I was recently asked to comment about the resources needed to comply with the Privacy Provisions in the Stimulus Bill.
Here is a brief analysis from my Security Team:
ARRA has a provision that requires covered entities keep a list of all data disclosures to third parties and provide a comprehensive audit log to patients upon request. This tracking of third party data exchange is not currently part of HIPAA requirements and will require significant enhancement to our auditing systems, our patient services reporting tools, and our personal health records which give patient access to their own audit trails.
Based on at least one interpretation of ARRA, the covered entity must take responsibility for patient notification when third parties improperly disclose patient information. There does seem to be some variation in interpretation in this area.
ARRA specifies that disclosure of a record containing a name and medical information (John Smith, Hematocrit 37) is considered a breach. Massachusetts requires the name and at least one other identifiable piece of information (John Smith, 5/23/1962, Hematocrit 37). This could have significant implications since even simple audit logs could be considered restricted/confidential information.
ARRA provides some definition about the actual notification methods required. In breaches where the contact information of more then 10 individuals is not known the covered entity must post the breach on their web site. If the breach is of more the 500 records the covered entity must make a public disclosure to “prominent” media outlets. Prior to this the only obligation was to contact the individuals directly.
ARRA also includes some language that requires covered entities limit the amount and type of information shared with providers to be the minimum required for the business need. It also requires that if patients pay for services out of pocket that covered entities provide a way for the individual to request that no information relative to the treatment be transmitted to any provider.
Privacy is foundational and we certainly cannot argue with the need to keep information confidential per patient preferences. However, some of these provisions, such as the "out of pocket" clause will be extremely challenging to implement.
Over the next few months, HITSP is working on standards which will support these ARRA provisions, including web services using XACML, WS*, and TLS.
As HITSP moves to create a service oriented architecture, we will enhance our existing TN900 Technical Note to include services that could be used to document consent, apply privacy policies and consent to data flows, and transmit the minimum necessary data to authorized clinician via a workflow similar to that I described in a previous blog entry about patient privacy preferences.
The privacy provisions in ARRA will serve as a catalyst to improve the policies and technologies protecting confidentiality. This work, although expensive and time consuming, is required for patients to trust EHRs and Healthcare Information Exchanges.
Selasa, 31 Maret 2009
Senin, 30 Maret 2009
It's the Network
This week I went live with 1080p life size Teleconferencing in my home using Cisco Telepresence. I'll write an entire blog devoted to my experiences with it next weekend when I attend HIMSS virtually on April 5 from Boston.
To prepare for the installation of Telepresence, I wanted my home network to be as robust as possible, so I chatted with Verizon about upgrading my home FIOS connection to 20 megabits up/20 megabits down.
In the past I wrote about some of the challenges I had with my initial FIOS installation. I'm happy to report that Verizon has worked hard to improve their processes and now FIOS upgrades and support are well coordinated.
My experience with the upgrade felt like the "It's the Network" ads. I had a team calling me, the guy with glasses showing up at the door, and followup calls. The end result was a perfect 20/20 connection without interruption of my service.
The Cisco folks connected a Cisco 800 series router to my FIOS connection to ensure Quality of Service for the Telepresence device and to automatically create a VPN tunnel to the Cisco Telepresence Exchange.
As of today, my home telecommunications infrastructure is:
A Verizon Fiber connection from the street through a conduit to a home-based main distribution frame (MDF), in my basement, supported by a backup power supply.
A Cat 6 cable connects the Verizon infrastructure to the Cisco 800 series router which is connected to the Telepresence unit.
The Cisco 800 series is then connected to a Verizon provided router (Action-Tec) which connects to my network printer, an iMac 20, and my Apple Airport Extreme 802.11n wireless router.
My Airport Extreme provides 90 megabits/second wireless connectivity throughout my home and connects to my two Terabyte home storage cloud (a Western Digital MyBook Studio RAID 1 backup device)
Thus, in my basement I now have a communication infrastructure which is as good as many commercial sites - a 20 megabit connection with backup power, video teleconferencing, network printing, a cloud of network storage and 802.11n high speed wireless networking with WPA security.
