VA VistA is not “Old”

Recently ComputerWorld released an otherwise good article entitled: Old code proves key to modern IT at Midland Memorial Hospital.

The first paragraph reads in part:

For Midland Memorial Hospital, this came in the form of 1970s-era code unearthed via the Freedom of Information Act.

This is really frustrating. VistA is old. But it is not older than Unix which is the basis for Linux AND Windows.  It is not older than C which is the basis for C++, C#, Mono, .Net and to a lesser extent Java, PHP, Python, Ruby (in terms of syntax and overall structure).

The VA updates VistA every year. The version that Midland Memorial uses is the same version that has been recently improved by the VA.

This article makes it sound like it was literally dug up by an archeologist.  It paints a picture of David Whiles in his Indiana Jones hat with a shovel. Digging up the EHR artifact that an ancient advanced civilization used. As David wipes of the dirt he exclaims “Oh my… this is a little rusty… but it just might work!!. Then he takes the code back home to Midland, sprays it with WD-40 and gets it to run!!

This happens all the time. People hear that VistA has been in use since the 70’s and the cannot let go of how “old” it is. Hate to break it to you, but almost every core technology that you use on a daily basis has its roots in the 70’s.

Please do not tell me “Oh but HTML (or insert your technology here) came much later”. Yea but HTML does not work that well without HTTP, and for that you need a robust network. Guess when that started becoming available. Its not like VistA has been siting idle either. VistA has features that were developed in the 80’s. It has features that were new in the 90’s. It has features that are being developed now!

Meeting VistA for the first time is like visiting Australia for the first time. You see all of these marvelous creatures who have evolved in a different way, because they evolved independently. You see different “designs” or the application of the same “designs” in different ways. The one thing you should not say when seeing the strange lifeforms in Australia is “Wow, these animals must be very very old species”

No Rufus-brain. The species in Australia are not any “older” than any species in the rest of the world. What is exceptional is that this species evolved separately. Different? Yes. Backward? Maybe. Original? Definitely. But not “Old”.

VA VistA newbies constantly assume that VistA is a single instance of a program, rather than the latest instance of a program, in a long history of instances of that program. They see it as a single Tortoise that lived for forty years, rather than the latest bunny rabbit, in chain of forty one-year generations of bunny rabbits. But even this picture is inaccurate.

Another hallmark of the VistA-ignorant is to talk about VistA as though it were -one- thing. In reality it is a whole suite of technologies, that are evolving together in isolation. VA VistA is a lot more like the whole biological sphere of Australia, with lots of different species that are evolving together, all of them evolving differently than the species in the rest of the world.

Please do not call VA VistA “old” out of context. This is a mark of ignorance and is independant of whether you like VistA or not.


Trust but Verify and Trust but Fork

I have enjoyed participating in the National Dialogue about Health IT. One of the challenges put forward to my suggestion that decision makers should insist on FOSS in Health IT, was the following comment:

 in terms of privacy, there’s nothing inherent in FOSS that makes it superior to all proprietary products.

I have discussed this issue before, mostly when discussing HealthVault, but my comments have been spread out over several articles.

There is an inherent benefit to privacy, confidentiality and security for FOSS health IT systems.

There is another idea on the National Dialogue site that I thought was useful. It separates the concepts of privacy and confidentiality. Most people blur the concepts of privacy, security and confidentiality and talk about them in the same mouthful. For now I will consider that “privacy” is the ability to control who gets to see your data. Although my points apply to confidentiality and security as well.

FOSS Health IT  are inherently better ways to respect privacy because they support “trust-but-verify”, while proprietary systems just support trust.

The only way to know what a program is doing is to read the most human-readable version of that program, which is typically called sourcecode. There are countless examples of programs doing things other than what they appear to be doing. Viruses, Spyware, Monitoring features and Bugs are classic examples of this.

