Cool Technology of the Week

Last week I had dinner with the CEO of a very successful software company.  He told me that 30% of all downtime for his products was caused by anti-virus software.

Given the sophistication of today's malware, it's clear that a new approach is needed to anti-virus software.

Intel introduced a virtualization component to their chipset a few years ago.   When they acquired anti-virus company McAfee, they collaborated to leverage their  "VT-x" chipset to catch advanced persistent threats and root kits, both of which run at the same privileged level as the typical anti-virus products.   The VT-x chip enables a security monitoring process which runs at a low level in a very highly privileged status in the chip.   It can monitor CPU and memory state changes and flag, quarantine or stop anything it sees as suspicious.      All new Intel-based, Windows 7 machines include this capabilities.  Here's a white paper about it.

For those of us who live in the trenches of information technology, malware and root kits are the bane of our desktop management staff because they cannot be cleaned with existing standard antivirus software and require re--imaging the machines.  

Anti-virus on a chip that cannot be disabled by malware.   That's cool!

recomended product suport by amazon

Building Unity Farm - The Guinea Fowl Who Lost His Mojo

Running a farm with 50 animals is like having 50 children.   There are going to be bumps and bruises, stumbles, and occasionally serious injury.

Last week, one of Guinea Fowl, named Piebald (because he's a patchy blend of black and white) flew into the male alpaca area which is guarded by our Great Pyrenees Mountain dogs, Bundle and Shiro.   Normally our dogs ignore our birds, since the dogs have lived with the poultry for most of their lives.  Piebald ran around the inside of the pasture fence and his fluttering attracted the dogs.  They wanted to "play" with Piebald by "fetching" him.    Within seconds of this happening, I ran to the pasture, body slammed the dogs to the ground with a sharp NO, indicating that eating a fellow citizen of Unity Farm is unacceptable behavior.

My wife picked up Piebald and began walking him back to the coop.   A few of his tail feathers were missing, his head had a few spots of blood, and he looked a bit traumatized but otherwise intact.    On the way back to the coop, he jumped from her hands and ran straight into the forest surrounding our farm.    Kathy and I spent an hour looking for him to no avail.   As darkness fell, we suspended our search.

The next morning he reappeared in the coop,  looking out of sorts.  That afternoon he disappeared again and spent the night in the forest.

The following day, he reappeared in the coop but his affect was very submissive.   Previously Piebald was high on the pecking order.   Now, he was being pecked at by his subordinates.  He lost his mojo.

He spent the day running away from the other Guineas and losing various pecking order battles.

His wounds had healed and he was eating/drinking vigorously.   He stayed in the coop overnight but slept with the chickens.

The next day he began cruising the property with the other guineas.   He regained his upright posture and assertiveness.

Today he's been leading the pack once again, completely comfortable with being a leader of  Guineas.   He's regained his stature.

Every day is an adventure at Unity Farm.  You never know what interpersonal dynamics will develop with the alpacas, llama, guineas, chickens, and dogs.   You never know who will squabble, who will have an injury/illness, and who will develop new behaviors.    If it wasn't for the rigors of being a CIO, I could spent the day watching the events of the barnyard - far more interesting than Fox News or CNN.

We've had life and death on the farm, sickness and health on the farm, joy and sorrow on the farm.    At the moment, everyone is healthy, happy, and knows their place in the pecking order.

As we prepare for the Christmas on the farm, it's good that our citizens are all at peace in their community.

recomended product suport by amazon

Rethinking Remote Access

As I travel the country, I find that CIOs everywhere are struggling with BYOD in particular but remote access more generally.   Who is responsible if

A personal unencrypted laptop with email containing personally identified/protected healthcare information is stolen?   The CIO of the institution providing email takes accountability and reports the theft to appropriate  government regulators.

An employee prints a web page on their home computer and patient data is discovered blowing around in a nearby dump?  The CIO of the institution hosting the patient data is responsible.

An employee with a malware infected but encrypted smartphone accesses a web application and a keystroke logger sends the username/password to hackers in Asia who use it to send spam.   The CIO is responsible for all the consequences.

Policy against using personal laptops, home desktops, and smartphones for processing of healthcare data is not sufficient.  CIOs must use technology controls to mitigate risk of data loss.

