The Healthcare IT Guy

NIH’s Biomedical Computing Group is putting together a lecture on natural language computation (not to be confused with natural language processing). If you’re interested in attending, drop me a comment here and we can meet up there. The speaker, Dr. Lofti A. Zadeh, prepared the following abstract (see poster):

What is meant by Computation with Information Described in Natural Language, or NL-Computation, for short? Does NL-Computation constitute a new frontier in computation? Do existing bivalent-logic-based approaches to natural language processing provide a basis for NL-Computation? What are the basic concepts and ideas which underlie NL-Computation? These are some of the issues which are addressed in the following.

What is computation with information described in natural language? Here are simple examples. I am planning to drive from Berkeley to Santa Barbara, with stopover for lunch in Monterey. It is about 10 am. It will probably take me about two hours to get to Monterey and about an hour to have lunch. From Monterey, it will probably take me about five hours to get to Santa Barbara. What is the probability that I will arrive in Santa Barbara before about six pm? Another simple example: A box contains about twenty balls of various sizes. Most are large. What is the number of small balls? What is the probability that a ball drawn at random is neither small nor large? Another example: A function, f, from reals to reals is described as: If X is small then Y is small; if X is medium then Y is large; if X is large then Y is small. What is the maximum of f? Another example: Usually the temperature is not very low, and usually the temperature is not very high. What is the average temperature? Another example: Usually most United Airlines flights from San Francisco leave on time. What is the probability that my flight will be delayed?

Computation with information described in natural language is closely related to Computing with Words. NL-Computation is of intrinsic importance because much of human knowledge is described in natural language. This is particularly true in such fields as economics, data mining, systems engineering, risk assessment and emergency management. It is safe to predict that as we move further into the age of machine intelligence and mechanized decision-making, NL-Computation will grow in visibility and importance.

Computation with information described in natural language cannot be dealt with through the use of machinery of natural language processing. The problem is semantic imprecision of natural languages. More specifically, a natural language is basically a system for describing perceptions. Perceptions are intrinsically imprecise, reflecting the bounded ability of sensory organs, and ultimately the brain, to resolve detail and store information. Semantic imprecision of natural languages is a concomitant of imprecision of perceptions.

Our approach to NL-Computation centers on what is referred to as generalized-constraint-based computation, or GC-Computation for short. A fundamental thesis which underlies NL-Computation is that information may be interpreted as a generalized constraint. A generalized constraint is expressed as X isr R, where X is the constrained variable, R is a constraining relation and r is an indexical variable which defines the way in which R constrains X. The principal constraints are possibilistic, veristic, probabilistic, usuality, random set, fuzzy graph and group. Generalized constraints may be combined, qualified, propagated, and counter propagated, generating what is called the Generalized Constraint Language, GCL. The key underlying idea is that information conveyed by a proposition may be represented as a generalized constraint, that is, as an element of GCL.

In our approach, NL-Computation involves three modules: (a) Precisiation module; (b) Protoform module; and (c) Computation module. The meaning of an element of a natural language, NL, is precisiated through translation into GCL and is expressed as a generalized constraint. An object of precisiation, p, is referred to as precisiend, and the result of precisiation, p*, is called a precisiand. Usually, a precisiend is a proposition, a system of propositions or a concept. A precisiend may have many precisiands. Definition is a form of precisiation. A precisiand may be viewed as a model of meaning. The degree to which the intension (attribute-based meaning) of p* approximates to that of p is referred to as cointension. A precisiand, p*, is cointensive if its cointension with p is high, that is, if p* is a good model of meaning of p.

The Protoform module serves as an interface between Precisiation and Computation modules. Basically, its function is that of abstraction and summarization.

The Computation module serves to deduce an answer to a query, q. The first step is precisiation of q, with precisiated query, q*, expressed as a function of n variables u₁, …, u_n. The second step involves precisiation of query-relevant information, leading to a precisiand which is expressed as a generalized constraint on u₁, …, u_n. The third step involves an application of the extension principle, which has the effect of propagating the generalized constraint on u₁, …, u_n to a generalized constraint on the precisiated query, q*. Finally, the constrained q* is interpreted as the answer to the query and is retranslated into natural language.

The generalized-constraint-based computational approach to NL-Computation opens the door to a wide-ranging enlargement of the role of natural languages in scientific theories. Particularly important application areas are decision-making with information described in natural language, economics, systems engineering, risk assessment, qualitative systems analysis, search, question-answering and theories of evidence.

If you’re writing healthcare apps in Java, take a look at Jasypt. Especially if you need to encrypt data in your databases. Here’s how the authors describe it:

Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.

Features:

• Provides easy encryption tools for little adoption effort.

• Also provides highly configurable standard encryption tools, for power-users.

