The Healthcare IT Guy

I have received many comments on my recent Data Models in Healthcare series of articles and all of them have been pretty good. One of the more detailed and thoughtful responses came from Daniel Essin, a physician who is the Director of Medical Informatics at Los Angeles County Hospital and CTO of ChartWare. He wrote about using XML data models for clinical data management and in general I agree that XML is a viable persistence model for the use case he refers to. Here’s what Dan said:

I read your article. It’s hard to object to your general conclusion although when it comes to the core of healthcare data, the electronic medical record, I have found that sometimes people spend too much time modeling and not enough time following your advice to understand the data and how it will be used.

The most striking characteristic of clinical documentation is that tends to be composed of nested sections and items. It is extremely common to see data models that attempt to address the content of these documents (i.e. discrete fields for blood pressure, units of measure, etc) while overlooking the natural structure. Indeed at least one commercial system can accept and display almost any discrete data element that you can imagine, but cannot easily present the data originating from a medical encounter as a single, readable document. Alternatively, the structure itself could form the basis of a relational model but doing so would require a deep understating of basic design patterns (such as those in the book by Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides). Very few of the people that I have met that work in healthcare IT are aware of this material.

After studying this problem for years, I concluded that the information that makes up the medical record is better represented as a simple XML structure based on nested sections rather than by a traditional relational model. I described the fundamentals of this approach in several papers in the early 1990’s and have had an EMR system that is based on this design in the field for 10+ years in a variety of different settings.

In medicine, change is ever-present. It comes from outside in the form of new medical knowledge, regulations, treatments, etc. It also comes from inside. As the users gain knowledge and experience, they use existing applications differently and develop different and more demanding expectations. It has been my experience that making major changes to a system based on a relational model, once it has been deployed and used for some time, is a costly proposition, as significant changes in the model may require that the software be modified as well.

Using an XML approach based on structure, we can accommodate ANY content from ANY specialty and it is all interoperable and viewable as single set of coherent documents. Most importantly, significant changes can be made to the content that is be placed into the pre-defined structure without breaking the most important function – the entire medical record is still viewable and queryable without having to rewrite any applications. Once one becomes comfortable with this level of simplification, it is then trivial (if necessary) to mirror portions of the content in traditional relational tables to facilitate various daily activities and workflow. The latest XML capability in SQL Server, Oracle and DB2 makes the 2-way transition from document to database even easier.

The XML approach which I pioneered has been taken up by several standards groups and forms the basis for HL7’s Clinical Document Architecture standard and the Continuity of Care Record initiative.

There are healthcare people who model (the HL7 organization has developed an extensive OO model), but all too often, people who build healthcare software don’t pay any attention to the prior art whether it be research or applied work of the type produced by the HL7 group. There is a tendency to use NIH (not invented here) thinking as a reason to ignore the fundamentals of computer science and medical informatics.

If you are interested, you can find my stuff in Methods of Information in Medicine from 1991 and in several of the IEEE New Security Paradigms workshops from the mid-90’s.

Like Dan, I, too, have used XML models for data storage for many years. XML is a great persistence model and I do recommend it when the need is as specific as Dan mentions above; where you should be careful is that XML is not a natural model to do aggregation, consolidation, and analytics from various data sources (which is sometimes a pretty big requirement in modern health IT apps). If you do keep you data in XML format from an applications perspective, be prepared to still do some ETL and EII activities to get it into a more “analytics-friendly” format. There are also some modern XML native databases (both open source and commercial) that support querying and aggregation but they are neither popular nor ubiquitious which means tooling support is limited.

I wanted to thank Dan and others who have helped keep this topic of data modeling in healthcare topic alive; it’s very important. If you are a data modeler and would like to share your thoughts in public, I invite you to publish a guest article on my blog or others.

A reader (thanks Ed) just sent me this link to the Healthcare Services Specification Project that I thought might interest many of you. They describe their project as:

This project is a collaborative effort between Health Level Seven and the Object Management Group to identify and document service specifications, functionality, and conformance supportive and relevant to healthcare IT stakeholders and resulting in real-world implementations. In addition, several other groups have joined the HSSP effort. The Eclipse Foundation Open Healthcare Framework and the Medical Banking Project have each committed support to this project and are participating.

