Tuesday, August 31, 2010
The agenda began with comments from Jon Perlin and me reflecting on the busy Summer, reacting to the final rules, and planning for the future of policies and technologies to support interoperability. I summarized my experience with questions and feedback on the Standards Final Rule. Thus far, questions about consistency of content, vocabulary, and standards named in quality measures have been clarified without requiring changes in the rule.
Sam Karp and Aneesh Chopra summarized the Enrollment Workgroup deliverables that satisfy the requirements of Section 1561 of Affordable Care Act. The recommend use of the NIEM framework to support standards and processes going forward. They recommend the creation of web services on top of existing legacy systems as well as create a reference implementation of running software that could be used by states and other stakeholders (note, this does not imply creating a single Federal hub for all transactions). They recommended use of the HIPAA Content standards (834, 270, 271) and codification of human readable business rules using tools such as OMG’s SBVR. Finally, they made a number of privacy/security recommendations that highlight consumer access to data and disclosure logging.
Deven McGraw and Paul Egerman summarized the Privacy & Security Tiger Team Recommendations. Most important are the consent recommendations that require the patient be provided with an opportunity to give meaningful consent before the provider releases control over exchange decisions. The trigger is when the decision to disclose or exchange the patient’s identifiable health information from the provider’s record is not in the control of the provider or that provider’s organized health care arrangement (“OHCA”), patients should be able to exercise meaningful consent to their participation.
Doug Fridsma provided an overview of Standards and Interoperability Framework and its associated RFPs.
The awardees thus far are:
Harmonization of Core Concepts (NIEM Framework) - Deloitte
Implementation Specifications - Deloitte
Pilot Demonstration Projects - Lockheed
Reference Implementation - Lockheed
Testing - Stanley
Tools and Services - Stanley
The role of the HIT Standards Committee will be to provide oversight, coordination and prioritization advice on the Standards and Interoperability Framework to ONC.
Jamie Ferguson presented the Vocabulary Task Force Update.
Judy Murphy and Liz Johnson presented the Implementation Workgroup Update.
The work ahead in September is defining the Standards requirements for Meaningful use Stage 2 and 3. It will be a busy Fall!
Monday, August 30, 2010
As a followup to the HIMSS Webinar I gave last week, here's an FAQ in the spirit of last month's Meaningful Use and Standards Rule FAQ.
1.. The Emergency Department is mentioned in 9 Core Measures and 3 Menu Measures, yet industry discussions seem to focus on the ED for CPOE and Discharge instructions. What functions do ED Information Systems need to support? Are these functions for just admitted patients or all ED Patients?
In my conversations with CMS, I believe that CMS will be issuing a corrections notice to clarify the role of the ED in the rule.
2. There are 44 Quality measures for Eligible Professionals. Do EHRs need to support all 44 measures to be certified?
To achieve certification, EHRs must support the 3 Core Measures, the 3 Alternate Quality Measures and at least 3 others from the remaining 38 measures.
3. Can eligible professionals from ancillary service providers such as stand alone radiology imaging centers qualify for meaningful use?
Although it seems a bit of stretch, if these professionals can meet all the meaningful use measures, then can qualify. This implies that radiologists will have to chart weight/height, ask about smoking status, record race/ethnicity etc.
4. The original implementation guide for the CCD specified one preferred vocabulary for each data content type. The Final rule includes SNOMED-CT and ICD9 as problem list vocabularies. Is there an inconsistency?
No, the C32 2.5 implementation guide supports all the vocabularies specified in the final rule. See Keith Boone's blog for details.
The XML for CCD in the C32 v. 2.5 implementation can accept any vocabulary for structured data elements.
5. The Quality Measures in Meaningful use mention vocabularies like RxNorm and SNOMED-CT to compute numerators and denominators. The Standards Final Rule offers vocabulary options. Is this an inconsistency?
