Hillwalking in the Highlands

Over Memorial Day weekend, I had the opportunity to hike one of the most beautiful and challenging ridges in Scotland, Aonach Eagach, and ascend the highest peak in the UK, Ben Nevis, by the road less traveled.  Here's how we did it.

On Saturday morning at 6am, we drove from Dundee (near Edinburgh) to Glen Coe in the Western Highlands, arriving about 9:30am.   We parked at Loch Achtriochtan and began the 3000 foot ascent of Meal Dearg.  Along the way we had 60 mph winds and intermittent pouring rain.   The real fun began as walked the saw-tooth ridge up and down a narrow track of slick, moss covered rock with 3000 feet of exposure on either side.



We used 60 meters of 8mm rope with bowlines on a bight tied to each team member.    The belay technique was simple - putting a rock between each climber and the cliff as each team-member traversed the tricky parts.



It snowed, melted, and rained creating a thin slippery sheen on the rock.   The temperature was just below freezing and the winds varied between 30mph and 60mph.  We successfully traversed to the peak of Sgorr nam Fiannaidh.



The descent from the ridge to Glen Coe required particularly delicate footwork  - a loose, steep, wet scree slope (Clachaig gully) that from below looks impossible to descend.   An extraordinary experience!

At the end of our day, we retreated to the pub for a pint of rehydration (I ordered a Deuchars IPA) .   The pub had two sections - an open boisterous public bar and the "snug" for  those desiring quieter conversation.   We retired to the snug to reflect on our day and plan our next ascent.

From Glen Coe, we drove to Fort William at the south end of the Great Glen near Loch Ness.   I was shown the canal with the giant cat door that allows Nessie to travel to and from the sea (local humor).   We stayed overnight at the Farr Cottage hostel, a popular base for many outdoor activities.   Our bunk room had all the characteristics we needed - warm, dry, quiet, clean, and horizontal surfaces.  

We woke at 6am, which is not hard since Scotland has 19 hour days this time of year (sunrise at 3am and sunset at 11pm) and headed to a giant waterfall on the south side of Ben Nevis.   There is no trail, we just followed the right side of the waterway for 2000 feet, then used a compass and map to climb a 2000 foot boulder field.   What made it most interesting was 60 mph winds, gusting to 70 mph along with freezing rain, sleet, snow, and ice chucks that pelted against our skin like buckshot.   To get a sense of what it is like to hike in 70 mph winds, if you extend your arms and legs to create a sail, your body literally flies up the mountain.   Each time I jumped, I would find myself 10 feet higher.

The last 1000 feet was true winter hiking conditions with a foot of snow covering the boulder field, making the footing a bit tricky.   At last the slope began to flatten and we arrived at the summit, the highest point in the UK.   On the summit, the wind was a bit less, around 50mph, the temperature was in the teens, and blowing ice chunks pelted our faces.   My platypus water reservoir froze solid.  



We descended the "tourist path" which is a wide, well maintained trail about 4 miles long.  We slid down snow covered slopes, faces against the wind, and stressed our knees and quadriceps as we carefully navigated the wet rocks down 4000 feet to the car.    The conditions along the hike had made eating quite challenging, so we  ate our lunches in the car and drove back to Dundee.

Frank Sullivan, who organized the trip, then drove me to Edinburgh airport.   Along the way, we stopped in a fabulous vegetarian restaurant, Henderson's, and I had a delightful meal of vegan haggis made with lentils, kidney beans, pinhead oats, herbs and spaces creating a full flavored haggis topped with traditional clapshot (potatoes and turnips) and a red onion gravy.



A truly magnificent experience and I want to thank Frank, his brothers (Joseph, Andrew, and John), Chris Dibben and Shaun Treweek, for making it all possible.

Here's my advice for hiking in the Highlands

1.   From my limited experience, it seems that moisture and wind management rather than temperature concerns should drive your clothing decisions.    Wearing a single layer of insulation (an Arcteryx Phase AR top and Rho LT bottoms), I was consistently warm as long as every inch of my body was covered in Gortex.

2.   Climbing on wet, mossy rock requires skill and sticky boots.   The Treksta Gortex boots I wore were perfect.   The weather is completely unpredictable - during the course of our Saturday hike we went from Spring to Summer to Fall to Winter weather each hour.   During our Ben Nevis hike we had full winter conditions.   I would describe the weather in Scotland as 1/3 perfect, 1/3 extreme, and 1/3 in between.

3.  Trails are not always well marked.   A compass and map are extremely helpful, especially given the fog, mist, rain, and white out conditions.

4.  The mountains in Scotland may not be that high (Ben Nevis is 4400 feet high) but they are steep.   Expect significant mileage uphill and downhill that can strain your knees and quadriceps.

5.  Because of their steepness, the taller mountains in Scotland (called the Munros) often have significant exposure.   Be very careful not to wander off an edge in the mist or slip over a cliff as you scramble over wet rock.   Using a rope to protect climbs on  wet, mossy rock is a good idea.

What a weekend.  Rain, ice, and snow.  Gale force winds.  20 miles of steep wet rock.   Priceless!

Off to the Highlands


I'm in Scotland for a few days lecturing at the University of Dundee near Edinburgh.

My colleagues in Scotland and I have much to discuss about healthcare technology and policy.   I'll summarize my lessons learned next week.

Tomorrow a small group of us will climb some of the highest peaks in the UK   - Aoneach Eagach and Ben Nevis.   They're known for their uniquely bad weather (171 inches of rain per year), high winds, and challenging trails.

