Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 25 2014

Four short links: 25 February 2014

  1. Bitcoin Markets Down — value of bitcoins plunges as market uncertain after largest bitcoin exchange goes insolvent after losing over 750k bitcoins because they didn’t update their software after a flaw was discovered in the signing of transactions.
  2. Flappy Bird for the Commodore 64 — the 1980s games platform meets the 2014 game. cf the machine learning hack where the flappy bird learns to play the game successfully.
  3. Air Hockey Robot — awesome hack.
  4. Run 30 Lab Tests on Only One Drop of Blood — automated lab processing to remove the human error in centrifuging, timing, etc. that added to variability of results.

January 21 2014

Four short links: 21 January 2014

  1. On Being a Senior Engineer (Etsy) — Mature engineers know that no matter how complete, elegant, or superior their designs are, it won’t matter if no one wants to work alongside them because they are assholes.
  2. Control Theory (Coursera) — Learn about how to make mobile robots move in effective, safe, predictable, and collaborative ways using modern control theory. (via DIY Drones)
  3. US Moves Towards Open Access (WaPo) — Congress passed a budget that will make about half of taxpayer-funded research available to the public.
  4. NHS Patient Data Available for Companies to Buy (The Guardian) — Once live, organisations such as university research departments – but also insurers and drug companies – will be able to apply to the new Health and Social Care Information Centre (HSCIC) to gain access to the database, called care.data. If an application is approved then firms will have to pay to extract this information, which will be scrubbed of some personal identifiers but not enough to make the information completely anonymous – a process known as “pseudonymisation”. Recipe for disaster as it has been repeatedly shown that it’s easy to identify individuals, given enough scrubbed data. Can’t see why the NHS just doesn’t make it an app in Facebook. “Nat’s Prostate status: it’s complicated.”

October 28 2013

Four short links: 28 October 2013

  1. A Cyber Attack Against Israel Shut Down a RoadThe hackers targeted the Tunnels’ camera system which put the roadway into an immediate lockdown mode, shutting it down for twenty minutes. The next day the attackers managed to break in for even longer during the heavy morning rush hour, shutting the entire system for eight hours. Because all that is digital melts into code, and code is an unsolved problem.
  2. Random Decision Forests (PDF) — “Due to the nature of the algorithm, most Random Decision Forest implementations provide an extraordinary amount of information about the final state of the classifier and how it derived from the training data.” (via Greg Borenstein)
  3. BITalino — 149 Euro microcontroller board full of physiological sensors: muscles, skin conductivity, light, acceleration, and heartbeat. A platform for healthcare hardware hacking?
  4. How to Be a Programmer — a braindump from a guru.

February 11 2013

Four short links: 11 February 2013

  1. How Virtual Fences Will Transform Rural America (The Atlantic) — When it comes to managing animals, every conventional fence that I have ever built has been in the wrong place the next year.
  2. Stately — a font of states which mesh together, so you can style individual states in CSS. Clever! (via Andy Baio)
  3. Code Triage — mails you a todo from your favourite Github projects. Interesting to see (a) what happens once there’s an easy way to access things like issues across multiple projects; and (b) what a lightweight hack it is for increasing participation. What small things could you send out each day, something different to each person, that’d help you make progress? Hm.
  4. MIT’s Health and Wellness Hack Day — 80 participants, two weeks. Good writeup in Fast Company. The focus here is on producing commercially viable products.

December 22 2012

14 big trends to watch in 2013

2012 was a remarkable year for technology, government and society. In our 2012 year in review, we looked back at 10 trends that mattered. Below, we look ahead to the big ideas and technologies that will change the world, again.

Liquid data

In 2012, people still kept publishing data in PDFs or trapping it in paper. In 2013, as entrepreneurs and venture capitalists look to use government data as a platform, civic startups that digitize documents will help make data not just open but liquid, flowing across sectors previously stuck in silos.

Networked accountability

In 2012, mobile technology, social media and the Internet have given first responders and government officials new ways to improve situational awareness during natural disasters, like Hurricane Sandy. A growing number of free or low-cost online tools empowers people to do more than just donate money or blood: now, they can donate, time, expertise or, increasingly, act as sensors. In 2013, expect mobile sensors, “sensor journalism” and efforts like Safecast to add to that skein of networked accountability.

Data as infrastructure

When natural disasters loomed in 2012, public open government data feeds became critical infrastructure. In 2013, more of the public sector will see open data as a strategic national resource that merits stewardship and investment.

Social coding

The same peer networks that helped build the Internet are forming around building digital civic infrastructure, from collaboration between newsrooms to open government hackers working together around the country. 2012 was a breakout year for GitHub’s use in government and media. 2013 will be even bigger.

Data commons

Next year, more people will take a risk to tap into the rewards of a health data commons. Open science will be part of the reward equation. (Don’t expect revolutionary change here, just evolutionary change.)

Lean government

The idea of “lean government” gained some traction in 2012, as cities and agencies experimented with applying the lean startup approach to the public sector. With GOV.UK, the British government both redefined the online government platform and showed how citizen-centric design can be done right. In 2013, the worth of a lean government approach will be put to the test when the work of the White House Innovation Fellows is released.

Smart government

Gartner analyst Andrea DiMaio is now looking at the intersection of government and technology through the lens of “smart government.” In 2013, I expect to hear much more about that, from smartphones to smarter cities to smart disclosure.

Sharing economy

Whether it’s co-working, bike sharing, exchanging books and videos, or cohabiting hackerspaces and community garden spaces, there are green shoots throughout the economy that suggest the way we work, play and learn is changing due to the impact of connection technologies and the Great Recession. One of the most dynamic sectors of the sharing economy is the trend toward more collaborative consumption — and the entrepreneurs have followed, from Airbnb to Getable to Freecycle. The private sector and public sector are saving real money through collaborative consumption. Given support from across the ideological spectrum, expect more adoption in 2013.

Preemptive health care

Data science and new health IT offer an extraordinary opportunity to revolutionize health care, a combination that gave Dr. Atul Gawande hope for health care when we spoke in 2012. In 2013, watch for a shift toward “preemptive health care,” as behavioral science becomes part of how affordable care organizations try to keep patients healthy.

Predictive data analytics

Just as doctors hope to detect disease earlier, professionals across industry and the public sector will look to make sense of the data deluge using new tools next year. Predictive data analytics saved lives and taxpayer dollars in New York City in 2012. U.S. cities have now formed a working group to share predictive data analytics skills. Look for data science to be applied to regulatory data more in 2013.

Algorithmic censorship and algorithmic transparency

Expect speech online to continue be a flashpoint next year. As algorithmic censorship becomes a common approach to moderation on social networks and predictive analytics are applied in law enforcement, media, commerce and regulation, there will be even more interest in understanding bias in these systems and the civil rights implications of big data.

Personal data ownership

Should the Freedom of Information Act apply to private companies? In 2012, a report from the World Economic Forum and McKinsey Consulting described personal data as a new asset class. Much of the time, however, people are separated from their personal data. In 2013, expect to see more data disclosed to consumers and citizens and applied in new choice engines.

Open journalism

In 2012, Guardian Editor Alan Rusbridger shared 10 principles for open journalism. While the process of gathering and sharing news in a hyper-networked environment will only grow more messy as more people gain access to tools to publish around the world, this trend isn’t going backward. Despite the trend toward the “broadcast-ification of social media,” there are many more of us listening and sharing now than ever before. Expect journalism to be a more participatory experience in 2013.

Automation, artificial intelligence and employment

The combination of big data, automation and artificial intelligence looked like something new in 2012, from self-driving cars to e-discovery software to “robojournalism” to financial advisers to medical diagnostics. Wherever it’s possible, “software is eating the world.” In 2013, the federal government will need an innovation agenda to win the race against the machines.

October 19 2012

Four short links: 19 October 2012

  1. Home-made 3D-Printed Drones — if only they used computer-vision to sequence DNA, they’d be the perfect storm of O’Reilly memes :-)
  2. Hacking Pacemakers For DeathIOActive researcher Barnaby Jack has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.
  3. Google N-Gram Viewer Updated — now with more books, better OCR, parts of speech, and complex queries. e.g., the declining ratio of sex to drugs. Awesome work by Friend of O’Reilly, Jon Orwant.
  4. Deanonymizing Mobility Traces: Using Social Networks as a Side-Channela set of location traces can be deanonymized given an easily obtained social network graph. [...] Our experiments [on standard datasets] show that 80% of users are identified precisely, while only 8% are identified incorrectly, with the remainder mapped to a small set of users. (via Network World)

October 16 2012

Open health data in practice: Increase your access to lab results

I’m convinced that there’s a wave of innovation coming in healthcare, driven by new kinds of data, new ways of extracting meaning from that data, and new business models that data can enable.  That’s one of the reasons why we launched our StrataRx Conference, which focuses on the importance of data science to the future of health care.