HSSP has some nice subprojects (like a terminology project, decision support, entity ID, etc) but it looks like it’s a very early effort at this time with very few practically useful downloads. We should all keep an eye on them and even join with them to help (if you can). I certainly plan to.

Health-IT World.com recently published my Introduction to Dynamic Data Models in Healthcare article. It’s a follow-on to my Healthcare Data Models Matter column from a couple of weeks ago.

I met the founders of SensibleVision, creators of the Fast Access computer security and access control software, at HIMSS a few weeks ago. I was fascinated because it’s one of those few security applications that you can understand in under a minute. Fast Access is a program that installs onto Windows workstations and allows users to simply sit in front of their computers and be automatically logged in using facial recognition. It’s a nifty program uses your web cam to “see” you, and recognize you. It automatically logs you in when you sit down, and logs you out automatically when you walk away. It doesn’t get any simpler. The folks at SensibleVision sent me a webcam (but there’s nothing special about it, it’s just an off the shelf $25 camera) and their software and we tried it out in my office.

Installation was very simple for both Fast Access and the camera. I just popped in the CD, followed the on screen instructions, and rebooted. I was ready to go in minutes. When the computer rebooted I was prompted to login regularly so that the camera could get “used to” my face. When I walked away after that I was automatically logged out. It did take the computer a few logins to fully recognize my face but the software, in its simplicity and effectiveness, is pretty impressive. Because it doesn’t require a centralized system to manage and works directly off of normal Windows authentication (including Active Directory) it’s fairly easy to start with a few workstations to give it a test drive.

For healthcare workers that that have to log into and out of systems with valuable medical information this is a very useful application because the various workstations they use can remember them automatically based on their face. And, in case the facial recognition ever fails, users can simply use their passwords. It lets them log in as soon as they come in front of the computer, and they don’t have to remember to log back out because once they leave the workstation Fast Access will log them out.

The login time was fairly quick. After logging out it took about 3-5 seconds for the camera to log back in.

The only issues I found were that when booting up it takes as long as 3-5 minutes just to start up Fast Access. This could have been a problem with my workstation but I have a pretty beefy system. Since it’s only at boot up, it’s not a big problem for me. Also, when first booting up the camera could not recognize my face very well and after being logged out for 1 or more hours the program took a bit long to respond. These are all probably glitches in the software that will improve over time.

The only process problem I see is that once the system works well for users, they might actually forget their passwords for those systems that do not have this system. I’d have to do a little process analysis to see how big the problem might be.

But, all in all, it’s worth checking out.

An editor from a large health IT publication with both a print and online presence has asked me if I know any folks looking to do any freelance writing on “practical” health IT topics. If you’re interested, drop me a note.

I’m a patent holder and I train patent examiners on technology topics so I often see and sometimes work with the folks at the U.S. Patent and Trademark Office (USPTO). If all you know about the USPTO is what you read in the newspapers you should attend some events where you’ll meet the folks that work there. If have found most of the staff that I’ve encountered to be courteous, hard-working, caring, and really trying to do the right thing as often as possible. They have a pretty tough job, though, so it’s hard to know what’s right or wrong (I think they do pretty well).

If you think the patent process is broken or would like to learn more about it, I just got an email announcement this morning that you would find useful:

The U.S. Patent and Trademark Office (USPTO) is holding a two-day conference to address the intellectual property needs of small and medium sized businesses, entrepreneurs, and independent inventors interested in manufacturing or selling their products abroad.

March 27 – Presentations to help conference attendees identify intellectual property assets and discuss the steps needed to protect those assets in the United States and abroad. Major presentations will cover patents, trademarks, copyright, and trade secrets.

March 28 – Presentations focusing on enforcement issues that may arise in protecting intellectual property rights in the United States and abroad including: patent, trademark, and copyright infringement; unfair competition; counterfeiting; and piracy.

This conference will also include one-on-one consultations between the USPTO attorneys and conference attendees on Monday and Tuesday afternoons.