We tested the jitter and latency of my home network on the Cisco Telepresence worldwide network. It was remarkably low, ensuring extremely high quality Telepresence performance. We connected to Telepresence engineers in North Carolina, California and Texas. The experience of home Telepresence matched that of every high end teleconference I've ever done - life sized 1080p with no pixelation and perfect sound quality.
In an era when we're all reducing our travel budgets and limiting our time away for the office, Telepresence is as good as being there.
For folks I've met before and already established a working relationship with, I cannot think of a reason to fly to a meeting when I have Telepresence.
Now, I'll have to work on my lecture schedule. Hopefully, the culture which demands a physical speaker at the podium will accept a virtual podium when it means I can lecture more frequently from my basement instead 24 hours of travel through Logan Airport.
To prepare for the installation of Telepresence, I wanted my home network to be as robust as possible, so I chatted with Verizon about upgrading my home FIOS connection to 20 megabits up/20 megabits down.
In the past I wrote about some of the challenges I had with my initial FIOS installation. I'm happy to report that Verizon has worked hard to improve their processes and now FIOS upgrades and support are well coordinated.
My experience with the upgrade felt like the "It's the Network" ads. I had a team calling me, the guy with glasses showing up at the door, and followup calls. The end result was a perfect 20/20 connection without interruption of my service.
The Cisco folks connected a Cisco 800 series router to my FIOS connection to ensure Quality of Service for the Telepresence device and to automatically create a VPN tunnel to the Cisco Telepresence Exchange.
As of today, my home telecommunications infrastructure is:
A Verizon Fiber connection from the street through a conduit to a home-based main distribution frame (MDF), in my basement, supported by a backup power supply.
A Cat 6 cable connects the Verizon infrastructure to the Cisco 800 series router which is connected to the Telepresence unit.
The Cisco 800 series is then connected to a Verizon provided router (Action-Tec) which connects to my network printer, an iMac 20, and my Apple Airport Extreme 802.11n wireless router.
My Airport Extreme provides 90 megabits/second wireless connectivity throughout my home and connects to my two Terabyte home storage cloud (a Western Digital MyBook Studio RAID 1 backup device)
Thus, in my basement I now have a communication infrastructure which is as good as many commercial sites - a 20 megabit connection with backup power, video teleconferencing, network printing, a cloud of network storage and 802.11n high speed wireless networking with WPA security.
We tested the jitter and latency of my home network on the Cisco Telepresence worldwide network. It was remarkably low, ensuring extremely high quality Telepresence performance. We connected to Telepresence engineers in North Carolina, California and Texas. The experience of home Telepresence matched that of every high end teleconference I've ever done - life sized 1080p with no pixelation and perfect sound quality.
In an era when we're all reducing our travel budgets and limiting our time away for the office, Telepresence is as good as being there.
For folks I've met before and already established a working relationship with, I cannot think of a reason to fly to a meeting when I have Telepresence.
Now, I'll have to work on my lecture schedule. Hopefully, the culture which demands a physical speaker at the podium will accept a virtual podium when it means I can lecture more frequently from my basement instead 24 hours of travel through Logan Airport.
Jumat, 27 Maret 2009
Cool Technology of the Week
Last Thursday, I flew to Houston to keynote Pri-Med and sat next to Kedaar Kumar, a composer and sound designer for Harmonix.While flying, we talked about my Shakuhachi playing and Zen ideals. Kedaar is also a vegan, shares many of my philosophies, and uses a unique IT approach to composing, called the Monome, which is my Cool Technology of the Week. The Monome is a hand finished wood block with 64 backlit buttons.
The device has a USB 2.0 interface supporting serial, midi and open sound control. The buttons can be configured as toggles, radio groupings, sliders, or organized into more sophisticated systems to monitor and trigger sample playback positions, stream 1-bit video, interact with dynamic physical models, and play games. Button press and visual indication are decoupled by design: the correlation is established by each application.
There are numerous applications which exercise the Monome as a simultaneous input and output device, including
* 64step is a versatile step sequencer aimed at fluid composition and editing.
* mlr is a sample-cutting platform intended for dynamic and performative live manipulation.
* life is an interactive version of conway’s original simulation.
* phoenix is a probabilistic arpeggiator with a drawable waveform.
All related software is open source. This includes the embedded code, routers (monomeserial, serialio and mapd), and applications.