I've packed my total body Gortex and my lightweight Treksta Gortex boots.   Here's a complete list of my gear for the Scottish Highlands

Boots
 Treksta Evoltion Mid (Gortex)

Socks
 Injinji Crew
 Outdoor Research Verglas Gaiters (Gortex)

Pants
 Arcteryx Rho LT
 Arcteryx Alpha SL (Gortex)

Shirts
 Arcteryx Phase SL
 Arcteryx Phase AR

Jackets
 Arcteryx Celeris windshell
 Arcteryx Alpha LT (Gortex)
 Arcteryx Solo Belay Jacket

Gloves
  Outdoor Research PL400
  Outdoor Research Endeavor Mitts (Gortex)

Headwear
  Outdoor Research Option Balaclava
  Outdoor Research Winter trek hat
  Outdoor Research Drifter cap (Gortex)

Other gear
  Petzl e+lite
  Small First aid kit
  Black Diamond Shot climbing pack
  Platypus 2L water reservoir
  Pro-Bars (they're vegan)
  Prescription polarized sunglasses

I'm off to the Highlands and will post pictures of the summits.

Building Birdhouses

When my wife and I created our community garden we installed birdfeeders (sunflower and thistle) and birdhouses to support the birds that nest in our area.     I built the bird houses from a single length of 1x6 cedar from Home Depot using these simple plans.  Just 5 cuts with a Japanese handsaw, a few finishing nails and they were ready for mounting.   Birds moved in within hours.

Here's a photo of a cedar bluebird birdhouse, ready to be installed.

Here's another great site with house blueprints for several bird species.

My next project is a tree-mounted house for

Black-capped Chickadees
Carolina Chickadees
Mountain Chickadees
Chestnut-backed Chickadees
Boreal Chickadees
Siberian Chickadees
House Wrens
Carolina Wrens
Bewick's Wrens
Winter Wrens
Prothonotary Warblers
Tree Swallows
Violet-green Swallows
Tufted Titmouse
Plain Titmouse
White-breasted Nuthatch
Red-breasted Nuthatch
Brown-headed Nuthatch
Pygmy Nuthatch
Brown Creeper

 I highly recommend building cedar birdhouses with hand tools.  It's great therapy.

Meaningful Use Payments Arrive

HITECH Incentive payments began on May 19, four weeks after attestation for Meaningful Use became available. 


On May 19, BIDMC received the following electronic funds transfer from CMS/Medicare:

CORPORATE TRADE PAYMENT CREDIT
CMS (EHR INCENT) DES:HITECH PMT ID:

BIDMC was the first hospital in the country to attest to meaningful use and received payment from CMS on the first day of stimulus disbursements.   Hospital payments start with a $2 million base payment.  Per the CMS FAQ 

"Eligible hospitals and CAHs will receive an initial payment and a final payment. Eligible hospitals and Critical Access Hospitals that attest in April can receive their initial payment as early as May 2011. Final payment will be determined at the time of settling the hospital cost report."

Although we received an initial $2 million dollar payment, we have not received information about the final payment calculation or timing.

Some have worried that attesting early will create a timeline for stage 2 that is challenging to meet i.e.

Standards Committee work for stage 2 will be done by September 2011
ONC proposed regulations will be drafted in the Fall, released in December and will become final in mid 2012
The Stage 2 meaningful use demonstration period begins October 1, 2012

The likelihood that regulations can be transformed into working, implemented software by October 1, 2012 is slim.

Hence the HIT Policy Committee will likely recommend that Meaningful Use Stage 2 be deferred a year, meaning that the demonstration period for those who attest to stage 1 in 2011 will be moved to October 1, 2013.

Based on everything I know, here's the workplan I'd recommend for IT departments
1.  In 2011, update your purchased products as needed to implement meaningful use versions
2.  In 2011, if your systems are built rather than bought (or are a combination of the two), use the CCHIT EACH program to certify your site as needed for hospital and ambulatory certification criteria.
3.  In 2011, educate your clinicians and measure meaningful use metrics for a 90 day demonstration period.  Note that this can be done in parallel with certification, since systems only need to be certified by the end of the demonstration period
4.  In 2011, collect your initial meaningful use payments
5.  In 2011, work on X12 5010 for the January 1, 2012 deadline
6.  In 2011, begin ICD10 planning for the October 1, 2013 deadline.   I believe this deadline will be extended.
7.  In 2012,  plan on beginning your Meaningful Use stage 2 measurement period on October 1, 2013.

A lot going on in parallel, but by taking it one day at time, step by step, it's doable.

A Strawman HIE Directory Solution

At the May HIT Standards Committee, we discussed the standards which support entity-level (organization) provider directories (ELPDs) in healthcare information exchanges.

The business requirements suggested by the HIT Policy Committee's work (the table below) require federated query/response transactions to a single, nationwide enterprise level provider directory, specifically

1)    Support directed exchanges (send/receive as well as query/retrieve)
2)    Provide basic “discoverability” of entity – including demographic information
3)    Provide basic “discoverability” of exchange services (e.g., CCD, HL7 2.xx)
4)    Provide basic “discoverability” of entity’s security credentials

When we presented the currently available standards - DSML for the schema, LDAP/ISO for the query vocabulary, REST/SOAP for the transport, and LDAP for the query language, the response from the HIT Standards Committee was that the combination of these standards as specified in the IHE HPD profile was largely untested in production.

Our conclusion was to revisit the business requirements with the HIT Policy Committee with the hope that we could devise a workflow enabling existing, mature standards, such as DNS, to be used for provider directories.

The presentation by the Privacy and Security Workgroup included this summary of how the existing NwHIN exchanges – Direct and Exchange – provide the required services.


One possible avenue for moving forward might be to build upon the Direct Project’s work to enable the Domain Name Service (DNS) to be used as the federated service for discovering entities and their security credentials.  I recently learned about an idea that Paul Egerman has suggested to the ONC:  the possibility of creating a top-level domain for the health industry.  Putting those two ideas together,
here is a strawman that would move us forward.

1.  The ELPD should be a single, national data structure that is accessible by EHR systems.    Accessibility needs to include the capability to have a local cache.

2.  A national ELPD could be achieved through the use of a top-level domain for the health industry (e.g., .HEALTH), instead of  GOV, EDU, COM, MIL, ORG, and NET to designate entities participating in healthcare information exchange.

