Friday, November 30, 2012

Cool Technology of the Week

Last week I had dinner with the CEO of a very successful software company.  He told me that 30% of all downtime for his products was caused by anti-virus software.

Given the sophistication of today's malware, it's clear that a new approach is needed to anti-virus software.

Intel introduced a virtualization component to their chipset a few years ago.   When they acquired anti-virus company McAfee, they collaborated to leverage their  "VT-x" chipset to catch advanced persistent threats and root kits, both of which run at the same privileged level as the typical anti-virus products.   The VT-x chip enables a security monitoring process which runs at a low level in a very highly privileged status in the chip.   It can monitor CPU and memory state changes and flag, quarantine or stop anything it sees as suspicious.      All new Intel-based, Windows 7 machines include this capabilities.  Here's a white paper about it.

For those of us who live in the trenches of information technology, malware and root kits are the bane of our desktop management staff because they cannot be cleaned with existing standard antivirus software and require re--imaging the machines.  

Anti-virus on a chip that cannot be disabled by malware.   That's cool!

Thursday, November 29, 2012

Building Unity Farm - The Guinea Fowl Who Lost His Mojo

Running a farm with 50 animals is like having 50 children.   There are going to be bumps and bruises, stumbles, and occasionally serious injury.

Last week, one of Guinea Fowl, named Piebald (because he's a patchy blend of black and white) flew into the male alpaca area which is guarded by our Great Pyrenees Mountain dogs, Bundle and Shiro.   Normally our dogs ignore our birds, since the dogs have lived with the poultry for most of their lives.  Piebald ran around the inside of the pasture fence and his fluttering attracted the dogs.  They wanted to "play" with Piebald by "fetching" him.    Within seconds of this happening, I ran to the pasture, body slammed the dogs to the ground with a sharp NO, indicating that eating a fellow citizen of Unity Farm is unacceptable behavior.

My wife picked up Piebald and began walking him back to the coop.   A few of his tail feathers were missing, his head had a few spots of blood, and he looked a bit traumatized but otherwise intact.    On the way back to the coop, he jumped from her hands and ran straight into the forest surrounding our farm.    Kathy and I spent an hour looking for him to no avail.   As darkness fell, we suspended our search.

The next morning he reappeared in the coop,  looking out of sorts.  That afternoon he disappeared again and spent the night in the forest.

The following day, he reappeared in the coop but his affect was very submissive.   Previously Piebald was high on the pecking order.   Now, he was being pecked at by his subordinates.  He lost his mojo.

He spent the day running away from the other Guineas and losing various pecking order battles.

His wounds had healed and he was eating/drinking vigorously.   He stayed in the coop overnight but slept with the chickens.

The next day he began cruising the property with the other guineas.   He regained his upright posture and assertiveness.

Today he's been leading the pack once again, completely comfortable with being a leader of  Guineas.   He's regained his stature.

Every day is an adventure at Unity Farm.  You never know what interpersonal dynamics will develop with the alpacas, llama, guineas, chickens, and dogs.   You never know who will squabble, who will have an injury/illness, and who will develop new behaviors.    If it wasn't for the rigors of being a CIO, I could spent the day watching the events of the barnyard - far more interesting than Fox News or CNN.

We've had life and death on the farm, sickness and health on the farm, joy and sorrow on the farm.    At the moment, everyone is healthy, happy, and knows their place in the pecking order.

As we prepare for the Christmas on the farm, it's good that our citizens are all at peace in their community.

Wednesday, November 28, 2012

Rethinking Remote Access

As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.   Who is responsible if

A personal unencrypted laptop with email containing personally identified/protected healthcare information is stolen?   The CIO of the institution providing email takes accountability and reports the theft to appropriate  government regulators.

An employee prints a web page on their home computer and patient data is discovered blowing around in a nearby dump?  The CIO of the institution hosting the patient data is responsible.

An employee with a malware infected but encrypted smartphone accesses a web application and a keystroke logger sends the username/password to hackers in Asia who use it to send spam.   The CIO is responsible for all the consequences.

Policy against using personal laptops, home desktops, and smartphones for processing of healthcare data is not sufficient.  CIOs must use technology controls to mitigate risk of data loss.

For example, BIDMC has already used AciveSync to enforce encryption of every smartphone accessing our network and to deny access to those smartphones that do not support encryption.

Personal laptops and home desktops are much harder to control.  Purchasing institutionally supported laptop/desktop devices for every user needing remote access would be cost prohibitive.  

Rather than try to manage the home clients that have multiple varieties of hardware, operating systems, and third party apps, it's more practical to impose restrictions on who can access resources remotely, where they can access resources from, and what they can do (block downloads and printing).   Solutions I've heard from industry experts include

1.  ActiveSync as the only means of smartphone email access with a configuration to require encryption of client devices.  Use Outlook Web Access as the only laptop email access method and close all other types of remote email access - WebDav, Web Exchange Services, and RPC over HTTPS, IMAP, POP
2.  SSLVPN for all remote access to all applications (including web portals) with configuration settings to prevent remote downloads and printing
3.  Citrix or Virtual Desktop Infrastructure, which typically does not persist data on local clients.

I've described security as a continuous improvement process - the journey is never done. I'm curious what you are doing to restrict remote access in a world of malware, BYOD, and enhanced regulatory enforcement.   Comments are welcome!

