There are many cool iPad/iPhone apps, but I recently found one that is simple and elegant - Photosynth
Using your mobile device, you can snap photos of the world around you and Photosynth reassembles the images into a 3D panorama. I was amazed by the speed and accuracy of the photo stitching in the application.
Here are a few examples
Yosemite Valley
Tuolumne Meadows
Boulder Colorado
Photographing the world around you and creating an instant panorama on your mobile device.
That's cool!
The SCOTUS Healthcare Reform Decision
Healthcare reform requires a foundation of healthcare IT in order to be successful including:
*Universal adoption of EHRs
*Frictionless exchange of healthcare information with patient consent
*Widespread use of Personal Health Records
*Analytics to support quality and cost measurement
*Decision Support to deliver the right care at the right time
The SCOTUS decision to uphold the healthcare reform law ensures that these foundational components will still have urgency, since every provider organization will be motivated to implement them in order thrive in the healthcare marketplace of the future.
*Universal adoption of EHRs
*Frictionless exchange of healthcare information with patient consent
*Widespread use of Personal Health Records
*Analytics to support quality and cost measurement
*Decision Support to deliver the right care at the right time
The SCOTUS decision to uphold the healthcare reform law ensures that these foundational components will still have urgency, since every provider organization will be motivated to implement them in order thrive in the healthcare marketplace of the future.
Our Cancer Journey Week 27
Fatigue. It's not clear whether it's the daily strain of driving to and from the hospital for 7 weeks or Kathy's body trying to rebuild the damage done by 15 consecutive radiation doses, but she is tired.
We still get up at 5am each day to care for the chickens/guinea fowl, turn the compost, refill water/food, manage the woodlot, and ready our property for the llama (our new guard llama is pictured above) and alpacas which are arriving in a month.
Kathy generally keeps my schedule and is on the go 20 hours a day. Now that she's in the third week of radiation therapy, she's ready for sleep by 8:30pm.
She has no pain, swelling or discomfort (other than continued numbness in her feet which impacts her ability to stand for long periods), but the home stretch in our cancer journey is like the last few miles of a marathon. The joy of completion is offset by dwindling energy reserves and a desire for it to be over.
By July 31, the treatment phase of chemotherapy, surgery, and radiation will be done. We hope that the miracle of remission will continue for many years to come. However, it is clear that as the journey ends, the celebratory dancing will have to wait until the fatigue, the emotional drain, and residual numbness resolve with time.
Radiation therapy is far more benign than chemotherapy, but daily dosing feels unrelenting. All will be well and the exhaustion will be replaced by endless energy as our barnyard expands with the animals and plants we've envisioned.
We still get up at 5am each day to care for the chickens/guinea fowl, turn the compost, refill water/food, manage the woodlot, and ready our property for the llama (our new guard llama is pictured above) and alpacas which are arriving in a month.
Kathy generally keeps my schedule and is on the go 20 hours a day. Now that she's in the third week of radiation therapy, she's ready for sleep by 8:30pm.
She has no pain, swelling or discomfort (other than continued numbness in her feet which impacts her ability to stand for long periods), but the home stretch in our cancer journey is like the last few miles of a marathon. The joy of completion is offset by dwindling energy reserves and a desire for it to be over.
By July 31, the treatment phase of chemotherapy, surgery, and radiation will be done. We hope that the miracle of remission will continue for many years to come. However, it is clear that as the journey ends, the celebratory dancing will have to wait until the fatigue, the emotional drain, and residual numbness resolve with time.
Radiation therapy is far more benign than chemotherapy, but daily dosing feels unrelenting. All will be well and the exhaustion will be replaced by endless energy as our barnyard expands with the animals and plants we've envisioned.
The Compliance Consensus
Per my previous blogs about the Summer of Compliance, we completed our multi-week joint IS/Compliance planning effort today.
To recap, first we listed regulatory and compliance risks and the policies/technologies needed to mitigate them. We then assigned these projects to 3 work teams to prioritize, estimate level of effort, and assign risk scores.
We then examined the total costs necessary to complete the prioritized projects.
The end result was that we identified 55 projects with $7.8 million dollars in capital costs. Our FY13 capital budget for security/compliance related projects is $4.2 million so we had to reduce the list of projects by $3.6 million.
The end result is that we identified malware controls as the highest priority, followed by mobile device encryption. All projects related to these general categories will be done first.
Other key items are data loss prevention for emails sent to commercial email providers, blocking of cloud storage services, restriction on outbound internet traffic (machines sending data to unauthorized organizations), and adaptive authentication.
Items to consider deferring due to capital expense include additional e-discovery infrastructure, network access control technologies, and enterprise mobile device management applications. These are desirable and likely will be done next year.
The end result of this exercise - a jointly agreed upon list of priorities, budgets, and timelines for compliance work over the next year.
With a mutual understanding of the time, scope, and resources, we can triage any new requests with the perspective of the work we've already agreed to do. Given that time and resources are known, adding scope means taking something off the list.
I look forward to the year ahead and policy/technology work needed to ensure we not only follow standard practices, but best practices.
To recap, first we listed regulatory and compliance risks and the policies/technologies needed to mitigate them. We then assigned these projects to 3 work teams to prioritize, estimate level of effort, and assign risk scores.
We then examined the total costs necessary to complete the prioritized projects.
The end result was that we identified 55 projects with $7.8 million dollars in capital costs. Our FY13 capital budget for security/compliance related projects is $4.2 million so we had to reduce the list of projects by $3.6 million.
The end result is that we identified malware controls as the highest priority, followed by mobile device encryption. All projects related to these general categories will be done first.
Other key items are data loss prevention for emails sent to commercial email providers, blocking of cloud storage services, restriction on outbound internet traffic (machines sending data to unauthorized organizations), and adaptive authentication.
Items to consider deferring due to capital expense include additional e-discovery infrastructure, network access control technologies, and enterprise mobile device management applications. These are desirable and likely will be done next year.
The end result of this exercise - a jointly agreed upon list of priorities, budgets, and timelines for compliance work over the next year.
With a mutual understanding of the time, scope, and resources, we can triage any new requests with the perspective of the work we've already agreed to do. Given that time and resources are known, adding scope means taking something off the list.
I look forward to the year ahead and policy/technology work needed to ensure we not only follow standard practices, but best practices.
Outbound Spam Blocking
Here's a new twist on the Spam problem.
What if one of your users falls prey to a phishing scam and enters their username/password into a hacker's website?
The hacker then logs into that user's email account and sends spam with your corporate return address.
AOL, Yahoo, Comcast and other commercial email providers blacklist your domain so no email flows to commercial addresses.
In our case, this happened briefly.
We first contacted all the major commercial email providers to inform them that we are a legitimate business and not a spammer.
We checked blacklist sites to ensure we were not flagged as a spammer (or contacted those services/companies which had marked us as such)
To prevent the problem from recurring, we enhanced our Proofpoint email appliance as follows:
If a message is sent that has a spam score of 100 and has more than 25 recipients take the following actions, we
1. Quarantine the message
2. Send an alert to the user to contact the IS Support center to make sure there account has not been compromised
3. Alert the messaging team of the quarantined message for remediation
Who would have thought that a single user, falling prey to phishing scheme, could result in the blocking of commercial email flow?
The internet can be a swamp of malware and malcontents!
What if one of your users falls prey to a phishing scam and enters their username/password into a hacker's website?
The hacker then logs into that user's email account and sends spam with your corporate return address.
AOL, Yahoo, Comcast and other commercial email providers blacklist your domain so no email flows to commercial addresses.
In our case, this happened briefly.
We first contacted all the major commercial email providers to inform them that we are a legitimate business and not a spammer.
We checked blacklist sites to ensure we were not flagged as a spammer (or contacted those services/companies which had marked us as such)
To prevent the problem from recurring, we enhanced our Proofpoint email appliance as follows:
If a message is sent that has a spam score of 100 and has more than 25 recipients take the following actions, we
1. Quarantine the message
2. Send an alert to the user to contact the IS Support center to make sure there account has not been compromised
3. Alert the messaging team of the quarantined message for remediation
Who would have thought that a single user, falling prey to phishing scheme, could result in the blocking of commercial email flow?
The internet can be a swamp of malware and malcontents!
Taking Sustainability to the Next Step
I've written previously about sustainability and my efforts to maintain a green lifestyle at home as well as create green data centers.