This program is part of the Federal Government’s Strategy Targeting Organized Piracy (STOP) and the USPTO’s continuing commitment to increase public awareness of intellectual property rights and the enforcement of those rights in the global marketplace.

There is no charge to attend this event, but seating is limited and registration is required.

Dmitriy over at HealthVoices just posted about the medical blog aggregating “debate”. In case you’re not aware, HealthVoices is both a medical blog content aggregator and a blogging community where medical bloggers can get national recoginition for their writing.

I met Dmitriy at HIMSS and I was impressed by his knowledge, dedication to the medical community, and his innovative ideas about how something like HealthVoices could help physicians and other healthcare providers get messages out to patients and citizens. Dmitriy is a pretty nice guy so I was quite surprised at the “lynch mob” mentality (his words) that other bloggers seem to have about him aggregating not only links but actual postings from their blogs. I’m a little disappointed by how he’s publicly being chastised and how he’s being treated by some members of the blogosphere.

Now, I’m a blogger (i write several including this one) and I personally don’t like aggregators publishing my entire post but I do want them to publish my links. Although I feel strongly about it, I think the approach that Barbados Butterfly took in her complaint started a public fight that needn’t have been one. While I agree with Barbados Butterfly’s points, it was handled publicly which makes Dmitriy look like a villain when what he’s doing is trying to serve the community.

Fellow bloggers: if you find someone on the Internet doing something that you don’t like, please don’t take it public until you’ve tried to resolve the issue privately. Regardless of how egregious you think the offense is, it’s possible that another fellow blogger or site manager may have a different opinion and is willing to rectify your complaint quickly and quietly. Always try and resolve the problem via private e-mail first, see what the response is, and then if you need help from the community to resolve your grievance even have some fellow bloggers send email to threaten action. If Dmitriy was approached properly, I think he would have changed the policy and posted about the policy change along with the reasons (requests from the community). It would have been quick and painless for everyone.

By making all grievances public it makes us bloggers look like we are a bunch of cry babies that throw tantrums; and, it makes it more difficult to be taken seriously. I talk to many PR people who are afraid of sharing things with us sometimes because they think nothing is private. When I was at HIMSS I was wearing a “I’m a blogger” button so that everyone knew I was a blogger. Many of them would immediately stop talking or carefully choosing their words as soon as they find out they were speaking to a blogger. I assured them that before I wrote anything about anyone I ask permission because it’s the right thing to do. The blogosphere is not a different world: regular rules of etiquette do apply.

Quick note to Barbados Butterfly: you were 100% right that you should decide whether your posts are published or not and in the absence of any information Dmitriy probably shouldn’t have published your posts. But, since I know Dmitriy I think he’s been raked over the coals needlessly for what you believe to be a mistake he made (he would have easily corrected had he been approached about it privately).

The AAFP has a shiny new white paper with tips on how to use EHRs in the exam room.

They say “with a thoughtful approach, you can maintain your focus on the patient.” In their introduction they point out that most people talk about how to buy and deploy EHRs but that “minimal attention has been paid to understanding how family physicians use EHRs with patients in the examination room.”

I agree.

Here are the ten tips they mention in the white paper (many items taken verbatim, some with minor edits):

1. Use mobile monitors. We recommend investing in either flat-screen monitors on mobile arms, tablet computers or laptop computers.
2. Learn how to type and use a mouse and use Google and MS Word.
3. Integrate typing around your patients’ needs — which means it is important to know when to push the computer screen away.
4. Use templates for documentation, not for patient interviews, which require room for an open-ended narrative.
5. Separate some routine data entry and health-care maintenance issues from your patient encounters. Until patients are able to complete forms online in your waiting room or at home, consider having office nurses or medical assistants enter basic information before you walk into the exam room.
6. Rather than walking straight to the monitor following only a brief greeting, consider listening to the patient’s concerns before opening the screen to review the last visit’s notes.
7. Tell your patient what you’re doing as you’re doing it. Try to keep talking as you go about the work of both searching for and entering data into the EHR.
8. Use a finger, pen or cursor to guide the patient’s gaze when discussing data viewed on the monitor.
9. Encourage patients’ participation in building their charts.
10. Look at your patient. Patients deserve our primary attention.

