OSCON includes Healthcare

Update: I am speaking at the 2010 OSCON.

I am happy to spread the news that OSCON, probably the most important Open Source conference in the country, will have a healthcare track in 2010.

Andy Oram has explained the decision to add a healthcare track to OSCON.

They have asked me to help promote the conference and I want to be sure that our community offers up the very best in talks and technical content. This is a really good way to access the developer mind-share in the broader Open Source community and we need to jump all over it.

I can honestly say that this conference will be vastly more important than the little shindig I am putting on in Houston. If you had to attend just one of the two, then you should probably go to OSCON… God bless you if you can go to both!!

With a healthcare track at OSCON, and a healthcare track at SCALE (DOHCS) we are finally moving towards general Open Source healthcare meetups.

I should take a moment to promote OpenMRS, CONNECT and WorldVistA all of which have great project-focused meetings already.

Happy days!

-FT

Away from iphone and towards a better platform analogy

As many of you know, the CHIP/Indivo/Harvard guys (who I guess I should call the ITdotHealth guys) wrote an article in the NEJM saying that we needed something like the Iphone app store in Healthcare IT.

I wrote a rebuttal saying that, among other platforms, the Google android platform was a better fit. Frankly, I thought that would be the end of it. Most of the time I write a blog post, I get some hits, and maybe a comment if I am lucky. But mentioning the iphone is great for getting attention. Apparently, just saying the word iphone brought the readers out of the wood work. iphone iphone iphone <- (just to be sure…).

More than just getting some good comments I have just realized that Ben Adida (check out my blog roll) wrote a Knol that touched on my criticisms and argues convincingly that there needs to be some balance between openness and safety.

Though it is clear that Apple’s regulation of the iPhone apps market has gone far beyond malware prevention, the goalof malware prevention is certainly reasonable.

I think he is right on, and I look forward to talking about it with him in person tomorrow. I think now, the night before the conference, it might be a good time to drop my thoughts about what platform analogy would really be the best to reference as we move forward. I also take a moment towards the end of the post to concede some of the things that Apple really got right, since I do try to be fair.

If I had to pick one thing that best embodies the 10 principles that are being targeted here, I would pick yum. Yum is the update manager for Red Hat based operating systems. Here’s why:

  1. Like the iphone app store, it is “substitutable (first of the ten points). You can download like 10 different web browsers on the current Fedora.
  2.  It built its own protocol. RPM was a lower-level standard, and yum was born as a meta-tool on that standard.
  3. Yum allows for multiple platforms. It forms the basis for the software packaging for just about every Red Hat/Fedora based operating systems, of which there are several.
  4. The API for yum is open, which is what lets things like yumex happen.
  5. The programs installed by yum never have direct control over yum (unless that is the point of the program, and that is what the user wants to do).
  6. Application install is as pointy-clicky and as user friendly as it gets BUT you do not lose the power of command line script-ability. Talk about walking the fine line!!
  7. Separation between the copyright/patent/trademark of applications and the platform is totally there! You can point your yum to a proprietary repository, for instance to download Adobe flash… no problem.
  8. Unfortunately it does not make any sense to say that you can remove everything from yum and still have a platform. So I guess it strikes out on that one. Of course, I am not sure why the platform itself should -not- be considered a package on the platform… Ill have to ask about that tomorrow…
  9. Yum is really really efficient. You can update applications very quickly, and you can even install a special yum module that will find the fastest download servers, ensuring the best experience for downloads.
  10. The certification is as minimal as can be. The packages -can- (not required to be) signed by the people who set up a repository, and you simply do or do no trust that signature.

Someone will point out, someday, in comments that apt-get is just as good and does all the same things. To that future commenter I fully admit that you are 100% correct. I am a long time Red Hat guy and I am letting my colors show, for the record I am trying Ubuntu on my desktop for now….

Now let me point out a couple of cool things about yum that are not on the “big ten” but that I think are worth emulating:

  1. Yum is actually an upgrade to a previous platform, Yup. Yup was good, but users forked it and made it much better… then the original yup developers adopted yum. That’s the virtuous cycle of Open Source in action if I have ever seen it.
  2. Yum handles “trust” in the system, by getting out of the way. A “default” repository is trusted to get the system off the ground. But you can “trust” other repositories to get upgrade versions of the software you are currently using, to get substitutionsfor the programs you were currently using, or to get new software that is found nowhere else. It automatically find the balance betwen openness and security. Users make the decision about how to trust, and the system does not auto-branch beyond those decisions.
  3. Although yum violates principle 8,  you get the benefits of being able to use the platform to upgrade the platform. You can upgrade a late-generation yum operating system while it is running.
  4. The yum platform was central making a larger community effort. Remember when Red Hat stopped doing Red Hat Linux, instead creating the Fedora project and RHEL? Fedora existed before that, as a high-quality repository of Red Hat packages! yum was an important new feature of Fedora Core 1. The yum platform helped move the whole community forward.