Now that my wife and I have moved to a rural location, we have have many more opportunities to implement alternative energy resources than in our slate roofed 1930's home in Wellesley. We've begun the study of solar technology in depth.
Photovoltaic prices have dropped, efficiencies have increased, and reliability has improved. Federal tax credits (30% of purchase price) are available until 2016. Massachusetts state tax credits for 15% of the purchase price up to $1000 are available.
Our barn is entirely south facing and we can install enough Hyundai Heavy Industries HiS-S245MG(BK) modules to generate 8351 kilowatt hours of power per year, about half the projected energy needs for the farm.
Although panels are at their lowest prices in history and the technology is better than ever before, the rapid evolution of panels means they will be obsolete within 5 years, although they will continue to function for at least 20. The solar panels of the future may be a thin film directly applied to shingles or three dimensional high output arrays
This presents us with a challenge - do we buy a technology that will rapidly evolve? Do we lease the panels, give the tax credit to the leasing company,and avoid the capital costs of a purchase/the operating costs of maintenance/the need to own the panels.
We've looked at Sungevity and other solar leasing companies and the notion of capturing the savings of a 50% reduction in energy bills without having to worry about lifecycle management or obsolesce seems attractive.
Since we're replacing the roof on the barn over the next year, it makes great sense to put solar panels with a 20 year life on top of a new roof with a 25 year life. At the end of 20 years, the leasing company simply hauls away the panels. Our cost of the lease is about $100 per month, netting us about a $10,000 savings in energy costs over the life of the lease.
Have you purchased or leased panels? Is leasing the right choice to capture the savings without the ownership risks of rapidly evolving technology?
For us, there's an opportunity to get closer to off grid living. Capturing the tax credits and incentives before they expire seems like the right thing to do. I welcome others experiences.
Now that my wife and I have moved to a rural location, we have have many more opportunities to implement alternative energy resources than in our slate roofed 1930's home in Wellesley. We've begun the study of solar technology in depth.
Photovoltaic prices have dropped, efficiencies have increased, and reliability has improved. Federal tax credits (30% of purchase price) are available until 2016. Massachusetts state tax credits for 15% of the purchase price up to $1000 are available.
Our barn is entirely south facing and we can install enough Hyundai Heavy Industries HiS-S245MG(BK) modules to generate 8351 kilowatt hours of power per year, about half the projected energy needs for the farm.
Although panels are at their lowest prices in history and the technology is better than ever before, the rapid evolution of panels means they will be obsolete within 5 years, although they will continue to function for at least 20. The solar panels of the future may be a thin film directly applied to shingles or three dimensional high output arrays
This presents us with a challenge - do we buy a technology that will rapidly evolve? Do we lease the panels, give the tax credit to the leasing company,and avoid the capital costs of a purchase/the operating costs of maintenance/the need to own the panels.
We've looked at Sungevity and other solar leasing companies and the notion of capturing the savings of a 50% reduction in energy bills without having to worry about lifecycle management or obsolesce seems attractive.
Since we're replacing the roof on the barn over the next year, it makes great sense to put solar panels with a 20 year life on top of a new roof with a 25 year life. At the end of 20 years, the leasing company simply hauls away the panels. Our cost of the lease is about $100 per month, netting us about a $10,000 savings in energy costs over the life of the lease.
Have you purchased or leased panels? Is leasing the right choice to capture the savings without the ownership risks of rapidly evolving technology?
For us, there's an opportunity to get closer to off grid living. Capturing the tax credits and incentives before they expire seems like the right thing to do. I welcome others experiences.
Cool Technology of the Week
Traffic in Massachusetts can be challenging. Our farm is 16 miles from Beth Israel Deaconess, which means that my commute ranges from half an hour to 2 hours.
The Google Map screen shot above illustrates the issue, showing how current traffic can extend the commute to from 35 minutes to over an a hour.
Red Sox games, college move ins, and inclement weather can truly disrupt the cadence of a day.
What do I use to adjust my commute in real time? Toyota Entune, a free iPhone app for Toyota owners.
As a Prius driver since 2005, I log over 30,000 miles a year in hybrid vehicles visiting all the BIDMC affiliates throughout Eastern Massachusetts. In early 2012, I purchased a Prius V which serves as a kind of hybrid truck for my day job and my farm duties.
Toyota Entune provides real time traffic speeds (as well as many other interactive features). I simply connect my iPhone 4S to the Prius V via USB and immediately the car integrates real time traffic flow data into the navigation system via my data plan.
Entune can automatically reroute while you're driving based on optimal commute times, fuel efficiency or distance. Each day I avoid road construction, accidents and even Red Sox home games (which are shown in detail on the Entune connected Prius Nav System). The end result is that I save an hour a day and my commute with Entune from the farm is even faster that my old commute to Wellesley.
Real time optimized navigation via an iPhone app connected to your car's navigation system. That's cool!
The Google Map screen shot above illustrates the issue, showing how current traffic can extend the commute to from 35 minutes to over an a hour.
Red Sox games, college move ins, and inclement weather can truly disrupt the cadence of a day.
What do I use to adjust my commute in real time? Toyota Entune, a free iPhone app for Toyota owners.
As a Prius driver since 2005, I log over 30,000 miles a year in hybrid vehicles visiting all the BIDMC affiliates throughout Eastern Massachusetts. In early 2012, I purchased a Prius V which serves as a kind of hybrid truck for my day job and my farm duties.
Toyota Entune provides real time traffic speeds (as well as many other interactive features). I simply connect my iPhone 4S to the Prius V via USB and immediately the car integrates real time traffic flow data into the navigation system via my data plan.
Entune can automatically reroute while you're driving based on optimal commute times, fuel efficiency or distance. Each day I avoid road construction, accidents and even Red Sox home games (which are shown in detail on the Entune connected Prius Nav System). The end result is that I save an hour a day and my commute with Entune from the farm is even faster that my old commute to Wellesley.
Real time optimized navigation via an iPhone app connected to your car's navigation system. That's cool!
Our Cancer Journey Week 27
Although radiation therapy is the easiest part of the journey thus far (except for the daily drives into Boston for treatment), we're awaiting the symptoms that will develop 2 to 3 weeks into the process. Although Kathy has not yet experienced any skin changes, she is beginning to feel the transient shooting breast pain we were warned about. Overall it's a small price to pay for preventative value of radiation therapy.
It's been a good week for Kathy and for Unity Farm (our property was the site of Unity Meeting House in the 1700's). All twelve chickens are old enough to live in the coop and we've moved our house rabbits into the pen, so that our paddock looks like a Cadbury Easter egg commercial - clucking chickens and rabbits running around together. We readied an acre of pasture for a new fence and redesigned the area around the barn to accommodate the herd of alpaca and llama which arrive this Summer. We rebuilt the hayloft, added electrical and water systems to the barnyard, and cleaned out the woodlot. Despite the persistent numbness and foot pain, Kathy has been keeping up with the farm activities and I devote my nights and weekends to heavy lifting. We're both sleeping a bit more and I've lost 5 pounds via the "farm workout" program.
One aspect of the cancer journey worth highlighting is the community of former patients, current patients, and future patients that connect in support of each other. Every week I receive a call from a friend or colleague explaining that they, their sister, or their spouse has been recently diagnosed with breast cancer. To me it seems like an epidemic. There is truly one degree of separation among everyone I know and breast cancer.
Thus, the journey continues and we are actively helping others with advice, encouragement, and prayers. Radiation Therapy feels like the last step in a long process, but we know the relief at the end of the journey will be complicated by the emotional and physical strain accumulated along the way. Watching the chickens chase the fireflies at dusk makes every day a bit better.
It's been a good week for Kathy and for Unity Farm (our property was the site of Unity Meeting House in the 1700's). All twelve chickens are old enough to live in the coop and we've moved our house rabbits into the pen, so that our paddock looks like a Cadbury Easter egg commercial - clucking chickens and rabbits running around together. We readied an acre of pasture for a new fence and redesigned the area around the barn to accommodate the herd of alpaca and llama which arrive this Summer. We rebuilt the hayloft, added electrical and water systems to the barnyard, and cleaned out the woodlot. Despite the persistent numbness and foot pain, Kathy has been keeping up with the farm activities and I devote my nights and weekends to heavy lifting. We're both sleeping a bit more and I've lost 5 pounds via the "farm workout" program.
