Hey all
In a world where a hospital can pay $250 million for a EHR upgrade, 200 million to upgrade all the VA is chump change that will make no difference to the market. And almost all the money will go to legal fees, consultants, requirements analysis, project plans, change control studies, hardware upgrades, security assessments. For 200million, I’d be surprised if there’s any money for programming. No Wonder they’re going to open source…
Grahame
In Europe (maybe except NHS) this would nowhere be possible. In the USA I believe they have similar regulations.
Bert,
You can count France as another counter-example. The DMP (Dossier Médical Personnel aka Personal Medical Record or Shared Medical Record or Public Medical Record) was heavily founded (something around 1B€... and counting).
The interesting effect was to shift concerns from "reinventing health care" (as was in the early 2000s) to "interfacing the government platform" (that, by the way, never delivered).
Such gov behavior doesn't only kills the market, it profoundly destroys the very nature of innovation.
Best,
Philippe
In the Netherlands we had a "kind of" experience too.
But it was different, because, the Dutch idea was the government to facilitate the market by rules and standards, and facilitate by an index-service to find patients in systems.
Under that umbrella (called LSP), the market partners of all kind could keep on innovating and selling their products.
So, in my opinion, that is how far a government can go in Healthcare ICT. Seen from this context, it was a good project. Facilitating, not taking over.
Bert
What do you mean by your last sentence? I think the situation in the Netherlands was different. The majority, who had no intention to use the system (or had no need) was concerned about the privacy issues, while those who needed it didn’t care as long as their data was available at the right place at the right time. And we had an opt-in situation. So those who had privacy concerns could have stayed out.
Unfortunately, the government had some bad PR around the LSP. They used the term “National EPD”, which was and still is a misnomer, since there is no such a thing, only on index-service to find where a specific patient had had medical service.
I would say the current situation where the insurance companies play a role in the ICT infrastructure is more threatening than any privacy issues that may have played a role.
Jan Talmon
IMHO, the interesting question to be asked is "what is the reference frame you are working in?"
The usual reference frame (Cartesian) is centered on the organization, say the hospital, and is fit to tell the story of people passing through (say "the patients" from in to out).
Another reference frame (Polar) is centered on the person, and considers the world as "what surrounds Mrs Smith". It is fit to tell the life long story of an individual and to organize the work of her (health) providers.
The Cartesian reference frame is local and based on a hierarchy of local roles (homogeneous to a "domain"). The polar one, on the contrary, travels with the person it is centered on.
When creating a Public Health Information System (PHIS), the usual (wrong) way is to "extend the walls" of a Cartesian reference frame in order to try to cover the whole country.
In my opinion, it is like trying to manage a lake in the same way a fish tank would be kept safe, through a giant air pump, a huge filter and a building sized electric heater.
It seems to me that open systems and closed ones must not use the same reference frame. In an open world the person herself must be in charge, and privacy issues are more than mandatory, it should be the very starting point of any project... at least any project that makes sense to me, both as a developper and a citizen 
Best,
Philippe
Bert
What do you mean by your last sentence? I think the situation in the Netherlands was different. The majority, who had no intention to use the system (or had no need) was concerned about the privacy issues, while those who needed it didn’t care as long as their data was available at the right place at the right time. And we had an opt-in situation. So those who had privacy concerns could have stayed out.
Unfortunately, the government had some bad PR around the LSP. They used the term “National EPD”, which was and still is a misnomer, since there is no such a thing, only on index-service to find where a specific patient had had medical service.I would say the current situation where the insurance companies play a role in the ICT infrastructure is more threatening than any privacy issues that may have played a role.
Jan Talmon
Regarding the opt-in, at the time the LSP was rejected by the senate in 2012 it was defined as an opt-out system, that was one of the reasons to reject it.
This is one of the things that is improved in the new situation, but as I understand, the opt-in is very generic formulated, so that there are still privacy concerns.
The LSP was more then an index-server, it was also an authorization-service, and that was a problem.
