ClearHealth, the first Open Source EHR Meaningful Use certified

I am happy to report (a little late) that ClearHealth is now the first commercial Open Source EHR product to be meaningful use certified.

This project holds a special place in my heart, since David Uhlman and I started it years ago as next generation PHP-based Open Source EHR. It is theoretically possible that some code that I wrote, all that time ago, has actually carried over into this certified version. A careful analysis of the sourcecode tools would probably reveal that I can take credit for perhaps 5 or even 6 carriage returns, in the current ClearHealth code-base.

In all seriousness, the ClearHealth project has grown by leaps and bounds. The PHP-product from ClearHealth, Inc has leveraged many of the innovations from the WebVistA project. Making it probably one of the most capable and robust web-based EHR systems in existence. Only OpenMRS competes in terms of complexity and scope at this stage. Unless Tolven, OpenEMR, PatientOS etc can get their act together, this certification will set ClearHealth aside as the “one project to rule them” in this space.

More importantly, ClearHealth is not ignoring the needs of its community users. They are developing a path to self-certification for ClearHealth users who rely on the community edition of the product. Pretty amazing stuff.


Direct gathers steam

Recently, the AAFP and Surescripts announced Physicians Direct, a secure messaging service for providers.  But neither the article nor the signup page for Physicians Direct detail the most critical single issue regarding the service. This is a very large deployment of the Direct Project. This is by far the most important part of the story, but it is buried deep with the FAQs.

That means that the service is compatible with other large adopters of the Direct Protocol. Most notably, HealthVault has just launched a beta deployment of Direct.
Think of the implications of this. One of the largest PHR providers in the country is on the network, one of the largest network of doctors is on this network.

We are watching the birth of the Health Internet.. its is truly wonderful to be involved in this work.

When I tell my grandkids what I did with my life, I hope the links to my early posts on the Security and Trust Working Group of the Direct Project are still up. “I was part of that from the beginning” I will say… My previous plan was to tell them that I invented bubble-gum ice cream, and then enjoy basking in their amazed adoration, until they discovered that Grampa’s stories are “unreliable”.

This will work out much better.

This is also a tremendous step for Surescripts away from being a proprietary network provider. For those who are unfamiliar with Health IT, Surescripts has a monopoly in e-prescribing after buying out its only competitor several years ago. If you e-prescribe in the United States, there is a 99% chance that the data cross the Surescripts network. Surescripts is free to use for Doctors, but the pharmacies pay for the privilege. But that business model will die as the Health Internet grows. Once the pharmacies realize that you can use the Health Internet to exchange prescriptions rather than the expensive Surescripts network, that business will dry up quickly. Moving into the Health Internet provider business is the only chance Surescripts has at long term survival. This is a very smart move for them.

Of course, this also has implications for meaningful use. Providers can use this exchange network, without making an expensive investment in EHR technology, and still qualify for part of the meaningful use dollars. $15 a month might seem expensive for glorified email, buts a whole lot cheaper than an EHR.


Thinking about commitment contracts

Commitment contracts are a way of limiting and shaping your own behavior.

If you know that your “future self” (a useful Behavioral Economics concept) is going to be weak willed, you can make a commitment that limits your future behavior to do the “right” thing.

The classic example that everyone always uses of this is of Odysseus and the Sirens. Odysseus has himself tied to the mast of the ship by his men, so that he will not be able succumb to the siren’s song.

I think commitment contracts are probably the single most important tool we have in hacking our own motivations. Currently you can make commitment contracts through, but I have been thinking carefully about how to make commitment contracts into something that you can access in code.

I think this is going to be a central theme moving forward with the Programmable Self concept, so you can look forward to many more posts about it.


Welcome to Programmable Self

So I have decided to start blogging about “programmable self”. For that reason, I will be re-publishing the programmable self category from on

Programmable self is a merger of two sets of concepts, quantified-self which is the use of technology to get accurate data about yourself, and behavioral economics/psychology which deals with motivation and behavior.

The concept is pretty simple. The same way that quantters (people who track themselves, using quantified self methods) use software to track data about themselves, you can also automate certain aspects of motivation.

