The recent work by the HIT Standards Committee requires the encryption of patient identified data on mobile devices (laptops, USB drives) to ensure confidentiality is protected. This is already required by the Massachusetts Data Protection Regulations.
At BIDMC, we use McAfee's Endpoint Encryption as our enterprise solution for encrypting mobile devices.
Though the product is good for the enterprise, there are alternatives for the home user (taking into consideration factors such as usability, supportability, performance, cost). For personal use, PGP Whole Disk Encryption is my cool technology of the week.
PGP Whole Disk Encryption provides continuous disk encryption for Windows and OS X, enabling data protection on desktops, laptops, and removable media.
The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption.
The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from being accessed by unauthorized users by disabling their ability to attack operating system–level authentication mechanisms. Once the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system.
PGP Whole Disk Encryption uses the Advanced Encryption Standard (AES), which is the standard recommended by HITSP and the HIT Standards Committee.
A personal encryption system for mobile devices that is compatible with all the privacy and security protections suggested by national committees to comply with ARRA/Meaningful Use requirements - that's cool.
sgshar
Jumat, 18 September 2009
Kamis, 17 September 2009
Traditional Japanese Clothing
This is another entry in my series about Kyoto.
Although I wear black in the office, at home I wear season appropriate traditional Japanese clothing.
Kyoto is a wonderful place for traditional crafts including fabric weaving, dying, and clothes making.
Here's a few of my experiences:
Samue - The most incredible fabrics and Indigo dyeing is done by Ken-ichi Utsuki, owner of Aizenkobo workshop, a traditional Japanese natural indigo dying and textile firm. He and his son fitted me with a Samue (Japanese workclothes for Zen monks and tradespeople). Indigo naturally repels mosquitos, and imparts a wonderful feel and odor to the fabric. I wear my samue while gardening, doing weekend chores, and while playing the Japanese flute.
Geta - Remarkable Japanese wooden sandals made from Kiri wood and Sugi (cryptomeria wood) are created by Kunimi Naito and her family in the Gion (Geisha) district of Kyoto at the Naito Geta shop (they do not have a website). They carefully studied my feet and are making a custom pair of geta for my 27cm western-sized foot. Standard geta available in tourist shops or online just do not fit my foot correctly because my arch is too high. Custom made geta are perfectly sized to my anatomy and enable me to walk comfortably. I wear Geta with my Samue.
Tabi - In Diane Durston's book, Old Kyoto, she highlights Fundo-ya, maker of custom tabi socks for Kyoto's kabuki actors and tea masters. If you use her book, note that the maps are wrong and that you should just find Fundo-ya by its address - Sakai-machi-kado, Sanjo-dori which means the corner of Sakaimachi and Sanjo street. Addresses in Kyoto are often very obscure, which was done purposefully to confuse invaders who might threaten the emperor/his resources when Kyoto was the capital of Japan. The owner of Fundo-ya carefully measured my foot and noted that I'm the largest Japanese size made - 27cm. Fundo-ya specializes in custom Tabi, so those with larger feet can be accommodated. I bought white and black Tabi to wear with my Geta.
Noragi - The clothing I wear most often around the house in the evening are traditional farmer's clothes. My favorite are Ikat Kasuri Hippari - Ikat Kasuri is a process of dying threads before they are woven. Hippari is a wrap around style of top. It's becoming increasingly hard to find antique traditional clothes in Japan, so I purchase them from 3 sources
Although I may be the man in black, you may find me on a mountain with a flute and Indigo dyed Samue or Ikat Hippari. Although there are other wonderful Japanese clothes - Kimono, Obi, Yukata, the clothes I've listed above are those that work best with my active lifestyle.
Rabu, 16 September 2009
The Draft FY10 IS Clinical Systems Plan
Every year, BIDMC IS leadership gathers input from all our governance committees to produce an IS operating plan. The Clinical Systems area is the most challenging since we need to balance limited resources with ever increasing demand. Here is the draft FY10 IS Clinical Systems Plan based on the priorities of all our stakeholders. You'll notice an emphasis on projects which support meaningful use criteria for 2011 and 2013, accelerate national standards implementation, and provide increased interoperability.
Inpatient/CPOE/Pharmacy
* Implement pharmacy, charging and other revisions to support Pharmacy 340B requirements.