For example, BIDMC has already used AciveSync to enforce encryption of every smartphone accessing our network and to deny access to those smartphones that do not support encryption.

Personal laptops and home desktops are much harder to control.  Purchasing institutionally supported laptop/desktop devices for every user needing remote access would be cost prohibitive.  

Rather than try to manage the home clients that have multiple varieties of hardware, operating systems, and third party apps, it's more practical to impose restrictions on who can access resources remotely, where they can access resources from, and what they can do (block downloads and printing).   Solutions I've heard from industry experts include

1.  ActiveSync as the only means of smartphone email access with a configuration to require encryption of client devices.  Use Outlook Web Access as the only laptop email access method and close all other types of remote email access - WebDav, Web Exchange Services, and RPC over HTTPS, IMAP, POP
2.  SSLVPN for all remote access to all applications (including web portals) with configuration settings to prevent remote downloads and printing
3.  Citrix or Virtual Desktop Infrastructure, which typically does not persist data on local clients.

I've described security as a continuous improvement process - the journey is never done. I'm curious what you are doing to restrict remote access in a world of malware, BYOD, and enhanced regulatory enforcement.   Comments are welcome!

recomended product suport by amazon

A Presentation to HIMSS in North Dakota

This morning, I joined a HIMSS group in North Dakota to discuss Meaningful Use Stage 2, Health Information Exchange, and Personal Health Records.

Here are the slides I used.

I was asked an interesting question about the transition from Stage 1 to Stage 2.

The Stage 2 Final Rule notes that as of 2014, any provider or hospital attesting to Stage 1 must use Stage 2 certified technology.   Since the capabilities of Stage 2 certified technology are different than Stage 1, the nature of meaningful use changes for those who begin the program late.

The details of the changes  to Stage 1 Core and Menu set objectives over time is summarized in this excerpt from the Stage 2 final rule.

A summary table of the effects is below, illustrating that the number of objectives changes as the certified technology changes.   I hope you find this useful.

EPs

	Stage 1 (2011-2012)	Stage 1 (2013)	Stage 1 (2014+)
Core	15	13	13
Menu	5 of 10	5 of 10	5 of 9

Hospitals

	Stage 1 (2011-2012)	Stage 1 (2013	Stage 1 (2014+)
Core	14	12	11
Menu	5 of 10	5 of 10	5 of 10

recomended product suport by amazon

Building Unity Farm - Thanksgiving on the Farm

Today was our first Thanksgiving at Unity Farm.   Although I've discussed the farm in detail, I've not described the home.   We live at the farm in a house adjacent to the pasture.   My father-in-law lives in the in-law wing, we live in the first floor. and our daughter has an area on the second floor.

The entire family selected vegetables from the farm and surrounding farms, then spent the day peeling, chopping, and preparing a vegan feast.  Just about everything but the Tofurkey was grown on the farm or within a mile of it.  We had

Tofurky with roasted potatoes and carrots
Celery and chestnut stuffing
Rutabegas
Mashed potatoes
Green beans
Brussells sprouts
Squash
Pickles/onions
Sweet potatoes

A remarkable meal.

During dinner 30 turkeys dropped by the farm for a visit and roosted in the trees above our alpacas.   It's clear to me that the best place for a turkey on Thanksgiving is a vegan/vegetarian farm!

recomended product suport by amazon

A Time for Giving Thanks

2012 has been a year of joys and sorrows.   My wife had breast cancer, my mother broke her hip,  my cat died of pancreatic cancer, I left my CIO role at Harvard Medical School to focus on BIDMC's emerging accountable care organization, and moved/consolidated two families from suburban houses into Unity Farm.

Some would consider this amount of change and challenge to be overwhelming.

I think of them as transformative.

It may sound strange to quote Marilyn Monroe when reflecting on Thanksgiving, but her words are appropriate:

“I believe that everything happens for a reason. People change so that you can learn to let go, things go wrong so that you appreciate them when they're right, you believe lies so you eventually learn to trust no one but yourself, and sometimes good things fall apart so better things can fall together.”

Without the catalyst of my wife's cancer diagnosis, we would not have sold our home and purchased the farm at a time when market conditions were ideal for both transactions.

My mother's hip fracture enabled us improve their house for accessibility and reconcile her medications.