My friend Adam Weinstein, a senior engineer at CardinalHealth, pointed me to the iHealthReports Open Source Primer for Healthcare whitepaper. Since it’s a primer it’s not too enlighting for many of us who’ve been in open source for a while but it’s quite good as an introduction to folks in healthcare who may have just started hearing about open source and wondering why it might be relevant to them. Some useful arguments come from their Executive Summary:

The potential advantages of open source software in health care are many. Anyone can use or modify the software with few restrictions, the cost for customers is minimal because developers generally volunteer their time, and revenues derive from services such implementation and support rather than licensing, which means health care providers are more likely to gain direct value. In addition, the fact that no single vendor owns the software gives providers more options, enables them to customize software for their own particular needs, promotes public and foundation funding of software development. and ensures correct and timely implementation of standards, as there are no proprietary limitations. The creation of technology standards that define how information is structured, defined, and exchanged is critical because successful health care information exchange will depend on them.

By facilitating the adoption of standardized electronic medical records, open source software may contribute to the creation of regional health information networks, which exchange data and patient records. Access to source code will allow each region to adapt the software to its specific requirements without having to develop an entire software suite from scratch. In turn, regional innovation will filter back to the larger health care community; advancing the technology while minimizing costs.

Open source software is increasingly likely to become the dominant model for creating software to improve the quality of care in a cost-effective way because companies such as Red Hat, MySQL, and jBoss have demonstrated that the model is viable; because computer companies such as IBM, Hewlett Packard, and Sun Microsystems support the model; and because several healthcare-oriented open source projects have proved it works. Open source will not herald the end of commercial health care software suppliers, nor will it mean free software for everyone. But it will provide a reference point for true value and could become a powerful agent for managing price. Commercial offerings will have no choice but to follow this model of compatible information systems and data exchange.

With all the great “community-focused” work going on in the healthcare world, we can see growth in community-powered clinical information. Projects like ClinWiki are letting contributors build unmoderated (or less-moderated) clinical knowledge bases. I read this nice article this month about Wikipedia and how it compares with Encylopedia Briannica. It’s a good article that demonstrates the strenghts and weaknesses of top-down versus bottom-up information publishing approaches.

Artima Developer recently started a discussion on How and When to Develop Domain-Specific Languages. It was a good discussion and made me think about a couple of DSLs I’d written for healthcare during my dot-com CTO days. I was wondering if others had done the same and whether they’d like to share their DSLs with the rest of the healthcare IT community.

The Royal Society of Medicine is running the third annual Handheld Computers in Medicine workshop on 6th April in London. The workshop is a day long event split into two streams, one for beginners chaired by Dr Chris Paton (New Media Medicine) and one for more advanced users chaired by Dr Mo Al-Ubaydli (Mo.md). Handheld computers will be provided for the day for participants to follow along with the demonstrations and try out medical software applications. This event will be useful for any doctors interested in getting started with PDAs, what medical software they need and how to use it. The advanced stream will help more experienced users set up PDA projects in their hospitals and discuss important issues such as security, contracts and training other users.

More details of the sessions and how to register are available at Doctors’ Gadgets and there is a thread for any questions about the event on the Doctors’ Gadgets Forum.

Health Wonk Review, the almost-new round up of the good and the great in blogging about health care policy, business and technology, is up over at Matthew’s The Health Care Blog.

The EHRVA Interoperability Roadmap is available. Here’s how they describe it:

The EHRVA Interoperability Roadmap supports the national goal of interoperable electronic health records and provides a pragmatic, logical plan that will succeed when adopted and implemented by key stakeholders. We provide this Roadmap to mobilize the leadership of healthcare organizations, information technology vendors and other relevant stakeholders to collectively deliver on the vision by incorporating this Roadmap into their plans.

The roadmap is an interesting piece of literature but is not too useful for actually implementing anything specific. They touch on the general problems of interoperability and how industry can get towards a solution without requiring government action. Worth reading.

