Tom Munnecke’s Eclectica

Here is  Wall St. Journal Op-Ed piece by Deborah Peel arguing that our medical records aren’t secure.

I did a video interview of her a while back:

She was watching a video I had posted earlier by Esther Dyson, who explained her reasoning about having her personal genome and medical records published openly:

These are two very intelligent, accomplished women, both of whom I have great respect. It’s amazing to see how diametrically opposed they are on the issue of patient privacy.

I stand somewhere in the middle between these two positions. The #1 thing to do, I think, is to reduce or eliminate the downside potential of getting medical information… reducing the risk involved lowers the cost of the security. This is not possible for all information, but we can do a lot to make this better.

I also take exception to Deborah’s use of “security” as if it is an absolute go/no go term. All security is a tradeoff between risk and reward. It is more a matter of how much someone is willing to pay to get the information. Security raises the cost of getting the information, but to have absolute security, we would have to shut down all access.

The other issue I think is relevant is that computer-based security systems can track who accesses the information, so there can be an audit trail that John Smith accessed Mary Jones’ record. With paper-based systems, John Smith can copy the record on a copy machine, slip it into his pocket, and walk out completely undetected.

I designed the information security systems for both the VA’s VistA and DoD’s CHCS systems, and defended the architecture to visitors in black suits, sunglasses and no names from unnamed agencies in the DC area – something out of a b-grade movie. These systems have been operational for over 20 years now, supporting about 10% of the US hospital information. To my knowledge, all privacy leaks have been from legitimate users leaking the data manually. I have not heard of any electronic attacks to get the data.

This might change, but at the moment, I think that the security risks are a people problem, not just a computer problem. The way forward, I think, is to mediate access to the medical record by a person-specific system. We need to have a personally controlled health record, something that I’ve been advocating for 15 years now.

Here are some comments Esther Dyson sent me after I posted this entry:

I wouldn’t say we are diametrically opposed. I published my *own* records, not other people’s…. I understand there are reasons many people want to keep them private, and they should have that right (and ability). At the same time, I think it’s more important to fix the system so that having your records leak out isn’t financially dangerous, even though it may still cause people genuine harm as a breach of privacy. (That will also reduce the incentive to use the records except as they apply to celebrities.)

so.. I think we should have good security. I think people should be able to decide for themselves what happens to their records. I do not think loss of privacy is the worst harm that could happen to someone… but people who disagree should be able to act on that belief. However, people who are willing to take that risk will benefit not only themselves – better support and treatment – but also others, when their data is used (under conditions they consent to, understanding that security is not perfect) as the basis for medical research.

I just ran across this disgusting article Favoritism fears halt major military health upgrade:

Work on a high-priority project to integrate the Pentagon and Department of Veterans Affairs health care systems has been delayed by up to two years because of a “potentially unethical” relationship between a government staffer and a contractor, according to an internal Pentagon report….

This month marks the 31st anniversary of the 1978 Oklahoma City conference that was the kickoff for the software architecture that lead to the current VA’s VistA system, the DoD Composite Health Care System (CHCS), and the Indian Health Service’s Resource and Patient Management System (RPMS).  (I have several boxes of papers from the conference that I am going to scan and post online Real Soon Now).  I took it as a given that we would design a single architecture that would seamlessly integrate all of the federal health IT systems.  I reviewed the state of the art in database management systems at the time, and rejected SQL as being too “pigeonhole” oriented… it expected everything to be nicely laid out in a predefined structure: a place for every datum and every datum in its place.  I used IBM’s IMS (Information Management System) as a counter example for the design of FileMan: whenever I was in a quandry about how FileMan should work, I asked myself, “How would IMS do it?” and then did it the opposite way.  We designed the Kernel architecture as a device- and vendor-independent layer built upon an amazingly simple core MUMPS technology: one data type, 19 commands, and 22 functions.

