Medsphere Layoffs

I have been hearing rumors that Medsphere has been laying people off. A few days ago, the rumors bubbled to Histalk, which they always do eventually.

This is a big problem. The main advantage that Medsphere has over its number one competitor, ClearHealth Inc, was its capitalization.

The idea of a funded open source medical startup is that you sell most of the company to VC’s or angels and, in exchange, you get a massive chunk of change to play with. (I have toyed with the idea of doing this myself for many years, but seeing with the Shreeves went through has always made me hesitate.)

Then with cash in hand you do three important things:

  • Build a sales force; you will need to float your sales team as they ensure the long Health IT sales cycle.
  • Invest in your technical support; supporting VistA is non-trivial, it is enterprise software and requires multiple high-payed experts to keep it running.
  • Invest in your R&D; You need to have new shiny toys that give you competitive advantages.

In a software company, all of these investments are into employees.

If Medsphere is laying off anyone it means that they are running out of capital. This makes sense. They spent  enormous amounts of money attacking the Shreeves. Money that should have gone into one of the three buckets above.

I have taken to calling the “new” Medsphere Medsphere 2.0

Medsphere 2.0, lead by solid people in the CEO, COO and CMO roles, has made some pretty smart moves. These moves have lead me, and others within the community to start giving the new company some slack. But smart moves does not undo the stupidity of the past. Most of these good moves are exactly the things the Shreeves were sued for proposing.

While I am glad to see the company come to it senses, that does not undo the harm in the past. There are two important connections with the past that Medsphere 2.0 cannot undo: The same board and the same money.

The BOD of the “new” Medsphere is the same as the old Medsphere. That BOD has done some colossally stupid things. Larry Augustine is supposed to be the money guy who understands Open Source. But he utterly failed to serve either the interests of the community or the investors with Medsphere. It was his job to explain to the BOD that the Shreeves were not a threat to Medsphere. It was his job to keep the BOD from suing the Shreeves and gutting the original company. I, along with Eric Raymond, made an offer to him personally to help him in this role. He never replied to either myself or Eric. As far as I know he never reached out to anyone in the community. In his silence he failed the community at large too.

What does all of this have to do with the “new” Medsphere? Larry is still on the BOD. That means that no matter how much Mike Doyle impresses me, I cannot fully trust Medsphere. But Mike Doyle is an position to succeed with community trust where Larry has failed. The new and releasing valuable software under the AGPL are evidence that the new leadership, if not the BOD, is trustworthy.

The other thing holding Medsphere back is the money. Medsphere spent a tremendous amount of money suing the Shreeves. This is money that Medsphere cannot afford. As an Open Source company, you cannot trap your customers using a proprietary license. That means you need to trap your customers with golden handcuffs, you need to make the service so reliable that they would never be able to consider the hassle of finding another vendor. Good service translates to “Good Employees” for an EHR company.

Now you see why Layoffs are such a bad sign. If Medsphere is laying off employees that means that it is running out of capital. But good employees are the only thing that Medsphere has as a competitive advantage. Any layoffs have to hurt their ability to do one of the three core functions above.

If Medsphere is laying off employees then it means that the ghost of Steve and Scott Shreeve (as employees of course… they remain very much alive) are coming back to haunt the company.

Normally when a company like Medsphere needs more capital it can go for more further funding rounds, it can sell to a larger company (like IBM or EDS) or it can make a public offering. The current market state renders going public impossible. For a sale or a new round of funding, the new money will come with the simple question “What are we buying?”. For Medsphere, here is the current answer:

  • An infant community on that the Shreeves wanted to start years ago.
  • Lingering Mistrust from the larger VistA community
  • A technical support and R&D team (valuable employees)
  • A sales team (more valuable employees)
  • Several important clients
  • A massive lawsuit expense

Notice what is not on the list! Software! All of the really valuable software is already open source. The first two essentially mean that they have no community, although they will if they keep doing the same things they are now, and are given more time to earn back the trust of the community.

That means that the only really valuable things on the list are the clients and the ability to service those clients (translation: employees).

See why Layoffs are so concerning? If Medsphere is laying off people it means that it is reducing one of its few valuable assets in order to save capital. The only way that Medsphere could fully justify layoffs is if the company was profitable as a result. Otherwise they are just slowing the bleeding that will eventually kill the company.  Now the questions becomes what cards can Medsphere play, before the bleeding becomes fatal?

In any case, layoffs are not good news for Medsphere.

Please contact me through if you can confirm or deny the Medsphere layoffs.


HIMSS a lobby for proprietary Health IT vendors

Today, I recieved a letter in my mailbox regarding HIMSS take on the recent legislation proposed by Stark.