With a .HEALTH top-level domain there could be a defined set of registrars who are authorized to issue .HEALTH domain names.   The benefits of doing this include:

Financial - The business model for registrars is already established, while there is no business model for other approaches being explored.

Leverages Existing Software Capabilities - The software for registering entities and making updates for domain names is well established.  The use of DNS is well-known and can easily handle a national entity directory.    DNS (along with "WhoIs") can be used by EHR systems.

Security - We could restrict query of the .HEALTH domain to other members of the .HEALTH domain, reducing its vulnerability to denial of service attacks and spamming.

3.  The ELPD would embrace the Direct Project's implementation guide for storing digital certificates in, and retrieving digital certificates from, DNS.

As for the HIT Policy Committee’s request for standards supporting the discovery of demographic information and exchange capabilities, that functionality could be achieved using a decentralized approach.     For example, the Standards Committee could specify that each organization needs to have a Uniform Resource Identifier (URI) where they list additional information about their organization, including their health information exchange send and receive capabilities (e.g. http://www.bidmc.HEALTH/services).    Such an approach would be easy to maintain and would be extensible.

Thus, rather than try to invent new standards, processes, and business models, let's leverage the basic standards of the internet -a top-level domain, DNS, and URIs to create the Directory Services we need to enable Health Information Exchange.

As a next step, the Privacy and Security Workgroup will consider the possibilities of this strawman.

Based on the guiding principles for the HIT Standards Committee articulated in the first meetings of the committee - keep it simple, do not let perfection be the enemy of the good, design for the little guy, leverage the internet, and keep the burden/cost of implementation low, I'm convinced the notion of using a top-level domain, existing DNS standards and URIs to support health information exchange directories is worthy of serious consideration.

Medical Device Data Systems

In February, the FDA issued an important rule on Medical Device Data Systems (MDDSs), categorizing them as subject to FDA Class I general controls.

What is an MDDSs?
MDDSs are data systems that transfer, store, convert according to preset specifications, or display medical device data without controlling or altering the function or parameters of any connected medical device—that is, any other device with which the MDDS shares data or from which the MDDS receives data.

What are FDA Device categories?
The Federal Food, Drug, and Cosmetic Act (the FD&C Act) (21 U.S.C. 301 et seq.) establishes a comprehensive system for the regulation of medical devices intended for human use. Section 513 of the FD&C Act (21 U.S.C. 360c) establishes three categories (classes) of devices, depending on the regulatory controls needed to provide reasonable assurance of safety and effectiveness. The three categories of devices are class I (general controls), class II (special controls), and class III (premarket approval). General controls include requirements for registration, listing, adverse event reporting, and good manufacturing practice (quality system requirements) (21 U.S.C. 360c(a)(1)(A)). Special controls are controls that, in addition to general controls, are applicable to a class II device to help provide reasonable assurance of that device’s safety and effectiveness (21 U.S.C. 360c(a)(1)(B)).

A member of the legal community wrote me:

"John:  I have been getting up to speed on the recent FDA rule governing Medical Device Data Systems.  This rule would appear to regulate the development of  interfaces between medical devices and hospital information systems.  Have you or anyone on your team looked at this issue? "

I consulted one of the leading HIT vendors, which responded

"John: We have indeed studied the MDDS rule and after much deliberation, it does appear that vendor or healthcare organization developed black boxes or interfaces which store or transport data from a medical device to another database for use in clinical decision making, fall into the category of MDDS. (The EHR itself does is NOT fall into this designation).

We are preparing to register with FDA a series of interfaces such
as the following:

Lab Instrument results interface
Radiology/Cardiology PACS interfaces
Hemodynamic monitor interface
Dynamap interface
etc

The good news is that there are no 510K filings required but you do need to show that you follow Quality Management System protocols, such as ISO. We recently got ISO 9001:2008 certified in anticipation  of more and more FDA regulations coming our way."

The regulation does include a review of the scope of the MDDS definition and notes CPOE and e-Prescribing are not MDDSs.   However, the regulation should be studied by vendors and hospitals who build systems to identify the applications and modules that require registration with the FDA, adverse event reporting and possible organizational ISO 9001 certification as evidence of quality management.

The regulation strikes an interesting balance - how to encourage innovation while also requiring accountability for errors that result from software or hardware defects.

Definitely worth a read to ensure you are compliant!

An FAQ on Exchanging Key Clinical Information

Yesterday, CMS posted an important FAQ clarifying the Meaningful Use requirement to exchange key clinical information.

Since the Standards and Certification final rule does not include any transport standards and no EHR has been tested or certified to comply with any particular transport capability, it was unclear how the CCDs/CCRs produced by certified EHRs should be exchanged as required to attest for meaningful use.

The CMS FAQ suggests that the exchange must be accomplished over an electronic network and not using fixed media:

"No, the use of physical media such as a CD-ROM, a USB or hard drive, or other formats to exchange key clinical information would not utilize the certification capability of certified EHR technology to electronically transmit the information, and therefore would not meet the measure of this objective"

Here's my advice - do an exchange of a single CCD/CCR via a secure website, secure FTP or secure email and you'll be fine.

Although 1) certification focused on content and vocabulary standards, not transport standards and 2) certified EHRs will not be able to tell the difference between a CCD/CCR received via a network or exchanged on media, CMS has given us guidance.   Also, it's a best practice to avoid the use of media for protected health information,  because having clinical data on mobile media is a security risk as noted by the OIG report.



How Do Vegans Get Enough Protein?

As a vegan, one of the more frequent questions I'm asked is "if you eat only plants, how do you get enough protein?"

A recent movie review of Forks Over Knives in the Boston Globe speculated that vegans must have a hard time with protein and essential nutrients.

Somehow the average consumer has forgotten that plants are filled with protein (i.e. have you ever heard the term "textured vegetable protein"?)