This approach was amazingly successful, it was eventually used in all federal health care facilities – about 10-15% of all hospital information systems nation wide.  By 1982, we were deploying the system throughout the VA, and in 1984, I implemented my first of many VA-DoD interfaces between the VA hospital at Loma Linda California and March Air Force Base in Riverside.   The system worked very well, and it only took a team of 2-3 programmers less than a year to make it happen. We had staffers from Congressman Sonny Montgomery’s office visit, and it became a major impetus to require one of the bidders for the DoD’s Composite Health Care System “fly off competition” to propose an adapted VA solution.  We had a similar integrated system operating at Fitzsimmons Army Medical Center in Colorado.

My first inkling of the power of the Beltway Bandits came when DoD hired a consultant from Arthur D. Little to study the system.  I discovered that they had a budget several times greater to STUDY the interface than I had to DO the interface.  And I wasn’t convinced that the study was necessarily looking for the benefits of the interface, but rather seemed politically motivated with “push polling” style of interview looking for the negative.

March AFB was closed down, and the interface forgotten.  After I moved to SAIC, I did another interface between the DoD (which went nowhere), and then set up a lab running an integrated version of VA, DoD, and Indian Health Services systems.  Again, this got nowhere.

Now that the interface had surfaced in the world of beltway economics, it rapidly escalated to a multi-million extravaganza.  I’m not sure of the cost of the GCPR (Government Computer Patient Record) in the mid 1990s to integrate the systems – it was in the hundreds of millions.

After 31 years now, I see a recurring pattern.  Someone in congress gets upset about the disintegration of VA and DoD information systems, and huffs and puffs about doing something.  The call hearings, and various secretaries and program managers pledge to make things happen.  Big bucks are allocated, committees are formed.  However, by the time it gets down to the worker-bee level, folks suddenly realize that if they integrate their information systems, their health care facilities might follow as well.

This violates Munnecke’s First Law of Bureaucracy: Never stand between bureaucrats and their retirement program.  Successfully integrating an interface between the VA and DoD – increasing efficiency – would result in someone losing their job security.  Bolixing up the interface, creating a backlog of work to do – decreasing efficiency – results in greater job security.  Meanwhile, the huffing and puffing at the top has been directed at other causes, and folks have probably moved on to other jobs.  And so the cycle continues.

Meanwhile, we pour more money down the drain, feeding the beltway, ethically or not:

the mishandling of the project has delayed the military’s effort by “a minimum of one year up to two year [sic]” and could leave the military with nothing to show for the $13 million it has already spent, the internal report says.

To further compound the problem, we are trying to interface other systems to the VA, such as the Kaiser-VA interface which strikes me as a very brittle architectural approach.  Now, all of VA is trusting all of DoD and all of Kaiser to do the right thing with their medical records.  The trustworthiness of the extended web of interactions is only as trustworthy as the weakest link.  And as we see here, weak links do appear.

The way out of this mess is to reframe our information architecture around the individual, not the enterprise, something that I concluded 10 years ago.  We should reframe health information technology around then notion of a Space, rather than an absurd presumption that we have a health care “system” akin to a car factory, taking in sick people and spitting out healthy ones at the other end.

I think that there are many foundation issues that need to be addressed regarding our health care system that are being ignored in the rush to “pave the cowpaths” of the very practices that most desperately need changing.

Imagine a group of thugs blocking entrance to a public park, forcing you to pay an admission fee to use it.  You’d be outraged: “How can this group block me, a taxpayer, from accessing a park also funded by taxpayers?”

Now, substitute “scientific knowledge” for “public park” and “scientific publishers” for “thugs” in the above example.  Want to read the latest research on positive psychology done at a public university under public funds? Chances are, that unless you belong to a university or have some other academic affiliation, you’ll have to pay a hefty fee.

What right do these publishers have to force me, a taxpayer, from freely accessing scientific knowledge that was performed at taxpayer expense at a public university? Is their behavior that much different than those gentlemen at the park collecting their admission fees?