Unfortunately, much of the data that will enable an entrepreneurial explosion is still locked up — in paper records, in proprietary data formats, and by well-intentioned but conflicting privacy regulations.

We’re making progress towards open data in healthcare, but there are still so many obstacles!  Ann Waldo recently introduced me to one of these.

A 2009 law modernized patient access rights by allowing individuals to get copies of their medical records in electronic format. Unfortunately, however, these patients’ access rights surprisingly do not include lab test results – one of the types of medical records that people are most likely to find urgent and useful. Due to the interaction of HIPAA (the Federal medical privacy law), CLIA (a Federal laboratory regulatory law), and state laws, patients can only get direct access to their their test results from labs in a handful of states.

A recent New York Times story highlighted just how much pain and suffering can be caused by this inability to get access to your own lab results.

In 2011, the Department of Health and Human Services put forward a proposed Rule that would give patients the right to get their test results directly from laboratories. This Rule is still waiting to be finalized. In hopes of breaking the logjam, O’Reilly Media and a variety of other players have written a consensus letter that voices our whole-hearted support for that proposed Rule and encourages the Federal government to finalize it promptly.

We’d love to invite you to join us in signing this letter.

Patients’ rights should include direct access to their lab results, just like all their other medical records!

October 11 2012

Investigating the industrial Internet

Consumer networks have revolutionized the way companies understand and reach their customers, making possible intricate measurement and accurate prediction at every step of every transaction. The same revolution is underway in our infrastructure, where new generations of sensor-laden power plants, cars and medical devices will generate vast quantities of data that could bring about improvements in quality, reliability and cost. Big machines will enter the modern era of big data, where they’ll be subject to constant analysis and optimization.

We’ve teamed up with General Electric to explore the industrial Internet and convene a series of conversations that we hope will accelerate its development. GE’s strong presence in many industries has given it a great deal of insight into the ways that industrial data might be gathered, distributed and linked together.

Linking together big smart devices into a true industrial Internet presents enormous challenges: standards need to be developed with the full engagement of the technology industry. Software innovators will need to develop tools that can handle vast quantities of sensor data under tight security constraints, sharing information that can improve the performance of systems that have many operators — without leaking anything important to malicious groups.

Launching the industrial Internet will require big investment on the part of those who will operate each of its nodes, so in addition to looking at the concept’s technical aspects we’ll also explore its promise as a business revolution in ways that are both practical and already in use (like remote operation of mining equipment) and promising but largely conceptual (like mobile health and big data in diagnostics).

GE won’t be the only voice in this conversation: other companies have developed their own visions for the industrial Internet and we’ll be exploring those as well, looking for commonalities and engaging as many voices as we can from our neutral place in the technology industry.

The promise of the industrial Internet is that it will bring intelligence to industries that are hugely capital-intensive and create broad value that all of the industrial Internet’s participants will share. We’ll look for stories that illustrate that future.

August 01 2012

Four short links: 1 August 2012

  1. China Hackers Hit EU Point Man and DC (Bloomberg) — wow. The extent to which EU and US government and business computer systems have been penetrated is astonishing. Stolen information is flowing out of the networks of law firms, investment banks, oil companies, drug makers, and high technology manufacturers in such significant quantities that intelligence officials now say it could cause long-term harm to U.S. and European economies. (via Gady Epstein)
  2. Digestible Microchips (Nature) — The sand-particle sized sensor consists of a minute silicon chip containing trace amounts of magnesium and copper. When swallowed, it generates a slight voltage in response to digestive juices, which conveys a signal to the surface of a person’s skin where a patch then relays the information to a mobile phone belonging to a healthcare-provider. (via Sara Winge)
  3. Quantum Mechanics Make Simple(r) — clever way to avoid the brain pain of quantum mechanics and leap straight to the “oh!”. [N]ature is described not by probabilities (which are always nonnegative), but by numbers called amplitudes that can be positive, negative, or even complex. [...] In the usual “hierarchy of sciences”—with biology at the top, then chemistry, then physics, then math—quantum mechanics sits at a level between math and physics that I don’t know a good name for. Basically, quantum mechanics is the operating system that other physical theories run on as application software (with the exception of general relativity, which hasn’t yet been successfully ported to this particular OS). (via Hacker News)
  4. Selectively De-Animating Video — SIGGRAPH talk showing how to keep some things still in a video. Check out the teaser video with samples: ZOMG. I note that Maneesh Agrawala was involved: I’m a fan of his from Line Drive maps and 3D exploded views, but his entire paper list is worth reading. Wow. (via Greg Borenstein)

June 25 2012

Four short links: 25 June 2012

  1. Stop Treating People Like Idiots (Tom Steinberg) -- governments miss the easy opportunities to link the tradeoffs they make to the point where the impacts are felt. My argument is this: key compromises or decisions should be linked to from the points where people obtain a service, or at the points where they learn about one. If my bins are only collected once a fortnight, the reason why should be one click away from the page that describes the collection times.
  2. UK Study Finds Mixed Telemedicine Benefits -- The results, in a paper to the British Medical Journal published today, found telehealth can help patients with long-term conditions avoid emergency hospital care, and also reduce deaths. However, the estimated scale of hospital cost savings is modest and may not be sufficient to offset the cost of the technology, the report finds. Overall the evidence does not warrant full scale roll-out but more careful exploration, it says. (via Mike Pearson)
  3. Pay Attention to What Nick Denton is Doing With Comments (Nieman Lab) -- Most news sites have come to treat comments as little more than a necessary evil, a kind of padded room where the third estate can vent, largely at will, and tolerated mainly as a way of generating pageviews. This exhausted consensus makes what Gawker is doing so important. Nick Denton, Gawker’s founder and publisher, Thomas Plunkett, head of technology, and the technical staff have re-designed Gawker to serve the people reading the comments, rather than the people writing them.
  4. Informed Consent Source of Confusion (Nature) -- fascinating look at the downstream uses of collected bio data and the difficulty in gaining informed consent: what you might learn about yourself (do I want to know I have an 8.3% greater chance of developing Alzheimers? What would I do with that knowledge besides worry?), what others might learn about you (will my records be subpoenable?), and what others might make from the knowledge (will my data be used for someone else's financial benefit?). (via Ed Yong)

June 22 2012

June 21 2012

The state of Health Information Exchange in Massachusetts

I recently attended the Massachusetts Health Data Consortium's (MHDC) conference on Health Information Exchange (HIE), modestly titled "The Key to Integration and Accountability." Although I'm a health IT geek, I felt I needed help understanding life outside the electronic health record (EHR) world. So, I roped in Char Kasprzak, statistical data analyst at Massachusetts Health Quality Partners, to give me a better picture of the quality implications of HIE (and to help me write this post).

John Halamka, CIO of Caregroup/Beth Israel Deaconess Medical Center, took the stage first and blasted through all the progress being made establishing the necessary frameworks for HIE to occur in Massachusetts. The takeaway message from John's talk was that there have been many changes since September 2011 in the financial, technical, and legal structures involved in building health information exchange. The lessons learned from the initial pilot should enable Massachusetts to be ready for the first stage of statewide HIE.

HIE development in Massachusetts

Health care providers historically thought of HIE as a large institution run by a state or a major EHR vendor. It carried out the exchange of patient records in the crudest and most heavyweight way, by setting up one-to-one relationships with local hospitals and storing the records. (Some of the more sophisticated HIEs could link together hospitals instead, rather like Napster linked together end-users for file exchange.) These institutions still dominate, but HIE is now being used in a much broader sense, referring to the ability of institutions to share data with each other and even with patients over a variety of channels.

Despite the push for the health IT industry to use "HIE" as a verb rather than a noun, there was quite a lot of discussion at the event surrounding the structures and applications involved. Although HIE should be conceptually identified as a process (verb), having the structures and organizations (nouns) necessary to facilitate exchange is a challenge facing health care entities across the country. This conference did a good job of articulating these organizational challenges, and it presented clear plans on how Massachusetts is addressing them.