No. The Final Rule for certification indicates “Any source vocabulary that is included in RxNorm, a standardized nomenclature for clinical drugs produced by the United States National Library of Medicine.” The Final Rule further difines the following source vocabularies as being included in RxNorm: GS – Gold Standard Alchemy, MDDB – Medi-Span Master Drug Data Base, MMSL – Multum MediSource Lexicon, MMX – Micromedex DRUGDEX, MSH – Medical Subject Headings (MeSH), MTHFDA – FDA National Drug Code Directory, MTHSPL – FDA Structured Product Labels, NDDF – First DataBank NDDF Plus Source Vocabulary, NDFRT – Veterans Health Administration National Drug File – Reference Terminology, SNOMED-CT – SNOMED Clinical Terms (drug information), and VANDF – Veterans Health Administration National Drug File. “Consequently, an one of these “source vocabularies” identified by NLM may be used, or any other source vocabulary successfully included within RxNorm.” (pages 132-133 of DHHS Final Rule 45 CFR Part 170, RIN 0991-AB58)
In creating value sets for the measures, providing 11 options (those listed in the Final Rule) was overly cumbersome, as was selecting NDC codes. By listing medications with RxNorm codes, the measures allow any user of an acceptable source vocabulary to map to the medications required by the measure. The measure criteria, therefore, can be used by any compliant EHR that uses a source vocabulary.
In general the measure specifications provide currently used terminologies as expected in the Final Rule. However, since there is a requirement for billing to use ICD-10 by 2013, the measures also provide, for those considering future implications, ICD-10 and SNOMED for appropriate concepts. While ICD-10 and SNOMED are not required, many have appreciated the ability to consider how to map their local term usage to these potential future options. Note, all measures provide “Groupings” (or nested) value sets which include a number of options. For example, all conditions (diagnoses) include ICD-9, OR ICD-10, OR SNOMED. There is one exception: persistent asthma is not an available concept in ICD-9. Therefore the measure provides an option of “persistent asthma” in ICD-10 OR SNOMED; it also provides the option of “asthma” using ICD-9 with a constraint that severity = persistent. The measures do not seek to require any terminology that is not specified in the Final Rule. The decision to include ICD-10 and SNOMED options was a conscious decision made in concert with CMS.
6. The Syndromic Surveillance implementation guide in the Final Rule seems to be the wrong document - it's the CDC's "Public Health Information Network HL7 Version 2.5 Message Structure Specification for National Condition Reporting Final Version 1.0 and Errata and Clarifications National Notification Message Structural Specification" which is for disease reporting, not symptom reporting.
It's true that the wrong implementation guide is included in the final rule. ONC is hard at work correcting this. We'll discuss it today at the HIT Standards Committee August meeting.
Friday, August 27, 2010
In my recent hiking trip on the John Muir trail, I limited my pack weight to 10 pounds so that I could cover 25 miles a day.
Some backpacks weigh 4-5 pounds when empty.
Mine weighed 13 ounces. It could have weighed 6 ounces if I gave up a bit of durability.
I used the Zpacks Dyneema X 26 holding 2,600 cubic inches.
Dyneema Gridstop is a heavy duty 4.2 oz/square yard. Each white Dyneema thread can hold over 150 lbs. A secondary ripstop grid is angled at 45 degrees.
I've successfully used Dyneema for my outdoor activities for years.
It's abrasion resistant, puncture resistant, and completely sufficient for supporting typical backpack gear weights.
As I hiked, I watched numerous people struggling with 35-50 pound packs.
My advice - start with an 13 ounce pack and only carry what you'll need. You'll enjoy the experience instead of struggling with every step.
A 13 ounce backpack that's stronger than steel - that's cool.
Thursday, August 26, 2010
Recently my 17 year old daughter and I discussed my nearly 50 years of experience with life, the evolution of my mindset through time, and my thoughts about roles/responsibilities at each age. I summarized life as
0-10 A time to master the day to day activities of being human
11-20 A time to master the process of learning
21-30 A time to experience the world, take risks, establish relationships, and seek stable employment
31-40 A time to build a household, a family, and a career ladder
41-50 A time to build financial security, support growing children, think about wellness, and nurture your relationships
51-60 A time to fund college, assist adult children with their increasing responsibilities, and to support aging parents
61-70 A time to begin the transition to a different phase of life, pursing those activities that you did not have time or resources to do in the past. Note that this phase is getting later and later in life with many people working past 70. A time to start playing with grandchildren and assisting your children's growing families. Continuing to support aging parents, given increasingly long human lifespans.
