Friday, January 29, 2010

The iPad and Healthcare

Several folks have asked - will the iPad revolutionize healthcare?

The answer is Yes and No.

My ideal clinical device is

*Less than a pound and fits in white coat pocket
*Has a battery life of 8-12 hours (a full shift)
*Can be dropped without major damage
*Has a built in full keyboard, voice recognition, or very robust touch screen input
*Provides a platform for a variety of healthcare applications hosted on the device or in the cloud

Netbooks and laptops are too heavy, too large, and do not meet my battery life requirements.

The iPhone is too small for reliable data entry.

The Kindle is a great device but not a flexible application platform.

The iPad comes closer to my requirements than other devices on the market.

However, the ideal clinical device would include a camera for clinical photography and video teleconferencing.

Entering data via the touch screen with gloved hands may be challenging on a capacitance touch screen.

Holding the iPad with one hand means hunt and peck typing with the remaining hand.

The device is a bit large for a white coat pocket, may be hard to disinfect, and may not be tolerant of dropping onto a hospital floor.

I look forward to trying one to validate these assumptions.

My general impression is that it is not perfect for healthcare, but it is closer than other devices I've tried.

It will definitely be worth a pilot.

Thursday, January 28, 2010

Vegan Pizza

At home, our vegan cooking is based on seasonally fresh fruits and vegetables, homemade tofu, and the basic idea that every ingredient should be savored for its special qualities.

Our vegan pizzas are freshly baked crusts topped with pesto, tomatoes, broccoli, and mushrooms.

Recently, we discovered a remarkable Vegan Pizza restaurant close to Boston - Peace O'Pie, Gourmet Vegan Pizza in Allston.

This is not a pizza joint with a veggie pizza. It's an entirely Vegan restaurant owned and operated by vegans. Fresh, organic produce is the core of every Pizza. There are no refined sugars. Even the whole wheat crust and pizza sauce are organic.

We recently had a great Hawaiian Pizza and The MD (herb roasted onions and zucchini). The "cheese" used is Daiya, a wonderful food made from tapioca flour and ground peas that tastes and stretches like Mozzarella.

Even the building is eco friendly - the counter front is bamboo, the ceiling tiles are recycled, and the countertops are made from PaperStone.

Everything is freshly made.

I highly recommend Peace O'Pie for vegans and non-vegans alike. It's pizza you can feel good about.

Wednesday, January 27, 2010

A Privacy Breach

Today, Beth Israel Deaconess and UCSF issued press releases about a complex situation.

Over a year ago, an employee of BIDMC who had authorized access to data for quality improvement activities placed clinical data (not financial or social security number data) for approximately 2,900 patients on a thumb drive. The employee left BIDMC and went to work in California for UCSF. While at UCSF, the employee copied the thumb drive to a UCSF owned laptop in order to demonstrate quality improvement reporting. The laptop was stolen, then recovered. There is no evidence that the data on the laptop was accessed.

BIDMC takes this situation very seriously and notified the patients, Health and Human Services, and the media.

As with other challenging situations I've discussed such as the CareGroup Network Outage and the Limitations of Administrative Data, it is my intent to openly share lessons learned with my colleagues and the industry. By writing about the process, I hope to encourage policy and technology improvements at healthcare institutions throughout the country to protect privacy.

A few thoughts

1. Make sure you have a policy requiring that all mobile storage devices be secured. BIDMC has a written policy and is revising it to be even more restrictive.

2. To further mitigate risk, encrypt all laptops. BIDMC has implemented McAfee Safeboot for this purpose. Harvard Medical School has licensed PGP Whole Disk Encryption for this purpose.

3. Educate employees about the policy and technology best practices to protect privacy. A learning management system is great for this.

4. Sanction employees who violate the policies

5. Implement new technologies that scan/restrict data transfers in the organization i.e. scan email for medical record numbers or patient identified information sent non-securely.

The combination of strong policies, state of the art technology, and education is required to protect patient data.

In this case, an authorized employee took data in violation of policies and placed it on technology not controlled by BIDMC. Likely, the laptop data was not accessed but you can be sure that additional education, broad communication with patients, and close collaboration with government and the media will be our next steps.

The Grant Programs from ONC

How do you spend $2 billion dollars wisely and quickly on Healthcare IT?

Here's ONC's complete grant funding plan

Beacon Communities $235 million

Nationwide Health Information Network/Standards and Certification $64.3 million (details are pending)

These are the major initiative but there are are other smaller contracts and projects, hence the total above is less than $2 billion.

Regional extension center and Health Information Exchange funding will be announced before the end of January.

Beacon Community applications are due February 1 and work will begin in March.

SHARP grants were due January 25.

The FOA for Nationwide Health Information Network/Standards and Certification will be issued soon.

I've agreed to be a project advisor to groups applying for every one of these grants.

I'm most directly involved in Beacon Communities submission for Greater Boston.

I'll post our Beacon Community plan on my blog as soon as I am able.

If any grant naming me as a collaborator or advisor is funded, I will post the details in the interest of full disclosure.

January 2010 has been one of the most intense months of my career - we got the IFR, the NPRM, HIT Standards Committee and Workgroup efforts, HITSP's finished deliverables, and nearly $2 billion in grant opportunities, all happening at the same time.

The secret is to limit your involvement in national, regional, and local Health IT projects so that you are maximally challenged, not overwhelmed. Best of luck to all who are applying.

Tuesday, January 26, 2010

BIDMC Data Marts

At BIDMC, our clinical systems are written in a hierarchical database called Cache - a very fast transactional system with great reliability and disaster recovery features.

However, for population health, quality, and performance analysis, we export our clinical care data into over 80 data marts build with SQL Server 2008.

These data marts are focused on specific reporting areas such as pharmacy, radiology, lab, and O.R. They are designed and maintained by an IS team within Clinical Information Systems. Updates generally occur daily and are managed via SSIS packages.

BIDMC data marts are used to support ad hoc queries by analysts as well as standard reporting via Performance Manager, a web-based, self-service reporting application developed by BIDMC IS. Some of the key content areas and uses for the data are shown in the graphic above.