This is really important, because for the most difficult life change issues, the problem is not knowledge, but motivation. Using quantified self, a motivated person can perform better. But the problem is how to become a motivated person? The really difficult things to change about ourselves come with tremendous intrinsic motivators. Overeating, anything to do with sex, alcoholism, drug addiction, gambling or any combination of the above have tangible, pleasurable outcomes. Orgasms are pretty amazing experiences, and if we want to change behaviors like condom use, we need to delve deeply into changing motivations.

Before I get started blogging, I should probably acknowledge that many of the concepts that I will be discussing are either inspired by, borrowed from or criticisms of the work of several behavioral economists.

Moreover, I am not the first person to attempt to harness these ideas in software. is the first major web application that enables online commitment contracts, which I believe are a fundamental tool for programmable self. Further, the book Carrots and Sticks: Unlock the Power of Incentives to Get Things Done , by Ian Ayers one of the founders of Stickk, is probably the best summary of the relevant work in behavioral economics that I have read. I have not yet read The $500 Diet: Weight Loss for People Who Are Committed to Change (Kindle Edition) but it probably worth reading too. I am a user and it is effective. Most of my efforts blogging here will be centered around how to go beyond the functionality that offers.

To start with, most of what I say here will only be consumable by quantters, programmers and hackers like myself. Eventually some of the concepts that I am dealing with here should become available to “regular” users!


Patient Centered Health Internet

I have recently been approached by several policy people who are interested in ensuring that the consumer/patient is at the center of the coming Health Internet.

Through my work at the Cautious Patient Foundation, I have become pretty obsessed about only working on patient-centered and patient-empowering technologies. I often work on software for doctors, but only when it happens to also empower patients.

For that reason, I have chosen to donate time to the Direct Project. I was one of the more active members of the Security and Trust working group, and what I am about to describe relies heavily on the trust model that I advocated for (along with Sean Nolan, from Microsoft… strange bedfellows… I know…).

I believe that any consumer advocate should be helping to ensure that state and regional HIE efforts, as well as the RECs are fully informed about the basic implications of the Direct Project. They need to understand what their role is… or more precisely what their role is not.

I argue that the Direct exchange model is fundamentally empowering in a way that the IHE model is not… yet. To understand why you have to look carefully at the basic routing models of the two systems. Lets imagine that I change doctors from current doctor, in Houston, to a new doctor in Arizona. If I were to transfer my files using the IHE NW-HIN this is how it would look:

How health documents travel over the IHE NW-HIN
How health documents travel over the IHE NW-HIN

Each little blue hexagon is an organization that believes that it is determining the trust, privacy and interoperability policies for its constituent members.

See the problem? In order for there to be a path between health provider A and health provider B a pretty large number of trust relationships will need to be in place, and everyone has to agree. In the short term, that is a pipe-dream. IHE requires complex routing with lots of very specific decisions at each “blue” point. The organizations that are in charge of making these decisions currently have no idea how to implement their policies in either IHE or Direct protocols. For the most part, the deciders just dribble on about trust relationships and policy decisions without any clear understanding of the technologies that will implement those features. Further, the IHE technology is a complex protocol, and sometimes complex routing decisions will not be possible in initial generations of the technology and/or protocol.

There are good reasons for this architecture. It can work, entirely in the background, without the patient (you) having to initiate are request. This is pretty good if you are showing up unconscious in the new city… Your records will just magically appear in the ER from the network. But what happens when Planned Parenthood has records for your and a Catholic Charity Clinic is making a data request to the network for you? Those kinds of tremendously complex issues are all handled -inside- the IHE protocol and its open source implementation the CONNECT project.

Now lets consider how this health record process would occur on the Direct Exchange:

How a health record moves across the Direct Exchange
How a health record moves across the Direct Exchange

Ok its worth taking some time to explain this. The Direct project is specifically designed to handle point-to-point trust relationships for Health Information exchange. From the Direct Project Security Overview (I actually wrote this part):

In the same way that clinicians currently do not assume that it is safe to fax protected health information to anyone with a fax number, or mail PHI to anyone with a post office address, Direct Project users should not assume that it is safe to send messages to any Direct Project address. Direct Project users will need to establish real-world trust relationships with other Direct Project users on their own terms, but once they have established this real-world trust, they can be sure that a Direct Project network will securely deliver Direct Project messages to the trusted Direct Project user.