Tuesday, November 27, 2012

A Presentation to HIMSS in North Dakota

This morning, I joined a HIMSS group in North Dakota to discuss Meaningful Use Stage 2, Health Information Exchange, and Personal Health Records.

Here are the slides I used.

I was asked an interesting question about the transition from Stage 1 to Stage 2.

The Stage 2 Final Rule notes that as of 2014, any provider or hospital attesting to Stage 1 must use Stage 2 certified technology.   Since the capabilities of Stage 2 certified technology are different than Stage 1, the nature of meaningful use changes for those who begin the program late.

The details of the changes  to Stage 1 Core and Menu set objectives over time is summarized in this excerpt from the Stage 2 final rule.

A summary table of the effects is below, illustrating that the number of objectives changes as the certified technology changes.   I hope you find this useful.


Stage 1 (2011-2012)
Stage 1 (2013)
Stage 1 (2014+)
5 of 10
5 of 10
5 of 9


Stage 1 (2011-2012)
Stage 1 (2013
Stage 1 (2014+)
5 of 10
5 of 10
5 of 10

Thursday, November 22, 2012

Building Unity Farm - Thanksgiving on the Farm

Today was our first Thanksgiving at Unity Farm.   Although I've discussed the farm in detail, I've not described the home.   We live at the farm in a house adjacent to the pasture.   My father-in-law lives in the in-law wing, we live in the first floor. and our daughter has an area on the second floor.

The entire family selected vegetables from the farm and surrounding farms, then spent the day peeling, chopping, and preparing a vegan feast.  Just about everything but the Tofurkey was grown on the farm or within a mile of it.  We had

Tofurky with roasted potatoes and carrots
Celery and chestnut stuffing
Mashed potatoes
Green beans
Brussells sprouts
Sweet potatoes

A remarkable meal.

During dinner 30 turkeys dropped by the farm for a visit and roosted in the trees above our alpacas.   It's clear to me that the best place for a turkey on Thanksgiving is a vegan/vegetarian farm!

Wednesday, November 21, 2012

A Time for Giving Thanks

2012 has been a year of joys and sorrows.   My wife had breast cancer, my mother broke her hip,  my cat died of pancreatic cancer, I left my CIO role at Harvard Medical School to focus on BIDMC's emerging accountable care organization, and moved/consolidated two families from suburban houses into Unity Farm.

Some would consider this amount of change and challenge to be overwhelming.

I think of them as transformative.

It may sound strange to quote Marilyn Monroe when reflecting on Thanksgiving, but her words are appropriate:

“I believe that everything happens for a reason. People change so that you can learn to let go, things go wrong so that you appreciate them when they're right, you believe lies so you eventually learn to trust no one but yourself, and sometimes good things fall apart so better things can fall together.”

Without the catalyst of my wife's cancer diagnosis, we would not have sold our home and purchased the farm at a time when market conditions were ideal for both transactions.

My mother's hip fracture enabled us improve their house for accessibility and reconcile her medications.

My cat's unexpected illness educated us about animal care at a time when we took on the responsibility for 50 chickens, llamas/alpacas, and guinea fowl.

My job consolidation enabled me to channel all my passion and energy into healthcare information exchange at the federal, state, and local level such as the Massachusetts Golden Spike event.

Unity Farm has provided a healing environment for everyone in the family and the memories of the work required to sell two houses, close my wife's gallery and move her studio to the farm is fading fast.

BIDMC was ranked the #1 IT organization in America this year.  We were the first hospital in the country to attest to meaningful use and receive stimulus funding.  We achieved all our FY12 application and infrastructure goals.

Regardless of the events of any given day, temporary crises or urgencies pale in comparison to the well being of people.   As we approach Thanksgiving 2012, all the people in my world are good.

My wife and daughter are happy.   My parents are healthy.   My Federal and State colleagues are working hard on challenging projects they enjoy.   My BIDMC teammates are making a huge difference during the most exciting time in the history of healthcare IT.   The citizens of Unity Farm are loved and well cared for.

In 2012, the events of each day were sometimes negative, but the trajectory for the year has been overwhelmingly positive.

As I tell my daughter, it's unclear what the endpoint will be, but as long as the journey along the way is the best you can make it, everything will be ok.

After all the events of the past year, I remained convinced that the future will be bright.

Thanks to everyone who traveled the path with me this year.

Tuesday, November 20, 2012

The Patient Experience of EHRs

I'm often asked if the use of EHRs diminish clinician-patient interactions in the exam room.

At BIDMC, Jan Walker and Tom Delbanco  have done focus groups with patients about technology. Generally, they found that patients will embrace technology that gives them access to information about their care.  At BIDMC, where we have both a patient portal and Wi-Fi throughout the hospital, doctors often arrive at the bedside to find a patient viewing lab results on an iPad, ready with questions about their tests.

The literature studying outpatient offices with computers in the exam room suggest computers do not get in the way as long as clinicians are facile with them and maintain eye contact with patients.

Here are three articles:

"The examination room computers appeared to have positive effects on physician-patient interactions related to medical communication without significant negative effects on other areas such as time available for patient concerns. Further study is needed to better understand HIT use during outpatient visits."  J Am Med Inform Assoc. 2005;12:474–480. DOI 10.1197/jamia.M1741.