As a vegan for over 10 years, I've never had any issues with protein, necessary amino acids, or essential nutrients.  I get everything I need from  a simple balanced diet that includes protein rich plants such as spinach, soy, and peanuts.

Here's a useful resource about the protein content in vegetables.

How do vegans get enough protein?  Just pass the spinach!

Here's a few favorite protein rich recipes.

About the only issue vegans have is getting enough B12.   I need about a thimbleful per year!  I can just get it from B12 found naturally in the topsoil that sticks to root vegetables (no matter how much you clean them) or take an occasional supplement extracted from yeast.

No meat, milk, or cheese required!

The May HIT Standards Committee meeting

The May HIT Standards Committee meeting focused on the schedule of work ahead to provide ONC with the standards needed for Meaningful Use Stage 2 regulation writing.

We began the meeting by reviewing the meeting topics for April to September, shown in the table below.



To ensure all the necessary standards are included in our project plan, we asked Paul Tang to present the latest proposed MU stage 2 criteria. His presentation included several new recommendations:

*CPOE requirements should be expanded to 60% of medication and lab orders as well as demonstration of radiology orders
*Clinicians should be able to refine drug/drug interaction alerts so that alerts are accurate and actionable.  In Stage 3, EHRs should be able to access national lists of drug/drug interaction rules
*20% of hospital discharge medication orders should be e-prescribed
*Demographic capture should include expanded race/ethnicity as noted in the IOM Report Race, Ethnicity, and Language Data: Standardization for Health Care Quality Improvement.
*Stage 3 should include second hand smoke exposure as a tobacco use type
*40% of hospital labs sent to outpatient providers should be electronic and include LOINC vocabularies
*Eligible professionals should document electronic notes on 30% of visits.  Hospitals should have electronic notes for 30% of patient days
*The Electronic Medication Administration Record should be in use 
*Standards-based Family History documentation should be included in stage 3
*For Hospitals, greater than 25 patients should receive electronic discharge instructions and 10% of patients should view and download information about a hospital admission
*For Eligible Professionals, 10% of patients should view and download their health information
*10% of all patients should receive educational materials
*Eligible Professionals should use secure messaging with greater than 25 patients 
*Eligible Professionals should record communication preferences (secure email, PHR, snail mail etc) for 20% of patients
*Stage 3 should include a mechanism for capturing patient entered data in the EHR
*Medication reconciliation should be done for 50% of care transitions
*Hospitals should send summary of care records to professionals or long term care facilities for 10% of all discharges 
*Eligible professionals should send at least 25 care summaries to other providers electronically
*10% of patients should have a list of care team members (unstructured text for now, structured data for stage 3) 
*A care plan should be included with summary of care transmissions
*Hospitals and eligible professionals should submit at least one live immunization transaction
*Hospitals should submit at least one live reportable lab transaction
*Hospitals should submit at least one live syndromic surveillance transaction
*Cancer conditions should be reported to registries by eligible professionals 
*Data on mobile devices should be encrypted

These new Stage 2 requirements require new standards for

*Extended race/ethnicity codesets
*Discharge medication e-prescribing
*Extended smoking codeset  
*Possible new data exchanges supporting electronic medication administration record workflow (need to  clarify the scope of the EMAR requirement)
*Representing care plans
*Reporting cancer conditions
*Encrypting mobile devices

These will be assigned to workgroups and power teams.

Dixie Baker presented the Privacy and Security Workgroup report focusing on provider directories.   The scope of this work includes entity (i.e. organization) level directory queries from EHRs.   After much discussion, we concluded that the Direct project protocols for DNS query in support of certificate exchange are good enough for the short term, while web-based query/response connections to enterprise LDAP queries is a reasonable future direction.   We'll work with the Policy Committee and ONC to refine the business requirements then produce a series of standards requirements as input to the S&I framework.   The consensus of the committee is that a community based directory is helpful but not necessary for exchange, just as there is no national directory of email addresses, but yet we successfully exchange billions of email per year.

Jim Walker presented the Clinical Quality Workgroup report outlining the work ahead to provide CMS with the standards needed to support quality measures by August.

Judy Murphy and Liz Johnson presented Implementation Workgroup report including their certification experience survey.        

Jamie Ferguson presented Clinical Operations Vocabulary Task Force report.  The Task Force is specifying the vocabulary and codesets needed to accelerate semantic interoperability.  The Implementation Workgroup and the Vocabulary Task Force will also make statements about certification queries such as support for Postel's Law - if a new vocabulary term is introduced, existing systems should continue to function.
           
Doug Fridsma led a discussion of the Summer Power Team activities

Stan Huff presented the Metadata Analysis Power Team report.   There was general consensus that simple XML forms which support patient identity and provenance (who sent the message, when was it sent etc) using CDA R2 and X.509 signatures was good enough.

Marc Overhage submitted the Patient Matching Power Team report.

We will get updates on the Surveillance Implementation Guide (Chris Chute), e-prescribing of discharge needs (Jamie Ferguson) and NwHIN (Dixie Baker) at the next meeting.

A very productive meeting.   The HIT Standards Committee is truly an effective team, representing varied interests but always able to chart a path forward that balances all points of view.

The Status of e-Prescribing in the US

On May 12, Surescripts released the National Progress Report on e-Prescribing and Interoperable Healthcare.

For the past 3 years, Massachusetts has led the country in e-prescribing due to the combined efforts of our payers and our healthcare information exchange.    I follow the evolution of e-prescribing with great interest.

Key findings in the Surescripts report include:

Electronic Prescribing Use
* Prescription Benefit: Electronic responses to requests for prescription benefit information grew 125% from 188 million in 2009 to 423 million in 2010.
* Medication History: Prescription histories delivered to prescribers grew 184% from 81 million in 2009 to 230 million in 2010.
* Prescription Routing: Prescriptions routed electron- ically grew 72% from 191 million in 2009 to 326 mil- lion in 2010.
* EMR vs. Standalone E-Prescribing Software: About 79 percent of prescribers used EMRs in 2010, up from 70 percent in 2009.