In Massachusetts, the model moving forward for phase one of HIE will be based on the Direct Project, with one central Health Information Service Provider (HISP) that will focus on PKI and S/MIME certificate management, maintaining a provider/entity directory, creating a web portal for those not ready for Direct, and maintaining an audit log of transactions. The concept of HISP was created in the Direct Project Implementation and Best Practices workgroups, and was designed to be an organizational and functional framework for the management of directed exchange between health care providers. The statewide HISP will consist of several existing HISP organizations, including Berkshire Health, Partners, Athena Health, and the New England Health Exchange Network. No small task, but not insurmountable.

I remain skeptical about the ability of providers and even hospitals to install EHRs capable of sending Direct-compliant messages conforming to the XDR/XDM IHE Profile for Direct Messaging. Not that it doesn't work or because it's some Herculean task, but essentially because it hasn't been mandated. That may change, though, with the inclusion of Direct Messaging in the transport standards for Meaningful Use Stage 2. In Massachusetts, the creation of a health information highway (phase 1) is set to go live on October 15, 2012. Phase 2 will include analytics and population health, and Phase 3 is set to have search and retrieve, which will include a governance model for an Electronic Master Patient Index (EMPI) and Record Locator Service (RLS). Phase 2 and 3 will set a framework for querying patient data across entities, which is one of the biggest technical barriers to HIE. Currently, one of the best methods for this process is the Patient Identifier Cross-Referencing (PIX) profile, but few organizations are using this tool to its full potential.

What are the challenges?

When experts talk about exchanging health information, they tend to focus on the technology. Micky Tripathi, CEO and executive director of the Massachusetts eHealth Collaborative, pointed out at the event that the problem isn't the aggregation or analysis of data, but the recording of data during the documentation process. In my experience, this is quite accurate: Having exchange standards and the ability to analyze big data is useless if you don't capture the data in the first place, or capture it in a non-standard way. This was highlighted when the Massachusetts eHealth Collaborative ran the same reports on 44 quality measures, first using popHealth data, then again with Massachusetts eHealth Collaborative data, and received conflicting results for each measure. There are certainly lessons to be learned from this pilot about the importance of specifying numerators, denominators, vocabularies, and transmission templates.

Determining what to capture can be as important as how the data is captured. Natasha Khouri elaborated on the challenges of accurate data capture during her presentation on "Implementing Race and Ethnicity Data Collection in Massachusetts Hospitals — Not as Easy as It Sounds." In 2006, Massachusetts added three new fields and 33 categories to more accurately record race and ethnicity information. The purpose of this is to address health disparities, which is something I'm very excited to see discussed at a health IT conference.

With accurate data in hand, direct interventions in communities can be more targeted and effective. However, the largest barrier to this seems to have been getting providers to ask questions about race and ethnicity. This was due to high training costs, staff resistance, and workflow changes necessary for collecting the demographic data. This problem was particularly interesting to me, having worked with the Fenway Health Institute to craft their Meaningful Use Stage 2 comments regarding the inclusion of gender identity and sexual orientation in the demographics criteria. Recording accurate data on vulnerable populations is vital to improving public health campaigns.

What about patients?

For a conference with no patient speakers, there was a surprising amount of discussion about how patients will be involved in HIE and the impact EHRs have on patients. Dr. Lawrence Garber,who serves as the medical informatics director for Reliant Medical Group, examined issues of patient consent. The research he discussed showed that when given the choice, about 5% of patients will opt out of HIE, while 95% will opt in. When patients opt in at the entity/organizational level, this enables automated exchange between providers, entities, care teams, and patients. Organizations utilize a Data Use and Reciprocal Support Agreement (DURSA) to establish a trust framework for authenticating entities that exchange data (presumably for the benefit of patients). DURSAs will likely play an important role as organizations move toward Accountable Care Organization models of care.

Information exchange should also lead to more patient satisfaction with their medical visits, where they will be able to spend more time talking to their doctors about current concerns instead of wasting time reviewing medical history from records that may be incomplete or inaccessible.

Dana Safran, VP of performance measurement and improvement at Blue Cross Blue Shield, explained at the conference that patients can expect better quality of care because quality improvement efforts start with being able to measure processes and outcomes. With HIE, it will be possible to get actual clinical data with which to enhance patient-reported outcome measures (PROMs) and really make them more reliable. Another topic that can be better measured with HIE is provider practice pattern variation. For example, identifying which providers are "outliers" in the number of tests they order, and showing them where they stand compared to their peers, can motivate them to more carefully consider whether each test is needed. Fewer unnecessary tests means cost savings for the whole system, including patients.

Toward the end of the conference, Dr. Nakhle A. Tarazi gave a presentation on his Elliot M. Stone Intern Project on the impact of EHRs on patient experience and satisfaction. The results were quite interesting, including:

  • 59% of patients noticed no change in time spent with their provider.
  • 65% of patients noticed no change in eye contact with their provider.
  • 67% of patients noticed no change in wait time in the office.

The sample size was small, interviewing only 50 patients, but the results certainly warrant a larger, more in-depth study.

In Massachusetts, it seems like the state of the HIE is strong. The next year should be quite exciting. By this time in 2013, we should have a statewide HISP and a web portal service that enables exchange between providers. Halamka has promised that on October 15 the walls between Massachusetts health care orgs will begin to come down. If it is successful in Massachusetts, it could be a valuable model for other states. We also have the opportunity to involve patients in the process, and I hope organizations such as The Society for Participatory Medicine and Direct Trust will be involved in making patients active partners in the exchange of health data.

OSCON 2012 Healthcare Track — The conjunction of open source and open data with health technology promises to improve creaking infrastructure and give greater control and engagement to patients. Learn more at OSCON 2012, being held July 16-20 in Portland, Oregon.

Save 20% on registration with the code RADAR

Related:

Clinician, researcher, and patients working together: progress aired at Indivo conference

While thousands of health care professionals were flocking to the BIO International Convention this week, I spent Monday in a small library at the Harvard Medical School listening to a discussion of the Indivo patient health record and related open source projects with about 80 intensely committed followers. Lead Indivo architect Daniel Haas, whom I interviewed a year ago, succeeded in getting the historical 2.0 release of Indivo out on the day of the conference. This article explains the significance of the release in the health care field and the promise of the work being done at Harvard Medical School and its collaborators.

Although still at the early adoption stages, Indivo and the related SMART and i2b2 projects merit attention and have received impressive backing. The Office of the National Coordinator funded SMART, and NIH funded i2b2. National Coordinator Farzad Mostashari was scheduled to attend Monday's conference (although he ended up having to speak over a video hookup). Indivo inspired both Microsoft HealthVault and Google Health, and a good deal of its code underlies HealthVault. Australia has taken a nationwide PHR initiative inspired by Indivo. A Partners HealthCare representative spoke at the conference, as did someone from the MIT Media Lab. Clayton M. Christensen et al. cited Indivo as a good model in The Innovator's Prescription: A Disruptive Solution for Health Care. Let's take a look at what makes the combination so powerful.

Platform and reference implementation

The philosophy underlying this distributed open source initiative is to get clinicians, health researchers, and patients to share data and work together. Today, patient data is locked up in thousands of individual doctors or hospital repositories; whether they're paper or electronic hardly makes a difference because they can't be combined or queried. The patient usually can't see his own data, as I described in an earlier posting, much less offer it to researchers. Dr. Kenneth Mandl, opening the conference, pointed out that currently, an innovative company in the field of health data will die on the vine because they can't get data without making deals with each individual institution and supporting its proprietary EHR.

The starting point for changing all that, so far as this conference goes, is the SMART platform. It simply provides data models for storing data and APIs to retrieve it. If an electronic health record can translate data into a simple RDF model and support the RESTful API, any other program or EHR that supports SMART can access the data. OAuth supports security and patient control over access.

Indivo is a patient health record (or, to use the term preferred by the conference speakers, a personally controlled health record). It used to have its own API, and the big significance of Monday's 2.0 release is that it now supports SMART. The RESTful interface will make Indivo easy to extend beyond its current Java and Python interfaces. So there's a far-reaching platform now for giving patients access to data and working seemlessly with other cooperating institutions.

The big missing piece is apps, and a hackathon on Tuesday (which I couldn't attend) was aimed at jump-starting a few. Already, a number of researchers are using SMART to coordinate data sharing and computation through the i2b2 platform developed by Partners. Ultimately, the SMART and Indivo developers hope to create an app store, inspired by Apple's, where a whole marketplace can develop. Any app written to the SMART standard can run in Indivo or any other system supporting SMART. But the concept of an app in SMART and Indivo is different from a consumer market, though. The administrator of the EHR or PHR would choose apps, vetting them for quality and safety, and then a doctor, researcher, or patient could use one of the chosen apps.