So I think the yum project and the way that Red Hat made into a software distribution network is a pretty good model to follow.

Even I, however, get why they original authors chose to use the iphone as an analogy. Not assuming that these points are original, I want to point out some things that Apple did right, that other systems have failed at.

  1. Apple enforced simplicity. They refused to allow programs to run in the background. They refused to allow many other things that a developer for Windows CE might have expected. They made the core interface as simple as possible. They even excluded cut and paste initially to make the system simpler. Apple put these restraints in place because by making the applications simpler, they made the user experience vastly more intuitive.  I have used countless “modular” or “substitutable” platforms that miss this.  It is the platforms responsibility to protect the overall user experience, -not- the application developers. That means knowing when to say no. Ignore this one at your peril.
  2. Apple built a meritocracy at the level of the end user. When you see an application on the iphone that has been used by 5000 users, and they have all rated it 5 stars, you can be pretty sure it is good. That rating stands front and center in the platform, and more importantly, the platform itself constantly promotes and rewards its star performers. On other modular systems, I usually spend a lot of time trying to sort out what modules are reliable. The Firefox module system has also done a good job of this.
  3. Despite its habit of blessing particular development groups with special privileges, Apple also made it easy for the individual developer to become a super star on the platform. It did that by giving people pretty substantial development tools and a robust development environment.  If you want to get rock star developers you have to give them their version of the red carpet. That means awesome documentation, video tutorials and lots and lots of working examples.

I figured I would jot down these thoughts before the conference, so that I can have the most fun while there. Apparently, some of these people are actually reading this… so its a very efficient way of making points as opposed to taking the whole conference to dinner with a Fred-monologue.

-FT

Securing health applications with CACert.org

Still trying to recover from the conference last weekend.

OpenEMR was out in force at the conference and we had some interesting discussions about the best way to make php applications more secure. The following code is in php but the theory applies to any electronic health record. The wonderful thing about this method is that Apache does all of the heavy lifting for you.


Of course, none of this works without an apache configuration!!



# another fine way to enforce https only.

        ServerName example.com:80
        AddType application/x-httpd-php .php .phtml .php3
        DocumentRoot "/var/www/html/example/"

        
        #The following rewrite just forces everything to https!!!
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        




        ServerName example.com:443
        DocumentRoot /var/www/html/example

        # Standard stuff
        ErrorLog logs/ssl_error_log
        TransferLog logs/ssl_access_log
        LogLevel warn
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLOptions +StdEnvVars
        SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request_log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	# end standard stuff

 
	# the certificate that CACert.org has signed...
        SSLCertificateFile /etc/pki/tls/certs/example.com.crt
	# my super secret private key
        SSLCertificateKeyFile /etc/pki/tls/private/example.com.key

	# not that I can use the directory command to protect a single file!!
        
                # requries a client certificate
                SSLVerifyClient require
                SSLVerifyDepth 2
                # in order to validate the client certificates I need to have 
                # a copy of the CAcert.org root certificate
                SSLCACertificateFile /etc/pki/tls/certs/cacert.crt
                SSLOptions +StdEnvVars
        
                                                                                                                                                                                   1,9           Top


ICW and Open eHealth at HIMSS 09

At this years HIMSS the Connect project kind of stole the spotlight. However, I think it is also important to remember the work of the Open eHealth Foundation which has been steadily progressing since it was announced a HIMSS 08.

One of the most important members of the eHealth Foundation group is ICW, who sent me a summary of the current Open eHealth progress. Here is another link to regarding the new eHealth Framework.

-FT

MOSS Misys Open Source Solutions

MOSS (Misys Open Source Solutions) has come into it’s own as a force both within FOSS and within it’s chosen domain of interoperability.

MOSS is led by Tim Elwell and Alesha Adamson, they could often be found at the interoperability showcase where they performed as one of the few PIX/PDQ services.