71+ Exploring new ideas, new places, keeping your mind and body healthy, aging well.
To which my daughter responded - "How depressing...that you think of life as so linear"
I suggested that life is anything but linear. When I was 5, I wrote a first grade homework assignment declaring "I want to be a scientist". When I was 12, computer science seemed like the right direction. When I was 16, medicine and engineering seemed the right approach. Now nearly 50, I'm a CIO, married for 26 years, with a 17 year old daughter. Completely unpredictable and more of random walk than a linear progression.
Of course, my suggested life timeline is a bit traditional and stereotypical. There are hundreds of variations that may involve zero or multiple marriages, zero or many children, zero or dozen careers. I will not measure my daughter's life success by her adherence to my timeline.
Pondering my life experience, I realize that my current mindset in the 41-50 span includes a different set of challenges, goals, and dreams than in my 21-30 span. I'm continually changing. I remember the pride I felt when I exceeded some of my parents capabilities when I was in 11-20 span. I now feel great humility as my daughter begins to exceed some of my capabilities at the same time in her life.
When I'm asked what span is best, my answer will always be, wherever I am now. My current experiences, frustrations, and relationships always seem most appropriate to my current condition. I only look backwards to gather lessons learned, not to relive any previous events. I recently skipped my 30 year high school reunion because the joys and sorrows of my 11-20 span are no longer relevant after the experiences of three decades.
At times, I struggle with the politics, conflicts, and uncertainties of daily living. I think back on the challenges of my 20's and 30's and realize that any anxiety I felt earlier life was over minor and inconsequential events. In my 50's I'm sure I'll feel that same way about my 40's. Realizing that life is a continuous progression with different roles, responsibilities, and expectations at each stage enables us to look forward to the future, relish the present, and learn from the past.
Onward to the stages ahead!
Wednesday, August 25, 2010
I've written several blog posts about the need for consent policy and technology.
For 2011, the Meaningful Use Stage 1 data exchanges are a "push" of data from provider to public health, quality registries, and other providers. Consent is obtained by the provider when the patient is present during an episode of care. The consent process will be driven by Federal/State policy and workflow rather than technology.
For 2013, the data exchanges are likely to be "pull" based on patient controlled consent for release of information from institutions. The consent process will be a marriage of policy and technology.
On August 19, the Privacy and Security Tiger Team released its recommendations for the consent policy to support Stage 1 data exchanges.
Here's a powerpoint summary.
Key points include:
When the decision to disclose or exchange the patient’s identifiable health information from the provider’s record is not in the control of the provider or that provider’s organized health care arrangement (“OHCA”), patients should be able to exercise meaningful consent to their participation.
where meaningful consent is defined by
Not compelled, or used for discriminatory purposes
Full transparency and education.
Commensurate with Circumstances
Consistent with Patient Expectations
Although granular consent is a desirable future goal (i.e. line item redaction of medications depending on the recipient of the data), technology has not yet evolved to the point where this is widely implementable. It is important that ONC find evidence (such as through pilots) for successful models and not rely on theoretical possibilities. In the interim, patient education is paramount. Realistic expectations about privacy need to be established.
State Health Information Exchanges are busy defining their own policies and technologies to support Meaningful Use Stage 1 Data Exchanges:
1. Provide patients an electronic copy of their ambulatory, ED or inpatient summary of care record record
2. Transmit prescriptions
3. Capability to exchange key clinical information among care providers and patient authorized entities
4. Report clinical quality measures
Menu Set (must include at least one public health reporting transaction)
5. Incorporate clinical lab tests results into EHRs as structured data
6. Provide summary of care record for patients referred or transition to another provider or setting
7. Capability to submit data to immunization registries, provide syndromic surveillance and lab data to public health agencies
The guidance from Privacy and Security Tiger Team provides a valuable framework to inform state activities. In Massachusetts, we have Chapter 305, which requires opt-in consent for data sharing.