One of our most powerful data marts is the BIDMC/Joslin Diabetes registry, which uses a Master Patient Index to link all the records of the two institutions together into one reporting infrastructure. It identifies all diabetic patients and consolidates a variety of relevant clinical and operational data into a single data mart optimized for tracking and reporting. Data elements include laboratory results Hemoglobin A1C and cholesterol, blood pressure, and outpatient medical and vision care appointments. In addition to data from BIDMC, the registry includes laboratory and vision care data from Joslin, providing a complete picture for BIDMC patients who also receive diabetic care at Joslin.

We've identified the person whom we believe is the Primary Care Physician and generated web-based reports for PCPs to validate that patients in the registry actually have diabetes. Surprisingly large number don't have diabetes. Diabetes was coded, for example, in ordering an A1C as a "rule out". We've also designed management reports that measure compliance with guidelines for diabetes care. We hope to leverage this infrastructure as part of our Beacon Communities grant application and make it available as a model for diabetic care throughout the community.

Our data marts, combined with the community quality data center hosted by MAeHC, provide us all the tools we need to improve quality and efficiency in our inpatient, ED, and ambulatory practices throughout greater Boston.

Monday, January 25, 2010

The January Meeting of the HIT Standards Committee

At the January 20, 2010 meeting of the HIT Standards Committee, we had an important discussion of the Interim Final Rule and Notice of Proposed Rulemaking.

Doug Fridsma presented this powerpoint about the Interim Final Rule. Slide 3 illustrates the linkage between Meaningful Use objectives, Certification criteria and standards. It's a 1:1 mapping - every objective has certification criteria. Every certification criteria has standard(s) requirements. Slides 5-8 document the differences between the HIT Standards Committee recommendations and the IFR. You'll see that most of the base standards recommendations from the HIT Standards Committee (based on a foundation of HITSP work) were included in the IFR.

We discussed several key questions.

Why does the IFR lack detailed implementation guidance?

The IFR is a regulation, which means that the details provided in it are hard to change. By providing base standards but enabling implementation guidance to be published separately from the regulation itself, ONC allowed evolution and refinement of more specific guidance.

Why does the IFR identify architectural approaches to transmission, REST and SOAP but not transaction orchestration?

ONC is spending $60 million on reference implementations of transmission/transport software for the NHIN, some of which will be very simple (RESTful)

Will there be APIs developed by vendors, especially for routing patient summaries per the patient preference?

ONC is trying to balance regulation and market forces, believing that PHR vendors will come together and create a common API for patient data transmission if it is required by meaningful use.

Karen Trudel from CMS presented this powerpoint about Notice of Proposed Rulemaking.

It contains many questions and requests for comment. The comment period closes March 15 and we'll see revisions of the NPRM that are directly related to comments. Likely most revisions will be deletions and changes, but if additions can be justified based on the comments, they are possible.

Each Workgroup chair presented their workplaces for the next 6 weeks and the next 6 months. The workgroups will all make comments about the IFR to the entire HIT Standards Committee for its review at the February 24 meeting. The Committee will forward its consolidated comments to ONC by March 1.

You'll see substantial work on vocabularies and implementation guidance including security/privacy over the next 6 months.

The sense of the HIT Standards Committee is that ONC did a great job on a tight timeframe. The comment period will add the final polish.

Friday, January 22, 2010

Cool Technology of the Week

As the home CIO, I need to manage our household IT infrastructure - iMacs, MacBooks, wireless, archival storage, printers, and Internet connections. We're an intense user of bandwidth internally and externally.

In an effort to reduce travel, I use video conferencing technologies - Cisco Telepresence, iChat, and H323 via Polycom software. I do large file transfers.

My wife, who teaches digital photography at the Boston Museum of Fine Arts School and Bentley University, manages all her courseware and photography assignment review via the Web.

My daughter uses bandwidth extensively for school research projects, media (music/video), and social networking.

I've been an early adopter of FiOS and the 20 megabit down/20 megabit up service as part of my teleconferencing pilots.

My cool technology of the week is that FiOS is now available with 25/25 or 35/35 megabit service to all home customers. This means that your home will likely have more bandwidth than your office or school. This means that your home infrastructure will be an enabler and not a rate-limiting step.

To me, bandwidth has significant implications for society. The potential applications for that bandwidth will shape the way we work and play. Video teleconferencing and working at home will become more common. This means that we'll be able to save all those commuting hours and reduce our energy bills. Data intensive research, once limited to universities, can be done anywhere. Home wireless devices have unimpeded access to media. Novel home telephony, video delivery, and large software downloads are enabled.

In the 1980's when I ran a small software company, I made software patches available via 300 baud dial-up modems. Anything more than a few megabytes was problematic to download.

Today, downloading gigabytes of software takes a few minutes.

Having a fiber connection to the home and using that fiber for voice, video, and data have eliminated my dependency on any office or institution. It's made me more productive and given me the tools I need to support the 24x7 connectivity requirements of the CIO lifestyle.
Most importantly, my family is no longer constrained by any bandwidth issues - I no longer hear "Internet is slow, I cannot do my work, my software updates take too long." The home CIO has high customer satisfaction.

25 or 35 megabits to the home. That's cool!

Thursday, January 21, 2010

Stress Acceleration

When I think back on my high school experience, I remember an 8am-3pm school day, a cross country/track workout from 3p-5p, a snack until 6pm, and an hour of reading or problem sets. After that, my time was my own to experiment with early microprocessor circuits, tinker with building a hovercraft (powered by a used vacuum cleaner motor) or do personal writing (I entered dozens of essay contents as a teen). Weekends were filled with bike riding up and down the coast of California, SCUBA/snorkeling in local marine preserves, or helping around the house. Summers were filled with outdoor pursuits and low key internships.

My daughter is 16 and is experiencing the typical modern public high school schedule - classes from 7:30 or 8:30am to 2:30pm, a bit of after school community service or exercise, and then 8-9 hours of homework per night, typically ending at midnight or 1am. I've talked to other parents and found this schedule to be typical. Homework might include hundreds of pages of reading, the creation of a complex research paper, and the self teaching of advanced genetics. Given that this level of intensity is the norm, colleges consider a high grade point average in honors/AP classes plus near perfect SATs to be just a starting point.