* Complete implementation of CPOE for NICU
* Complete implementation of CPOE for ED
* Implement outpatient pharmacy for oncology/chemotherapy
* Enhance inpatient applications as prioritized by the Inpatient Clinical Applications Committee
* Expand project and application support for in-house developed systems
Ambulatory (webOMR is our self-built EHR)
* Complete referral tracking to “close the loop” for outpatient referrals
* Continue to develop and expand the roll out of test results tracking
* Expand the roll out of pharmacy-initiated renewals
* Enhance problem lists to improve user interface and support SNOMED-CT
* Support implementation of PatientSite Personal Health Record patient-provider encounter summary sharing (Open Notes)
* Pilot expanded healthcare information exchange technologies in Cancer Center to push outpatient notes to referring MDs
* Pilot online surgical booking orders
* Enhance webOMR as prioritized by webOMR Users Group
Clinical Documentation
* Develop a strategy, plan and timeline, in conjunction with Clinical Leadership, to implement meaningful use standards for 2011 and future years.
* Begin planning for acute care documentation, standardized problem list and eMAR
* Complete medication reconciliation modules
* Complete enhancements supporting multidisciplinary collaboration in discharge applications
* Continue expansion of NEHEN notification and communication systems
Operating Room
* Implement intra-operative documentation in PIMS (Perioperative Information Management System)
* Implement “sign out” and related safety enhancements in PIMS
* Enhance PIMS as prioritized by OREC (O.R. Executive Committee)
Health Information Management/Scanning
* Integrate scanned notes and reports in webOMR as prioritized by the webOMR Users Group
* Integrate faxed documents in PIMS to support Preadmission Testing and OR in managing documents faxed from external sites
Radiology
* Expand roll out of web-based report signing (currently in pilot)
* Develop a strategy for displaying preliminary reports (with Radiology)
* Implement multi-year roadmap to enhance our in-house developed RIS and optimize RIS-based workflow
* Continue project management and technical support for projects / enhancements as prioritized by department governance including:
* Installation of new Radiology modalities
* Image sharing with Children's hospital
* Needham Hospital PIX (Patient Identity Cross Reference system)
* Front-end Voice Recognition
* RIS/PACS integrator
* Nuclear Medicine enhancements / upgrades
Laboratory Information System
* Continue implementation of the Soft Laboratory system including:
interface development and testing
integrated test planning and execution
* Continued management of the application environment including software upgrades and implementation of a new server environment
Critical Care/Anesthesia
* Perform major upgrade to MetaVision (MV ICU) version 5.46
* Evaluate and implement MV ICU enhancements as prioritized by ICU governance
* Continue to support MV ICU Application Administrator activities until the role is fully transitioned to the department of Critical Care
* Develop a plan and budget for implementation of an enhanced Anesthesia
* Information Management system
* Support existing systems including Patient Safety Reporting System, OB-TraceVue, Transplant and Trauma Registry.
Cardiology
* Participate in planning, analysis, budget, and timeline development for:
Cath Lab Reporting
Vascular Reporting
* Continue implementing/supporting CVI Registries
* Support Apollo, MACLab/CardioLab and Echo
Enterprise Image Management
* Advance enterprise PACS efforts in conjunction with the IS infrastructure teams, including:
Provide consultative and project and technical management to Radiology, OB, GI, CVI and other medical center PACS projects as prioritized by the Enterprise PACS committee
Continue to explore strategy for Enterprise Archive management
* Complete CardioPACS Migration Including:
GemNet Upgrade
Echo DVD Migration
CVI Cath / Echo Web Images
Complete Radiology PACS Disaster Recovery
Support G-Care/G-Med
Radiation Oncology
* Continue project management and technical support for projects / enhancements as prioritized by department governance including:
* Completion of Mosaic Phase II (Digital Images)
* Implementation of Radiation-Oncology HIS/ADT Interface
* Upgrade Philips Pinnacle Treatment Planning System Workstations
* Upgrade Elekta CMS/Focal Treatment Planning System
* Support existing systems including: Impac, Cyberknife and associated treatment planning systems.
Infection Control Surveillance
* Develop plan and approach for implementation of infection control surveillance software
Ambulatory/Community EHR
* Continue to support efforts to implement the eClinicalWorks EHR to non-owned BIDPO clinicians
* Analysis and planning for BID Lab Results interface to BIDPO eClinicalWorks
* Migrate existing Logician practices to eCW as appropriate
* Analysis and planning for BID Radiology Results interface to the Fenway CHC
* Design and implement an online archive system for all Logician retired systems and practices.
