved by the NeHC Board, outputs will be provided to CCHIT for potential incorporation into certification criteria and as a signal to developers for their product modifications.


Given the resources of the proposed stimulus package, our country is poised for great success in healthcare IT. As a nation, we will work together to ensure every patient has a secure, interoperable electronic health record. But what does this mean for patient care?

We will improve the quality of care by coordinating handoffs between providers. No longer will you be asked to fill out the clipboard with the basics of who you are, what medications you take and your existing medical conditions.

Medications will be checked for interactions as they are prescribed. Caregivers will be electronically notified of critical values in lab results and important results on x-rays.

Patients will be able to access their medical records electronically, communicate with their doctors, and use home monitoring devices to coordinate care without a visit to the doctor’s office.

Beyond these improvements in quality, safety, and convenience, the coordination of care will result in better value for our healthcare dollar by minimizing redundancy and waste.

The roadmap for standards harmonization, certification of healthcare IT products, and secure data sharing of medication, laboratory, and clinical summary information is clear. Completing this work is a journey and all our organizations, NeHC, HITSP and CCHIT, are unified to walk that road together.

The momentum created by the close collaboration of all these groups is based on trust, established working relationships and clearly defined roles/responsibilities. Together, they constitute a healthy ecosystem of organizations, each with clear accountability, transparency, and governance to ensure they are all aligned. We are committed to working together to meet the expectations of consumers and other healthcare stakeholders in the future.

The past four years have seen significant accomplishments, despite the limited funding made available. Beyond the complex mechanics of setting up these activities, what is probably more important has been the development of engagement and trust from stakeholders throughout the health care sector, something that can not be rushed. With the increased funding available in the economic stimulus legislation, we will build on the momentum, trust, and leadership that has already been painstakingly established.

Our vision is one of a 21st century health system in which all health information is electronic, delivered instantly and securely to individuals and their care providers when needed, and capable of analysis for constant improvement and research. With better information upon which to base decisions, the challenging process of health reform can successfully proceed – measuring quality, rewarding value, engaging individuals -- and lead the way to better health for all Americans.

John D. Halamka, MD, MS, is Chief Information Officer of Beth Israel Deaconess Medical Center, Chief Information Officer of Harvard Medical School, Chairman of the New England Health Electronic Data Interchange Network (NEHEN), CEO of MA-SHARE (the Regional Health Information Organization), Chair of the US Healthcare Information Technology Standards Panel (HITSP), and a practicing Emergency Physician.

Mark Leavitt, MD, PhD, is Chair of the Certification Commission for Healthcare Information Technology (CCHIT).

John Tooker, MD, MBA, FACP is the Executive Vice President and Chief Executive Officer of the American College of Physicians (ACP), Chair of the board for the National Committee for Quality Assurance (NCQA), and Chair of the board of the National eHealth Collaborative (NeHC).

Monday, February 9, 2009

Setting Expectations

A few weeks ago when I presented to government staffers, one person used a recent experience with uncoordinated care to suggest that data standards harmonization has not been successful. Standards are very important, but standards alone cannot reform the US Healthcare system.

Thus, as we evaluate the work of ONC, AHIC (now NeHC), HITSP, CCHIT, HIPSC, and the NHIN pilots, we need to be very specific about the criteria for success and how we'll measure it. Here's my sense of the performance of each of these groups and the next steps required to align expectations for the work ahead.

There are hundreds of stakeholders for healthcare interoperability including payers, providers, patients, employers, government agencies, vendors, and standards development organizations. Over the past 20 years, these groups have worked together informally, but there has not been a process to create a single list of priorities or a coordinated project plan. ONC was charged with creating a single strategic plan for all these stakeholders to create a uniform set of data standards, pilot architectures for data exchange, document privacy principles, and certify compliant systems which adhere to functional criteria created collaboratively. It has coordinated the work of many subgroups that have successfully executed this work, as described below.