At this conference especially Tim was instrumental in helping the FOSS community communicate it’s concerns to CCHIT. This speaks volumes about the transition of Misys as an suspect outsider to not merely acceptance as a legitimate FOSS community member but a leadership role within health IT FOSS. .

The MOSS implementation is probably the most mature available under a FOSS license, and will soon be in the running for the title of best under any license. I can say that if they are overtaken it will only be another FOSS project that could catch them and there are several good projects who might.

Probably the most significant evidence of this dominate role was the muted announcement by the CCHIT Laika project that the MOSS project, along with Mirth, was selected as one of the testing tools for coming interoperability tests.

MOSS is also formalizing it’s offering for those organizations who are attempting to do serious clinical data interchange. I regularly use Alesha for informal sanity checks for my own HIE ideas, and every time I do I regret that we do not have the budget to bring MOSS in to provide a more formal structure. Compared to other HIEs I usually feel efficient but when I hear about the MOSS offerings I feel like I am doing all of the right things but flying by the seat of my pants.

Hopefully I will get Tim to let me replicate some of the graphics from his handout about the MOSS CobIT-based offering..  and here it is!! MOSS HIMSS 09 handout…

In the meantime here is a shot of Alesha at the Allscripts booth at the interoperability showcase.

HIMSS09 day 2: Kolonder on Health IT

Dr. Robert Kolodner is not only the outgoing National Coordinator but a card carrying member of the underground railroad. He is a founding father of VA VistA. He intimately understands what VistA is and where it came from and the implications thereof.

His talk is generally about how he plans on extending the VA quality. Some stream of consciousness notes follow (thank goodness that bloggers can do without content editors. No editor I have ever worked with would tolerate this complete lack of transition)

In is view the stimulus act serves as “seed” for health it bird tossers.The idea is that throwing a bird in the direction you want to go does not work very well, instead you have to let them go… and seed where you want them to end up. (Does anyone have a good link explaining this analogy?)

What is “meaningful use”? There will be political pressure for the government to make this as low a bar as possible.

His insight is that Health IT needs an “apache” to enable a health it revolution the same way the “apache” project enabled the web revolution.

That is his implied vision for the connect project. The connect project will be a major FOSS development here at HIMSS09. More on that soon.

For now enjoy the snapshot of Kolodner starting to be swarmed after his talk…

We need a conference

So I am going to run a conference. I figured this was about as bad a time as I could pick, since no one has any travel budget, and people are getting laid off left and right! However, I have been wanting to do this for long enough that I have decided to something about it.

So why a conference? Here are my thoughts.

  • Free and Open Source in Healthcare has come into its own.
  • Serious players like DSS, e-MDs and Misys are now taking a hybrid FOSS/proprietary approach.
  • Pure plays like ClearHealth and Medsphere are kicking butt and taking names.
  • Grant writers are starting to favor Open Source in their grant applications
  • Huge policy decisions are being made by law makers regarding Health IT, some proposals, most notably Stark’s, strongly favor open source software.
  • Mature Open Source efforts are impacting every aspect of Health IT, including EHR, Bio-Informatics, HIE, Imaging, PHR, etc, etc…
  • Despite having many mature projects we are still operating as a dispersed community.

I have the privilege of being known, and at least a little respected by members of several of the most important FOSS Healthcare projects. Projects like:

  • Tolven
  • Medsphere
  • ClearHealth
  • Mirth
  • WorldVistA
  • OpenEMR
  • OSCAR
  • Misys HIE projects

In fact, I am probably one of the most well-connected people in FOSS healthcare. I think part of the reason is that after I left ClearHealth as project manager, I decided not to start another codebase. I also think that as the original developer of FreeB (a library rather than a standalone project), I have some credibility as a contributor to the movement generally, rather than being loyal to a particular project or group.  Thats fine by me. It also puts me in a really good position to highlight the competition between the projects! I win no matter which project comes out on top! But while competition is healthy, FOSS is also about collaboration, and we do not have enough of it.

Healthcare IT is, probably even more than IT generally, an ecosystem. We need software to do hundreds of very different tasks, and that means tens of thousands of programmers all need to be working in some kind of coordinated manner. There are several areas where collaboration in Health IT is critical:

  • Interoperability
  • Web Services
  • Service Oriented Architecture
  • Library-ization of critical functionality
  • Good ideas moving between projects

My own project, FreeB, was one of the first Health IT specific FOSS project to be useful to several other FOSS projects. Now Mirth, from Webreach, has taken the title of “most helpful project for other projects”. We need more of this kind of cross-project code, that other people can rely on and build on.