* Support community systems
Decision Support
* Implement Performance Manager reports and dashboards as needed to support organizational needs.
* Implement clinical data marts as needed to enable quality measurement, pay for performance goals, and other decision support needs.
* Enhance the Community Provider Index to better support Health Information Exchange via NEHEN gateways.
* Implement enhancements to the Patient Activity Profile to support enhanced reviews required by JCAHO.
* Enhance SOAR (Accounts Receivable workflow) to support denial tracking and appeals workflow
* Explore the introduction of new Business Intelligence tools as funding permits
* Support Cactus and NEHEN Express users
Web Applications
* Continue to enhance the Adverse Events Manager as prioritized by Healthcare Quality.
* Continue the migration of account provisioning and metadirectory services to SQL Server and ASP.NET.
* Develop services to support document scanning, metadata capture, and document display.
* Continue to support implementation of a new BIDMC intranet portal
* Create web services as needed for integration of BIDMC applications and for interactivity with external collaborators
* Support PatientSite for clinicians and the end-user community
We're also updating our 5 year plan to reflect new ARRA priorities and new compliance requirements. I'll publish that soon.
Selasa, 15 September 2009
The Latest Deliverables from the HIT Standards Committee
Today, the HIT Standards Committee received the latest deliverables from its workgroups.
The Quality Workgroup presented its updated matrix of measures, data types and recommendations. Of the 29 measures listed, 17 are measures of quality which are being retooled by quality measure authors to be based on data elements captured in an EHR. Two are privacy/security related (Full compliance with HIPAA Privacy and Security Rules, Conduct or update a security risk assessment and implement security updates as necessary) and 10 are related to the adoption of EHR function (i.e. % of orders for medications, lab tests, procedures, radiology, and referrals entered directly by physicians through CPOE). The actual data standards needed to measure quality and the implementation guidance for these standards are summarized in the Clinical Operations matrix discussed below.
A very important discussion about quality measurement reporting is summarized on slide 3 in this presentation. There are a number of stakeholders for quality data exchange
Measure definition entities such as the National Quality Forum or its associated measure authoring groups.
Providers who record clinical data in electronic health records.
Data Collection Assistant entities such as Healthcare Information Exchanges which gather data from EHRs and transport it for a multitude of purposes.
Quality Report Processing entities such as registry providers, performance analysis companies, or specialty societies which gather benchmarking data.
Receiver entities which collect quality reports as part of a reimbursement process.
Among these stakeholders, you can imagine 5 kinds of data exchange
1. Transport of measure definitions from measure authors to all the other stakeholders
2. Transport of patient level quality data from EHRs to HIEs
3. Transport of data from HIEs to a quality registry
4. Transport of quality reports to CMS in patient level detail format
5. Transport of quality reports to CMS in summary (numerator/denominator) format.
The HIT Standards Committee has recommended standards for 2-5, but these standards have varying degrees of maturity. The work of the next several months will be to work with ONC, HITSP, and SDOs to fill gaps and accelerate adoption of the standards needed for these exchanges.
The Security Workgroup presented its latest standards selection, certification criteria, and implementation guidance. The first matrix includes functionality, standards, a timeframe for adoption, and certification criteria. The second matrix includes functionality, standards, implementation guidance, and gaps.
The importance difference in these documents from previous work is the reformatting to clarify where options exist – standards that are required jointly (standard A + standard B) and standards for which the implementer is given a choice (standard A or standard B)
The Clinical Operations Workgroup presented two matrices - a summary of the standards required for meaningful use (subject area, 2011 standards, 2013 standards, future trajectory) and the detailed implementation guidance (health outcomes priority, meaningful use measure, subject area, 2011 implementation guidance, 2013 implementation guidance, and future trajectory),
The standards selected do not vary significantly from previous matrices, but the implementation guidance is significantly expanded and clarified based on input from many stakeholders.
What are the next steps for the workgroups?
For privacy and security we will incorporate guidance from existing NIST documents regarding the capabilities required in products to implement the standards selected in a manner that supports security best practices.