"Studies examining physician EHR use have found mostly neutral or positive effects on patient satisfaction, but primary care researchers need to conduct further research for a more definitive answer." J Am Board Fam Med 2009;22:553–562.

"With the implementation of the electronic medical record—called HealthConnect—in all exam rooms throughout the Kaiser Permanente health care delivery system, how computers in the exam room affects physician-patient communication is a new concern. Patient satisfaction scores were obtained for all primary and specialty care physicians in a large medical center in Southern California to determine how scores changed as physicians started using HealthConnect in the exam room. Results show no significant changes in patient satisfaction for these physicians. Although concerns were not realized that patient satisfaction might decrease after HealthConnect was introduced, there was also no evidence that introducing an electronic medical record in outpatient clinics increased patient satisfaction."  The Permanente Journal / Spring 2007/ Volume 11 No. 2

Clinicians have different approaches to the use of technology in the exam room - iPads, typing into a laptop, or just taking notes then entering data outside of the exam room.    When clinicians and patients work together to ensure safe, accurate, and timely record keeping, everyone wins.   Certainly, there may be awkwardness when clinicians struggle with new technology and patients perceive a change in attentiveness.  However, it is highly likely that as clinicians spend their entire practice lives using EHRs and all patient records are recorded in EHRs, that this awkwardness will disappear.   Just as mobile devices have replaced newspapers and magazines as the favored way for adults to access media, the EHR and PHR, as well as the processes needed to use them, will become a standard part of every clinical encounter, supporting rather than detracting from the patient experience.

Monday, November 19, 2012

A Novel Idea for Managing Consent

In 2008, I wrote about representing privacy preferences in an XML form that I called the Consent Assertion Markup language (CAML).

At the November HIT Standards Committee we discussed the draft Meaningful Use Stage 3 Request for Comment (RFC), which includes a measure relating to query for a patient's record.  The RFC suggests an exchange of authorization language to be signed by the patient in order to allow retrieval of the requested information.    Discussion elicited the suggestion that perhaps patient consent preferences might be included as metadata with the data exchanged so that the patient approved uses of the data - treatment/payment/operations, clinical trials, transmission to a third party - could be respected.

After the meeting, Dixie Baker proposed a simple, scalable and powerful approach to avoiding the necessity of either exchanging authorization language for signature, and the complexities involved in exchanging patient preferences as metadata.  Her suggested approach draws from both the CAML idea with the metadata idea, but simplifies privacy-management for both consumers and providers, while offering the kind of scalability needed for the dynamic, collaborative healthcare environment we envision.

Imagine that instead of having to fill out a new privacy-preferences form at each encounter, the consumer could select and manage her preferences with a single entity, and at every other encounter, would need only provide the URI to where her preferences were held.   Then, upon receipt of a request for her health information, an EHR would only need to query the privacy-management service at the URI she provided to determine whether the request could be honored.  Her preferences would be captured as structured, coded data to enable query, without having to exchange a complete "form" in order to adjudicate an access request.  Per the CAML idea, this XML could include queryable preferences about what data the patient consents to exchange with whom and in what circumstances.   This set of privacy preferences could be maintained by the patient and would include such concepts as institution-level permission to share data with partner insitituions, permission to send data using a health information exchange organization, and approval to use data for certain types of research.  

Instead of sending these preferences with the data itself, the metadata header in  Consolidated CDA summary exchange would include a Uniform Resource Identifier (URI) that points to the privacy-management service where the patient's privacy preferences are held.

This simple idea - represent patient's privacy preferences/consents in query-able XML at a specific URI - enables an entirely new approach to health information exchange, while making it easier for consumers to make meaningful choices, and manage them over time.

For example

1.   A hospital is "pushed" a patient record from a primary caregiver.   The hospital wants to push that data to a specialist.   Before any data transfer is done to an outside organization, the URI is retrieved from the metadata and the patient's current consent preferences are applied to the data exchange.

2.   An emergency department wants to pull data from multiple data sources to ensure safe, quality, efficient care of an unconscious patient.   The URI of service holding the patient's privacy preferences is available from the state HIE, and the data is retrieved from various sources per the patient's preferences.

3.  At discharge, the patient's information is to be pushed to the patient and the primary caregiver/referring clinician per meaningful use stage 2 requirements.   Before the push happens, the patient's URI is checked for current data exchange preferences.

As we continue to work on a variety of "meaningful consent" approaches and support complex state privacy policy variants, the notion of recording patient privacy preferences in a place that is under the control of the patient and is query-able via a simple XML makes great sense.

I look forward to continued discussion of Dixie's ideas at the next Standards Committee meeting.

Friday, November 16, 2012

Cool Technology of the Week

My daughter and one of my blog followers recently told me about a Japanese cultural phenomena that is truly a cool technology.

One of the hottest concert pop stars in Japan is an anime hologram with a vocal synthesizer.  Meet Hatsune Miku who appears in live concerts, despite the fact that she does not exist.

She's a vocaloid created with software that anyone can use to create realistic rock performances.

Ms. Miku is not alone.  She's done duets with fellow vocaloid hologram Megurine Luka.

