Health of the Source

I pretty regularly give a talk entitled “The health of the source”. The subject of the talk is everything that has happened in health FOSS, since the last time I gave the talk. Thankfully things move along fast enough that I am never short of content. You will find this article dripping with useful bias and opinion. This is not merely a list of projects but also what I think of the projects. I might be omitting your favorite project intentionally, because I think it is irrelevant, OR out of ignorance, OR because I am limiting the scope. For instance this time I did not include much on clinical research (openclinica) or imaging, since my TEPR audience might not be interested in those.

This intended to reference Larry Walls regular summary of the perl community typically entitled “state of the onion“. (I am suffering from pun envy here… if you have something better… let me know) As I was writing yet another throw-away Open Office presentation, I was lamenting the fact that I had not posted anything really meaty on my blog lately, and I thought I should post my presentation. Then I was thinking how each page of my presentation would really serve as a blog post by itself. Then I realized that I could write one blog post, and if I kept each page short enough to fit above the fold on my little laptop, I could make a postentation. ( <- just invented this word)

So if you would like, you can now read my latest presentation just by clicking on the page numbers on this post. Hopefully it is coherent enough to read without me talking about each slide. But if not, leave me a comment and I will try and fix things.

Defining terms

(Update August 9th 2016: This site has been dead for some time. But there is a wayback machine link that lives on)

NAHIT has released its definitions.

In summary:

An EMR is a record for the doctor.

An EHR is a record for the doctors. (with data ready to move)

A PHR is a record for the patient.

A HIE is the process of moving health data.

A HIO is a O that does HIE.

A RHIO is a HIO that is Regional.

Well now that that is settled, I am sure that the whole industry will stop using the terms EMR and EHR interchangeably. I am sure that no one will refer to a RHIO as an HIE.

Thank God for the government.


What do about the VA crisis: the aboveground railroad

Dana has just written a new article Why are reformers destroying Veterans’ health computer system. It focuses on the disastrous centralization movement within the VA. Specifically it references Roger Maduro’s impeccably researched editorial in the Jan 2008 edition of Vista News which Roger edits.

Roger and I tend to see this issue in the same way. I was defended VistA in a Government Health IT article and I have written an article on the reason that the new Cerner lab system is a threat to VistA. That threat is hard to really comprehend until you understand what makes VA VistA good in the first place.

If my comments have been your only exposure to this crisis, then I would definitely take the time to read Roger’s editorial. Where I skim the surface of the issue, Roger examines the issue with the careful eye of someone who is far more familiar with both the VA and VistA. I learned much from the article and I consider myself relatively informed with regards to VistA. By relatively I mean “relative to the general population”.

But what to do about it. I recently listened to an excellent video interview with Tom Munnecke on early VA VistA history. What struck me about the interview is that Tom, like many VistA enthusiasts, views the movement between centralization and decentralization as a pendulum. The problem with this is that during periods of centralization, VistA starves.

Like all projects based on open source development models, VistA needs long-term leadership and stewardship. Currently, this leadership is either political, driven by the whims of presidents and congress, or bureaucratic, driven by permanent government employees who range from wildly incompetent with regards to Health IT, to amazingly capable. The best VistA can hope for, under the current model, is a good bureaucrat. The model needs to change. VistA was created by a community of computer programmers and clinicians working together. A similar community needs to be placed in charge again.

My proposal is for Congress to create a new council to make a clinical software design, development, and deployment decisions within the VA. Here are the rules for the new council.

  • The council should have 9 members at a time, similar to supreme court justices.
  • The council term should be for ten years. (the initial term should be split to ensure that members do not rotate out all at once.) Long terms are required for stability past the possible term of a single U.S. President. Members should be limited to one full term.
  • The initial members of the council should be elected by the card-carrying members of the underground railroad, and the local CIOs of the current VA hospitals, the national VA, Indian Health Services, the CIOs of hospitals outside the VA running VistA (including internationally) and the CEOs of software vendors who support VistA. The national VA should be able to appoint 1 member. The local VA CIOS should be able to elect 2 members. The underground railroad should be able to appoint 3 members. The outside CIOs should elect 1 member, the vendors should elect 1 member and Indian Health Services should elect 1 member. (Update March 2011 added private CIOs, Vista Vendors and Indian Health Services)
  • (Added 2010:) As I think about it, all council members should be able to code at least a little, some of them should -also- (and not alternatively) be clinicians.
  • Future elections will be held in the same way, except former council members will then vote with the underground railroad.
  • The council should have separate funding for 1 million dollars per year to handle incidental costs of meeting and small stipends.
  • The council should be able to meet in person on a quarterly basis, and via conference call once a week. The council can choose to invite anyone it wants to these meetings as guests. The travel for both the guests and the council will be funded by the one million per year.
  • The IT budget for the VA will be split into two parts. Any system that houses clinical information will be under the control of the council.
  • It is not required to be an employee of the VA to be on the council.
  • If an employee of the VA is elected, they will be allowed to spend the time needed to attend the meetings as part of their VA duties.
  • The council should not be a full-time position, but should come with a generous stipend, something like 50k a year, so that someone could decide to do it full-time if they wanted to.
  • The council should report directly to congress (March 2011) as well as to the CTO/CIO of the VA.
  • Congress should commit to not interfere with the councils decisions for ten years. At the end of the first decade, congress should decide to either disband, or permanently endorse the council.

