Does Epic resist or support interoperability? Hell if I know.

I just realized that my somewhat infamous question at the ONC annual meeting is recorded on video!

The background on my question, which I made me very popular at the meeting afterwards, was that I had heard that Epic hired a lobbyist to convince congress that it is an interoperable company.

That lobbyist and others at Epic have been heard saying stuff like “Interoperability is Epics strength”… and “Epic is the most open system I know” etc etc.. This makes me think “what planet I am on?”

I have actually heard of hospitals being told “no at any price” by Epic, and I have never heard that regarding another vendor… although there are lots of rumors like that about Epic I would prefer to be fair. How would I know if Judy et al, had really turned a corner on interoperability. Epic has been a faithful participant in the Direct Project, which is the only direct (see what I did there?) experience I have had with them.

But I want data… and here is what happened when I asked for it at the annual ONC meeting. Click through to see the video.. it auto plays so I did not want it on the my main site.

Continue reading Does Epic resist or support interoperability? Hell if I know.

Libel and Discourse in the Digital Age

Libel, like copyright, is one of the central legal frameworks for governing online activities. It sets the bounds for what can and cannot be said about people in the new media area.  Like copyright law, libel law is a legal framework designed in a pre-digital era, that is somewhat strained in this new digital media age.

I write this with some trepidation. This blog posts touches on gender issues on Twitter, and that is a heated and, at least on Twitter, mostly broken discussion.

Any discussion on sensitive issues online, especially on Twitter, can devolve into a core of reasonable people trying to have reasonable discussions that are surrounded by a much larger group of people (or at least a large number of twitter accounts) who say completely ridiculous and incendiary things. Jimmy Wales response to a GamerGate email regarding the policies for Wikipedia’s GamerGate article is required reading here.

The wonderful thing about Twitter is that it facilitates open to the public conversations about anything at all. These conversations usually involve only people who are genuinely interested in particular topic, which means that the Twitter conversation is usually representative of the topic as it exists in the real world. But a given hashtag is useful and productive, only to the degree that people all agree on what the topic under discussion is, and also fundamentally agree on what is the appropriate means to have that conversation.

Many times, both of those constraints fail, and this is when you get a single hashtag, like #GamerGate being used in at multiple conflicting ways. One way is to have a discussion about “Ethics in Game Journalism”, the second is to launch a coordinated attack on female game journalists and other feminists, and the third is the feminist community using the hashtag to refer to those attacks. In the sense that all three things are happening at once using the same hashtag on Twitter, all of them are equally valid and equally invalid uses of the hashtag. But all three discussions regularly lament that the other two discussions are trying to “redefine” what “GamerGate” “is”. The letter from Jimmy Wales helped me realize that there is an inherent difference between a movement and a hashtag. Before reading that I was deeply confused on how think about “GamerGate” a word whose definition changes dramatically depending on who you listen to.

Generally I think the power of Twitter lies in its capacity to have public conversations that serve only as “signals”, with larger discussions on topics left to more forums that are better suited for comprehensive discussion, like blogs. Twitter is ill-designed to handle contentious issues, in part because Tweets are necessarily atomic in nature. It is too easy to take a single tweet, and then lambast that single tweet as the entirety of someones position. This is not strictly a straw-man tactic because it actually takes a little work to get Twitter to contextualize any discussion. Twitter presents tweets as atoms, and not threads on a topic.

On Twitter, there is a lot of “What I said was X, but what I meant was Y”. As an informaticist, I would call Twitter something like a “Communication Platform with Low Semantic Fidelity”. Which is not an insult to the platform… this is both a “feature” and a “bug”, depending.

So it is with great irony that I found myself having a discussion about libel, on the very platform that makes the issues around libel so complex.

