No Shit In The Ranch House

Please forgive my use of a four-letter word. But it is central to my overall point, as I hope you will soon see.

Ranches are shit-management systems. There are other ways to think about a ranch, and this is probably the least glamorous angle to take. A ranch is all about raising animals for food, and animals shit. A proper ranch, unlike the factory farming methods criticized in the new film Eating Animals, handles these goals in a manner that is respectful to the animals in question.

The single biggest problem with having lots of animals in a single location is shit. More animals more shit.

Properly managed ranches have all kinds of systems in place for managing shit. They design their animal stalls to be easy to shovel. They use wheel-barrows and bobcats and all kinds of innovative solutions to ensure that shit does not pile up in the wrong places.

Cows are willing to defecate in transit. Which means that as cows are herded from one ranch facility to the next, they occasionally make a trial of cow paddy. This is a large part of the reason why cowboy boots are designed to be easy to wipe-down. On a ranch, shit tends to get everywhere, and the ranch as a system spends a huge of amount of energy addressing this problem.

My understanding of ranches are mostly from fond childhood memories and a huge amount of family lore. My great-grandfather was the foreman of the Pfluger Ranch (which would later become Pflugerville). So I admit that my understanding of a ranch is based mostly on third and second-hand stories, and is likely not too much better anyone else’s. But what limited understanding I have is enough to grasp two basic concepts: First, shit management is an ongoing unpleasant task on a ranch, and Two, there is typically a large expansive home at the center of most large ranches. This second concept is where we get the reference to a “ranch-style” home, a single-floor phenomenon where there is very little incentive to build a second story.

Now, imagine that you run a grocery. You decide which ranches provide the meat to the butchers in your grocery store. So you have a pretty good idea how ranches are supposed to operate, having seen many of them over the years. You are familiar with the rituals undertaken upon arriving as a guest at a new ranch. You are invited into the central home, which looks from the outside to be a spacious, welcoming house. There is a reason it is so often referred to as the “Big House”. This is the seat of power in the ranch, and you note that the cowboys/girls that enter with you defer to the significance of the place by removing their hats.

Now further imagine, upon visiting this ranch, that you find a big, heaping pile of shit, in the main parlor of the house. Right inside the front door. Right on the obviously expensive rug. Inside the house.

This is your first impression of the ranch. What are your thoughts? You might wonder “How did a cow get in here?”, “How long has this shit been here?”, “Why didn’t someone clean this shit up before we got here?”

But from the perspective of your evaluation of the ranch, it does not matter what the answer to any of your questions are. From your perspective, this is not a ranch you want to work with. Because you know that there are lots of moving parts to a ranch, lots of things that need to go well, and if the ranch is so poorly managed that it cannot keep bullshit out of what should be the best-kept part of the ranch, then it is extremely unlikely that the ranch has its shit together anywhere else. (see what I did there?) Most importantly, it is not worth your time to investigate in the very careful examination of the ranch that would be required to undo your first impression.

That does not mean that you (as the grocer still) would penalize a different ranch for having shit in the stalls, or shit in the barn or shit on a walkway… Dealing with shit, even stepping in shit is part of the life of working on a ranch. But it really matters where the shit is. And if you see shit in the parlor of a ranch, it will take herculean efforts by that ranch to ever regain your trust. But most importantly, even if the ranch were to undertake those efforts to change your mind, you are just going to go down the street to the ranch that seems like it has its shit together. You simply do not have time for that shit. (it is too easy)

Of course, you think that I have been talking about ranches and shit this whole time, and you would be right in guessing that this is just a metaphor for something else. Something that I, in a non-cow related technical profession, might have more experience with.

What I am really talking about here is software bugs. Bugs = Shit in this analogy and Ranch = Software Project. One way to think about the software development process is that it is all about fixing the bugs that are a natural by product of software features. More features, more bugs. More cows, more shit. Everyone expects the bugs in software, just like everyone expects shit on a ranch.

But if you have shit in the parlor of your ranch house, then it is obvious to anyone who is evaluating your ranch that you are not effectively managing your shit. In the same way, if you have a bug in the features that are covered in the README of your Github software repo, people are highly unlikely to forgive that.

When a new developer comes across a project on Github, (or Gitlab or Sourceforge or who knows now that Microsoft has bought Github) and that project fails to correctly install, or basically function as the project Readme.md file in the repo suggests that it will, then that developer will judge that software is useable and will probably never come back.

This is the reason why I get so upset that projects that I fund, sponsor, contribute to or rely on have failures in the way that the software should function in the Readme. It means that the maintainers of the project have profoundly forgotten how the process looks from the outside. The team has become so focused on moving forward with new features and functionality that it has forgotten what the experience of a new developer or user reaching out to a new project is.

When a developer of a FOSS software project on github releases a new build of their software, pushing to “master” in git-speak and suggesting that some other version of a software project is acceptable, they need to do a final manual check to ensure that on a new server, with a fresh OS installation, with nothing configured, that following the installation and configuration instructions in the Readmd.md file will work all the way to the “example usage” stage.

I love the new focus on automatic integration. Travis-CI et al have made it much easier to automate final unit testing. Test-driven development is a wonderful idea. But developers still need to do a manual check before a specific release of software to ensure that the current version of the instructions in the Readme, actually result in a good experience for first-time users. Unit tests cannot tell you if the english-language “startup” instructions in the Readme are up to date.

Sometimes, changes in software result in the need to update the Readme instructions. Sometimes the Readme contents are correct, but there is an introduction of a new requirement for the project (new database tables for instance) that need to be automatically detected and fixed on first-time use. I cannot imagine that there will every be an automated system that will predict every new dependency and process change.

I am also not suggesting that every bit of documentation needs to be updated with every release. It is certainly important that documentation generally be maintained and certainly documentation coverage should be considered at a minimum for every release. But while that is important, that is not what I am talking about here. The question that every new user is asking when they download software that solves a problem from Github is “will this thing work for me”, and answering that question frequently requires a huge investment of time and money. But before they make that decision, they want to know “is this software project basically sound?”. If the answer to this question is “yes” then they will make the greater effort to discover if the software works for their use cases.

As long as the new developer believes that the underlying software project is basically sound they will be tolerant or even better, collaborative, with regards to the bugs that they do find. But they want assurances that the software basically does what it says on the Tin. They want to know that the maintainers of the software basically have their shit together, which makes investing in the software a reasonable choice.

Play testing a new software release will always need to be a manual task that is done at the end of sprints. If it is not done then software that is publicly version controlled (on Github or elsewhere) run the risk of alienating new developers which is a death-sentence for any project. If a software sprint ends without “time” to play-test the new release to ensure that it works on fresh systems, then the scope of the sprints needs to be reduced until time for that task is accounted for.

