Given the number of breaches we’ve seen this Summer at healthcare institutions, I’ve just spent a ton of time recently on several engineering engagements looking at “HIPAA compliant” encryption (HIPAA compliance is in quotes since it’s generally meaningless). Since I’ve heard a number of developers say “we’re HIPAA compliant because we encrypt our data” I wanted to take a moment to unbundle that statement and make sure we all understand what that means. Cryptology in general and encryption specifically are difficult to accomplish; CISOs, CIOs, HIPAA compliance officers shouldn’t just believe vendors who say “we encrypt our data” without asking for elaboration in these areas:

  • Encryption status of data at rest in block storage (the file system that the apps, databases, VMs, are stored on)
  • Encryption status of data at rest in virtual machine block storage
  • Encryption status of data at rest in archived storage (backups)
  • Encryption status of data at rest in the Oracle/SQL*Server/DB2/MySQL/Postgre/(your vendor) databases (which sits on top of the file system)
  • Encryption status of data in transit from database to app server
  • Encryption status of data in transit from app server to proxy server (HTTP server)
  • Encryption status of data in transit from proxy server to end user’s client
  • Encryption status of data in transit from API servers to end user’s clients (iOS, Android, etc.)
  • Encryption status of server to server file transfers
  • Encryption key management in all of the above

When you look at encrypting data, it’s not just “in transit” or “at rest” but can be in transiting or resting in a variety of places.

If you care about security, ask for the details.

{ 0 comments }

These days it’s pretty easy to build almost any kind of software you can imagine — what’s really hard, though, is figuring out what to build. As I work on complex software systems in government, medical devices, healthcare IT, and biomedical IT I find that tackling vague requirements is one of the most pervasive and difficult problems to solve. Even the most experienced developers have a hard time building something that has not been defined well for them; a disciplined software requirements engineering approach is necessary, especially in safety critical systems. One of my colleagues in France, Abder-Rahman Ali, is currently pursuing his Medical Image Analysis Ph.D. and is passionate about applying computer science to medical imaging to come up with algorithms and systems that aid in Computer Aided Diagnosis (CAD). He’s got some brilliant ideas, especially in the use of fuzzy logic and storytelling to elicit better requirements so that CAD may become a reality some day. I asked Abder-Rahman to share with us a series of blog posts about how to tackle the problem of vague requirements. The following is his first installment, focused on storytelling and how it can be used in requirements engineering: 

I remember when I was a child how my grandmother used to tell us those fictional and non-fictional stories. They still ring in my ears, even after those many years that have passed by. We used to just sit down, open our ears, stare our eyes, move around with our thoughts, and we don’t get out of such situation until the story ends. We used to make troubles sometimes, and to get us calm, we were just being called to hear that story, and the feelings above came to use again.

Phebe Cramer, in her book, Storytelling, Narrative, and the Thematic Apperception Test, mentions how storytelling has a long tradition in human history. She highlights what have been considered the significant means by which man told his story. Some of those for instance were the famous epic poems, the Iliad and the Odyssey from the ninth century B.C., the Aeneid from 20 B.C., the east Indian Mahabharata and Ramayana from the fourth century A.C., …etc. This is how history was transmitted from one generation to the other.

Storytelling Tips and Tales emphasizes that stories connect us to the past, and enlighten for us the future, lessons can be learned from stories, and information is transmitted transparently and smoothly through stories. Teachers in schools are even being encouraged to use storytelling at their classrooms. The books also believes that storytelling is an engaging process that is rewarding for both the teller and the listener. Listeners will like enter new worlds by just hearing the words of the teller. Schank and Abelson even see that psychological studies have revealed that human beings learn best from stories, in their Knowledge and Memory: The Real Story.

Having mentioned that, a requirements engineer may ask, why couldn’t we just then bring storytelling to our domain? Especially that in our work, there would be a teller and a listener. Well, could that really be?

Let us examine the relationships between story elements and a software requirement in order to answer that question.

