Healthcare IT reading list

My Programmable Self Behavior Change Reading list has been one of my most popular posts.

I still think any Health IT expert should be well-versed in behavior change science, since so many healthcare issues boil down to behavior change problems… either for patients or providers or both.

But the other day, I was having drinks during HIMSS with Keith Toussaint, Matt Burton (both Health IT rock stars at Mayo Clinic) and Sulie Anna Tay (a rising star at Cisco). Soon talk turned to “have you read this, have you read that” (you know how those conversations usually play out) and we started creating a “Required Reading List for Health IT”. I forgot about it until today, when I needed to find some references in one of the books… and realized I had left the project undo. So here are my required reading list for Health IT and healthcare reform, in no particular order:

 

I think its important to listen to end of life issues from Alex Drane. And read the same topics from Atul Gawande Letting Go.

 

 

 

I hate to humblebrag so I will just be plain: David Uhlman and I wrote what is probably the most popular book on Health IT, Hacking Healthcare.

 

ePatient HIMSS 2012 Badge

Hi,

I am happy to announce with psuedo-permission from the Society for Participatory Medicine (by which I mean that they have not asked me not to do this) a Twitter badge for HIMSS 2012.

There are a handful of the epatients who are attending this years HIMSS (alas, I am not among them) and they have agreed to play a game to help get to know the e-patients. Those who complete the game get to have a digital version of the epatient badge for HIMSS12.

The game is simple. Each of the following e-patients have given me a riddle that they will answer for you either over Twitter, or in person. Plus I have given each of the e-patients attending the conference a super secret code word. That means that you have to either figure out the riddle on your own, use the riddle as an excuse to introduce yourself to each epatient over twitter, and you have to find and post a picture of yourself wearing the S4PM badge!

Then I will generate a digital badge for you that you can use on your twitter background, or any you can use in any other website where you can post an image.  The digital badge will have your twitter username written on it, to prove absolutely that you have earned the badge.

This badge will be issued only for people who complete this puzzle during HIMSS. We might issue different epatient badges in the future, but this one will never be issued again. This is truly a once in a lifetime opportunity. Everyone you know will be jealous of the small graphics file that you acquire here. Truly, your completion of this puzzle will be a story that you can relate to your grandchildren (to put them to sleep).

Seriously, this might be a fun way to get to know some new people at HIMSS and to help spark discussions about patient engagement at HIMSS. I wish I could be there in person, but at least I can provide you all with something fun to do while you are there…

You can get the S4PM badges from the Relay Health (#3618) or MedSeek (#1345) booths, or by attending the S4PM Wednesday lunch meetup or one of the following epatient events at HIMSS.

Wednesday – @ReginaHolliday: #Thewalkinggallery meets @ ECollab Forum Wed 2-22 Venetian Sands, Bellini 2102, Level Main/Level 2 6-7:30 pm

Thursday – eCollaboration Forum http://www.himssconference.org/ecollaboration/default.aspx with a variety of speakers, among them: Brian Ahier and e-patient Dave

Thursday – Engaging Consumers in their Digital Healthcare http://www.himssconference.org/Future/default.ASPX with Regina Holliday as keynote speaker

Tweet the picture of yourself wearing the badge for bonus credibility, but all I need is the pictures URL as proof.

To play, all you have to do is complete the form below!

Have a good time!!

Securing health applications with CACert.org

Still trying to recover from the conference last weekend.

OpenEMR was out in force at the conference and we had some interesting discussions about the best way to make php applications more secure. The following code is in php but the theory applies to any electronic health record. The wonderful thing about this method is that Apache does all of the heavy lifting for you.


Of course, none of this works without an apache configuration!!



# another fine way to enforce https only.

        ServerName example.com:80
        AddType application/x-httpd-php .php .phtml .php3
        DocumentRoot "/var/www/html/example/"

        
        #The following rewrite just forces everything to https!!!
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        




        ServerName example.com:443
        DocumentRoot /var/www/html/example

        # Standard stuff
        ErrorLog logs/ssl_error_log
        TransferLog logs/ssl_access_log
        LogLevel warn
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        SSLOptions +StdEnvVars
        SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request_log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	# end standard stuff

 
	# the certificate that CACert.org has signed...
        SSLCertificateFile /etc/pki/tls/certs/example.com.crt
	# my super secret private key
        SSLCertificateKeyFile /etc/pki/tls/private/example.com.key

	# not that I can use the directory command to protect a single file!!
        
                # requries a client certificate
                SSLVerifyClient require
                SSLVerifyDepth 2
                # in order to validate the client certificates I need to have 
                # a copy of the CAcert.org root certificate
                SSLCACertificateFile /etc/pki/tls/certs/cacert.crt
                SSLOptions +StdEnvVars
        
                                                                                                                                                                                   1,9           Top


ICW and Open eHealth at HIMSS 09

At this years HIMSS the Connect project kind of stole the spotlight. However, I think it is also important to remember the work of the Open eHealth Foundation which has been steadily progressing since it was announced a HIMSS 08.