Why these rules? The idea is to create a council that would be actually capable of running a software project as complex as VistA. The council should be made of people who are respected by 1. The people who originally fought for VistA or 2. The local VistA users. In short, they should be community elected, rather than bureaucrats or politicians. Their positions should be funded well-enough that they would not need to worry about how to pay for things, but not so well-funded that people would pursue the roles just for the funding. They should have long tenures, in order to isolate them from fear of reprisals for controversial decisions, and to ensure that long-term vision is achieved. Both VA employees and those who are not with the VA (like retired underground railroad members) should be eligible for the role of council member.

The million dollars should be used to create quarterly meetings that are attended by the council and by those that they appoint as custodians of particular systems. This will give the opportunity for the council to imitate what has worked for the Apache Foundation or the Mozilla Foundation which are the most complex and successful projects currently run by council. (Rather than benevolent dictator)

This proposal is basically a way to put the underground railroad formally back in charge, with a mechanism for introducing new blood and new ideas. In short, this is a proposal to create an “above ground railroad”.

Anyone should see that the council that I am proposing has parallels with WorldVistA. (Added March 2001) Since the writing I have discovered that WorldVistA has no mechanism to replace or change board members at all. The organization suffers as a result, and is no way suited to take this role.



Credit where it is due

I use this forum to grip quite a bit. When someone does something silly or stupid, I do not hesitate to blast them. It is only fitting that when someone does something right, they get equal time for praise.

Skip McGaughey and his new group the Open Health Tools seem to qualify. Here is what they have done right:

  • They have some of the most important players already committed to the movement, including Eclipse, IBM, Red Hat and the VA.
  • They are posting the minutes to their meetings on the web, demonstrating a commitment to openness.
  • They already have a good FAQ which is complete enough to include some of their thoughts on licensing. Again, openness.
  • They are posting detailed information about their initial project.
  • Skip already has credibility in the community because of his participation within Eclipse community.
  • The particpants in may cases are already releasing substantial health code-bases, so the group has lots of “doers”.

Its not often that I can recommend someone out of the gate, but so far it appears that the Open Health Tools group is firing on all cylinders. They only thing left to do is make new, relevant, and usable code that gets deployed in real clinical environments.

Modern Healthcare interpreted my reaction to the groups announcement as “skeptical“, which I would probably rephrase as “hopeful”. (The problem with generally being skeptical is that even your hope can come across as negative….)

But who cares what I have to say? Dana Blankenhorn already has an interview with Skip McGaughey up, and it is definitely worth a read!!


FUD From Dr Peel

FUD stands for Fear, Uncertainty and Doubt. You should probably take a moment and read the wiki-page, otherwise the rest of this post might be lost on you.

In the United States, FUD seems to be a legitimate marketing strategy for many institutions. Microsoft uses FUD regarding the coverage of their patents on the Linux kernel. SCO used FUD as its last central business strategy. Both the political parties use FUD constantly to target the other party.

It is easy to spot FUD, here is the easy criteria: If the source of potential FUD can be summarized as saying “Given a substantial lack of information about what is actually happening, there remains very good reason to still be terrified about it”

FUD is unpopular with advocates of Free and Open Source Software. Our community values transparency that is the opposite of FUD. Generally our expectation is that the data regarding any kind of problem should be made available for analysis, and then, and only then, should conclusions be made. Our community has the patience to read long contracts, to perform subtle meta level data mining or just to carefully review code for bugs.