In his book, Telling Stories: A Short Path to Writing Better Software Requirements, Ben Rinzler highlights such relationships as follows (some explanations for the points was also used from Using Storytelling to Record Requirements: Elements for an Effective Requirements Elicitation Approach):

  1. Conflict: This is the problem you want to solve in the requirements process. An example of that is the conflict that occurs between stakeholders needs and the FDA regulatory requirements for some medical device software.
  2. Theme:  This is the central concept underlying the solution. For requirements engineering, this could be a “requirement”, that is, the project goal.
  3. Setting: Knowing that the setting is the place and time of the story. In requirements engineering, this can be stated as the broader concept of the problem at hand, such as providing information about the technology environment, business, …etc.
  4. Plot: The plot of a story is its events that occur in a certain order, such that their outcome affects later once. In requirements engineering, this is the current and future systems’ series of actions.
  5. Character: This refers to any entity capable of action. In requirements engineering, this can for instance represent people, machines, and programs.
  6. Point of view: Having different points of view is important for providing a unified view that tries to provide a whole description of what is actually happening, and what everyone needs. This is like describing a medical device software process from the patient and physician points of view for instance.

So, yes, a relationship and an analogy exists between storytelling and software requirements.

In future posts in the series, Shahid and I will dig more deep on how storytelling could be employed in the requirements engineering process, and will also try to show how can fuzzy logic be embedded in the process to solve any issues that may be inherent in the storytelling method.

Meanwhile, drop us comments if there are specific areas of requirements engineering complex software systems that you’re especially interested in learning more about.

{ 5 comments }

Our vision of providing a series of packed one day events focused on practical, relevant, and actionable health IT advice were very well received in Houston, NYC, and Santa Monica earlier this year. Our next event is in Chicago and we’re going to continue to eschew canned PowerPoint decks which limit conversations and instead deliver on the implications of major trends and operationalizable advice about where to successfully apply IT in healthcare settings. As usual, the blind promotion of tech hype is going to be replaced with and actionable insights that can be put to immediate use. Based on some of the feedback we got from the 3 earlier events this year, it looks like we struck a chord:

“IMN have brought together a one-of-a-kind venue for the HealthIMPACT forum. It offers an opportunity to explore, in-depth, the intersection of emerging models of cloud computing with solving some of our toughest problems in health information technology. It’s a great opportunity to meet national thought leaders and explore these issues at depth in an intimate setting. ” - Keith Toussaint, Executive Director, Business Development, Global Business SolutionsMAYO CLINIC

“You had a pretty engaged group yesterday. I would think you regard the meeting as successful; it was in a beautiful venue. ” - David S. Mendelson, MD, FACR, Co-Chair Integrating the Healthcare Enterprise, Professor of Radiology, Director of Radiology Information Systems Pulmonary Radiology, Senior Associate, Clinical InformaticsMOUNT SINAI MEDICAL CENTER

“[The open format] allows for valuable exchange between participants. The forum consists of important topics and fluid discussions going where the audience wants to take it.” – George Conklin, Senior Vice President and CIOChristus Health

“HealthIMPACT seemed more focused with only high quality contributors and content. HealthIMPACT was collaborative with fewer ‘talking heads’ and more open and honest dialog. I truly felt that it was a more intimate environment for sharing.” – Zachery Jiwa, Innovation FellowUS Department of Health and Human Services

I’m often asked why, as a health IT blogger, I wanted to lead HealthIMPACT. Here’s a three minute video overview that explains my thinking:

Based on the feedback from the Houston, NYC, and Santa Monica events and what we’ve heard from our surveys, below are some of the topics we plan to cover in Chicago on September 8th at HealthIMPACT Midwest.

  • Reckoning with the Challenges of Meaningful Use Stage 2
  • Fear and loathing as well as excitement around new risk-based collaborative payment systems and value based reimbursement
  • Cutting through the Health IT Hype Cycle – The Top Five Things That Matter When You are Running a Health System
  • Using Mobile Applications to Align Caregiver Behavior to Enterprise Initiatives While Improving Patient Satisfaction and Outcomes
  • Doing More with Less – Clinical and Financial Integration Required to Deliver True Population Based Health Management for a Value-Based Reimbursement Environment
  • Interoperability and Coordination of Care across Multiple Providers – Realizing the Value of Health Information Exchange
  • Working With Tech Providers to Build and Implement Technology That Works for Your Physicians, Nurses, and Patients
  • A Look to the Future of Clinical Decision Support and Analytics
  • Using Advanced Analytics to Improve the Patient Experience for your Community
  • Creating the IT Integration Playbook for Success During Mergers and Expansions
  • What You Can Do to Protect Your Organization as You Become More Dependent on Cloud Based Services
  • Innovation Shark Tank – The Questions You Need to Ask and the Questions Vendors Need to be Ready For