So the “old doctor” needs to configure his EHR to trust my PHR. I need to configure my PHR to trust his EHR. Once that trust has been established, I can securely receive a copy of my records knowing that there are no untrusted intermediaries. The “privacy and security” policies need to be agreed upon only by me and my doctor.

Similarly the “new doctor” and I need to establish a trust relationship. Once this happens I can forward a copy of my records.

So what does this have to do with patient empowerment and consumer-focus? In my mind, everything.

  1. No one but me and my doctor need to agree regarding privacy and trust. Once the doctor is sure I am really “Fred Trotter” he can transfer anything he wants directly to me.
  2. The old doctor and the new doctor do not need to trust each other. The both need to trust me.
  3. I do not need any third-party permission to send data to and from my doctor. If I want to setup my withings scale to pump my daily weight measurements into my doctors EHR… I can do that.
  4. My PHR is a peer on the Direct Exchange network. The model is PHR-centric and is therefore patient-centric.

In the Direct Model, the patient can literally the center of the transfer. If the “old doctor” and the “new doctor” have a trust relationship, they can directly exchange information about me. But they do not -need- to have a trust relationship for the network to function.

Eventually, the IHE-based Health Internet will support patients as equals on the Health Internet. Eventually, the routing between different IHE nodes will be more direct, and then the benefits of IHE might begin to outweigh the benefits of the simple Direct Exchange.But for now, the Direct model empowers the patient in ways the IHE model could never hope to.

So what does that mean for policy makers? For whatever reason, every time I study a local, regional or state HIE effort, they all seem to be pushing the top-down HIE model. There are many things that a local HIE exchange could do to facilitate a Direct Exchange model, but for whatever reason, I do not see Direct being discussed by the RECs or by the local exchanges. I can understand why. In the Direct model, the task of a local exchange is to facilitate trust relationships and then get out of the way. The local exchange never gets to have a local copy of the patient data or even to see the patient record go by on its way somewhere else. They are much much less important under the Direct exchange model, and in fact, a Direct Exchange can happen without the cooperation or facilitation of any “HIE organization” or REC. This is much much closer to the distributed peer-to-peer nature of the Internet, and those involved with the Direct Project believe that in the end, it will be substantively easier for organizations to use than a IHE-based local HIE.

The Direct project is backed heavily by Microsoft Healthvault and members of the Google Health team are now participating as well. Those are the two dominant commercial PHR systems available. I believe both of them are just waiting for something like the Direct Protocol to blossom into really useful tools. Both of these tools have solid consumer-facing options available today.

At every level, organizations are deciding whether to invest in Direct or IHE-based exchange. At this point, I believe the only viable option is for a local exchange to either support Direct only, or both Direct and IHE. IHE is simply going to be too heavy weight for early adoption. Eventually, IHE may become dominate but for now Direct is much simpler, and puts the patient right in the center of everything. If you are a policy maker, you should be asking anyone involved with an HIE process to detail what their Direct-strategy is. If any effort is ignoring Direct and going with IHE-only I would lay odds that they will be broke and defunct before the decade is out.

Moreover, an IHE-only strategy is going to exclude direct participation from patients at this stage. If you care about patient empowerment, I recommend that you advocate for the Direct project at every level, including in your local HIE and REC.


Fred Trotter

(Update 2-16-2011) Keith Boone, a collaborator of mine on the Direct Security and Trust working group, and one of the architects of IHE points out in the comments below that there is nothing in the IHE protocol itself that dictates that it should be used in this fashion. He is partly correct about that. The protocol itself indeed has nothing inside of it that dictates this design over another. However, the inherent complexity of the protocol does means that when IHE happens, it will happen in a “centralized” manner. There is no other way for any given community to accomplish IHE, other than to pool resources. That pooling of resources ends up meaning that the IHE chart I drew is inevitable initially, but as IHE competence spreads it might become more peer to peer. In any case it hardly matters ‘why’ the tree structure I diagrammed is happening… it -is- happening. Every HIE I am aware of, other than Direct-based efforts, are presuming this tree model. It is certainly what is happening in Texas.