This has happened to me.  One of the most influential papers I’ve ever read was Jonathan Haidt’s 2000 paper on The Positive Emotion of Elevation, and his suggestion that positive emotions could create an “uplift spiral” – of good things creating more good things in an ever-widening cascade of uplift.  I blogged about this in 2003 in About Schmidt, Elevation, and Poverty Porn and in 2002 in Positive Emotions.

At the time I posted these papers, the link was freely available to all.  Here is the version that was captured on the Internet Archives at the time.  However, after it was published freely, the American Psychology Association decided to move it behind their academic firewall.  If you want to read it, you will have to register with them, provide a credit card to pay $11.95, and agree to the conditions “I UNDERSTAND that further reproduction or distribution of downloaded content other than for personal use is not permitted without written permission from the American Psychological Association….  I UNDERSTAND that I am purchasing viewing rights to a single article for $11.95 and that those viewing rights will be in effect for 12 months from the date I download the article for the first time.”

This is a little like a book publisher printing in disappearing ink to maximize future sales.

Rather than acting as a promoter of scientific knowledge, APA is engaging in what economists call Rent Seeking, wallowing in the same economic gutters as illegal drug dealers, taxi medallion, bribery, and government corruption:

“In economics, rent seeking occurs when an individual, organization or firm seeks to earn income by capturing economic rent through manipulation or exploitation of the economic environment, rather than by earning profits through economic transactions and the production of added wealth.

Rent …  is obtained when a third party deprives one party to a transaction of access to otherwise accessible transaction opportunities, making nominally “consensual” transactions a rent-collection opportunity for the third party. The abnormal profits of the illegal drug trade are considered rents by this definition, as they are neither legal profits nor the proceeds of common-law crimes. Taxi medallions are another commonly referenced example of rent seeking….

Rent seeking is held to occur often in the form of lobbying for economic regulations such as tariffs. Regulatory capture is a related concept which refers to collusion between firms and the government agencies assigned to regulate them, which is seen as enabling extensive rent-seeking behavior, especially when the government agency must rely on the firms for knowledge about the market.

The concept of rent seeking has been applied to corruption by bureaucrats who solicit and extract ‘bribe’ or ‘rent’ for applying their legal but discretionary authority for awarding legitimate or illegitimate benefits to clients.^[6] For example, many tax officials take bribes for lessening the tax burden of the tax payers. Faizul Latif Chowdhury suggested that ‘bribery’ is a kind of rent-seeking by the government officials.

Yes, the paper is available through a separate “request this paper” transaction at Haidt’s web site.  But this does not allow me to link directly to the information, nor does it provide access in the future if he’s no longer around to personally send copies.  It does not allow a permanent name or identifier (the DOI, for example).  If we are to support a “web of knowledge” we can’t have each node in the web setting up toll booths to rent access to information.  Paper-based authors, bloggers, email writers, twitterers or whatever should be able to freely link to scientific information or portions thereof (e.g. the Methods section)

Locking up scientific papers into obscure, restricted access web sites not only restricts access to those specific papers, but it also damages the connectors between those dots.  People all over the world are used to seeing a web page with a hyperlink to another page, which is instantly available. Why should scientific knowledge be locked up in this maze of proprietary, outrageously expensive links?

I once wrote a chapter for a Springer Verlag book, Person-Centered Health Records : Toward HealthePeople, edited by Demetriades, Kolodner, and Christopherson. I didn’t receive any royalty, nor did the other authors.  We had an editor who chased the authors into submitting their material, and did light copy editing, whom I presume was paid.  The book hit the shelves for $88.  Where did the money go?  How can Springer-Verlag impose these fees on people?

I’m sure that this is a hot topic in many places, but I think its time for the public to confront the bullies who are keeping the public from publicly supported research.  Enough is enough!  The results of scientific publishing should be open, freely, and permanently available to all.  Period.