All of the prepared agenda items above will be delivered in a unique and novel way so that the audience can drive the direction of the conversation. At HealthIMPACT we ask our audience to keep us honest, and they do. Some of the other topics that will be woven throughout the day include:

Data integration and system interoperability

  • Information exchange between hospital and outside groups/providers
  • Mobile interoperability of Patient Data
  • Interoperability strategies to ensure exchange of quality information
  • HIE Connectivity, Direct Trust Testing/Connectivity
  • Improved communication between providers

Population Health and Patient Engagement

  • How will involvement of patients in their own care change the way healthcare is practiced? Will it really?
  • What efforts are being made to reach out to the average patient in the population so they can access and use the health care system the same way that the average person is able to use the banking or retail system?

Data Governance

  • Ensuring data accuracy
  • Control data output to ensure it is of highest quality and provides consistent outcomes.
  • Data governance, measure burden, data analysis
  • Strategies for accurate and reliable data entry
  • Ensuring the quality of information within your EMR
  • Use of computerized assisted clinical documentation or coding to improve clinical outcomes
  • CAC, Computer Assisted Physician Documentation (CAPD)
  • Master Data Management
  • Reconciliation of data between systems

Meaningful Use

  • Assuring on-time and on-budget completion of projects (principally MU2), in the face of reduced reimbursement and personnel resources.
  • Implementation of MU 2
  • Meeting MU2 and CMS rules w/minimal impact on physician workflow/productivity
  • Transition of Care (TOC) measure and use of CCDA & DIRECT Messaging
  • Developing solutions that will satisfy conflicting requirements between CMS sections, without requiring staff to do multiplicative documentation.
  • Effective Clinical Integration Ideas EHR (Epic Implementation)
  • Epic implementation
  • Interoperability legacy systems and modern systems
  • Keeping track of rapid changes in software in the electronic health record
  • Keeping track of changes from CMS
  • Staying current of IT information that comes so fast
  • Meaningful Use Audits
  • Implementing electronic medical record
  • Successfully attestation for Stage 2 Phase 1 MU
  • Maintaining metrics in the face of ever changing regulatory requirements
  • Transition of the traditional quality core measures to the electronic clinical quality measures
  • Managing changes in workflows as new components in the EHR are implemented to meet meaningful use requirements

Clinical Informatics

  • Use of analytics/data to coordinate care and cut costs
  • Developing Heath Care Data and Analytics division
  • Knowledge of successful strategies to move forward clinical informatics agenda
  • Population Heath and Data Mining
  • Not seeing nursing informatics (N I) working in our healthcare facilities
  • Seeing NI as a leaders in the field.
  • Job availability for NI
  • Ways in which nursing informatics is impacting healthcare
  • The integration of Nursing informatics as a part of IT in healthcare
  • Focus on nursing informatics and their role in healthcare
  • cost big data interoperability

Clinical Decision Support

  • Enabling more robust clinical decision support
  • Exploring, and successfully implementing alternate delivery methods of care

Mobility

  • How to get the most out of mobile platforms.
  • Role of mobile devices in Health IT.
  • Telehealth
  • Clinical solutions and patient engagement solutions
  • How to be successful with cloud strategies

Cost & Resources

  • Ensuring that using IT in care delivery actually helps in reducing cost of healthcare Cutting cost of the contracted services
  • Supporting the education efforts of various departments, without having to assume responsibility for conducting the actual education
  • Prioritizing to corporate strategic direction.
  • Workflow of IT operations area – more efficient
  • How to evaluate new technoloty
  • global sense of what the most useful cutting edge technologies are
  • Resources Money changes in government regulations
  • Project management C-suite expectations Talent acquisition
  • Money to implement, train, maintain. Trained technical people. Affordable bandwidth.
  • Funding; dealing with increasing integration requirements; need for speed in an increasing complicated environment.
  • Budgets Finding qualified staff to fill positions GRC culture change to make the business more responsible for their applications
  • Change management in general

Innovations

  • What start-up technologies are larger institutions potentially looking at?
  • What apps should patients be “prescribed”?
  • Trends, direction in technologies for new technologies like wearable technology etc.