One aspect of the cancer journey worth highlighting is the community of former patients, current patients, and future patients that connect in support of each other. Every week I receive a call from a friend or colleague explaining that they, their sister, or their spouse has been recently diagnosed with breast cancer. To me it seems like an epidemic. There is truly one degree of separation among everyone I know and breast cancer.
Thus, the journey continues and we are actively helping others with advice, encouragement, and prayers. Radiation Therapy feels like the last step in a long process, but we know the relief at the end of the journey will be complicated by the emotional and physical strain accumulated along the way. Watching the chickens chase the fireflies at dusk makes every day a bit better.
The June HIT Standards Committee
The June HIT Standards Committee focused on several important issues related to the real world implementation of healthcare information exchange.
Judy Murphy, Deputy National Coordinator, began the meeting by announcing the progress we've all made on EHR adoption and use of federally mandated standards. 110,000 clinicians have attested to meaningful use and 2400 hospitals have achieved this milestone. $5.7 billion in stimulus payments have been made.
We then began a detailed review of the Governance RFI by the NwHIN Power Team. Dixie Baker presented useful background on the Governance RFI defining the terms "Conditions for Trusted Exchange", "Accreditation Body", "Validation Body", "NwHIN Validated Entity", and "Readiness Classification". With that foundation, she presented the two key recommendations from the NwHIN Power Team
*Safeguards Conditions for Trusted Exchange, which are basic policies ensuring trust that do not change often, should be codified in federal regulations
*Interoperability Conditions for Trusted Exchange, which are the technologies that ensure the security of the trust fabric, will evolve rapidly and in the interest of agility should be established collaboratively by the Validation Bodies with oversight by ONC.
A robust discussion followed and we concluded that the validation bodies should not choose the interoperability conditions for trusted exchange. Instead, a public/private body, such as the HIT Standards Committee should perform this task, similar in concept to certification criteria. Certification bodies do not set standards and certification criteria, they look to federal regulation for those details.
Dixie discussed in detail the 21 questions from the RFI that were assigned to the NwHIN Power Team. The Standards Committee agreed with most of the recommendations, but had a lengthly discussion about three concepts
*Need to be careful to respect existing laws such as HIPAA. This can be accomplished by enumerating current HIPAA addressable criteria as individual conditions for trusted exchange
*Need to be consider a modular approach to validation, given that different network participants may offer different services that have different conditions for trusted exchange
*Need to be careful about the scope of the conditions for trusted exchange. Does it require all payers to establish new agreements with existing administrative trading partners? Although the Governance RFI is a real enabler for clinical data exchange which is largely a work in progress, it could be burden on existing administrative data exchange.
Dixie also presented the comments from the Privacy and Security Workgroup.
Jamie Ferguson and Betsy Humphreys presented a summary of the Vocabulary task force recommendations for value and code sets. The announced the culmination of two years of work - CMS has agreed to fund a curated national vocabulary repository to be hosted at NLM which will make all the necessary meaningful use code sets and crosswalks available to all stakeholders at no charge. A true milestone in inoperability that addresses all the Vocabulary Task Force recommendations.
Next, Majorie Rollins and Leslie Kelly Hall presented a summary of the Hearings on Clinical Quality and Patient-Generated Data. There is a great deal of excitement about creating quality measures that are based on current EHR data elements that are captured as part of normal clinical workflows. Similarly, there was universal agreement on the importance of patient sourced data regarding functional status, symptoms, care preferences and consent.
Doug Fridsma presented an update on the S&I Framework, highlighting the work in progress, the new initiatives, and the plans post ARRA funding that will ensure tighter integration of the Standards Committee, the Standards Development Organizations, and the S&I Framework teams. We'll discuss this topic in more detail at the July meeting.
Finally, John Derr and John Feikema updated the committee on the status of Long-Term and Post-Acute Care (LTPAC) Initiatives. All agreed that LTPAC workflows should be incorporated into future Federal meaningful programs. I highlighted the work of Larry Garber in Massachusetts to accelerate LTPAC integration into the state HIE. http://www.nehcc.com/_documents/_session_handouts/garber-improving-massachusetts-post-acute-care-transfers.pdf
A powerful meeting with many debates, but consensus on the recommendations needed to accelerate real world interoperability.
Judy Murphy, Deputy National Coordinator, began the meeting by announcing the progress we've all made on EHR adoption and use of federally mandated standards. 110,000 clinicians have attested to meaningful use and 2400 hospitals have achieved this milestone. $5.7 billion in stimulus payments have been made.
We then began a detailed review of the Governance RFI by the NwHIN Power Team. Dixie Baker presented useful background on the Governance RFI defining the terms "Conditions for Trusted Exchange", "Accreditation Body", "Validation Body", "NwHIN Validated Entity", and "Readiness Classification". With that foundation, she presented the two key recommendations from the NwHIN Power Team
*Safeguards Conditions for Trusted Exchange, which are basic policies ensuring trust that do not change often, should be codified in federal regulations
*Interoperability Conditions for Trusted Exchange, which are the technologies that ensure the security of the trust fabric, will evolve rapidly and in the interest of agility should be established collaboratively by the Validation Bodies with oversight by ONC.
A robust discussion followed and we concluded that the validation bodies should not choose the interoperability conditions for trusted exchange. Instead, a public/private body, such as the HIT Standards Committee should perform this task, similar in concept to certification criteria. Certification bodies do not set standards and certification criteria, they look to federal regulation for those details.
Dixie discussed in detail the 21 questions from the RFI that were assigned to the NwHIN Power Team. The Standards Committee agreed with most of the recommendations, but had a lengthly discussion about three concepts
*Need to be careful to respect existing laws such as HIPAA. This can be accomplished by enumerating current HIPAA addressable criteria as individual conditions for trusted exchange
*Need to be consider a modular approach to validation, given that different network participants may offer different services that have different conditions for trusted exchange
*Need to be careful about the scope of the conditions for trusted exchange. Does it require all payers to establish new agreements with existing administrative trading partners? Although the Governance RFI is a real enabler for clinical data exchange which is largely a work in progress, it could be burden on existing administrative data exchange.
Dixie also presented the comments from the Privacy and Security Workgroup.
Jamie Ferguson and Betsy Humphreys presented a summary of the Vocabulary task force recommendations for value and code sets. The announced the culmination of two years of work - CMS has agreed to fund a curated national vocabulary repository to be hosted at NLM which will make all the necessary meaningful use code sets and crosswalks available to all stakeholders at no charge. A true milestone in inoperability that addresses all the Vocabulary Task Force recommendations.
Next, Majorie Rollins and Leslie Kelly Hall presented a summary of the Hearings on Clinical Quality and Patient-Generated Data. There is a great deal of excitement about creating quality measures that are based on current EHR data elements that are captured as part of normal clinical workflows. Similarly, there was universal agreement on the importance of patient sourced data regarding functional status, symptoms, care preferences and consent.
Doug Fridsma presented an update on the S&I Framework, highlighting the work in progress, the new initiatives, and the plans post ARRA funding that will ensure tighter integration of the Standards Committee, the Standards Development Organizations, and the S&I Framework teams. We'll discuss this topic in more detail at the July meeting.
Finally, John Derr and John Feikema updated the committee on the status of Long-Term and Post-Acute Care (LTPAC) Initiatives. All agreed that LTPAC workflows should be incorporated into future Federal meaningful programs. I highlighted the work of Larry Garber in Massachusetts to accelerate LTPAC integration into the state HIE. http://www.nehcc.com/_documents/_session_handouts/garber-improving-massachusetts-post-acute-care-transfers.pdf
A powerful meeting with many debates, but consensus on the recommendations needed to accelerate real world interoperability.
Meaningful Consent
One major issue facing private and public Health Information Exchanges (HIE) is how to ensure patients privacy preferences are respected by obtaining their consent before data is shared. This Boston Globe article illustrates the complexity of the issue.
Today I met with a multi-disciplinary team of attorneys, vendor experts, and IT leaders to discuss BIDMC's approach to private HIE consent.
After two hours of discussion, here's what we agreed upon:
Patients and families should be able to control the flow of their data among institutions. The ability for the patient to chose what flows where for what purpose is "meaningful consent"
To achieve "meaningful consent" we will ask all the patients of our 1800 BIDMC associated ambulatory clinicians to opt in for data sharing among the clinicians coordinating their care.