Wired Magazine described the technology behind the creation of a wholly digital pop star.
Hatsune Miku is a cultural phenomenon in Japan, yet she lives only in the digital world.

That's cool!

Thursday, November 15, 2012

Building Unity Farm - The Community

One of the most important aspects of choosing a farm property is the community around you
* What is the zoning?
* How will your neighbors react to wandering guinea fowl or an escaped llama?
* Are there other farms nearby?

For our farm, we chose Sherborn, a very agriculturally friendly town just west of Boston.

The Sherborn town bylaws indicate that no agricultural pursuit can be restricted.   Of course, various wetland restrictions and environmental controls apply, but if we wanted to raise ostriches and emus on our 15 acres, we could.  Our land was previously a 200 acre farm and our only current neighbors are a 55 acre apple orchard and a 15 acre property used for horse rescue/mini-donkeys.    Those neighbors admire and support our livestock.  

But what about nearby farms?

This week, we ate foods gathered or purchased from our farm and surrounding farms (photo above).

The western border of our property is the Dowse orchard.   At the Dowse Orchard Farm Stand  we purchased:
Romaine and red leaf lettuce
Field broccoli
Apples (Mac, Cortland and Empire)
Local seasonal pies
Fresh pressed apple cider

Just over the hill from us is a 1700's dairy farm - the Sunshine Farm.
We purchased:
Field turnips
Field carrots
Field onions
Homemade sweet corn veggie pizza

Just down the street from us is the Sweet Meadow Farm where we purchased sugar pumpkins and grain/hay for our animals.

At our own Unity Farm, we gather 8 eggs per day from our chickens.   This season we grew eggplant, garlic, onions, and potatoes in our raised beds.   In our kitchen garden we grew parsley, sage, rosemary and thyme.   We planted our own apple orchard and will be planting an acre of high bush blueberries in the Spring.  We're building  a 20 foot x 72 foot hoop house that will enable us to grow year round produce.

Nearby, the Boston Honey Company runs a Honey CSA.  Our share this year included fresh combs and local wildflower honey.

 If December 21, 2012 really does bring cataclysmic or transformative events, living in Sherborn is good preparation for self sufficiency.   From our perspective, it's an ideal farm community.

Wednesday, November 14, 2012

The Next Generation of Entrepreneurs

When I was 13 years old, the Altair 8800 appeared on the cover of Popular Electronics.   By 16, I was building enough hardware and software that I achieved the Malcolm Gladwell 10,000 hours of competency by age 18.     By 19, I founded a company that produced tax calculation software for the Kaypro, Osborne, and new IBM PC.   Every week in the Silicon Valley of the early 1980's brought a new startup into the nascent desktop computer industry.

To me, we're in a similar era - a perfect storm for innovation fueled by several factors.  Young entrepreneurs are identifying problems to be rapidly solved by evolving technologies in an economy where existing "old school" businesses are offering few opportunities.

This morning, I lectured to an entire classroom of MIT Sloan school entrepreneurs .   Today the Boston Globe published articles about the Harvard Innovation Lab and the Mayor's efforts to connect entrepreneurial students with mentors.

Tonight I'll introduce a Harvard Medical School entrepreneurial team at the Boston TechStars event .

This pace of innovation reminds of that time 30 years ago when Sand Hill Road was just beginning its evolution to the hotbed of venture investing it is today.

Who are these new entrepreneurs and what kind of work are they doing?   Tonight I'll be introducing Lissy Hu and Gretchen Fuller.

Lissy Hu is passionate about helping patients find the right care. Her clinical experiences at leading Boston and New York hospitals have shown her first-hand the frustrations her patients and their families face when finding after-care. Lissy previously worked on a Medicare demonstration project involving transitions in care for 3,000 medically-complex patients. She is currently on-leave from the Harvard Medical School and Harvard Business School joint-degree program. Lissy hopes to leverage her clinical and business insights to engage in social entrepreneurship and tackle healthcare’s most challenging problems. Lissy graduated from Columbia University Phi Beta Kappa, Summa Cum Laude, and with Honors in her major.

Gretchen Fuller is committed to improving healthcare quality and communication amongst providers and patients. At Harvard Medical School, she co-directed a student group ( dedicated to improving medical school education on healthcare policy: this organization was responsible for creating course material that is now part of a mandatory Health Policy course. She spent the last year spearheading three healthcare quality investigations at 5 hospitals in Buenos Aires, Argentina, including projects on problematic patient handoffs, barriers to the use of surgical checklists, and medical school curricula on patient safety. Gretchen graduated Cum Laude in Biology at Harvard University, where she also captained the Division I Field Hockey team.

They will be presenting CarePort, a software startup improving patient transitions from hospitals to post-acute care providers though an easy-to-use online booking engine.

As I know well from my mother's recent hip fracture, many patients require additional care after a hospital stay. The current process of discharging patients to post-hospital care providers is complex, confusing, and cumbersome.  Careport connects patients, hospitals, and care facilities directly. Patients and their families, along with hospitals, can search for care facilities that meet their clinical needs and book reservations immediately. Careport also tracks patient care in the hospital and post-acute care settings and communicates critical clinical information back to primary caregivers, thereby ensuring effective care coordination.  Careport identifies variables driving medical complications, readmissions, and patient satisfaction.