Kedaar demonstrated 7up, an application written in Java that enables the Monome to communicate with any midi-enabled software synth. The primary goal of 7up is to create a self-contained music composition suite where all instruments/controls/samples/loops/etc are intuitively accessible from the Monome itself, eliminating the need to use software on the computer.
Here's a video of the Monome in use.
It's a remarkable bit of engineering and one of the most creative user interfaces I have ever seen. Definitely cool!
Kamis, 26 Maret 2009
Locavore Support Online
It's time for a Thursday lifestyle blog.As a vegan and locavore, I buy local vegetables, grow my own, and store/preserve foods for the winter months.
Finding fresh, organic vegetables for me includes buying shares in Community Supported Agriculture, in my case from Red Fire Farm.
I also enjoy farmer's markets and local specialty producers of heirloom beans, tofu, and grains.
All of this required a great deal of research and experimentation.
Now there's an App for that!
On the iPhone Store, Locavore is an iPhone/iPod application that tells you when local fresh produce is available and where to find it.
The app is a great resource who anyone who wants to optimize the produce of each season, find it locally, and prepare it using advice from Epicurious or Wikipedia. You can search by your current GPS location, by state, by fruit/vegetable name, and by farmer's market.
Asparagus and Rhubarb are coming into season soon.
10 local farmer's markets within 10 miles of my home have iPhone accessible web links.
For $2.99 I found Locavore a useful application to keep me aligned with bounty of each season.
Rabu, 25 Maret 2009
Green IT for Desktops
BIDMC has worked diligently to reduce operating costs and avoid staff reductions.IT is doing its part to reducte operating and capital costs. One of our initiatives has been Green IT to reduce the power and cooling expenses of data center, as described in my blogs Kill a Watt and Some Like It Hot.
Our latest effort, announced this week, is power reduction for desktops.
Here's our challenge.
Many of our clinicians require "instant on" computing in clinics and operating rooms. Many of our staff require remote access to their computers via our SSLVPN Remote Desktop features.
How do we power down unused desktops but still meet the need of our stakeholders?
This week, we are modifying the settings of all our desktops - 8000 of them - to power down disk drives and monitors when they are untouched for 20 minutes. As soon as the workstation is used again, power will resume immediately. Thus, there is no need to power off computers manually. We'll do it automatically.
A screen print of our new settings is above.
When I announced this change, several folks were concerned about losing work or disabling their remote access. The systems aren't being powered down or forced into a hibernating state, the monitor is placed in a low power state and the hard drive stops spinning. We didn't want to disrupt work or prevent users from accessing their workstations from home and so this option was the best choice. It provides an opportunity for power savings but does not interfere with remote workers relying on RDP or SSLVPN.
Our commitment to Green IT will save money, improve our carbon footprint, and still meet the needs of all our users. Over time, I believe we'll move to thin client devices without moving parts that will have an even smaller energy footprint.
On a related topic, I was asked today about the kilowatt cost of Electronic Health Records, since the country will be implementing EHRs for 664,000 clinicians as part of the Stimulus Bill. I'm working with my energy experts to calculate our energy footprint using the extremely virtualized server/storage/data center infrastructure we've implemented for our community doctors. I'll report on that soon.
Selasa, 24 Maret 2009
How About Some Good News?
I just watched the Obama news conference and feel compelled to make an observation.
Is it just me or has the news media and the blogosphere become obsessed with bad news?
Many people have questioned Tim Geithner's longevity as Treasury Secretary because of his performance to date. He was confirmed 60 days ago.
How can a single human turn around a multi-trillion dollar economy in 60 days?
Many people have questioned the Obama administration's commitment to Electronic Health Records. Recent articles have challenged the claims of quality improvement, enhanced safety and lower costs. Several of these articles have cherry picked from the few negative studies about EHRs. As you've seen from my blog, leading experts wrote evidence-based summaries of the literature to offer a balanced view on these issues. Neither the Wall Street Journal nor the Washington Post published our submissions.
Every day the press is filled with philosophical discussions from folks outside the trenches, second guessing the plans for the economy, the wars, and healthcare reform.
No one seems to support the idea of steady progress, phased accomplishment, or a positive trajectory. It's been 60 days.