For those who have been living under a rock on Twitter lately there has been a drama unfolding regarding the role Vivek Wadhwa plays regarding women’s gender issues in technology. The play continues to unfold, but here is the outline of the opening scenes:

  • Wadwha makes a statement onstage referring to “floozies”. (have not been able to find video of this)
  • Mary Trigani writes a post entitled Captains and Floozies criticizing Wadwha’s comment.
  • Wadwha comments on the blog post.
  • Trigani reposts the Wadwha’s comment with the title Vivek Wadwha explains
  • Amelia Green Hall, writes QUIET, LADIES. @WADHWA IS SPEAKING NOW which sternly criticized the role that Wadhwa plays and how he plays it.
  • This blog post caused enough of a stir that Amelia was subsequently interviewed by Meredith Haggerty on NPR’s TLDR series. This podcast (which is still available here) is essentially a retelling of Amelia’s blog post in audio form, with no dissenting voice from Wadhwa or elsewhere.
  • Wadwha reacts on twitter saying that the podcast is “libel and slander
  • NPR removes the podcast from their page, although as per normal it will be remembered forever on the Internet somewhere…
  • Twitter presumes that the post was removed because of Wadhwa’s “threats”
  • Wadhwa insists that he wants the post itself restored, but merely wants to have the opportunity to blog in the same space.
  • Apparently, his interactions with NPR makes him believe that he will be able to publish a retort on the NPR site.
  • For whatever reason, Wadhwa’s defense is not published on NPR, so he manages for it to be published on Venture Beat instead.

Which brings us to current. (I will try and update the timeline if things change)

Obviously it’s interesting stuff in it’s own right, but I am mostly interested in the issues around libel. Specifically, I am interested to understand if it was in fact libel, and I am interested to know if the fact that Wadhwa labeling it as libel was a “threat”.

Lets deal with the first issue. Was it libel? Well it turns out that this is not a clear legal question, especially for Wadhwa. You see in the US, the legal test for libel typically has three components (IANAL and I am quoting Wikipedia, so you would be foolish to take this a legal advice).

  • statement was false,
  • caused harm,
  • and was made without adequate research into the truthfulness of the statement.

(from wikipedia)

Unless, you are a public figure, and then libel also includes “Proving Malice”. Again quoting wikipedia:

For a celebrity or a public official, the person must prove the first three steps and that the statement was made with the intent to do harm or with reckless disregard for the truth, which is usually specifically referred to as “proving malice”

Listening to the podcast there are several statements that stand out specifically as false:

  • ..”Has he really been this spokesman for women in tech for years while he is believing that women can’t be nerds because thats because thats like super misogynist”..
  • (on the website of for Wadhwa’s book) “I can get to a photo grid of women it doesn’t list their names..” (Wadhwa points out that such a list lives here)
  • “Wadwha was barely acknowledging the women he was working with”
  • Wadwha was “Gaslighting minimizing marginalizing people who disagree with (him)”
  • The story implies that Wadwha titled his response to Trigani’s post “Vivek Wadwha explains” when in fact Trigani had made that title.
  • The DM’s that Wadwha sent were “non-censual”.

If you listen the to podcast, and you read Wadwha’s rebuttal, it is pretty easy to see understand how Wadwha at least would view these statements as false, harmful, and inadequately researched. Wadwha is painted as pretender, a person who who is taking the role of “real” expertise. The implication here is that there is something essential to the experience of being a women in technology that is required to acquire legitimate expertise about women in tech. At the same time, there is the implication that the experiences of women in tech so vastly distinct that no one person could possibly make useful statements about them as a class.

This is an interesting issue with civil rights in general. There was a time when the racial civil rights movement choose to exclude white supporters from leadership positions. This makes sense when you are dealing with a pervasive attitude that presumes that a particular class is fundamentally incapable of self-representing and/or leadership.

But there is a difference between requesting that someone bow out of a leadership role, in order to further the aims of a social justice movement, and attacking the qualifications and intentions of that same person in the most public way possible (i.e. on the radio and Internet at the same time).

On the other hand, if there is a person claiming leadership in a social movement, while saying or doing things that hamper that movement, it is a natural reaction to eventually (after back channel discussions have failed) to out that person in public.

So which is it? Is this a necessary exposer in defense of an important social movement, or it is petty dramatics within a movement that should be above such theatrics?

What the hell do I know? Although I am at least a little interested in anything that qualifies as social justice, I am hardly an expert in this area. I don’t know any of the parties involved and I have no familiarity with the book and research body in question.