A patient by any other name

Recently two communities have been discussing a pretty basic question. What should we call the artist formerly known as “patient”?

The two communities are the e-patient community and the “patients” in the patient safety movement, specifically those that met at the last IHI meeting.

But why would we want to call patients anything other than “patients”?
The word patient has some negative connotations. Indeed, the Websters dictionary entry has exactly two definitions of the word patient as a noun.

1 a : an individual awaiting or under medical care and treatment
b : the recipient of any of various personal services
2 : one that is acted upon

It does indeed seem that a historical definition of the word directly implies passiveness. The second definition is particularly problematic, but even the notion that a patient is one that “waits” for care in the first definition is contrary to the participatory and proactive ideals of both of these groups.

But we should not pretend. “Patients” are in fact very often passive.
If we define the leaders of these communities as “fully engaged patients” then what is typical in “patients” is not merely “not fully engaged” but “not at all engaged”.  Paternalism in medicine is not just a problem in the attitudes of doctors, but for many “patients” as well. In fact the word “patient”, with its passive context,  is probably the right meaning for most people.

So both of these communities have been talking about two problems here at once, and conflating them frequently.

First we have a problem that patients are frequently passive and even when they are engaged they are not effective because they are not typically well-equipped. This problem can be summarized as “Lack of patient engagement”.

But then we also have the problem of how to describe a person who is successfully taking a proactive, engaged and effective role in their own healthcare.

I think it is a mistake to conflate these problems. If we are going to be asking doctors to change their behaviors and/or perspectives we need to be clear whether we are asking them to change the way they relate to a typical patient, even when that patient may be entirely passive, or whether we are asking doctors to recognize that “patients” in our communities are moving beyond the passive role and expect to be treated differently. When we discuss whether we should keep the old name, “patients” or create a new name, we need to be clear if we are talking about something new for everyone, or just those that embrace a new ethos and responsibility. Are we debating a name for “everyone” or a name for “us”?

Given that distinction, we can more clearly discuss the various terms that we are suggesting. Here are some of the alternative words that have come up in our groups:

The term consumers emphasizes that as “patients” we are having an economic transaction. All patients, both passive and proactive are obviously consumers. The notion here is that by referring to market forces and discussing things in business terms, that we might bring competition into play. The fundamental problem with this notion of bringing a market to bear in healthcare is that fair markets only exist when there is information parity. Consumer reports, for instance, serves to provide information parity in the automobile market, as does Kelly Blue Book. Both the relative performance, and the current average price of any automobile are generally known both the buyer and seller of automobiles. But when we talk about patients as consumers, they have dramatically reduced information regarding both the price and the quality of the services that a doctor provides. Do not get me wrong, I think these problems are solvable and as a result the “consumerism” movement within healthcare has value, but it would be silly to simply pretend that by calling a patient a consumer we can ensure that they are actually playing this role in economic terms. So the notion that patients -are- consumers is pretty weak, but the notion that they -should be- consumers is a great idea. The consumers union has important healthcare efforts that should be supported and embraced.

The second term is client. The benefit of this term is that it emphasizes that the person under care is providing payment for care and should be treated with respect as a result. The term client has very different meanings in different professional relationships. We certainly would not equate the relationships  lawyers, prostitutes, hair dressers and mental professional with their “clients”. The word is quite flexible. This can be both a strength and a weakness. Moreover, it is often not strictly true. At least one definition of client is “someone who pays for goods or services” and often the “patient” is not actually the one paying for care. Sometimes parents or children pay, sometimes society or the government pays and at least usually, a third party is actually “payed” by the patient for care, and that third party then pays the clinician. One could argue that many of the woes in our healthcare system are the result from treating insurance companies as the clients to the detriment of both the patients and the doctors.

The term patient 2.0, like health 2.0 refers to the iterative improvement that we have seen in technology. Health 2.0 itself was a controversial term when it was created, both described as being both the application of web 2.0 technologies to healthcare (the Holt definition) and the fundamental rethinking of healthcare itself (the Shreeve definition). Since those debates, both definitions have held up well. If we accept a “Shreeve” style definition of Patient 2.0, then we label our efforts as a natural successor and a fundamental improvement at the same time. Unfortunately many will hear a “Holt” style definition and assume that Patient 2.0 means patients who like to use software, which misses the point entirely.