Here are some things that I’ve seen relating to open publishing:

UC Riverside (my alma mater)  physicist John Baez’ response to this situation:

1. Don’t do free work for overpriced journals (like refereeing and editing).
2. Put your articles on the arXiv before publishing them.
3. Only publish in journals that let you keep your articles on the arXiv.
4. Support free journals by publishing in them, refereeing for them, editing them… even starting your own!
5. Help make sure free journals and the arXiv stay free.

The Open Access Scholarly Publishing Association

And here is an interesting slide show to Free the Facts by Dave Gray:

Dear President Obama,

I just read your speech, The Care They Were Promised and the Benefits That They Have Earned:

I can’t tell you how many stories that I heard during the course of the last several years, first as a United States senator and then as a candidate, about veterans who were finding it almost impossible to get the benefits that they had earned despite the fact that their disabilities or their needs were evident for all to see.

As someone who worked within the VA for 8 years, and as a consultant to it for some time after that, I think you should understand the distinction between the VA’s health care and benefits groups.  The health care system, driven by a computer system called VistA, has earned many accolades as an advanced health information system.  (See Philip Longman’s Best Care Anywhere)

The benefits side of VA – that source of the eligibility determination mess – has been an organizational swamp ever since I can remember.  The problem is not computers, but basic bureaucratic incompetency fueled by an OMB process that rewards incompetent, inefficient workers with larger staffs and corresponding promotions and job security.  If they automated their systems to become more efficient, they would lose staff, job security, and bureaucratic turf.  This is the core problem, not “computers.”

Please DO NOT confuse administrative information with medical information.  One of the reasons that we were able to succeed with the medical information aspects of VistA was that we did not focus on billing or adminstrative data.  We started with a medical record model and focused on that.

Rather than tethering VA’s medical record system to the benefits administration swamp and the DoD’s AHLTA fiasco, I think you should consider it part of a larger scheme of a Health Communication System.

And hold VA employees responsible for the mess that they have been perpetrating on our veterans for the last 30-40 years or so.  Let’s start with the promise of a 25% reduction in force in the benefits staff if they do not clear up their eligibility determination workflow to a reasonable level by December 2010.

P.S. In reward for my work as one of the initial designers of the VA VistA system, I was downgraded.  It seems that I was working with peers across the VA, rather than building a pyramid under me.

Perhaps some reform with OMB personnel regulations might be more fruitful than forcing computer systems on bureaucrats who don’t want them.

I just read the Obama press release for the Joint Virtual Lifetime Electronic Record

Today, the President, along with Secretary Gates and Secretary Shinseki, announced that the Department of Defense and the Department of Veterans Affairs have taken the first step in creating a Joint Virtual Lifetime Electronic Record.  Currently, there is no comprehensive system in place that allows for a streamlined transition of health care records between DOD and the VA.  Both Departments will work together to define and build a system that will ultimately contain administrative and medical information from the day an individual enters military service throughout their military career, and after they leave the military.

This has been my briar patch for over 30 years now, as one of the chief software architects of both the VA’s VistA (DHCP) as a VA employee and the DoD’s Composite Health Care System as an employee of SAIC, the prime contractor.

This sounds like a good idea on the surface, and its the first time I’ve seen this at the executive, rather than huffing and puffing from the hill. (About every 10 years, someone gets excited about this issue, but then it gets bogged down when the mid-level bureaucrats on both sides realize that doing it would cause them to lose turf.)

Some questions, however;

Why “Virtual?” – This should is the “real” record. The ep

Why limit this to just active military and veterans? – There is a core cloud of data that is remarkably common to them both, despite the agency’s pleas of uniqueness.  Yes, Air Force has “flight status” that the Army doesn’t have, but the fact is that the architecture needs to adapt to these things and many others.

This should be part of a Universal Health Dashboard for health communications for all Americans, not just the military, focused on health communications.  The medical record is but one form of communication, but it is a minor portion of the overall communications required.  I learned about how critical communications in health care was when I wrote the original MailMan system (no relation to the Python list manager of the same name) in Vista and CHCS – about 25% of the hospital’s transactions turned out to be mail, rather than data-oriented transactions.