Generally, unlike politics, real dialog is favored over mere rhetoric in the FOSS community. Don’t get me wrong, we also enjoy zinging those we disagree with (I am particularly fond of it), but zings are supposed to be fact-based and meaningful. In fact, we have a very handy way to detect when conversations are no longer meaningful and have become purely rhetorical. We call it Godwins law:

“As an online discussion grows longer, the probability of a comparison
involving Nazis or Hitler approaches one.”

Of course, the most important is the implication of the law:

“Godwin’s Law? Isn’t that the law that states that once a discussion
reaches a comparison to Nazis or Hitler, its usefulness is over?”

– Cliff Stoll (“Cuckoo’s Egg” author), ca. 1994

I would like to formally propose that we add Dr. Peels Corollary to Godwin’s law:

“As an online discussion of medical privacy ethics grows longer, the probability of comparison to the Tuskegee Study approaches one.”

Dr. Peel has commented on the announcement that an EMR vendor to share patient data with genetics research firm by calling it the “new Tuskegee.” (update 3-25-08 Joseph Conn conducted an investigation into the research story, that is well worth reading) Here are the problems with that comparison:

The Tuskegee Experiment stands as one of the most blatant disregards for ethics in modern medical history. By comparing this modern data analysis project to the Tuskegee experiment, Dr. Peel has solidly crossed over into FUD Territory. I have heard Dr. Peel speak in person, and I believe that her heart is in the right place. However, by making a comparison to Tuskegee, we are no longer having real discourse about the ethical issues about the case in question, which is obviously quite different from the original Tuskegee experiment.

In the data mining study in question, the patient data is de-identified. Which means that discrimination as a direct result of this study will be very difficult. It also means that the study qualifies for a HIPAA carve-out for de-identified data sharing.

However, there are some very concerning ethical issues in this case which deserve attention.

  • The EHR vendor in question is anonymous, so we cannot really tell who is really participating in this. Knowing which vendor is doing this is a prerequisite for further discussion and thought.
  • It is unclear from the article to what degree patients will have the option opt-out or opt-in, and at what stages this is an option.
  • There is no mention of the algorithm used to do de-identification, so there can be no analysis on the possibility of a correlation attack.
  • The study is covering genetic markers for type II Diabetes, which has a genetic race-related component. Although the current study is unlikely to be “racist,” it could lead to some tests that are used for the purposes of racial discrimination.

Some of these issues are ethical issues surrounding this study in particular. Others, especially the last one, are larger ethical issues faced by the entire medical community. The a real and sobering implications of these ethical implications as it is. It seems to me that by making an unwarranted reference to the Tuskegee Experiments we are moving to far afield from todays facts.
By making a reference to the Tuskegee experiment, Dr. Peel is essentially forcing these issues into a political debate, rather than the subject of further rational discourse. Perhaps I should be thinking about this differently. Perhaps I should be happy that Dr. Peel continues to raise consciousness with old-fashioned Republican/Democrat type politicians regarding issues of patient privacy.

So I leave it to the reader for comment. Is the use of Dr. Peels reference to the Tuskegee experiments in this context appropriate?


HealthVault team responds to security model criticism.

In further evidence that the Microsoft HealthVault team might actually be making good on a move towards real openness. Sean Nolan has addressed some of my criticisms in a post entitled Sharing Data using HealthVault

I have updated the post in question to correct the errors that I had made. However, even with the correction made I still think the HealthVault authorization model has erred too much on the “functional” side. It is worth pointing out that this is a design decision that many programmers would side with Microsoft on. It is a tricky issue: How do you allow for the transfer of ownership of a record without also creating a system that can be easily abused? Microsoft has historically taken the view that functionality comes first, and so they have always released operating systems that are extremely functional, but that hackers inevitably have a field day with. They have done pretty well with the “functionality first” design paradigm. (who am I to argue with the whole Windows install base?)

I will not reply fully to Seans post until I have had the opportunity to study HealthVault more closely and perhaps even ask Sean some very specific questions, however, the most significant thing here is that Microsoft is responding at all. This is awfully quick turn-around for a company that has historically ignored criticism.

I do believe Microsoft is listening.


Google Health vs. HealthVault round 1

Everyone is talking about Googles new PHR offering vs. Microsoft HealthVault. Mostly the talk is drivel. I was able to get a seat at the Press Interview with Google CEO Eric Schmidt at HIMSS and, I kid you not, two reporters asked “Is the data in Google Health covered by HIPAA?” within five minutes of each other. Frankly, not-covered-by-HIPAA is an industry standard for PHRs, and the fact that the question was asked at all is an indication that the press covering this largely have no idea what is going on. (I will talk more about HIPAA and PHRs in a future post.)

