Later this week, I'm joining a healthsystemCIO.com webinar about security and health information exchange.
A theme I discuss frequently in my keynotes and lectures is the current regulatory challenge which suggests we should engage patients/families, share data for care coordination in accountable care organizations, and use registries to analyze population health/public health all while keeping the data security and respecting patient privacy preferences. It's a tall order.
As I've posted previously, BIDMC hired Deloitte to perform a security assessment of our policies and technologies. Going through the assessment has given me a great opportunity to review the security standard practices in the healthcare industry and the best practices across all industries.
We've reviewed emerging techniques in Data Loss Prevention (DLP), Governance/Risk/Compliance (GRC) tools, Enterprise audit log analysis tools, Learning Management Systems, and Network Access Control.
BIDMC has implemented or is implementing most of these.
At the same time, we're passionate about healthcare information exchange technologies for provider/provider summaries and patient/provider communications (portals, automated blue button, and state hie connections to patients).
Here are the slides I'll use in the webinar, illustrating that it possible to secure the enterprise and at the same time use Direct-enabled, certificate protected, health information exchange with patients, providers, and payers.
The most secure library in the world would not check out any books - it would be a secure but useless library. We must protect privacy and at the some time share information. It is possible to achieve a balance that does both.
I look forward to the webinar.
Monday, November 12, 2012
Friday, November 9, 2012
Cool Technology of the Week
While I was at AMIA this week, Will Ross of Redwood MedNet, introduced me to a low cost interoperability solution for small practices in rural locations. It's similar in concept to the interoperability appliances that Massachusetts has used in its HIE. Will calls his appliance the
"HIE Plug".
The HIE Plug is a secure health data endpoint built on a generic small form factor hardware device. The all open source software stack runs on a Marvel Kirkwood ARM CPU @ 1.2Ghz with 512M RAM. The hardware draws under 5 watts of power.
• 2 x Gigabit Ethernet 10/100/1000 Mbps
• 2 x USB 2.0 ports (Host)
• 1 x eSATA 2.0 port- 3Gbps SATAII
• 1 x SD Socket for user expansion/application
• WiFi: 802.11 b/g/n
• Bluetooth: Bluetooth 2.1 + EDR
This hardware is marketed under the trade name "DreamPlug".
The HIE Plug open source software stack installed on the device includes:
1. Debian Wheezy with the Linux 3.* kernel.
2. EncFS provides an encrypted filesystem in user-space running without any special permissions and with the FUSE library and Linux kernel module to provide the filesystem interface.
3. Mirth Connect - health data integration engine, a robust Enterprise Service Bus tool fluent in all common health data formats and communication services. Mirth Connect includes a robust dashboard to manage many individual integration engine channels, which can be taught variously to listen for data, push data, pull data, transform data, etc. Mirth Connect channels are written in Javascript.
4. Apache Derby database stores the health data messages prior to forwarding to the HIE. The database runs in the encrypted filesystem. If power to the device is lost the part of the filesystem where the database resides cannot be re-mounted and unencrypted without the proper credentials. Local storage can be configured to trim/remove its local store of messages at a pre-defined time.
5. OpenVPN client bundle for secure TLS connectivity back to the managed VPN Access Server.
6. Samba (file server) and CUPS (print server) installed. Either one or both can be configured and deployed as needed - - no services are enabled by default. This allows delivery or consumption of a file through a shared folder on the HIE Plug, or delivery of a print job to an internal network printer or a remote network printer.
7. lighttpd webserver - to provide web based applications or information to clients.
The HIE Plug was tested in a pilot deployment at three sites in early 2012, and is now rolling out to general production across dozens of health care facilities participating in Redwood MedNet. Up front deployment cost is $300 per practice. Technical support by Redwood MedNet is included under the standard HIE bidirectional data service subscription fee, which is $200/provider/year for outpatient practices.
Mirth has been used for Direct demonstrations, so it is a very reasonable choice as an integration engine supporting Meaningful Use Stage 2 exchanges.
A $300 HISP in a box - that's cool!
Thursday, November 8, 2012
Building Unity Farm - Preparing for Winter
This week we've had our first hard freeze in Massachusetts - 22 degree temperatures last night. How have we prepared the farm for winter?
1. All outside water supplies are off and drained. A yard hydrant provides water inside the barn and since its water supply is 4 feet below ground, deeper than the frost line, it does not freeze.
2. All barn doors and windows are closed to minimize wind inside. Extra straw provides a layer of insulation. The animals are fully fleeced. Llama/Alpaca and Great Pyrenees Mountain dogs enjoy the cold weather - it's the wind and the rain that is problematic. The barn protects them.
3. All our over wintering raised bed plants (such as garlic and various herbs) have been protected under salt marsh hay or moved indoors.