This should be based on an evolutionary network approach, rather than a brittle, specifications-driven model that assumes that folks in Washington know today precisely what is needed in the future.  DHCP (VistA) was designed to be an evolutionary system, a fact that seems to be lost to some of the proposals I’ve seen today.

This should be based on FOSS – Free and Open Software.  This will send the industry into a catatonic fit, but I think it imperative that we have an open, scalable, foundational approach to our software design.  This also violates many principles of Vendor Friendly Contracting, so its quite an uphill battle.

This should be the core of health care reform effort in the US, a truly patient-centered platform that puts the patient at the center of the health communications universe.  Providers should be tethered to patients (at their discretion), rather than the perverse model of tethering the Personal Health Record to the capturing Provider.

See my 1999 comments on the Personal Health Record.

(Tip of the Hat: This post came out of a conversation with Heather Wood Ion about health care reform)

One of the most critical issues facing our health care reform efforts today is how information technology will relate to it.  Since I’ve been running around the Health IT briar patch for three decades now, I’ve seen wonderful examples of successful (VA’s VistA), featured in Philip Longman’s Best Care Anywhere as well as an endless stream of failures (Kaiser Permanente threw out a $1.5 billion effort to automate its hospitals; DoD has spent $4 billion on its AHLTA system that is so bad that it is cited as the third most frequent reason causing docs to leave military service.)

Lesson Learned:  Throwing money at a hospital information system does not guarantee it will work.  It is the conceptual foundations of the approach and the organizational readiness to change that are the most critical factors.

I am concerned about much of what I read about the Health IT spending – and the assumption that $20 billion or $100 billion stimulus will result in a viable national health information network.  There is very little empirical evidence that these assumptions are reasonable.  Even more so, the system that we might end up with risks severe negative consequences to the our health care system (see AHLTA is Intolerable)  We run the very real risk of a system that falls behind in practice, yet is propped up by bureaucratic inertia and the assumption that “$100 billion can’t be wrong.”  France faced a problem like this as they supported a “MiniTel” system as a kind of dedicated telephone-keyboard-yellowpages service to all customers just as the World Wide Web was taking off.  The French ended up with a closed, expensive, slow system even while the web offered an open, inexpensive, high speed solution which set them back billions of Francs and years of technology advance.

I believe that we should drive our health care reform from an information technology perspective.  This was my goal in working with the original VistA system for the VA – overcoming all the bureaucratic “stovepipe” divisions by introducing decentralized information systems.  We are seeing today only the tip of a huge iceberg in terms of the amazing advances in computing, communications, telemedicine, lab-on-a-chip, genomics, etc.

The status quo is not going to be happy about all these changes.  Clinical laboratories are not going to be happy about inexpensive home use of lab-on-a-chip diagnositic tools.  Audiologists who sell $3600 hearing aids (using today’s $20 chips) with complicated fitting procedures are not going to be happy with the $100 self-fitting aids.  Optometrists are not going to be happy with over the counter eyeglasses that would allow Wal Mart customers to insert blank lens into a machine, tweak the dials until they see best, press a button, and walk off with a new set of glasses that work exactly how they want for $20.

Disruptive innovation is by definition not welcome to the status quo, but it is a necessary task of innovation and growth.  The automotive industry was not invented by the buggy-whip manufacturers.  And if they held sway in controlling the transportation industry, we would never have evolved past the horse-and-buggy.

A key issue in the coming heath IT/health care reform is the role of the Personal Health Record (PHR).  I’ve been advocating a PHR-based approach for 10 years now   The question to be resolved is how this is to be structured: is the personal health information tethered to a specific enterprise, or is it the other way around.  Why not make the patient the center of the health care universe, and tether the providers to them?