Shawn Murphy of Partners described the use of i2b2 to choose appropriate patients for a clinical study. Instead of having to manually check many different data repositories manually for patients meeting the requirements (genetic, etc.), a researcher could issue automated queries over SMART to the databases. The standard also supports teamwork across institutions. Currently, 60 different children's hospitals' registries talk to each other through i2b2.

It should be noted i2b2 does not write into a vendor's EHR system (which the ONC and many others call an important requirement for health information exchange) because putting data back into a silo isn't disruptive innovation. It's better to give patients a SMART-compatible PHR such as Indivo.

Regarding Tuesday's hackathon, Haas wrote me, "By the end of the day, we had several interesting projects in the works, including an app to do contextualized search based on a patient's Problems list (integration with google.com and MedlinePlus), and app integration with BodyTrack, which displays Indivo labs data in time-series form alongside data from several other open API inputs, such as Fitbit and Zeo devices."

Standards keep things simple

All the projects mentioned are low-budget efforts, so they all borrow and repurpose whatever open source tools they can. As Mostashari said in his video keynote, they believe in "using what you've got." I have already mentioned SMART's dependence on standards, and Indivo is just as behold to other projects, particularly Django. For instance, Indivo allows data to be stored in Django's data models (Python structures that represent basic relational tables). Indivo also provides an even simpler JSON-based data model.

The format of data is just as important as the exchange protocol, if interoperability is to success. The SMART team chose to implement several "best-of-breed" standards that would cover 80% of use cases: for instance, SNOMED for medical conditions, RxNORM for medications, and LOINC for labs. Customers using other terminologies will have to translate them into the supported standards, so SMART contains Provenance fields indicating the data source.

The software is also rigorously designed to be modular, so both the original developers and other adopters can replace pieces as desired. Indivo already has plenty of fields about patient data and about context (provider names, etc.), but more can be added ad infinitum to support any health app that comes along. Indivo 2.0 includes pluggable data models, which allow a site to customize every step from taking in data to removing it. It also supports new schemas for data of any chosen type.

The simplicity of Indivo, SMART, and i2b2--so much in contrast with most existing health information exchanges--is reminiscent of Blue Button. Mandl suggested that a Blue Button app would be easy to write. But the difference is that Blue Button aimed to be user-friendly whereas the projects at this conference are developer-friendly. That means that can add some simple structure and leave it up to app developers to present the data to users in a friendly manner.

The last hurdle

Because SMART and Indivo ultimately want the patient to control access to data, trust is a prerequisite. OAuth is widely used by Twitter apps and other sites across the Web, but hasn't been extensively tested in a health care environment. We'll need more experience with OAuth to see whether the user experience and their sense of security are adequate. And after that, trust is up to the institutions adopting Indivo or SMART. A couple speakers pointed out that huge numbers of people trust mint.com with their passwords to financial accounts, so when they learn the benefits of access to patient records they should adopt Indivo as well. An Indivo study found that 84% of people are willing to share data with social networks for research and learning.

SMART, Indivo, and i2b2 make data sharing easier than ever. but as many have pointed out, none of this will get very far until patients, government, and others demand that institutions open up. Mandl suggested that one of the major reasons Google Health failed was that it could never get enough data to gain traction--the health providers just wouldn't work with the PHR. At least the open source standards take away some of the technical excuses they have used up to now.

June 20 2012

How the federal government helps health care standards evolve

Health information exchange is on the front lines of cost control and health care improvements. To provide simple tools and channels for hospitals, doctors, and other institutions to exchange data with the government, patients, and each other, the Department of Health and Human Services coordinates an initiative called the Federal Health Architecture (FHA).

Dr. Lauren Thompson, director of the FHA, speaks in this interview about the FHA's accomplishments and the current state of health information exchange.

Topics in the interview include:

  • How the FHA arose as a solution to the problem of exchanging health data, both across government agencies and with partners in the private sector. [Discussed at the 0:45 mark]
  • Status of the Nationwide Health Information Network (NwHIN), which is participating in the NwHIN Exchange, and what the requirements are for participation. [Discussed at the 4:45 mark]
  • Initiatives at the Department of Defense and the Department of Veteran Affairs. [Discussed at the 7:45 mark]
  • Future of the NwHIN Exchange and the CONNECT project, including support for the Direct standard. [Discussed at the 9:45 mark]
  • Cost savings and other benefits offered by the work of the Federal Health Architecture to the health care field. [Discussed at the 13:15 mark]
  • Promoting services to Health Information Exchanges. [Discussed at the 14:45 mark]
  • You can view the entire conversation in the following video:

    OSCON 2012 Healthcare Track — The conjunction of open source and open data with health technology promises to improve creaking infrastructure and give greater control and engagement to patients. Learn more at OSCON 2012, being held July 16-20 in Portland, Oregon.

    Save 20% on registration with the code RADAR

June 15 2012

Games for Health covers current status of behavior change

I had a chance yesterday to attend one day of the Games for Health conference, which covers one of the fastest-growing areas of mobile apps and an area of innovation that clinicians and policy-makers are embracing with growing enthusiasm.

The gamification of everyday life has become a theme of modern business, as well as public health and other groups interested in motivating people. Fun is now the ally, not the enemy, of intelligence, productivity, social engagement, and well-being. Here are a few existing or upcoming projects that illustrate what games are doing in health care:

  • A researcher developed a game for people with Attention Deficit Disorder that pops distractions up from time to time. If the player gives in to the distraction, the game ends. Over time, as the player gets better at ignoring distractions, they increase in order to test him further. The researcher claims that a few hours of this game eliminated the symptoms of ADD for several months afterward in many children, achieving more than drugs and other therapies.

  • A company is working with the Department of Defense on a game that encourages wounded soldiers to do their physical therapy. Normally, PT is an hour or more of boring, repetitive, painful exercise (I know, having undergone it). The game simply presents you with obstacles that you have to remove by performing one of the motions prescribed by the physical therapist. Thus, it keeps you engaged and randomizes the exercises to keep them fresh.

  • A web-based game asks you to wager game currency on whether an individual is likely to get a particular disease. The game presents you with increasing amounts of information about the relationships between genes and disease. The overall message of the game is that knowing your personal genome doesn't offer much guidance on whether you'll get the disease or how to avoid it.

  • A soccer ball is loaded with a device that measures how much it's moving. From this, a hub can determine how much children are playing and track activity over time.

The last device, clever as it is, arouses depressing thoughts in me. When I was a kid (insert appropriate background music here), nobody had to provide sensors or track our progress to persuade us to take a ball to an empty lot across the street for a game. But that particular lot is now covered with tract housing and the street is so busy that not even the most danger-immune wild child would try to cross it. Meanwhile, parents are afraid (sometimes for good reason and sometimes not) of letting kids wander unattended, and the lures of cable TV and social networks keep them on their couches. So I'm happy to see the digital incentives to increase exercise.

And although gaming hasn't reached the mainstream of health care yet, it's getting there. The Department of Health and Human Services has championed games, and major research centers in health care are developing programs for clinicians.

Getting to the conference at the Hyatt Harborside on the Boston waterfront was the first challenge, and after earning that badge, my next hurdle was avoiding the breakfast buffer. But as an attendee pointed out to me, being physically isolated helped keep people on site and talking to each other. Certainly, the location was spectacular, with lunch on the patio facing a view of the Boston skyline.

Personal control and empowerment in all areas of life were the theme of the day, and were expertly introduced in the opening keynote by well-known researcher Jane McGonigal. She started by reviewing the major regrets people express at the end of their lives. I don't think that I'll regret spending time listening to Jane McGonigal. Although she was pushing the use of her SuperBetter tool for personal growth, the basic principles are easy to follow independently. Pick a difficult but achievable goal that means a lot to you. Measure what you do each week. Enlist friends for support and positive thinking, etc. I'm doing it myself, and maybe next year I won't eat the muffins.

Jane McGonigal's keynote
Jane McGonigal's keynote.

The government is here to help you

There's a fine line between games that promote general health and games that have a special medical purpose. I would guess (as a lay person) that the latter category includes the game to combat ADD and the game to promote PT. And this category is subject to regulation by the FDA. We had a session by lawyer James M. Flaherty, Jr. on this seemingly dull topic, and I'm happy that a lot of people came and treated the subject respectfully. When we trust something with a medical matter, even a game, we need to trust that it will have the desired effect and not harm us.