Patients may revoke this consent at any time.
Consent for patients under 18 years old and not emancipated will be sought from their parents. Upon turning 18, the patients themselves will select their consent preferences.
The process for sharing data will function as follows
*Authorized clinicians with a need to know clinical information for treatment, payment or operations will electronically request a view of data from a community practice using our "magic button" protocol
Only patients shared in common between the two organizations can be queried.
All requests will be audited.
Data will be displayed from organizations where the patient has opted in for disclosure of their information. There will not be a "break the glass" feature to override patient privacy preferences (or lack of preferences).
We feel that asking for opt in consent to disclose is the most patient centric approach to protecting privacy and today we agreed to do it for all our community practices, both private and owned.
This practice mirrors what the Massachusetts public HIE will do as it evolves from a "push" model to a "pull" model" over the next few years. Starting this month, we'll record opt in consents at the BIDMC community level, but by 2014 all consents will be recorded at the state level.
Opt in consent to disclose with the ease of opting out at any time will work well for private and public HIEs.
Today I met with a multi-disciplinary team of attorneys, vendor experts, and IT leaders to discuss BIDMC's approach to private HIE consent.
After two hours of discussion, here's what we agreed upon:
Patients and families should be able to control the flow of their data among institutions. The ability for the patient to chose what flows where for what purpose is "meaningful consent"
To achieve "meaningful consent" we will ask all the patients of our 1800 BIDMC associated ambulatory clinicians to opt in for data sharing among the clinicians coordinating their care.
Patients may revoke this consent at any time.
Consent for patients under 18 years old and not emancipated will be sought from their parents. Upon turning 18, the patients themselves will select their consent preferences.
The process for sharing data will function as follows
*Authorized clinicians with a need to know clinical information for treatment, payment or operations will electronically request a view of data from a community practice using our "magic button" protocol
Only patients shared in common between the two organizations can be queried.
All requests will be audited.
Data will be displayed from organizations where the patient has opted in for disclosure of their information. There will not be a "break the glass" feature to override patient privacy preferences (or lack of preferences).
We feel that asking for opt in consent to disclose is the most patient centric approach to protecting privacy and today we agreed to do it for all our community practices, both private and owned.
This practice mirrors what the Massachusetts public HIE will do as it evolves from a "push" model to a "pull" model" over the next few years. Starting this month, we'll record opt in consents at the BIDMC community level, but by 2014 all consents will be recorded at the state level.
Opt in consent to disclose with the ease of opting out at any time will work well for private and public HIEs.
Assessing Risk
As part of the Summer of Compliance, we completed our first prioritization meeting.
We reviewed more than 50 risks in deal and devised a process to prioritize them.
After much discussion, we decided to assign 3 workgroups the task of intensively reviewing the risks as follows
Teams
There were fifty-five items in the list. We clustered them into eight categories.
1 - Access management (7 items)
2 - Policy and other (7 items)
3 - Content management (9 items)
4 - Monitoring and containment (9 items)
5 - Desktop (8 items)
6 - Mobile computing (4 items)
7 - Data network (6 items)
8 - Facilities (5 items)
Those related to Facilities are part of our multi-year disaster recovery project. They involve mechanical, electrical and environmental monitoring. Although disaster recovery is a component of HIPAA's security rule, we'll decided to exclude these from our scoring activity. The projects already underway and are largely managed by dedicated IS teams.
To collapse the rest into the three groups, we clustered our risks into categories and teams as follows:
Team 1 - Access management and policy/other (14 items)
Team 2 - Content management and monitoring/containment (18 items)
Team 3 - Desktop, mobile computing and data network (18 items)
We assigned 5 members to each team including appropriate representatives from IS and compliance. We also designated team leader.
Deliverables
We created a scoring spreadsheet and gave each team the following instructions
"For items 1 to 5, please use a 1 to 5 Likert scale for your ratings. As you can see, the lower the rating the less work, less impact, and less risk. Vice versa for higher ratings.
1. Rate the workforce impact or "disruption factor". Rate from 1 to 5; minimal to significant. Do this for both the initial (first 6 months) and on-going impact.
2. Probability the vulnerability we are trying to protect against will occur. Rate from 1 to 5; unlikely to very likely.
3. Impact if the vulnerability does manifest itself. Rate from 1 to 5; minimal to significant.
4. Overall Compliance effort required. Rate from 1 to 5; minimal to significant.
5. Overall Information Systems effort required. Rate from 1 to 5; minimal to significant.
6. One-time capital estimate. Consider application software, professional services, training, hardware, data base software, and other items normally charged to one-time capital for projects such as these.
7. One-time internal labor. Estimate in FTE's. For example, a project requiring 520 hours of internal labor would be (520/2080) or .25 FTE. Consider the full range of activities normally undertaken to bring a system into production.
8. Recurring internal labor. Post-go live support also expressed in FTE.
9. Recurring maintenance and purchased services. Annual cost.
10. Recurring - other. Any remaining recurring support cost not included above. Annual cost.
11. Overall priority - 1 to 14 for Team 1 and 1 to 18 for Teams 2 and 3.
In addition to filling in the spreadsheet, please document whatever other factors you considered or would recommend with regard to the risk item. For example, you may suggest that an item be broken up into two or more projects to address the most important elements (80/20 rule) and keep parse the costs."
Deadlines
We asked the team leaders to submit their completed spreadsheets by June 22 so that everyone has a chance to review their work before our next planning meeting on June 27.
On June 26th, the team leaders will meet with me to consolidate all their recommendations into a single list.
On Wednesday, June 27th from 2-4pm, we will meet with all the stakeholders to present a summarization of Team deliverables, complete a consolidated ranking of all risk items, set a tentative timeline for each item by fiscal year, and identify a sponsor or lead for each item.
The end result will be a multidisciplinary compliance priority list and work plan for the next two years.
I'll let know if this formal process works to bring order to a large body of work. At the point, I'm optimistic
We reviewed more than 50 risks in deal and devised a process to prioritize them.
After much discussion, we decided to assign 3 workgroups the task of intensively reviewing the risks as follows
Teams
There were fifty-five items in the list. We clustered them into eight categories.
1 - Access management (7 items)
2 - Policy and other (7 items)
3 - Content management (9 items)
4 - Monitoring and containment (9 items)
5 - Desktop (8 items)
6 - Mobile computing (4 items)
7 - Data network (6 items)
8 - Facilities (5 items)
Those related to Facilities are part of our multi-year disaster recovery project. They involve mechanical, electrical and environmental monitoring. Although disaster recovery is a component of HIPAA's security rule, we'll decided to exclude these from our scoring activity. The projects already underway and are largely managed by dedicated IS teams.
To collapse the rest into the three groups, we clustered our risks into categories and teams as follows:
Team 1 - Access management and policy/other (14 items)
Team 2 - Content management and monitoring/containment (18 items)
Team 3 - Desktop, mobile computing and data network (18 items)
We assigned 5 members to each team including appropriate representatives from IS and compliance. We also designated team leader.
Deliverables
We created a scoring spreadsheet and gave each team the following instructions
"For items 1 to 5, please use a 1 to 5 Likert scale for your ratings. As you can see, the lower the rating the less work, less impact, and less risk. Vice versa for higher ratings.
1. Rate the workforce impact or "disruption factor". Rate from 1 to 5; minimal to significant. Do this for both the initial (first 6 months) and on-going impact.
2. Probability the vulnerability we are trying to protect against will occur. Rate from 1 to 5; unlikely to very likely.
3. Impact if the vulnerability does manifest itself. Rate from 1 to 5; minimal to significant.
4. Overall Compliance effort required. Rate from 1 to 5; minimal to significant.
5. Overall Information Systems effort required. Rate from 1 to 5; minimal to significant.
6. One-time capital estimate. Consider application software, professional services, training, hardware, data base software, and other items normally charged to one-time capital for projects such as these.
7. One-time internal labor. Estimate in FTE's. For example, a project requiring 520 hours of internal labor would be (520/2080) or .25 FTE. Consider the full range of activities normally undertaken to bring a system into production.
8. Recurring internal labor. Post-go live support also expressed in FTE.
9. Recurring maintenance and purchased services. Annual cost.
10. Recurring - other. Any remaining recurring support cost not included above. Annual cost.
11. Overall priority - 1 to 14 for Team 1 and 1 to 18 for Teams 2 and 3.
In addition to filling in the spreadsheet, please document whatever other factors you considered or would recommend with regard to the risk item. For example, you may suggest that an item be broken up into two or more projects to address the most important elements (80/20 rule) and keep parse the costs."