For clinical quality we need to ensure all 5 transaction types (described above) among quality measurement stakeholders are supported
For clinical operations, we need to ensure vocabulary gaps are closed (Orderable laboratory compendium, SNOMED-CT subsets, SNOMED crossmaps to ICD-9, ICD-10 and LOINC. We need to provide additional guidance to support patient access to electronic records and work on implementation guidance for 2013 meaningful use measures.
As helpful background to all the HIT Standards Committee members, Lee Jones presented an overview of the implementation guidance efforts of HITSP which aim to provide as much specificity and as little optionality as possible, to enhance interoperability by reducing variably.
A very positive meeting. We have now provided all of this guidance to ONC and HHS as input to the interim final rule regulations which will be issued in December. I look forward to seeing those regulations as they represent the culmination of 4 years of HITSP work and nearly a year of HIT Standards Committee work.
I also know that there is much work to do providing the additional guidance necessary to achieve 2013 and 2015 meaningful use goals. Onward!
Senin, 14 September 2009
Security for Healthcare Information Exchange
In my role as vice-Chair of the HIT Standards Committee, I join many of the subcommittee calls debating the standards and implementation guidance needed to support meaningful use. Over the past few months, I've learned a great deal from the Privacy and Security Working group.
Here are my top 5 lessons about security for healthcare information exchange.
1. Security is not just about using the right standards or purchasing products that implement those standards, it's also about the infrastructure on which those products run and policies that define how they'll be used. A great software system that supports role-based security is not so useful if everyone is given the same role/access permissions. Running great software on a completely open wireless network could lead to compromise of privacy.
2. Security is an end to end process. The healthcare ecosystem is as vulnerable as its weakest link. Thus, each application, workstation, network, and server within an enterprise must be secured to a reasonable extent. Only by creating a secure enterprise can healthcare information exchange be secured between enterprises.
3. As stated in #1, policies define how security technology is used. However, the US does not have a single, unified healthcare privacy policy - we have 50 of them since state law pre-empts HIPAA. This means that products will need to have the technology capabilities to support heterogeneous policies. For example, a clinician may have simple username/password authentication, while a government agency might require a smart card, biometrics, or hardware token.
4. Security is a process, not a product. Every year hackers will innovate and security practices will need to be enhanced to protect confidentiality. Security is also a balance between ease of use and absolute protection. The most secure library in the world would be one that never checked out books.
5. Security is a function of budgets. I spend over $1 million per year on security work at BIDMC. Knowing that rural hospitals and small practitioners have limited budgets, we need to set security requirements at a pace they can afford. Imposing Department of Defense 'nuclear secrets' security technology on a small doctor's office is not feasible. Thus, the Privacy and Security Workgroup has developed a matrix of required minimum security standards to be implemented in 2011, 2013, 2015, realizing that some users will go beyond these minimums.
Privacy and Security is foundational to ARRA and Meaningful Use. Since patients will only trust EHRs if they believe their confidentiality is protected via good security, there will be increasing emphasis on better security technology and implementation over the next few years.
Although some may find increased security cumbersome, our goal of care coordination through health information exchange depends on robust security technology, infrastructure and best practices.
Jumat, 11 September 2009
Reflections on 9/11
My schedule for the next few days includes flights to Denver, Las Vegas, San Francisco and Washington.
I spent all of Thursday afternoon in Logan airport waiting for a delayed flight to take off.
What happened and what was the root cause?
My 2:45pm flight was originally reported on time. Then it became slightly delayed to 3:15pm because of a late departure of the inbound aircraft. Then it became indefinitely delayed due to a "mechanical failure" that occurred in flight. The only information given was that the plane would land, mechanics would diagnose the problem, and then propose a departure time based on their findings.
At 4pm, they announced that the problem would require a spare part to be flown in from Washington, which would arrive at 5pm and be installed by 6pm. A go/no go decision would be made at 6pm.
At 6pm the plane was fixed, but no one could find the pilots. They had checked into a hotel while waiting for the mechanics to finish.
At 6:30pm we boarded. At 7:15 pm we took off, a modest 4.5 hour delay.
We landed in Colorado at 9:30pm local time, I rented a car and drove to Keystone, CO for a keynote to the Colorado Hospital Association, arriving at midnight (2:00 am for me).
What was the root cause?