4. We use heated buckets to keep water from freezing in the barn. We use a thermostatically controlled chicken waterer base to keep the coop water from freezing.
5. Although the coop keeps the chickens out of the wind and rain, we need to protect their sensitive combs and waddles. We put 150 watt heater panels near their nightly roosting area and near their daily eating area. They can always seek a warm up when the temperature plummets.
One issue we're still addressing - what to do if power fails. We are currently installing a propane fueled generator to ensure our animals have heat, light and water even if falling trees or severe winds bring down power lines. During Hurricane Sandy we lost power for 7 hours. We stored a few days of water in the barn just in case, but did not need them.
We have enough food stored in our barn loft to last until Spring for all the animals.
The first hard freeze went well. I think we're ready for our first winter on Unity Farm.
1. All outside water supplies are off and drained. A yard hydrant provides water inside the barn and since its water supply is 4 feet below ground, deeper than the frost line, it does not freeze.
2. All barn doors and windows are closed to minimize wind inside. Extra straw provides a layer of insulation. The animals are fully fleeced. Llama/Alpaca and Great Pyrenees Mountain dogs enjoy the cold weather - it's the wind and the rain that is problematic. The barn protects them.
3. All our over wintering raised bed plants (such as garlic and various herbs) have been protected under salt marsh hay or moved indoors.
4. We use heated buckets to keep water from freezing in the barn. We use a thermostatically controlled chicken waterer base to keep the coop water from freezing.
5. Although the coop keeps the chickens out of the wind and rain, we need to protect their sensitive combs and waddles. We put 150 watt heater panels near their nightly roosting area and near their daily eating area. They can always seek a warm up when the temperature plummets.
One issue we're still addressing - what to do if power fails. We are currently installing a propane fueled generator to ensure our animals have heat, light and water even if falling trees or severe winds bring down power lines. During Hurricane Sandy we lost power for 7 hours. We stored a few days of water in the barn just in case, but did not need them.
We have enough food stored in our barn loft to last until Spring for all the animals.
The first hard freeze went well. I think we're ready for our first winter on Unity Farm.
Wednesday, November 7, 2012
The United States Health Information Knowledgebase
I have long suggested that we have a single place to access standards, implementation guides, test scripts, guidelines, and code sets.
The National Library of Medicine is building a national resource for vocabularies and code sets.
In the meantime, the best centralized resource we have for HIT related knowledge assets is the United States Health Information Knowledgebase (USHIK)
USHIK is an on-line, publicly accessible registry and repository of healthcare-related data, metadata and standards.
In particular, I think you will find the Meaningful Use Stage 2 criteria listed on the site (including the quality measures) to be particularly useful.
Go to the USHIK site and click on Meaningful Use box at the top left. You will be directed to that site.
Once there you can click on Value Sets or click on Download (on left-hand side) to get to the files.
Thanks much to AHRQ and Michael Fitzmaurice for creating and curating USHIK.
Tuesday, November 6, 2012
The AMIA Healthcare Information Exchange Debate
Today I'm in Chicago at the American Medical Informatics Association annual meeting, joining my colleagues Mark Frisse, Bill Yasnoff and Latanya Sweeney to debate the question:
"Resolved - Health information exchange organizations should shift their principal focus to consumer-mediated exchange in order to facilitate the rapid development of effective, scalable, and sustainable health information infrastructure."
Mark and I were assigned "oppose". Bill and Latanya were assigned "support". It was made clear that our positions were assigned and did not necessary reflect our personal opinions. (Note to Christine Bechtel and Leslie Kelly Hall - you know how I feel about the question of patient and family engagement.)
Here's what I said:
I really like the idea of patient mediated exchange and eventually we will widely support both provider and patient mediated exchange (as Meaningful Use Stage 2 will require). However, in the short term, there are implementation issues that will delay widespread use of patient mediated exchange.
a. There are 500,000 providers in the US and 300 million patients. Doing identity management on 500,000 licensed/credentialed professionals easier than issuing credentials to 300 million patients.
b. Clinicians fear that loss of data integrity will result in increased liability. How will we ensure the non-repudiatibility of data exchanged between providers if patients collect and edit it first i.e. might Tylenol #3 for pain be changed to Oxycontin for pain? At present we lack the metadata and digital signatures that will guarantee provenance and integrity of patient mediated data
c. Many EHRs include features that support provider to provider workflow, but few accept incoming patient generated or stewarded data
These are short term issues that will be address in the next few years, but the resolution calls for "rapid development".
Why will provider to provider exchange be more rapid to implement?
1. Provider mediated exchange is simple
HIEs can push data from organizational entity to organizational entity without having to uniquely identify the patient on a community-wide level. Although there are many Mary Smith's in the community, there are very few in an individual provider's practice. When a message arrives to a provider concerning Mary Smith, the provider can easily attach it to the correct record. In Massachusetts there are 20,000 providers and many are associated with a few large organizations running about a dozen different EHRs. In our HIE we can do connect everyone with a few hundred organization level network connections. Compare this complexity with the issue of messaging to 7 million unique patients.