• All encryption tools comply with encryption best practices and security recommendations. They are also thread-safe to avoid concurrency problems even in multi-threaded environments like web applications.

• Jasypt-hibernate provides a transparent mechanism for persisting data in an encrypted form using Hibernate.

• All encryption tools are designed to be easily integrable into IoC containers like the Spring Framework, although, of course, it can be used without one.

I haven’t had a chance to play with it yet, but I really like the hibernate library that allows transparent persistence of database fields. Most developers find that work depressingly difficult so security usually suffers but if Jasypt does its job perhaps we’ll get some more security without extra work.

I recently ran across Emmi Solutions (www.emmisolutions.com), which I was fascinated to learn was co-founded by a surgeon and a computer game designer (not exactly a common combo). What I liked about Emmi was that it facilitates physician-patient communication by providing “prescription-strength” multimedia programs to help patients understand what to expect before, during, and after a surgical or invasive medical procedure. As most of us who’ve been in this industry for a while intuitively get, the more a patient knows and understands about their care providers, their diagnoses, and their procedures, the better the patient’s overall health is likely to be.

I liked Emmi’s focus on using common-sense tech solutions so I recently invited Mark Achler, their CEO, to talk about the problem his company is solving. He indicated that whether it’s preparing for a procedure, living successfully with a medical device, or helping people manage a chronic disease, the Emmi system is designed to improve quality by helping patients, their families and caregivers take an active role in their care. While it may sound like a marketing slogan, I actually felt that their solutions could help patients directly (instead of like other technology which helps indirectly through use only by physicians or care providers).

Given Mark’s expertise in the field, I asked him the following question: “How is technology improving patient communication, which in turn, improves their overall healthcare?” Here’s what Mark said:

Technology is a vehicle that we use to help solve a problem that is not getting as much attention as it should. Here’s the problem – 90 million Americans have low health literacy. That means, that over half the country has trouble reading the directions on their pill bottles, informed consent forms, insurance information, and the majority of the written patient information in pamphlets and on the Web. And it’s well-studied that better-informed patients have shorter hospital stays, use fewer hospital resources, sue their doctors less, and have better outcomes.

So, to answer your question – how can technology help? One way is to leverage technology to extend the doctor’s reach. Doctors are crunched for time. They’d like to spend more time helping patients understand their conditions, how to care for themselves, what’s involved with a procedure, etc, but the clock is ticking and the waiting room is full. Patients want and need better, clearer, understandable and actionable information so they can get involved with their treatment.

As patients, we need to work to change what has evolved into an almost “confrontational” relationship with the healthcare world, and transform it into a true partnership. The goal is to reach a level of good communication that allows everybody in the patient care equation to share a common language and understanding.

This is where the power of technology comes into play. Today, patients and their families expect more from their physicians. But there are many challenges in properly informing, educating and managing patients’ questions and expectations. Almost everyone agrees that technology can, and should, be used to facilitate the process. And when correctly implemented, technology, in our case a Web-based platform, can offer the perfect “vehicle” to educate patients, manage their expectations and communicate more effectively.

The concept is simple: provide healthcare information to patients which will, in turn, appropriately set expectations and drive behavioral change. In order to do this, the information needs to be accessible and empathetic to be emotionally engaging. And if healthcare professionals can inform patients about what to expect from a procedure in language they can truly understand, it can help build trust, minimize misunderstanding, improve compliance and outcomes, and cut malpractice risks. This new form of communication requires flexible communication tools that can be implemented at every health interaction to document all provider-patient exchanges, and that can take difficult-to-understand information and transform it into a form that everyone can comprehend.

Today, more and more decision makers are interested in e-health tools as critical components of personal health management and healthcare reform strategies. Decision makers are seeking viable approaches to reduce healthcare costs, improve the quality of care, and increase consumers’ ability to manage their own health.

In a field where trust and good communication is critical to quality and safety, Web-based tools should be highly regarded as an intervention that can simplify complex information, encourage patient involvement and affect behavioral change. After all, better-informed patients who are engaged in their own care establish benefits that cascade across all healthcare organizations and interests.

Relational databases like ORACLE, SQL*Server, and MySQL are great at storing structured data in rows and columns and managing relationships across tables. Relational database are also more write-friendly than read-friendly (like searching). What that means is that vendors and developers often structure the tables and columns more to make it easy for them to write data into than for users to read data out of (because users are always more creative than we think they are).

One way to get around structural limitations is to put full-text searching on top of structured data . One such tool, DBSight, is an inexpensive but useful application that allows you to point to any relational database and then do Google- or Amazon-like searches. While I recommend full-text searching because it is a great addition to most relational databases, you need to make sure you design the privacy and security rules appropriately otherwise users might get access to stuff they shouldn’t.

If you haven’t done so already, start asking your vendors to give you full-text searching capabilities in your applications so that they can manage the privacy and security rules.