One of the most important members of the eHealth Foundation group is ICW, who sent me a summary of the current Open eHealth progress. Here is another link to regarding the new eHealth Framework.

-FT

MOSS Misys Open Source Solutions

MOSS (Misys Open Source Solutions) has come into it’s own as a force both within FOSS and within it’s chosen domain of interoperability.

MOSS is led by Tim Elwell and Alesha Adamson, they could often be found at the interoperability showcase where they performed as one of the few PIX/PDQ services.

At this conference especially Tim was instrumental in helping the FOSS community communicate it’s concerns to CCHIT. This speaks volumes about the transition of Misys as an suspect outsider to not merely acceptance as a legitimate FOSS community member but a leadership role within health IT FOSS. .

The MOSS implementation is probably the most mature available under a FOSS license, and will soon be in the running for the title of best under any license. I can say that if they are overtaken it will only be another FOSS project that could catch them and there are several good projects who might.

Probably the most significant evidence of this dominate role was the muted announcement by the CCHIT Laika project that the MOSS project, along with Mirth, was selected as one of the testing tools for coming interoperability tests.

MOSS is also formalizing it’s offering for those organizations who are attempting to do serious clinical data interchange. I regularly use Alesha for informal sanity checks for my own HIE ideas, and every time I do I regret that we do not have the budget to bring MOSS in to provide a more formal structure. Compared to other HIEs I usually feel efficient but when I hear about the MOSS offerings I feel like I am doing all of the right things but flying by the seat of my pants.

Hopefully I will get Tim to let me replicate some of the graphics from his handout about the MOSS CobIT-based offering..  and here it is!! MOSS HIMSS 09 handout…

In the meantime here is a shot of Alesha at the Allscripts booth at the interoperability showcase.

HIMSS09 day 2: Kolonder on Health IT

Dr. Robert Kolodner is not only the outgoing National Coordinator but a card carrying member of the underground railroad. He is a founding father of VA VistA. He intimately understands what VistA is and where it came from and the implications thereof.

His talk is generally about how he plans on extending the VA quality. Some stream of consciousness notes follow (thank goodness that bloggers can do without content editors. No editor I have ever worked with would tolerate this complete lack of transition)

In is view the stimulus act serves as “seed” for health it bird tossers.The idea is that throwing a bird in the direction you want to go does not work very well, instead you have to let them go… and seed where you want them to end up. (Does anyone have a good link explaining this analogy?)

What is “meaningful use”? There will be political pressure for the government to make this as low a bar as possible.

His insight is that Health IT needs an “apache” to enable a health it revolution the same way the “apache” project enabled the web revolution.

That is his implied vision for the connect project. The connect project will be a major FOSS development here at HIMSS09. More on that soon.

For now enjoy the snapshot of Kolodner starting to be swarmed after his talk…

Should CCHIT survive?

The incomparable Joseph Conn has an article up about the potential fate of CCHIT under the Obama administration.

I do not believe that it should be refunded under its current form. For several reasons.

Some quotes from Josephs article to support my position:

“I bet we’ve spent a quarter of a million dollars in development costs just to get around the functionality that is being forced into the system,” Oates (Randall Oates is a physician who is founder and president of SoapWare) said. He argues that more than half of the functionality CCHIT requires could be moved out of the core system requirements into extensions.

Oates said that to make EHR systems usable, they have to be tailored “to make them suitable to the various niches in healthcare,” Oates said. “You can’t have one-size-fits-all. Things that could be straightforward and easy have to be bloated and cumbersome. It really has hurt the progress for adoption.”

SoapWare is famous for a reasonably priced low-end EHR for small practices. I wish it were open source but it does target practices that are largely ignored by the big vendors.

I have documented the story of AcerMed, a CCHIT certified EHR that had to close its doors because of a lawsuit.  I should note that Dr. Valdes of LinuxMedNews, has also criticized CCHIT.