2. Public and Private provider-based exchanges are already implemented. Per a recent survey completed at the School of Public Health, over 100 HIEs are actively exchanging real data in the US. Massachusetts has been exchanging data since 1997 and its HIEs have always been sustainable.
3. Pushing data between providers does not require complex consent frameworks, it simply replaces the fax machine used in today's processes. Thus the policies around using an HIE for pushing data are already in place.
4. Existing EHRs and PHRs support provider directed exchange, since many federal and state demonstration projects have focused on provider-based architectures.
5. Although we ultimately need both provider and consumer mediated exchanges, I predict 80% of patients will defer to their provider. My parents, like many older Americans believe their providers should collect and organize the data, serving as a kind of patient-centered electronic medical home. Patients can view the collected data via the PHR offered by their primary care clinician.
I wonderful set of point/counterpoint discussion on this topic filled 90 minutes.
The end result - the audience seemed evenly split on the resolution. We were both right - provider and patient mediated exchanges are needed.
A great discussion.
Monday, November 5, 2012
The Election and Healthcare IT
Tomorrow the Presidential election process comes to an end and the advertising will finally stop. We'll all be relieved. I especially look forward to a quiet dinner at home without robotic election-related calls.
What about healthcare IT? Will differences in the Obama and Romney platforms impact the momentum of Meaningful Use?
Here's what I believe.
The Obama Healthcare IT platform builds on what we've created over the past few years. It will continue to leverage the federal advisory committees (Policy and Standards) to engage a wide array of stakeholders. It will persist the progression to Meaningful Use Stage 3 and possibly future stages. It will embrace certification now the temporary certification process has been replaced with a permanent one. It will support the initiatives of the Standards and Interoperability framework (S&I), although the end of stimulus funds from ARRA means that ONC will move some of the S&I initiatives to private/public partnerships. It will support the current leadership at ONC - Farzad and his delegates such as Steve Posnack, Doug Fridsma, and Judy Murphy.
The Romney Healthcare IT platform notes that information technology has broad bipartisan support. No one argues that a foundation of healthcare IT implemented properly is essential for accountable care organizations. Quality, safety, and efficiency all benefit from the process enhancement afforded by healthcare IT. Michael Leavitt, former Secretary of HHS and chair of the American Health Information Community (AHIC) will lead the Romney transition team and Leavitt has years of experience with healthcare IT issues from the early days of ONC. As Governor of Massachusetts, Romney supported the early EHR rollout efforts of the Massachusetts eHealth Collaborative.
However, there have been aspects of the Romney Healthcare IT platform which are concerning.
In my conversations with reporters, there has been a consensus that the Romney campaign will terminate stimulus related programs such as Meaningful Use. I'm concerned that eliminating Stage 2 and 3 stimulus dollars would slow the pace of adoption we've achieved over the past few years.
Further, the Romney campaign has noted that interoperability standards are lacking and if vendors are given a mandate, standards will be widely adopted.
I'm concerned that Romney's advisors do not realize how successful the federal advisory committee process has been. The Healthcare IT Standards Panel (HITSP) in the Bush administration was a wonderful group of people trying very hard to make a difference. When Obama was first elected I suggested that continuing HITSP would be better than forming a new federal advisory committee (Healthcare IT Standards Committee - HITSC).
Over the past four years, I've realized that HITSC has engaged more stakeholders and recommended simpler, easy to implement standards because it was not dominated by vendors which introduce their own biases. Giving standards-making to a consortium of vendors would be a step backwards.
I always try to ignore election year politics and work above the fray. Regardless of who is elected, I will work with them and continue my passion for standards and interoperability.
If Romney is elected let's hope he is a funder of healthcare IT and not just a cheerleader. Let's also hope that he examines the lessons learned over the past 8 years and realizes that we're on the right track for interoperability. Eliminating meaningful use and turning standards-making over to the vendors would not accelerate our progress.
Friday, November 2, 2012
Cool Technology of the Week
While in China last week, I participated in a ribbon cutting ceremony for a new private (rather than public) funded hospital. Each patient room included several high tech amenities including showers that transition from clear glass to frosted glass at the touch of the button.
How is that accomplished? Simple - smart glass that employs polymer dispersed liquid crystal devices.
A liquid mix of polymer and liquid crystals is placed between two sheets of glass. When no voltage is applied, the crystals are randomly aligned and the panel is translucent. When voltage is applied, the crystals are aligned and light passes without scattering, making it appear clear.
No curtains and no blinds are needed.
If power fails, privacy is protected.
Glass that changes from cloudy to clear at the touch of button. That's cool!
Subscribe to:
Posts (Atom)