HIMSS Stephen Lieber and Charles E. Christian, president and chairman of HIMSS respectively, write:

 However, HIMSS believes the legislation has negative consequences, including discounting the current efforts of “AHIC 2.0” and the development of an open source “health information technology system” by the federal government.  Specifically, HIMSS has concerns with the following provisions in this legislation:

(other stuff)

Development of an open-source “health information technology system” through the auspices of the ONC: The legislation directs the National Coordinator to provide for coordinating the development, routine updating, and provision of an open source “health information technology system” that is either new or based on an open source health information technology system, such as open source VistA. The system is to be made available to providers for a nominal fee.

The private sector makes significant investments in research and development for healthcare IT products. Healthcare IT is available via a competitive market in which vendors compete on the basis of price, quality, and functionality of a product. The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government and such product development should remain in the private sector.

First of all, I do not think the Federal Government should support just *one* open source EHR system, and you really cannot guarentee a fee for Libre/Open Source software.

But the spirit of Starks proposal is right-on and it is time to do something about HIMSS.

HIMSS is anti-Open Source and pro-propretary software. They allow us “Open Source” guys to give talks and even have working groups because they would be violating their charter if they did not. But they do not like us. They are terrified of us, and they should be. HIMSS lives off of the fat in Healthcare IT. Mature proprietary EHR systems have been around for decades, and they still have 5%-15% penetration. Why? They are too expensive and too risky. The doctors recognized that the vendor lock-in that they painfully experienced with Practice/Hospital  Management systems would be much worse with EHRs, and they have no intention of taking out extra mortages to make that happen.

HIMSS charges proprietary vendors obscene amounts of money for space at the their conferences. Open Source vendors cannot afford it to go, because they are service companies who cannot charge for products. Medsphere is the only all-FOSS company that had a booth last year, and they only reason why they can do this is because they have VC funding. The other top vendor, ClearHealth, has so-far not seen the value in buying a booth.

Even if they did see the value. There is no way that Medsphere, or ClearHealth or any other FOSS vendor is ever going to buy a half-acre plot at HIMSS. To afford that you need to be able to lock-in your customers.

Ahh.. but you want facts to back up my accusation. Ill give you two.

  • First, lets deal with ‘The development, routine updating, and provision of an open source “healthcare information system” is not the role of the federal government ‘. The Federal government already releases a “open source compatible” EHR: the VA VistA. VistA is really, really good. So good in fact that WorldVistA was able to achieve CCHIT ceritification using it, and a Medsphere client (Midland) is one of only nine HIMSS Stage 6 healthcare facilities in the United States. (yes…. the same HIMSS) The cool thing about the Midland accomplishment? It cost less than any of the other nine stage 6 winners. So apparently, the federal goverment is just as capable of doing this, as anyone else. The private sector is supposed to be competing on “price, quality and functionality” yet VistA is cheaper, better and more functional. Nonetheless, HIMSS is writing letters.
  • Second, the HIMSS EHR vendor association is proprietary-only. Take a look at the requirements to join EHRVA. For those who do not want to read a pdf, I will record the relevant section here:

The HIMSS Electronic Health Record (EHR) Association chartered this effort to ensure equal, fair and consistent criteria for Membership into the EHR Association. The EHR Definitional Model includes an operational EHR definition, key attributes, essential requirements to meet attributes, and measures used to assess the extent to which companies design, develop and market their own proprietary Electronic Health Record software application.

HIMSS is not interested in seeing vendor lock-in and the other fundemental problems with proprietary health applications go away, rather they exist solely to perpetuate these problems. HIMSS defines itself as “HIMSS is the healthcare industry’s membership organization exclusively focused on providing global leadership for the optimal use of healthcare IT and management systems for the betterment of healthcare.”

In reality, HIMSS in in current form, is just a lobby for the very proprietary vendors who have failed move our nation into the age of digital healthcare information.

Peter Bodtke taking a VistA tour

Peter Bodtke, the current vice president of WorldVistA, is doing a VistA tour. He is planning on touring Central and South America to raise awareness for VistA. Maybe they should make a shirt that says “It was an EHR before it was an Operating System”. They might be able to find a more pithy wording.

I donated a little money to his cause (WorldVistA) you should too.


Two standards approved for pharmacy billing

          For those who do not follow ancient history (more than 2 years on the Internet) of the Free and Open Source health software movement, I got my start with FreeB, which was the first GPL medical billing engine. It was designed to help address the medical bill formatting problem. If you are not sure what that means then you should read the interview I gave to LinuxMedNews called Fred Trotter on Medical Billing, much of it is still relevant.