So, what’s the big deal? Well, according to the Pew Internet & American Life Project only 73% of us get news online. So, Pew seems to log more people as having researched health information online than receiving news. This is a great trend for those of us in health IT who want to create Software as a Service (Saas) offerings that present useful health information and health IT solutions via the Internet. Doctors are on board, patients are on board, and the infrastructure is ready. So what’s the hold up? As usual, it’s the healthcare IT vendors that are holding our patient information, healthcare data warehouses, and lots of other useful assets hostage inside their silos (applications). Fellow IT colleagues, it’s time to make noise.

I’ve been using Citrix software for years and more recently I’ve started using GotoMeeting.com for getting together with my clients and employees remotely. GotoMeeting allows unlimited online meetings for up to 10 people at a time for a small monthly fee. It allows me to hook up with my clients and their PCs anytime I want — the clients love the immediate service and we can get multiple parties together at a moment’s notice without installing new software on multiple PCs. Everyone participating in the meeting can share their screens with others in the meeting and multiple people can even control the same PC. It’s really nice. NetMeeting is free and built into modern Windows operating systems and is pretty useful within corporate firewalls but I’ve found GotoMeeting much easier to use and it’s never failed to get through firewalls anywhere I’ve used it.

Another service Citrix offers is called GoToMyPC.com. This software is equally cool but for a different audience: it allows a PC sitting behind a firewall (in a company, for example, or in your home behind a router) to be accessed through any web browser. Your entire PC becomes remotely accessible in a window whenever and wherever you need it. I don’t use GoToMyPC much because I use Windows XP’s built-in Remote Desktop Connection (RDC) but RDC is not firewall-friendly can can’t tunnel through shared ports. RDC is OK, but GoToMyPC is far more useful in more circumstances. Of course, RDC is free but GoToMyPC is not (it has a monthly fee).

So, what does this mean for healthcare/medical professionals? Why should IT department support these kinds of services? Easy — they’re useful, simple, and have very little deployment headaches.

If you have doctors and healthcare providers working at remote facilities or need access to shared computers behind firewalls you can get easy, secure remote access with the Citrix solutions. If you have radiologists who need quick image reading and you don’t want large images to flow through the internet, setup a remote solution like this to allow docs to get to their work computers from home. With GotoMeeting you can have multiple care providers who are consulting on a case see diagnostics, care data, lab images, etc at the same time while talking on the phone (Citrix even provides the conference calling numbers for free).

Docs that have EMRs and clinical documentation available at their offices can now have, using a single click, full access to that clinical information from their home or remote facilities.

The thing to watch out for is that both GotoMeeting and GoToMyPC can allow access to corporate networks without the IT department knowing about it. Users can sign up directly with Citrix without IT knowledge or permission. Unless you have intelligent packet filtering and website blocking turned on, these types of services could already be in use and allowing remote access without you knowing about it. If you learn about it, you can setup policies for it, and manage it better.

Dale Hunscher commented on my earlier posting about best language selection for HIPAA security. He made my point better than I did so I thought I’d raise the comment to a level where everyone can see it.

I agree with the post about the need for “good developers”, but I think that needs clarification, by way of expanding on Administrator’s comment above. Many programmers/software engineers have no real understanding of what kinds of programming practices create security holes. Most are subtle errors, and of little interest to developers since they usually require attention to details that do not add to the feature set in any visible way, and no challenging algorithmic problems are involved.

In my domain, clinical research informatics, HIPAA is another area where developers commonly have misconceptions, especially with respect to creating deidentified and limited data sets. The rules are arcane and even less interesting to programmers than security.

Developers who have this level of knowledge are hard to find, and when you encounter them they usually have the level of experiential wisdom that transcends any given programming language or environment. Give them well-defined requirements and definition of applicable constraints, and you will get a secure system.

Java programmers who happen to do “real world” scientific work should check out JScience. Their vision, according to the website is:

* To provide the most comprehensive JavaTM library for the scientific community.

* To create synergy between all sciences (e.g. math, physics, sociology, biology, astronomy, economics, etc.) by integrating them into a single architecture.