When a proprietary Health IT program says it respects your privacy, there is no way to know for a user to know if this is true directly, he must trust the proprietary vendor. The fact that most proprietary vendors are honest is irrelevant. The trouble with dishonest people is that you cannot tell the difference between them and honest people. We cannot know which proprietary Health IT vendors are respecting privacy and which are not. Also, the same large organizations who you might normally “trust” have in fact a very poor history of abusing privacy; Microsoft being the best example.

So does HealthVault respect privacy? Probably. But there is no way to be sure without reading the code.

Does Dossia respect privacy? Probably. But we can check by auditing the sourcecode of Indivo, because Dossia is based the FOSS Indivo project. Suppose that you believe that Indivo does not do a sufficient job of respecting privacy, or you find a back door (unlikely). You can fork the code, remove or change the offending portions of Indivo, and then run your own Indivo server with the privacy features that you want.

FOSS supports both trust-but-verify and trust-but-fork which is the only way to absolutely certain that privacy is maintained.

Therefore FOSS does have a fundamental advantage over proprietary software with regards to privacy concerns.


A National Dialogue is a site for proposing and commenting on ideas in Health IT created by the National Academy of Public Administration. (among others) The site is only open for a few days, and I have put forward my basic thesis:  Insist on Open Source in Health IT that my readers are used to seeing.

If you are fond of my arguments, then please rate this idea up and post friendly comments on it. We need to get this idea in front of the government decision makers and this is a great opportunity.


HIMSS a lobby for proprietary Health IT vendors

Today, I recieved a letter in my mailbox regarding HIMSS take on the recent legislation proposed by Stark.

HIMSS Stephen Lieber and Charles E. Christian, president and chairman of HIMSS respectively, write:

 However, HIMSS believes the legislation has negative consequences, including discounting the current efforts of “AHIC 2.0” and the development of an open source “health information technology system” by the federal government.  Specifically, HIMSS has concerns with the following provisions in this legislation:

(other stuff)

Development of an open-source “health information technology system” through the auspices of the ONC: The legislation directs the National Coordinator to provide for coordinating the development, routine updating, and provision of an open source “health information technology system” that is either new or based on an open source health information technology system, such as open source VistA. The system is to be made available to providers for a nominal fee.

The private sector makes significant investments in research and development for healthcare IT products. Healthcare IT is available via a competitive market in which vendors compete on the basis of price, quality, and functionality of a product. The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government and such product development should remain in the private sector.

First of all, I do not think the Federal Government should support just *one* open source EHR system, and you really cannot guarentee a fee for Libre/Open Source software.

But the spirit of Starks proposal is right-on and it is time to do something about HIMSS.

HIMSS is anti-Open Source and pro-propretary software. They allow us “Open Source” guys to give talks and even have working groups because they would be violating their charter if they did not. But they do not like us. They are terrified of us, and they should be. HIMSS lives off of the fat in Healthcare IT. Mature proprietary EHR systems have been around for decades, and they still have 5%-15% penetration. Why? They are too expensive and too risky. The doctors recognized that the vendor lock-in that they painfully experienced with Practice/Hospital  Management systems would be much worse with EHRs, and they have no intention of taking out extra mortages to make that happen.

HIMSS charges proprietary vendors obscene amounts of money for space at the their conferences. Open Source vendors cannot afford it to go, because they are service companies who cannot charge for products. Medsphere is the only all-FOSS company that had a booth last year, and they only reason why they can do this is because they have VC funding. The other top vendor, ClearHealth, has so-far not seen the value in buying a booth.

Even if they did see the value. There is no way that Medsphere, or ClearHealth or any other FOSS vendor is ever going to buy a half-acre plot at HIMSS. To afford that you need to be able to lock-in your customers.

Ahh.. but you want facts to back up my accusation. Ill give you two.