My cat's unexpected illness educated us about animal care at a time when we took on the responsibility for 50 chickens, llamas/alpacas, and guinea fowl.

My job consolidation enabled me to channel all my passion and energy into healthcare information exchange at the federal, state, and local level such as the Massachusetts Golden Spike event.

Unity Farm has provided a healing environment for everyone in the family and the memories of the work required to sell two houses, close my wife's gallery and move her studio to the farm is fading fast.

BIDMC was ranked the #1 IT organization in America this year.  We were the first hospital in the country to attest to meaningful use and receive stimulus funding.  We achieved all our FY12 application and infrastructure goals.

Regardless of the events of any given day, temporary crises or urgencies pale in comparison to the well being of people.   As we approach Thanksgiving 2012, all the people in my world are good.

My wife and daughter are happy.   My parents are healthy.   My Federal and State colleagues are working hard on challenging projects they enjoy.   My BIDMC teammates are making a huge difference during the most exciting time in the history of healthcare IT.   The citizens of Unity Farm are loved and well cared for.

In 2012, the events of each day were sometimes negative, but the trajectory for the year has been overwhelmingly positive.

As I tell my daughter, it's unclear what the endpoint will be, but as long as the journey along the way is the best you can make it, everything will be ok.

After all the events of the past year, I remained convinced that the future will be bright.

Thanks to everyone who traveled the path with me this year.

recomended product suport by amazon

The Patient Experience of EHRs

I'm often asked if the use of EHRs diminish clinician-patient interactions in the exam room.

At BIDMC, Jan Walker and Tom Delbanco  have done focus groups with patients about technology. Generally, they found that patients will embrace technology that gives them access to information about their care.  At BIDMC, where we have both a patient portal and Wi-Fi throughout the hospital, doctors often arrive at the bedside to find a patient viewing lab results on an iPad, ready with questions about their tests.

The literature studying outpatient offices with computers in the exam room suggest computers do not get in the way as long as clinicians are facile with them and maintain eye contact with patients.

Here are three articles:

"The examination room computers appeared to have positive effects on physician-patient interactions related to medical communication without significant negative effects on other areas such as time available for patient concerns. Further study is needed to better understand HIT use during outpatient visits."  J Am Med Inform Assoc. 2005;12:474–480. DOI 10.1197/jamia.M1741.

"Studies examining physician EHR use have found mostly neutral or positive effects on patient satisfaction, but primary care researchers need to conduct further research for a more definitive answer." J Am Board Fam Med 2009;22:553–562.

"With the implementation of the electronic medical record—called HealthConnect—in all exam rooms throughout the Kaiser Permanente health care delivery system, how computers in the exam room affects physician-patient communication is a new concern. Patient satisfaction scores were obtained for all primary and specialty care physicians in a large medical center in Southern California to determine how scores changed as physicians started using HealthConnect in the exam room. Results show no significant changes in patient satisfaction for these physicians. Although concerns were not realized that patient satisfaction might decrease after HealthConnect was introduced, there was also no evidence that introducing an electronic medical record in outpatient clinics increased patient satisfaction."  The Permanente Journal / Spring 2007/ Volume 11 No. 2

Clinicians have different approaches to the use of technology in the exam room - iPads, typing into a laptop, or just taking notes then entering data outside of the exam room.    When clinicians and patients work together to ensure safe, accurate, and timely record keeping, everyone wins.   Certainly, there may be awkwardness when clinicians struggle with new technology and patients perceive a change in attentiveness.  However, it is highly likely that as clinicians spend their entire practice lives using EHRs and all patient records are recorded in EHRs, that this awkwardness will disappear.   Just as mobile devices have replaced newspapers and magazines as the favored way for adults to access media, the EHR and PHR, as well as the processes needed to use them, will become a standard part of every clinical encounter, supporting rather than detracting from the patient experience.

recomended product suport by amazon

A Novel Idea for Managing Consent

In 2008, I wrote about representing privacy preferences in an XML form that I called the Consent Assertion Markup language (CAML).

At the November HIT Standards Committee we discussed the draft Meaningful Use Stage 3 Request for Comment (RFC), which includes a measure relating to query for a patient's record.  The RFC suggests an exchange of authorization language to be signed by the patient in order to allow retrieval of the requested information.    Discussion elicited the suggestion that perhaps patient consent preferences might be included as metadata with the data exchanged so that the patient approved uses of the data - treatment/payment/operations, clinical trials, transmission to a third party - could be respected.