Electronic Prescribing Adoption
* Prescribers: The number of prescribers routing prescriptions electronically grew from 156,000 at the end of 2009 to 234,000 by the end of 2010—representing about 34 percent of all office-based prescribers.
* Payers: At the end of 2010, Surescripts could provide access to prescription benefit and history information for more than 66 percent of patients in the U.S.
* Community and Mail Order Pharmacies: At the end of 2010, approximately 91 percent of community pharmacies in the U.S. were connected for prescription routing and six of the largest mail order pharmacies were able to receive prescriptions electronically.

Surprising findings to me include
*Family practitioners and small practices have high rates of e-prescribing compared to other specialties and practice sizes
*Specialists including cardiologists and ophthalmologists are using e-prescribing more often that I expected

E-prescribing is a unique interoperability success story.  The standards are clear (NCPDP) and are required by regulation (Medicare Part D and the Standards and Certification Final Rule).   Incentives are aligned (saves clinicians time and saves pharmacies money while making the entire process safer and more convenient for the patient).       Let's hope our other interoperability efforts such as clinical summary exchange follow this same adoption trajectory over time as we provide unambiguous standards and change the culture to make interoperability an expectation of patients and providers.

Should We Abandon the Cloud?

It's been a bad month for the cloud.

First there was the major Amazon EC2 (Elastic Cloud) outage April 21-22 that brought down many business and websites.  Some of the data was unrecoverable and transactions were lost.

Next, the May 10-13 outage of Microsoft's cloud based email and Office services (Business Productivity Online Suite) caused major angst among its customers who thought that the cloud offered increased reliability

Then we had the May 11-13 Google Blogger outage which brought down editing, commenting, and content for thousands of blogs.

Outages from the 3 largest providers of cloud services within a 2 week period does not bode well.

Yesterday, Twitter went down as well.

Many have suggested we abandon a cloud only strategy.

Should we abandon the cloud for healthcare?  Absolutely not.

Should we reset our expectations that highly reliable, secure computing can be provided at very low cost by "top men" in the cloud?  Absolutely yes.

I am a cloud provider.   At my Harvard Medical School Data Center, I provide 4000 Cores and 2 petabytes of data to thousands of faculty and staff.   At BIDMC, I provide 500 virtualized servers and a petabyte of data to 12,000 users.   Our BIDPO/BIDMC Community EHR Private Cloud provides electronic health records to 300 providers.

I know what it takes to provide 99.999% uptime.  Multiple redundant data centers, clustered servers, arrays of tiered storage, and extraordinary power engineering.

With all of this amazing infrastructure comes complexity.   With complexity comes unanticipated consequences, change control challenges, and human causes of failure.

Let's look at the downtime I've had this year.

1.  BIDMC has a highly redundant, geographically dispersed Domain Name System (DNS) architecture.   It theory it should not be able to fail.  In practice it did.  The vendor was attempting to add features that would make us even more resilient.  Instead of making changes to a test DNS appliance, they accidentally made changes to a production DNS appliance.   We experienced downtime in several of our applications.

2.  HMS has clustered thousands of computing cores together to create a highly robust community resource connected to a petabyte of distributed storage nodes.   In theory is should be invincible.   In practice it went down.   A user with limited high performance computing experience launched a poorly written job to  400 cores in parallel that caused a core dump every second contending for the same disk space.   Storage was overwhelmed and went offline for numerous applications.

3.  BIDMC has a highly available cluster to support clinical applications.    We've upgraded to the most advanced and feature rich Linux operating system.  Unfortunately, it had a bug that when used in a very high performance clustered environment, the entire storage filesystem became unavailable.  We had downtime.

4.  BIDMC has one of the most sophisticated power management systems in the industry - every component is redundant.   As we added features to make us even more redundant, we needed to temporarily reroute power, which is not an issue for us because every network router and switch has two power supplies.   We had competed 4 of 5 data center switch migrations when the redundant power supply failed on the 5th switch, bringing down several applications.

5.  The BIDPO EHR hosting center has a highly redundant and secure network.  Unfortunately, bugs in the network operating system on some of the key components led to failure of all traffic to flow.

These examples illustrate that even the most well engineered infrastructure can fail due to human mistakes, operating system bugs, and unanticipated consequences of change.

The cloud is truly no different.  Believing that Microsoft, Google, Amazon or anyone else can engineer perfection at low cost is fantasy.   Technology is changing so fast and increasing demand requires so much change that every day is like replacing the wings on a 747 while it's flying.   On occasion bad things will happen.   We need to have robust downtime procedures and business continuity planning to respond to failures when they occur.

The idea of creating big data in the cloud, clusters of processors, and leveraging the internet to support software as a service applications is sound.

There will be problems.   New approaches to troubleshooting issues in the cloud will make "diagnosis and treatment" of slowness and downtime faster.

Problems on a centralized cloud architecture that is homogenous, well documented, and highly staffed can be more rapidly resolved than problems in distributed, poorly staffed, one-off installations.

Thus, I'm a believer in the public cloud and private clouds.  I will continue to use them for EHRs and other healthcare applications.   However, I have no belief that the public cloud will have substantially less downtime or lower cost than I can engineer myself.

The reason to use the public cloud is so that my limited staff can spend their time innovating - creating infrastructure and applications that the public cloud has not yet envisioned or refuses to support because of regulatory requirements  (such as HIPAA).

Despite the black cloud of the past two weeks, the future of the cloud, tempered by a dose of reality to reset expectations, is bright.

Cool Technology of the Week

How many times have you heard the complaint "the application is slow" but lack data about server, network, or desktop performance to facilitate diagnosis and resolution?

In a cloud environment, debugging application issues becomes ever more challenging.

As we all rollout EHRs to small provider offices, often with challenging internet connections, remote monitoring of cloud network performance becomes even more critical.