AHIC prioritized standards harmonization use cases for the country based on multi-stakeholder input. It produced 3 use cases in 2006, 4 use cases in 2007, 6 use cases in 2008, and a prioritized list of standards gaps to fill in 2009. The successor to AHIC, the National eHealth Collaborative will continue this work by prioritizing value cases that, in addition to standards, will include model processes (such a model of the “ideal” care coordination process) best practices (such as incorporation of ePrescribing into provider workflow or managing the communication of results out to the referring physician) and frameworks, (a service oriented architecture for health information exchange).

HITSP received 13 use cases plus a privacy/security standardization request from AHIC. All of these use cases led to unambiguous interoperability specifications that were delivered within 9 months of HITSP receiving the request. The standards were chosen by consensus in an open transparent way. Many controversies were resolved along the way. At this point, standards for personal health record exchange, laboratories, biosurveillance, medications, quality, emergency first responder access to clinical summary data, home care device monitoring, immunizations, genomic data, hospital to hospital transfers of records including imaging data, public health reporting, and patient-provider secure messaging are finished. There is still some discussion in the industry about the Continuity of Care Record verses the Continuity of Care Document, but all the other harmonization has broad consensus among the majority of stakeholders. This is A+ work. However, if broad and immediate implementation of these standards is the expected metric, then there are many factors outside of HITSP that need to be aligned including widespread implementation of products which use the standards, incentives to exchange data, and the resources to do so.

CCHIT has certified products based on hundreds of detailed functional and standards conformance criteria. It has achieved broad industry recognition as the place to develop a roadmap for the features and interoperability requirements to include in the yearly revisions of Healthcare IT products. This is A+ work. However, if the metric for success is plug and play data sharing between all certified products, then there are many factors outside of CCHIT that need to be aligned such as a very specific expectation of the data to be shared, by whom, and under what circumstances. CCHIT certified systems today are excellent at laboratory and e-prescribing data exchange. They can also import and export standardized clinical summaries, and this year will add network-interface features that let them share them via Health Information Exchanges. But there is not a live nationwide grid of healthcare data exchange to plug into as of 2009, so data exchange among CCHIT certified products is dependent on local and regional data exchange infrastructure.

The NHIN pilots demonstrated a successful architecture for pushing data between stakeholders, for query/response to pull data, and appropriate security protections. Many of these pilots have become production systems in their localities. This is A+ work. However, if the NHIN is to be judged on the number of transactions exchanged among cities, regions, and states, there are many factors outside of the NHIN, such as variations in state law and privacy policies that are still a work in process.

The HISPC groups documented the privacy practices in 34 states and territories. There was great sharing of experiences and best practices for polices, opt-in/opt-out models of consent, and technical security protection. This is A+ work. However, if HISPC is to be judged on the creation of a uniform national privacy policy there are many outside factors, such as HIPAA pre-emption by state laws, that are still a work in process.

Thus, to me all the efforts to date have been very successful, as measured by the goals each organization was given. Their work continues and every year brings new accomplishments.

However, the public, Congress, and the healthcare industry may have different expectations. I believe the work ahead is to set achievable expectations based on what can be widely implemented, with clear milestones and metrics for success. Here are the measurable goals I would suggest:

1. Require an EHR for every patient in the country by 2014 through the use of incentives, penalties, and regional implementation teams. ONC should monitor progress and help overcome resource and policy roadblocks.

2. In parallel with the EHR rollout, ONC/NeHC/HITSP/CCHIT/NHIN/HISPC/CMS, and the private payer community should work together to ensure 90% compliance with e-Prescribing, electronic laboratory exchange, and clinical summary exchange for all existing EHR users by the end of 2011, aligning this work with existing CMS incentives for adoption and adding new ones where needed.

3. NeHC should add data exchange goals in a stepwise fashion after 2011, based on stakeholder priorities, success of goals 1+2, and resources available.

These goals are focused, require that we ensure the interoperability specifications for the standards are easy to implement, require that we finalize the specifics of the data exchange architecture to be used, and require that we make some determination of the privacy policy that is good enough (patient controlled via a PHR or opt-in consent are my recommendations).