What I am interested is how libel works in the Internet age. What is fascinating specifically to me is the degree to which Wadwha is being criticized for calling the podcast “libel”. It is fairly clear to me that IF the contents of the podcast are misrepresentations, then Wadwha is just being publicly attacked. The whole podcast was about him, not about “men speaking for women generally”, but just about him and what he was specifically doing wrong. The podcast implied that he was a lecherous, misogynist, manipulative plagiarist. IF those things are not true about him… then does he have the right to say “This thing that is happening is slander and libel” without inappropriately using that language to squelch criticism.

According to Wadwha, he has made no legal threat, he did not ask for the article to be taken down and, in fact, he has asked for it to be restored. That does not generally sound like the acts of someone who is seeking to muzzle critics.

What I find fascinating, is the apparent consensus that merely labeling the podcast as libel IS itself a legal threat.

Here are some reactions from two lawyers who work for the EFF (an organization I admire and donate to)

And then here..

Lastly this is one specific quote from someone who has been on the other side of this.

However, I did find this gem from @DanielleMorrill, who was obviously researching this earlier than I was. She found places where Wikipedia policies cover these issues…

For my part, I cannot help to empathize with Wadwha. My family has had some pretty nasty run ins with people willing to publish false things about us. If someone in traditional media decides to smear you, its nearly impossible to undo the damage. At least Wadwha had the opportunity to tell his side of the story, an opportunity my family never got. 

Apparently, the consensus on the Internet, and what I would advise people do on this, is to just say. “Hey that stuff you wrote/said about me is not true, and its pretty hurtful and you really should have researched that better” instead of actually coming out and saying “Thats Libel”. Its pretty clear that Wadwha tried to take a position of “You have libeled me, but I am not planning on suing you, I just want to achieve balance”, and from what I can tell, that has blown up in his face, and possibly made things worse for him. 

I have certainly learned several things from this incident that will make me slightly less likely to put my foot in my mouth: Specifically…

  • I should be careful not to speak over other people on panels. I am frequently the most vocal and opinionated person on a panel. Audiences frequently ask questions specifically to/for me, and moderators will frequently favor me because I can be entertaining. But apparently when Wadwha does the same thing he is percieved as “taking the air out of the room” etc etc. I would never want my fellow panelists to feel they don’t have a voice b/c of me. I will have to work on that.
  • Apparently there is a whole contingent of women who have been so completely harassed by DM’s that saying something like “A non-consensual DM” actually makes sense to them. I had no idea that Twitter harassment had reached that level for women. I mean you have be brave or crazy to let someone know you are a female user on Reddit (which is sad), but I thought Twitter was a “safe place”. I was wrong.
  • When someone labels themselves as rude or mean or otherwise thinks that it is a good idea explicitly admit in their twitter profile that they are difficult to deal with… believe them. They are not kidding. Its one of these things. Lookup the Far Side cartoon that says: How Nature says “Do not touch”. Its just like that.
  • I need to be careful to explicitly not speak “for” the people I personally advocate for (which in my case is usually patients) b/c this can be disempowering. I need to find ways to advocate without being presumptuous, which is harder than it sounds.

Thanks for reading, I may well update this post based on reactions from Twitter and elsewhere.

-FT 

 

 

 

 

 

 

EHR Vulnerability Reporting issues

For those who actually bother to read to the bottom of my bio, I was actually in Internet Security before going into Health IT. I spoke at DefCon and everything.

During my career in Health IT I have had to report a security vulnerability to an EHR developer once, and it was such a painful process that I basically just gave up.

My poor friend Josh Mandel and his group at SMART found an XSLT vulnerability in an HL7 provided file that is a part of essentially every modern EHR system (the standard, if not the file itself, is mandated my Meaningful Use).

They have had a horrible time trying to get the attention of the major EHR vendors, with less than 10% paying any real attention.

I am saddened, but not at all surprised. I will write more later…

-FT

How to submit prior art on the Medicity Direct Patent

Recently Medicity has tried to patent the concept of a HISP. Please join me in submitting prior art to prevent this undermining of everything that the Direct Project stands for.

Groklaw shows the way

Here is a specific page that I had some trouble with and the right answers for it…

The Patent number in question is 61/443,549

The confirmation number is: 9529

The first names inventor is: Alok Mathur , Alpharetta, GA (US)

The date of file is: 02-16-2011

The strange string they are going to ask you in the middle appears to be: 201161443549

Read Groklaw carefully because the form is massively unnecessarily complex. (Because that is how the government rolls)..