AppNeta's PathView microAppliance provides an easy to deploy zero administration network monitoring tool. It's about the same size as a cell phone and can be placed at remote business locations, requiring only power and an ethernet connection.

You place one of their devices in the locationyou want to monitor network activity.   When you plug it into the wall and an ethernet connection,  it uploads network performance data to AppNeta cloud servers.  You can also place two or more devices in separate locations, and monitor the traffic between those locations.   For EHR cloud providers, it's simple to configure the device, send it via UPS to a provider practice with instructions to plug into the wall, and gather performance data without complicated onsite network sniffing setups and configuration.

Currently we have deployed these devices at our central EHR private cloud site and two of major remote practices  The level of detail and depth of available metrics and reports is amazing.  

A low cost, zero administration, cloud-based, network sniffer that is truly plug and play.  That's cool!

The Community Garden - Before and After

Last month, I posted my 2011 gardening plan including a design for a new community garden plot in Wellesley.

Here's what we started with:



After a few weekends of hauling debris, pounding fence posts, pouring concrete, and a bit of woodworking with Japanese handsaws, it's finished.

All of the improvements are now the property of the town of Wellesley, since the community garden is shared public space.

Here's what we did:

On April 30, we rented a U-Haul and moved 2000 pounds of rotting wood, metal scraps, plant debris, plastic, and paper from the community garden space to the Wellesley recycling center. We purchased 4x4 fence posts, T-posts, wire fencing, hardware cloth, and lumber for an arbor at Home Depot. We rototilled the space, dug post holes, and poured concrete. On May 1, we completed the wire fencing and built the arbor.

On May 7-8, we hauled soil and bark, created 5 raised beds, and planted our seeds/seedlings. We built a small bird house and added a thistle feeder. We added irrigation.

$500 and two weekends later, here's the result.



Trellis: Canadice and Himrod grapes

Long Fence: Mammoth Sunflowers

Rear Fence: Sweet peas (flowering) and morning glory

Bed #1 (near gate)
Early lettuce as green mulch
Cucumber (1 Midori)
Summer Squash (1 Kousa and 1 yellow)
Brussels Sprouts (6 center row)
Cabbage (3 purple and 3 savoy)
Romanesco Veronica Cauliflower
Broccoli (6)
Violet Cauliflower
Basil
Dill
Borage
Celery (1)
Nasturtium (1 corner)
Marigold Little Gem (3 corner)

Bed #2
Cutting flowers (calendula, zinnia, cosmos, bachelor buttons, nigella, salvia, stock, aster, snapdragon, gomphrena)
Nasturtium (1 corner)
Marigold Little Gem (3 corners)

Bed #3
Asparagus (20 Jersey Supreme  one year crowns, and 50 Purple Passion)

Bed #4
Early lettuce as green mulch
Winter Squash (1 red kabocha, 1 delica kabocha)
“Gita” Long Bean (tower)
Rosemary
Costata Romanesco Zucchini (1)
3 Broccoli
carrots
Daikon
Borage
Celery (1)
Nasturtium (corner)
Marigold Little Gem (3 corners)

Bed #5 (near hose) - (use for Lettuce in early spring)
Early lettuce as green mulch
Tomatoes (1 Principe Borghese, 1 Costoluto Genovese, 1 German Striped)
Eggplant (1 Kermit, 1 Turkish Red, 4 Asian Wonder)
Husk groundcherry (6)
Peppers (1 Boris Banana, 1 Sweet Italian)
6 Kale
Onions
Borage
Sage
Basil
Nasturtium (1 corner)
Marigold Little Gem (3 corners)

I look forward to a bountiful harvest this season.

On Becoming a Harvard Professor

Almost 15 years ago on June 15, 1996, I moved from California to Massachusetts.   I began practicing Emergency Medicine at Beth Israel Deaconess Medical Center.   On that day, I wrote in my journal:

"Today I've started work at one of the best hospitals in the country.  I'm surrounded by smart people, amazing technology, and incredible possibilities.   What am I, who am I, what will I be?   I'm an instructor and the path to Harvard Professor seems insurmountable."

Today, I joined several friends and colleagues to celebrate my becoming a Harvard Professor.

Along the journey, I've learned many lessons.   Professorship is not about fame, fortune,  or what I know.  It's about community.   Early in my Harvard career, Dr. Tom Delbanco, Sam Fleming, Warren McFarlan, Marvin Schorr,  and others advised me to focus on creating teams of smart people to change the world.     From my discussion with Deans and faculty, here are the top 5 roles of a Harvard Professor:

*Training the next generation -  I have 20 years left in my career.  Now is the right time to develop the next generation of informatics and IT leaders by sharing my experience and giving them an opportunity to thrive.  I'll do my best to inspire and mentor students, residents, fellows and junior faculty by always being available to them.

*Communicating ideas - publishing, lecturing, meeting, blogging, and serving on expert panels ensures that ideas and innovation are widely disseminated.   Today's blog is my 900th post, creating  a permanent record of the key ideas I encounter in my life as a healthcare CIO.

*Serving as role model - a strong sense of ethics and equanimity, always being moral and fair in every conversation and relationship, fosters an environment that encourages people to excel.

*Building teams - assembling and resourcing the best people, especially those with differing opinions and experiences, leads to innovation.

*Creating an ideal work and learning environment - accepting accountability for resolving personnel conflicts, budget shortfalls, strategic ambiguity, political barriers, and impediments to the free exchange of ideas empowers teams to succeed.

So now the next phase of my career begins.  I feel humbled by the responsibility and will do my best to train, communicate, serve, build, and create!

The Governor's Healthcare IT Conference

Yesterday, the Governor's Healthcare IT Conference included remarks from Massachusetts HHS Secretary Bigby, Former National Coordinator David Blumenthal, Governor Deval Patrick, Special Assistant to the Administrator of CMS Sachin Jain, and a panel of industry experts.

Here are the key points.

Secretary Bigby introduced the meeting by noting the importance of healthcare IT for increasing safety, quality, efficiency, patient engagement, and equity in healthcare across the Commonwealth.