In my opinion, this is the single most important thing that a software project can do to market itself and succeed in market that is crowded with other publicly available Open Source software. It one of the great weapons that modern developers have against the scourge of the “it-works-on-my-machine” disease that all developers seem infected with.

No shit belongs in the ranch house. Try to ensure your Readme “get going” instructions are perfect with every new release.

 

 

 

How to be Cyber Woke for patients. Facebook lesson 1

So I wrote a post supporting the notion that Facebook could do some good by integrating with hospital data. That blew up on Twitter, and so much so that it eventually ended up on CNBC. 

Before I go on, I must recommend the continued reporting from @chrissyfarr who broke the original story.  I also recommend that you read the article on WaPo from @KirstenOstherr  which provides some much needed context on why this is important. She is a professional healthcare media analyst and it shows.

Since all of this, a patient group (will update later with information on who) has reached out to me for help understanding exactly what the risks are for patients who are using Facebook, especially those who are using Facebook to connect with other patients inside patient support groups. We agreed that some specific advice might be useful to other patients and patient support group admins, so I am posting this here for anyone to reference. The first thing I should note is that I will be writing a separate guide for people who are hosting patient support groups on facebook. The damage that can be done through an single admin account on a patient group on Facebook is tremendous (the power is like raw Plutonium) and there is a difference between the advice that I would give someone who is essentially responsible for other people’s private information, versus someone who just wants to be able to share information about their healthcare condition with their friends on Facebook.

Think of it like this: a surgeon has very different hygiene protocols to follow, compared with a person who is just visiting a hospital, vs someone who is healthy and not visiting sick people.

In the same way there is a difference between how you use Facebook and the Internet generally, in a secure and private fashion if:

  1. You are not sharing health information online at all.
  2. You are a patient participating in a topical health discussion on social media
  3. And a person who manages a patient community on Facebook, Twitter, etc.

This post is all about #2 people. If you are #1, you might be better served with an general introduction into how to use Facebook securely. I will cover those topics here too, but I will also cover things that will only make sense to patients.

I am also going to try to be as brief as possible, because I know you have other things to do. But this is not a simple subject. And if you care about this, you need to take a second and realize that there is a lot to learn.

So I am going to leave you with checklists and pictures to speed things up. Also, please note that I intend for this post to be a work-in-progress. Feedback is welcome. But you should tell me what you think by tweeting to me.

How to get to your Facebook Settings:

 

 

Almost all of the instructions below start from the Settings page, which can be reached by clicking the drop-down in the top-right of the Facebook web interface.

General

The only relevant thing you can do here is to download your data. Note that once you have downloaded your data, it is possible for someone to hack your computer and steal it. I recommend that you encrypt your backup in a zip file. And then upload that file to DropBox or something like it, for safekeeping…

Security and Login

The most important lesson you can use regarding your Facebook password is to:

  • Use passphrase. They are much more secure than passwords and they are easier to remember.
  • Never use the same password you use for Facebook on ANY other site.

If you are the ONLY PERSON who uses your computer.

  • Then you want to make it difficult for other people to even access your computer at all. You need an inactivity password (i.e. you have to login to your computer again after not using it for an hour or so).
  • Then use the password management capability on your computer

If you SHARE a computer

  • Try to use a different user account on your operating system than the other people using your computer.
  • Do not save your facebook password or use the automatic login functionality in Facebook
  • On a shared computer, you are going to have to type your password everytime you use Facebook, if you want to ensure that you are using it securely.
  • When you are done using the browser erase your history and cookies.

Now you might be thinking, “I share my computer with my husband/wife/father/mother/son/friend/dog and I really trust them, there is no need for me to protect my facebook login from them”. Remember that this is a hygiene exercise. Lets say that you have a Windows computer and you have a login for yourself separate from your loved one. That is a bother, you have to switch users every time you want use Facebook. But, if your loved one accidentally visits a website with malware, their account might become infected with a virus. If you are lucky, the Windows/Whatever operating system might be able to protect your username and password information, if you are not using the same account.

There is a difference between trusting in someone else’s personal integrity, vs trusting in their browsing habits. It is very easy to download something that will try and hurt your computer on the Internet.

Here are more specific instructions on how to use the “Security and Login” settings for Facebook.

Privacy:

  • If you are a patient on facebook, it might be possible that many, or even all, of the friends that you have on facebook also share the same medical condition as you do. You can help protect their privacy by setting “Who can see your friends list” from “Public” to “Friends”. You can find that setting under Settings->Privacy
  • Also on Settings->Privacy you probably want to disable phone number based look up. There are lots of people who enter random phone numbers into Facebook and try to figure out who they belong to.
  • Also on Settings->Privacy is “Do you want search engines outside of Facebook to link to your profile”. You probably want that set to “no” unless you really need people to be able to google you, and find your facebook account.
  • If you are not a patient advocate, and you are using Facebook to share your health experiences primarily in order to stay connected with people you already know, I recommend that you set both your future and past posts to “Friends”, “Friends except..”, or “Specific friends”. Having your activity be public means that “bots” or scrapers, can access your information, which might not be what you want.

 

Apps and Websites:

  • Turn  off all of the apps that you are not using under Settings->Apps and Websites.
  • Second, for those apps you keep, click “view and edit” and remove access to any data that you think they should not have access to. This is a good time to ask the question: “Why would an app that does X need access to data about Y”. If it does not totally make sense to you, turn it off.
    • You probably do not want to allow apps to see your list of friends
    • You probably do not want to let an app read your posts, or your likes, or your photos, places or videos.
    • You probably do not want an app to be able to control your “pages”

Ads:

There are a ton of settings under Settings->Ads. But trying to navigate those are pretty difficult. Ultimately, Advertisers pay Facebook lots of money to reach you.

Try not to click on Facebook ads. If you see an ad for something you like, just use Google to find the company instead. If you click an ad, and that ad only targeted people similar to you, it might be possible for that company to eventually figure out what your healthcare status is. If this feels like a bother to you, then you need to spend some time exploring the Settings->Ads section… which can give you some control over the types of ads you see, but does little to help advertisers from building a data model about you.

But lets say you reeaaallly need to click an ad. Well, if you are using Chrome or Firefox you can open the link in a way that passes less information to the advertiser about who you are…  To do this choose “Open in Incognito Window” in the right-click menu in Chrome browsers. And in Firefox open “Open Link in New Private Window”. There is a way to browse privately on almost every modern browser.

 

 

Which browser?