  • First, lets deal with ‘The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government ‘. The Federal government already releases a “open source compatible” EHR: the VA VistA. VistA is really, really good. So good in fact that WorldVistA was able to achieve CCHIT ceritification using it, and a Medsphere client (Midland) is one of only nine HIMSS Stage 6 healthcare facilities in the United States. (yes…. the same HIMSS) The cool thing about the Midland accomplishment? It cost less than any of the other nine stage 6 winners. So apparently, the federal goverment is just as capable of doing this, as anyone else. The private sector is supposed to be competing on “price, quality and functionality” yet VistA is cheaper, better and more functional. Nonetheless, HIMSS is writing letters.
  • Second, the HIMSS EHR vendor association is proprietary-only. Take a look at the requirements to join EHRVA. For those who do not want to read a pdf, I will record the relevant section here:

The HIMSS Electronic Health Record (EHR) Association chartered this effort to ensure equal, fair and consistent criteria for Membership into the EHR Association. The EHR Definitional Model includes an operational EHR definition, key attributes, essential requirements to meet attributes, and measures used to assess the extent to which companies design, develop and market their own proprietary Electronic Health Record software application.

HIMSS is not interested in seeing vendor lock-in and the other fundemental problems with proprietary health applications go away, rather they exist solely to perpetuate these problems. HIMSS defines itself as “HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare IT and management systems for the betterment of healthcare.”

In reality, HIMSS in in current form, is just a lobby for the very proprietary vendors who have failed move our nation into the age of digital healthcare information.

Peter Bodtke taking a VistA tour

Peter Bodtke, the current vice president of WorldVistA, is doing a VistA tour. He is planning on touring Central and South America to raise awareness for VistA. Maybe they should make a shirt that says “It was an EHR before it was an Operating System”. They might be able to find a more pithy wording.

I donated a little money to his cause (WorldVistA) you should too.


Meeting Mike Doyle

Apparently, the people at Medsphere still read my posts.

Mike Doyle noticed my comment that I had not meet him in my last post, and he made an appointment to have a phone call with me.

I just got off the phone with him and… I was impressed. He seemed willing to reach out to the community and he seems to understand and value the Open Source process and community. This call, in combination with Medsphere’s recent press release (see last article) and their change to the AGPL for their projects, is convincing me that maybe, this “new” Medsphere might be on the right track.



I must admit. I love the feeling of being proven right. Granted, it appeals to my egotistic streak. (which despite my attempts to suppress it, my wife remains keenly annoyed by).

A few weeks ago, at TEPR, I did my regular talk the Health of the Source, which is basically an update on the whole FOSS Health IT industry. In that talk I mentioned that OpenMRS, along with WorldVistA and ClearHealth, was a top EHR project.

Now, OpenMRS is covered by BBC News. I only wish that the article would also acknowledge that this kind of success is only possible because OpenMRS uses a license that respects the freedom of its users.

However, Doc Searls get it. He has heavily quoted my last post while discussing his recent experience with the medical system. He titled his post:  the patient as the platform. The great thing is, when Doc talks about things other people do to.

It does feel good to have people say nice things about me… but I hope this also might represent a tide turning towards awareness of the implications of software licensing in medicine.

I can hope.

FUD From Dr Peel

FUD stands for Fear, Uncertainty and Doubt. You should probably take a moment and read the wiki-page, otherwise the rest of this post might be lost on you.

In the United States, FUD seems to be a legitimate marketing strategy for many institutions. Microsoft uses FUD regarding the coverage of their patents on the Linux kernel. SCO used FUD as its last central business strategy. Both the political parties use FUD constantly to target the other party.

It is easy to spot FUD, here is the easy criteria: If the source of potential FUD can be summarized as saying “Given a substantial lack of information about what is actually happening, there remains very good reason to still be terrified about it”

FUD is unpopular with advocates of Free and Open Source Software. Our community values transparency that is the opposite of FUD. Generally our expectation is that the data regarding any kind of problem should be made available for analysis, and then, and only then, should conclusions be made. Our community has the patience to read long contracts, to perform subtle meta level data mining or just to carefully review code for bugs.

Generally, unlike politics, real dialog is favored over mere rhetoric in the FOSS community. Don’t get me wrong, we also enjoy zinging those we disagree with (I am particularly fond of it), but zings are supposed to be fact-based and meaningful. In fact, we have a very handy way to detect when conversations are no longer meaningful and have become purely rhetorical. We call it Godwins law:

“As an online discussion grows longer, the probability of a comparison
involving Nazis or Hitler approaches one.”

