I think the collective awe of health care aficionados at the Open Source Convention came
to a focal point during our evening Birds of a Feather session, when
open source advocate Fred Trotter, informally stepping in as session
leader, pointed out that the leaders of key open source projects in
the health care field were in the room, including two VistA
implementors (Medsphere and WorldVistA), Tolven, and openEMR–and not to forget two other
leading health care software initiatives from the U.S. government, CONNECT and NHIN Direct.
This meeting, which drew about 40 doctors, project leaders,
programmers, activist patients, and others, was the culmination of a
full day of presentations in the first track on health care at an
O’Reilly conference. The day’s sessions unveiled the potential of open
source in health care and how dedicated implementors were making it a
reality, starting with an scene-setting talk by Tim O’Reilly that
attracted over 75 people and continuing through the next seven hours
until a dwindling hard core delayed drinks and hors d’oeuvres for half
an hour to hear a final late talk by Melanie
Swan on DIYgenomics.
Nine talks representing the breadth of a vital programming area can’t
be summarized in one sentence, but for me the theme of the day was
open source advocates reaching out to solve pressing problems that
proprietary vendors will not or cannot address.
Tim O’Reilly’s talk laid out key elements of the health care
revolution: electronic records, the quantified self (measuring one’s
bodily activities), and the Internet of things that allows one to track
behavior such as whether a patient has taken his medicine.
Talk to me
We were honored to have key leaders from Health and Human Services
speak at today’s conferences about its chief open source projects. David
Riley and Brian Behlendorf (known best for his work on Apache)
came from the Office of the National Coordinator along with lead
Malec to show us the current status and–most exciting–the future
plans for CONNECT and NHIN Direct, which are key pieces of the
Administration’s health care policy because they allow different
health care providers to exchange patient information securely.
I have written
recently about “meaningful use” for health care records. Malec
provided a homespun and compelling vision of the problems with the
current health care system: in contrast to the old days where doctors
knew every patient personally, modern health care is delivered as
episodic interventions. As Fred Trotter said in his talk, we’ve
reached the limit of what we can achieve through clinical efforts.
Doctors can do miracles compared to former times, but the problems we
suffer from increasingly call for long-range plans. Malec said that
health care systems need to remember us. That’s what
electronic health records can do, combined with the data exchange
protocols provided by NHIN.
Riley, in what is likely to be one of the most revisited talks of the
conference–yes, we recorded the sessions and will put them
online–rapidly laid out the architecture of CONNECT and what’s
planned for upcoming releases. Requests between agencies for health
care data have gone from months to minutes with CONNECT. Currently
based on SOAP, it is being refactored so that in the future it can run
over REST, XMPP, and SMTP.
NHIN Direct, the newer and more lightweight protocol, is also based on
digital certificates and uses S/MIME with SMTP over TLS. Parties can
do key exchange themselves or work through a trusted third party. It
seems to me, therefore, that CONNECT and NHIN Direct will eventually
merge. It is as if the NHIN Direct project was started to take a big
step back from CONNECT, look at what it achieved for the government
agencies that produce or consume health care and how the same benefits
could be provided to health care providers all over the country, and
to formalize an architecture that would become the new CONNECT.
NHIN Direct is an even more impressive case of open government and
collaborative development than CONNECT. The public was involved from
the earliest design stage. Some people complained that established
vendors bent the process to preserve their advantages, but they
probably had less success this way than if HHS followed normal
government procedures. NHIN already has reference implementations in
Java and C#. If you’re inspired to help bring health records to the
public, you can read the wikis and attend some training and contribute
reference implementations in your language of choice.
In addition to supporting the NHIN Direct protocol, some of the
upcoming features in CONNECT include:
Identity management services. This will probably be based on a
voluntary patient identifier.
Support for meaningful use criteria.
Support for structured data, allowing the system to accept input in
standards such as the CCR or CCD and populate documents. One feature
enabled by this enhancement will be the ability to recognize sensitive
health data and remove it before sending a record. (CONNECT can be
used for all health-related data, not just personal medical records.)
Moving to the Spring Framework.
Riley has done some pretty rigorous cost analysis and determines that
careful management–which includes holding costs down and bringing
multiple agencies together to work on CONNECT–has reduced development
costs from over 200 million dollars to about 13 million dollars.
Recent code sprints drew heavily from community volunteers: 4 or 5
volunteers along with 12 contractors.
In an overview
talk, Deborah Bryant of OSU Open Source Lab raised the issue
continuity in relation to NHIN and CONNECT. Every open source project
has to figure out how to keep a community of volunteers interested so
that the project continues to evolve and adapt to changing
circumstances. Government-backed projects, she admitted, provide
funding over a sustained period of time, but this does not obviate the
need for community management.
In addition, CONNECT is run by a consulting firm with paid contractors
who have to learn how to accept community input and communicate with
outsiders. Behlendorf said that simple things like putting all code
in Subversion and all documentation on a wiki helps. Consultants are
also encouraged to request feedback on designs and to talk about the
goals of sprints as far as possible in advance.