I was not a Pulitzer prize winner, first violin for the local symphony or the lead in a Hollywood film as a teen, yet this is the kind of achievement that appears on today's college applications. Harvard admits 4% of its applicants.

In my 20's the work day began at 9am, ended at 5pm, and did not span into weekends. There was no email. Fax was an emerging technology. Overnight shipping did not exist. Modems were 110 baud.

Today's work day (not just for me but for many) is 24x7x365 with 50% more filling each day than was previously possible because hundreds of email saturate mobile devices with a constant stream of new work.

My Martin Luther King Day ("a national holiday") had 3 meetings, 500+ email, 2 conference calls and 5 projects. People used the day to catch up and now that the office is wherever your laptop and cellular are, it was a full workday for many.

Does this acceleration of stress bother me? Over the years of medical training and leading large complex organizations I've learned to adapt to just about anything. For every issue there is a process to resolve it.

Is it sustainable for society? I don't think so.

Just as humans were not content to run a 4 minute mile or ascend Everest with supplemental oxygen, we seem to be demanding more of ourselves and our families than is rational or healthy. We're becoming a nation of multi-taskers with ADHD, doing more, in shorter time, but not necessarily living happier, more satisfying lives.

Can we sit and enjoy a meal without thinking about work or checking email? Can we go to a movie or concert for an evening without needing to stay connected? Can we turn off our social networks for a week without suffering withdrawal?

The level of stress I see around me is leading humanity to increase consumption of pharmaceuticals (have a problem - take a pill), eat poorly, and reduce the baseline of human kindness (driven in Boston lately?).

My grandfather did not attend college. My father completed more education by 21 than my grandfather did in his lifetime. I completed more education by 21 than my father will in his lifetime. My daughter will complete more education by 21 than I will in my lifetime. Where does it stop?

At some point, we have to wake up, turn off our Blackberries, set limits on tolerable stress in our lives and regain our civility.

Can we reduce the size of our homes, the number of cars in our garages, and our lifestyle burn rates to enable us to work less and improve the quality of life?

I'm not worried about me - I've developed the discipline to leave my stress outside the home. I do worry about my daughter, her future children, and the generations to come.

Just as a parachuter accelerates at 32 feet/second/second until reaching terminal velocity, there is a point in our existence as humans that stress acceleration will take us to terminal velocity in the quality of our lives.

It is my hope that high schools/colleges, employers, and policymakers think about the terminal velocity we're approaching and open the parachute against stress acceleration before it's too late.

Wednesday, January 20, 2010

A History of Our Healthcare Future

When Stage III of Meaningful Use is fully implemented in 2015, what will our healthcare system look like? Here's my future forward look at the changes in the provider, patient, payer, and researcher experience five years from now:

*Clinicians will become healthcare coordinators, working in partnership with patients to manage wellness using a shared lifetime electronic health record.

*Clinicians will produce a record that is designed to be shared with the patient, instead of just supporting the billing process.

*Hospitals will compete based on the results they achieve rather than the grandeur of their buildings. Transparency in the reporting of quality and outcomes will transform the healthcare marketplace. Patients will have a much better understanding of quality, cost, and outcomes.

*Patients will undergo fewer tests and take fewer medications because redundant and inappropriate care will be reduced. Healthcare value will improve - higher quality for less costs, since less care is often the right answer.

*Patients will have much more choice as consumers. Access to the electronic records including their genomes will enable personalized medicine - selecting the treatments that best align with their care preferences, risk taking thresholds, and physiology.

*Payers will reimburse providers for quality rather than quantity since electronic health records will document the care given and not given.

*Researchers will have access to novel data sources (with patient consent) and be able to discover which treatments are the most effective. This knowledge will be integrated into electronic health records and personal health records so that providers and patients can make the optimal care decisions. Today, there is more literature published every year than a clinician can read in a lifetime, so best current evidence is not rapidly incorporated into practice.

Change is hard, technology is easy. As we navigate the stages of meaningful use in the years ahead, be prepared for amazing shifts in workflow, process, and behavior that will accompany them. Let's hope we can tell our children the history of how we did it!

Tuesday, January 19, 2010

Solving Secure Transport

I've written extensively in my blog about the need for the healthcare IT industry and government to implement a single (or maybe 2) ways to transport healthcare data securely. I feel that content and vocabulary standards are on the right track, but transport is still in need of a breakthrough. Here's a brief description of where the industry is today:

e-Prescribing - transport is an industry specific SOAP 1.2 implementation by Surescripts

Administrative - transport is often CAQH Core Phase II, an industry specific SOAP 1.2 implementation. The Workgroup for Electronic Data Interchange (WEDI) has suggested SMTP, so currently CAQH and WEDI are debating transport.

Lab - transport is Minimal Lower Layer Protocol (MLLP) and TCP/IP

Personal Health Records - Google and Microsoft Healthvault use proprietary RESTful approaches

Federal agency submissions (Social Security Administration, Food and Drug Administration) - NHIN FHA Connect, which is XDS.b, a specific implementation of SOAP 1.2

Clinical summary exchange - heterogeneous as implemented by various stakeholders

What is needed in the short term?

1. The Clinical Summary exchange transport is the place to focus, which is what we've done in Massachusetts with the NEHEN CDX gateway. An industry or government reference implementation that becomes widely adopted would help significantly.

2. Many Personal Health Record vendors have told me that they are ready to create a single RESTful front door for their PHRs to receive information.

3. Some industry stakeholders have talked about creating open source and vendor supported health hub software that offers SMTP, SOAP and REST in an appliance.

Of course, there could be other approaches.

There is an emerging technology, just implemented by eClinicalWorks in their EHR. It's called eClinicalWorks P2P and it works like linkedIn, Plaxo, Facebook i.e.

I'm a clinician and want to share patient data (after obtaining patient consent) with another clinician. I send an invite via regular email (SMTP ) that contains an embedded URL. If the clinician accepts the invite, that clinician is added to my "friend" list and I can push a record to them at anytime, which is delivered as a URL via email. Interestingly, if the clinician uses eClinicalWorks, my EHR can natively send and receive CCD's with "friends" via a RESTful approach.