Security

  • System implementation Security
  • Authentication, electronic signature
  • Medical & Personal Device Security
  • Security and Privacy Mobility

{ 0 comments }

I’ve been looking at hospital supply chain automation and the IT surrounding it for a number of years now. Starting with Cardinal Health but then moving on to help a number of other vendors in the space, I’ve felt that there’s not been enough next-generation tech being applied to the low margin, high volume business of hospital supply management. Hospitals often spend tens of millions of dollars on EHRs and other IT systems that have little direct cost reduction capability but they ignore, often at their peril, supply management systems that can save immediate dollars. There seems to be a light at the end of the tunnel, though. Earlier this year I joined the board of Hybrent, led by founder and supply chain expert Harold Richards, because I instantly saw the value of what they were doing. While Hybrent is a startup funded by a couple of friends that I know have been successful in the past, I joined primarily because of Harold’s 21 years testing, applying, measuring and implementing supply chain strategies that have driven well over $50 million in costs out of the supply chain units where he’s served. While supply chain automation is often seen as an administrative activity, I’ve seen first hand that it’s actually directly tied to increase in patient & nursing satisfaction. I asked Harold to tell us a little about why supply chain automation is so important and here’s what he had to say:

Does Your Hospital Supply Chain Have Traits Of An Ant Farm?

You may have had an ant farm as a child and marveled at the cooperative efforts and precision of the ants as they went about their daily activities. Thanks to the panes of glass, you could see into the inner workings of the ant society at all levels and depths.

That same level of effort went into the anthill in the backyard – maybe even more due to the lack of protection. Yet it went unnoticed because it was underground. You only noticed problems when they affected ants that you could see at the top of the anthill.

So it is with the hospital supply chain, full of hard working individuals who run into daily challenges just as ants do. Both rely on excellent systems of communication to get things accomplished. However, ants do not have to deal with bureaucracy, integrating of mismatched systems, missing supplies and other time-wasting system failures (at least not as far as we can tell).

Front-line healthcare workers do spend precious time dealing with these problems, resulting in inefficiencies, higher costs, and potential poor patient outcomes. Spending 20% of your nurses’ time on supply scavenger hunts does not help anyone – certainly not the nurses.

Not only does this cause inefficient use of time, it causes inventory chaos – incorrect counts, hoarding supplies, missing orders and the like – that can snowball throughout your supply chain system. You have stressed and unhappy ants, so to speak.

These misfires cause turmoil within the ant farm and can lead to accidents like sentinel events.  Looking at the bigger picture within healthcare, we are expected to do more with less. In my opinion this is a recipe for disaster.

Today, droves of patients are flocking to the ER’s like never before seeking treatment. As a result, emergency rooms all over the country are filled beyond capacity levels with less staff, more workload and higher expectations. According to USA TODAY, some hospitals are seeing 12% spikes.  Purely from a metrics perspective this may not seem like much, but could result to patients dying while waiting for care.

With this increase in volume there now becomes a higher risk and demand for medical supplies & enhancement in supply chain efficiencies. The reality we live in is this; incorporating anything less than the traits of an ant farm will cause major mishaps in form of patients dying.  It’s a sentinel event just waiting to happen.

Just imagine something as minor as clinical caregivers not having instant access to trauma, respiratory, and EMS supplies within a already busy emergency department while a patient is being triaged with chest pains. Quite a frightening forecast when you think about it.  As they say, future behavior is predicated upon past behavior.  The future outcomes of your patients weigh heavily on your actions.

As a hospital executive, your view may be that of the backyard anthill – you have surface information that gives you superficial knowledge, but without the overall view you need to fully anticipate or fix problems. Meanwhile, your care providers may be dealing with supply chain systems that hamper effective communication instead of enhancing it.