By adopting a national policy that ensures providers educate their patients about Meaningful Use data exchanges and obtain consent before sharing information with outside organizations, we will ensure that patient privacy is protected.
Tuesday, August 24, 2010
I've written many blog posts about leadership and the challenges of running large complex organizations. Recently, I've thought about how I have personally changed during my 15 years in healthcare leadership positions.
In my early years, the initial challenges were to break through technical barriers by creating prototype applications and demonstrating the possibilities of the emerging web in the mid 1990's.
I then progressed to organization building, devising the strategy, structure and staffing of a growing IT organization.
From there I evolved to thinking about processes - how to ensure reliability, security, and performance of complex infrastructure and applications.
I then moved on to education - writing and speaking about our efforts inside and outside my organizations.
Where am I today as a leader? I believe I'm a convener.
Whether it's my Federal, State, hospital or medical school roles, my most important leadership task is assembling people with various opinions, some of them very vocal, and achieving a set of priorities, next steps, and policies.
In some ways, I'm becoming less technology focused and more business focused. Many of the technologies that were risky/bleeding edge a few years ago - the web, clouds, clusters, enterprise storage, and thin clients, are now mainstream. My day is less about getting the technology working right and more about ensuring we're using the right technology to meet the needs of business owners. Unfortunately, many business owners do not know what they need, although they have high expectations.
The theme of my next leadership year will be governance.
It's painful at times to gather everyone together and hear a multitude of diverse opinions, some of which may be factually incorrect and many of which can be critical. All of us are tempted to 'wait to speak' instead of listen. However, the best way I can serve my staff and ultimately all my stakeholders is to condense the messiness of contentious viewpoints and competition for resources into a well communicated list of priorities.
Now that Meaningful Use Stage 1 and the Standards Rules are final, the pace of my Federal responsibilities will be a bit less. This will give me a chance to focus on Massachusetts and hospital/medical school governance. The measure of my success should be the projects we decide NOT to do, since great governance will set priorities and align them with limited budgets and fixed timeframes. A sign of failed governance is saying yes to everything, flogging staff until they resign in fatigue, and creating general dissatisfaction throughout the organization because scope is too large and resources are too small.
Convening and governance will be my role as a leader over the next year. Only when I can master that can I progress to my next leadership stage.
Monday, August 23, 2010
I've been lucky when it comes to health issues. In my 48 years of life, I've had Lyme disease twice (still not out of the woods), a corneal ulcer caused by windblown grit while kayaking across the Baltic Sea, a benign AV nodal reentry tachycardia, a kidney stone from dehydration, and elevated intraocular pressure (multiple generations of males in my family history had glaucoma). I've never broken a bone, had any GI/Neuro/Pulmonary/Rheumatological issues or taken any chronic medication, other than Xalatan for my intraocular pressure.
My family history is otherwise unremarkable.
Thus, it came as a complete surprise when the call came in at the end of last week that my father was having a posterior/inferior myocardial infarction and was on his way to the cath lab to be stented.
On Thursday night my wife and I flew to Los Angeles to be with him in the ICU.
The process of medical care is like any complex project - there's a technical part and there's a people part. The doctors and nurses did a remarkable job on the technical part. The role my wife and I played was to manage the people part - building confidence in my parents that everything would be okay, that the quality of life would be just fine, that returning home would be safe, and that the future would be bright.
We stocked the refrigerator with low fat vegan foods. We helped interpret patient education materials, discussed life style recommendations, and managed the process of transitioning from inpatient to outpatient.
Hospitals are a great place in a crisis, filled with professionals who can medicate, operate, and heal. But the larger social context of healthcare - the orchestration of emotions, calming of fears, and regaining the cadence of daily life requires a support system.
In the past, extended families lived together or at least clustered together in a community. With increasing specialization of employment, a challenging economy, and the ease of long distance travel, we've lost many of our family support systems. What I experienced was a remarkable coming together of a virtual extended family in support of my father. Colleagues, former employees, and friends gathered together to support my parents. My father was rarely alone during his ICU stay. In a world that can be filled with road rage, competition for resources, and a lack of civility, I was grateful to experience healthcare supported by the community around my family.