There are good reasons to use Google Chrome and Mozilla Firefox exclusively if you want to have a more secure online experience. First, their code is subject to public inspection because they are Open Source. But also because they support browser extensions which can dramatically improve the security and privacy of your browsing. Specifically, I recommend:

Privacy Badger – a tool that keeps websites like FaceBook track your web-browsing when you are NOT on Facebook. This can sometimes make websites break, but I encourage you to try to learn how to use it, as it will substantially decrease the amount of information that you “leak” online.

HTTPS Everywhere – a tool that attempts to ensure that your connection to the web is encrypted when ever possible.

Note that both of these browser extensions are developed and maintained by the EFF, which is one of the most vocal and effective organizations for protecting your security and privacy online. Also, getting an EFF branded cover for your webcam is definitely the way the cool kids are showing they are “Cyber Woke”. Also, they have cool hoodies.

 

Other random stuff:

If you really value your security, get a Google Chromebook. They are difficult to hack.

Do not insert USB sticks that you “find” into your computer. Make sure you purchase USB sticks yourself from reputable vendors.

 

 

 

Facebook and Healthcare data, the contrarian view.

Recently, I read an article that Facebook had been considering partnering with hospitals to connect their social data with the hospitals’ patient data in order to provide improved services to patients. Facebook had decided, in the wake of the Cambridge Analytica fiasco, to put those plans on hold. Here is the video version of the report, which is definitely worth watching.

I thought this was disappointing, because I know that many patients rely on social media generally, and Facebook in particular to coordinate patient care. Connecting healthcare data with a patients social graph, when done with permission and with limited and intelligent goals could result in real improvements in patient care, especially for our most vulnerable populations.

I tweeted as much:

I have been surprised by the subsequent reactions, very few of my tweets seem to garner this much attention or engagement. Given this reaction, I thought it wise to more carefully defend my position.

I do not think anyone should claim “expertise” in anything as nebulous and unknowable as healthcare cybersecurity currently is, but I am definitely comfortable saying, that I am not a novice.

I have spent time thinking carefully about the intersection of healthcare information systems, and cybersecurity and privacy. This has lead me to be frequently at odds with other cybersecurity experts who are legitimately concerned about the dangers of connecting to early.

The problem that I see again and again are knee-jerk policy reactions to technology potential and, more generally, a tendency for talking-head histrionics regarding healthcare information privacy. Probably the most extreme of these, historically, has been my friend Dr. Deborah Peel. Dr Peel has continued to suggest that all health information exchange halt, until it can be made entirely secure and entirely respect patient privacy and ongoing consent.

The problem with that approach is that it tends to drive healthcare data exchange efforts “underground”. The discussion about Facebooks change in policies is a good example such fear-mongering. Note how CNBC chose to frame the news that Facebook was NOT going to reach out to hospitals. Let me quote some of the article, highlighting some of the terms that I find concerning.

Facebook sent a doctor on a secret mission to ask hospitals to share patient data

Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients.

The idea was to build profiles of people that included their medical conditions, information that health systems have, as well as social and economic factors gleaned from Facebook.

Now, CNBC is not as given as some of the other networks to outright fear-mongering, but I do need to quibble with this type of reporting. First, if you read the article closely you will see that the project intended to link data using a two-sided hashing mechanism. This serves to protect the privacy of both the Facebook user data, and the hospitals’ patient data. The headline makes it seem like it would be trivial for both the hospital and Facebook to identify these patients. Of course, such a dataset would be relatively simple to re-identify given how much of Facebook’s user data is public information. And it is highly unlikely that either Facebook or the hospitals intended to release this merged dataset to the public. Still, de-identifying a dataset like this is a useful precaution to ensure that researchers are not tempted to violate patient privacy.

This type of de-identification strategy would have made the resulting dataset almost useless for Facebooks main profit center: selling targeted advertising. But the article makes it sounds like this is the aim, because the partnership was seeking to “build a profile”. A profile that is not connected to an identity is… well it’s not profile. A profile is a kind of an aggregation of multiple people.. and a dossier is about one specific person. Deidentified data is not really either one of those things. It is about a specific person, unlike a profile and unlike a dossier because no identity is attached. In this respect, building a “profile” does not seem like such a big deal, its an aggregate of people, a single average that is useful to help understand many potential individuals…

In fact, “building a profile” is clearly not the aim of such an endeavor, but only an intermediate goal. The reason such a “double anonymized” merged dataset would be useful, is because you could learn how to help patients by studying it. The research might help the hospitals, and Facebook, to understand how to better serve the patients that they both have as customers. A non-public anonymized dataset like this, shared only between the a limited set of researchers representing the two parties who contributed data, is pretty hard to abuse.

In fact, this is exactly the type of research that both Facebook and the hospitals have an independent and shared ethical obligation to undertake. There are more patients who share clinical information across Facebook than any software designed for that purpose (typically those products are called PHR systems). Facebook users use the platform every day to coordinate caregiving for their friends and family. They use it to coordinate whose turn it is to make dinner, and to coordinate which “friend” is going to show up and hold their loved ones hand. They use it promote the go-fund-me pages that have frequently taken the place of comprehensive health insurance in this country. They use it to request prayers, when the pain is really bad, and the pills no longer work.

Is this a good idea? Well, there are many who would warn that sharing data publicly like this is dangerous and they are profoundly correct. But this sharing is not done because users trust Facebook, quite the contrary. Facebook is tolerated, as a gateway to the friendships and family members that Facebook users so desperately need when they become seriously ill.

That use-case is not what Mark Zuckerburg imagined in his Harvard dorm. Frankly, it was a case of great foresight for Mark to guess that people might use his young platform get laid. But as Facebook has become the de-facto mechanism to connect with friends and family, especially across generations, it has also become a very common place for patients to connect with their care community. Or at least the parts of their care community that are NOT professional clinicians.

The professional clinicians not only fail to connect with patients friend and family network, they also fail to connect digitally with each other. Instead, they are rewarded for hoarding their portion of a patients medical data to themselves, a problem regularly referred to as the “silo” problem in healthcare informatics.

There has been no technical reason why patient data is not regularly shared between healthcare providers for more than three decades. However, our healthcare system continues to financially reward providers who hoard rather than share data. Healthcare technologists like myself do not, despite appearances to the contrary work to make data sharing possible, instead, we spend our careers desperately seeking technical solutions to health data exchange that are politically palatable.

So I hope you can understand that when two parts of the healthcare eco-system start to consider collaborating in a way that helps patients, this is something that we should celebrate with… concerned… optimism.

And I am concerned. I am very concerned that Facebooks basic structure does little to protect those who share healthcare information across its network already.

Just as we should be concerned that Apples recently announced Hospital integrations will serve reduce the investments that hospitals make in other patient-data sharing methods. Which might serve to widen the digital health divide. Poor people in this country have trouble affording iPhones, which could be soon be one of the few ways to conveniently access their own hospital data. But we should cautiously celebrate Apples work in this area.