Deadlines
We asked the team leaders to submit their completed spreadsheets by June 22 so that everyone has a chance to review their work before our next planning meeting on June 27.
On June 26th, the team leaders will meet with me to consolidate all their recommendations into a single list.
On Wednesday, June 27th from 2-4pm, we will meet with all the stakeholders to present a summarization of Team deliverables, complete a consolidated ranking of all risk items, set a tentative timeline for each item by fiscal year, and identify a sponsor or lead for each item.
The end result will be a multidisciplinary compliance priority list and work plan for the next two years.
I'll let know if this formal process works to bring order to a large body of work. At the point, I'm optimistic
Cool Technology of the Week
Generally I write about a cool technology that I have personally tried. This week, I'm looking for advice.
With 12 chickens and 24 guinea hens in our coop, we're looking for a hen cam to keep an eye on our flock.
At hencam.com they use high end Toshiba IK-WB15A network cameras hardwired to an ethernet connection and uploaded to a web server.
Our coop has power but is about 100 feet away from our WiFi hotspot (and a hardwired connection would be challenging). A wireless IP camera that is web accessible would be ideal.
Does anyone have experience with products from Foscam or Lorex?
A simple, outdoor wireless camera with reasonable resolution and remote web accessibility will do the trick!
I look forward to your comments about the cool wireless cameras you've implemented.
With 12 chickens and 24 guinea hens in our coop, we're looking for a hen cam to keep an eye on our flock.
At hencam.com they use high end Toshiba IK-WB15A network cameras hardwired to an ethernet connection and uploaded to a web server.
Our coop has power but is about 100 feet away from our WiFi hotspot (and a hardwired connection would be challenging). A wireless IP camera that is web accessible would be ideal.
Does anyone have experience with products from Foscam or Lorex?
A simple, outdoor wireless camera with reasonable resolution and remote web accessibility will do the trick!
I look forward to your comments about the cool wireless cameras you've implemented.
Our Cancer Journey Week 26
Today, Kathy had her first radiation therapy session.
I drove her to the appointment out of concern for the unknown - would she feel pain? Would she be fatigued? Would there be any post treatment side effects?
The radiation oncology staff carefully aligned her body in the linear accelerator using the tattoos she received last week. She'll be receiving 25 doses of radiation to the left breast and 8 to the left axilla. Today's was to the left breast.
The actual treatment only lasted 3 minutes.
Post treatment she felt no burning and no pain. She was given a moisturizing cream to apply to the skin in the case of dryness or irritation.
After the treatment, I took her to lunch and we discussed the next 7 weeks.
She'll be driving into Boston every weekday. Treatments will typically be 3 minutes within a 30 minute appointment slot. Daily dosing means an intense 42 days of medical care.
Side effects from radiation are a bit hard to assess since Kathy is still feeling a bit fatigued from the chemotherapy and surgery she's experienced over the past 6 months.
Her mood is good, her numbness is improving, and her free time is spent caring for the chickens/guinea fowl and planning the herd of Alpaca we'll be bringing to our farm this Summer.
So far so good.
I drove her to the appointment out of concern for the unknown - would she feel pain? Would she be fatigued? Would there be any post treatment side effects?
The radiation oncology staff carefully aligned her body in the linear accelerator using the tattoos she received last week. She'll be receiving 25 doses of radiation to the left breast and 8 to the left axilla. Today's was to the left breast.
The actual treatment only lasted 3 minutes.
Post treatment she felt no burning and no pain. She was given a moisturizing cream to apply to the skin in the case of dryness or irritation.
After the treatment, I took her to lunch and we discussed the next 7 weeks.
She'll be driving into Boston every weekday. Treatments will typically be 3 minutes within a 30 minute appointment slot. Daily dosing means an intense 42 days of medical care.
Side effects from radiation are a bit hard to assess since Kathy is still feeling a bit fatigued from the chemotherapy and surgery she's experienced over the past 6 months.
Her mood is good, her numbness is improving, and her free time is spent caring for the chickens/guinea fowl and planning the herd of Alpaca we'll be bringing to our farm this Summer.
So far so good.
Setting Compliance Priorities
Today we begin the first of two compliance planning retreats at BIDMC as part of the Summer of Compliance
Recognizing the importance of compliance projects and the need to jointly set priorities between compliance experts and IT leadership, we're putting all the stakeholders together for discussion, debate, and project ranking.
Our agenda is here.
There are very large number of possible projects to address the constant stream of regulatory change.
To set priorities, we need to understand risks, change management complexity, and resource requirements.
As a first step, stakeholders were asked to bring an inventory of their risk concerns which vary from the challenge of personal devices used to check email to website defacement.
All technology projects require the joint participation of business owners and IT service providers. Projects are a function of scope, time and resources, all of which are limited.
The challenge of addressing regulatory requirements is that demand (which can be infinite) must be balanced with supply (which is fixed). Without prioritization it's like a farmer trying to put 100 pounds of manure into a 50 pound bag (sorry for the agricultural analogies).
I'm sure that other organizations have the same challenges, so I'll openly describe the process and our conclusions. Governance is a great way to set priorities when the projects as discretionary. With regulatory requirements, nothing is discretionary and everything is about the spectrum of risk.
I look forward to our work over the next two weeks.
Recognizing the importance of compliance projects and the need to jointly set priorities between compliance experts and IT leadership, we're putting all the stakeholders together for discussion, debate, and project ranking.
Our agenda is here.
There are very large number of possible projects to address the constant stream of regulatory change.
To set priorities, we need to understand risks, change management complexity, and resource requirements.
As a first step, stakeholders were asked to bring an inventory of their risk concerns which vary from the challenge of personal devices used to check email to website defacement.
All technology projects require the joint participation of business owners and IT service providers. Projects are a function of scope, time and resources, all of which are limited.
The challenge of addressing regulatory requirements is that demand (which can be infinite) must be balanced with supply (which is fixed). Without prioritization it's like a farmer trying to put 100 pounds of manure into a 50 pound bag (sorry for the agricultural analogies).
I'm sure that other organizations have the same challenges, so I'll openly describe the process and our conclusions. Governance is a great way to set priorities when the projects as discretionary. With regulatory requirements, nothing is discretionary and everything is about the spectrum of risk.
I look forward to our work over the next two weeks.
A Protagonist at the Harvard Business School
The faculty at the Harvard Business School wrote a case study about the November 13, 2002 CareGroup Network outage and use the case to teach healthcare leadership in the MBA and Executive Education programs.
I'm often invited to sit in the back of the room as the "protagonist" in the case while the students discuss my performance during the crisis.
It's always enlightening to listen to teams evaluate what I could have done better - seeking help faster, enhancing infrastructure sooner, developing more detailed disaster recovery policies etc.
Yesterday, I spent the afternoon with 60 healthcare leaders at an HBS Summer Course recounting my feelings, anxieties, blind spots, and hopes during the early hours of the crisis.
They initially evaluated my performance with letter grades that varied between A- to C-.
Then, they turned to ask more difficult questions - What would they do in a similar crisis? How could IT be better prepared for disaster?
They debated the balance between control and freedom, predictability and innovation, bureaucracy and agility.
After the class we had a great discussion about the era in which we live - organizations are increasingly matrixed and complex. Accountability is clear but authority is not. As CIOs we are responsible for ever increasing regulatory and compliance demands but we often lack the top down control of the global organization needed to enforce policies.
In 2002, the issue was infrastructure - lack of redundancy and hardware updates.
In 2012, the issues for CIOs are much more complex - mandates to control behavior throughout the organization (such as mobile device encryption) but challenging organizational dynamics to implement constraints on personal choice. Infrastructure is no longer a pain point - the Cloud makes it all so simple…
The class speculated that survival as a CIO is very difficult in 2012. Either the demands/expectation of the job have to change or the resources/authority needs to be increased.
Given the evolution of challenges from 2002 to 2012, it will be very interesting to watch the next 10 years. Who knows uncharted waters exist for 2022!
A great discussion with the class.
I'm often invited to sit in the back of the room as the "protagonist" in the case while the students discuss my performance during the crisis.