Of course, the most important is the implication of the law:

“Godwin’s Law? Isn’t that the law that states that once a discussion
reaches a comparison to Nazis or Hitler, its usefulness is over?”

– Cliff Stoll (“Cuckoo’s Egg” author), ca. 1994

I would like to formally propose that we add Dr. Peels Corollary to Godwin’s law:

“As an online discussion of medical privacy ethics grows longer, the probability of comparison to the Tuskegee Study approaches one.”

Dr. Peel has commented on the announcement that an EMR vendor to share patient data with genetics research firm by calling it the “new Tuskegee.” (update 3-25-08 Joseph Conn conducted an investigation into the research story, that is well worth reading) Here are the problems with that comparison:

The Tuskegee Experiment stands as one of the most blatant disregards for ethics in modern medical history. By comparing this modern data analysis project to the Tuskegee experiment, Dr. Peel has solidly crossed over into FUD Territory. I have heard Dr. Peel speak in person, and I believe that her heart is in the right place. However, by making a comparison to Tuskegee, we are no longer having real discourse about the ethical issues about the case in question, which is obviously quite different from the original Tuskegee experiment.

In the data mining study in question, the patient data is de-identified. Which means that discrimination as a direct result of this study will be very difficult. It also means that the study qualifies for a HIPAA carve-out for de-identified data sharing.

However, there are some very concerning ethical issues in this case which deserve attention.

  • The EHR vendor in question is anonymous, so we cannot really tell who is really participating in this. Knowing which vendor is doing this is a prerequisite for further discussion and thought.
  • It is unclear from the article to what degree patients will have the option opt-out or opt-in, and at what stages this is an option.
  • There is no mention of the algorithm used to do de-identification, so there can be no analysis on the possibility of a correlation attack.
  • The study is covering genetic markers for type II Diabetes, which has a genetic race-related component. Although the current study is unlikely to be “racist,” it could lead to some tests that are used for the purposes of racial discrimination.

Some of these issues are ethical issues surrounding this study in particular. Others, especially the last one, are larger ethical issues faced by the entire medical community. The a real and sobering implications of these ethical implications as it is. It seems to me that by making an unwarranted reference to the Tuskegee Experiments we are moving to far afield from todays facts.
By making a reference to the Tuskegee experiment, Dr. Peel is essentially forcing these issues into a political debate, rather than the subject of further rational discourse. Perhaps I should be thinking about this differently. Perhaps I should be happy that Dr. Peel continues to raise consciousness with old-fashioned Republican/Democrat type politicians regarding issues of patient privacy.

So I leave it to the reader for comment. Is the use of Dr. Peels reference to the Tuskegee experiments in this context appropriate?


FOSS Sin: Pointless Duplication of Effort

Duplication of effort is viewed as a sin in the Free and Open Source software (FOSS) development community. The whole ethos of FOSS dictates that developers should work together, sharing the improvements they make to software between them. For this reason forking, or starting a redundant project, is often viewed as an attack against the community.

The taboo against forking is well-documented. Eric Raymond (or esr) wrote about this is Homesteading the Noosphere specifically in a section from Promiscuous Theory, Puritan Practice. Here he is discussing three taboos of the FOSS culture, note the first one:

The taboos of a culture throw its norms into sharp relief. Therefore, it will be useful later on if we summarize some important ones here:

  • There is strong social pressure against forking projects. It does not happen except under plea of dire necessity, with much public self-justification, and requires a renaming.

I would like to make a specific case that starting a new project, depending on how it is done, can be as violent to the community as an unwelcome fork. I believe that new projects, without new advantages, are just as damaging to the community as forks are. If the community agrees with me on this, I will ask Eric to add “starting redundant projects” to his list of taboos. [section added 4-10-08]

Two separate projects, both doing essentially the same thing in the same way, fractures the community into two factions of programmers who can no longer work together. To fully understand this problem, one has to understand a little about how the Free and Open Source development community works. The first thing to understand is the licensing.