The circumstances, a heart attack, were bad, but the outcome was good. My father is back home, back to his usual routine, and the love and respect of his network of supporters will always be with him.
Friday, August 20, 2010
I've returned to Boston, to fast wireless networks, humidity, and traffic.
It's a marked contrast to my time on the John Muir trail. Not better or worse, just different.
On the trail, time slowed to the point that my measurement rubrics became dawn and sunset, the amount of water left in my hydration pack, and the time until my next snack.
I walked about 150 miles through the Sierra, up and down numerous peaks and passes. I gathered wild mushrooms (Leccinum, Lentinus, Agaricus). I ate numerous wild plants (waxy currants, gooseberry, swamp onion, mint). Temperatures varied from the 20's at night to the 60's during the day.
When I rested, I was joined by golden marmots, pikas, chickarees, Belding's ground squirrels, mule deer, and even a beaver, dragging an aspen branch across the trail at dawn.
During the day, my constant companions were Clark's nutcrackers, grouse, hairy woodpeckers, stellar jays, and the occasional great horned owl.
I stored my food in a 6 ounce Ursack, a kevlar bag approved for backcountry use everywhere along the Pacific Crest Trail except in Yosemite and Sequoia-King's Canyon. Since I never slept within the borders of those national parks, I was fine. No bears ever bothered the vegan food I was carrying.
My pack with food and water never weighed more than 10 pounds, enabling me to cover 20-25 miles per day with several thousand feet of daily elevation gain.
I only met two other north bound hikers along the trail but we walked at different paces, so I spent the time in solitude.
The physical challenge was not a problem - once I acclimated to 10,000 feet I had no problem with the hiking. The emotional challenge of being alone in the wilderness, with no one to speak with, no internet connection, and no pressure other than to keep warm and hydrated was admittedly a struggle.
Numerous studies have been done or are in progress to examine the effect of constant connectivity on our brains. We all develop a kind of ADHD, losing the ability to maintain focus, explore issues deeply, and savor the experience of the world around us.
The Last Child in the Woods explores the way our children have lost touch with the rhythm of the natural world.
It took a few days, but I regained the ability to sit on a rock, listen to the wind, and soak in the details of every flower, tree, and waterfall.
It's tempting to believe that I could maintain that reverie for months, living in that archetypal cabin in the woods that many of us dream about.
However, by the end of my trip, I realized that my highest and best purpose at this time in history is to share my technology, management, and problem solving skills with government, academic, and industry leaders to accelerate positive change. If I work hard enough, I can ensure my daughter and her future family never experience a medical error, a problem with care coordination, or a bankrupt healthcare system.
So, I'm back, recharged and rejuvenated, with a new sense of perspective. The world will continue to have its pessimists, its critics, and naysayers, some of whom will direct their ire at me. However, if I just think back to sitting on a rock in the Sierra, not knowing what time it was or having a to do list, I can keep it all in perspective. This time of Stimulus funding, healthcare reform, and meaningful use is creating high pressure, unreasonable deadlines, and unrealistic expectations for everyone. As long as we treat each other right and remind ourselves of the true cadence of the natural world around us, we'll be fine.
Posted by John Halamka at 6:47 AM
Friday, August 6, 2010
For 10 days every August, my family and I travel to an isolated canyon filled with aspen, pine, and wildflowers just north of Mono Lake in the Eastern Sierra.
This year, we'll hike, explore old mines, harvest sage, and study the complex ecosystem of the Mono Basin.
I'll also do a solo hike along 50 miles of the John Muir trail from Mammoth to Yosemite Valley.
From August 6-16, I'll have episodic web connectivity, so I will not be blogging.
By 6pm tonight, I'll be into the wild!
Posted by John Halamka at 4:00 AM
On Fridays I write about emerging technologies that I experience at the office and in my day to day life.
Recently, I wanted to join a colleague for an elegant meal in Washington DC which would enable us to catch up on many strategic issues during our dining experience. (We went to Nora - it was fabulous.)
A few moments after we agreed on the restaurant, an email appeared in my inbox from OpenTable with all the details - where, when, how to get there etc. Really amazing integration of email, the web, calendaring, and restaurant table availability databases.