Meaningful use requires many data exchanges among stakeholders. I'm confident that we'll see several reference implementations in 2010 that will accelerate interoperability by unifying approaches to transport.

Monday, January 18, 2010

The Annotated Federal Register IFR and NPRM

Thanks to Robin Raiford of Eclipsys for bookmarking the Federal Register versions.

Friday, January 15, 2010

Cool Technology of the Week

Recently, BIDMC and Atrius Health began a collaboration that required clinical data sharing and secure email.

I've described the clinical data sharing in a previous blog. Here's the approach we've used to secure email - SMTP over Transport Layer Security (TLS), which ensures all email is encrypted as it travels over the internet.

Configuring TLS varies with the gateway that you are using. We use Proofpoint Protection server as our primary MX servers. Proofpoint makes it very simple to enforce TLS between sites. There is a configuration option that allows you to specify what domains you want to enforce TLS with. (as a default we have opportunistic TLS turned on for every site). You simply add the domain you want to enforce and specify always use TLS.

The advantage of this approach is that it does not require any client side certificates or complex server side certificate management. No special software is needed at the desktop and the encryption is invisible to the user.

Secure email that is as easy as a setting on a gateway - that's cool.

Thursday, January 14, 2010

What IT can do to support Haiti

Many hospital staff have friends and family in Haiti. It may not seem obvious that IT can make a difference, but here's what we're doing at BIDMC to support the Haitian community.

We are diligently working to install phones that enable direct calling to Haiti and public internet kiosks in several campus public areas so that all staff, even those without a work computer, can get personal email and internet access as they attempt to contact their friends and relatives.

I highly recommend that all IT Leaders ask their staff how they can support the effort to bring comfort and assistance to those who need voice and data connectivity to Haiti.

The Vegan 21 Day Jump Start

Neal Barnard, M.D. is a forward thinking clinician who runs the Physicians Committee for Responsible Medicine (PCRM), He's the author of several books and has embraced a Vegan diet as a major contributor to health and well being.

Some of my colleagues wonder what a vegan eats, since a meal without meat, cheese or dairy sounds limiting. I've been asked 'how do you make a Vegan pizza? Cheese substitute?'.

The answer is that a vegan diet is so varied and delicious that I never crave any other foods. Getting to the point where a double stuffed pepperoni pizza sounds vile may be a journey for some.

Dr. Barnard and the PCRM created the 21-Day Vegan Kickstart so begin the transformation. Here's a sample of the recipes.

Earlier this week, I visited Google's New York offices and was impressed at the number of vegan dishes in their famous company cafeterias - about half the dishes are vegan.

My advice - give the 21 day kick start a try. It's only 3 weeks and you can go back to meat and butter if it does not work out. Your heart and your doctors will thank you.

Wednesday, January 13, 2010

A Do it Yourself Board Presentation on Meaningful Use

Just as I did with the American Recovery and Reinvestment Act, I've prepared a presentation that you can use for your Board and stakeholders to review the requirements of the Interim Final Rule and Notice of Proposed Rulemaking. Feel free to use it without attribution to me.

This should save thousands of hours since everyone will be preparing the same material. Download it here.

Here's how I've organized it:

In the Interim Final Rule section, I list the standards for Stage 1 (2011) followed by a comma and then I list the standards for Stage 2 (2013)

In the Meaningful Use section, I've listed 25 projects and their metrics for achieving stimulus funding.

Please let me know if I can clarify or add to this presentation to make it more useful for you.

Sharing Data per Patient Preference

One aspect of the Interim Final Rule and Meaningful Use is the notion of sharing office summaries and transitions of care with patients electronically. The vendor community does not currently have a unified strategy to do this.

Although the Interim Final Rule describes the content and vocabularies for the clinical summary record, it does not provide implementation guidance for transmitting that record to the patient's preferred repository - a PHR, secure email, fax, or mobile storage device. Additionally, ambulatory offices and hospitals do not have a workflow defined that enables them to accomplish this task.

There is the FHA Connect NHIN project which clearly defines a mechanism for sending records to and among Federal agencies, but there is no project to connect existing personal health records, patient portals, secure email, and fax via a single easy to use approach.

There are several possible architectures to enable patient data to be routed

a. A mechanism to leverage existing email systems with added security (SMTP over TLS). For a broad discussion of these issues, see Wes Rishel's blog

b. A gateway (vendor provided or open source) that sits on the edge of a provider network and is capable of interacting with PHRs, email systems, fax systems, or patient controlled data repositories.

c. An industry standard API that would serve as the virtual front door to every PHR, so that EHR vendors could easily route patient records to the PHR of a patient's preference. For example, every patient could get a standard URL i.e.

and with this URL, the EHR or Hospital Information System could use a RESTful protocol to send a summary of care to the patient's desired repository.

Providing a mechanism for secure, simple transmission to the site of patient's choice will put the consumer at the center of the care process - ensuring the patient gets electronic copies of their records at each transition of care and access to educational materials so that patients understand their diagnoses and their medications. The result will be more shared decisionmaking, enhancing the patient/provider partnership. Once the data is stored in the site of the patient's preference, the patient could choose to share their data for clinical research, public health surveillance, or coordination of care with other clinicians via a local health information exchange or the FHA Connect NHIN approach.

My comments on the IFR and NPRM will include the need for this work.

Tuesday, January 12, 2010

It's All About the Kilowatts

Although my demand for servers increases at 25% per year, I've been able to virtualize my entire infrastructure and keep the real estate foot print small.

At the same time, my demand for high performance computing and storage is increasing at 250% per year. With blade servers and 2 terabyte drives, my rack space is not a rate limiter.

It's all about the kilowatts.

Today, I'm using 220 kilowatts. My 2 year forecast is over half a megawatt.

What are we doing?

1. Measure and track power consuming and growth. At HMS we have 2 data centers - a primary and a disaster recovery site. Our primary site is .16 cents per kilowatt hour x 140 kW in use (that's an electrical bill of $16,128 per month). Our backup site is .12 centers per kilowatt hour x 80 kW in use. (That's an electrical bill of $6,912.00 per month). Unless you understand your power costs in detail, you'll never be able to control them.