Meeting together gives us common direction, allows us to reduce duplication of effort, and is generally fun. I would love it if I could abandon projects because better stuff that I did not know about was out there! The projects listed above are doing really well and almost all of them have communities that they are building! But I get a call every month from a legitimate project or a new effort from a standing project that says “How do we build community”. I am also humbled by new projects taking on different problems (Like Trisano) or by companies that seem to “get it” out of the blue and take the plung into FOSS (like DSS)

WorldVista and OpenMRS are the only two projects that I know of that are large enough and successful enough to have their own community meetings. Both of these communities rave about the level of progress that is made during large community meetings. I have been to the WorldVistA meetings and they are a tremendous amount of fun! One of my personal goals in life is to one day attend an OpenMRS meeting in Africa or South America!

But other projects are too small to make a community meeting worthwhile. You have to rent the space, sort out the food, sell tickets, provide t-shirts… It is daunting to do a community meeting and it is not worth the effort if only 5 people from your project can make it.  The problem is that it takes meetings to jump-start community and community to make meeting worthwhile.

So I am starting a conference, which I hope will at least be held yearly,  that will do three things.

  • Provide one-stop shopping for people interested in using, developing, selling or buying FOSS software in healthcare.
  • Provide a place where projects meet, compete and collaborate.
  • Provide a place where projects of any size can hold face-to-face community/development meetings without worrying about the details.

With that in mind I am happy to announce FOSS in Healthcare. This conference will be held in the Summer of 09 (July 31 – Aug 2) in Houston T.X. Click here to register.

There are two big issues I need to address:

1. I need to know how many people are coming so that I can escalate my facilities if I need to and 2. I need to make this conference affordable to the individual FOSS enthusiast.

With that in mind, we are offering 1 month of early-bird registration at $60 a person.  After that the fee goes to $250 per ticket. Basically, that means that if you register now, the sponsers (contact me if you want to be one) will be paying your way, but if you wait… its all on you!!

I might offer some kind of middle ground like $120 per ticket the month after the $60 deal runs out… but there are no guarentees. I can promise you that $60 a ticket is as cheap as it gets.

Please drop me a comment about what you would like from a FOSS Health IT conference! At this stage I might be able to accomidate a really good idea!!

-FT

Wikipedia weak on drug information

Reuters is covering the news that Wikipedia is missing critical information about medicines that it covers. Specifically the following results were found:

(researchers) found few factual errors in their evaluation of Wikipedia entries on 80 drugs. But these entries were often missing important information,

and

The researchers compared Wikipedia to Medscape Drug Reference (MDR), a peer-reviewed, free site, by looking for answers to 80 different questions covering eight categories of drug information, for example adverse drug events, dosages, and mechanism of action. While MDR provided answers to 82.5 percent of the questions, Wikipedia could only answer 40 percent.

This is an interesting result. The strength of wikipedia has long been it comprehensiveness. You could find reasonably reliable information there on relatively obscure subjects. The weakness of wikipedia, alternatively, has been its accuracy. So while you might be able to find information on attempts to recreate extinct species, the article might be innacurate in unpredictable ways.

There has been a movement within the wikipedia community to improve the overall quality of the articles. This has resulted in many articles being deleted because they are written in a loose, unreferences style that would have been tolerated in earlier versions of the site.

Apparently, for drug information, the issue is not accuracy, but a lack of comprehensive information.

This has implications for those of us who are intersted in using collaborative, social approaches to Health Information. Depending on what you mean by Health 2.0, this may have important implications for that movement.

Of course, I have to wonder: how do you code around this type of problem?

-FT

Should CCHIT survive?

The incomparable Joseph Conn has an article up about the potential fate of CCHIT under the Obama administration.

I do not believe that it should be refunded under its current form. For several reasons.

Some quotes from Josephs article to support my position:

“I bet we’ve spent a quarter of a million dollars in development costs just to get around the functionality that is being forced into the system,” Oates (Randall Oates is a physician who is founder and president of SoapWare) said. He argues that more than half of the functionality CCHIT requires could be moved out of the core system requirements into extensions.

Oates said that to make EHR systems usable, they have to be tailored “to make them suitable to the various niches in healthcare,” Oates said. “You can’t have one-size-fits-all. Things that could be straightforward and easy have to be bloated and cumbersome. It really has hurt the progress for adoption.”