FOSS licensing allows anyone to download software sourcecode and modify it to their hearts content. While anyone can make modifications to FOSS licensed code, there is a community standard that there is one “official” person or group who controls the official version. For Linux this person is Linus Torvalds. There are many “versions” of Linux were code is developed and improved, but the community agrees that the version that everyone trusts is the version that Torvalds releases. Legitimate Linux development always aims to add features to Linux that will ultimately meet with Linus’ approval. But this is only because of community custom, the license does not require this at all. Eric entitled the chapter above Promiscuous Theory, Puritan Practice precisely because FOSS licenses allow forking while the FOSS community frowns on forking. There is nothing, other than cultural rules, stopping me from creating an operating system kernel based 100% on the code currently residing in the repository maintained by Torvalds, and call the project “Fredux”.

If I started “Fredux” either by forking the Linux codebase, or by starting a new kernel project from scratch and posted it to sourceforge, the Linux community would either mock me or ignore me. The reason is simple; I am not important in the operating system communities and Linux is very well established. However, it would not be difficult to really piss them off. My hypothetical “Fredux” project could easily anger the Linux community by doing any of the following.

  • Post something to public forums, especially the Linux Kernel mailing list, in an attempt to attract developers from the Linux community over to Fredux.
  • Pretend in public that my project is unique or innovative in way that distracted from Linux and its legitimate competitors.
  • Get investment capital, or grant funding, at the expense of competing Linux-based projects to develop my Fredux operating system.

What do these actions have in common? They all poach resources that could have legitimately gone to the Linux community. If I started an operating system from scratch the community would react… poorly. The core issue would be that I would be acquiring resources that should have gone to Linux or another legitimate operating system project.

Why? What is wrong with starting a new operating system project? There is no problem with starting a new legitimate operating system, and then competing for resources for it. The problem comes when you start an illegitimate new operating system and try to pawn it off as a legitimate. Of course this begs the question: What makes a new project or a fork legitimate?

Here are some guidelines for when a new project might be in order. (contact me if you feel I have missed something)

  • The project uses a different programming language, which has some advantage in the field of inquiry.
  • The project addresses a serious feature gap in current projects.
  • The project addresses a serious design limitation in current projects.
  • The project uses a new programming paradigm that has advantages over those currently in use.
  • The project uses a different development process that might have some advantages.
  • The project uses a more common and accepted FOSS license than alternative projects.

So lets see how this applies to Fredux! Here is a hypothetical Fredux release announcement version .1

Fredux is a new operating system kernel available under Freds Very Open Sourcey License. Fredux is coded entirely in C which means that it compiles to blazing fast machine code. Fredux is designed to provide a kernel for a POSIX compliant operating system. Fredux consistently uses a modular approach to software design, allowing it to be extended easily. Fredux will use a distributed development model, ensuring that everyone can see the code and allowing the “many eyeballs” effect to take place. Most importantly, Fredux is completely Open Source and Free Software!

Ok, what are the problems with this announcement? First of all the “usual suspects” of FOSS operating systems (GNU/Linux, FreeBSD, OpenBSD, Hurd, etc) all use the programming language C. So there is no language benefit to Fredux. Linux and several other projects strive for POSIX compliance, so Fredux has not addressed a feature gap. Because Linux is modular there is no design advantage. Fredux is developed in the same way Linux is, ergo there is no development style advantage. Lastly, Fredux is NOT open source! You will find that Freds Very Open Sourcey license does not appear as an OSI approved license. You will also not find the license on the list of FSF approved licenses. So the license is neither “Free” nor “Open Source”. It is shame how many companies continue to market themselves as Open Source without actually stepping up and meeting the licensing requirements.

On the other hand lets look at the description of a legitimate operating system project.