I am convinced that Meaningful Use Stage 2, with its focus on increased interoperability, and Meaningful Use Stage 3, with its proposed enhancements to patient and family engagement, will accelerate the demand for products like Careport.  Modular certification will make it much easier for  young entrepreneurs to make their products part of the physician and hospital software set used for attestation.

It's an exciting time to watch the creativity of the next generation fixing healthcare.  With Techstars, Rock Health, Healthbox and other incubators/accelerators combined with Datapaloozas and innovation competitions, I'm convinced the breakthroughs we need in healthcare process improvement will be invented by the twenty-somethings and not mid career professionals in established companies.

So immerse yourself in advising and mentoring these people.    Tonight, I will be.

Tuesday, November 13, 2012

The November HIT Standards Committee Meeting

The 42nd meeting of the HIT Standards Committee began with an inspirational introduction from Farzad Mostashari.    He told us that the HIT Standards Committee members should keep their  "eyes on the prize and feet on the ground".   We should be aspirational in reviewing the Meaningful Use Stage 3 criteria, identifying standards recommendations for 2016 which are likely, which are possible with focus, and which are unrealistic.    We should not be intimated by all the ideas in the Meaningful Use Stage 3 request for comment, but realize that unless all ideas are considered, we'll regret not thinking broadly about important safety, quality, and efficiency improvements.    As the request for comments process progresses, the doable priorities will emerge.    The public release of the Stage 3 request for comment will occur later this week, with comments due in January.

Michelle Nelson, ONC Meaningful Use Workgroup Lead, presented the Meaningful Use Stage 3 recommendations, assisted by Doug Fridsma and Jodi Daniel.   We reviewed the Stage 3 recommendations line by line, noting that the Policy Committee had included some data exchanges that the Standards Committee suggested were unlikely to occur by 2016.    Although most of the Standards Committee advice was incorporated, the Policy Committee felt some goals were so important they were worth pushing.    Overall, the Standards Committee commented that the Meaningful Use Stage 3 recommendations need to be grouped into common policy goals, be less workflow prescriptive and more outcomes oriented, take into account the burden of implementation, and focus on a few significant improvements to EHRs that would accelerate several goals.   For example, if all EHRs became QueryHealth compliant then clinical trials, quality measures, and population health reporting would all be simplified.   As a next step, ONC will reorganize the Stage 3 material into policy clusters and themes for assignment to the Standards Committee for detailed standards recommendations.

Next, Dixie Baker presented a Privacy and Security Workgroup Update regarding security and privacy criteria for modular EHR certification.    Their concern is that without security and privacy guidelines, we could end up with a module that weakens protections and data integrity of the enterprise.   Dixie suggested several paths forward and the Committee decided that Modular EHRs should be required to demonstrate compliance with the Meaningful Use security criteria by either including features within the module or by making calls (standards-based or non-standards based) to other applications which provide the needed security.

Doug Fridsma provided an update on S&I Framework projects and focused on the Automate Blue Button initiative to support patient "subscription" to their healthcare data or automated requests for delivery of their data.

Kate Goodrich from CMS provided an overview of efforts to "re-boot" Clinical Quality Measures by
*Eliminating abstracting and skip methods that based on paper
*Using new measures that are EHR-based, not old measures that are retooled to work with EHRs
*Reducing complex exclusionary criteria in numerators and denominators
*Consolidating measures across various programs - ACO, PQRS, CMS Core etc.

We then heard three presentations that are part of efforts to simplify future stages of Meaningful Use by providing national infrastructure.

Ivor D'Souza from the National Library of Medicine presented the Value Set Authority Center , which is now open for business.   This valuable resource provides downloadable/searchable vocabularies and code sets that support Meaningful Use Stage 2.

Christopher Chute from Mayo Clinic presented Common Terminology Services 2 (CTS2) which provide an easy way to exchange code sets in batch from sources such as the Value Set Authority Center.   I've posted previously about CTS2.

Michael Fitzmaurice presented the United States Health Information Knowledgebase.  It includes access to Chris Chute's Value Set Authority Center Common Terminology Services application. I've posted previously about USHIK.

Lastly, we heard from Carol Bean about the Meaningful Use Stage 2 Testing and Certification details.     We look forward to piloting the scripts before they are placed into production.

An important meeting that set the stage for deliberations on Stage 3.   I look forward to simplifying the Stage 3 recommendations into common themes that reduce the burden on implementers.

Monday, November 12, 2012

Protect, Protect, Protect. Now Share

Later this week, I'm joining a webinar about security and health information exchange.

A theme I discuss frequently in my keynotes and lectures is the current regulatory challenge which suggests we should engage patients/families,  share data for care coordination in accountable care organizations, and use registries to analyze population health/public health all while keeping the data security and respecting patient privacy preferences.   It's a tall order.

As I've posted previously, BIDMC hired Deloitte to perform a security assessment of our policies and technologies.   Going through the assessment has given me a great opportunity to review the security standard practices in the healthcare industry and the best practices across all industries.

We've reviewed emerging techniques in Data Loss Prevention (DLP),  Governance/Risk/Compliance (GRC) tools, Enterprise audit log analysis tools, Learning Management Systems, and Network Access Control.

BIDMC has implemented or is implementing most of these.