OpenTable has created a software as a service model for supporting in restaurant and customer facing workflow that is easy to use, convenient, and timesaving.
I was curious about their business model and technology. I did some searching on the web and found a discussion forum entry that seems to explain it all. This is not an official OpenTable communication, so it may not be perfectly accurate, but it seems reasonable.
"I use OpenTable at work, so I can explain it pretty well. I believe the restaurant pays a flat rate per person, and that rate is higher for an online reservation versus a reservation taken in person or over the phone. The "high point" (a kind of coupon) reservations are actually for restaurants that want to fill tables at off-peak hours. I would imagine that these reservations are going to cost the restaurant significantly more than a normal reservation, which is why these are generally seen only at higher end restaurants.
There isn't a certain number of tables that can be booked only through OpenTable. When I make a reservation for someone over the phone, I use an interface quite similar to the one that you use online. The difference is that I can look through the whole book and decide that we can fit in another table at 7:30. So, if you look online and don't see the time slot you want, you can always call the restaurant to see if you can get a table at your desired time.
We can also take notes about your reservation (birthday, anniversary, wants a booth, needs a high chair, et cetera), and also keep permanent notes on each guest (prefers a certain waiter, always gets Fiji water, VIP, etc.). When you put a comment in online, it automatically shows up in our reservation notes. Along with that information, we also see if it's your first time at the restaurant, and if you have OpenTable VIP status."
A web-based, software as a service that supports restaurant and customer workflow. That's cool!
Thursday, August 5, 2010
I've written several posts about the need for civility, good karma, and a thoughtful process for every issue.
I have to react to negativity several times each day. As I review my email, I read numerous reports of challenges, frustration, and dissatisfaction. It's an expected part of being a senior leader in large, complex organizations and being a CIO.
Some of these emails have a controversial he said/she said character.
Responding to them requires tact and diplomacy. I want to support and protect my staff but also want to ensure we improve our processes in the interest of continuous quality improvement.
Recently, I read an article about the Shirley Sherrod case by Steve Adubato, who speaks and coaches on leadership and communication. His observations mirror many of the lessons I've learned when reacting to controversy.
*Don’t be so quick to judge if you haven’t heard the entire story.
*Due diligence is critical when it comes to communication.
*Realize how dangerous it is to assume.
*Get the whole message.
As my due diligence progresses, I find that many emails have the quality of Roseanne Roseannadanna (for you 1978-1980 Saturday Night Live Fans).
People misrepresent the facts, distort the truth to suit their own ends, and highlight events that are in their self interest and not the greater good.
It's really important to check out the facts from multiple stakeholders before drawing a conclusion.
It's really important to pick up the phone and talk through the issues, listening and taking an active interest in all sides of the story.
It's really important to suggest next steps, assign accountability, and deliver on your promises.
Understanding the facts, having a dialog, and meeting expectations for followup resolves most conflicts.
As with the Sherrod case, once you know the whole story, most controversies are not what they seem.
Wednesday, August 4, 2010
Recently at the Massachusetts Health Information Exchange (HIE) Ad Hoc Workgroup we made a list of the 7 services we intend to support in 2011 (Routing, Directories, Certificate management, Vocabularies, Population Health Aggregation, Quality Registries, and Consent) then we created a matrix of solution providers. HIE is an evolving market and I'm convinced that the next year will bring many new entrants. They key will be separating fact from fiction i.e. running software from powerpoint demonstrations. Here are a few thoughts from at the services list.
Routing - In Massachusetts we believe that machine to machine, EHR to EHR, and hub to hub routing is preferable to web-based portals since it ensures the workflow of health information exchanges happens inside the software that clinicians are using to deliver care. There are few machine to machine routing products available in the marketplace. Vendors offering general HIE products include Medicity, Axolotl, RelayHealth, Covisint, Epic, eClinicalWorks, GE, Orion, Medplus, Medseek, CareFx, Intersystems, Microsoft, dbMotion, HealthUnity and Patientkeeper. Of these I know of machine to machine solutions offered by Covisint, Epic, eClinicalWorks, General Electric, Orion, and Intersystems. Verizon is a new entrant and Ingenix is rumored to be preparing an offering. Surescripts offers medication routing and may be expanding into other areas.