We should be concerned that Google has recently announced multiple new Health IT API initiatives, despite having unceremoniously shut down its previous healthcare API offering.

We should celebrate Grindr’s efforts to encourage regular STD testing, even if this action has been clearly overshadowed by the news that they were sharing HIV status with third party companies.

Look, if you are this far in the article and thinking that I am defending Facebook’s egregious cybersecurity mistakes, its constantly over-reaching data grabs and generally cavalier (even sometimes malicious) attitude towards personal privacy, then you are missing my point entirely. As twitter user _j3lena_ pointed out correctly, it is only reasonable to assume that there are dozens of other organizations that have Facebook data on the same scale as Cambridge Analytica. That is just the one that we see. (updated to acknowledge _j3lena_’s comments)

Facebook has been a privacy nightmare for years, and I am very hopeful that they might see their failure in these areas as an existential threat to their existence. Because they should go out of business if they cannot ensure that their platform is something more than a monetized privacy-abuse vector. Facebook deserves to go the way of the Dodo, if they cannot help its users differentiate between real and fake news. Make no mistake, Russians advertising on facebook is a big problem, but this pales in comparison to the personal consequences for a person who is convinced not give their child a vaccine because of a facebook group.

My point is just this. We need to give companies credit when they embrace security best-practices as they pursue ethically reasonable goals. Like leveraging a hashing for de-identification scheme in an attempt to do things with patients’ data to help clinicians to improve care they give those patients. We need to criticize, and if needed, boycott and regulate companies that abuse our data. We need to have national policies that create real consequences for companies that abuse their positions of trust.

But we also need to give credit where credit is due, and Facebook was probably trying to do some good work with this hospital collaboration.

I hope this better explains my tweet.

-ft

Good Questions:

As per always, the Twitter community has given me new things to think about.

  • First, it is not clear what it means for this to be done “in secret” if this deal included non-disclosure agreements, that is problematic.
  • Second, and this is something that I did not get into, but that CNBC did a good job emphasizing, especially in the video version of the report, is that it is not clear how, or if, explicit patient consent would have been involved.

Updates:

Added several good points from Twitter, and as @corbinpetro pointed out, its CNBC and not CBS.

 

Cascading Configuration Design Pattern

I have not been able to find simple plain-language descriptions of what the Cascading Configuration Design Pattern is. And really not that many complicated descriptions either. 

Basically, this pattern is used to simplify very complicated configuration problems, by simplifying what would be a matrix of configuration decisions into a “cascade” of configurations using a hierarchy.

This easier to understand in the context of the most commonly used implementation of this pattern, Cascading Style Sheets (CSS). This is for people who would like to understand the general concept, but if you want, you can just study how CSS works and you get the general idea.

The first is to imagine a “configuration list” where you have common items that are choosable settings (i.e. this is a “configuration” design pattern after all). Which means you have a bunch of items, that can have different things configured about those items. Those can be elements of a webpage, details in a software or data specification, Firewall rules in an access control list or a purchase list for a fleet of vehicles. All of these are examples of  a “configuration matrix”. If we are lucky enough to have a configuration matrix that only requires 2 dimensions to display, we can look at as a “configuration table”. For now, do not get intimidated when I say “matrix”, you can mentally short-cut that to “multi-dimensional table” or perhaps even simpler “really complex table”.

We are going to use an ordering sheet for a fleet of vehicles in our example configuration matrix:

Item: Vehicle Item: Type Config: Color Config: Transmission Config: Windows
Ford Mustang Car Red  Automatic Automatic
Ford Focus Car Red Automatic Automatic
Ford Fiesta Car Red Automatic Automatic
Chevy Corvette Car Red Automatic Automatic
Chevy Volt Car Red Automatic Automatic
Honda Civic Car Red Automatic Automatic
Honda Accord Car Red Automatic Automatic
Ford F-350 Truck Blue Automatic Automatic
Mack Granite Truck Blue Manual Automatic
Mack Titan Truck Blue Manual Automatic

Now, the above table can defined as a data table. Explicitly defining each individual configuration items. They are always vehicles of some type. But you can choose the following items:

  • Color
  • Transmission Type, either Automatic or Manual
  • Window Mechanism, either Automatic or Manual

Now, if you look at the table above, you notice something pretty quickly. There is not that much information there. In fact, rather than having this whole table, you could just tell your fleet manager some simple english sentences about how you configure your vehicles. You could say

  • We never get manual windows. Who needs that noise?
  • All of our cars are red with automatic transmission
  • All of our trucks are blue.
  • All of our trucks have manual transmission, except for the Ford F350, which is automatic

Now why is this set of rules better than the data table? If you imagine a fleet with 200 more models of cars, or 100 different types of semi trucks, you would have a data table with 300 different elements. But as long as the basic rules remained the same, the english version of the configuration is much easier to work with. So you either have a configuration system with 4 rules, or 300 data points in a data table. When you consider that many configuration problems are multi-dimensional (i.e. n-dimensional sparse matrix rather than a 2d table). The benefits having a sparser configuration mechanism become obvious.

But we should note that the english rules have lost no information from the configuration matrix. That basically means they are the same thing, just in two different representations.

The only problem that we have to solve after this is how to ensure that the rules that we have currently written in english are machine-readable. First there is the data encoding standard, and for that we might choose YAML, XML, JSON or any of the other standards that are good for generically encoding hierarchical data. You want a data standard that is both readable by humans, and potentially automatically processable by computers. But the concept is not limited to explicit use inside data formats. You can use this to structure configure data in documents or spreadsheets. If you wanted the best of both worlds, you could use something like Markdown, which is halfway between a data language and a document system.

While you can implement things in very different ways, it is important to keep this rule solidly in mind.

To work, the configuration cascade should be convertible in one and only one way into its corresponding configuration matrix.

If you break that rule. The usefulness of a configuration cascade is completely lost.

So lets recode the english rules above as a simple yaml cascading configuration:

Vehicle: 
    Window: Automatic
    Color: Red

Vehicle-Type:
    Truck: 
         Color: Blue
         Transmission: Manual

    Car: 
         Transmission: Automatic

FordF350: 
    Transmission: Automatic

If you are familiar with CSS, you can see how close this to just applying CSS to another data model. Which is basically the idea of this design pattern.

For everyone else, lets talk a little about what is going on. Using this yaml file, you can recreate the configuration matrix above, by applying the configurations by inheritance in the order of specificity.

Which is to say, the more specifically targeted the rule is, the higher priority it is given. Every thing on the configuration list is a vehicle, which means any configurations under the “Vehicle:” section will apply to the entire configuration. That is awesome because it lets define the fact that we never want to have manual windows (or always automatic windows) easily. We also define the fact that most of our vehicles have the color of red safely at this level.