So I got started with medical billing and I am still interested in it.

Joseph Conn (a reporter to follow if you are interested in Health IT) has just written an article detailing how HHS (who sets the billing standards in the U.S.) will allow two different standards for certain pharmacy billing systems.  This is the kind of thing that give me headaches, even though it is unlikely that I will need to support the new standards.

Part of the problem is that X12 is an old-school EDI transfer standard. It is hardly human readable, and it is pretty intimidating for the end-user. Much better would be an xml-based system.


Security in Medical Devices, implications

There are more and more examples of how standard hacking techniques apply in healthcare, with serious consequences. Recent issues include RFID hacking and interference issues.

Recently, a talk at BlackHat regarding hacking medical devices, including pacemakers, has begun appearing in popular blogs.

What is most dangerous about this is not actually the hack itself, but the fact that the hacks could become widespread. Think about it; there is no real benefit to a hacker to simply kill a person. It is a serious crime and unless there is something to gain by doing it, it is unlikely to generate new interest with blackhat hackers.

Now that the information regarding the vulnerability is in normal media channels, a Cracker (another name for a blackhat hacker) can blackmail a person with a pacemaker. “give me ten thousand dollars or I will remotely shut down your heart.” Before a victim would say “that’s impossible” and not worry about it. Now they go to Google and discover that it is possible. Both Victim and Cracker are aware that the only way for the Cracker to prove to the Victim that he has the ability to stop the Victims heart is for the Cracker to actually kill the Victim. Now the Victim is wondering “Can I afford to take this chance?”

If this even happens once in the real world, you will see a slew of social engineering attacks with this threat as the basis. A Cracker will simply threaten a hundred people with this attack and see how many will pay up. The Cracker would not even need to know how to make the hack work. All he would need is a list of people with pacemakers.

Now we get to the real implications. Where is the information about who has a pacemaker installed and who does not? Perhaps someday they will invent “pacemaker wardriving” but for the time being, the easiest way to get a list of people with pacemakers is to hack into someone’s Electronic Health Record system.

Currently, the Healthcare Industry under-invests in Information Technology. However, with these new vulnerabilities, the value of personal health information is steadily rising. Usually, a typical cracker strategy was to use identifying information inside PHI to steal someone’s identity, or to use healthcare information (like sexually transmitted diseases) to blackmail someone. These new vulnerabilities increase potential profit of hacking into an EHR, and hospitals, even large ones, do not typically have the kind of defence systems that banks usually invest in.

Have you ever considered why “the club” works? These devices are relatively easy for a determined thief to overcome. They work because when you park your BMW in a parking lot, and put the club on it, there is typically another BMW in the parking lot, without the club. The thief will take the car that is easier to take. The club works because of the “low-hanging fruit” principle of security. A person who has decided to take an unethical risk by stealing or cracking is basically saying; “I can tolerate this risk, because it is easier to do this then have a similar economic gain, by legitimate means”. Perhaps some are thrill-seekers, but typically people who break the rules for profit are lazy. The “low hanging fruit” principle might be phrased “A thief or cracker will always try the easiest way to profit unethically first”

As the number of ways to profit from PHI goes up, hospitals and practices will become the low-hanging fruit. This is a problem because your small country doctor is already being squeezed by third-party payers. He does not feel that he has the money to invest in proper electronic security measures, and he does not actually have the skills to tell what would be legitimate security measures in any case. Information technology mom-and-popism is rampant in healthcare. The “computer guy” for many doctors is the nephew of of the office manager; he might be the smartest kid in 9th grade, but he has no idea how to properly secure PHI. Healthcare institutions have always been easy to hack, but now they are becoming profitable to hack. They are becoming “low hanging fruit”.

Concern for these kinds of issues will do little but grow.


Update: Jon Bartels wrote to mention that Chinese researchers have pushed this concept further.

The Holy Grail

VistA is a robust and complete EHR system, but it relies on MUMPS. This makes VistA extremely expensive to configure and maintain.

The open source web-based EHR systems are easy to deploy but have underwhelming feature sets.

The holy grail of open source Health Informatics is a web-based CPRS (CPRS is the frontend for VistA).

It would be simple to install and configure like a web app, but it would have the sheer power elegance of VistA.

Apparently, ClearHealth has pulled this off. David Uhlman has just written to tell me that he has released screen shots for WebVistA. Granting that a screenshot is different from a working system, even seeing this much progress changes everything.  Frankly, this is almost too good to be true.

If you had asked me yesterday I would have said that it might be a good idea for Medsphere to buy ClearHealth. If you ask me today, I would say that it might be a good idea for ClearHealth to buy Medsphere.