2. Forecast the future. We use data center modeling software from SAP called Xcelsius that enables us to examine the impact of moving servers, adding capacity, changing square footage, adding power/cooling etc. The graphic above illustrates our modeling.

3. Create tiers of data center power capabilities. Rather than use a one size fits all strategy, we have begun to rent co-location space that includes specialized rooms for high power density racks (25kw/rack). We can use liquid cooled cabinets and other specialized technologies to achieve the right power/cooling support for high performance computing instead of trying to design one room to serve all purposes.

4. Investigate lower cost alternatives. Google's strategy has been to locate server farms near hydroelectric plants with lower kilowatt costs. We're considering the options in Western Massachusetts along with other collaborators. One challenge of this approach is backup power. What happens to a high performance computing facility if the hydroelectric power fails? Creating a megawatt of backup generate power is not easy or cost effective. Instead of protecting all our high performance computing assets, one strategy is to protect only storage which is less tolerant of power failures. Since high performance computing cores are often distributed geographically, failure of anyone data center could be invisible to the users.

5. Engineer for efficiency. As we purchase new equipment, we examine power supply designs, cooling profiles, possibilities for shutting down unused equipment until it is needed etc. I expect some of the greatest software and hardware innovates of the next several years to be power saving technologies, because real estate is no longer the issue.

Monday, January 11, 2010

Early Feedback on the IFR and NPRM

I've received hundreds of emails of from colleagues, friends, and staff about the IFR and the NPRM.

Many really like what they see. ONC and HHS are to be congratulated.

Some think there are needed refinements. Here's an inventory of those comments:

The Interim Final Rule on Standards

1. Several folks believe the lab standards are not specific enough. 100% of the optionality of the HL7 base standard is still allowed because specific implementation guidance is missing at this point. For labs this does not lessen the customization of interfaces nor indicate a move away from individual point to point arrangements between commercial labs and their customers. If details like implementation guides are not added to rules that set a firm technical direction for Stage 2 with a minimum of 2 years advance notice for implementation, it will not be possible for the country to achieve the policy targets of Stage 2 for structured information exchange until a later date

2. Several folks believe that transmission needs more detail. The IFR notes that SOAP or REST are acceptable. SOAP could include CAQH Core Phase II, XDS.b/XCA/XDR, the FHA Connect software, or any proprietary implementation of SOAP 1.2 which vendors/HIEs would like to implement. REST is an architecture so it provides great latitude to implementations. Google and Microsoft have implemented RESTful interfaces that are not compatible with each other to support their personal health record products. Specificity such as using the CAQH Core Phase II Implementation Guide for all data exchanges (administrative and clinical) or requiring a very specific URL format for RESTful interfaces would enhance interoperability.

3. Several folks are unsure how to implement the RxNorm requirement in Stage 1. Must EHRs internally have one of the RxNorm source vocabularies

GS - 10/01/2009 (Gold Standard Alchemy); MDDB - 10/07/2009 (Master Drug Data Base. Medi-Span, a division of Wolters Kluwer Health); MMSL - 10/01/2009 (Multum MediSource Lexicon); MMX - 09/28/2009 (Micromedex DRUGDEX); MSH - 08/17/2009 (Medical Subject Headings (MeSH)); MTHFDA - 8/28/2009 (FDA National Drug Code Directory); MTHSPL - 10/28/2009 (FDA Structured Product Labels); NDDF - 10/02/2009 (First DataBank NDDF Plus Source Vocabulary); SNOMED CT - 07/31/2009 (SNOMED Clinical Terms (drug information) SNOMED International); VANDF - 10/07/2009 (Veterans Health Administration National Drug File); FDA Unique Ingredient Identifiers (UNII)

or is the requirement that data exchanged from the EHR include one of these vocabularies? Some EHRs have proprietary vocabularies that could be mapped to one of these vocabularies or RxNorm itself when data is exchanged. Others have asked if these source vocabularies fully mapped to RxNorm since the vendors may not have submitted their complete product, just a subset. The strategy of using a source vocabulary inside an EHR and RxNorm for transmission outside an EHR requires a complete mapping.

4. Some have highlighted that there are a number of emerging standards in the quality area such as Quality Reporting Document Architecture (QRDA) and Healthcare Quality Measure Format (HQMF). Although these standards are not mature enough to require in Stage 1, giving implementers credit for early adoption would advance quality reporting.

5. Some have said that there is too much optionality in the security standards. AES should be required for encryption, SHA-1 or SHA-2 for data integrity and TLS, IPv6 or IPv4 with IPsec for secure transmission should be the only choices.

The Notice of Proposed Rulemaking

Many folks find the NPRM intimidating. Taking a typical community hospital from their current state to the degree of functionality required in the NPRM is a challenge. Here are a few of the comments I've received

1. The CPOE requirement should include emergency departments. Currently, the NPRM seems to exclude the ED as qualifying for the 10% electronic ordering threshold. Many people believe the ED could be a good first place to implement CPOE and the transaction volume would meet 10% of hospital orders.

2. Many have said that the quality reporting requirement is too much too soon.

3. Many have said that the Patient engagement requirements are too much to soon. Vendors have commented that they do not understand how to send reminders to patients per their preference (email, fax, phone call, PHR, Facebook, twitter) and since there is no standard secure API for doing this, it is unimplementable. Providing 80% of patients with a clinical summary of office visits or care transitions will require significant retooling of software and incremental staffing.

4. Electronic Medication reconciliation at each transition of care is challenging to implement technically and requires significant workflow redesign.

5. There is no standard API for submission of immunization, syndromic surveillance data or public health lab reporting, making this challenging to implement. Given that the transmission standards in the IFR lack detail and there is no national reference implementation to follow, there will be significant heterogeneity in each locality, creating a challenge for vendors.

Summarizing the comments I have received - aggressive interoperability timelines require specific implementation guides and reference implementations. This leaves a choice - either the standards need more detail, especially in the transmission area, or the NPRM goals need to reduced in scope/extended in time.