David Blumenthal summarized the accomplishments of ONC over the past two years and highlighted the work left to be done.  He noted that the HITECH act and its meaningful use constructs are a "downpayment" on healthcare reform, creating the the necessary infrastructure over years to enable changes in healthcare delivery and reimbursement.    The trajectory that we're on for meaningful use includes three stages: stage 1 which aligns incentives for providers to adopt and use EHRs, stage 2 which provides the standards and tools to exchange data and stage 3 which provides decision support tools and analytics.    In each stage, privacy protection is a high priority.  Breach notification requirements have been enhanced and penalties for breaches have been levied.

Thus far, 700 healthcare IT products have been certified, many by companies with less than 50 employees.   36,000 providers have registered to participate  in incentive programs.   $64 million has already been paid to 500 organizations as part of the Medicaid incentive program.   On May 18 the Medicare incentive payments begin.   56 state designated health information exchanges have been created and 56 state HIE coordinators have been named.   62 Regional Extension Centers have been created which have enrolled 67,000 providers.  About 25% of all primary care clinicians in the country now participate in regional extension center programs.

There has been a market change - Meaningful Use is becoming an emblem of quality.   80% of all hospitals intend to participate in stage 1 of Meaningful Use.  The challenges ahead are many - we need additional standards, enhanced technology, and additional policy.   However, the major change we need is cultural.   Communities need to demand and encourage data sharing for care coordination, public health, and other uses.

Deval Patrick's remarks demonstrated significant domain expertise about healthcare IT and health information exchange.  He highlighted Massachusetts' pivotal role as a leader in HIT product development, job creation, health information exchange, policymaking, and training.   He encouraged all of us to break down data silos and create data liquidity - accelerating data exchange among payers, providers, and patients regardless of organizational boundaries.

Sachin Jain highlighted the importance of the CMS Center for Innovation noting that it empowers the CMS administrator to expand local demonstration projects to national scale if there is evidence they improve quality/reduce cost.   The $1 billion dollar Partnership for Patients program is a part of the CMS Center for Innovation.

We closed the day with panel session of healthcare IT stakeholders
Alice Coombs, MD, President, Massachusetts Medical Society
Karen Bell, MD, MMS, Chair, Certification Commission for Health Information Technology
Lynn Nicholas, President, Massachusetts Hospital Association
Charlotte Yeh, MD, Chief Medical Officer, AARP Services

Alice highlighted the need for usability of EHRs such that clinician workflow is aided, not impeded by technology.

Karen discussed the need for clinicians to look beyond basic federal certification and think about clinical decision support features, data portability, security protections and vendor commitments to usability.

Lynn noted that CPOE and other technologies can introduce errors and adverse events.   We need to ensure the technology is implemented wisely and clinicians are appropriately trained.

Charlotte represented the needs of consumers and suggested we embrace technology that brings demonstrated value to patients.   As we think about PHRs, home care devices, and patient engagement, we must evolve from actions done "to the patient" to "for the patient" to "with the patient".

The bottom line - we should ensure our EHRs have the functionality we need to support safe, quality, efficient care with health information exchange, decision support, and security protections.   We want these applications to be highly useable and integrated into workflows.   We want them to incorporate policies that enhance the patient and provider experience.

I also made remarks about the need for additional standards that will be done to enable all these goals.   I'll expand on our "Summer Camp of Standards"  work next week.

Speed Dating for IT

As a CIO, I gather information about new products and innovation in many ways.   I search the web for emerging technologies, read numerous publications/newsletters, and constantly meet with vendors and IT professionals who are creating novel applications.

However, it's not the most efficient way to rapidly assess whether products are operational or exist only in powerpoint.  

BluePrint Healthcare IT - a company founded in 2003 to provide security, privacy, compliance and risk management services to hospitals and healthcare systems - has created a new approach to solve the problem of connecting early stage innovators and customers.  They call it Speed Dating for IT.

Their BluePrint Health IT Innovation Summit Series is aligned with current innovation programs and initiatives sponsored by HHS and ONC promoting new technologies.

The idea is simple:

10 healthcare technology companies and 10 healthcare providers interact virtually within the framework of a "Health IT Innovation Matching System".  Then, in one place at one time, those that match can meet for a dialog about piloting these new applications, realizing that there is risk but also market differentiation for those early adopters that achieve breakthrough results.

I like it - a kind of eHarmony for IT.   I can pre-screen my vendors and we can determine if there is a fit before we spend time in meetings.

BIDMC will participate in the May 26 event.  I'll let you know how Speed Dating for IT goes.  My wife has given her approval.

Cool Technology of the Week

As a glasses wearer for over 40 years, I've been an active user of many lens "technologies"   Now that I'm nearly 50, I wear progressive lenses which ease my eye strain during screen time and close up work.

However, there is an issue - when I look down, I lose my distance vision.   My prescription is -7 diopters so I cannot easily switch between two pairs of glasses, one for distance and one for closeup.   An ideal bifocal would enable me to change the  my glasses prescription in real time.

That's now possible with the PixelOptics electronic lens built with liquid crystal technology.

The lenses are made by Panasonic and change prescription on command, either via head movement or by activating a switch.

The hold a charge for 3 days.

Currently, they cost about $1000, but I expect that to come down as demand causes manufacturing scale to expand.

Glasses that change prescription on the fly.  That's cool!

I Could Have Had a V8

For the past 10 years, I've kayaked the Charles River several times a week between April and October.   Rather than owning a kayak, I've purchased a season pass from Charles River Canoe and Kayak.

This year, I found a kayak with the ideal combination of speed, size, weight, stability, and workmanship - the Epic V8 Surfski (pictured above).

In the past, I've considered products from KayakPro, Think, and Epic  kayaks such as the V10.

Each was lacking something.   The Epic V8 has it all.