Thus, if a game is tied to a particular medical device that the FDA is already regulating, the game is subject to the same regulation. That may require the manufacturer to go so far as to arrange a clinical trial and get approval from an Institutional Review Board. A game could also be subject to FDA regulation if the manufacturer claims a medical benefit. (On the other hand, a doctor is free to advise patients to use a game for some medical purpose without triggering FDA regulation.)

FDA regulations are undergoing major changes in this area. A year ago they release a Draft Guidance Document on Mobile Medical Applications, which may be worth consideration by gamers, and some documents on games are likely to follow. Recognizing that current registration procedures are cumbersome, Congress is well along the way to passing legislation that would reform the regulations and ask the FDA to hold discussions with people in the field--discussions that Flaherty urged us all to join. Game-makers also have to start thinking of experiments that can demonstrate the safety and effectiveness of their products.

Too healthy for your own good?

I brought away only a couple dystopic thoughts from Games for Health. One revolved around the privacy worries that accompany every activity modern people do online. Doctors and other professionals engaged in our care are regulated concerning whom the share our information with, and for what purposes. But game manufacturers and sites that offer to track us are not covered by rules like HIPAA. We should check their privacy policies before using them, and be aware that they have lots of incentives to mine the data and use it for marketing and other purposes.

The other, related, worry was about compelled participation. If your employer forces you to enroll in a program to lose weight, or your insurance company bases its premiums on your blood sugar levels, it's a game-changer. One journalist recently compared self-tracking and Quantified Self to B.F. Skinner-like behaviorism, which struck me as absurd because in self-driven health movements the individual is making choices all along. The comparison takes on more relevance if an outsider is trying to control your behavior.

And if external rewards are tied to game-playing, incentives to cheat tail along. People will hack devices to report better results than they actually achieve, hire people to do things that they report themselves doing, etc. Certificates and encryption will have to be put in place. The landscape of health and gamification will be degraded.

Let's reserve these concerns for policy-making, while keeping them in mind while designing games that people use voluntarily and enjoy.

June 13 2012

Health care privacy discussed as an aspect of patient control

If health care reform depends on patient engagement and the mining of public health data, it depends equally on protecting the patient's privacy. Moreover, real-life stories from victimized patients show that privacy is caught up with issues of security, clinical decision-making, mobile health, and medical errors. After the patient access summit and the health data initiative forum, therefore, it was supremely appropriate for me to attend the second annual health privacy summit, which I helped to organize.

Joy Pritts and others on panel
Joy Pritts and others on panel.

The conference this year had even more detail and more subtle nuance than the conference I reported on last year. Last year's summit put a valuable stake in the ground to acknowledge the importance of privacy in health policy, and this year we took off from that point. Two leading members of the Office of the National Coordinator at the Department of Health and Human Services came to speak--National Coordinator Farzad Mostashari and Chief Privacy Officer Joy Pritts--and Patient Privacy Rights, the conference organizers, created a new Louis D. Brandeis privacy award that was accepted by Congressmen Joe Barton and Ed Markey, world-renowned security expert Ross Anderson, and long-term privacy researcher Alan Westin.

About 150 people came to the conference, which took place Wednesday and Thursday last week. Hundreds more followed webcasts live, and these will be posted online.

Scope of the privacy debate

The health care field is divided between those who think privacy is pretty good already and should not suck up resources that could go into other reforms, and those who insist on reviewing all changes to practices and technology. The latter sometimes say that it need not be a "zero-sum game" (in fact, Mostashari stated that in his keynote). On the contrary, they suggest that a patient's trust in privacy protection is actually a prerequisite to data sharing and good medical care, because a patient will just keep embarrassing information secret if she is afraid it will fall into the wrong hands.

The debate can get complicated because it involves laws that have changed over time and vary from state to state, common practices that undermine stated commitments to following the law (such as taking data home on unencrypted laptops), ignorance on many sides, and bad actors who are not dissuaded by even the best regulations and institutional practices. Because the debate was covered in my article from last year's conference, I'll just update that to say that more speakers this year affirmed a tension between privacy and the kind of data sharing needed to improve patient care. I heard several statements along the lines of one by Ann Freeman Cook, a psychology professor and ethics researcher, who found IRBs struggling and finding it impossible to reconcile patient privacy with the needs of researchers and the public.

Fred Trotter (who co-authored a book explaining the health IT field for O'Reilly) recently wrote that the most urgent needs in health care data were letting patients see their records and correcting errors in the records. He's one of the "privacy is good enough" activists, but his concerns came up at the privacy conference as well. One of the major announcements at the conference, in fact, was a draft of a Consumer Health Privacy Bill of Rights that drew on the White House's recent Consumer Privacy Bill of Rights. The Health Privacy bill goes far beyond keeping patients' data out of unauthorized hands. It also addresses the right of patients to read data written by their doctors, to correct errors, and to be told when their data is shared outside the context in which they offered it.

A number of heart-rending stories from patients were shared at the beginning of the summit. If one examined them carefully, one could cavil over whether each story really represented a privacy breach. Some of the stories were more about errors or about poorly recorded decisions (often in EHRs that were too rigid to accurately represent patient complaints). And the privacy breaches were sometimes just bad luck--more the result of a malicious actor bypassing safeguards than a lack of safeguards.

Nevertheless, I accepted that all of them fell under the umbrella of "privacy protections." Privacy is about the right of the patient to control his data, and it involves all these things. So the topics at this conference are relevant to all the issues health care advocates talk about regularly: data exchange and ACOs, clinical research, the use of apps on mobile devices, the Quantified Self movement, and social networking in patient empowerment.

Highlights

Here are some of the interesting topics mentioned at the conference.

  • Leading privacy researcher Latanya Sweeney showed off her Data Map that shows all the places patient data gets sent in the normal run of treatment, payment, public health, and research. Suggestions are requested.

  • Built-in privacy: Mostashari pointed out that a concern for privacy led the group designing the Direct project to make sure that the middleman routing data should never know who is sending or receiving. Identities are buried in the encrypted body of the message.

  • Ross Anderson delivers keynote
    Ross Anderson delivers keynote.

    Security expert Ross Anderson, who has studied health care systems all over Europe, suggested a number of measures to protect patient privacy. Some are standard security measures: keep information scattered in different repositories (this would mandate HIEs in the US that query doctors for information instead of uploading it to their own servers); don't give central authorities automatic access to data; use role-based access (but that's hard to do properly). Another safeguard is to let the patients audit their own data. Anderson pointed out that longitudinal data--which researchers value highly--is impossible to de-identify because there is too much data snoopers can use to link the data with other sources about the patient. He also said problems arise when the government tries to move fast and throws a lot of money at a problem, which sounds uncomfortably like the meaningful use payments.

    Three companies were chosen for the best health privacy technologies of 2012:

    Trend Micro wins technology award
    Trend Micro wins technology award.

    • Jericho Systems captures patent consents and translates them to technological controls. A patient can can see in his PHR who is making a request for his data, for instance.

    • Trend Micro's Deep Security incorporates the standard security protections for a networked environment (virus scanner, firewall, file integrity checker, etc.) into a cloud solution. Thus, even if the server is breached, the system may be able to prevent data from being extracted.

    • ID Experts' RADAR offers response services to breaches.

  • Segmented data, which means the ability to share certain specific information while hiding other, more sensitive information, came up several times. The field is nowhere near ready, technically or organizationally, to support something like sharing information about your broken arm while hiding your psychiatric records. But several institutions are working on standards.

  • Several panelists called for privacy by default: it isn't fair to present a complex document to a patient and expect her to understand all the implications (which no one can do anyway). Maneesha Mithal reported a policy at the Federal Trade Commission that the most important privacy impacts must be highlighted, not buried in an inscrutable policy. Information technology research Andrew Dillon suggested that, instead of educating patients about the awful forms they sign, we should improve the forms (and by implication, the policies they define).

  • A couple doctors spoke up to say that they felt uneasy entering information into records (particularly psychiatric information) because they didn't know who would end up seeing it.

  • A lot of discussion covered who should explain privacy policies to the patient. Handing them a form at the start of a visit is not an effective way to get meaningful consent. Some said the doctor herself should ideally explain the privacy implications of the visit, although this eats into the severely restricted time that the doctor has with the patient.