It's always enlightening to listen to teams evaluate what I could have done better - seeking help faster, enhancing infrastructure sooner, developing more detailed disaster recovery policies etc.
Yesterday, I spent the afternoon with 60 healthcare leaders at an HBS Summer Course recounting my feelings, anxieties, blind spots, and hopes during the early hours of the crisis.
They initially evaluated my performance with letter grades that varied between A- to C-.
Then, they turned to ask more difficult questions - What would they do in a similar crisis? How could IT be better prepared for disaster?
They debated the balance between control and freedom, predictability and innovation, bureaucracy and agility.
After the class we had a great discussion about the era in which we live - organizations are increasingly matrixed and complex. Accountability is clear but authority is not. As CIOs we are responsible for ever increasing regulatory and compliance demands but we often lack the top down control of the global organization needed to enforce policies.
In 2002, the issue was infrastructure - lack of redundancy and hardware updates.
In 2012, the issues for CIOs are much more complex - mandates to control behavior throughout the organization (such as mobile device encryption) but challenging organizational dynamics to implement constraints on personal choice. Infrastructure is no longer a pain point - the Cloud makes it all so simple…
The class speculated that survival as a CIO is very difficult in 2012. Either the demands/expectation of the job have to change or the resources/authority needs to be increased.
Given the evolution of challenges from 2002 to 2012, it will be very interesting to watch the next 10 years. Who knows uncharted waters exist for 2022!
A great discussion with the class.
An Honest Graduation Speech
My daughter graduated from Wellesley High School in 2011. Her favorite teacher was David McCullough Jr. (son of author/historian and Pulitzer Prize winner David McCullough)
David Jr. gave the commencement speech at Wellesley High School this year, delivering a sobering message.
"You are not special. You are not exceptional."
He noted that there are 37,000 valedictorians and that statistically the graduates of Wellesley High School are no different than those from countless other schools throughout the country.
His point was to live life to its fullest, reveling in the diversity of experiences the world provides rather than bolstering your own ego with thoughts that you are special.
"The fulfilling life, the distinctive life, the relevant life, is an achievement, not something that will fall into your lap because you’re a nice person or mommy ordered it from the caterer. You’ll note the founding fathers took pains to secure your inalienable right to life, liberty and the pursuit of happiness--quite an active verb, “pursuit”--which leaves, I should think, little time for lying around watching parrots rollerskate on Youtube."
We can all be exceptional by being relevant. Relevance comes in many forms. Fame, fortune, and degrees from the most competitive schools do not necessarily imply that you've made a difference.
What a great message that statistically we all regress to the mean and that it,s up to us to live life in ways that make an impact on everyone around us, leading to our own distinctiveness and satisfaction.
Now go make the best of your day, whatever that means to you!
David Jr. gave the commencement speech at Wellesley High School this year, delivering a sobering message.
"You are not special. You are not exceptional."
He noted that there are 37,000 valedictorians and that statistically the graduates of Wellesley High School are no different than those from countless other schools throughout the country.
His point was to live life to its fullest, reveling in the diversity of experiences the world provides rather than bolstering your own ego with thoughts that you are special.
"The fulfilling life, the distinctive life, the relevant life, is an achievement, not something that will fall into your lap because you’re a nice person or mommy ordered it from the caterer. You’ll note the founding fathers took pains to secure your inalienable right to life, liberty and the pursuit of happiness--quite an active verb, “pursuit”--which leaves, I should think, little time for lying around watching parrots rollerskate on Youtube."
We can all be exceptional by being relevant. Relevance comes in many forms. Fame, fortune, and degrees from the most competitive schools do not necessarily imply that you've made a difference.
What a great message that statistically we all regress to the mean and that it,s up to us to live life in ways that make an impact on everyone around us, leading to our own distinctiveness and satisfaction.
Now go make the best of your day, whatever that means to you!
Cool Technology of the Week
Running a farm on nights and weekends, I've had to learn an entirely different set of technologies i.e. what tractor technologies are needed to manage pasture, woodland, manure piles, hay etc? What chainsaw is the right balance between power and ease of use?
Two technologies I had not imagined I would need to master are clearing weeds on a massive scale and managing poison ivy by the ton.
For weed control (not poison ivy), the environmentally friendly and effective management tool is a modified flamethrower. I know that sounds very "Mad Max" but it works! I use the Red Dragon backpack model to keep my roads and paths clear of weeds. Heating weeds to the point that their cell membranes burst is quick, easy and safe - no need to actually burn the plant. In a few days the weeds disappear.
Poison Ivy is trickier. You do not want to burn Poison Ivy since the compounds that cause skin irritation cause respiratory distress if aerosolized in a fire. Although I really do not like to use herbicides of any kind, there is not much choice for clearing significant stands of poison ivy. Our tree specialist recommended that I use a Chapin backpack sprayer with a specialized nozzle that enables precise application. The poison ivy formula he recommended is 3 gallons of water, 7.8 ounces of RoundUp, and 4 tablespoons of Miracle Grow, applied in June when the leaves are fully grown but still tender. The Miracle Grow allows the use of 25% less RoundUp, which is better for the environment. Also, RoundUp is foliar, not soil- based, so there is less contamination. I carefully sprayed all our poison ivy last night and we'll see what happens.
Now that I've mastered weeds and poison ivy, I can turn my attention to electric fencing technologies this weekend - a blog post for next week.
Two technologies I had not imagined I would need to master are clearing weeds on a massive scale and managing poison ivy by the ton.
For weed control (not poison ivy), the environmentally friendly and effective management tool is a modified flamethrower. I know that sounds very "Mad Max" but it works! I use the Red Dragon backpack model to keep my roads and paths clear of weeds. Heating weeds to the point that their cell membranes burst is quick, easy and safe - no need to actually burn the plant. In a few days the weeds disappear.
Poison Ivy is trickier. You do not want to burn Poison Ivy since the compounds that cause skin irritation cause respiratory distress if aerosolized in a fire. Although I really do not like to use herbicides of any kind, there is not much choice for clearing significant stands of poison ivy. Our tree specialist recommended that I use a Chapin backpack sprayer with a specialized nozzle that enables precise application. The poison ivy formula he recommended is 3 gallons of water, 7.8 ounces of RoundUp, and 4 tablespoons of Miracle Grow, applied in June when the leaves are fully grown but still tender. The Miracle Grow allows the use of 25% less RoundUp, which is better for the environment. Also, RoundUp is foliar, not soil- based, so there is less contamination. I carefully sprayed all our poison ivy last night and we'll see what happens.
Now that I've mastered weeds and poison ivy, I can turn my attention to electric fencing technologies this weekend - a blog post for next week.
Our Cancer Journey Week 25
This week, Kathy got tattooed. Under the watchful eye of radiation oncology experts, 5 alignment dots were place on her body (2 ribs, 2 center line, 1 at the left breast) to ensure that her radiation treatments are consistently positioned.
Last week, we visited with her radiation oncologist and consented to treatment over the next 7 weeks. He wrote
"RECOMMENDATIONS: The patient is an appropriate candidate for breast-conserving therapy, which is her preference. In view of the complete pathologic response in the breast, we feel it reasonable to give axillary radiation therapy for regional control rather than to use axillary dissection. I explained the risks and benefits of this treatment to the patient. She agreed to proceed with radiation therapy. She signed the departmental consent form, a copy of which I gave her. Arrangements for radiation treatment planning and start date have been made."
The tattoos are barely noticeable - the size of comma. They were applied by placing pigment on the skin followed by a single needle poke at each site. No fashion statement, no body piercing!
She begins her daily radiation therapy on June 14. There will be direct radiation to the area of her left breast at the original tumor site and to the left underarm where a single lymph node with micrometastatis was found.
Her numbness is slowly improving but her feet continue to hurt after a few hours running around the farm.
She also had a surgical followup appointment this morning. Her surgical outcome was so good that there is virtually no lasting evidence of the trauma her body has experienced over the past 6 months. As her radiation oncologist wrote
" The left breast has a well-healed circumareolar scar with some volume loss, postoperative induration, and edema. There are no suspicious masses or skin lesions. There is no arm edema, and range of motion is normal. "
At this point, her surgical treatment is done and she'll followup with her surgeon after a mammogram in 6 months to ensure all is well.