After the meeting, Dixie Baker proposed a simple, scalable and powerful approach to avoiding the necessity of either exchanging authorization language for signature, and the complexities involved in exchanging patient preferences as metadata.  Her suggested approach draws from both the CAML idea with the metadata idea, but simplifies privacy-management for both consumers and providers, while offering the kind of scalability needed for the dynamic, collaborative healthcare environment we envision.

Imagine that instead of having to fill out a new privacy-preferences form at each encounter, the consumer could select and manage her preferences with a single entity, and at every other encounter, would need only provide the URI to where her preferences were held.   Then, upon receipt of a request for her health information, an EHR would only need to query the privacy-management service at the URI she provided to determine whether the request could be honored.  Her preferences would be captured as structured, coded data to enable query, without having to exchange a complete "form" in order to adjudicate an access request.  Per the CAML idea, this XML could include queryable preferences about what data the patient consents to exchange with whom and in what circumstances.   This set of privacy preferences could be maintained by the patient and would include such concepts as institution-level permission to share data with partner insitituions, permission to send data using a health information exchange organization, and approval to use data for certain types of research.  

Instead of sending these preferences with the data itself, the metadata header in  Consolidated CDA summary exchange would include a Uniform Resource Identifier (URI) that points to the privacy-management service where the patient's privacy preferences are held.

This simple idea - represent patient's privacy preferences/consents in query-able XML at a specific URI - enables an entirely new approach to health information exchange, while making it easier for consumers to make meaningful choices, and manage them over time.

For example

1.   A hospital is "pushed" a patient record from a primary caregiver.   The hospital wants to push that data to a specialist.   Before any data transfer is done to an outside organization, the URI is retrieved from the metadata and the patient's current consent preferences are applied to the data exchange.

2.   An emergency department wants to pull data from multiple data sources to ensure safe, quality, efficient care of an unconscious patient.   The URI of service holding the patient's privacy preferences is available from the state HIE, and the data is retrieved from various sources per the patient's preferences.

3.  At discharge, the patient's information is to be pushed to the patient and the primary caregiver/referring clinician per meaningful use stage 2 requirements.   Before the push happens, the patient's URI is checked for current data exchange preferences.

As we continue to work on a variety of "meaningful consent" approaches and support complex state privacy policy variants, the notion of recording patient privacy preferences in a place that is under the control of the patient and is query-able via a simple XML makes great sense.

I look forward to continued discussion of Dixie's ideas at the next Standards Committee meeting.

recomended product suport by amazon

Cool Technology of the Week

My daughter and one of my blog followers recently told me about a Japanese cultural phenomena that is truly a cool technology.

One of the hottest concert pop stars in Japan is an anime hologram with a vocal synthesizer.  Meet Hatsune Miku who appears in live concerts, despite the fact that she does not exist.

She's a vocaloid created with software that anyone can use to create realistic rock performances.

Ms. Miku is not alone.  She's done duets with fellow vocaloid hologram Megurine Luka.

Wired Magazine described the technology behind the creation of a wholly digital pop star.
 
Hatsune Miku is a cultural phenomenon in Japan, yet she lives only in the digital world.

That's cool!

recomended product suport by amazon

Building Unity Farm - The Community

One of the most important aspects of choosing a farm property is the community around you
* What is the zoning?
* How will your neighbors react to wandering guinea fowl or an escaped llama?
* Are there other farms nearby?

For our farm, we chose Sherborn, a very agriculturally friendly town just west of Boston.

The Sherborn town bylaws indicate that no agricultural pursuit can be restricted.   Of course, various wetland restrictions and environmental controls apply, but if we wanted to raise ostriches and emus on our 15 acres, we could.  Our land was previously a 200 acre farm and our only current neighbors are a 55 acre apple orchard and a 15 acre property used for horse rescue/mini-donkeys.    Those neighbors admire and support our livestock.  

But what about nearby farms?

This week, we ate foods gathered or purchased from our farm and surrounding farms (photo above).