This is disruptive innovation at its best.  Imagine having a Universal Health Dashboard for every American.  They would be able to see all of their health information, and see who has been accessing it.  Patients could see if their doc looked at the lab tests from last visit; docs would know that their patients would see if they’ve ignored their tests).  Enterprise health records would appear as folders on the individual’s dashboards, just part of a much larger Health Communication System.

Here are some papers I’ve written in the past:

See Concepts of the Data Vault

HealthSpace

Health and the Devil’s Staircase

Ensembles and Transformations

and Many More

Here are some comments to Peter Groen asking for comments on the future of health care information technology (see end of message for details)

Peter, this is all interesting research… 2040 is as far from now as the initial 1978 Oklahoma City VA/DoD/IHS meeting was in our past.

In looking back at the trajectory from 1978 to now, I think that some of my key lessons learned are:

Future Binding. When I designed MailMan in the early 1980′s, I knew that the Internet was coming, and spent a lot of time talking to folks at ISI in Marina Del Rey, who were just developing the SMTP mail protocol, (Jon Postel, in particular).  However, I had only a very primitive IDCU communications infrastructure to work with.  So, I designed MailMan as if it had access to the internet using TCP/IP, and then built a protocol (SCP) that emulated it in whatever form was available over time.  The MailMan handshake would figure out the best performing mutually understood protocol, and so the network could “ratchet up” to higher and higher performing protocols in a self-organizing manner.   I think the process worked pretty well, and it got me started thinking about how one builds systems that are bound to the future (rather than the past).  We could think of Cobol as an early binding language, MUMPS as a late binding language, and the MailMan technique as a future binding approach. Continue Reading »

This is a very big rock that I’m pushing up a very big hill, but I guess I try it one more time.

I just ran across this hearing announcement from the House Armed Services Committee:

“The Joint Military Personnel and Terrorism, Unconventional Threats and Capabilities Subcommittees will meet to receive testimony on Department of Defense Health Information Technology: AHTLA is “Intolerable,” Where Do We Go From Here?”

Continue Reading »

In the late 1990′s I was involved with a group called Vvaleo formed by Dee Hock (founder of Visa International and proponent of “Chaordic” organizations) Rob Kolodner (then of the VA), David Cooperrider (CASE, founder of Appreciative Inquiry), Tom Garthwaite (head of VA health care), Heather Wood Ion (then CEO of Visiting Nurses Association of Orange County), Don Lindberg (National Library of Medicine) and others.

www.flickr.com More of munnecket’s stuff tagged with vvaleoinitiative

Heather Wood Ion and I were seeking to apply Jonas Salk’s ideas about creating an Epidemic of Health (this was the last paper he edited before he died.)  Reframing health care to the positive – creating a viral expansion of positive, health-inducing and supporting ideas, activities, technologies, and support structures is a fundamentally different framework than seeking out what’s wrong and how to fix it.  This was my first exposure to David Cooperrider’s notion of Appreciative Inquiry (Thanks David), and it really rang true to my thinking about what I called “benegnosis” (a way of understanding by what is positive) in contrast to “malgnosis” (a way of understanding by what is failing). The Vvaleo group had a few interesting meetings and support from the VA as well as the Fetzer Institute.  David also invited me to the Images and Voices of Hope meeting at Peace Village in Haines Falls, NY.

We developed an Appreciative Inquiry Living Dialog to Support Health Care to support the ideas.  The idea petered out in time (a story in itself – coming soon).  But I think it is a good framework upon which to rethink health care reform ideas, and to lift our thinking above the “disease industrial complex” which is so prevalent in today’s climate.  I think that this also has a lot of relationship to the National Health Information Network, an effort now headed by Valeo founder Rob Kolodner.  After 30 years of tilting windmills with Rob in the VA VistA (then DHCP), then Vvaleo, and now the National Health Information Network, I think he is in a unique position to understand the role of Information technology and how it can lead, rather than follow, organizational reform.