*It's fast, enabling me to maintain a 6 mph pace
*It fits in my 19 foot garage, while most other surfskis are longer than 20 feet
*It weighs 30 pounds, so I can easily take it on and off the car myself
*It's stable in rough, windy conditions, even when speeding bass fishermen create 3 foot wakes
*It's a high quality boat with excellent engineering and  kevlar/carbon materials at a reasonable price

It's taken a decade of waiting for this perfect design, but I've finally purchased my own kayak.  Now I'll never need to make the statement, "I could have had a V8".

Breach Fatigue

You've read about the Sony privacy breach, the Epsilon email compromise, and recent high profile privacy breach settlements.

Every day the headlines are filled with so many such security issues that it almost seems like background noise.   Just as too much decision support can result in alert fatigue and too many false alarms can result in alarm fatigue, the barrage of security breach news can lead to breach fatigue, causing you to let down your guard.   Forewarned is forearmed, so push aside your breach fatigue and plan for the day when you will have to run your own breach notification.   Here's a task list to guide you:

Immediate response actions
 Report to Police Department
 Notify Legal Counsel
 Notify Privacy Officer
 Notify CEO
 Notify Clinical and IT Leadership
 Notify Board of Directors
 Notify Liability Insurer
 Develop action plan

Analysis
 Inventory unsecured data
 Draft Risk Assessment rules (what data in combination is reportable i.e. name + social security number)
 Finalize Risk Assessment rules
 Conduct Risk Assessment
 Complete Risk Assessment Report
 Complete Reporting Requirements Report

Regulatory Reporting and Notifications
 Define practice strategy/approach
 Initial communication with practices
 Notifications
  Draft notification to Media
  Oral notification to federal/state authorities including approval of notices
   Office of Civil Rights
   Attorney General
   Office of Consumer Affairs
 Practice approval of media notification
 Distribute notification to media
 Complete Practice specific spreadsheets
 Choose credit monitoring service
 Complete credit monitoring service contract
 Prepare Patient Notices

Practice related activities
Initial call
Follow-up visit scheduled
Practice packages complete
Practice packages delivered to practice
Re-identification visits scheduled  (to notify patients, you'll need addresses which may not be included in the actual data breached)
Re-identification complete
Patient notifications complete
Patient notifications sent
Attorney General reports filed
Office of Consumer Affairs reports filed
Office of Civil Rights reports filed

Communications
Prepare talking points for various channels
Staff a communication office (approximately 10% of notified patients will call)

Remediation
Cross-Organizational Review of processes and procedures which led to the breach
Remediation of root causes
Security policy updates as needed
Laptop encryption as needed
Additional training as needed

Follow the advice of your privacy officer and your legal counsel completely.   Be transparent.   Over communicate.   Use the event as a teachable moment for your organization and your community.  Be humble and apologize.   Protect the patients and the providers.

As we continue the journey toward automation of electronic records to enhance safety and quality, we must retain the trust of our patients.   Following the plan above will go far to address those events that occur as we all learn how to be better protectors of the data we host.

Meaningful Use Payments

Now that eligible professionals and hospitals are attesting to Meaningful Use, they are asking how and when incentives payments will be made.  Here's the answer from CMS:

For eligible professionals (EPs), incentive payments for the Medicare EHR Incentive Program will be made approximately four to eight weeks after an EP successfully attests that they have demonstrated meaningful use of certified EHR technology. However, EPs will not receive incentive payments within that timeframe if they have not yet met the threshold for allowed charges for covered professional services furnished by the EP during the year. Payments will be held until the EP meets the $24,000 threshold in allowed charges for calendar year 2011 in order to maximize the amount of the EHR incentive payment they receive. If the EP has not met the $24,000 threshold in allowed charges by the end of calendar year 2011, CMS expects to issue an incentive payment for the EP in March 2012 (allowing 60 days after the end of the 2011 calendar year for all pending claims to be processed).

Payments to Medicare EPs will be made to the taxpayer identification number (TIN) selected at the time of registration, through the same channels their claims payments are made. The form of payment (electronic funds transfer or check) will be the same as claims payments.

Bonus payments for EPs who practice predominantly in a geographic Health Professional Shortage Area (HPSA) will be made as separate lump-sum payments no later than 120 days after the end of the calendar year for which the EP was eligible for the bonus payment.

Please note that the 90-day reporting period an EP selects does not affect the amount of the EHR incentive payments. The Medicare EHR incentive payments to EPs are based on 75% of the estimated allowed charges for covered professional services furnished by the EP during the entire payment year. If the EP has not met the $24,000 threshold in allowed charges at the time of attestation, CMS will hold the incentive payment until the EP meets the threshold as described above.

Medicare EHR incentive payments to eligible hospitals and critical access hospitals (CAHs) will also be made approximately four to eight weeks after the eligible hospital or CAH successfully attests to having demonstrated meaningful use of certified EHR technology. Eligible hospitals and CAHs will receive an initial payment and a final payment. Eligible hospitals and CAHs that attest in April can receive their initial payment as early as May 2011. Final payment will be determined at the time of settling the hospital cost report.

Please note that the Medicaid incentives will be paid by the States, but the timing will vary according to State. Please contact your State Medicaid Agency for more details about payment.

For more information about the Medicare and Medicaid EHR Incentive Program, visit the website.

For an overview, see the Medicare Learning Network (MLN) Matters Special Edition article (SE1111) – Medicare Electronic Health Record (EHR) Incentive Payment Process.

IMPORTANT NOTE: Medicare Administration Contractors (MACs), carriers, and Fiscal Intermediaries (FIs) will not be making Medicare EHR incentive payments. CMS has contracted with a Payment File Development Contractor to make these payments.

DON'T: Call your MAC/Carrier/FI with questions about your EHR incentive payment.
INSTEAD: Call the EHR Information Center

Hours of Operation: 7:30 a.m. – 6:30 p.m. (Central Time) Monday through Friday, except federal holidays.
1-888-734-6433 (primary number) or 888-734-6563 (TTY number).