At the same time, we're passionate about healthcare information exchange technologies for provider/provider summaries and patient/provider communications (portals, automated blue button, and state hie connections to patients).

Here are the slides I'll use in the webinar, illustrating that it possible to secure the enterprise and at the same time use Direct-enabled, certificate protected, health information exchange with patients, providers, and payers.

The most secure library in the world would not check out any books - it would be a secure but useless library.   We must protect privacy and at the some time share information.   It is possible to achieve a balance that does both.

I look forward to the webinar.

Friday, November 9, 2012

Cool Technology of the Week

While I was at AMIA this week, Will Ross of Redwood MedNet, introduced me to a low cost interoperability solution for small practices in rural locations.   It's similar in concept to the interoperability appliances that Massachusetts has used in its HIE.  Will calls his appliance the
 "HIE Plug".

The HIE Plug is a secure health data endpoint built on a generic small form factor hardware device.  The all open source software stack runs on a Marvel Kirkwood ARM CPU @ 1.2Ghz with 512M RAM.  The hardware draws under 5 watts of power.

• 2 x Gigabit Ethernet 10/100/1000 Mbps
• 2 x USB 2.0 ports (Host)
• 1 x eSATA 2.0 port- 3Gbps SATAII
• 1 x SD Socket for user expansion/application
• WiFi: 802.11 b/g/n
• Bluetooth: Bluetooth 2.1 + EDR

This hardware is marketed under the trade name "DreamPlug".

The HIE Plug open source software stack installed on the device includes:

1.  Debian Wheezy with the Linux 3.* kernel.

2.  EncFS provides an encrypted filesystem in user-space running without any special permissions and with the FUSE library and Linux kernel module to provide the filesystem interface.

3.  Mirth Connect - health data integration engine, a robust Enterprise Service Bus tool fluent in all common health data formats and communication services.  Mirth Connect includes a robust dashboard to manage many individual integration engine channels, which can be taught variously to listen for data, push data, pull data, transform data, etc.  Mirth Connect channels are written in Javascript.

4.  Apache Derby database stores the health data messages prior to forwarding to the HIE.  The database runs in the encrypted filesystem.  If power to the device is lost the part of the filesystem where the database resides cannot be re-mounted and unencrypted without the proper credentials. Local storage can be configured to trim/remove its local store of messages at a pre-defined time.

5.  OpenVPN client bundle for secure TLS connectivity back to the managed VPN Access Server.

6.  Samba (file server) and CUPS (print server) installed.  Either one or both can be configured and deployed as needed - - no services are enabled by default.  This allows delivery or consumption of a file through a shared folder on the HIE Plug, or delivery of a print job to an internal network printer or a remote network printer.

7.  lighttpd webserver -  to provide web based applications or information to clients.

The HIE Plug was tested in a pilot deployment at three sites in early 2012, and is now rolling out to general production across dozens of health care facilities participating in Redwood MedNet.   Up front deployment cost is $300 per practice.  Technical support by Redwood MedNet is included under the standard HIE bidirectional data service subscription fee, which is $200/provider/year for outpatient practices.

Mirth has been used for Direct demonstrations, so it is a very reasonable choice as an integration engine supporting Meaningful Use Stage 2 exchanges.

A $300 HISP in a box - that's cool!

Thursday, November 8, 2012

Building Unity Farm - Preparing for Winter

This week we've had our first hard freeze in Massachusetts - 22 degree temperatures last night.   How have we prepared the farm for winter?

1.  All outside water supplies are off and drained.   A yard hydrant provides water inside the barn and since its water supply is 4 feet below ground, deeper than the frost line, it does not freeze.

2.  All barn doors and windows are closed to minimize wind inside.  Extra straw provides a layer of insulation.   The animals are fully fleeced.   Llama/Alpaca and Great Pyrenees Mountain dogs enjoy the cold weather - it's the wind and the rain that is problematic.   The barn protects them.

3.  All our over wintering raised bed plants (such as garlic and various herbs) have been protected under salt marsh hay or moved indoors.

4. We use heated buckets to keep water from freezing in the barn.   We use a thermostatically controlled chicken waterer base to keep the coop water from freezing.

5. Although the coop keeps the chickens out of the wind and rain, we need to protect their sensitive combs and waddles.   We put 150 watt heater panels near their nightly roosting area and near their daily eating area.   They can always seek a warm up when the temperature plummets.

One issue we're still addressing - what to do if power fails.   We are currently installing a propane fueled generator to ensure our animals have heat, light and water even if falling trees or severe winds bring down power lines.    During Hurricane Sandy we lost power for 7 hours.  We stored a few days of water in the barn just in case, but did not need them.

We have enough food stored in our barn loft to last until Spring for all the animals.

The first hard freeze went well.   I think we're ready for our first winter on Unity Farm.

Wednesday, November 7, 2012

The United States Health Information Knowledgebase

I have long suggested that we have a single place to access standards, implementation guides, test scripts, guidelines, and code sets.

The National Library of Medicine is building a national resource for vocabularies and code sets.

In the meantime, the best centralized resource we have for HIT related knowledge assets is the United States Health Information Knowledgebase (USHIK)

USHIK is an on-line, publicly accessible registry and repository of healthcare-related data, metadata and standards.

In particular, I think you will find the Meaningful Use Stage 2 criteria listed on the site (including the quality measures) to be particularly useful.