Hurd is a collection of services that run on the Mach micro-kernel. The Hurd implementation is aggressively multi-threaded so that it runs efficiently on both single processors and symmetric multiprocessors. It is possible to develop and test new Hurd kernel components without rebooting the machine (not even accidentally). Running your own kernel components doesn’t interfere with other users, and so no special system privileges are required. Unlike other popular kernel software, the Hurd has an object-oriented structure that allows it to evolve without compromising its design.

This collection of sentences are taken verbatim from the Hurd main page. These sentences were re-arranged to make a point. The paragraph above details supposed advantages of using a micro-kernel design; Linux and other free operating systems usually use a macro-kernel design. The Hurd people think this is a design improvement on Linux. This description lists features (modify the kernel without rebooting) and architecture advantages. One can debate issues like macro-kernel vs. micro-kernel for days on end (and people do), what I am trying to clarify here is that because Linux is so well-established and capable, the Hurd project differentiates itself and clarifies why it is also a legitimate project right on the projects home page.

On the project home page for the OpenBSD project we find.

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.

Again taken verbatim from the openBSD home page. Again, note the emphasis on things that differentiate the project from the dominant Linux project. OpenBSD is famous for its focus on security, on the main page, it covers this advantage. It is also famous for supporting lots of architectures, again right on the main page. I hope that I am demonstrating, very explicitly, what it means to establish legitimacy in the context of a currently dominant project or projects. OpenBSD even goes so far as to list the projects and products that it competes with.

When multiple projects are legitimate it is reasonable for each project to compete for developers. Want to work with the most popular OS project? Choose Linux. What to work with a bunch of people obsessed with security? That would be OpenBSD. What to work on a micro-kernel? Work with Hurd.

But you should not work on Fredux. It has no advantages over any of these projects. The competition between legitimate projects is… well… legitimate. But the FOSS community will instantly attack anyone who pouches resources for a project that has no discernible advantage over an existing project.

In the medical FOSS community, we are particularly sensitive about it. We have a small community, and dividing it is a real problem. It happens too much already, for “legitimate” reasons. The holy grail in FOSS Health IT is the creation of a Electronic Health Record (EHR). We have several legitimate projects in this space. All of the legitimate projects are starving for resources like developers, documentation writers, clinical experts, funding sources and users.

What are the “legitimate” projects competing to build the best FOSS EHR? Sorry, but this post is already too long. That question merits a whole article on its own.

For now I want to talk about three projects in particular that together illustrate the problem of duplication of effort. Tolven, OpenMRS and ExampleProject [update 4-10-08 to protect the guilty, the name of the offending project has been removed]. Tolven and OpenMRS both have reputations for being mature, Java-based projects. Here is the description of Tolven.

Tolven EHR and PHR products are a suit of Java based technologies that use the latest in Open Source Java application toolkits to create a heavily Object Oriented, MVC EHR application. In short the Tolven strategy is to a very clean java-based EHR using solid OOP design with the latest tools.

Here is a description of OpenMRS.

OpenMRS is a community-developed, open-source, enterprise electronic medical record system framework intended to aid resource-constrained healthcare environments.

OpenMRS is currently implemented in Kenya, Rwanda, South Africa, Uganda, Tanzania, Zimbabwe, and Peru. Many of the developers are MIT trained and the design of OpenMRS is based on work done at the Regenstrief Institute. 2008 will mark its second year participating in the Google Summer of Code. The design of OpenMRS is carefully thought out to support a rural deployment model. OpenMRS is a very mature project. [added OpenMRS 4-10-08 to acknowledge the tremendous things the project has done]

A bit of downlow information about Tolven: At the time of the writing Tolven is going live in several installations. Tolven has a tremendously talented development team. Tolven has received substantial funding. They have an EHR and PHR already working.

On my short list of legitimate FOSS EHR systems (and believe me it is short), Tolven and OpenMRS are currently battling for the title of top Java-based project. To review; Tolven is funded, going live now, 12 full-time developers, working software = legitimate. OpenMRS is funded, deployed all-over-the-place, and backed by some of the top minds in Medical Informatics = legitimate.

ExampleProject is a Java-based EHR system using strict OOP principles and the latest Java software stack.