IntraHealth International manages the basic health care resource:
The problems of the developing world were represented most directly by
the open source human resource information system IntraHealth International,
Carl Leitner. IntraHealth International helps many Sub-Saharan and
South Asian countries manage one of their most precious and dwindling
resources: health care professionals. The system, called iHRIS lets
individual hospitals as well as whole nations determine where their
most pressing staffing needs lie, break down staff by demographic
information such as age and gender (even language can be tracked), and
track their locations.
Training is one of the resources that must be managed carefully. If
you know there’s a big gap between the professionals you need and ones
you have, you can direct scarce funding to training new ones. When
iHRIS records expenditures, what do countries often find? Some
administrator has splurged on sending himself to the same training
program over and over, just to get the per diem. Good information can
Open source is critical for a system like iHRIS, not just because
funds are scarce, but because localization is critical. Lots of
languages whose very existence is hidden from proprietary vendors need
to be supported. Each country also has different regulations and
conditions. IntraHealth International holds regular unconferences,
mentoring, and other forms of training in its target countries in the
hope of (in Leitner’s words) putting themselves out of business. Of
course, trained IT staff tend to drift into higher-paying jobs, so the
organization tries to spread the training over many people.
OpenEMR and Tolven
The overarching challenge for any electronic health record system, if
its developers hope it to be taken seriously over the next couple
years in the United States, is support for meaningful use criteria.
Proprietary systems have, for several decades, met the needs of large
institutions with wads of cash to throw at them. And they will gain
certification to support meaningful use as well. But smaller providers
have been unable to afford these systems.
The need for an open source solution with meaningful use certification
is pressing, and two project leaders of OpenEMR devoted their
talk to their push to make their system ready. They estimate that
they have implemented about 80% of the required functionality, but
more slowly than expected. Extraordinary measures were required on
Medical experts had to read thousands of pages of specifications as
they came out, and follow comments and debates to determine which
requirements would likely be dropped or postponed, so as not to waste
Contractors were hired to speed up the coding. Interestingly, the
spike in productivity created by the contractors attracted a huge
number of new volunteers. At one point openEMR became number 37 on
SourceForge in terms of activity, and it is still up around 190. The
project leaders had to upgrade some of their infrastructure to handle
an increased number of commits. They also discovered that lack of
documentation was a hindrance. Like the CONNECT team, they found that
maintaining a community required–well, maintenance.
Project leaders had to go to Washington and argue with government
bureaucrats to change requirements that would have essentially made it
impossible for open source projects to meet the meaningful use
requirements. They succeeded in removing the offending clauses, and
believe they were also responsible for winning such accomplishments as
allowing sites to certify modules instead of entire stand-alone
systems. Nevertheless, some aspects of certification require
contracts with proprietary vendors, such as lab interface, which is
done through a proprietary company, and drug-to-drug and
drug-to-allergy interactions, which require interaction with expensive
Tony McCormick pointed out that the goal of meaningful use
certification provided a focus that most open source projects lack.
In addition, the government provided tests (called scripts) that
served as a QA plan.
Meaningful use, as much as it represents an advance over today’s
health information silos, does not yet involve the patient. The
patient came to the fore in two other talks, one by Melanie
Swan on her company DIYgenomics and the other by Tom
Jones on Tolven.
Swan summarized the first two generations of DNA sequencing (which
went a bit above my head) and said we were on the verge of a third
generation that could bring full genome sequencing down to a cost that
consumers could afford. A part of the open science movement,
DIYgenomics helps patients combine with others to do research, a
process that is certainly less rigorous than controlled experiments
but can provide preliminary data that suggests future research. For
many rare conditions, the crowdsourced approach can fill a gap that
professional researchers won’t fill.
In addition to providing access to studies and some other useful
apps–such as one that helps you evaluate your response to
drugs–DIYgenomics conducts its own longitudinal studies. One current
study checks for people who do not absorb vitamin B12 (folic acid)
properly, a condition to which up to half the population is
vulnerable. Another study, for which they are seeking 10,000
participants, covers aging.
Jones’s talk centered on privacy, but spread its tent to include the
broader issues of patient-centered medicine. Tolven simultaneously
supports records held by the doctor (clinical health records) and by
the patient (personal health records).
In a system designed especially for the Netherlands–where privacy
laws are much stricter and better specified than in the United
States–Tolven stores medical records in large, centralized
repositories because it’s easier to ensure security that way. However,
strict boundaries between doctors prevent them from viewing each
other’s data. Even more significantly, data is encrypted during both
transmission and storage, and only the patient has the key to unlock
it. Audit trails add another layer of protection.
In this architecture, there are no release forms. Instead, the patient
explicitly approves every data transfer. (Patients can designate
special repositories to which their relatives have access, in case of
emergencies when they’re not competent to make the transfer.)
That was one day of health care at OSCon–two more are coming up. We
started our evening BOF with introductions, but more and more people
kept coming in the room, and everyone was so interesting that the
introductions ended up taking the entire hour allocated for the BOF.
The sense that our health care system needs to change radically, and
the zeal expressed to take part in that change, brought energy into
the room. This was a great place to meet like-minded people.