Go to the USHIK site and click on Meaningful Use box at the top left. You will be directed to that site.

Once there you can click on Value Sets or click on Download (on left-hand side) to get to the files.  

Thanks much to AHRQ and Michael Fitzmaurice for creating and curating USHIK.

Tuesday, November 6, 2012

The AMIA Healthcare Information Exchange Debate

Today I'm in Chicago at the American Medical Informatics Association annual meeting, joining my colleagues Mark Frisse, Bill Yasnoff and Latanya Sweeney to debate the question:

"Resolved - Health information exchange organizations should shift their principal focus to consumer-mediated exchange in order to facilitate the rapid development of effective, scalable, and sustainable health information infrastructure."

Mark and I were assigned "oppose".   Bill and Latanya were assigned "support".   It was made clear that our positions were assigned and did not necessary reflect our personal opinions.  (Note to Christine Bechtel and Leslie Kelly Hall - you know how I feel about the question of patient and family engagement.)

Here's what I said:

I really like the idea of patient mediated exchange and eventually we will widely support both provider and patient mediated exchange (as Meaningful Use Stage 2 will require).  However, in the short term, there are implementation issues that will delay widespread use of patient mediated exchange.

a.  There are 500,000 providers in the US and 300 million patients.   Doing identity management on 500,000 licensed/credentialed professionals easier than issuing credentials to 300 million patients.
b.  Clinicians fear that loss of data integrity will result in increased liability.   How will we ensure the non-repudiatibility of data exchanged between providers if patients collect and edit it first i.e. might Tylenol #3 for pain be changed to Oxycontin for pain?  At present we lack the metadata and digital signatures that will guarantee provenance and integrity of patient mediated data
c.  Many EHRs include features that support provider to provider workflow, but few accept incoming patient generated or stewarded data

These are short term issues that will be address in the next few  years, but the resolution calls for "rapid development".  

Why will provider to provider exchange be more rapid to implement?

1.  Provider mediated exchange is simple

HIEs can push data from organizational entity to organizational entity without having to uniquely identify the patient on a community-wide level.   Although there are many Mary Smith's in the community, there are very few in an individual provider's practice. When a message arrives to a provider concerning Mary Smith, the provider can easily attach it to the correct record.    In Massachusetts there are 20,000 providers and many are associated with a few large organizations running about a dozen different EHRs.  In our HIE we can do connect everyone with a few hundred organization level network connections.   Compare this complexity with the issue of messaging to 7 million unique patients.    

2.  Public and Private provider-based exchanges are already implemented.  Per a recent survey completed at the School of Public Health, over 100 HIEs are actively exchanging real data in the US.  Massachusetts has been exchanging data since 1997 and its HIEs have always been sustainable.

3.  Pushing data between providers does not require complex consent frameworks, it simply replaces the fax machine used in today's processes.   Thus the policies around using an HIE for pushing data are already in place.

4.  Existing EHRs and PHRs support provider directed exchange, since many federal and state demonstration projects have focused on provider-based architectures.

5.  Although we ultimately need both provider and consumer mediated exchanges, I predict 80% of patients will defer to their provider.  My parents, like many older Americans believe  their providers should collect and organize the data, serving as a kind of patient-centered electronic medical home.   Patients can view the collected data via the PHR offered by their primary care clinician.

I wonderful set of point/counterpoint discussion on this topic filled 90 minutes.

The end result - the audience seemed evenly split on the resolution.   We were both right - provider and patient mediated exchanges are needed.

A great discussion.

Monday, November 5, 2012

The Election and Healthcare IT

Tomorrow the Presidential election process comes to an end and the advertising will finally stop.   We'll all be relieved.   I especially look forward to a quiet dinner at home without robotic election-related calls.

What about healthcare IT?  Will differences in the Obama and Romney platforms impact the momentum of Meaningful Use?

Here's what I believe.

The Obama Healthcare IT platform builds on what we've created over the past few years.   It will continue to leverage the federal advisory committees (Policy and Standards) to engage a wide array of stakeholders.   It will persist the progression to Meaningful Use Stage 3 and possibly future stages.   It will embrace certification now the temporary certification process has been replaced with a permanent one.   It will support the initiatives of the Standards and Interoperability framework (S&I), although the end of stimulus funds from ARRA means that ONC will move some of the S&I initiatives to private/public partnerships.  It will support the current leadership at ONC - Farzad and his delegates such as Steve Posnack, Doug Fridsma, and Judy Murphy.

The Romney Healthcare IT platform notes that information technology has broad bipartisan support.   No one argues that a foundation of healthcare IT implemented properly is essential for accountable care organizations.   Quality, safety, and efficiency  all benefit from the process enhancement afforded by healthcare IT.    Michael Leavitt, former Secretary of HHS and chair of the American Health Information Community (AHIC) will lead the Romney transition team and Leavitt has years of experience with healthcare IT issues from the early days of ONC.     As Governor of Massachusetts, Romney supported the early EHR rollout efforts of the Massachusetts eHealth Collaborative.

However, there have been aspects of the Romney Healthcare IT platform which are concerning.

In my conversations with reporters, there has been a consensus that the Romney campaign will terminate stimulus related programs such as Meaningful Use.  I'm concerned that eliminating Stage 2 and 3 stimulus dollars would slow the pace of adoption we've achieved over the past few years.