The coming problem with the ASP-lock

Here is an interesting post about a person who was locked out of their google account.

Apparently, this person lost access to:

  • Google Docs
  • Gmail
  • Family photos in Picasa

If you read the updated post, you will find that he has already gotten back in.

But this person knew to write a blog post. And knew how to get it covered by the most popular blog on the planet.

What if this person had a PHR using Google Health?

I am not trying spread FUD here. Google Health and HealthVault are good ideas and I generally support them. But these kinds of issues are going to become more and more important as time goes on.  Both Google and Microsoft have relatively fair ways of dealing with these kinds of issues, but “relatively fair” means there will be ways to fall between the cracks. Once we have PHR usage begins to go up, these kinds of issues will become extremely important.

(Update 09/29/09:  I am not the first person to point out that ASP EHR systems are a threat to the freedom of healthcare providers.  This short post is just to say that it impacts patients too)




Meeting Mike Doyle

Apparently, the people at Medsphere still read my posts.

Mike Doyle noticed my comment that I had not meet him in my last post, and he made an appointment to have a phone call with me.

I just got off the phone with him and… I was impressed. He seemed willing to reach out to the community and he seems to understand and value the Open Source process and community. This call, in combination with Medsphere’s recent press release (see last article) and their change to the AGPL for their projects, is convincing me that maybe, this “new” Medsphere might be on the right track.


Medsphere advocates for the community. Bravo!!

I have been impressed lately with “the new team” at Medsphere. I have interacted with COO Rick Jung and CMO Dr. Edmund Billings. (I am disappointed that Mike Doyle and I have not met, but he is respected by some whom I respect.)

I am happy to see that Medsphere has finally taken a stand against the current political madness regarding “phasing out” VistA.

This press release from reads:

This week, the Military Health Service is expected to decide on whether to dismantle its proven electronic health record (EHR) system, called VistA. Research demonstrates that VistA has improved VA productivity by six percent each year since 1999 and that, in a time of ever-rising healthcare costs, VA care has become 32 percent more affordable than it was in 1996. The organization has also achieved an unprecedented and unmatched prescription accuracy rate of more than 99.997 percent, making it a model for healthcare organizations everywhere. In fact, as private hospitals across the country strive to achieve the holy grail of automated, paperless environments (none has reached the mark yet), it is striking to note that every public VA hospital is already there thanks to VistA. Despite all of this, the Department of Defense (DoD) appears determined to systematically dismantle VistA and replace it with a proprietary solution that is expensive, difficult to implement and has limited interoperability with other systems. VistA advocates say the move makes little sense, economically or strategically–it is not in the best interest of our veterans, our working service men and women, or taxpayers who would have to foot the exorbitant bill. 

Over the past 30 years, a community of open source users has developed VistA into a successful health care technology solution that works with existing hardware and software and preserves legacy IT investments in more than 130 regional centers across the country. So why is the military fixing something that isn’t broken? Ironically, the military tried to do something similar by installing a proprietary EHR system, named the Armed Forces Health Longitudinal Technology Application (AHLTA), in 2005. The solution proved to be expensive, difficult to install and incapable of working well with other systems. Now, it seems the DoD is heading down the same path again towards a “vendor-locked” solution that will cost billions up front and after implementation. 

It is signed by CEO Mike Doyle, COO Rick Jung and CMO Dr. Edmund Billings.

I am relieved to see Medsphere taking a stand that benefits the whole VistA community. The long-term success of Medsphere is married to the success of VistA and the larger VistA community. Medsphere is in a great position to advocate in a way that VA employees cannot. Medsphere can reach and influence those who ignore me and the other revolutionaries who are already outspoken critics of the current VA/DOD boneheadedness. It is already getting some coverage, and it deserves more.

Bravo, Medsphere.



I must admit. I love the feeling of being proven right. Granted, it appeals to my egotistic streak. (which despite my attempts to suppress it, my wife remains keenly annoyed by).

A few weeks ago, at TEPR, I did my regular talk the Health of the Source, which is basically an update on the whole FOSS Health IT industry. In that talk I mentioned that OpenMRS, along with WorldVistA and ClearHealth, was a top EHR project.

Now, OpenMRS is covered by BBC News. I only wish that the article would also acknowledge that this kind of success is only possible because OpenMRS uses a license that respects the freedom of its users.

However, Doc Searls get it. He has heavily quoted my last post while discussing his recent experience with the medical system. He titled his post:  the patient as the platform. The great thing is, when Doc talks about things other people do to.

It does feel good to have people say nice things about me… but I hope this also might represent a tide turning towards awareness of the implications of software licensing in medicine.

I can hope.