It always amazes me when I find new or even seasoned managers that haven’t come across a situation where programmers wanted to use tools, techniques, or technology to improve their resume instead of solving the customer’s problems. This concept, which I call RDD (resume driven development), is very real and it’s actually a fairly widespread problem.

In fact, RDD is so prevalent these days that people will actually choose Java over Perl because “Perl will not help my career”. Or, they’ll choose WebLogic or WebSphere instead of Tomcat or Jetty because “who’s going to hire me because I know Jetty?” Never mind that Ruby, Perl or Python may be much better for some quick and dirty solutions where Java may take too long. Never mind that WebSphere will cost much more and may be too heavy a framework for the customer’s need. I’ve heard many developers at my clients’ sites say that they “just have to use Ruby on Rails on this project” because rails work may be in demand. Never mind that Rails may create maintenance headaches or require senior engineering talent that may not be available.

Now, don’t get me wrong: choosing any particular IDE, framework, or tool like Rails is not a bad idea (I actually love Rails). But, tools should not be chosen to help a career; tools should be chosen because the customer will get a high-quality solution. Just don’t choose a tool or product (and I’ve seen it many, many, times) because a developer wants to “learn the tool” at your customer’s expense! Similarly, choose languages and libraries because of their utility to your project, not the developer’s preferences to learn new things. More often than not, a new tool introduced into an existing project will delay things, not speed up delivery. And quality will likely suffer.

It’s similar to a problem I’ve seen in non-technical sectors as well — namely, the politicization of decisions. As we all know, politics (office-style) and Politics (democracy-style) often leads us to make suboptimal decisions. Managers choose particular people on their projects to help advance their careers; workers hide problems and make themselves look better to advance their careers; these are things we come across all the time. RDD is no different — developers usually can’t play politics to advance their careers so they end up with resume driven development tactics to pad their resumes so that their next job is easier to get.

Note to all managers and leaders of software projects: when developers ask you to choose a particular tool or technology, always have them explain to you why this may not just be a RDD request versus a request that may actually be good for the client. If the developer talks more about the technology as opposed to the solution or the customer’s requirements then the developer is not focused on the right topic. In fact, ask the developer outright: “will this tool, technology, or technique help your career more than it will help the client?” See how the developer responds.

There are several types of directories that are useful in healthcare settings; the first is a directory of users and Microsoft Docmain Controller (DC), Active Directory (AD), and LDAP are the most common solutions. DC, AD, etc all help manage a list of users, their roles, and other identity management functions within an enterprise. Another common directory is a master person or master patient index (MPI). MPIs are very useful because it gives a single view of the patient (customer) population within an enterprise.

There are a number of vendors that provide useful MPIs in the commercial world but sometimes, especially in academic or integrated delivery network (IDN) settings it’s useful to create your own MPI. The best approach is to combine the patient catalogs in various applications and provide a unified front-end. For this purpose, you can use a tool like Penrose.

Penrose is a Java-based open source virtual directory server. It basically allows you to connect various data sources (like your clinical apps, your customer-facing apps, support applications, etc) and give a unified view of the patients, users, etc via a virtual LDAP interface. What this allows you to do is to maintain your separate applications where you need to but provide an MPI through a portal for search, lookup, and other purposes. In their words:

Virtual directory enables federating (aggregating) identity data from multiple heterogeneous sources like directory, databases, flat files, and web services - real-time - and makes it available to identity consumers via LDAP.

Penrose has a good architecture, especially for distributed application connectivity within healthcare enterprises, and is worth a look.

I ran across Picalo, an open source fraud detection platform, and thought it might be a great solution for those of us looking to build our own fraud detection systems in healthcare settings. Here’s how the authors describe it:

Picalo is a data analysis application, with focus in fraud detection and data retrieved from corporate databases. It is also the foundation for an automated fraud detection system.

Picalo is currently focused on data analysis for fraud and corruption detection. However, it is an open framework that could actually be used for many different types of data analysis: network logs, scientific data, any type of database-oriented data, and data mining.

One of the nicest features of Picalo seem to be detectlets. These are little bits of analysis code written by analysts and non-programmers to help define what to look for when attempting to detect fraud. By creating libraries of detectlets we could build and share fraud detection rules between IDNs, hospitals, government institutions, etc. Seems very powerful.

The only issue I see with Picalo is that it’s GPL which means that it’s not a very friendly open source license for commercial vendors to build their software upon. GPL is great for end users, though (especially if you plan to build your system in an IT shop).

Based on my recent discussions with numerous CIOs, they each mention that SSO is something that’s on their radar screens as an important or high priority requirement. Given that most users deal with multiple IT systems during the day and they’re getting tired of re-authenticating themselves for each system, it’s understandable.