Since today is 9/11, it is important the we reflect on the downstream effects those events have had on all of us. 9/11 resulted in increased security, additional labor expense, and more financial pressure on the airlines. They downsized staff, planes, and schedules. They eliminated spare aircraft and reduced stocks of spare parts. The increase in energy costs exacerbated the situation - more overbooking, fewer seats, and less excess capacity to respond to cancelled/delayed flights. If a flight is cancelled, it can take a day or two to reroute passengers via other already overbooked flights.
In my case, all other flights to Denver on 9/10 were overbooked and could not accommodate standbys. No spare aircraft were available. The right spare parts were not stocked in Boston.
Not only did 9/11 have a devastating impact on the people involved and their families, it caused all of us to set different expectations for our ability to travel. My response to this is to offer words of kindness to the airline employees who are on the front lines responding to stressed passengers. I try to bring a sense of optimism to my fellow passengers and explain to them from all my experience traveling that the best approach is to wait for the repair even if that takes several hours. Trying heroic multi-airport rerouting rarely works or saves time. I try to turn my observations of the repair process into progress reports for those around me.
If you're traveling and you experience a delay or cancellation, be kind to the airline staff who are not empowered to fix the economic circumstances that caused the recalibration of the entire airline industry. Be optimistic and helpful with your fellow passengers. Stretch, have a cup of tea, and always bring a good book or computer to pass the time.
Our economy, national psyche, and travel flexibility have all been changed. Let's support each other to make the best we can from the series of events (9/11, energy prices, and the economy) we've been dealt.
Kamis, 10 September 2009
In Praise of Japanese Food
When you think of Japanese cuisine, what foods come to mind - sushi, sashimi, teriyaki?
Remember that Japan has long embraced Buddhism, a philosophy that includes vegetarian specialty foods.
When I think of Japanese cuisine here's what comes to mind:
Okara - to make tofu, soybeans are boiled and then ground to make soymilk which is then turned into tofu by adding nigari coagulant that produces "soy curds". The leftover ground soybeans are okara. It's a great dish served cold with mixed vegetables.
Yuba - when soy milk is boiled, a film appears on the surface, which can be served fresh or dried into sheets. This soymilk film is called yuba. It's high in protein and is a great chewy, flavorful dish served with a bit of soy sauce.
Fresh tofu - Kyoto has remarkable tofu restaurants. My favorite tofu restaurant, Kiko, sits a dozen people and is so hard to find that even the Japanese cannot locate it. Here's a hint - it's just south of Shijo-dori between the Kamagawa River and Kawaramachi-dori behind the Hankyu Department Store, 30 meters south of the Murakami-Ju Japanese pickle store. Above, I've included a picture of the noren, the curtain over the doorway, which is a painting school of minnows from the Kamagawa river. Their Aoi tofu (naturally blue green tofu) is remarkable.
Shojin Ryori is formal Zen Buddhist cuisine. My favorite Zen restaurants are adjacent to the Kiyomizudera temple in Southeast Kyoto and surrounding Nanzenji on the Philosopher's Walk in Northeast Kyoto.
During the summer, fresh cold somen noodles, such as those served at Shinshin-an in Kifune are truly refreshing. In Kifune, a mountain town north of Kyoto, you can eat on tatami mats suspended over the flowing river. The somen is sent from the kitchen in tubes that flow in front of you and you catch the noodles with your chopsticks as they pass by.
There are numerous great vegetarian Japanese sweets
*Momiji Manju, a maple leaf 'waffle' filled with beanpaste.
*Wagashi are Japanese sweets made from pounded rice and bean paste. Here's a photo of the sweets I made in Kyoto during a wagashi lesson arranged for my family by Michiko Yoshida
*Fu Manju (wheat gluten with azuki bean filling - buy it from Fuka on the Nishiki market street)
Other favorite Japanese foods are rice crackers (buy them from Funahashi-ya on the Sanjo bridge, but be careful with the Sansho pepper crackers which numb your tongue) and fresh pickles (buy from Murakami-Ju on Shijo dori)
Of course, Japan prides itself on seasonal specialties. During the Fall look for Matsutake mushrooms and during the winter enjoy boiled tofu (Yodofu)
I could easily retire to Kyoto and enjoy the multitude of vegan friendly cuisines for breakfast, lunch and dinner.
Next time you think of Japanese foods, realize that the American Japanese restaurant experience pales in comparison to the fresh, seasonal celebration of remarkable traditional foods available in Kyoto!
Langganan:
Postingan (Atom)