Folks, let's give these folks a chance to do their work, offering our energy to work together to improve the world we live in, not endless criticism of their first efforts. As writer Ben Hecht wrote "Trying to determine what is going on in the world by reading newspapers is like trying to tell the time by watching the second hand of a clock."
Is it just me or has the news media and the blogosphere become obsessed with bad news?
Many people have questioned Tim Geithner's longevity as Treasury Secretary because of his performance to date. He was confirmed 60 days ago.
How can a single human turn around a multi-trillion dollar economy in 60 days?
Many people have questioned the Obama administration's commitment to Electronic Health Records. Recent articles have challenged the claims of quality improvement, enhanced safety and lower costs. Several of these articles have cherry picked from the few negative studies about EHRs. As you've seen from my blog, leading experts wrote evidence-based summaries of the literature to offer a balanced view on these issues. Neither the Wall Street Journal nor the Washington Post published our submissions.
Every day the press is filled with philosophical discussions from folks outside the trenches, second guessing the plans for the economy, the wars, and healthcare reform.
No one seems to support the idea of steady progress, phased accomplishment, or a positive trajectory. It's been 60 days.
Folks, let's give these folks a chance to do their work, offering our energy to work together to improve the world we live in, not endless criticism of their first efforts. As writer Ben Hecht wrote "Trying to determine what is going on in the world by reading newspapers is like trying to tell the time by watching the second hand of a clock."
The Standards Charter Organization
I've received several emails about the Standards Charter Organization (SCO) recently announced in a press release.
Some folks have asked if SCO is the successor to HITSP or if it changes the landscape of standards harmonization efforts. I've been very close to the work of the SCO, which has been closely aligned with the HITSP Foundations Committee. The SCO is complementary not competitive with HITSP. Here's the full story.
Several standards organizations, NCPDP, HL7, X12 and ASTM, recognized that their individual efforts have organization specific priorities, scope, and component elements such as code sets.
Working together, the SDOs can coordinate their approach to more rapidly close gaps in standards, use common code sets in all their work products and avoid the development of overlapping standards.
By doing this, their individual work products will be "pre-harmonized" in many ways, making the work of HITSP, CCHIT, and implementation guide writers much easier.
The SCO process is just beginning. My hope is that the SCO will work with HITSP in a three ways
* HITSP will be able to hand off gaps in standards to the SCO for assignment to individual SDOs
* The SCO will identify cross-SDO projects and hand them off to the HITSP Foundations Committee for harmonization. Foundations has already worked on creating common code sets such as gender and marital status
* As we all work together to create a Nationwide Health Information Network, the "pre-harmonized" work products from the SDOs will accelerate interoperability
Thus, I completely support the efforts of the SCO. HITSP, SCO, and the HIT Standards Committee are all important parts of the interoperability ecosystem with different roles and responsibilities.
Some folks have asked if SCO is the successor to HITSP or if it changes the landscape of standards harmonization efforts. I've been very close to the work of the SCO, which has been closely aligned with the HITSP Foundations Committee. The SCO is complementary not competitive with HITSP. Here's the full story.
Several standards organizations, NCPDP, HL7, X12 and ASTM, recognized that their individual efforts have organization specific priorities, scope, and component elements such as code sets.
Working together, the SDOs can coordinate their approach to more rapidly close gaps in standards, use common code sets in all their work products and avoid the development of overlapping standards.
By doing this, their individual work products will be "pre-harmonized" in many ways, making the work of HITSP, CCHIT, and implementation guide writers much easier.
The SCO process is just beginning. My hope is that the SCO will work with HITSP in a three ways
* HITSP will be able to hand off gaps in standards to the SCO for assignment to individual SDOs
* The SCO will identify cross-SDO projects and hand them off to the HITSP Foundations Committee for harmonization. Foundations has already worked on creating common code sets such as gender and marital status
* As we all work together to create a Nationwide Health Information Network, the "pre-harmonized" work products from the SDOs will accelerate interoperability
Thus, I completely support the efforts of the SCO. HITSP, SCO, and the HIT Standards Committee are all important parts of the interoperability ecosystem with different roles and responsibilities.
Langganan:
Postingan (Atom)