All of the trucks are blue, and we have a rule that says that under Vehicle-Type:Truck Color:. All of the car configuration items will inherit their color from the Vehicle, but all Trucks will inherit their color from the Vehicle-Type:Truck Color: definition.

We do not need to define the color of the Car Vehicle type, because it will still be red.

Lastly, the specific item of Ford350 is the only truck that has an Automatic Transmission. So we need to specify that item with the Ford350: line and then set its Transmission: option to Automatic. The Ford350 will inherit everything from the Vehicle.. unless it is overridden by the Vehicle-Type:Truck settings (which is what will make the Ford350 blue). And finally, because it is most specifically set, the Transmission: value is going to apply just to that one item.

Note that it is easier to read these cascades when they are written with the most general definitions at the top, and the more specific rules at the bottom. This eliminates the need to figure out whether rule ordering (i.e. what comes first) is more or less important than specificity (what targets the configuration item most specifically). There are some systems that look like cascades that are actually order-sensitive (i.e. this is how firewall configurations work). But rather than try understand which takes precedence, it is better just to start with the most general at the top of configuration files, and end with the most specific. This is the same best practice (BTW) with order of operations in algebra and programming. You should never write 4 x 4 + 10, because that means that you have to know which comes first, multiplication or addition. Instead, you should make it explicit by writing (4 x 4) + 10 because then you are saying the same thing, in a way that is not ambiguous or has to have a set unwritten (and poorly remembered) rules to resolve.

So that is the Cascading Configuration Design Pattern. I hope you found this helpful.

 

Harris Health Ben Taub Refusal to Triage

This week I went to the Harris Health Ben Taub ED because I was passing a kidney stone. I was refused triage and told that I would have to wait 7 hours for treatment, behind a waiting room full of people who were obviously in the ED for urgent issues that were not as acute as a kidney stone.

As a e-patient advocate, I am aware of the options available for patients who are denied emergency care. Harris Health is not a Joint Commission accredited hospital. It is instead accredited by the DVN GL Corporation. I am sharing my experience with them using their patient compliant process. I choose not to be anonymous while submitting this form (obviously).

Description – please describe your compliant

In the early morning hours of 07-11-2017 I realized that I was passing my second kidney stone. I arranged for a ride to the ED quickly, knowing that crushing pain would soon begin. Indeed, by the time I arrived at the ER, I was unable to stand up straight and I was experiencing waves of nausea.

I walked into the ED told them I was passing a kidney stone and asked for help. Two security guards waved me around the corner where a woman told me to sit. As soon as I sat down, I began vomiting. After vomiting, I told the woman that I was passing a kidney stone and that I was in terrible pain. She never asked what level of pain I was experiencing, or asked what I was experiencing. I made it clear that I had a kidney stone and that I was in pain. I told her that I had not been previously treated at Ben Taub and that I went to Memorial Hermann ED for treatment that last time.

She took my information and told me to proceed through the double doors, and that I would find a trash can in the next room to deposit my pan of vomit away in. I went through the double doors to find the waiting room, threw away my vomit and immediately approached 4 people about what I was supposed to do next. All of the people who were clearly staff in the waiting room said the same thing. They were not the person I needed to talk to and they did not know who I should talk to. I spoke to at least 4 different people in at least 4 groups. Confused as to what I should do next, I returned through the double doors to the original woman and asked what I was supposed to do.

I was then informed that I was to wait in the waiting room for my name to be called and that the wait was going to be 7 hours.  I said that I was passing a kidney stone and made it clear that this was not acceptable. I was given a “sorry”. I asked if I could leave and seek treatment elsewhere, I was told that I could.

I left and went to an urgent care center. The urgent care center promptly treated my pain and confirmed a kidney stone with a CT scan. They also informed me that my blood sugar test qualified me for “first onset diabetes”. I was given insulin to immediately lower my blood sugar. I am a healthcare data scientist, and I am fully aware of what a Diabetes diagnosis means for me long term. However, I still do not understand what it means in the short term and what steps I need to take. I remain confused and frightened.

I know that drug seeking is a difficult problem. I am sympathetic to the pressures that the ED clinicians are under and I know that there were dozens of people seeking primary care in the ED. I was not one of them. I was having an acute event, for which opioid treatment is the only reasonable cure. The Harris Health Ben Taub ED department simply did not triage me.

Despite vomiting multiple times in front of the only clinical person that I engaged with, I was never asked how I felt, what my symptoms were. I was asked “when this started”, and not much else.

After leaving Harris Health without having my symptoms considered and without treatment, I went to an Methodist Urgent Care center were I received prompt treatment. I did not instantly receive opioids there either, but the delay was commensurate with the time it takes to verify that I am not a frequent opioid user (i.e. not an addict, and not an abuser of opioids) then they treated my pain quickly and with compassion. They also performed a CT scan which confirmed the presence of a kidney stone, the results of which I am attaching to this submission.

Desired Outcome of the Compliant

I expect patients to be properly triaged by competent staff in the ED. There are digital mechanisms to determine scripts for opioid usage. I know this, because I designed and implemented at least a few of them.

My personal opioid usage history is a perfect example of someone who suffers from kidney stones. I have never sought opioid prescriptions outside of acute events. These events always correspond with follow up visits to my primary care physician, who then prescribes appropriate, non-pain related medications to treat kidney stones. Using only the SureScripts medication reconciliation process (which is required to a part of any Meaningful Use Certified EHR). Clinicians at Harris Health could have verified that I was not a “drug seeker” (which is BTW, an insulting and pejorative term)

In short, the data shows clearly that I am exactly what I claim to be: A person with a history if kidney stones, passing a kidney stone.

Presumably, Harris Health and Ben Taub are very willing to use prescribing history against patients in their ED. They use this information to deny access to opioids to patients they suspect of being recreational opioid users or opioid addicts.

The desired outcome of my compliant is that Harris Health will actually perform triage on patients, ensuring that patients who are in pain receive timely pain treatment.

The reason that my drug history is available to Harris Health is so that they can better treat me when I arrive. If Harris Health has access to this data, but either ignores it, or merely uses it to deny care, then they have betrayed the intent of the information system. In my opinion, that makes them guilty of defrauding the public of the more than $2 million dollars they received to install the Epic brand EHR system.

I am posting this to my personal website at http://fredtrotter.com

Updates

I will update this article with any information I receive back.

Self-driving cars and healthcare. A brain dump.

Here are my thoughts on how self-driving cars related to healthcare. In no particular order.