Rather than finding drama in all of the wrong places, I wanted to highlight a couple of differences that really are worth paying attention to. I have had the privilege of speaking with the programming leads for both projects extensively, and it is not yet time to give a close blow by blow of where these two system are in comparison to each other. (that will happen after Google Health goes live) I hope that what little technical meat I was able to dig up will be interesting to you.

Privacy Policies:

Google has not published its privacy policy. However, it has historically given great weight to privacy concerns. Most notably take the Google Toolbar privacy notice. It begins “Please read this carefully, it’s not the usual Yada Yada”. It does a fair job of warning a user about the considerably privacy issues surrounding a tool placed directly within a browser. In fact, the sites you browse on the internet is probably as great a privacy concern as any health information you have. If you have any serious health conditions you have probably already searched for them and visited sites with content relevant to that condition. If you use toolbars, the information about where you visited was potentially transmitted back to the author of that toolbar. Google is upfront about this, and gives you an opt-out. This is much better than your average toolbar.

Microsoft’s Privacy Policy is awful. It has language that includes things like: “you give us permission to host your data off-shore”, and “we can change this policy anytime we like”. The current HealthVault privacy policy does nothing to protect a patients privacy from future policy changes within Microsoft. Based on the current language, the privacy policy might as well not exist. I discussed this with the HealthVault team and their response was “boiler-plate language”.

Frankly, the fact that ANY boiler-plate language was included in a privacy policy is a good indication that the thinking at Microsoft Legal is totally backwards. It is currently thinking “What will the market let us get away with” rather than “Hey this is a new moral sphere, if we do the right thing here, maybe the Government(s) will not make our lives completely miserable by over-regulating this industry.”

Privacy Policy Verdict:

Google wins. Without even releasing a Privacy Policy. On a scale of 1-10 Healthvaults scores a -2 which in English translates “hell-no”. That makes Google’s lack of score actually come out ahead.

API Design:

Google Health uses a CCR record wrapped in some of its standard web-service APIs. It would be better if they could have adopted CCD. But they said it was not ready when they started, which is a fair response. Still CCR is already a popular standard and a smart move for Google.

HealthVault has released its own XML specification. While they have promised to promise not to sue the pants of people like me who decide to use those specifications, creating a “new standard” in the healthcare space is regrettable step backwards.

API Design Verdict:

Google wins for respecting current standards.

Security Architecture:
Google is using their authsub system to allow users to provide token based access to other people (care-givers etc) for temporary and limited access.

HealthVault is using a “root” user notion that is transitive. That means that if I trust bob enough to make him a “root” user on my PHR record, then he can do anything with my record. Including passing the root privilege to Jenny, who can pass it to Sam, who can pass it to Ruth who can then do anything with my PHR account. See the problem? While the HealthVault system does allow for finer grain control, there is no concept of passing along “complete control” without also passing along the ability to create other “root” users.

(updated 03-04-08 Sean Nolan from Microsoft has posted a rebuttal to the previous sentence, while the rebuttal does not address my criticisms of a “transitive root” privilege system, it does argue that this design can be considered a feature rather than a flaw)

Security Architecture Verdict:

Obviously Google has time to screw this up before coming out of beta, but it looks like its access control system has been better thought out.

Time to Market Verdict:

Obviously, Microsoft wins here. HealthVault has been out for months. However, if they do not get their act together they will not have any remaining first-mover advantage. Google is obviously making very sharp moves, in fact, maybe their best move was not coming to market before they were ready.

Now that Microsoft has made some FOSS friendly sounds, I will take a closer look at their software. When Google Health is finally released, I will do a complete comparison.


Meeting Dr. Peel

Medsphere, and the Shreeve Tragedy have left me a little jaded. I have little patience for those who threaten the health FOSS community. Believe it or not, I rarely allow my aggression to turn public. I can think of at least 5 friendships with current FOSS community members, that began with rather nasty emails originating from me. Most of these useful harassments never make it into the public eye. The work that Dr. Peel has done with Microsoft around their HealthVault line has been a notable exception. Dr. Peels public endorsement of Microsoft originally shocked me so greatly that I felt I had to publicly respond.