Directories - an index of payers, providers, and public health entities is needed as part of routing to direct transactions to the right trading partner. I have yet to find a provider with a standards based (LDAP) or RESTful API for directory query and update. However, there are many sources of provider address data such as the Council for Affordable Quality Healthcare (CAQH).
Certificate Management - Public Key Infrastructure for organizations and providers is key to secure the endpoints in routing transactions. Providers of certificates and management tools include Verisign and Covisint, which has done work for the American Medical Association.
Vocabularies - the Federal Government is the major provider of vocabularies and code sets curated by the National Library of Medicine or licensed from Standards Development organizations.
Population Health Aggregation - There are existing public sector aggregators of data at the Federal (CDC), State (Department of Public Health) and City (local health departments) level. At the moment, I am unaware of commercial companies providing this functionality.
Quality Registries - Companies like Ingenix, and Healthcare Data Services offer aggregation of financial data. Community-wide repositories and specialty specific registries for quality reporting are an evolving marketplace largely comprised of self-built solutions.
Consent Management - Supporting patient controlled consent for health information exchange is key to building trust. There are a few emerging companies, including Private Access.
I welcome comments on other emerging companies in this space and experiences you have had with real world implementations of their products.
Tuesday, August 3, 2010
I recently joined my team while troubleshooting a complex infrastructure problem affecting our community EHR hosting private cloud.
From years of experience doing this, here are my lessons learned.
1. Once the problem is identified, the first step is to ascertain the scope. Call the users to determine what they are experiencing. Test the application or infrastructure yourself. Do not trust the monitoring tools if they indicate all is well but the users are complaining.
2. If the scope of the outage is large and the root cause is unknown, raise alarm bells early. It's far better to make an early all hands intervention with occasional false alarms than to intervene too late and have an extended outage because of a slow response.
3. Bring visibility to the process by having hourly updates, frequent bridge calls, and multiple eyes on the problem. Sometimes technical people become so focused they they do not have a sense of the time passing or insight into what they do not know. A multi-disciplinary approach with pre-determined progress reports prevents working in isolation and the pursuit of solutions that are unlikely to succeed.
4. Although frequent progress reports are important, you must allow the technical people to do their work. Senior management feels a great deal of pressure to resolve the situation. However, if 90% of the incident response effort is spent informing senior management and managing hovering stakeholders, then the heads down work to resolve the problem cannot get done.
5. Remember Occam's Razor that the simplest explanation is usually the correct one. In our recent incident all the evidence pointed to a malfunctioning firewall component. However all vendor testing and diagnostics indicated the firewall was functioning perfectly. Some hypothesized we had a very specific denial of service of attack. Others suggested a failure of windows networking components within the operating systems of the servers. Others thought we had an unusual virus attack. We removed the firewall from the network and everything came back up instantly. It's generally true that complex problems can be explained by a single simple failure.
6. It's very important to set deadlines in the response plan to avoid the "just one more hour and we'll solve it" problem. This is especially true if the outage is the result of a planned infrastructure change. Set a backout deadline and stick to it. Just as when I climb/hike, I set a point to turn around. Summiting is optional, but returning to the car is mandatory. Setting milestones for changes in course and sticking to your plan regardless of emotion is key.
7. Over communicate to the users. Most stakeholders are willing to tolerate downtime if you explain the actions being taken to restore service. Senior management needs to show their commitment, presence, and leadership of the incident.
8. Do not let pride get in the way. It's hard to admit mistakes and challenging to acknowledge what you do not know. There should be no blame or finger pointing during an outage resolution. After action debriefs can examine the root cause and suggest process changes to prevent outages in the future. Focus on getting the users back up rather than maintaining your ego.
9. Do not declare victory prematurely. It's tempting to assume the problem has been fixed and tell the users all is well. I recommend at least 24 hours of uninterrupted service under full user load before declaring victory.