She'll followup with her Oncologist next month to begin a 5 year course of Tamoxifen (anti-estrogen, given that her tumor was estrogen sensitive)
With chemotherapy and surgery behind her, all that remains ahead is 7 weeks of radiation therapy, 5 years of anti-estrogens, and continued check in with her care team to ensure Kathy remains a cancer survivor for many years to come!
Last week, we visited with her radiation oncologist and consented to treatment over the next 7 weeks. He wrote
"RECOMMENDATIONS: The patient is an appropriate candidate for breast-conserving therapy, which is her preference. In view of the complete pathologic response in the breast, we feel it reasonable to give axillary radiation therapy for regional control rather than to use axillary dissection. I explained the risks and benefits of this treatment to the patient. She agreed to proceed with radiation therapy. She signed the departmental consent form, a copy of which I gave her. Arrangements for radiation treatment planning and start date have been made."
The tattoos are barely noticeable - the size of comma. They were applied by placing pigment on the skin followed by a single needle poke at each site. No fashion statement, no body piercing!
She begins her daily radiation therapy on June 14. There will be direct radiation to the area of her left breast at the original tumor site and to the left underarm where a single lymph node with micrometastatis was found.
Her numbness is slowly improving but her feet continue to hurt after a few hours running around the farm.
She also had a surgical followup appointment this morning. Her surgical outcome was so good that there is virtually no lasting evidence of the trauma her body has experienced over the past 6 months. As her radiation oncologist wrote
" The left breast has a well-healed circumareolar scar with some volume loss, postoperative induration, and edema. There are no suspicious masses or skin lesions. There is no arm edema, and range of motion is normal. "
At this point, her surgical treatment is done and she'll followup with her surgeon after a mammogram in 6 months to ensure all is well.
She'll followup with her Oncologist next month to begin a 5 year course of Tamoxifen (anti-estrogen, given that her tumor was estrogen sensitive)
With chemotherapy and surgery behind her, all that remains ahead is 7 weeks of radiation therapy, 5 years of anti-estrogens, and continued check in with her care team to ensure Kathy remains a cancer survivor for many years to come!
The Summer of Compliance
I was recently asked at a conference - "What is your most significant concern right now?" I answered "As a clinician and informatics leader, I worry about delivering care in the healthcare reform world of global capitation - we need to increase the value (quality/cost) of the services we provide. However, as a CIO, it's the mounting regulatory and compliance pressures that keep me up at night. They will require a level of resources and focus that will reshape my plans for the next year or more."
The compliance work we're kicking off this Summer includes:
*An enhanced encryption program to ensure all personal laptops/tablets that access hospital systems are encrypted.
*An enhanced mobile/BYOD program that ensures all personal smartphones that access hospital systems are password protected, have timeouts, and encrypted as technology permits
*An enhanced learning management infrastructure so that every person in the BIDMC ecosystem can be held accountable for completing training requirements, including security and compliance topics. Creating this infrastructure requires a new level of identity management that captures roles and characteristics for employees, volunteers, board members, and contract workers.
*Enhanced Conflict of Interest reporting including the management tools needed to followup on any disclosed conflicts
*A comprehensive audit of our security program and polices - where are we "standard practice" and where are we "best practice". What gaps do we need to close?
Earlier this week I submitted my capital requests for FY13 and over one third of my budget is for security and compliance related projects.
I've dubbed June 21-Sept 21, 2012 as the "Summer of Compliance". My hope is that we'll enter the Fall with reduced risks and a technology foundation that not only meets our regulatory needs but also further ensures we respect the privacy preferences of our patients.
The compliance work we're kicking off this Summer includes:
*An enhanced encryption program to ensure all personal laptops/tablets that access hospital systems are encrypted.
*An enhanced mobile/BYOD program that ensures all personal smartphones that access hospital systems are password protected, have timeouts, and encrypted as technology permits
*An enhanced learning management infrastructure so that every person in the BIDMC ecosystem can be held accountable for completing training requirements, including security and compliance topics. Creating this infrastructure requires a new level of identity management that captures roles and characteristics for employees, volunteers, board members, and contract workers.
*Enhanced Conflict of Interest reporting including the management tools needed to followup on any disclosed conflicts
*A comprehensive audit of our security program and polices - where are we "standard practice" and where are we "best practice". What gaps do we need to close?
Earlier this week I submitted my capital requests for FY13 and over one third of my budget is for security and compliance related projects.
I've dubbed June 21-Sept 21, 2012 as the "Summer of Compliance". My hope is that we'll enter the Fall with reduced risks and a technology foundation that not only meets our regulatory needs but also further ensures we respect the privacy preferences of our patients.
A Night at the NERD Center
Last evening, I spent 3 hours at the Microsoft New England Research and Development (NERD) Center, listening to the pitches of 5 entrepreneurs in an "American Idol" type setting as one of the judges.
The first presentation was from ASP.MD, which offers a low cost, full featured, software as a service practice management system and electronic health record. Today, they have 500 clinician clients (1800 users) and are profitable. They pioneered a thin client, software as a service, AJAX-enabled medical record that is highly configurable and available for less than $200/month. The presentation was impressive and the usability of the software looks very good. I was concerned about their ongoing support for paper-based workflows (ordering, scanning, printing, and routing documents), but they explained this as a transition strategy for late adopters of EHRs who are unwilling to start with completely electronic transactions.
The second presentation was from Soltrix Technolgy which has created tools for patient satisfaction measurement, turning PDF submissions intro structured data capture. My concern was that their presentation focused on the technology of forms creation and submission rather than the validation of customer satisfaction measurement instruments and the analytics necessary to ensure the data is interpretable.
The third presentation was from HomMed, a division of Honeywell. The presentation their LifeStream Remote Patient Care System for monitoring and tele health. Previously was visiting nurse, now chronic disease management (vitals, symptom, video) and tomorrow portfolio of monitoring devices/decision support/education. My comments included the need to target their sales model to emerging ACOs which are now responsible for wellness and continuous monitoring rather than encounter-based illness.
The fourth presentation was from Ambio Health, enabling the wireless home. Their product suite includes motion sensors that use passive infrared technology (not cameras) monitoring activities of daily living in the family room, kitchen, bedroom or bathroom. They also support physiologic monitoring devices such as blood pressure cuffs, glucose measurement, and scale interfaces. A family care portal charts the patient's activity and device data. The portal also includes reminders, a care circle (social networking for communication about health related concerns), goals/rewards (gamification) and alerts to caregivers. My advice was to focus their presentation more on the clinical "pull" (the value for providers, patients and families) and less on the technology.
The fifth presentation was from PrescribableApps, supporting mobile health - customized smartphone application for doctors to personalize patient engagement in chronic care treatment. Features include self monitoring via text messages with cloud analytics and provider feedback. Studies (Group Health) demonstrated that 80% of patients in weekly communication with the care team had medication changed within 60 days verses 15% in usual treatment. My advice was to ensure that there is a more clearly stated value proposition for patients.
A great evening and an opportunity to share lessons learned in front line clinical practice with companies developing new products and services.
The first presentation was from ASP.MD, which offers a low cost, full featured, software as a service practice management system and electronic health record. Today, they have 500 clinician clients (1800 users) and are profitable. They pioneered a thin client, software as a service, AJAX-enabled medical record that is highly configurable and available for less than $200/month. The presentation was impressive and the usability of the software looks very good. I was concerned about their ongoing support for paper-based workflows (ordering, scanning, printing, and routing documents), but they explained this as a transition strategy for late adopters of EHRs who are unwilling to start with completely electronic transactions.
The second presentation was from Soltrix Technolgy which has created tools for patient satisfaction measurement, turning PDF submissions intro structured data capture. My concern was that their presentation focused on the technology of forms creation and submission rather than the validation of customer satisfaction measurement instruments and the analytics necessary to ensure the data is interpretable.
The third presentation was from HomMed, a division of Honeywell. The presentation their LifeStream Remote Patient Care System for monitoring and tele health. Previously was visiting nurse, now chronic disease management (vitals, symptom, video) and tomorrow portfolio of monitoring devices/decision support/education. My comments included the need to target their sales model to emerging ACOs which are now responsible for wellness and continuous monitoring rather than encounter-based illness.