  • First, it is very likely that self driving technology is already well past the reliability and safety of any human driver. This makes for a classic engineering ethics debate. How long will our society tolerate a technical solution to a problem (driving) that we know is much less safe than another solution (AI drivers), just because we are used to a particular paradigm (human drivers).
  • Second, there will be a very strange middle stage when self-driving becomes available in new cars. AI drivers are likely to be vastly more cautious than normal drivers. Some are very concerned that this will cause a problem with humans “bullying” AI drivers. But there is also going to be a health disparity created here. People who can afford new cars could be nearly immune from car accidents, creating a new kind of haves/have nots.
  • We can expect that the geo structure of modern life will change substantially. The introduction of highways to the US caused a migration to suburbs by making a longer drive shorter. Soon it may become both affordable and popular to live in very rural areas, because long commutes will be easier to handle. If you can read, type and make phone calls safely as your car handles a two hour commute to work, long drives will become much more tolerable. This could increase populations in very rural areas, making emergency services drive longer for more people. This could dramatically increase the need for automated drone-based life-flights that are capable of air-lifting people much more cheaply.
  • Similarly, very urban areas could entirely loose parking facilities. Instead of parking cars, they would either drive themselves away from urban areas to use cheaper parking, or perhaps stay active in “uber-mode” delivering other passengers to different destinations. Car ownership could become something that is done only by the very rich (who choose to afford their own self-driving car rather than subject themselves to the availability of a pool of unowned cars) or the very poor (who choose to drive themselves in older cars, and face the problem of vanishing parking)
  • As self-drive cars age, they will become subject to more mechanical problems and more unreliable, increasing the delta between the safety of self-driving cars (which will be smart enough to seek their own maintenance).
  • It is entirely possible that humans will choose to unionize drivers. So even though a truck is capable to driving itself, a human “monitor” will be required to be present for “accountability” purposes (but really just so they stay employed). We are already seeing that “sitting is the new smoking” and these “driver monitors” could lead to a hyper-sedentary lifestyle that could have very negative impacts. Drivers are already subject to lots of unhealthy behaviors, which could be made much worse by disengaging them from any energy expending processes at all.
  • The impact on policing cannot be over emphasized. Many small police departments rely entirely on traffic tickets for revenue. In fact, many small towns are entirely run on ticket revenue. Large police departments also rely on traffic violations for funding policing. In some ways, one might consider the police presence as something that is enabled by the fact that roaming police are constantly able to gain revenue by ticketing traffic violations. Depending on how this issue is resolved we could see police targeting “pedestrian violations” much more heavily, or we could see an uptick in violence as a result of lowered policing. When you consider the possibility of “drone police cars” that are themselves lowering the cost of police presence… it becomes very difficult to predict how policing, and as a result, violent crime, will change in response to self-driving technology.
  • Almost all organ donations are made as the result of traffic accidents. This could lead to a critical shortage of donations. This shortage will likely cause the funding for organ printing to sky-rocket. This is similar to the “parity costs” for solar energy. There is a kind of “parity cost” for organ printing in healthcare and dramatically reduced accident rates as the result of self driving cars could change that calculus very quickly. However, we may face a decade(ish) worth of organ shortage (and corresponding shortages) before organ printing works fully, and after accident based organ donation trails off.
  • Accidents of any kind are generally estimated to be the sixth, fifth or fourth leading cause of death in the United States. Auto accidents are the most common cause of accident. If you eliminate this as a “way to die” it will put greater pressure on heart disease, stroke and age related disorders like Parkinson’s and Alzheimer’s disease. This is a good problem to have, of course, be it needs to be accounted for.

Thats all I can think of off the top of my head.

-FT

Google Intrusion Detection Problems

(Update: Less than four hours after tweeting out this blog post, we got our access turned back on. So the Google support team is definitely listening on social media. We very much appreciate that, because it resolves this issue as a crisis. We are still concerned by the “auto-off” trend and the missing button. But we will be working to make sure there is a better long term solution. Will update this post as appropriate moving forward.)

So today our Google Cloud Account was suspended. This is a pretty substantial problem, since we had committed to leveraging the Google Cloud at DocGraph. We presumed that Google Cloud was as mature and battle tested as other carrier grade cloud providers like Microsoft, Rackspace and Amazon. But it has just been made painfully clear to us that Google Cloud is not mature at all.

Last Thursday, we were sent a message titled “Action required: Critical Problem with your Google Cloud Platform / API Project ABCDE123456789” here is that message.

action_required

Which leads to our first issue Google is referring to the project by its id, and not its project name. It took us a considerable amount of time to figure out what they were talking about when they said “625834285688”. We probably lost a day trying to figure out what that meant. This is the first indication that they would be communicating with us in a manner that was deeply biased towards how they view their world of their cloud service internally, totally ignoring what we were seeing from the outside. While that was the first issue, it was nowhere near the biggest.

The biggest issue is that it was not possible to complete the “required action”. Thats right, Google threatened to shut our cloud account down in 3 days unless we did something… but made it impossible to complete that action. 

Note that they do not actually detail the action needed, in the “action required” email. Instead they refer to a FAQ, where you find these instructions:

request_appeal

So we did that.. and guess what, we could not find the blue “Request an appeal” button anywhere. So we played a little “wheres waldo” on the Google Cloud console.

  • We looked where they instructed us to.
  • We looked at the obvious places
  • We looked at the not-obvious places

As far as we can tell, there was no “Request an appeal” button anywhere in our interface. Essentially, this makes actually following the request impossible.

So we submitted a support request saying “Hey you want us to click something, but we cannot find it” and also “what exactly is the problem you have with our account in any case?”

However, early yesterday morning, despite us reaching out to their support services to figure out what was going on, Google shut our entire project down. Note that we did not say “shutdown the problematic server” or even “shutdown all your servers”. Google Cloud services shutdown the entire project. Although we use multiple google cloud APIs we thought it made sense to keep everything we were doing on the same project. For those wondering that is a significant design flaw, since Google has fully-automated systems that can shut down entire projects that cannot be manually overridden. (Or at least, they were not manually overridden for us).

We have lost access to multiple critical data stores because Google has an automated threat detection system that is incapable of handling false positives.  This is the big takeaway: It is not safe to use any part of Google Cloud Services because their threat detection system has a fully automated allergic reaction to anything that has not seen before, and it is capable of taking down all of your cloud services, without limitation. 

So how are we going to get out of this situation? Google offers support solutions where you can talk to a person if you have a problem. We view it as problematic that interrupting an “allergic reaction” as a “support issue”. However, we would be willing to purchase top-tier support in order to get this resolved quickly. But there does not appear to be an option to purchase access to a human to get this resolved. Apparently, we should have thought about that before our project was suspended.