At BIDMC, we have worked for years on several healthcare information pilots among payers, providers, government, and patients. Because of these pilots we do have local implementation guides, a defined architecture, and transmission standards. This means that we're in reasonable shape for implementing the IFR and NPRM as written. However, we would appreciate clarification of the patient engagement requirements. We can send the patient summary record to Google Health and Microsoft Healthvault. We make all patient data available via our tethered PHR. We do not send unsecured email to patients nor do we make extensive use of interactive voice technology. I'm hopeful the comment period will provide these clarifications. HITSP and the HIT Standards Committee will be providing comments and I'll submit my own to ensure all the concerns I've heard are broadly communicated.

Friday, January 8, 2010

Cool Technology of the Week

In previous posts, I've described the importance of dictation and voice recognition technologies in clinician workflow. Getting data into EHRs is the most challenging part of rollout. Clinicians at BIDMC have widely embraced server side and desktop voice recognition. But what about mobile devices?

Nuance has introduced a free iPhone version of Dragon, that's available at the App Store. This application enables a clinician to dictate a note and send it via SMS, email, or paste it into any application on the iPhone. A voice driven correction interface suggests appropriate words while editing.

The application optionally upload names from your addressbook, with your permission, purely to enhance speech recognition accuracy. No contact information is uploaded. You can delete any uploaded names. The iTunes reviews are uniformly positive, but there were some privacy concerns. Application changes to turn off uploads and delete previous uploads address these concerns.

A free mobile version of Dragon for the iPhone - that's cool!

Thursday, January 7, 2010

Winter Expectations

I was recently in California and found the 60 degree weather to be sweltering. In New England, it seems that our bodies adjust to temperatures in the 20's from December to March, which enables us to enjoy the many activities of winter without a concern for the cold and snow around us.

Here's a few of my favorite winter activities

Cross Country skiing
My daughter and I use Fischer Nordic Cruising skis. Our favorite spots to ski are Noanet Woodlands in Dover, Broadmoor Wildlife Sanctuary in South Natick, and Centennial Reservation in Wellesley.

When it's dry and cold, we'll ski at the Weston ski track which makes snow using Charles River water.

Winter hiking
I've hiked all the 4000 foot New Hampshire peaks in winter. My favorites are the peaks of the Franconia ridge and the peaks of Presidential Range in the White Mountains.

Temps go as low as -20F and winds as high as 70mph. It takes some planning to stay warm!

Ice Climbing
New Hampshire has great locations for ice climbing including the Frankenstein cliffs of Crawford Notch and the ravines/gullies below Mt. Washington.

It's critical to check on avalanche conditions before climbing any of the ravines. I only go out when the avalanche risk is low.

Ice Climbing is physically and mentally challenging. With sharp crampons on your feet and ice picks in your hands, you do not want to fall!

I love the season variation in New England and always look forward to winter.

Wednesday, January 6, 2010

Our Connectedness

We're all drowning in grant fatigue - Regional Health Information Technology Extension Centers, Health Information Exchange, Beacon Communities, and SHARP. Putting together these grant applications has required a kind of social networking - linking together people, ideas, and expertise. I've used data to pick the right collaborators.

My Harvard Medical School CTO, Griffin Weber, is an expert in connectedness of ideas.

He's used the Harvard Catalyst Profiles system to analyze the connectness of the 22 Harvard affiliates in novel ways.

Harvard does not own its hospitals. It's faculty work at numerous independent non-profit academic health centers in the Greater Boston area.

There are many ways to quantify connectedness. This graphic lists the number of publications that were co-authored by faculty at different Harvad affiliated institutions. For example, there are 663 publications in Profiles where one author is from HMS and the other from Brigham and Women's. There are 1125 publications in Profiles where one author is from Beth Israel Deaconess and the other from Massachusetts General.

Another way to analyze connectedness is promixity. Here's a Google Map of Boston showing the office locations of 20,000 HMS faculty, color coded by hospital affiliation.

Here's an affiliate map (Boston version) with lines connecting co-authorship on papers. The lines go to the institutions, not the office of the investigator. The thickness of the lines are proportional to the number of publications.

Here's the same thing, but with the Longwood area affiliate map.

Note that all this is just for Harvard Medical School, Harvard School of Dental Medicine and the Harvard School of Public Health faculty, which are included in Profiles. Similar data exists that can be used to show how Harvard faculty connect with others around the world.

In the world of Healthcare Information Technology, I'm convinced there is one degree of separation between all my fellow colleagues!

Tuesday, January 5, 2010

A bookmarked version of the NPRM and IFR

As a service to the community, Robin Raiford from Eclipsys has bookmarked the entire table of contents and all 53 tables in the CMS Notice of Proposed Rulemaking.

Here's the annotated document.

Here's a spreadsheet of all the tables.

Also, Keith Boone bookmarked the IFR.

Here's the annotated document.

Here's a spreadsheet of all the tables.

Feel free to use them as you wish!

Monday, January 4, 2010

Atrius Integration is Live

Today, BIDMC began its new collaboration with Atrius Health, linking clinical care and the IT systems of a major ambulatory multi-specialty practice with a tertiary hospital.

I outlined our plan in an earlier blog.

Here's how it looks in practice.

Emergency Department
The BIDMC Emergency Department Dashboard is filled with new Atrius features including automated flagging of Atrius patients and clinicians, so that we ensure each patient's clinical summary from Epic is retrieved via Citrix by our ED unit coordinators and attached to the ED chart. We defined a clinical summary as

Patient Demographics
Problem list
Recent labs/rads
Encounters for the last 30 days

We also ensure followup with the Atrius PCP by showing their office numbers/contact information on screen in the Dashboard and requiring ED clinicians to document their PCP discussions.

We went live with health information exchange via NEHEN for Atrius PCPs. Whenever an ED or Inpatient discharge occurs, a care summary is sent electronically using the standards required by HHS regulation (CCD, SOAP 1.2) to the Atrius HIM department for incorporation into Epic (this will happen automatically when the next version of Epic is implemented at Atrius this summer) or to a PCP's secure email box - it's Atrius' choice by PCP how to deliver these summaries. There are no workflow changes on our side - it's invisible to the user.

Ambulatory Care
Our self built EHR, called webOMR, now includes flags for Atrius patients and links to Epic via Citrix from within the Patient Summary screen (the screenshot above), so that clinicians do not have to leave our EHR to access Epic information.