The western border of our property is the Dowse orchard.   At the Dowse Orchard Farm Stand  we purchased:
Romaine and red leaf lettuce
Field broccoli
Apples (Mac, Cortland and Empire)
Local seasonal pies
Fresh pressed apple cider

Just over the hill from us is a 1700's dairy farm - the Sunshine Farm.
We purchased:
Field turnips
Field carrots
Field onions
Homemade sweet corn veggie pizza

Just down the street from us is the Sweet Meadow Farm where we purchased sugar pumpkins and grain/hay for our animals.

At our own Unity Farm, we gather 8 eggs per day from our chickens.   This season we grew eggplant, garlic, onions, and potatoes in our raised beds.   In our kitchen garden we grew parsley, sage, rosemary and thyme.   We planted our own apple orchard and will be planting an acre of high bush blueberries in the Spring.  We're building  a 20 foot x 72 foot hoop house that will enable us to grow year round produce.

Nearby, the Boston Honey Company runs a Honey CSA.  Our share this year included fresh combs and local wildflower honey.

 If December 21, 2012 really does bring cataclysmic or transformative events, living in Sherborn is good preparation for self sufficiency.   From our perspective, it's an ideal farm community.

recomended product suport by amazon

The Next Generation of Entrepreneurs

When I was 13 years old, the Altair 8800 appeared on the cover of Popular Electronics.   By 16, I was building enough hardware and software that I achieved the Malcolm Gladwell 10,000 hours of competency by age 18.     By 19, I founded a company that produced tax calculation software for the Kaypro, Osborne, and new IBM PC.   Every week in the Silicon Valley of the early 1980's brought a new startup into the nascent desktop computer industry.

To me, we're in a similar era - a perfect storm for innovation fueled by several factors.  Young entrepreneurs are identifying problems to be rapidly solved by evolving technologies in an economy where existing "old school" businesses are offering few opportunities.

This morning, I lectured to an entire classroom of MIT Sloan school entrepreneurs .   Today the Boston Globe published articles about the Harvard Innovation Lab and the Mayor's efforts to connect entrepreneurial students with mentors.

Tonight I'll introduce a Harvard Medical School entrepreneurial team at the Boston TechStars event .

This pace of innovation reminds of that time 30 years ago when Sand Hill Road was just beginning its evolution to the hotbed of venture investing it is today.

Who are these new entrepreneurs and what kind of work are they doing?   Tonight I'll be introducing Lissy Hu and Gretchen Fuller.

Lissy Hu is passionate about helping patients find the right care. Her clinical experiences at leading Boston and New York hospitals have shown her first-hand the frustrations her patients and their families face when finding after-care. Lissy previously worked on a Medicare demonstration project involving transitions in care for 3,000 medically-complex patients. She is currently on-leave from the Harvard Medical School and Harvard Business School joint-degree program. Lissy hopes to leverage her clinical and business insights to engage in social entrepreneurship and tackle healthcare’s most challenging problems. Lissy graduated from Columbia University Phi Beta Kappa, Summa Cum Laude, and with Honors in her major.

Gretchen Fuller is committed to improving healthcare quality and communication amongst providers and patients. At Harvard Medical School, she co-directed a student group (Improvehealthcare.org) dedicated to improving medical school education on healthcare policy: this organization was responsible for creating course material that is now part of a mandatory Health Policy course. She spent the last year spearheading three healthcare quality investigations at 5 hospitals in Buenos Aires, Argentina, including projects on problematic patient handoffs, barriers to the use of surgical checklists, and medical school curricula on patient safety. Gretchen graduated Cum Laude in Biology at Harvard University, where she also captained the Division I Field Hockey team.

They will be presenting CarePort, a software startup improving patient transitions from hospitals to post-acute care providers though an easy-to-use online booking engine.

As I know well from my mother's recent hip fracture, many patients require additional care after a hospital stay. The current process of discharging patients to post-hospital care providers is complex, confusing, and cumbersome.  Careport connects patients, hospitals, and care facilities directly. Patients and their families, along with hospitals, can search for care facilities that meet their clinical needs and book reservations immediately. Careport also tracks patient care in the hospital and post-acute care settings and communicates critical clinical information back to primary caregivers, thereby ensuring effective care coordination.  Careport identifies variables driving medical complications, readmissions, and patient satisfaction.