This problem is shared with the term e-patient. To the initiated the “e” in e-patient stands for “empowered” or perhaps several “e” words like “empowered”/”engaged”/”enabled”/”educated”. But reporters and other bloggers constantly refer to the parallel of “e-mail”, assuming that the “e” means “electronic”. Again the notion that an e-patient is a patient who e-mails misses the point entirely. However, e-patient does have very strong brand, mostly due to its very popular blog and the wonderful white-paper. It is one of the most recognized terms in our larger movement. Empatient has been suggested as a dis-ambiguous improvement on e-patient, one that is not subject to confusion. It also is a play on words with impatient, (which I find delightful, because I am a word-geek).

Patient expert has been suggested as an acknowledgment that patient’s can often be very informed about their disease and conditions. But this term is also controversial; if a patient truly had the required health expertise, then there would often be no need for a doctor. Doctors, as experts, might resent this term, because it makes an implication that is clearly false… that both the doctor and the patients are experts in healthcare. Of course one could argue that the right term should be expert patient. Rather than suggesting that a patient “has healthcare expertise” which might be insulting, this arrangement implies that a person has become an expert, at being a patient. Hopefully this would not be as insulting to doctors and probably be a more accurate description. Of course the problem here is that people might be told “expert patient” and presume that it means “patient expert”.In this same vein a notion of a licensed patient, has been proposed, but it unclear what specifically licensed might mean.

Patient advocate is a term that is well-suited towards those with deep experience being patients, who are engaged with helping others who are being overwhelmed by just becoming patients. This has some overlap with the ‘advocate’ relationship that a lawyer might have.  Patient activist is a good term for those who attempt to speak for larger groups of patients at once.  The problem with these terms is that it very accurately describes certain individuals in our communities, but fails to capture the ethos that we would hope to instill in everyone who receives healthcare.

In the quantified self movement, which overlaps with the n=1 movement, they often refer to themselves as #quants. This movement is focused on collecting data on oneself in order to achieve a deeper understanding of ones own health and wellness.

A clear trend with these terms is that they often represent terms that are 100% appropriate for a specific subset of our overall movement. We need to have people who specifically attempt to be engaged and proactive patients using software, and patients 2.0 is a great term for that. When we are trying to get healthcare to respond to consumer forces, calling patients consumers is appropriate. Sometimes the “e” in e-patient might really refer to a person who want to be fully engaged… by e-mailing his or her doctor. In a shameless plug I argue that the term cautious patient, coined by Dr. Oliver and the subject of my work at the Cautious Patient Foundation is the right term to use when you are discussing patients who are A. fully engaged  B. educated about patient safety and therefore C. able to take steps, as patients, to avoid medical errors.

But all of these alternatives should be compared with efforts to rehabilitate the original term “patient”.

Over time, the meanings of words in any language changes. Perhaps it is simply time to redefine this word. In many cases, this work has already begun. One of my personal favorites is e-patient dave’s catchphrase “Patient is not a third person word” (not sure if he coined this, or merely popularized it… either way, when I say it, I am quoting Dave.)

Perhaps we just need to re-embody the word patient with a new meaning, one that is more compatible with our movement. One way to do that might be to temporarily use a term like true patient, pure patient or real patient ( perhaps a way to take advantage of the fact that this can be an adverb/adjective as well?)

I want to be clear that I have no specific preferences on what term(s) are most appropriate.  I would not have added something to this post if I thought it was ridiculous, and I am trying to summarize and evaluate positions that I have heard others take on these issues. If I have missed something or been to critical to an idea that you favor, leave me a comment and I will update this post if you are convincing.



Update 12/21/2010:

e-patient dave had the following to say in response:

Hey Fred – when I was in college in the Nixon years, my more radical friends often debated the power of language especially during a revolution. I’m no radical compared to them, nor to some of the more intense people I know in the patient movement, but I agree there’s something to it. Revolutions (race, gender, whatever) involve unshackling, and a lot of shackling lives in language.