10. Overall, IT leaders should focus on their trajectory not their day to day position. Outages can bring many emotions - fear for your job, anxiety about your reputation, sadness for the impact on the user community. Realize that time heals all and that individual outage incidents will be forgotten. By taking a long view of continuous quality improvement and evolution of functionality rather than being paralyzed by short term outage incidents, you will succeed over time.
Outages are painful, but they can bring people together. They can build trust, foster communication, and improve processes by testing downtime plans in a real world scenario. The result of our recent incident was a better plan for the future, improved infrastructure, and a universal understanding of the network design among the entire team - an excellent long term outcome. I apologized to all the users for a very complex firewall failure and we've moved on to the next challenge, regaining the trust of our stakeholders and enhancing clinical care with secure, reliable, and robust infrastructure.
Monday, August 2, 2010
On July 27 and 28, the Institute of Medicine hosted a workshop series, Electronic Infrastructure for the Learning Healthcare System: The Road to Continuous Improvement in Health and Healthcare, sponsored by ONC. Here's the agenda and the presentation materials.
The attendees included an amazing array of informaticians, professors, policymakers, scientists, and industry leaders.
I had the opportunity to serve as a panelist for Session 2: Technical strategies: Data Input, Access, Use and Beyond as well as to moderate Session 7: Perspectives on Innovation.
Here are few highlights from those sessions.
Technical strategies: Data Input, Access, Use and Beyond
Doug Fridsma (ONC) - We need a standards and interoperability framework that ensures accountability across the continuum of standards activities from business driven requirements to standards harmonization to implementation specifications to reference implementations to testing to certification. The National Information Exchange Model (NIEM) plus 10 RFPs from ONC will accomplish this. The RFP contractor selections will be announced in a few weeks.
Rebecca Kush (CDISC) - Re-use of data for multiple purposes is key. Rather than thinking of clinical research as a secondary use, we should put syntactic, semantic, and process interoperability in place with appropriate metadata and consent to facilitate data reuse for research with patient permission.
Jonathan Silverstein (University of Chicago) - Clouds are equivalent to remote hosting. Grids are equivalent to federated services. We should outsource complex and mundane tasks to cloud-based grid services providers to enable developers to focus on innovative functional modules.
Shaun Grannis (Regenstrief Institute) - The most important aspects of health information exchange are governance, value sets/mapping, and reassurance/trust in the community. Standards and use cases are not enough.
My summary of the five most important technical strategies for health information exchange:
1. There must be a business case for health information exchange. Meaningful use provides such a business case because stimulus funding depends upon it.
2. Policies must be developed in parallel with technology to build trust for health information exchange among stakeholders.
3. Standards for consent, vocabulary and especially transmission are a pre-requisite for interoperability
4. There is a need for metadata describing the source of data, where in the workflow it was captured, and who captured it.
5. Persistant consent controlled by the patient will enable data reuse as long as good metadata is included during health information exchange to enable opt-in release of selected data for a particular purpose by stakeholders in specific roles.
Perspectives on Innovation
Daniel Friedman (Public Health Informatics Institute) - There are no good data sources for functional status/well being. We need creative informatics solutions to bring together data from disparate sources to support novel applications for population health.
Molly Coye (Public Health Institute) - We need decision support, comparative effectiveness data, telehealth to connect patients/providers, and cloud/grid computing services.
Michael Liebhold (Institute of the Future) - We need "event driven medicine" that combines data just in time to offer decision support to providers. Resource Description Framework (RDF) subject/predicate/object syntax provides us with a toolset to bring semantic interoperability to the web.
Matthew Holt (Health 2.0) - We need navigators/advocates for patients. Social networks are powerful ways to bring together patients, providers, and payers.
My summary of the five most important technical strategies for innovation.
1. Decision support service providers in the cloud will become increasingly important.
2. Novel sources of data including patient sourced data will enable innovative approaches to population health.
3. Event Driven Medicine will enable us to turn data into information, knowledge and wisdom.
4. Social Networking applications are more than just a idle chat. They connect intellectual property, people, and ideas.
5. Identity management - figuring out how to uniquely identify patients and those who need to access data is key to innovative applications.
A great conference. I look forward to the next workshops and the IOM book that will result.