I am convinced that Meaningful Use Stage 2, with its focus on increased interoperability, and Meaningful Use Stage 3, with its proposed enhancements to patient and family engagement, will accelerate the demand for products like Careport.  Modular certification will make it much easier for  young entrepreneurs to make their products part of the physician and hospital software set used for attestation.

It's an exciting time to watch the creativity of the next generation fixing healthcare.  With Techstars, Rock Health, Healthbox and other incubators/accelerators combined with Datapaloozas and innovation competitions, I'm convinced the breakthroughs we need in healthcare process improvement will be invented by the twenty-somethings and not mid career professionals in established companies.

So immerse yourself in advising and mentoring these people.    Tonight, I will be.

recomended product suport by amazon

The November HIT Standards Committee Meeting

The 42nd meeting of the HIT Standards Committee began with an inspirational introduction from Farzad Mostashari.    He told us that the HIT Standards Committee members should keep their  "eyes on the prize and feet on the ground".   We should be aspirational in reviewing the Meaningful Use Stage 3 criteria, identifying standards recommendations for 2016 which are likely, which are possible with focus, and which are unrealistic.    We should not be intimated by all the ideas in the Meaningful Use Stage 3 request for comment, but realize that unless all ideas are considered, we'll regret not thinking broadly about important safety, quality, and efficiency improvements.    As the request for comments process progresses, the doable priorities will emerge.    The public release of the Stage 3 request for comment will occur later this week, with comments due in January.

Michelle Nelson, ONC Meaningful Use Workgroup Lead, presented the Meaningful Use Stage 3 recommendations, assisted by Doug Fridsma and Jodi Daniel.   We reviewed the Stage 3 recommendations line by line, noting that the Policy Committee had included some data exchanges that the Standards Committee suggested were unlikely to occur by 2016.    Although most of the Standards Committee advice was incorporated, the Policy Committee felt some goals were so important they were worth pushing.    Overall, the Standards Committee commented that the Meaningful Use Stage 3 recommendations need to be grouped into common policy goals, be less workflow prescriptive and more outcomes oriented, take into account the burden of implementation, and focus on a few significant improvements to EHRs that would accelerate several goals.   For example, if all EHRs became QueryHealth compliant then clinical trials, quality measures, and population health reporting would all be simplified.   As a next step, ONC will reorganize the Stage 3 material into policy clusters and themes for assignment to the Standards Committee for detailed standards recommendations.


Next, Dixie Baker presented a Privacy and Security Workgroup Update regarding security and privacy criteria for modular EHR certification.    Their concern is that without security and privacy guidelines, we could end up with a module that weakens protections and data integrity of the enterprise.   Dixie suggested several paths forward and the Committee decided that Modular EHRs should be required to demonstrate compliance with the Meaningful Use security criteria by either including features within the module or by making calls (standards-based or non-standards based) to other applications which provide the needed security.

Doug Fridsma provided an update on S&I Framework projects and focused on the Automate Blue Button initiative to support patient "subscription" to their healthcare data or automated requests for delivery of their data.

Kate Goodrich from CMS provided an overview of efforts to "re-boot" Clinical Quality Measures by
*Eliminating abstracting and skip methods that based on paper
*Using new measures that are EHR-based, not old measures that are retooled to work with EHRs
*Reducing complex exclusionary criteria in numerators and denominators
*Consolidating measures across various programs - ACO, PQRS, CMS Core etc.

We then heard three presentations that are part of efforts to simplify future stages of Meaningful Use by providing national infrastructure.

Ivor D'Souza from the National Library of Medicine presented the Value Set Authority Center , which is now open for business.   This valuable resource provides downloadable/searchable vocabularies and code sets that support Meaningful Use Stage 2.

Christopher Chute from Mayo Clinic presented Common Terminology Services 2 (CTS2) which provide an easy way to exchange code sets in batch from sources such as the Value Set Authority Center.   I've posted previously about CTS2.

Michael Fitzmaurice presented the United States Health Information Knowledgebase.  It includes access to Chris Chute's Value Set Authority Center Common Terminology Services application. I've posted previously about USHIK.

Lastly, we heard from Carol Bean about the Meaningful Use Stage 2 Testing and Certification details.     We look forward to piloting the scripts before they are placed into production.

An important meeting that set the stage for deliberations on Stage 3.   I look forward to simplifying the Stage 3 recommendations into common themes that reduce the burden on implementers.

recomended product suport by amazon