There was also no patient-accessible logging and there was no fine-tuning so that patients could authorize who to access their data.
Together with the changing from opt-in (which was the original situation) to opt-out, people needed to take action to avoid 500.000 people in the Netherlands having potentially access to their medical data.
I think it is not right to state that people who needed the LSP because of their medical conditions did not care about privacy issues. They did not have much choice, then to accept it, but that does not mean they agreed with the situation.
They were talked into it. Although, there are alternatives, the old SOS-bracelet.
I think it is someway not right to blame the governement bad PR around the LSP as a reason for rejecting it.
This because the senate had very good reasons to reject it, I mentioned some of them above. It had nothing to do with PR, it was a bad system.
You say that it is threatening that the insurance-companies now own the LSP, and that is partially true.
But on one hand, the insurance companies already have a lot of access to medical data, they know which medication we take, and they pay our medical specialist bills.
And the insurance-companies have repaired some serious flaws in the LSP.
You are right, on medical data, there is no escaping from Big Brother.
But on the other hand, the threatening of500.000 care-professionals (your employer via his company-GP) having potential access to medical data is gone.
It was always prohibited, it was easy to do when the patient had no logging and no fine-tuned authorization-capability.
Now the authorization better refined, a care-professional can only see data which have relevance to his work, and there is logging which the patient can see.
Also it is again set back to opt-in.
There are really important improvements, and it remains very strange, that Nictiz, which was a governmental organization,
very well paid by the tax-payer, did not have these quality-standards, which insurance-companies now have introduced.
I wonder why Nictiz was so sloppy with our privacy-issues. I never understood that.
You are right, Philippe, well expressed.
I think the polar frame is the patient mandate, it means that the patient is responsible for his medical data. Others write them, but it should not be regarded as poetry, so there is no copyright in the sense of art, but it are just data, like bank-account-data. The writer of the data cannot claim ownership.
The problem is that attribute based access is not very usual, and it is also hard to define generic. It gets complicated if the spouse or the mother also has access but the father has not because he mistreated the child, and the aunt has, because she is the legal guardian, and the patient changed from GP or hospital, and when they go to a foreign country everything can change, etc, etc. The problem is when you define a polar access, then you carry around so many changing particularities of a person on which it all depends.
It is not easy to implement.
The only way is to let the patient him/herself make it up. Give him all authorization-power, make him/her owner of the data, and let him/her be responsible.
Role based access is easier in algorithms, easier to define and speeds up the system, but role-based access is always cartesian (using your words). But role based access gives the power to the institutions, not to the patients.
Bert
Bert, I fully get your point... but I would argue that, as it goes in maths and physics, choosing a Cartesian or Polar reference frame plainly depends on the kind of issue to be addressed.
As you very well said, role-based access is always Cartesian since it defines the roles "inside the organization"... usually as a matrix. It is actually the easy way inside an hospital or any care place.
But it becomes messy when multiple unrelated domains are artificially grouped in a large virtual box, as it is done in regional or national wide systems... since the role of a given practitioner inside the virtual box cannot be clearly defined. As an example, as a radiologist, is she allowed to access any image form any care place?
My opinion is that the polar reference frame seamlessly "scales in complexity": it is more complicated to operate inside a "hierarchical ordered box" (as is a single organization), but becomes natural in a network of actors when considered from one of its nodes (ie the patient).
Best,
Philippe
that’s quite simple - it’s about making health data computable, which enables it to be used for decision support, risk analysis, personal medicine. Essentially it’s the key to keeping medicine affordable for the future. Archetypes = library of re-usable domain data definitions (e.g. vital signs data elements etc) Templates = case-specific data-sets (e.g. diabetic 12 month checkup; specialist referral; etc) (+ Terminology to provide meaning and some inferencing) (+ Ontologies to provide strong inferencing) Without this (and of course other things like guidelines sitting on top), you can’t compute with the unavoidable complexity of health information. - thomas