I’ve always thought there are two changes in a social revolution: the underlying reality and the language we use to discuss life. There’s a period of intense discomfort during which the reality is shifting and the language no longer fits – just like a bad shoe. People start to see themselves (and others) in the new reality, and they say “That old language isn’t me, no sir!” Others say “It *is* me – I’m the NEW [whatever].” Some take over the old words, even the pejoratives, and take ownership in the new world, as some blacks have done with “nigger.” They assert that that signifies real power – “The Man no longer gets to say. We get to say. The language of your dominance no longer applies.”

I don’t mean to sound like an expert on this because I was no expert, just an observer. My point here is that we in the movement ought to be thinking about where we sit, collectively, on the timeline of transition. Many of us are awakening to our power, just as blacks and women did during their revolutions. Perhaps we should track both issues independently: the reality, and what we call – AND what others hear when they hear our words. Because a social revolution’s not complete until the old meaning’s obsolete.

The only point I would disagree with about this is the notion that Dave is “just an observer” on this issue. Some of the things I have heard him say, esp the ‘third person’ thing, have clearly raised my own awareness about how I discuss patients.

Meeting Patient Safety

Today, I met with a tremendous number of patient safety advocates at IHI. My work with Cautious Patient Foundation centers around patient safety. But I have, up until now, not met very many Patient Safety advocates in person.

That all changed today. I was introduced to forty of them at once.

Frankly, it was heart-wrenching. Credentials for patient advocates in the patient safety community are not M.D., or R.N. or PhD.

Credentials read: lost son to MRSA infection, infected with flesh-eating bacteria due to unsafe surgical conditions, child brain-damaged from new-born jaundice, spouse lost to multiple medical errors.

These people have paid dearly for their credentials. It was moving to hear the introductions, and you can share in the experience. Paul Levy (yes that Paul Levy) diligently tweeted about many of the introductions. That is not the only record kept of this morning. Regina Holliday (yes that Regina Holliday) was doing one of her paintings for the morning. I hope to get some more info on this soon!!

Overall it was a humbling experience. I have been with e-patients before, but often, e-patient stories are uplifting, they have both tragedy and triumph. With these e-patients, the triumph is often that they can talk about their loved one coherently without weeping. Almost everyone, (including me) in the room was probably dealing with mild to severe PTSD in one way or another. Most of us were high functioning, but many of us were still very very angry. And when you heard the details, it was hard to say that bitterness or anger were not entirely appropriate. These people are justifiably furious.

I already have 10 new ideas for good software projects.


Direct and CONNECT governance too far from technology


I have just submitted a comment to the HITPC governance working group regarding there process for making governance recommendations to ONC. I make the argument that for the most part, comments from HITPC regarding privacy and security architecture have been largely counter-productive because they fail to account for what the chosen NW-HIN (the artist formerly known as NHIN, shortly to be known as the Health Internet) protocols dictate regarding security and privacy architecture. Here is my comment:

Thank you for your work on this project. As a minor note, I am pretty sure you mean “governance of the nationwide health information -network-” as opposed to just “nationwide health information”. Your link for “how to participate” does not actually have information about how to submit a comment. I must assume that comments to this post is what you mean, because there does not appear to be any other detectable process for commenting here.

I worked on the Security and Trust Working Group for the Direct Project, which forms one of the two approved protocols on the NHIN. I am somewhat informed regarding the other project CONNECT and the IHE protocols it implements.

In the Direct Project Security and Trust working group, we took -great- care to ensure that our work, would not trample the ability of HITPC or ONC to make reasonable (or for that matter unreasonable) decisions about how trust, security and privacy should be made. However, out of necessity, we did have to choose a technology stack and specific protocol configurations in order to get any kind of working system in place. Those decisions were not intended to limit your ability to make policy decisions, except in one important way; to quote the current version of the introduction to our Direct Project Security Overview: “In some cases, these protocols and technologies will come with specific configuration options that will have policy implications and may also present constraints that Direct Project will force on the trust policies of its users.”