The following prior art exists for their claims:

* Conversion of encrypted payload content, perhaps CCDs, into HL7 2.3 transactions sent to an EMR over TCP/IP ports

Of course, converting to HL7 v2 is not actually a good idea in 99% of the cases, but it was always part of the original vision of the Direct Project

http://wiki.directproject.org/page/diff/Direct+Project+FAQ/122979323

 

Just search this page for HL7 to find Arien discussing the need for HL7 2.x interoperability

or you can read about how we dithered over 2.x versions of HL7

http://wiki.directproject.org/share/view/21291669

I will no dignify the fact that they note that this happens over TCP/IP with a comment. Really, you are going to use the networks protocol for that?

Are you sure you do not want to use UDP? Or perhaps IPX? Wow. Innovation. <- (sarcasm, see note for USPTO employees below)

* Conversion of encrypted payload content, perhaps HL7 v3, into rendered PDF formatted reports that are automatically printed to a local printer device per the provider’s workflow preferences.

* Construct of a standard Direct compliant outbound S/MIME transaction with CCD attachments by converting native PDF or HL7 v2.x formats and contents.

This of course makes direct look like a fax machine. Which is a -huge- step backwards. But generally, converting between different healthcare interop standards has been done for quite some time.

A main goal of the HISP is to convert between various formats. We spent months talking about the particularly difficult conversions, i.e. Direct to IHE

http://wiki.directproject.org/Threat+Model+-+Direct+to+and+from+XDR

As far as I know the central advantage of a PDF is that you can print with it.

Here is Keith Boone discussing the issue on his blog

http://motorcycleguy.blogspot.com/2010/11/converting-from-hl7-version-2-message.html?showComment=1337606813597#c3948689104995255223

http://wiki.directproject.org/Session+Notes+6

 

This is 2 months too late but shows that we including printers as possible devices to send direct messages to.

The second set of claims is particularly annoying to me because I got involved in Direct specifically because it was not possible to do coordination of care without an underlying point to point messaging infrastructure.

  • Sharing of virtual care team records across disparate networks

  • Dynamic updates to disparate patient reocrds using encrypted serialized patient objects across disparate networks

  • Sharing of application context within applications across disparate networks

  • Sharing of user context within applications across disparate networks

  • Establishing long-term patient and provider object-level communication across disparate networks.

Its late, so my patience for this is wearing thin. Email handles “sharing PHI across disparate networks”. The whole fucking point of direct is that is -just- email.

So everywhere that Medicity is saying “share (PHI Type here) across disparate networks” they are full of shit. This is the problem that Direct itself solves.

Then the question becomes. “Hey, now that we have this amazing capacity to share PHI across disparate networks, what specifically should we share?”

Hmm… perhaps we should use this to keep patient records in sync… no shit.

(in case you cannot tell. The preceding text is sarcasm. I am saying this because someone from the USPTO might be reading this, and I am not sure you might not have picked up on that. Working at the USPTO might be the kind of job where you lose your sense of humor. I am just saying. )

The whole concept of a HISP is that it site on the edge of the Direct network and integrates the local environment into Direct.

Medicity has a HISP product. It does things that HISPs do.

They do not deserve a patent for concepts that are -both- obvious and well described by the Direct community during the -entire- process of developing Direct. The fact that the US government did not dictate what a HISP should do does not mean that it was not discussed carefully, completely and commonly by everyone working on this project.

The “HISP as a bridge concept” is something that I had a hand in creating. I do not appreciate my own work being co-opted and abused in this fashion. I am requesting that Medicity withdraw this patent application, and consider… I don’t know… competing for Direct HISP business, instead of applying for bullshit patents on ideas that were created as part of an Open Source project.

-FT

 

 

 

 

 

 

 

 

About to have a call with the National Health Service

I am about to have a call with a group of people who work with the UK National Health Service.
I know for a fact that the people on the call are doing serious, thoughtful work on behalf of their government.

In contrast, my government just started paying the electricity bill again.