Further, the Romney campaign has noted that interoperability standards are lacking and if vendors are given a mandate, standards will be widely adopted.

I'm concerned that Romney's advisors do not realize how successful the federal advisory committee process has been.   The Healthcare IT Standards Panel (HITSP) in the Bush administration was a wonderful group of people trying very hard to make a difference.  When Obama was first elected I suggested that continuing HITSP would be better than forming a new federal advisory committee (Healthcare IT Standards Committee - HITSC).

Over the past four years, I've realized that HITSC has engaged more stakeholders and recommended simpler, easy to implement standards because it was not dominated by vendors which introduce their own biases.    Giving standards-making to a consortium of vendors would be a step backwards.

I always try to ignore election year politics and work above the fray.  Regardless of who is elected, I will work with them and continue my passion for standards and interoperability.

If Romney is elected let's hope he is a funder of healthcare IT and not just a cheerleader.   Let's also hope that he examines the lessons learned over the past 8 years and realizes that we're on the right track for interoperability.   Eliminating meaningful use and turning standards-making over to the vendors would not accelerate our progress.

Friday, November 2, 2012

Cool Technology of the Week

While in China last week, I participated in a ribbon cutting ceremony for a new private (rather than public) funded hospital. Each patient room included several high tech amenities including showers that transition from clear glass to frosted glass at the touch of the button.

How is that accomplished?   Simple - smart glass that  employs polymer dispersed liquid crystal devices.

A liquid mix of polymer and liquid crystals is placed between two sheets of glass.  When no voltage is applied, the crystals are randomly aligned and the panel is translucent.   When voltage is applied, the crystals are aligned and light passes without scattering, making it appear clear.

No curtains and no blinds are needed.

If power fails, privacy is protected.

Glass that changes from cloudy to clear at the touch of button.   That's cool!

Thursday, November 1, 2012

Building Unity Farm - Animal Healthcare

In addition to physical maintenance of the farm (food, water, and manure management), my wife and I are responsible for all the animal healthcare.  We have a traveling vet, Cindy Fuhs, who can manage the major issues (what do you do when your llama has a breech birth?), but there are daily and monthly aspects of care and wellness we manage ourselves.

Here's a summary of what we do by species

Like all flocks, ours has a pecking order.  Those lowest on the pecking order can develop dermatological conditions when their feathers are pulled out or they are scratched by chickens higher on the pecking order.    Our chickens get along particularly well (even our two roosters), but we have snap on "chicken jackets" we can use to protect exposed skin if feathers become too thin.   All our hens receive supplemental calcium which they can eat freelyto ensure they have enough raw materials to create strong eggs.   Barnyards host moisture loving bacteria and species like pseudomonas can cause devastating eye infections.  Each day when they return to their roost I examine their eyes for discharge or any signs of trauma that could lead to infection.   Our most docile chicken did have a corneal abrasion from pecking and developed a pseudomonas infected corneal ulcer.   I treated it with a fluoroquinolone (ofloxacin eye drops) a few hours after it started and the chicken is now completely well.

Guinea fowl:
The guineas are free ranging and experience a wide array of foods, predators, and physical activity as they explore our 15 acres of woodlands.  Each night when they come home to roost, I examine them for any signs of physical injury.  I also watch their eyes for signs of infection.   Finally I watch for changes in their bowel habits as an early sign of systemic infection or parasites that could lead to dehydration or weight loss.

One of the clearest indications of overall camelid health is weight loss.  Every month we weigh every animal using a 4 foot long "stand on" platform scale.   Since coming to our farm, every animal has gained 10 pounds, putting them near their ideal weights.   You do not want obese animals so every month we check their "body score", the camelid equivalent of the triceps fat measurement test, to ensure their bodies are fit.   Parasitic infections are a significant issue during warm months in New England, so from April to October we give injections of Ivermectin.   During our monthly herd health examinations, we clean their ears, examine their eyes, and check for fungal infections between their toes.   We do an overall dermatological check and treat any skin lesions with the same approach used in humans per the medical student dictum "if it is dry, make it wet.  if it is wet, make it dry.  always use steroids".   Finally we trim all toenails every month, a particularly fun job with a 300 pound llama.

Our veterinary care is very similar to that which many of you do already - control fleas/ticks, prevent heart worm, monitor oral health, and support overall physical well being.   Our Great Pyrenees puppy recently had a corneal abrasion when he accidentally ran under the llama and she stepped on him.    We treated that with ofloxacin.    One of our house cats died of stage 4 pancreatic cancer - we did home hospice care with morphine analogs.

We examine the rabbits for signs of physical injury, skin problems, and eye issues.  Our male rabbit had a corneal abrasion caused by pecking from one of the chickens.  We treated him with ofloxacin.

The number of eye issues this summer seems high but it was likely due to the startup of the farm - we move all the animals into new surroundings and created many new interactions.   Now that everyone is comfortable with their living quarters and each other, I do not expect many future physical injuries.

My emergency medicine training definitely comes in handy while caring for the citizens of Unity farm.   I only wish they were a little more forthcoming with chief complaints and history.  It's hard to deliver care when your patients are non-verbal.  Hat's off to veterinarians everywhere!