CCHIT, rather than creating a “seal of approval” is a millstone around the neck of the HIT industry. It is totally incompatible with the concept of low-cost/high-quality EHRs. Rather it increases costs and in some cases decreases quality.

Something needs to be done.

-FT

HIMSS a lobby for proprietary Health IT vendors

Today, I recieved a letter in my mailbox regarding HIMSS take on the recent legislation proposed by Stark.

HIMSS Stephen Lieber and Charles E. Christian, president and chairman of HIMSS respectively, write:

 However, HIMSS believes the legislation has negative consequences, including discounting the current efforts of “AHIC 2.0” and the development of an open source “health information technology system” by the federal government.  Specifically, HIMSS has concerns with the following provisions in this legislation:

(other stuff)

Development of an open-source “health information technology system” through the auspices of the ONC: The legislation directs the National Coordinator to provide for coordinating the development, routine updating, and provision of an open source “health information technology system” that is either new or based on an open source health information technology system, such as open source VistA. The system is to be made available to providers for a nominal fee.

The private sector makes significant investments in research and development for healthcare IT products. Healthcare IT is available via a competitive market in which vendors compete on the basis of price, quality, and functionality of a product. The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government and such product development should remain in the private sector.

First of all, I do not think the Federal Government should support just *one* open source EHR system, and you really cannot guarentee a fee for Libre/Open Source software.

But the spirit of Starks proposal is right-on and it is time to do something about HIMSS.

HIMSS is anti-Open Source and pro-propretary software. They allow us “Open Source” guys to give talks and even have working groups because they would be violating their charter if they did not. But they do not like us. They are terrified of us, and they should be. HIMSS lives off of the fat in Healthcare IT. Mature proprietary EHR systems have been around for decades, and they still have 5%-15% penetration. Why? They are too expensive and too risky. The doctors recognized that the vendor lock-in that they painfully experienced with Practice/Hospital  Management systems would be much worse with EHRs, and they have no intention of taking out extra mortages to make that happen.

HIMSS charges proprietary vendors obscene amounts of money for space at the their conferences. Open Source vendors cannot afford it to go, because they are service companies who cannot charge for products. Medsphere is the only all-FOSS company that had a booth last year, and they only reason why they can do this is because they have VC funding. The other top vendor, ClearHealth, has so-far not seen the value in buying a booth.

Even if they did see the value. There is no way that Medsphere, or ClearHealth or any other FOSS vendor is ever going to buy a half-acre plot at HIMSS. To afford that you need to be able to lock-in your customers.

Ahh.. but you want facts to back up my accusation. Ill give you two.

  • First, lets deal with ‘The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government ‘. The Federal government already releases a “open source compatible” EHR: the VA VistA. VistA is really, really good. So good in fact that WorldVistA was able to achieve CCHIT ceritification using it, and a Medsphere client (Midland) is one of only nine HIMSS Stage 6 healthcare facilities in the United States. (yes…. the same HIMSS) The cool thing about the Midland accomplishment? It cost less than any of the other nine stage 6 winners. So apparently, the federal goverment is just as capable of doing this, as anyone else. The private sector is supposed to be competing on “price, quality and functionality” yet VistA is cheaper, better and more functional. Nonetheless, HIMSS is writing letters.
  • Second, the HIMSS EHR vendor association is proprietary-only. Take a look at the requirements to join EHRVA. For those who do not want to read a pdf, I will record the relevant section here:

The HIMSS Electronic Health Record (EHR) Association chartered this effort to ensure equal, fair and consistent criteria for Membership into the EHR Association. The EHR Definitional Model includes an operational EHR definition, key attributes, essential requirements to meet attributes, and measures used to assess the extent to which companies design, develop and market their own proprietary Electronic Health Record software application.

HIMSS is not interested in seeing vendor lock-in and the other fundemental problems with proprietary health applications go away, rather they exist solely to perpetuate these problems. HIMSS defines itself as “HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare IT and management systems for the betterment of healthcare.”

In reality, HIMSS in in current form, is just a lobby for the very proprietary vendors who have failed move our nation into the age of digital healthcare information.

Dr. Janice Honeyman-Buck at HIMSS 08

For those that do not know, I am blogging HIMSS 08 for LinuxMedNews. I will be posting on anything that is relevant to FOSS that happens here. I did not have to wait long. One of the first talks covered the use of FOSS in medical imaging, something that I knew little about until Dr. Janice Honeyman-Buck clued me in.

Here is a shot of myself and the good doctor.

Fred Trotter and Janice Honeyman-Buck at HIMSS 08