ExampleProject is in alpha. ExampleProject is primarily developed by one guy, who is working part-time. ExampleProject plans to have a release that can be used in a live environment by October of 2008 ( a little less than a year away from the writing) . ExampleProject is not legitimate.

In short, ExampleProject appears to be a Fredux. What is worse, ExampleProject is constantly put forward as a legitimate project on LinuxMedNews, EMRupdate and the openhealth mailing list. Those forums are intended to be open and so censoring ExampleProject news would be unethical. The problem is that it appears to the un-initiated as though ExampleProject is important, when in fact it is exactly the opposite, an illegitimate project. ExampleProject has attracted at least two other part-time developers, and seems to be succeeding in acquiring attention and resources that properly should go to Tolven, OpenMRS or some other project. ExampleProject is guilty of the sin of duplication of effort. Everything they are doing has already been done, and well, by another project in the same programming language. Every developer that works with ExampleProject instead of working with Tolven or OpenMRS, is accidentally wasting their time. The same is true of beta testers, investors, and others who might be interested in working with a project. Because Tolven and OpenMRS continue to improve, and a greater rate than ExampleProject, it is very unlikely that ExampleProject will ever catch up. While it is fine for the project manager of ExampleProject to waste his time, it is not OK for him to trick others in the community into wasting time with him.

I have discussed this issue with the ExampleProject project manager. Before I mentioned it to him, he had never heard of Tolven. After spending about ten minutes on the Tolven site he said that the big difference between Tolven’s efforts and his own was that ExampleProject was using Swing, where Tolven was using AJAX. This seems like it might be a real legitimate technical difference, except that Tolven would likely be very happy for someone from the community to step up and create a thick-client using Swing. They would probably say something like “We do not have time to work on both AJAX and Swing interfaces. But our software design should allow any ‘viewer’ type. If you feel Swing interfaces would be better, and were willing to write it yourself, we would be happy to modify our interfaces enough to make that possible.” Even if Tolven were unwilling, the great thing about open source is that you can prove your technical points without the permission of the project manager. If Tolven or OpenMRS were shown that a Swing interface was better than an AJAX interface, they would probably adopt Swing.

A great example of a project that has spawned a sub-project specifically to address differences of opinion regarding user interfaces is the Kubuntu project, which is Ubuntu, only with KDE instead of Gnome.

When a separate project is justified is a complex issue. In fact, I gave Neil Cowles of the Tolven project a stern lecture about why he should be working through the OSCAR project, which was the dominate Java based EHR project before Tolven came on the scene. Since that lecture Tolven has proven to me and the community generally that they are legitimate. It is possible that ExampleProject, despite its small beginning, will grow into a mature open source EHR. They could prove me wrong.

Right now I would guess that ExampleProject is about one year and a million dollars of development behind Tolven or OpenMRS. If you are a developer, clinician, investor, entrepreneur, or administrator you should probably work with Tolven or OpenMRS if you want a Java-based FOSS EHR. (I will update this article if this ever changes).

I hope I have accomplished two things at this point. I hope I have shown, through a hypothetical example and a real one, examples of when duplication of effort is a problem. I also hope that I have said enough about ExampleProject to steer those who might want to work with a Java-based EHR to Tolven or OpenMRS.


(updated to clarify content and remove offending project name in April 10, 2008 if you care, just go read an archived version to find out who ExampleProject was)

(updated for readability Feb 27, 2008)

Buying paint and vendor lock-in

An article I wrote about Vendor Lock-in in health software has been published in the recent Fall 07 edition of EHR Scope.   From the article:

 You can fire your paint store, your dentist, your lawyer, your mechanic and even your
doctor. You can fire them for any reason. Yet you cannot fire your proprietary EHR software vendor. Or at least, not without also changing the software that you use. So I guess you could fire your proprietary software vendor, but only in the sense that you could “fire” your mechanic, if it meant you were forced to buy a new car.

I will give EHR Scope the exclusive on the article for a few months, and then I will republish it on