SoapWare is famous for a reasonably priced low-end EHR for small practices. I wish it were open source but it does target practices that are largely ignored by the big vendors.

I have documented the story of AcerMed, a CCHIT certified EHR that had to close its doors because of a lawsuit.  I should note that Dr. Valdes of LinuxMedNews, has also criticized CCHIT.

CCHIT, rather than creating a “seal of approval” is a millstone around the neck of the HIT industry. It is totally incompatible with the concept of low-cost/high-quality EHRs. Rather it increases costs and in some cases decreases quality.

Something needs to be done.

-FT

HIMSS a lobby for proprietary Health IT vendors

Today, I recieved a letter in my mailbox regarding HIMSS take on the recent legislation proposed by Stark.

HIMSS Stephen Lieber and Charles E. Christian, president and chairman of HIMSS respectively, write:

 However, HIMSS believes the legislation has negative consequences, including discounting the current efforts of “AHIC 2.0” and the development of an open source “health information technology system” by the federal government.  Specifically, HIMSS has concerns with the following provisions in this legislation:

(other stuff)

Development of an open-source “health information technology system” through the auspices of the ONC: The legislation directs the National Coordinator to provide for coordinating the development, routine updating, and provision of an open source “health information technology system” that is either new or based on an open source health information technology system, such as open source VistA. The system is to be made available to providers for a nominal fee.

The private sector makes significant investments in research and development for healthcare IT products. Healthcare IT is available via a competitive market in which vendors compete on the basis of price, quality, and functionality of a product. The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government and such product development should remain in the private sector.

First of all, I do not think the Federal Government should support just *one* open source EHR system, and you really cannot guarentee a fee for Libre/Open Source software.

But the spirit of Starks proposal is right-on and it is time to do something about HIMSS.

HIMSS is anti-Open Source and pro-propretary software. They allow us “Open Source” guys to give talks and even have working groups because they would be violating their charter if they did not. But they do not like us. They are terrified of us, and they should be. HIMSS lives off of the fat in Healthcare IT. Mature proprietary EHR systems have been around for decades, and they still have 5%-15% penetration. Why? They are too expensive and too risky. The doctors recognized that the vendor lock-in that they painfully experienced with Practice/Hospital  Management systems would be much worse with EHRs, and they have no intention of taking out extra mortages to make that happen.

HIMSS charges proprietary vendors obscene amounts of money for space at the their conferences. Open Source vendors cannot afford it to go, because they are service companies who cannot charge for products. Medsphere is the only all-FOSS company that had a booth last year, and they only reason why they can do this is because they have VC funding. The other top vendor, ClearHealth, has so-far not seen the value in buying a booth.

Even if they did see the value. There is no way that Medsphere, or ClearHealth or any other FOSS vendor is ever going to buy a half-acre plot at HIMSS. To afford that you need to be able to lock-in your customers.

Ahh.. but you want facts to back up my accusation. Ill give you two.

  • First, lets deal with ‘The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government ‘. The Federal government already releases a “open source compatible” EHR: the VA VistA. VistA is really, really good. So good in fact that WorldVistA was able to achieve CCHIT ceritification using it, and a Medsphere client (Midland) is one of only nine HIMSS Stage 6 healthcare facilities in the United States. (yes…. the same HIMSS) The cool thing about the Midland accomplishment? It cost less than any of the other nine stage 6 winners. So apparently, the federal goverment is just as capable of doing this, as anyone else. The private sector is supposed to be competing on “price, quality and functionality” yet VistA is cheaper, better and more functional. Nonetheless, HIMSS is writing letters.
  • Second, the HIMSS EHR vendor association is proprietary-only. Take a look at the requirements to join EHRVA. For those who do not want to read a pdf, I will record the relevant section here:

The HIMSS Electronic Health Record (EHR) Association chartered this effort to ensure equal, fair and consistent criteria for Membership into the EHR Association. The EHR Definitional Model includes an operational EHR definition, key attributes, essential requirements to meet attributes, and measures used to assess the extent to which companies design, develop and market their own proprietary Electronic Health Record software application.

HIMSS is not interested in seeing vendor lock-in and the other fundemental problems with proprietary health applications go away, rather they exist solely to perpetuate these problems. HIMSS defines itself as “HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare IT and management systems for the betterment of healthcare.”

In reality, HIMSS in in current form, is just a lobby for the very proprietary vendors who have failed move our nation into the age of digital healthcare information.