Of course, we are very curious as to why our account was suspended. As data journalists, we are heavy users of little-known web services. We suspect that one of our API client implementations looked to Googles threat detection algorithms like it was “hacking” in one way or another. There are other, much less likely explanations, but that is our best guess as to what is happening.

But we have not idea what the problem is, because Google has given us no specific information about where to look for the problem. If were actually doing something nefarious, we would know which server was the problem. We would know exactly how we are breaking the rules, but because we are (in one way or another) a false positive in their system, we have no idea where to even start looking for the traffic pattern that Google finds concerning.

Now when we are logged in, we simply see an “appeal” page that asserts, boldly “Project is in violation of Google’s Terms of Service”. There is no conversation capacity, and filling out the form appears to simply loopback to the form itself.

It hardly matters, Googles support system is so completely broken, that this issue represents a denial of service attack vector. The simplest way to take down any infrastructure that relies on Google would be to hack a single server, and then send out really obvious hack attempts outbound from that server. Because Google ignores inbound support requests and has a broken “action required” mechanism, the automated systems will automatically take down an entire companies Cloud infrastructure, no matter what. 

Obviously, we will give Google a few hours to see if they can fix the problem and we will update this article if they respond in a reasonable timeframe, but we will likely have to move our infrastructure to a Cloud provider that has a mature user interface and support ticketing system. While Google Cloud offers some powerful features, they are not safe to use until Google abandons its “guilty until proven innocent, without an option to prove” threat response model. 

-FT

 

 

 

 

 

Does Epic resist or support interoperability? Hell if I know.

I just realized that my somewhat infamous question at the ONC annual meeting is recorded on video!

The background on my question, which I made me very popular at the meeting afterwards, was that I had heard that Epic hired a lobbyist to convince congress that it is an interoperable company.

That lobbyist and others at Epic have been heard saying stuff like “Interoperability is Epics strength”… and “Epic is the most open system I know” etc etc.. This makes me think “what planet I am on?”

I have actually heard of hospitals being told “no at any price” by Epic, and I have never heard that regarding another vendor… although there are lots of rumors like that about Epic I would prefer to be fair. How would I know if Judy et al, had really turned a corner on interoperability. Epic has been a faithful participant in the Direct Project, which is the only direct (see what I did there?) experience I have had with them.

But I want data… and here is what happened when I asked for it at the annual ONC meeting. Click through to see the video.. it auto plays so I did not want it on the my main site.

Continue reading Does Epic resist or support interoperability? Hell if I know.

Libel and Discourse in the Digital Age

Libel, like copyright, is one of the central legal frameworks for governing online activities. It sets the bounds for what can and cannot be said about people in the new media area.  Like copyright law, libel law is a legal framework designed in a pre-digital era, that is somewhat strained in this new digital media age.

I write this with some trepidation. This blog posts touches on gender issues on Twitter, and that is a heated and, at least on Twitter, mostly broken discussion.

Any discussion on sensitive issues online, especially on Twitter, can devolve into a core of reasonable people trying to have reasonable discussions that are surrounded by a much larger group of people (or at least a large number of twitter accounts) who say completely ridiculous and incendiary things. Jimmy Wales response to a GamerGate email regarding the policies for Wikipedia’s GamerGate article is required reading here.

The wonderful thing about Twitter is that it facilitates open to the public conversations about anything at all. These conversations usually involve only people who are genuinely interested in particular topic, which means that the Twitter conversation is usually representative of the topic as it exists in the real world. But a given hashtag is useful and productive, only to the degree that people all agree on what the topic under discussion is, and also fundamentally agree on what is the appropriate means to have that conversation.

Many times, both of those constraints fail, and this is when you get a single hashtag, like #GamerGate being used in at multiple conflicting ways. One way is to have a discussion about “Ethics in Game Journalism”, the second is to launch a coordinated attack on female game journalists and other feminists, and the third is the feminist community using the hashtag to refer to those attacks. In the sense that all three things are happening at once using the same hashtag on Twitter, all of them are equally valid and equally invalid uses of the hashtag. But all three discussions regularly lament that the other two discussions are trying to “redefine” what “GamerGate” “is”. The letter from Jimmy Wales helped me realize that there is an inherent difference between a movement and a hashtag. Before reading that I was deeply confused on how think about “GamerGate” a word whose definition changes dramatically depending on who you listen to.

Generally I think the power of Twitter lies in its capacity to have public conversations that serve only as “signals”, with larger discussions on topics left to more forums that are better suited for comprehensive discussion, like blogs. Twitter is ill-designed to handle contentious issues, in part because Tweets are necessarily atomic in nature. It is too easy to take a single tweet, and then lambast that single tweet as the entirety of someones position. This is not strictly a straw-man tactic because it actually takes a little work to get Twitter to contextualize any discussion. Twitter presents tweets as atoms, and not threads on a topic.

On Twitter, there is a lot of “What I said was X, but what I meant was Y”. As an informaticist, I would call Twitter something like a “Communication Platform with Low Semantic Fidelity”. Which is not an insult to the platform… this is both a “feature” and a “bug”, depending.

So it is with great irony that I found myself having a discussion about libel, on the very platform that makes the issues around libel so complex.

For those who have been living under a rock on Twitter lately there has been a drama unfolding regarding the role Vivek Wadhwa plays regarding women’s gender issues in technology. The play continues to unfold, but here is the outline of the opening scenes:

  • Wadwha makes a statement onstage referring to “floozies”. (have not been able to find video of this)
  • Mary Trigani writes a post entitled Captains and Floozies criticizing Wadwha’s comment.
  • Wadwha comments on the blog post.
  • Trigani reposts the Wadwha’s comment with the title Vivek Wadwha explains
  • Amelia Green Hall, writes QUIET, LADIES. @WADHWA IS SPEAKING NOW which sternly criticized the role that Wadhwa plays and how he plays it.
  • This blog post caused enough of a stir that Amelia was subsequently interviewed by Meredith Haggerty on NPR’s TLDR series. This podcast (which is still available here) is essentially a retelling of Amelia’s blog post in audio form, with no dissenting voice from Wadhwa or elsewhere.
  • Wadwha reacts on twitter saying that the podcast is “libel and slander
  • NPR removes the podcast from their page, although as per normal it will be remembered forever on the Internet somewhere…
  • Twitter presumes that the post was removed because of Wadhwa’s “threats”
  • Wadhwa insists that he wants the post itself restored, but merely wants to have the opportunity to blog in the same space.
  • Apparently, his interactions with NPR makes him believe that he will be able to publish a retort on the NPR site.
  • For whatever reason, Wadhwa’s defense is not published on NPR, so he manages for it to be published on Venture Beat instead.