While the commercial vendors already tout their own (pretty good in some cases) solutions I thought I’d bring some of you up to speed on one open source solution that you may not be aware of: the Central Authentication System (CAS). CAS is an authentication system originally created by Yale University that allows applications written in Java, .Net, PHP, Perl (and other languages) to authenticate a user against a central directory or multiple directories.

An important feature of CAS is that it’s an open protocol with a solid set of implementations in multiple languages. This means that you can write your own implementation and continue to use the CAS protocol/standard across your various products. And, since it’s open source, you can have your vendors use it without buying per user or application licenses. It’s already in active use in decent size campuses so you don’t have to worry about being an early adopter.

Have your folks check out CAS, it’s something I’ve analyzed personally and it’s a great option for many organizations looking for a reduced or sign sign on solution.

Adobe recently announced the release of its Acrobat 8 product line. Acrobat (and the associated PDF format) is in heavy use within the healthcare industry because of it’s ability to manage paper documents in electronic format with high fidelity.

One of the important new features of Acrobat 8 is Acrobat Connect which allows users to start a Web conference to collaborate on any kind of document (not just PDFs).

What’s great about Acrobat Connect (which I’ve used recently) is that it has the ability to easily collaborate on medical records, diagnosis charts, simultaneously view lab reports, etc. While not designed for the healthcare industry specifically, there are many features that good healthcare architects, technologists, and CIOs can specially put to use that would improve the ability to even legacy applications to be made collaborative.

Other tools, like GotoMeeting and WebEx, can do similar things but they can’t be installed in your environment behind a firewall (they are only externally hosted solutions) but Acrobat Connect can be made more secure and installed privately. It’s worth taking a closer look.

By the way, have you voted for your favorite healthcare informatics/technology blog yet?

Your friendly neighborhood healthcare bloggers are preparing for another meetup at the HIMSS ‘07 conference next month in New Orleans. Last year’s meetup was a smashing success so we’re looking forward to another great gathering this year.

If you’re a healthcare blogger who’d like to meet other bloggers/readers or a reader that would like to meet their favorite bloggers, we have an automated registration database available to express your interest. When you sign up, you can provide public or private comments and rest assured that your e-mail (if you choose to provide it) will remain private and invisible. We would like to have people in the database so we know how to arrange for food, location, sponsors, etc.

When you’re ready to register please visit the HIMSS 2007 Blogger and Reader Meetup Registration site. Once you register you will be able to see everyone else that has registered for the event as well. If you’re not sure you want to register but would like to see who’s already signed up, check out the list. Again, rest assured that e-mail addresses and private comments are not shown to the public.

If you have some suggestions for venue or location leave comments in this posting or in the registration form. Thanks!

If you’re looking for a simple and fast way of trying out free EMR and practice management software, check out the OpenEMR 2.8.1 Virtual Machine Appliance. All you need to run it is a computer with VMware Server (freely available). It comes complete with an operating system and all the software you need.

Here’s how the authors describe it:

This is a comprehensive Open Source Medical Practice Management Software Appliance. It will provide office scheduling, electronic medical records, prescriptions, insurance billing, accounting, inventory, and access controls. The appliance will have many possible applications, such as a fully functional demo, a testing/developing platform, and as the starting point in real world clinic applications. The target audience is also broad and includes health care practitioners, clinic IT staff, and developers. A significant portion of the target audience will be more accustomed to Microsoft Windows, so it was decided to keep X-windows along with all the other default Mandriva software amenities.

OpenEMR is installed, along with FreeB, SQL-Ledger, and php-GACL. OpenEMR is the practice management software; home page is at http://www.oemr.org/ . FreeB is the insurance billing/printing software. SQL-Ledger is the accounting/inventory software. Php-GACL is the access control software.

The most important part of this appliance is the documentation. It includes instructions on appliance installation, use (including all the needed logins/passwords), configuration, and detailed instructions on how it was built. It illustrates how to install printers, configure a custom email server, and install an automated backup scheme which incorporates encryption. The documentation also illustrates in detail how the appliance was built. This will allow others to easily modify/update the appliance. It will also allow easy migration to a native server, if required. The User Manual (html/pdf) is included in the ‘/UserManual’ directory of the compressed file, and can also be found on the Desktop of the appliance. The most current version of the manual can be found at(this is a large file, so may take some time to download): http://www.bradymd.com/appliance/

The NSA’s unclassified 60 Minute Network Security Guide is a great way to check that your network security is up to par with the nation’s pre-eminent spy agency’s guidelines. Check it out and see if your network measures up — leave some comments here to tell us what you think about the guidance provided.

A few readers were kind enough to nominate my blog for the MedGadget Medical Blog Award in the Best Medical Technologies/Informatics Weblog category.

Voting is now open; so, if you like this blog, let Medgadget know. Thanks in advance for your support!