* To provide the best on-line services (webstart) for scientific calculations and visualizations.

As most of us bloggers already know, Really Simple Syndication (RSS), is pretty popular in the blogosphere. It’s a wonderful solution to the “how do I tell everyone I have new stuff without sending out a bunch of emails?” problem. Although it’s quite popular for syndicating content like news, blog articles, and related information I think RSS has a chance to make a huge impact on healthcare and medical data sharing.

Today medical devices send out alerts using one or more mechanims in a “push based” approach. For example, the device manufacturer has to write software to send alerts via e-mail, pager, phone, etc whenever some programmed action occurs in their device. In the healthcare IT world data sharing occurs through HL7 in a hub-and-spoke or publish/scribe model where all information is published to a broker and that broker is queried for things like new lab results, updated patient information, etc.

Well, what if all medical devices had the ability to respond to RSS requests on various channels? For critical messages the push method would be fine but for other kinds of messages we could have a channel which an IT system could poll every second, minute, or over many hours depending upon how often the system wanted an update from a device. Instead of all the devices always sending out all messages, why not put in some simple code to respond to RSS requests and separate the different message types into RSS channels? This way, the “pull based” approach allows the device to be more responsive to each client instead of having to use a broker model to send out all messages.

What if health IT systems from Cerner, Misys, McKesson, etc also had this capability? Suppose I wanted to use my mobile device (which will all have RSS feed readers installed) to be able to check on labs for a particular group of patients? I could simply subscribe to a specific channel in a Lab Management System’s RSS feed and get what I need without having to go through a broker. If I’m a doctor and I have a finite number of patients, I can simply subscribe to an RSS feed of my patient’s data in all the various IT systems and pull together my own aggreator.

Think about RHIOs and how they could use RSS to subscribe to information across multiple health IT systems.

I think with a little creativity, building in RSS publishers inside our medical devices and health IT systems like EMRs and HIS would go a long way towards helping create more interoperable systems. Of course, content and messaging standards like HL7 would not be replaced but would become the de facto standard of the payloads in the messages that RSS feeds could publish.

What do you think? Ready to start a company based on this idea? I’m game

Open source software is often difficult to install and get up running so “trying it out” is not trivial. We need web servers, application servers, database servers, etc all working in tandem just to check out some software. On the commercial side things are a little better but still complicated.

My good friend Faisal Qureshi, who’s in the healthcare IT professional services and consultancy business, left a comment on one of my recent open source articles about how difficult it is to install the open source solutions and suggested that using virtual machine software like VMWare, which is now free for many licensing options, would make it significantly easier for customers to try out software.

A virtual machine (VM) engine is a piece of software (the technology dates back from the mainframe era) that allows multiple logical operating systems (a “virtual machine”) to operate on a single physical machine. Assuming you had enough memory and processor power, you could have a Linux or Windows “host computer” that would allow multiple Windows 95, 98, NT, XP, Linux, etc “client virtual machines” to run as separate windows at the same time. On my workstation I often run several virtual machines at the same time.

I’ve been advising my clients, most of which develop software for a living, to use virtual machines to help improve quality, test multiple operating systems on a single machine, produce “snapshots” of an operating environment to do installations and training, and many other uses. I’ve written so much about it before that I totally forgot about the use that Faisal mentioned.

Faisal’s idea is simple but brilliant: software vendors should create a “virtual machine image” of a system that has their software, database, network, etc all preinstalled and preconfigured. VMWare has a free version that can take a machine image and launch it on any modern computer. For Windows there would be licensing issues from Microsoft (a vendor can’t just create a virtual machine client image with Windows without licensing restrictions). However, for any software that runs on Linux that’s not a problem — just bundle the operating system fully configured to run your software along with whatever else is needed and give your customer a “single click” launch and test capability.

The folks from MedSphere, VISTA, ClearHealth, and other open source groups should take this advice. The virtual machine client model for giving a trial version would change the trial deployment model dramatically and give you leg up on your competition. You could offer a “5 minute” install regardless of how complex your software is.