Which brings us to current. (I will try and update the timeline if things change)

Obviously it’s interesting stuff in it’s own right, but I am mostly interested in the issues around libel. Specifically, I am interested to understand if it was in fact libel, and I am interested to know if the fact that Wadhwa labeling it as libel was a “threat”.

Lets deal with the first issue. Was it libel? Well it turns out that this is not a clear legal question, especially for Wadhwa. You see in the US, the legal test for libel typically has three components (IANAL and I am quoting Wikipedia, so you would be foolish to take this a legal advice).

  • statement was false,
  • caused harm,
  • and was made without adequate research into the truthfulness of the statement.

(from wikipedia)

Unless, you are a public figure, and then libel also includes “Proving Malice”. Again quoting wikipedia:

For a celebrity or a public official, the person must prove the first three steps and that the statement was made with the intent to do harm or with reckless disregard for the truth, which is usually specifically referred to as “proving malice”

Listening to the podcast there are several statements that stand out specifically as false:

  • ..”Has he really been this spokesman for women in tech for years while he is believing that women can’t be nerds because thats because thats like super misogynist”..
  • (on the website of for Wadhwa’s book) “I can get to a photo grid of women it doesn’t list their names..” (Wadhwa points out that such a list lives here)
  • “Wadwha was barely acknowledging the women he was working with”
  • Wadwha was “Gaslighting minimizing marginalizing people who disagree with (him)”
  • The story implies that Wadwha titled his response to Trigani’s post “Vivek Wadwha explains” when in fact Trigani had made that title.
  • The DM’s that Wadwha sent were “non-censual”.

If you listen the to podcast, and you read Wadwha’s rebuttal, it is pretty easy to see understand how Wadwha at least would view these statements as false, harmful, and inadequately researched. Wadwha is painted as pretender, a person who who is taking the role of “real” expertise. The implication here is that there is something essential to the experience of being a women in technology that is required to acquire legitimate expertise about women in tech. At the same time, there is the implication that the experiences of women in tech so vastly distinct that no one person could possibly make useful statements about them as a class.

This is an interesting issue with civil rights in general. There was a time when the racial civil rights movement choose to exclude white supporters from leadership positions. This makes sense when you are dealing with a pervasive attitude that presumes that a particular class is fundamentally incapable of self-representing and/or leadership.

But there is a difference between requesting that someone bow out of a leadership role, in order to further the aims of a social justice movement, and attacking the qualifications and intentions of that same person in the most public way possible (i.e. on the radio and Internet at the same time).

On the other hand, if there is a person claiming leadership in a social movement, while saying or doing things that hamper that movement, it is a natural reaction to eventually (after back channel discussions have failed) to out that person in public.

So which is it? Is this a necessary exposer in defense of an important social movement, or it is petty dramatics within a movement that should be above such theatrics?

What the hell do I know? Although I am at least a little interested in anything that qualifies as social justice, I am hardly an expert in this area. I don’t know any of the parties involved and I have no familiarity with the book and research body in question.

What I am interested is how libel works in the Internet age. What is fascinating specifically to me is the degree to which Wadwha is being criticized for calling the podcast “libel”. It is fairly clear to me that IF the contents of the podcast are misrepresentations, then Wadwha is just being publicly attacked. The whole podcast was about him, not about “men speaking for women generally”, but just about him and what he was specifically doing wrong. The podcast implied that he was a lecherous, misogynist, manipulative plagiarist. IF those things are not true about him… then does he have the right to say “This thing that is happening is slander and libel” without inappropriately using that language to squelch criticism.

According to Wadwha, he has made no legal threat, he did not ask for the article to be taken down and, in fact, he has asked for it to be restored. That does not generally sound like the acts of someone who is seeking to muzzle critics.

What I find fascinating, is the apparent consensus that merely labeling the podcast as libel IS itself a legal threat.

Here are some reactions from two lawyers who work for the EFF (an organization I admire and donate to)

And then here..

Lastly this is one specific quote from someone who has been on the other side of this.

However, I did find this gem from @DanielleMorrill, who was obviously researching this earlier than I was. She found places where Wikipedia policies cover these issues…

For my part, I cannot help to empathize with Wadwha. My family has had some pretty nasty run ins with people willing to publish false things about us. If someone in traditional media decides to smear you, its nearly impossible to undo the damage. At least Wadwha had the opportunity to tell his side of the story, an opportunity my family never got. 

Apparently, the consensus on the Internet, and what I would advise people do on this, is to just say. “Hey that stuff you wrote/said about me is not true, and its pretty hurtful and you really should have researched that better” instead of actually coming out and saying “Thats Libel”. Its pretty clear that Wadwha tried to take a position of “You have libeled me, but I am not planning on suing you, I just want to achieve balance”, and from what I can tell, that has blown up in his face, and possibly made things worse for him. 

I have certainly learned several things from this incident that will make me slightly less likely to put my foot in my mouth: Specifically…

  • I should be careful not to speak over other people on panels. I am frequently the most vocal and opinionated person on a panel. Audiences frequently ask questions specifically to/for me, and moderators will frequently favor me because I can be entertaining. But apparently when Wadwha does the same thing he is percieved as “taking the air out of the room” etc etc. I would never want my fellow panelists to feel they don’t have a voice b/c of me. I will have to work on that.
  • Apparently there is a whole contingent of women who have been so completely harassed by DM’s that saying something like “A non-consensual DM” actually makes sense to them. I had no idea that Twitter harassment had reached that level for women. I mean you have be brave or crazy to let someone know you are a female user on Reddit (which is sad), but I thought Twitter was a “safe place”. I was wrong.
  • When someone labels themselves as rude or mean or otherwise thinks that it is a good idea explicitly admit in their twitter profile that they are difficult to deal with… believe them. They are not kidding. Its one of these things. Lookup the Far Side cartoon that says: How Nature says “Do not touch”. Its just like that.
  • I need to be careful to explicitly not speak “for” the people I personally advocate for (which in my case is usually patients) b/c this can be disempowering. I need to find ways to advocate without being presumptuous, which is harder than it sounds.

Thanks for reading, I may well update this post based on reactions from Twitter and elsewhere.

-FT 

 

 

 

 

 

 

EHR Vulnerability Reporting issues

For those who actually bother to read to the bottom of my bio, I was actually in Internet Security before going into Health IT. I spoke at DefCon and everything.

During my career in Health IT I have had to report a security vulnerability to an EHR developer once, and it was such a painful process that I basically just gave up.

My poor friend Josh Mandel and his group at SMART found an XSLT vulnerability in an HL7 provided file that is a part of essentially every modern EHR system (the standard, if not the file itself, is mandated my Meaningful Use).

They have had a horrible time trying to get the attention of the major EHR vendors, with less than 10% paying any real attention.

I am saddened, but not at all surprised. I will write more later…

-FT