If you’re not doing these three things your patients are at risk and your hospital is losing millions of dollars in supply chain management:

  1. You must setup a transparent assignable communication system for the front-line staff – A system allowing your “ants” to effectively communicate. With rules and filters that you define, user-friendly menus simplify the ordering process for your nurses and give real–time feedback that propagates through your system via real-time push-notifications and alerts. It’s imperative that everyone from nurses to supply chain personnel to trading partners works off the same set of information.
  2. Compiles data, giving you and your staff immediate access to as much data as you need, based on your preferred settings. This gives you the “panes of glass,” if you will, to see into the complex workings of your system at any point in time. It’s equally important to have this data embedded within daily workflows to effectively make better business decisions.
  3. Be accountable for setting up the rules and analytics that are important to your organization. Sense the need of urgency to prevent as well as fix problems. You can either process the output of the visibility system through a separate analytical engine to get the insight you need, or integrate the two along with any other useful support system.

The key is to get you the information and facts you need to make decisions when you need it, and not to overwhelm yourself with frivolous or useless information. If you can’t see the overall picture, and can’t interpret it, you can’t fix it. That is true at both the executive and care-provider level. Do you really know what’s going on in your “anthill” today?

Ants are models of efficiency, and with a proper Supply Chain Visibility System, your front-line care providers will be as well. They will be thrilled with the ability to streamline their time and prevent supply chain snafus. They will probably forgive you for any ant analogies you want to draw – although you’ll have to gauge that for yourself.

Editor’s note: If you’re wondering what’s going on in your anthill, e-mail Harold to get a free 30 minute Supply Chain “Clarity Session” consultation, which consists of answering a few questions and getting some pretty impressive actionable intelligence in a short thirty-minute call.

 

{ 1 comment }

Guest Article: OLAP remains a great healthcare analytics architecture, even in the Big Data era

I’ve been getting many questions these days about big data tools and solutions, especially their role in healthcare analytics. I think that unless you’re doing large scale analysis of biomedical data such as genomics, it’s probably best to stick with traditional tried and true analytics tools. Online Analytics Processing (OLAP) can be invaluable for medical […]

0 comments Read the full article →

What EHR/PM vendors should do as 63% of buyers look to replace existing PM solutions

Melissa McCormack, a medical researcher with EHR consultancy group Software Advice, recently published their medical practice management BuyerView research, which found that 63% of the buyers were replacing existing PM solutions, rather than making a first-time purchase.  This mirrors the trend we’ve seen across medical software purchasing, where the HITECH Act may have prompted hasty […]

1 comment Read the full article →

Guest Article: HL7 FAQ and why exchanging critical patient data isn’t a nightmare

I recently saw a demo of the Decisions.com platform and left impressed with the workflow engine, business rules execution, forms automation, and data integration platform. I’m very familiar with almost all the major HL7 routers and integration engines out there but Carl Hewitt, Founder and Chief Architect at Decisions, is releasing something fairly unique — an visual HL7 interface definition and […]

0 comments Read the full article →

Guest Article: What EHR buyers and health IT vendors can learn from the Nashville market

Zach Watson over at Technology Advice.com wrote a nice piece on EHR Trends in Nashville. I’m not a big fan of “trends” articles because trends aren’t that important, the implications of those trends and how to operationalize the implications are most important. I enjoyed Zach’s article so I asked him to tell us what those trends mean for […]

0 comments Read the full article →

Guest Article: Is Patient Generated Health Data (PGHD) trustworthy enough to use in health record banks?

The push towards shifting the patient’s role from a passive recipient of care to an active member of the care-team looks set to gain further legislative backing. Earlier this year, the Health IT Standards Committee, along with The Joint Commission and ONC, laid out recommendations for integrating patient generated health data (PGHD) into Stage 3 […]

3 comments Read the full article →

There’s no difference between mHealth & telemedicine, come to ATA May 17-20 in Baltimore to learn more

I’ll be heading to the American Telemedicine Association (ATA) annual conference in Baltimore in a couple of weeks. To see what I might learn there I interviewed Jon Linkous, CEO of ATA. The first question I asked him was “what’s the difference between mHealth and telemedicine?” Basically nothing, he said — but, he noted that […]

2 comments Read the full article →