Inpatient Care
When a patient is admitted (or has observation/ED observation status), the patient appears on a new Atrius Census report, which is updated every 15 minutes. BIDMC and Atrius clinicians, case managers, and others as needed to coordinate care have access to this report which we've integrated into our web-based Capacity Dashboard.

Our self-built Provider Order Entry system now includes flags for Atrius patients and links to Epic via Citrix within POE.

Atrius Viewing of BIDMC data
By working with Epic and Atrius, we enabled a "Magic Button" inside Epic that automatically matches the patient and logs into BIDMC web-based viewers, so that all Atrius clinicians have one click access to the BIDMC records of Atrius patients. From a security perspective, we record an audit trail of every access using the Epic username of the Atrius provider doing the lookup. Only Atrius patients can be viewed, so we have limited the possibility of privacy breaches. We've also made our ED Dashboard available to those at Atrius with a need to access this information.

We've linked our two Microsoft Exchange 2007 email systems via TLS to ensure all email sent between the organizations is secure.

One major project remains. The COO of Epic has agreed to work with Atrius and BIDMC to an enable a standard Epic option for a web-based viewer of Atrius data from Epic so that our POE, webOMR, and ED Dashboard users will no longer have to use Citrix. Epic and Atrius are working on the necessary implementation steps to make that happen.

With ED, Ambulatory, and Inpatient data sharing between the two organizations, we're ready for the arrival of Atrius patients. Thanks to everyone at Atrius and BIDMC for making this happen!

Sunday, January 3, 2010

Achieving Meaningful Use

Now that the Interim Final Rule (Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology) and the Notice of Proposed Rulemaking (Medicare and Medicaid Programs Electronic Health Record Incentive Program) have been published, we can all finalize our policy and technology strategies for achieving Certification and Meaningful Use in our organizations and communities.

It's important to use these two documents together to understand what is required for Certification and to achieve Meaningful Use stage 1 measures (2011) by professionals and hospitals.

Certification is a guarantee of software capabilities and Meaningful Use describes the way software features should be implemented in actual workflows. Certification and Meaningful Use are related but different concepts. For example, Certification requires that a complete EHR or EHR module have the capability of recording, retrieving, and transmitting immunization information using HL7 2.3.1 or HL7 2.5.1 with the CVX vocabulary. The Meaningful Use stage 1 measure is to perform at least one test of the certified EHR technology's capacity to submit electronic data to immunization registries if local public health agencies are capable of receiving them. Thus, for 2011, actual submission of immunization data is not required, just the capability and a single test of that capability. Of course, by Stage 2 (2013), I expect that actual data submission will be part of every patient immunization.

How should you prepare for Meaningful Use in your own organization? I recommending printing 3 tables
1. Certification Criteria - pages 51-61 of the Interim Final Rule
2. Adopted Content Exchange, Vocabulary, and Privacy/Security Standards - pages 79-81 and page 85 of the Interim Final Rule
3. Stage 1 Criteria for Meaningful Use - pages 103-108 from the Notice of Proposed Rulemaking

Use these three documents to guide all your planning efforts. That's what I've done and here's a 25 item strawman strategy for BIDMC (which runs largely self built systems) and its affiliated community hospital, BID-Needham (which runs Meditech).

1. Use CPOE
a. For ambulatory settings - support electronic ordering of 80% of medications, laboratory, radiology/imaging, and referrals. webOMR (our self built EHR) or eClinicalworks (eCW) will be implemented based on the workflow requirements of the practice as it interacts with hospitals, labs, radiology centers, and the community. At BIDMC we will need to make improvements to our self built lab system to support lab data exchange with sites that use us as reference lab. At BID-Needham, the combination of eClinicalWorks, Quest, and Meditech will meet the need.
b. For inpatient settings - support electronic ordering of 10% of medications, laboratory, radiology/imaging, blood bank, physical therapy, occupational therapy, respiratory therapy, rehabilitation therapy, dialysis, provider consultants, and discharge/transfers. At BIDMC, our self built CPOE system already does this. At BID-Needham, Meditech version 5.6 is being implemented to do this.

2. Implement drug-drug, drug-allergy, drug-formulary checks.
a. For ambulatory settings - webOMR or eCW connected to Surescripts will meet the need.
b. For inpatient settings - our self built CPOE system or Meditech will meet the need.

3. Maintain an up to date problem list of current and active diagnoses (at least one coded entry or "No Problems exist") in ICD9-CM or SNOMED-CT for at least 80% of all patients
a. For ambulatory settings - webOMR or eCW will meet the need. Note that we have already implemented the NLM's SNOMED Core vocabulary to map our proprietary vocabularies to SNOMED-CT before we sent them to Google Health or Microsoft Healthvault, but we will need to create a new problem list picker for webOMR that uses SNOMED-CT natively. Luckily, we already have a prototype.
b. For inpatient settings - webOMR plus IMDSoft's Metavision for ICUs or Meditech will meet the need.

4. Generate and transmit permissible prescriptions electronically (the DEA does not yet allow controlled substances to be e-prescribed) for 75% of all ambulatory prescriptions. webOMR or eCW connected to Surescripts do this today.

5. Maintain an active medication list (at least one coded entry or "No Medications taken") for at least 80% of all patients
a. For ambulatory settings - webOMR or eCW will meet the need. We are using First Data Bank in webOMR and Medispan in eCW. Both qualify as appropriate controlled vocabularies in 2011 because they are included in RxNorm.
b. For inpatient settings - our self built CPOE system or Meditech will meet the need.

6. Maintain an active allergy list (at least one entry or "No Allergies reported") for at least 80% of all patients. Note that no coding/vocabulary is required for 2011
a. For ambulatory settings - webOMR or eCW will meet the need.
b. For inpatient settings - our self built CPOE system or Meditech will meet the need.

7. Record demographics including preferred language, insurance type, gender, race, ethnicity, date of birth, and date of death/cause in the event of inpatient mortality for 80% of patients.
a. For ambulatory settings - webOMR or eCW will meet the need. Note that we already do this using controlled vocabularies and report the data to the Boston Public Health Commission as part of their effort to measure disparities in healthcare.
b. For inpatient settings - our self built registration/scheduling system called CCC or Meditech will meet the need.