In short, we asked that you implement your policy decisions in terms of the technology choices that we made. Most specifically we chose X.509 as a protocol for managing trust relationships. This is the same underlying trust architecture that is implemented in IHE and CONNECT. Rather than honor this basic request, to speak in relevant technological terms, HITPC has largely decided to recommend ‘in the abstract’. HITPC has ignored the fact that the fundamental designs of both Direct and IHE dictate that certain security and policy issues -must- be answered, and renders other issues irrelevant.

For instance, your document asks: ‘When is exchange not considered NW-HIN and, therefore, not subject to NW-HIN governance? ‘ While this may be a relevant question for those under the IHE protocol, the Direct protocol ‘Circle of Trust’ concept supersedes this questions basic premise. Its not the ‘answers’ the question… it just makes it irrelevant. With Circles of Trust participating in the ‘official NW-HIN’ is a fluid concept. Nodes will float freely in and out of any given definition of what ‘official NW-HIN’ means.

However, in your “what to do plans” you note that you expect to: “Establish technical requirements to assure policy and technical interoperability.” With all due respect, that work is largely done, and what little remains will be finished by participants in the Direct and CONNECT projects. Moreover, any ‘governance’ of these issues, that cannot influence the contents of reference implementations of the IHE and Direct protocols is mostly just blowing smoke. ‘policy and technical interoperability’ will be 100% dictated by what the Direct and CONNECT programmers put into those projects. Which means that for any governance body to get ‘policy and technical interoperability’, that body will need to be deeply linked in with the developers of those projects. So far there has been a substantial breakdown between what we the developers have asked for as far as policy guidance and what we have been given. Most of the advice from the Security and Privacy Tiger Team, while well-intentioned, made extremely poor technical assumptions and did not begin to approach the actual issues that we needed to address. For the most part, HITPC discussions of Security and Privacy have been a distraction to those of us actually deciding how things where going to be implemented.

Which brings me to what I think is the really only relevant issue here: Who should be on the governance board for the NW-HIN.

The answer to that question is pretty straight forward to me: You need to have at least one representatives from the Security and Trust developers from each of the two projects. Preferably the people who are actually involved with the implementation of the relevant portions of the code. (which rules me out sadly).

Moreover, -every- other member of the governance body should be well-versed in X-509. This means that it should be made up -entirely- of people who are both technology and policy fluent. If the members of a governance board are uncomfortable discussing revocation lists, and CA chain of trust or cross-certification intelligently, then they do not belong on the governance body for any portion of the NW-HIN. There are enough clinicians, who are capable of meeting those requirements that we have no reason not to expect this level of competence. Moreover, you should fully expect that the governance body will largely ignore your abstract questions and recommendations, and instead focus on those security and privacy issues that bubble up from our protocol choices, and start to ignore those that issues that are largely handled in-protocol.



Please consider liking this comment if you have felt some of the same frustrations.



Kaiser Ontology Interview

To the novice, the term “interoperability” means that two systems can talk.

To the expert, it means that they can understand each other. To much of our current data interchange is “meaning poor”.

To get past that problem, we need to do lots of work with ontologies, which, loosely put, are knowledge dictionaries. Most clinicians in the US have no training in ontologies and their real-world experience is limited to billing ontologies like CPT and ICD. As a result, the value of proper coding is largely lost on the average clinician in the US. ( I wonder how this issue is understood by common clinicians outside the US…)

Those of us who obsess with the future of Health IT recognize that we need to find ways to make Ontologies more productive.

At this year’s health 2.0 conference, I caught up with Dr. John Mattison of Kaiser Permanente to discuss a tremendously important contribution that they are making to the Open Source Health IT community. I have already blogged about this significant ontology development from Kaiser. So I was really pleased to be able to get these kinds of details from the horses mouth. These details include that the license will be the Apache 2.0 license.

Part 1

Part 2

Direct Project Updates

The Direct Project has a new name (formerly NHIN Direct),  a new website and an excellent write up over on O’Reilly Radar called Healthcare communication gets an upgrade.

I am also interested to see that the O’Reilly folks seem to agree with me that this new NHIN thing really should be thought of as a “Health Internet”.

I see so much potential in the NHIN, and I really think it will be a communication revolution in healthcare on par with the original Internet’s communication revolution for.. well… every other industry except healthcare… I am glad to see that they are thinking about it in the same way…