We can publish quarterly statistics of our progress and all stakeholders can objectively evaluate our success or failure based on well defined metrics.

By setting expectations, allocating the resources, and monitoring our progress, I am confident that we as a country can do this. We put a man on the moon with 7 years of effort. When we align our strategy, resources, and strength of will, we can do anything.

Friday, February 6, 2009


Some call them Crackberries, but my best information is that the new moniker will be Barackberry. The debate continues to rage on about whether the President will use his existing Blackberry 8830 or move to the General Dynamics' Sectera Edge, a combination phone-PDA that's been certified by the National Security Agency as being acceptable for Top Secret voice communications and Secret e-mail and Web sites.

Here are a few summary articles about the great Blackberry in the Whitehouse debate

The Atlantic notes the NSA has added additional encryption features to the existing Blackberry platform.

ZdNet describes the Sectera Edge in detail.

Engadget summarizes the debate. Most amusing are the hundreds of comments.

The gist of the debate are the an questions: Is a Blackberry

*good enough for TOP SECRET voice communications
*a risk to national security because the RIM data centers are operated by a foreign corporation (Canada)
*banned in secure facilities because it contains a camera
*a risk to personal security because it has built in geolocation features such as those I use
*a risky application platform that could be used to download applications which compromise secret information about presidential movements
*might be hacked by foreign governments who receive his messages or send him false information in a crisis

My experience is that a Blackberry was designed for secure business communications with end to end encryption from device to corporate data center.

To be honest, I'd rather have a secure mainstream business device that is tested by millions of people every day and constantly improved than a brick-sized smart phone that looks like something Maxwell Smart would carry and is used by a very small number of people who are less likely to discover its flaws.

Thus, my cool technology of the week goes to the Barackberry 8830 with added NSA encryption!

Thursday, February 5, 2009

Measuring Success

Over the past few weeks, I've reconnected with several folks from my past on Facebook and Twitter. It's an interesting end to the story to see what my High School friends have experienced over the past 30 years. There's good news and bad news, happiness and sadness, and occasionally a sense of missed expectations i.e. "My life did not turn out as planned"

What should we expect from life, especially when we're 16 years old?

Some want fame.

Some want fortune.

Some want power.

Since High School I've discovered that life is much more subtle than that. Life is about finding your passion and committing every day to it.

In my case, I wake up every day and ask

"How can I make my wife and my daughter happy today?"

"How can I ensure patients will receive the best possible care through the use of the IT systems I oversee?"

"How can I experience some wonder of the natural world - something as simple as watching a plump squirrel meander through my back yard or feeling the wind on my face as I run through a local forest?"

If you're doing what you love to do, have the basics of food/clothing/shelter/health, and have people you care for/care about you, then you're successful.

My 16 year old daughter will apply to college next year.

Will I measure her success based on an application to Harvard, Stanford, or MIT? Will I only feel satisfied if she becomes a doctor, lawyer, or public figure? Will I demand that she marries into a family with wealth, power or fame?

The answer is simple - I've told her to find her passion and pursue it with gusto, becoming the best she can be at whatever brings her joy. That could mean Middlebury or Mass Bay (a local community college). It could mean Pharmacology or Farming. It could mean marrying a member of the Forbes 400 or a Forest Ranger with a great sense of humor.

We set expectations based on what we believe society defines as success. The problem with this is that society continuously changes the definition. When I was an Emergency Medicine Resident, ER was the most popular new series on television and society defined my intended career as glamorous. Then again, society also defined Wall Street as a highly desirable career. Society's expectations are ephemeral.

In my youth, I thought society defined success as the car you drive, the house you own, and the clothes you wear.

Today, I know that none of these things really matter.

Define your expectations as pursuing your passion and you'll not be writing "My life did not turn out as planned" 30 years from now. For me, life is filled with daily adventures and no particular expectation where I will end up, but the journey will be quite a ride.

Wednesday, February 4, 2009

Conflicts of Interest 2009

It's time for my annual post of my conflicts of interest.