8. Record vital signs including height, weight, blood pressure, Body Mass Index (calculated) and growth charts for children 2-20 years for 80% of patients.
a. For ambulatory settings - webOMR or eCW will meet the need.
b. For inpatient settings - webOMR plus Metavision for ICUs or Meditech will meet the need.

9. Record smoking status for 80% of patients 13 years or older
a. For ambulatory settings - webOMR or eCW will meet the need.
b. For inpatient settings - webOMR plus Metavision for ICUs or Meditech will meet the need.

10. Incorporate 50% of clinical lab test results as structured data using LOINC codes
a. For ambulatory settings - webOMR or eCW. At BIDMC we will need to make improvements to our self built lab system to support lab data exchange with sites that use us as reference lab. We already have a single hub for all eCW/Quest lab data exchange.
b. For inpatient settings - webOMR plus Metavision for ICUs or Meditech will meet the need.

11. Generate a least one report listing patients with a specific condition. The concept is that such reporting can be used for quality improvement, reduction of disparities, and outreach.
a. For ambulatory settings - webOMR includes numerous data marts that already provide such reports such as our BIDMC/Joslin diabetes registry. Also our work with the MAeHC Quality Data Center will support numerous reports for our clinicians using webOMR and eCW data.
b. For inpatient - BIDMC homebuilt systems use our data marts. For Meditech, we'll have to rely on built-in reporting tools.

12. Report aggregate numerator and denominator quality data to CMS in 2011 and exchange it using PQRI XML by 2012

The MAeHC Quality Data Center project includes the ability to gather all detailed metrics from home built and eCW systems for reporting to our clinicians, the state, and CMS using the adopted standards. It will go live for all Beth Israel Deaconess Physician Organization clinicians in 2010.

13. Send reminders to at least 50% of all patients who are 50 years and over for preventative care/followup. The intent is to allow the patient to choose between post card, email, phone reminder, or PHR reminder.

At present, BIDMC has this ability via our tethered PHR, Patientsite. We already send reminder cards via email and make calls via automated phone systems. Documenting patient preference for which modality to use may be a challenge.

14. Implement 5 clinical decision support rules relevant to the clinical quality metrics (Notice of Proposed Rulemaking pages 123-138 from ambulatory and pages Page 153-160 for inpatient)

We already have implemented numerous decision support rules in BIDMC self built systems.

We're activating eCW decision support rules a few weeks after implementing each practice to enable clinicians to adjust to the EHR before alerts/reminders start popping up.

15. Check insurance eligibility and submit claims electronically for at least 80% of patients.

Since 1997, the New England Healthcare Exchange Network (NEHEN) has provided this functionality to all the payers and providers in Massachusetts.

16. Provide 80% of patients who request an electronic copy of their health information in the CCD or CCR format within 48 hours of their request
a. For ambulatory settings this will include the problem list, medication list, allergies, and diagnostic test results. We do this today via Google Health and Microsoft Healthvault.
b. For inpatient settings this will include discharge instructions and procedures. We do this today via a self built discharge application that provides a human readable document for the patient and routes a CCD via the NEHEN gateway to the primary care provider.

17. Provide 10% of patients with online access to their problem list, medication lists, allergies, lab results within 96 hours of the information being available to the clinician.

Today, any patient can get access to their BIDMC records via Patientsite, our tethered personal health record. For eCW, we'll be implementing the eCW Patient Portal this Spring.

18. Provide a clinical summary for 80% of all office visits (problem lists, medication lists, allergies, immunizations, and diagnostic test results) in paper or CCD/CCR format

Today, any patient of BIDMC can receive a CCR via Microsoft Health Vault or Google Health. For eCW, we'll be implementing the eCW Patient Portal this Spring.

19. At least one test of health information exchange among providers of care and patient authorized entities.

In 2009, we implemented a CCD interface to the Social Security Administration so that we can send complete patient summaries with patient consent to a Federal agency.

20. Perform Medication reconciliation for at least 80% of relevant encounters and transitions of care

We're already at 90% compliance with ambulatory and inpatient medication reconciliation.

21. Provide a summary of care record for at least 80% of transitions of care and referrals. This also implies the ability to receive a record and display it in human readable format

For ambulatory and inpatient settings, the NEHEN network can route data securely (in this case CCD) among providers (and payers). We already send ED and Inpatient discharge summaries in CCD format with automated integration into EHRs such as eClinicalWorks. We have not added the ability to receive a CCD into our home built EHR, webOMR, since so few commercial EHRs are capable of sending a summary in any format. We will need to add CCD and CCR receiving ability and we'll display them as human readable notes in webOMR.

22. Perform at least one test of the EHR capacity to submit electronic data to immunization registries.

Since the Boston Public Health Commission is joining NEHEN so that it can receive disparity and surveillance data via one secure gateway, it is a logical choice as our immunization pilot.

23. Perform at least one test of the EHR's capacity to submit electronic lab results to public health agencies.

As above, the NEHEN gateway connected to the Boston Public Health Commission is the solution.

24. Perform at least one test of the EHR's capacity to submit syndromic surveillance data to public health agencies.

We already submit 4000 data elements every day to the CDC and send ED utilization data to Boston Public Health Commission using proprietary approaches. Converting these to the GIPSE standard and routing them through the NEHEN gateway is a local approach.

25. Conduct or review a security risk analysis and implement updates as necessary

In the past, we've had Third Brigade (now a part of TrendMicro) do white hat hacking penetration testing and risk analysis. My security team plus external partners will ensure we have the right policies and technologies in place. For example, we're currently evaluating Imperva products to protect all our externally available websites as part of layered defense approach to security.

These 25 steps to meaningful use may seem like a tall order. However, we can leverage numerous projects already in process including our community HIE initiatives, RHITEC plans, Beacon Community planning, and hosted EHR rollouts to accomplish them. Many will feel stressed by meaningful use. My advice is to approach it stepwise, breaking it down into discrete projects which are doable. That way, the 25 step plan above will not lead to a 12-step program for your staff!