  • Two speakers--EPIC representative Lillie Coney and re-identification expert Daniel Barth-Jones--reported that, luckily, it's quite hard to re-identify patient data that has been de-identified for the purposes of research and public health. Barth-Jones doubted that anyone has performed any actual re-identifications, other than researchers proving that re-identification is theoretically possible.

  • Ann Freeman Cook pointed out that people often agree to share data, tissues, and other samples with with researchers in order to get free care. Therefore, the poor and uninsured are more likely to relinquish privacy safeguards. And these samples are kept for a long time, so it's impossible to know how they'll be used.

  • The ONC's Standards & Interoperation Framework got contrasting reviews. On the one hand, it is hard to understand because it refers to so many technologies and standards. On the other hand, these references root it firmly in state-of-the-art practices and make implementation feasible.

Wrap-up

Last week's series of conferences in Washington--of which I attended maybe half--were the most intense concentration I've seen of health care events. A few people got to bounce around and experience everything. Only that elite tends to put in the research to really understand all the facets of patient engagement, data sharing, application development, business opportunities, privacy issues, and points to leverage institutions for change that will really improve our health care system and lower costs. I think that most providers, administrators, and researchers stumble along with good intentions but a lack of a full vision.

We can fix our health care systems if we educate doctors and patients to work together; create teams that have incentives to deliver the best care; open up data about the health care industry; incorporate low-cost devices into patient-centered medical homes, and incorporate the best research into clinical decision support. I'm sure readers could suggest other related elements of a solution. A crucial background role will be played by technological improvements and standards. All this is extremely hard to explain in a single coherent vision, although numerous books about radical reform to the health care system have come out over the past couple years. Those with expertise in a particular area of technology or organizational development must do their best to educate themselves with the wider vision, and then act locally to make it happen.

June 12 2012

Data in use from public health to personal fitness

Back in 2010, the first health data initiative forum by the Dept. of Health and Human Services introduced the public to the idea of an agency releasing internal data in forms easy for both casual viewers and programmers to use. The third such forum, which took place last week in Washington, DC, was so enormous (1,400 participants) that it had to be held in a major convention center. Todd Park, who as CTO made HHS a leader in the open data movement, has moved up to take a corresponding role for the entire federal government. Open data is a world movement, and the developer challenges that the HDI forum likes to highlight are standard strategies for linking governments with app programmers.

Todd Park on main stage
Todd Park on main stage.

Following my attendance at a privacy access summit the previous day, the HDI forum made me think of a government bent on reform and an open-minded public crossing hands over the heads of the hidebound health institutions that blunder onward without the benefits of tapping their own data. I am not tossing all hospitals, doctors, and clinics into this category (in fact, I am constantly talking to institutions who work with available data to improve care), but recording and storage of information in health care generally retards anyone interested in change.

The "datapalooza" was already covered on Radar by Alex Howard, so here I'll list some of the observations I made during the parts I attended.

Health and Human Services chooses torrents over leaks

Able to attend the forum only on the first day, I spent a lot of it in a session on HHS data sets at Healthdata.gov because I wanted to know exactly what the department has to offer and how the data is being used.

HHS staff at break-out session
HHS staff at break-out session.

Several things impressed me about the procession of HHS staff that crossed the stage to give five- or ten-minute presentations on data sets. First was the ethos of data sharing that the department heads have instilled. Each staff person showed visible pride in finding data that could be put on the Web. A bit of competitive spirit drives different departments that may have more or fewer resources, and data that comes naturally in a more structured or less structured form. One person, for instance, said, "We're a small division and don't have the resources of the others, but we managed to release several data sets this year and one has an API."

Second, the department is devoting resources to quality. I've heard several complaints in the field about lack of consistency and other problems in public health data. One could hardly avoid such issues when data is being collected from hundreds of agencies scattered across the country. But the people I talked to at the HHS forum had ways of dealing with it, such as by requiring the researchers who collect data to submit it (so that trained professionals do the data entry), and running it through quality checks to look for anomalies.

Third, the department knows that outside developers coming to their site will need extra help understanding the data being collected: what the samples represent, what the scope of collection was, and so forth. In addition to a catalog powered by a Solr search engine, HHS provides direct guidance to the perplexed for those developing apps. They are also adding Linked Data elements to help developers combine data sets.

A few examples of data sets include:

  • The Center for Medicare & Medicaid Services offers aggregate data on emergency visits, hospital readmission rates (a major source of waste in health costs), and performance measurement.

  • The Administration for Children and Families has a Head Start locator that helps parents find services, aggregate data on people who apply for Low Income Home Energy Assistance, etc.

  • The Agency for Healthcare Research and Quality has longitudinal data abut spending on health care and its effect on outcomes, based on an annual survey, plus a service offering statistics on hospital treatments, morbidity, etc.

  • The Assistant Secretary for Planning and Evaluation tracks workforce development, particularly in health IT, and measures the affordability of health care reflected in costs to employers, patients, and the government.

Recently, HHS has intensified its efforts by creating a simple Web interface where its staff can enter data about new data sets. Data can be uploaded automatically from spreadsheets. And a new Data Access and Use Committee identifies data sets to release.

So now we have public health aids like the Community Indicators Data Portal, which maps the use of Medicaid services to poverty indicators, infant mortality, etc.

HealthMap, created by Children's Hospital Boston, is used by a fascinating range of projects. They scoop in huge amounts of data--mostly from news sites, but also blogs, and social networks--in multiple languages around the world, and apply a Bayesian filter to determine what's a possible report of a recent disease outbreak. After a successful flu-tracking program based on accepting reports from the public, they did a dengue-tracking program and, in Haiti, a cholera-tracking program.

But valuable as HHS data is to public health, most of it is not very sexy to the ordinary patient or consumer. If you're curious how your Medicare charges compare with average payments for your county, go ahead and mine the data. But what about something immediately practical, such as finding the best hospital for a procedure?

Recently, it turns out, HHS has been collecting and releasing data on that level, such as comparative information on the quality of care at hospitals. So a datapalooza like the HDI forum really takes on everyday significance. HHS also provides the Healthcare.gov site, with services such finding insurance plans for individuals and small groups.

Other jurisdictions are joining the health data movement. Many countries have more centralized systems and therefore can release large amounts of data about public health. The United Kingdom's National Health Service was featured at the HDI forum, where they boasted of posting 3,000 health indicators to their web site.

The state of Louisiana showed off a cornucopia of data, ranging from user restaurant ratings to ratings of oyster beds. Pregnancy risk factors, morbidity rates, etc. are broken down by race, sex, and other demographics. The representative freely admitted that the state has big health problems, and urgently called on developers to help it mine its data. The state recently held a "Cajun codefest" to kick off its effort. HHS also announced five upcoming local datapaloozas in other states around the U.S.

I talked to Sunnie Southern, a cofounder of a Cincinnati incubator called Innov8 for Health. They offer not only challenges for new apps, but guidance to help developers turn the apps into sustainable businesses. The organization also signs up local hospitals and other institutional users to guarantee a market to app developers. Southern describes Innov8 for Health as a community-wide initiative to support local developers and attract new ones, while maintaining deep roots among multiple stakeholders across the health care, university, startup, investors, and employer stake holders. At the inaugural class, which just took place, eight companies were chosen to receive intensive mentoring, introductions and connections to potential customers and investors, and $20,000 to start their company in 12 weeks. Health data is a core element.

How far can a datapalooza take the health care field?

Health apps are a fast-growing segment of mobile development, and the government can certainly take some of the credit, along with VC and developer recognition that there's a lot of potential money to be made fixing health care. As Todd Park said, "The health innovation ecosystem is beautifully chaotic, self-propelled, and basically out of control." That means the toothpaste can't be put back in the tube, which is a good thing.

The HDI forum is glitzy and exciting--everybody in health care reform shows up, and the stage show is slickly coordinated--but we must remember the limits of apps in bringing about systemic change. It's great that you can use myDrugCo$ts.com to find a discount drug store near you. Even better, if your employer hooks you up to data sets provided by your insurer, myDrugCo$ts.com can warn you about restrictions that affect costs. But none of this will change the crazy pricing in the insurance plans themselves, or the overuse of drugs in medicine, or the inefficient development and testing methods that lead to high medication prices in the first place.

Caucus of Society for Participatory Medicine and friends
Caucus of Society for Participatory Medicine and friends.