So it was with great anticipation that I was able to hear Dr. Peel speak for the very first time today at HIMSS 08. In her talk, she indirectly addressed many of my criticisms. Lets review some of the “potshots” that I have taken at her, and detail what I heard in her talk about this issues.

Dr. Peel detailed her plans to create a new organization to perform privacy reviews of PHR sourcecode and privacy policies.

Apparently the new certifying organization will not certify PHR systems, without performing a sourcecode review.

Obviously, through the new certifying organization, the “endorsement” of Microsoft would become a formal matter. The endorsement would be withdrawn, if Microsoft started behaving badly.

I wish that I could believe that Dr. Peel started these initiatives in response to my criticisms (it would make me feel very important indeed to know that she was listening), however it is entirely possible that she may have had this plan in her organizations Skunk Works long before I was saying anything.

Here are some further snippets that I found comforting from her presentation.

  • She has claimed that she has not taken any money from Microsoft, she gets her funds from her own network of friends and supporters. (Transparency is good)
  • When I asked about the clause in Microsoft’s privacy policy that specifically gave permission for Microsoft to off-shore data storage, she immediately replied that she thought that was totally unacceptable.
  • While she listed Microsofts Healthvault as a “good” project, she also listed Microsoft on the pages of privacy violators, so she both endorsed and condemned them in the same talk.
  • She talked to me after her talk and was quite friendly

The only thing I could criticize about her talk specifically was her slide about the VA data thefts. She had put a WorldVistA logo on the top of the page, but the data breaches were a problem within the VA, and had nothing to do with WorldVistA. WorldVistA is a private organization that shares an interest in VistA with the VA, but otherwise is not connected with the VA at all, and certainly had nothing to do with the data breaches. In fact WorldVistA has and will continue to improve the overall privacy and security of private installations of VistA. Still, I am probably the only person in the crowd who even noticed this, and I doubt anyone thinks negatively about WorldVistA as the result of her talk.

In short, Dr. Peel is probably going to address the bulk of my complaints. She may have been planning to for months before I said anything.

So this is not a retraction of my attacks against her, but rather a reprieve. (When someone turns around like this a reprieve from criticism is popular within our community). If she continues on this path, I will fully retract my criticisms towards her personally.

Also note, that despite the fact that HealthVault has surprised me recently, it has NOT earned a reprieve yet. That may happen in a following post. There seem to be some changes in the privacy policy, and there has been some movement towards open-ness. HealthVault has invited me to engage them in person and I plan to do that before the conference is over. I am hopeful.


Dr. Janice Honeyman-Buck at HIMSS 08

For those that do not know, I am blogging HIMSS 08 for LinuxMedNews. I will be posting on anything that is relevant to FOSS that happens here. I did not have to wait long. One of the first talks covered the use of FOSS in medical imaging, something that I knew little about until Dr. Janice Honeyman-Buck clued me in.

Here is a shot of myself and the good doctor.

Fred Trotter and Janice Honeyman-Buck at HIMSS 08

HealthVault: becoming un-Microsoft?

What I have read this morning almost made me choke on my cheerios.

Neil Versel (one of the most in-the-loop Health IT journalist I know) turned me on to a blog post from Sean Nolan, that I obviously did not want to miss. The post, aptly titled Opening up the Vault revealed several important claims:

  • Microsoft is releasing a Java wrapper library under the OSI approved Microsoft Public License
  • Microsoft is releasing some .NET code under a read-only license (i.e. not open source)
  • Most importantly Microsoft is releasing the entire HealtVault XML interface specification under the Microsoft Open Specification Promise

I need to research the Microsoft Open Specification Promise, to say the least it appears that there is some confusion as to its legitimacy for FOSS developers. I have “call” into the Software Freedom Law Center, to see what their current evaluation of the promise is. Still the significance of this cannot be underestimated. Sean claims:

“With this information, developers will be able to reimplement the HealthVault service and run their own versions of the system.”

Don’t get me wrong, I trust Microsoft about as far as I can throw them (all of them… at once), but this is definitely a step in the right direction. It will take me some time to sort out just how meaningful a step.

This is a smart time to do this too. There is like a 90% probability that Google will be officially announcing its PHR effort at HIMSS. (Heck its been leaked already) By releasing an API, Microsoft is essentially challenging Google to do the same, and that could mean that hacktivists like myself could build arbitrary bridges between the two (now this is hopeful…) which would mean that Google and Microsoft’s systems would compete on merit rather than most-effective-lock-in.