Many of my regional and national activities are volunteer positions that require me to be a non-voting facilitator, so openly publishing my possible conflicts of interest is important.

1. My W2 is issued by Beth Israel Deaconess Medical Center, which invoices Harvard Medical School for the time I spend there. BIDMC and HMS are my only two paying jobs. I consolidated them into one W2 (BIDMC chargeback to Harvard) to avoid having two paychecks and double FICA.

2. In 1993, I created a family trust and all my savings/investments are managed in that trust by an independent third party. In the 15 year lifespan of this trust, I have not made a single investment decision to buy or sell any particular stock, bond, or fund.

3. Harvard has very strict rules about working with for-profit companies. No Harvard logos can be used in association with a commercial product. No organizational endorsements are permitted i.e. "Harvard thinks this is the best product on the market!". Case studies are fine and objective comments about functionality are permissible i.e. "I tested 5 products and found product x met my specific functional criteria." Whenever I do case studies, they are reviewed by Public Affairs at Harvard Medical School for appropriateness.

Whenever I have a question about serving as an adviser or board member, I inform Corporate Compliance at BIDMC and seek permission. Here are the roles I serve in for-profit companies and the financial arrangements:

Healthline Medical Advisory Board - Healthline has a built a search engine that uses controlled vocabularies/ontologies in an attempt to deliver more specific search results to users i.e. it knows that brains contain neurons and thus a search on neurons also looks at diseases of the brain. I serve on their advisory board to offer suggestions about how to incorporate medical knowledge in the search process. I have not accepted any compensation. I was asked to serve as an adviser by one of my former professors, who leads the Medical Advisory Board.

Anvita Health (formerly SafeMed) Board of Directors - I rarely serve on the Boards of companies, but I made an exception with Anvita because I so strongly believe in their mission - to provide healthcare analytics and actionable health intelligence to doctors, patients and payers using a web-services architecture. They are the decision support behind Google Health, informing patients about medication interactions. I have not received any cash compensation for my Board service and but have stock options (as is typical for Board members) which I have not exercised. Thus I own no stock. My options have been declared with Harvard and BIDMC and I have recused myself from any decisions regarding purchasing of Anvita products. At present, BIDMC uses Anvita as part of our Blue Cross and Harvard Pilgrim Healthcare radiology cost control initiatives.

ePocrates Board of Directors - ePocrates is handheld prescribing software that runs on Treos, Blackberries and the iPhone. Many attending physicians, residents, and medical students at Harvard download the free version of ePocrates. Since it is the most popular mobile software used by clinicians at BIDMC and Harvard, I agreed to serve on the Board of Directors. I have not received any cash compensation for my Board service and did receive stock options, as is typical for Board members. These options were purchased by an investor in the company in 2008, so I do not currently own any ePocrates stock. I have recused myself from any purchasing decisions regarding ePocrates products.

These are all my for-profit company activities. I have no pharmaceutical company sponsorships, no lobbying activities, and no non-cash perks provided by anyone.

If there is anything I can do to adhere to other best practices, ensuring my objectivity, let me know!

Tuesday, February 3, 2009

Update on Conficker

Last week, I wrote about the effort to proactively protect BIDMC and Harvard from the Conficker virus.

Our efforts continue with the following:

1. IT Security is verifying whether or not the MS08-067 vulneribilty shows up on our scan on an infected machine. We have been assuming that machines showing the vulnerability are the only machines we need to worry about. It is possible the virus does some type of masking once it is introduced to make the machine look like it has been patched.

2. We are verifying that the update of the anti-virus agent on an infected machine cleans the virus. If not, the machine will need to be rebuilt from scratch.

3. The daily reports of virus activity will be closely monitored to identify any sign of infected machines. So far, we have seen only one in the entire enteprise. Infected machines try to infect other machines on the same subnet so they get reported by our intrusion detection tools.

4. To add more surveillance to the data center, Security is engineering a report that will list all active IP's in the data center and disaster recovery site. This list will be compared to those registered in McAfee ePolicy Orchestrator (EPO). Any exception, i.e. data center device not registered in EPO or device not up-to-date with anti-virus per EPO, will be immediately pursued. Our expectation is that all Windows hosts in the data center are updated daily.

5. We are examining what is typical in the Active logs for account lockouts, similar to what we do for patient access. If we can establish what's typical, we can threshold it and create an alert when something unusual occurs.

6. We now have a list of devices that the scan showed do not have the MS08-067 patch. We are pushing them out to managed machines and contacting others who have private machines. Some of the latter are medical devices, e.g. GE PACS, etc.

7. We are using this incident to fine tune our virus incident response process. It's been awhile (good news/bad news) since we had such a notable virus in the field. When you don't exercise, you get out of tune.

8. We continue to learn more about the sophistication of the virus and its ability to hide, morph, and so forth. There continues to be questions as to what it's ultimate intentions will be.

One thing this episode reinforces is the need to have security in depth, i.e. layers. Although we discovered many devices with the vulnerability, our anti-virus was up-to-date on them. For some hosts, we also had the host-based intrusion detection and prevent (Third Brigade) turned on. The combination of aggressive patching, constant monitoring, daily anti-virus updates, and host based intrustion prevention has limited the impact of Conficker on our networks thus far.

Monday, February 2, 2009

My Economic Indicators

Economists track changes in the money supply, personal debt, consumer confidence, and durable goods orders. My signs of economic health are more subtle.

1. Email volume on nights and weekends

In good times, people eat out at restaurants. They go to concerts, plays, and movies. They take weekend trips with the family.

In bad times, they stay at home and email.

For the past two months, I've received an average of 100 emails between 6pm-12am and another 50 between 12am and 6am. This is double the usual volume for those hours.

Similarly I've received an average of 100 emails during the day on weekends.

I believe there are two aspects to this indicator. People are not spending money on "nice to have" events and people are very concerned about their jobs, so they are working harder. As a corollary, some may be working harder to cover for unfilled vacancies which are frozen or for terminated positions.

It's clear to me that people are working harder and longer than usual. As soon as the email volume starts decreasing, I'll know that the economy is on the mend.

2. Parking lot volume at "fix it yourself" stores

As the Home CIO, I do Cat 6, HDMI, and audio cabling. I do electrical and plumbing. In a pinch, I do metal and carpentry. Over the weekend I upgraded the cabling in my home to Cat 6 to support Gigabit Ethernet. You Do It Electronics, our local component and cabling store in Needham, was packed with customers trying to repair their home audio, video and computers rather than upgrade or replace them. I chatted with the manager and he explained that volumes have been much heavier the past few months with folks who are avoiding new purchases and professional repairs. Is it any wonder that Circuit City is going out of business?

When Best Buy's parking lot fills up and You Do It Electronics is quiet, the economy will be on the mend.

3. Resume volume and requests for help from colleagues

Every day I receive 10 resumes from recently laid off senior IT professionals. I also receive numerous emails and phone calls from CEOs, Deans, and Professors asking me to help a colleague who has recently lost his or her job. My first two calls today are with very senior people to help begin their job networking process.

When the calls and resumes slow to 1 or 2 a day, the economy will be on the mend.

4. eBay price/sales volume

As I do lifecycle maintenance and testing/improvement of my outdoor gear, I sell my high end hiking/kayaking/skiing/climbing gear on eBay. Generally I call sell these items at 80% of retail price. Now I'm getting 50% or no sales at all.

When eBay returns to a vibrant marketplace the economy will be on the mend.

5. REI, Eastern Mountain Sports, Altrec, and Spam volume

Every day I get an email from an outdoor supplier advertising 25-75% off. The sales advertising is endless and even previously undiscounted brands such as Arcteryx are included in the price chopping frenzy.

When the "Last Chance to Save" Spam from retailers diminishes, the economy will be on the mend.

Maybe I should share these indicators with former Harvard President Larry Summers who now leads the White House's National Economic Council!