Transparency by one department on one level can lead to expectations of transparency in other places too. As pricing in health care becomes more visible, it will become less defensible. But this requires a public movement. We could do great things if we could unlock the data collected by each hospital and insurance agency, but they see that data as their competitive arsenal and we are left with a tragedy of the anti-commons. It would be nice to say, "You use plenty of public data to aid your decision-making, now reciprocate with some of your own." This can be a campaign for reformers such as the Society for Participatory Medicine.

At the HDI forum, United Healthcare reported that they had enough data to profile patients at risk for diabetes and brought them in for a diabetes prevention program. This is only a sample of what can be done with data that is not yet public.

Aetna presenter shows CarePass on the main conference stage al at health care conference
Aetna presenter shows CarePass on the main conference stage.

Aetna is leading the way with a service called CarePass, currently holding a developer challenge. CarePass offers Aetna's data through an API, and they partner with other major data centers (somewhat as Microsoft does with HealthVault) to hook up data. Practice Fusion is also offering some data to researchers.

Even those bright-faced entrepreneurs launching businesses around data from HHS and elsewhere--certainly their success is one of the goals of the open data movement, but I worry that they will recreate the silos of the health care field in the area of patient data. What are they collecting on us as we obsessively enter our personal statistics into those devices? Who will be able to use the aggregate data building up on their servers?

So there are hints of a qualitative change that can come from quantitative growth in the release and reuse of health care data. The next step involves the use of personal data, which raises its own litany of issues in quality and privacy. That will be the subject of the last posting in this series.

June 11 2012

Health reform leaders focus on patient access to records as key barrier

A convocation of trend-setters and organizational leaders in U.S. health care was called together in Washington last Monday, June 4. The attendees advised two government organizations driving health reform--the Office of the National Coordinator at the Dept. of Health and Human Services, and the Dept. of Veteran Affairs--how to push forward one of their top goals, patient engagement.

The results of the meeting, to me, demonstrated mostly the primitive state of communications and coordinated care in the U.S. health system. In an earlier posting I discussed the sorry state of health data exchange, and Monday's patient access summit centered on the same factors of siloing and data hoarding as barriers to patient engagement.

Farzad Mostashari, the National Coordinator for Health Information Technology, tried to set the scope of the meeting as an incubator to suggest practical ways patients could use the data they get from health providers. (As I'll explain later, we also touched on data patients generate themselves.) His reasoning, which I endorse, is that patients currently can't do much with data except keep it somewhere and pass it to other health providers, so in order to engage them we need to provide tools for them to improve their health with this data.

But the pulse of the 75 or so attendees gave quite a different message: that we're nowhere near ready to discuss uses of data, and that our efforts at patient engagement should start with getting the data to the patients in the first place.

Several attendees have already blogged about various aspects of the meeting:

  • Brian Ahier summarizes the purpose and outcomes.

  • Dave Chase urges the government to create an environment that encourages the release of data to the patient.

  • Keith Boone focused on some interesting statements and ideas aired at the meeting.

In this posting, I'll discuss:

Why patient access is so important, and why it doesn't happen

The notions of patients pouring over doctors' notes, correlating their own test results, and making demands on their care providers may carry a faint whiff of utopianism, but thousands of patients do these things every day--and do them even when deprived of the electronic aids that could make these activities natural. The people in the room for the patient access summit were by no means utopians. They are intense movers in the health care field with deadlines to meet and budgets to allocate. So when they call for patient access to data, it's because they all see it as critical to solving the quality and cost problems their own organizations face.

Patient engagement is critical because most health care takes place outside the doctor's office or operating room. Patients need to take control of their own lifestyles for the problems that put a lot of strain on our health care system, such as obesity. They need to follow through on post-release instructions and monitor themselves for symptoms.

And in the silo'd state of today's health system, the patients need to make sure their data gets to health providers. We heard over and over at the patient access summit how patients have entered treatment centers without the information needed to treat them, how doctors would refuse point-blank (in violation of the law) to give patients their folders, and how patients received inadequate care because of the lack of information.

Patient participation in health care is not only good for the individuals who do it, but are crucial for prying open the system as a whole. The providers, vendors, and insurers are moving too slowly. Their standards and electronic health records lack fields for all the data people are generating through their Fitbits and Zeos, and they don't have pathways for continuously uploading patient-generated data. This lapse can be turned into a plus: device manufacturers and programmers out in the field will develop new, more flexible, more robust standards that will become the next generation of EHRs and personal health records. A strong push from empowered patients can really change the way doctors work, and the associated costs.

Major topics of debate

Opinions differ about the roles of electronic records, interchange systems, culture, and business models in the recalcitrance of doctors to release patient data, which I'll discuss in the last section of the article. Getting the answer to these questions right should determine the strategy government and consumers use to breach the silos. But the consensus at the patient access summity was that we need to pursue these strategies fast, and that the fate of the rest of health care reform will rest on our success.

The first half of the Washington meeting meandered through various classic areas under constant debate in the health care field. This seemed necessary so that the participants in the summit could feel each other out, untangle some of their differences and ultimately come to a position of trust so they could agree on the topics in the previous section. I noted the following topics that threaded through the debate without resolution.

Technology versus culture

Debates come up all the time when organizational change is on the agenda about the importance of the technologies people use versus their workflows, attitudes, and willingness to change. I find the discussions silly because people usually find themselves pushed to an either-or position and that just doesn't make sense. Of course technology can facilitate change, and of course the technology will be a big waste of time and money if the human participants fail to understand the behavior changes they need to make along the way.

But the Washington attendees raised these issues as part of the strategy-setting I mentioned earlier. Certainly, the government would prefer to avoid creating or mandating the use of certain technologies. The question is whether the ONC and VA can set goals and leave it up to the market to find the way.

Sometimes the health care field is so distorted and dysfunctional that the government feels it has to step in, such as when HHS created CONNECT and then Direct. Without these, the health care providers and health information exchanges (HIEs) would claim that exchanging patient data was an expensive or intractable problem. One might also interpret the release of VistA and BlueButton to the general public as the VA's statements about how health care should be conducted.

So Mostashari's original call for actions that patients could take fits into the technology end of the debate. By suggesting technological paths forward, we can effect cultural change. For instance, if a patient uses an app or web site to view all the potential reactions between the drugs she takes (and I heard one estimate this week that people in their 80s take between five and eight medications), she can warn her own doctor about an adverse reaction.

Ultimately, the working groups that today's meeting settled on included a lot of technological innovation.

The need for standards

Standard setting is another perennial area for disagreement, because premature standard-setting, like premature optimization, can have an effect opposite to what you want. If we took all the efforts that companies put into standards that bombed in the marketplace and devoted the resources over the decades to competition between innovations, we might have an explosion of new technologies. So even if you accept the value of technology to effect culture change, you can ask where and when can governments and standards committees can intervene positively.

And this caution applies to health care too. The old guard of EHRs and HIE suffer from a lack of (useful) standards. But I mentioned earlier, an exciting explosion of patient-centered apps and devices is developing in the absence of standards. The Washington meeting ended up endorsing many standard-setting efforts, although these applied mostly to mature fields such as EHRs.

Transfer standards versus data format standards

Mixed up in the debate over the timing of standards was a distinction between standards used for sending data around and standards used to represent the data. The former are called protocols in the communications field. HTTP is a transfer standard, for instance, whereas as HTML is a data format standard. Both are needed to make the World Wide Web operate. And both ended up part of the action items from the patient access summit.

Privacy versus data availability

As I reported from the first health privacy conference, health care advocates argue over the importance of privacy. At the patient access summit, everybody who spoke on this topic prioritized the exchange of data. Privacy concerns are the magic amulet that providers wave at patients to ward off their requests for data. But in fact, the much-derided Health Insurance Portability and Accountability Act (HIPAA) requires providers to give patients data: that's what the terms Portability and Accountability in the name refer to. The providers are required to take reasonable steps to preserve privacy--and the Direct project aims to simplify these--but the patient can waive even these modest safeguards if he or she is anxious to get the data quickly.

Given our skepticism toward claims of security concerns, a bit of security theater we encountered as we entered the conference center is illustrative. We were warned ahead of time that the facility was secure and told to bring a government-issued photo ID. Indeed, the guard checked my ID and looked at my face when I entered, but nobody checked my name against a list to see whether I was actually supposed to be there.

A later article in this series will explore the relationships between privacy, security, patient access, accuracy, and accountability that create a philosophy of control.