The fourth presentation was from Ambio Health, enabling the wireless home. Their product suite includes motion sensors that use passive infrared technology (not cameras) monitoring activities of daily living in the family room, kitchen, bedroom or bathroom. They also support physiologic monitoring devices such as blood pressure cuffs, glucose measurement, and scale interfaces. A family care portal charts the patient's activity and device data. The portal also includes reminders, a care circle (social networking for communication about health related concerns), goals/rewards (gamification) and alerts to caregivers. My advice was to focus their presentation more on the clinical "pull" (the value for providers, patients and families) and less on the technology.
The fifth presentation was from PrescribableApps, supporting mobile health - customized smartphone application for doctors to personalize patient engagement in chronic care treatment. Features include self monitoring via text messages with cloud analytics and provider feedback. Studies (Group Health) demonstrated that 80% of patients in weekly communication with the care team had medication changed within 60 days verses 15% in usual treatment. My advice was to ensure that there is a more clearly stated value proposition for patients.
A great evening and an opportunity to share lessons learned in front line clinical practice with companies developing new products and services.
Living Things First
I recently posted a blog about the experience of moving.
The chaos of uprooting your household, changing your lifestyle, and disrupting your daily patterns can break your cadence. As you may have noticed last week, my blog posts were a bit delayed. My usual evening writing time was devoted to supporting my family and the living creatures on our farm as we continue to unpack and transition from suburban life in Wellesley to rural life in Sherborn, MA.
When I'm feeding the chickens, turning the compost, and repairing fences on nights and weekends, I've realized there are lessons learned for my work life.
Like so many things in the lifestyle that is being a CIO, it's all about triage. What must be done now? What can wait? How can you benefit the greatest number while doing the least harm?
I suggest focusing on living things first.
What does that mean?
When a plant needs water, time is of the essence. At some point, the plant will be so stressed that no amount of water can save it.
When a young animal is hungry and cold, it can begin to fade, exhausting its minimal reserves.
Similarly, the people in our work lives need our support and attention.
Budgets, strategic plans, policymaking, interviews, and innovation can wait. Patients, employees, and colleagues with urgent issues should not.
When I scan my email, I look for those issues that involve the well-being of the people I serve. Some of those emails ask for urgent help with challenging political issues. Some express anxiety or anticipation about upcoming meetings, complex projects, or new regulations.
I vow never to be the rate limiting step for people issues (or supporting any living thing). I'll rapidly respond with my best answer, even if a complete answer will take a few days to research. It's far easier to defuse an emotional situation or steer events back on course by acting rapidly instead of waiting for the situation to get worse.
As an emergency physician, I often make decisions with incomplete information and need to tolerate ambiguity. Focusing on the living things and keeping them stable in the golden hours when problems are still minor creates ample time for addressing less urgent issues when time permits.
Every ten years I reinvent my lifestyle - from entrepreneur, to winemaker, to Japanese flute player, to alpinist, and now to farmer. I expect the lessons learned from the farm over the new few years will make me a better technology leader. Even the few short weeks tending the chickens (photo of the coop we built is above) has given me the perspective of the importance of serving living things first.
The chaos of uprooting your household, changing your lifestyle, and disrupting your daily patterns can break your cadence. As you may have noticed last week, my blog posts were a bit delayed. My usual evening writing time was devoted to supporting my family and the living creatures on our farm as we continue to unpack and transition from suburban life in Wellesley to rural life in Sherborn, MA.
When I'm feeding the chickens, turning the compost, and repairing fences on nights and weekends, I've realized there are lessons learned for my work life.
Like so many things in the lifestyle that is being a CIO, it's all about triage. What must be done now? What can wait? How can you benefit the greatest number while doing the least harm?
I suggest focusing on living things first.
What does that mean?
When a plant needs water, time is of the essence. At some point, the plant will be so stressed that no amount of water can save it.
When a young animal is hungry and cold, it can begin to fade, exhausting its minimal reserves.
Similarly, the people in our work lives need our support and attention.
Budgets, strategic plans, policymaking, interviews, and innovation can wait. Patients, employees, and colleagues with urgent issues should not.
When I scan my email, I look for those issues that involve the well-being of the people I serve. Some of those emails ask for urgent help with challenging political issues. Some express anxiety or anticipation about upcoming meetings, complex projects, or new regulations.
I vow never to be the rate limiting step for people issues (or supporting any living thing). I'll rapidly respond with my best answer, even if a complete answer will take a few days to research. It's far easier to defuse an emotional situation or steer events back on course by acting rapidly instead of waiting for the situation to get worse.
As an emergency physician, I often make decisions with incomplete information and need to tolerate ambiguity. Focusing on the living things and keeping them stable in the golden hours when problems are still minor creates ample time for addressing less urgent issues when time permits.
Every ten years I reinvent my lifestyle - from entrepreneur, to winemaker, to Japanese flute player, to alpinist, and now to farmer. I expect the lessons learned from the farm over the new few years will make me a better technology leader. Even the few short weeks tending the chickens (photo of the coop we built is above) has given me the perspective of the importance of serving living things first.
Our Cancer Journey Week 24
Although I typically publish an update about our Cancer Journey on Thursdays, I'm publishing it on Friday because Kathy's radiation oncology planning meeting was scheduled for today.
As I noted last week, although she is in complete remission after chemotherapy and surgery, the reason for radiation therapy is to reduce the risk of breast cancer recurrence.
She'll receive radiation to the area of the left breast at the site of the original tumor as well as radiation to the axillary lymph node that showed micro-metastasis. On June 6, they'll complete the simulation, including placing small tattoos on her body to ensure consistent alignment of the equipment. On June 14, she'll begin treatment and continue with daily dosing 5 days a week until she completes 33 doses.
Accounting for vacations or scheduling issues, she should be done by August 1.
As part of her planning meeting, we reviewed all the risks and benefits of radiation therapy. Common short term reactions include redness/pain at the site of therapy (similar to a sunburn), skin darkening, tiredness, temporarily hair loss under the arm, and fleeting aches/pains in the breast. Uncommon short term reactions include skin blistering and low blood count. Common long term reactions include discomfort of the treated area, swelling, and skin changes. Uncommon/rare long term reactions include rib fractures, lung inflammation, nerve damage, inflammation of the lining of the heart (which is under the left breast), and tumors caused by radiation.
We signed the consent based on the great benefits (up to 60% reduction in recurrence likelihood) and acceptable common risks.
Kathy continues to do well - her hair is growing back, her energy is returning, and her neuropathy is improving. The numbness in her fingers is now pins/needles, and her feet hurt but she can complete all her planned activities without requiring pain medication.
For 20 years I've joked with Kathy that she should get a tattoo. Next week she gets several small ones (alignment dots). Not exactly edgy artwork nor the tattoos that we ever speculated she would get. However, they will be a lasting memory of our cancer journey and ensure her radiation dosing will be accurately targeted.
As I noted last week, although she is in complete remission after chemotherapy and surgery, the reason for radiation therapy is to reduce the risk of breast cancer recurrence.
She'll receive radiation to the area of the left breast at the site of the original tumor as well as radiation to the axillary lymph node that showed micro-metastasis. On June 6, they'll complete the simulation, including placing small tattoos on her body to ensure consistent alignment of the equipment. On June 14, she'll begin treatment and continue with daily dosing 5 days a week until she completes 33 doses.
Accounting for vacations or scheduling issues, she should be done by August 1.
As part of her planning meeting, we reviewed all the risks and benefits of radiation therapy. Common short term reactions include redness/pain at the site of therapy (similar to a sunburn), skin darkening, tiredness, temporarily hair loss under the arm, and fleeting aches/pains in the breast. Uncommon short term reactions include skin blistering and low blood count. Common long term reactions include discomfort of the treated area, swelling, and skin changes. Uncommon/rare long term reactions include rib fractures, lung inflammation, nerve damage, inflammation of the lining of the heart (which is under the left breast), and tumors caused by radiation.
We signed the consent based on the great benefits (up to 60% reduction in recurrence likelihood) and acceptable common risks.
Kathy continues to do well - her hair is growing back, her energy is returning, and her neuropathy is improving. The numbness in her fingers is now pins/needles, and her feet hurt but she can complete all her planned activities without requiring pain medication.
For 20 years I've joked with Kathy that she should get a tattoo. Next week she gets several small ones (alignment dots). Not exactly edgy artwork nor the tattoos that we ever speculated she would get. However, they will be a lasting memory of our cancer journey and ensure her radiation dosing will be accurately targeted.
Subscribe to:
Posts (Atom)