It is fairly hard to describe accurately how I feel about going into a call like this. Happily I have Reddit/Imgur to help!!

Two important dates

There are two events coming up soon that you do not want to miss.

The first is not this weekend but next: The Houston Health 2.0 codeathon is happening (March 23-24 at Platform in Rice Village)

The second is Health::Refactored from the Health 2.0 conference series. That happens on May 13-14 in Mountain View, CA.

I will be acting as mentor at both events. We are specifically looking for e-patient mentors, so if you are interested in this role, please let me know.

Also, I need to start promoting these different conferences and code-a-thons that are friendly to the “Hacking Healthcare” approach… what is the best way to promote and maintain different events on the web? Is there some kind of automatic event-to-email-to-RSS-I-don’t-have-to-think-about-it tool that is popular for tracking a series of events?

Go to these two conferences. They will be awesome!

-FT

 

OCR refuses FOIA request

Joe Conn, one of the best Health IT reporters I know, has been denied FOIA access to breach data reported to the Office of Civil Rights.

Honoring FOIA requests is a critical part of how the people ensure that the government is not abusing its power. That might sound paranoid, but blanket rejections like this are deeply problematic and are often evidence of deeper issues.

Given that this is directly related to the documentation of abuses of patient privacy, I should expect that Dr. Peel will want to get involved. Frankly, it is moments like this that I am thankful that someone like Dr. Peel is as tireless and relentless as she typically is.

When a FOIA request is refused in this manner, it will usually take a judges involvement to open things back up.

-FT

Steve Jobs is dead. Long live Steve Jobs.

Today, Steve Jobs died.

This blog post will be only one among thousands of posts devoted to his drive and his genius. Thousands will celebrate a technical legacy that almost no technologist can hope to replicate. The original Macintosh, those early films from Pixar, the iphone… hell I am typing this on a Macbook Pro (dual booting Fedora… but still…).

I think this might as well be a good time to mention why it is that I do what I do. I lost my mother to ovarian cancer almost 10 years ago exactly.

I work on Health IT rather than more lucrative endeavors for one simple reason.

I will never cure cancer.

I am not even sure that “cancer” is curable. Cancer is too deeply related to the way our cells normally function in order to simply be “cured”. There is a good chance that all we will ever get is “really good treatments” for cancer. But it hardly matters for me. I will not be the guy who finds the cure or the “really good treatment”. I am a computer scientist, its just not what I do.

But my mother did not just die from cancer. She also died because of a medical error. A doctor had enough information to diagnose my mother correctly many months before we discovered that she had ovarian cancer. But doctor missed the signs. That is pretty common with ovarian cancer, it is less common than breast cancer, but more often fatal because it is harder to detect. Still, the signs where there. The doctor thought it was the flu.

Once cancer has gone too far, fighting is an uphill battle that many, including Steve Jobs, lose in the end. My mother died at 52. Jobs died at 56.

Is cancer an uphill battle or a downhill battle? Early detection is everything. And early detection is an information problem. It is a diagnosis problem.

It is a computer science problem.

Reading about Steve hits me pretty hard. He was one of us, a geek. Not just a geek, but a visionary among geeks. I do not square with the Jobs ideology… but I have to admit, he did some amazing things.

Steve Jobs said that he wanted to put a “ding in the universe”. And he did.

But the ding that I want to make in the universe is so much greater. The ding that I want to make is to make it much much rarer for us to lose people like this. Can you imagine what Steve Jobs could have accomplished if he had lived another 10 years? 20?

I will never be as famous as Steve Jobs and I will never be able to make as much of a difference as he did. If any progress at all is made in health IT it will be due to the cooperative work of tens of thousands of geeks with my skill set. But I am pretty hopeful that the area I am working in can really make a difference in the world. I hope that we might be able to make a few more critical diagnosis in that critical window where we might actually save some lives.

Tonight I will toast Steve Jobs, and to my mother. This is a good a time as any to reveal my addition to the latest painting by Regina Holliday. I did not tell her this, but I watched her paint this on the 10 year anniversary of my mothers death. I did not get to be with my family at the graveside that day, but Regina decided that others could add to her painting… so I added this.

dear mom, if i can change the code, I can change the world.

That pretty much sums it up.

-FT