Motivations for doctors versus patients

Another topic at the patient access summit that reflected a dilemma in the health care field is how much effort to aim at the doctors versus the patients, when trying to change the behavior of both. Many patients try to engage as adults in their own care and are stymied by resistant doctors. And as I pointed out in an earlier posting, the patients who need the most lifestyle changes ignore their own perilous conditions. So these considerations would suggest focusing on motivations for doctors to change.

But a market approach would suggest that, when enough patients want to have a say in their care, and have the means to choose their doctors, change will reach the examination rooms. The conclusions of the patient access summit did not reflect any particular positions along this spectrum. Participants pointed out, however, that institutions such as Kaiser Permanente who wanted patients to use their portals invested a lot into advertising them.

Pushing versus pulling data

Telephone calls, email, and online chats are push technology, in that the person sending them decides when (approximately) they are delivered. The web is a pull technology, because the recipient visits the site at his or her choosing. In health exchange, one doctor may push a patient's records to the next provider, or the next provider can pull them when the patient is due to arrive. Sometimes articulated unhelpfully as a battle for push versus pull, our discussion revealed that each had its uses.

The issue is especially salient when a patient has records stored by multiple institutions. Currently, a patient can pull records from each and (if they use a common format such as BlueButton) combine them. In fact, a mobile app named iBlueButton allows a patient to show data from providers to a doctor during a visit. But it would be much better for each institution to push information to the patient as it's added to the institution's record. This would bring us closer to the ideal situation where records are stored by a site on behalf of the patient, not the doctor.

Three action items from today's meeting

Now we get to the meat of the summit. Leaders asked participants to define areas for research and to make commitments to incorporate the results of the research teams into their products and activities. Three action items were chosen, and two were excluded from consideration at this round.

Automated downloads

A number of organizations, such as Aetna Health Plans have adopted the BlueButton format created at the VA. In the line-up of data formats available for storing health information, BlueButton is shockingly casual. But it's list of plain-text fields is easy to read and unfrightening for patients. It is also undeniably popular, as the number of VA patients downloading their data approaches one million. So the immediate impetus for the first goal of the patient access summit, dubbed "automating BlueButton," is to keep patients' records up to date and integrated by pushing data to them from institutional EHRs.

But BlueButton can be massaged into other formats easier for programs to manipulate, the so the "automating BlueButton" task really refers to the entire movement to empower patients who want control over their records. One way to state the principle is that every action in a hospital's or doctor's EHR will be accompanied by an update to the patient's copy of the data. Hopefully this movement will soon lead to simple but program-friendly XML formats, robust transfer standards such as Direct, and universal integration of hospital and clinic EHRs with patient health records.

Identification and access technologies

Congress has ruled out a single nation-wide ID for patients, thanks to worries from privacy advocates that the system could facilitate identity theft and commercial data mining. Some have proposed a Voluntary Universal Healthcare Identifier (VUHID), but that's encumbered with the same problems. Identification systems used nowadays for HIE are cumbersome and error-prone, and revolve around cooperating health care institutions rather than individual patients with few resources. Individual hospitals can verify patients' email addresses and passwords when they come in for treatment, but in-person authentication doesn't scale to data exchange.

A more rational solution revolves around certificates and digital signatures, which security-conscious institutions in government and industry have used for years. The has gotten a bit of a bad rep because it has been poorly implemented on the Web (where browsers trust too many certificate authorities, and system administrators fail to keep accurate signatures) but the health care system is quite capable of implementing it properly. The Direct Trust project is creating a set of practices and hopefully will stimulate the industry to create such a system. In fact, I think Direct Trust is already addressing the issues listed under this task. OAuth was also mentioned repeatedly at the summit. the National Strategy for Trusted Identities in Cyberspace was also mentioned.

The questions of identifying oneself and of authorizing access to data are linked, so they were combined in a single working group even though they are somewhat distinct technically.

Standards for content

The final task approved at the patient access summit was to work further on data standards. It was late in the day and the task was defined only in a very broad manner. But I think it's an important leg of the patient access stool because current standards for patient data, such as HL7's CDA, were meant for communicating the results of clinical interventions. They'll be hard to use when patients generate and store their own data, both because they lack the appropriate fields and because they aren't designed for continuous uploads of data. Segmented access (allowing providers to see certain records while withholding records that the patient considers sensitive) was also mentioned.

Patient-generated data

I mentioned at the summit that patients are starting to generate data that could be invaluable in their treatment, and that the possession of this data gives them leverage. Doctors who are serious about treating common chronic issues such as hypertension, or any condition that can be improved through careful monitoring, will want the patient data. And patients can use their leverage to open up doctors' EHRs. As patients got more involved in their care, the very term "provider" (meaning a doctor or other professional who provides diagnosis and treatment) will become obsolete. Patients will be co-providers along with their professional team.

Patient-generated data got some attention during the day, but the attendees concluded that not enough time had been spent on it to turn it into an action item.

Privacy

The final issue on the agenda for the day was privacy. I estimate that we spent a full half-hour at one point, in addition to which it was raised at other times. Because I am covering privacy in the third article of this series, I'll simply say here that the attendees were most concerned about removing excuses for data exchange, and did not treat risks to privacy as a problem to be fixed.

What did the patient access summit accomplish?

I'm proud that the ONC and VA created a major discussion forum for patient access. I think the issues that came up were familiar to all participants in the meeting, and that ONC together with industry partners is already moving forward on them. The summit provided affirmation that the health care field as a whole takes the issues seriously, and the commitments that will arise from the meeting will lend more weight to government efforts.

And a lot of the time, knowledgeable patients need to know that progressive health care leaders and the government have "got their back" as they demand their rights to know what's going on in their bodies. The Office of Civil Rights has publicly championed the patients' right to their data (in fact, the biggest fine they've levied for a HIPAA violation concerns a refusal to release data to a patient), and the initiatives we all supported last Monday will give them more tools to use it.

Regulations can make a difference. A representative from Practice Fusion told me they offered a patient download option on their EHR service years ago, but that most doctors refused to allow it. After the ONC's meaningful use regulations required patient access, adoption by doctors went up 600%.

While laying the groundwork for patient access, we are ready to look forward to wonderful things patients and providers can do with data. That will be the subject of my next article in the series, which will cover the health data initiative forum I attended the next day.

Four short links: 11 June 2012

  1. When Code Can Kill or Cure (The Economist) -- I've linked to the dangers of closed source devices before, but this caught my eye: "In the 1990s we developed an excellent radiation-therapy treatment-planning system and tried to give it away to other clinics," says Dr Mackie. "But when we were told by the FDA that we should get our software approved, the hospital wasn't willing to fund it." He formed a spin-off firm specifically to get FDA approval. It took four years and cost millions of dollars. The software was subsequently sold as a traditional, closed-source product.
  2. Gut Fungus (Wired) -- the microbiome of bacteria in your body is being studied, but now researchers have scoured the poop of different species and found different mycological populations in each, and linked them to diseases.
  3. Evaluating the Harm from Closed Source (Eric Raymond) -- whether or not you argue with his ethics, you will appreciate the clear description of the things you're trading off when you choose to use closed source software.
  4. PyBossa -- a free, open-source, platform for creating and running crowd-sourcing applications that utilise online assistance in performing tasks that require human cognition, knowledge or intelligence such as image classification, transcription, geocoding and more! (via The Open Knowledge Foundation)

May 25 2012

Top Stories: May 21-25, 2012

Here's a look at the top stories published across O'Reilly sites this week.

White House launches new digital government strategy
The nation's new strategy for digital government is built on data, shared services, citizen-centrism, and consistent methodologies for privacy and security.

Quantified me
Jim Stogdill is trying to walk the line between obsessive tracking and an open-ended approach to motivation.

A gaming revolution, minus the hype
"Playful Design" author John Ferrara discusses gaming's place in cultural transformation, and he offers five universal principles of good game design.

What do mHealth, eHealth and behavioral science mean for the future of healthcare?
Dr. Audie Atienza says we're just at the beginning of discovering how to best develop and utilize mobile technology to improve the health of individuals and the public.

Social reading should focus on common interests rather than friend status
In this TOC podcast, ReadSocial co-founder Travis Alber discusses her company's focus on building their platform without tying it to your social graph.


Velocity 2012: Web Operations & Performance — The smartest minds in web operations and performance are coming together for the Velocity Conference, being held June 25-27 in Santa Clara, Calif. Save 20% on registration with the code RADAR20.

White House photo: white house by dcJohn, on Flickr

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl