Advice for an Open Source Development Grant?

IgD asks: "My colleagues and I are developing an open source medical records system. A senior supervisor approached us and let us know a third party is offering a decent amount of money in the form of a grant for any legitimate medical research project. We were all but promised the money if we could come up with a proposal. Has anyone in the Slashdot community received a grant for open source software development? Are there any good examples of such a grant available? How could one measure the results of open source development for publication?"

what's the goal?

[axxackall]

Is your goal ge get the job done, or to open source your code, or to get money? Imho they are very different goals.

Re:what's the goal?

[AresTheImpaler]

Is your goal ge get the job done, or to open source your code, or to get money? Imho they are very different goals.

Come on, they are not very different goals. You can get the job done while having an open source product (and no money). I mean, have you seen the linux kernel? I does get the job done. You could also have the job done and get money while being closed source. You could also have open source and get money, just look at redhat, mysql, etc, etc.. So no, they are nod different goals.

Re:what's the goal?

[realdpk]

They're very different goals, but that doesn't mean they're incompatible goals.

Re:what's the goal?

[barista]

Imho they are very different goals.

Not necessarily. They can get the job done and have open source code. That would probably depend on any stipulations for the grant.

As for the money, I don't know the specifics of their project, but the money could be used to buy computers, equipment, etc. I work for a university based hospital, and have dealt a bit with research proposals, grants, etc. The grants I have dealt with are typically used to pay for things that come up in the course of research, or buys things that the department might not be able to buy on it's own. It might also be used to pay someone's salary, but I'm guessing they're not looking to get rich. As far as who is providing the grant, my guess would be that they want to do a Netscape/Mozilla kind of thing, or they might want make money on installing the systems (service and hardware).

I wish them luck

Re:what's the goal?

[axxackall]

Those goals are not absolutely incompatible. But trying to achive all three at the same time, without a real business plan, without a solid initial investor and without the eager-to-buy customer is ... a high risk?

Re:what's the goal?

[AresTheImpaler]

yes, I know they are different, but the original poster made it sound like they were incompatible.

Why should this be any different?

[donutello]

Refer to other medical research proposals. I'm assuming that you're not trying to get this grant on the sole basis of this being open source, right? The open v/s closed source nature of your project should be pretty irrelevant to your research proposal.

Re:Why should this be any different?

[matth88]

I work in a philanthropic foundation and spend a lot of time talking to other foundations about technology, and there is lots of interest in funding open source over closed source projects. Funders are interested in the fact that they won't have to fund zillions of identical projects -- it's just too expensive. It looks like this trend will continue.

Re:Why should this be any different?

[chenyu]

Wrong.

I've been on grant review boards, and being open source is big positive factor. Grant review boards are often concerned that 1) you aren't duplicating the wheel 2) that the software that you produce won't be orphaned once the grant runs out. There is also the "why aren't you funding this via venture capital" question.

Re:Why should this be any different?

[drfireman]

"The open v/s closed source nature of your project should be pretty irrelevant to your research proposal."

Lots of funding agencies have reasons to want to fund open source or free software. Government agencies, NIH Institutes and Offices for example, aren't generally concerned with the software being sold for profit. They're concerned with the software being demonstrably useful in promoting public health and basic medical research. Preferably the kind of demonstrable utility that looks good in the annual report and that will help demonstrate why they deserve a bigger slice of the extramural funding pie next year.

Although licensing is liable to be only a small part of a proposal, it can be an important one. If that's the most innovative part of your project, it's your responsibility (to whoever reviews your proposal) to make it as clear as possible why the licensing terms are so important. (Of course, if you find this step difficult, then you need to step back and re-think the proposal.)

Re:Why should this be any different?

[akaina]

Look at the DARPA grants that have been awarded. They list several recent accepted entries.

Re:Why should this be any different?

[lewp]

"Extramural" is my vocabulary word of the day today. Thanks!

A good idea

[skank]

for someone with the time to do so, would be to make a portal with as much info on this subject, and links to sites that may be able to help you get started / funded for such a project. I'm sure the OSS community would appreciate a site with such information. Just a thought...

Re:A good idea

[barista]

There is/was Slashmed, but the lest few times I checked, it was never updated.

Re:A good idea

[bundaegi]

Another one is http://www.linuxmednews.org/

Has been up for years (even if it doesn look very active) and always has good info on.

Open Source Medical Software

[AlricTheMad]

Have you checked around Source Forge for similar projects?
Have you check www.linuxmednews.com?

There are lots of projects in progress currently, perhaps you could work with one of those and help them out?

Alric

Yes, I went this route once, was not successful

At one time, fairly recently, we wrote a grant proposal for the Soros foundation, which was running a special program to help "disadvantaged communities and citizens" in the New York City area. Our proposal was considered one the better ones they received, for it was to enable accessibility for the blind. However, they rejected it primarly because this was something that could also be useful to helping blind people outside of NYC as well! I kid you not!

Re:Yes, I went this route once, was not successful

FYI - the Soros Foundation is sponsoring a new round of grants for social software development. Open Source Projects are encouraged. For more information check out: http://www.soros.org/ip/item_doc.php?area=18&type= 5&id=158

Nobody uses Electronic Medical Records

[LittleDan]

There already is an open-source EMR (gnumed.org), but no doctors are using them, because the switchover is just too hard. My dad's a doctor, and he was promiced a free EMR, just pay for the hardware. In fact, it was the FIRST EMR ever made, but he would have to hire extra people to load the rooms of files he had into the computer. It was just too hard.

Re:Nobody uses Electronic Medical Records

You have identified some of the problems with some of the EMRs, but the reality is that the two largest health care providers in the US (the Department of Defense and the Vetrans Affairs Administration) have used EMRs for decades for close to 100% of their patient care. In addition there is an exponetial growth in EMR installations in the US, Europe and South/Central America.

Re:Nobody uses Electronic Medical Records

[ChristTrekker]

Switchover from what, paper? That's going to happen no matter what EMR you use. If you're not overly concerned with importing old records then the problem should be reduced considerably. My last job was at a large hospital center (we used EMR and hoped to totally convert within a few years) and my new job is at a small private practice (still investigating EMR options). I've not heard of GNUMed before, but I'll be checking it out.

Like writing any grant I would bet.

[BWJones]

My guess would be that writing this grant would be like writing any other grant. The idea is to propose an idea, outline your thesis (in this case, why you are making a case for this software and why open source), talk about the background of this project, why it is important what the implications are if this were to succeed and how you plan on going about completing this project. Outline the costs and give a timeline, clearly state your goals and wrap it up.

Re:Like writing any grant I would bet.

[BWJones]

I should also have stated that I believe there is a significant need for medical records management software in the open source community and if you were to perform a little market research on medical records software, you would find the field is a mess of competing programs and standards, and you would not believe how much money is made by businesses that have half assed solutions to the problem. The cost to individual medical practices and hospitals is considerable and many companies do not have any real clue of how to properly implement this code. Things are complicated by numerous proprietary databases and lots of new HIPAA legislation that makes interconnectivity a real nightmare.

I've often thought that a good open source team of about thirty individuals including a half dozen subject matter experts, a couple good technical writers and half a dozen programmers could kick some serious butt in this market, establish an inter-operative database standard, either run it platform independent, or take advantage of some pretty powerful, yet inexpensive software like Web Objects and dominate the market within two years. Of course this third party you are talking about is probably interested in such a proposal, thus the offer. It's pretty amazing actually how many folks are wading around aimlessly in this market. Big players like GE, Siemens, IBM etc... are without any direction or focus on this problem and the market payoff could be relatively big if you properly market this to select members of government who are absolutely desperate to reduce the cost of medicine.

Re:Like writing any grant I would bet.

Don't forget a few designers to make sure your interface isn't going to frighten users away. It's my experience as a designer that most developers tend to overlook the design/usability aspects in favor of good code, but a successful project (IMO) really needs to have both.

SHR&D Grants

[deputydink]

Up in Canada, the federal Science and Research Council of Canada looks fondly on open source projects, at least the agent i dealt with. They (he) felt that the 'openness' of a project such as this would in some ways achieve what a patent in the field was meant to do, and the dole out generous tax and research grants, even on the likely failure of a project, and (better yet) with little consideration for the commercial viability of the project.

As far as know, the company has to be incorporated in Canada, but typically for Canada doesn't have to be entirely Canadian.
Additionally, many provinces, (BC, AB and Ontario ... plus Quebec IIRC) offer substantial tax grants on your revenues, which i always thought was a stupid as you likely won't have much revenue during your strictly research years, but for anyone who's ever paid Canadian taxes any little bit helps.

Re:SHR&D Grants

[deputydink]

oh fuck ... i clicked submit too quick .. i meant to say that my advise would be Go to Canada: They will pay you to mess around with unprofitable ideas well, except for the poor provinces... they don't care.

Re:SHR&D Grants

Be very careful with applying for this. It takes a lot of time out of your schedule, and there are no guarantees. Most importantly, work with someone who knows what they are doing. If you dont, it will be a waste of your time. Having said that, we have a closed source system that was just approved. Closed source means it can be sold.... which means that will actually bring in some $$$ to Canada... which I believe is why the country is funding SHRED in the first place. I *wish* someone could explain how Opensource makes money. I have a suspicion that training and consulting is the only way Opensource makes money... but, I digress.

I don't know if you count this as a grant but...

[rongage]

I've received sponsorship money from some pretty big companies for the development (or augmentation) of an open-source project I wrote.

Now, this wasn't a "here is some money, go write something useful" type of sponsorship, but more along the lines of "we like your work but need a certain feature added. Here is the money, add the feature".

It probably doesn't help you though, since they (the money) came to me...

Ask the Pentagon

As can be witnessed by the comments section on the recent /. article, apparently lots of people are bailing because they're "consciencous objectors." ;) Should be tons of cash available.

Open Source Reseach

>How could one measure the results of open source >development for publication?"

The Same way one measures other research results .. Your reseach being opensource has no impact either positive or negative on the reviewers mind. Keep in mind the goals and make sure the job is well done .. Just because it is open source does not mean the results can be mediocre .. some of the best reseach is open source.

SBIR/SBTT

[s00p41337h4x0r]

The government has a fair number of programs that are intended to fund small companies transferring research into products. In particular are the Small Business Innovation Research and Small Business Technology Transfer programs. While, these particular ones require PhDs or Professors (respectively) to head the projects, you could look at their applications to get an idea of what you ought to put in your proposal.

Since you're doing medical research, the National Institute of Health's SBIR program seems most relevant. You can also find the application forms and guidelines if you look around.

Re:SBIR/SBTT

[drb1001]

One minor correction - principal investigators on SBIR/STTR projects don't have to have Ph.D.s - they just have to have qualifications to head up the project. Qualifications can be other than educational credentials (e.g., experience).

Why open source?

[Reservoir+Penguin]

May I ask you why you decided to open source it?
Unfortunetly despite of what Eric writes in "The Cathedral and the Baazar" Free Software developers are still most likely to recieve their reward in fame not $$. It may feel good but the Free Software community has so far failed to work out a way to consistently financially reward the actual developers (not hardware compnaies who bundle Linux with their servers!). Even if your project become popular all you'll get from users is bitching and moaning not meaningful bug reports. Just watch the burnout suffered by Fink, MPlayer and Router floppy authors.

Re:Why open source?

Man, your rant about the financial viability of being an OSS programmer doesn't seem to fit well with this situation seeing as how they are receiving a grant ($$ in other words for doing this. Go troll elsewhere, Darl.

PS I don't see how the MPlayer, etc. devs are "suffering burnout" seeing as how they are volunteers and can quit writing software at any time. Perhaps they simply like their hobby? Maybe you shouldn't play tennis so much; you look burned out. Bah.

Re:Why open source?

having a shitty tude would not have anything to do with burn out either...

Re:Why open source?

The reason I would develop OSS would be to get the fame. I wouldn't expect to make money, hell, I'm giving it away to the world for free aren't I? However, some companies like you to have experience before they hire you. Sure, you could get experience at another company, or you could write a significant software application, open it to the world and put a link to the source on your resume and demand more money because you can prove you know what you're doing. No, not every project can "make it" it's a competitive industry. If these people wanted to make money off of their projects they shouldn't have gpl'd it, I'm not familiar with Fink, and I know the LRP can't change that. Even still LRP was great, I was extremely upset that the author couldn't keep up with it, but such is the case with a lot of stuff, not just software. Think of how many garage bands that actually care about their fans and their music never "make it big," or how many writers can't get a publisher to pick their book up, or how many artists can't get a gallery to display their work. This is how the world works, not everyone can be "big," not everyone can make money doing what they love to do and eventually have to bite the bullet and get a job so they can support their hobby. Mplayer, in my opinion, is the best media player for Linux period. It has no equals, it has no gui by default and it's the basis for my media-pc that even my parents can use. Mplayer unfortunatly has run into it's fair share of issues that have stunted development, and further threaten it.

I'm not going to pretend to be an excellent coder, in fact, I claim to be quite a crappy coder, but I'd rather open that up so others can say to me "dude, what the hell were you thinking? xx works so much better." I'm learning, I'm creating, other's are contributing, it's a great development model in that regard, except I can't expect someone's going to drop by my site and offer me money because of any application I write. That's not the motivation behind OSS at all. It can be profitable, but that's the exception to the rule. I know Linus didn't wake up one morning and say to himself, "you know what, I'm going to write an operating system kernel that's going to be the basis for a huge percentage of servers on the net." He woke up one morning pissed that he had to walk to the computer lab during winter so he decided to make his life easier. He almost certaintly didn't think that companies would use his work for the basis of multi-million dollar businesses.

Grants are a legit way to fund OSS. Grants are not a good way to get rich. If you need something done, and it could very well benefit others too, it's worth doing.

Focus

[jdc180]

If you want to make an open sourced system just for the sake of it being open then you're going to have a hard time. I firmly believe that some things should be open sourced, but it's not always prudent to do so. Every situation is different and open source isn't always the answer. Companies need to make money, even the open source friendly companies release software closed source.

If you can get grant money based on the finished product then open source is a good idea, but if you need to provide a product that will be sold, i think companies will be a little more frugal handing you money to create something open.

Share your thought w/ these guys

[LittleLebowskiUrbanA]

They're in the open source medical software biz as well.

Re:Share your thought w/ these guys

[opkool]

You also want to announce your project here:

http://www.linuxmednews.com/

Sure you will find good info and maybe a few developers.

Peace.

Re:Share your thought w/ these guys

no, don't go there. It looks just like Slashdot so it can't be any good.

Medical records suck now & have even killed pe

Good luck. Medical records needs it. Of course, there are open, free records systems available already that are quite good -- CPRS from the VA, for example.

Hospitals, and medicine in general, are conservative institutions that have only lumbered like brontosaurs into the information age. Pubmed and medical research being exceptions, of course.

Human side of things

[mao+che+minh]

Make comparisons between what current medical software offers, and what yours can/will. Identify weak points in the current software, or user annoyances (even little things, like the printer that the software company decideds to use as their "solution", but drives the users mad), and promise that these annoynaces and weaknesses will not be present in yours.

Then, talk about the benefits of an open source application, and talk about it's longevity and low cost of future manipulation. But only briefly, don't get too technical on them. Instead, attack the human aspect. Do some research and find out what the doctors and medical staffers themselves really hate, not their bosses/directors.

Not sure I understand the question

[NMerriam]

How could one measure the results of open source development for publication?

You haven't been in academia long -- the answer is you make up the results like everyone else!

But seriously, I'm not sure what is unusual about this situation. You apply for the grant, saying you want to research and develop XYZ system. At the end of the time period for the grant, you'll have to show that something happened, whether it is getting 1,000 developers working on it (this is good because you can clam the investment was matched 1,000 times in donations!) or having 12 private clinics and 2 hospital systems evaluating it and participating in system testing.

Whatever, you make up everything you can think of to measure (lines of code, contributors, patients tracked, data points, countries involved, languages ported to, web site hits, days of uptime, number of compatible legacy systems), keep track of it all, and at the end of the grant you write a paper saying how fantastic all the good stuff was, or why the whole thing failed and should never be attempted again.

If you really look into currently published stuff, you'll see that 98% of it is just proving and restating the obvious in a way that people can reference for future publications, so that they don't have to waste time on the obvious when the 2% of real research takes place.

I do applaud you and encourage you (and anyone else with the stomach for grant-writing) to pursue it, you'd be surprised how easy money is to get for useful projects if you can just keep up on the paperwork and wait months and months for every step to happen.

Get a half-dozen ongoing grants and you can basically have a small company that does pure non-profit open-source development year-round (and one full-time MBA to manage the grants!).

Open Source for Medical systems and the rationale

[Grendel+Drago]

Why use open source as a medical record system? Why use the open source model? As one of the replying pundits put it "move out of mom's house and get a real job".

The reason for using open source software is that it is indeed a collaborative effort. For those of you that think that this is one setup shopping, its time to look at the serious projects that have made some inroads and continue to develop.

The business model for open source, indeed for those of us who remember a time before the internet (yes there WAS that time), when software started to be packaged with machines. Why, one might ask should one pay for software when it comes for free? Today $450 but tomrrow it's packaged. For those of us who watched carefully we knew that the real money to be made in the world of software would be in support and support applications. To a certain extent those who continue with proprietary and exculsionary sorts of software may well find themselves moved over because of freely available and very robust software.

The advance of linux and linux clones is such an example of the incursion of open source software. Free? Hardly. Freely available? Always.

From a standpoint of software design and development, the open source model gives those of us who wish not to be constantly hit up for nickles and dimes ... actually the SCO model for those of you who remember SCO in its heyday before barritry became popular ... a place to find some security. More important is that from a physician standpoint what could be better than CQI, continuous quality improvement. The open source channel makes that not only possible, but nearly mandatory.

So, those of you who have regarded the only path to enlightenment that of the Gates family or Big Blue, look again at some of the companies doing open source development.

As for the question about grant seeking; The FreeMED Software Foundation is seeking grants to employ coders and others to better the software. Since the Foundation is a non profit, seeking the development, promulgation and distribution of opensource software, people who are motivated to see better software development can contribute to the making of better software. In a way, donated dollars dictate direction.

There is much more about the open source movement and the intellectual freedoms that such development permits. Check them out. Check out the FreeMED Software Foundation (www.freemedsoftware.com) or the open source news list at LinuxMedNews (www.linnuxmednews.org).

Freely Submitted:

Irving J. Buchbinder aka DrGnu
FreeMED Software Foundation

I don't know quality content when it sits on me,

[Spazntwich]

But if I had to wager a guess, I'd say Modelbob has some of the best content around.

Sure

[bigjnsa500]

Where I work, we were approved for an NSF grant to improve on our in house Live CD distribution. We use it for Internet2 (among other things) so other researchers on campus can experience Internet2 and the Access Grid. In our case it was easier than manually setting up their windows installations. We give them a disc, tell them reboot and they are instantly connected to our AG Venue. Plus it has other cool features like rsync backups (included their Windows filesystems) if they want to.

Now we have some funds to further the distribution. I will tell this guy it DOES pay to make Open Source Software.

Re:Yes

[snilloc]

You're not even trying! Come on people, troll a little better than that.

In academia, it's all open source

[Faizdog]

Speaking as a Grad student, almost all work done within the Academic realm is open source. Professors get funding from various sources, and they are able to publish their work, and then make the source available.

What you are proposing should work, but it all depends on the source of the funding. Would they be happy with an open source solution, do they even know what open source is? You need to discuss and evaluate this with them, but in theory it should work.

Damn, fine work

[mao+che+minh]

You did what a lot of Linux developers fail to do: start a business around services that people really need, and just so happen to use Linux to get it done. In the end, the clients won't really care what is under the hood as long as it works.

My most successful string of open source solutions involved a small break with an audio-video company. I set up a small Linux network, with a small CRM that was based on, believe it or not, a web based PHP driven "application" that I designed to catalogue my DVDs, VHS tapes, CDs, games, books, and comic books. mySQL is the backend, Apache its "OS". I added a few useful modules from popular CRMs that I found on Sourceforge. All of this meant nothing to my client, they were only happy that it fit their every need (they were managing customer data, billing, scheduling, and reports across a series of applications like Excel and Quick Books Pro, and good old pen and paper). Needless to say, not only was my solution extremely scalable and cheap, but it removed the hassle of having to have a file cabinet handy and three or four programs. All they did was click a little link on their KDE panel, and up came Mozilla and their portal to my program.

They quickly refferred me to their lawyer's office, my own dentist, and another small business that specialized in boat repair. I quickly made about $12,000 in my spare time, and not one bit of the software I used cost anything. I have yet to return to any of their sites to fix anything since, and this was over a year ago. The only thing I did was give them each a call when Redhat made RHN available so that they could sign up and have their systems updated for them remotely, for very little $$$. The circle of Linux business life eventually brought money back to Red Hat, whom's OS I used for free as an ISO download, at all of these sites.

You gotta love it.

Re:Damn, fine work

Do you have a link to it? I have some clients who may be interested in such a solution...

Cheers,
Rob :)

Open Source or Money

[KalvinB]

The idea of a proposal is to say why you need the money.

If your project is open source then I assume you intend that other people will work on it for you. In which case, how do you intend to divide up the money?

Are you intending to take a chunk as salary? How large of a base team do you have? How much do you intend to give them?

Basically, where is all the money going and how does "Open Source" fit into it?

Ben

Re:Open Source for Medical systems and the rationa

[GreyBear]

The important part to open source is the record format. After that, I can live with open or closed source software to access it. An open file format is imperative though, for any useful portability of records for patients.

Re:Open Source for Medical systems and the rationa

[Reservoir+Penguin]

I'm not convinved that open source development model has any real advantages over the established one. Honestly, I dont see a lot of innovation and creaivity coming from OSS developers. Beside a few high profile server apps and dev tools with a longtime Unix heritage its mostly K[windows app] or Gno[windows app]. Granted MS itself isnt very innovative but 3rd party windopws developers really shine. In every groupd from individual shareware developers to small dev houses to megacorps you can see examples of applications that have nor rivals in the OSS world.

Open source can be profitable

[caffeineHacker]

Just because it's something you enjoy doing doesn't mean it's not work. There's a famous quote by someone or another that says: "find a job you love and you'll never work a day in your life". Yeah, it's corny, but true, and if working on something you believe in gives you happiness and makes money go for it. It's not like open source has no revenue, look at Red Hat etc. They're making money off of open source. A good example(And it is somewhat on topic), is Tripwire. They built it funded through whoever in Computer Security, and then one of the Grad students who worked on it started a company off of it. They offer support etc. for the product and a free version for the open source community which also helps them get it improved. I'm sure there are numerous other examples of money making open source projects, but that's all I could think of since I'm at Purdue. Here's a nice article about Tripwire just got 8.3 Million dollars of funding. So I don't know what your definition of work is, but to me it's doing a service that people will pay you for.

BTW: Communism is where the government evenly distributes wealth, not when alot of people work together on a project. Might be helpful if you have to go through a high-school history course again ;)

Linux International

[MistChild]

A very good person to ask about this kind of thing would be Jon Hall (Maddog) at Linux International.

I believe he has been involved with Open Source Development grants and LI might even have such a program.

Bill

Re:Open Source for Medical systems and the rationa

3rd party windopws developers really shine

Now c'mon, I don't think Gator's that good!

bleck

[lonesome+phreak]

I don't know if anyone could even use it. Under HIPAA law you have to have a business associate's agreement with all vendors, and ALL vendors must supply support for the products or they aren't compliant. That's not even about the actual security or code flow of the program, but the whole project itself.

I do HIPAA audits, and I couldn't give them a a good rating on the risk analysis if they used it, because of that. No support==non-compliant. I could suggest they buy it from your company if your selling it, I don't see it being used by an IT staff somewhere without a vendor.

Re:bleck

Open Source != unsupported. Users can get
support contracts if they need them. In fact,
they can get them from *anyone* competent enough.
Local shops, big contract shops, anyone - users
are not tied to the vendor.

Re:bleck

[dagarath]

hmm, you don't have to have a business associate agreement with anyone that doesn't have access to PHI. Just downloading an application does not require that. (if you have a support contract then they probably have access to PHI and would require an agreement) The real issue would be that your IT dept and company would assume the risk of the application being HIPPA compliant. Few medical organizations would be able to accept that.

Re:bleck

[lonesome+phreak]

It has to be HIPAA compliant to hold PHI. It's a medical record app, so obviously it would have that in it. To be HIPAA compliant you have to only use vendor supported software. With that vendor you need to sign a BAA.

Therefor, I don't think you could just download it and use it without vendor support and it stay compliant. You would have to get support from someone who could sign a BAA, which probably shouldn't be an employee. Or, your IT staff might be able to become the "support", depending on the software and if they understood the sourcecode enough to fix it on their own...they would have to satisfy this because it's an unacceptable risk to assume the community support around the product would be enough to keep it properly patched. Plus, if you left their screwed unless they hire someone else with that skillset.

In my area of the country, I do not personally feel that there are enough qualified job seekers to replace such a person. They would have to understand the source itself. Now that's not a hard feat, but you can't rely on that enough to mitigate it. Not when it IS the medical record software. If that gets penetrated, your in pretty big trouble legally. It would be one thing if it was their word processor.

It's really a gray area, prime for a HMS audit and court desicion.

Some people think I mean this about OSS in general. I don't. I mean it about this particular product. Due to the circumstances currently surrounding the industry, it might not get all the benifits normally associated with having such a project. It might not have a large user base because many people are afraid of using it as a HIPAA violation. It might not even be worth making it open-source, and make more business sense releasing it under a different liscense like one that only allows source to customers or such.

Re:bleck

[drmike0099]

I don't think you're looking at the full scope of the OSS option here and how it relates to HIPAA. Nothing in HIPAA that I've ever seen mandates "vendor supported software," which is good because a lot of healthcare IT products are homegrown. HIPAA could care less if you have support for your software or not, but what it does care about is privacy, and the security necessary to protect that privacy. One aspect of that is that *if* you have a vendor, you need them to agree to be HIPAA-compliant. In many cases (like laundry services) this means simply a statement that no PHI is transmitted, therefore they are HIPAA-compliant. *If* that vendor also has access to PHI, or you ship PHI outside of your institution, then you also need something in your contract to address that.

Now, if the system was an OSS system, there are two options: first is you went through a vendor who is supplying the service for it. In that case, the above applies. The second is that you downloaded it from sourceforge or elsewhere and installed and ran it yourself. In this case, because you have no vendor, there is no HIPAA issue. Just to reiterate, HIPAA only involves the transmission of data (PHI) between your institution and another institution/vendor.

Now, I think what you are suggesting is a situation where you download it and run it yourself, and yet have no intention of supporting it yourself. While I suppose someone is stupid enough to do this, I can't imagine this happening in any legitimate healthcare institution anywhere in the US, and not for HIPAA reasons. To install and run software that you have no knowledge of and no support for in a healthcare institution would be negligent, and I doubt you could even get it off the ground. This is simply a non-issue.

Lastly, just to make the point, a lot of hospitals are using Windows NT and Linux as their servers. Neither of these have vendor-provided service, but that doesn't make us non-HIPAA-compliant.

Re:bleck

[lonesome+phreak]

3. System Software

3.4.3 Vendor-supplied system software is supported by the vendor.

Page 28, HCFA Core Set of Security Requirements Audit Protocols.

Interview system software personnel concerning a selection of system software and determine the extent to which the operating version of the system software is currently supported by the vendor.

That was the original standard set out in 2000.

And it doesn't just involve the transmission of data. It also has to provide for it's integrity. Go read the Final Security Ruling. There's three different sections on it. It's all about risk analysis and risk migration.

Using NT is going to be a big problem. It's not going to be supported anymore. No more patches, no more fixes. By proper risk analysis, it is far too dangerous, especially by 2005 when all this has to be fixed. Simply put, when HMS walks in the door they won't be happy to see such a sight.

Re:bleck

[drmike0099]

Two points on the above: first that only mentions operating system software. One could argue that even supported Microsoft OS confers greater risk that unsupported, well, anything else. Actually, I'm not sure what the counter-argument would be against that. Also, if risk is the primary motivator here, then OSS like Linux simply needs to have someone keeping up with the patches to make it secure. The letter of this wouldn't apply to other OSS applications.

The second point is that this doesn't need to be fixed until 2005. NT itself should be gone by them. It does raise a much uglier issue of the gov't mandating by law that your organization spend money on upgrades, and the lockdown that vendors then have over any organization. If you think Microsoft is evil, then they could use HIPAA to force every healthcare system to upgrade to 2003 server just by cutting support for their old products. Most other people wouldn't care, but healthcare would be held hostage.

Lastly, you quote something from a HCFA regulation. I honestly couldn't find this mentioned anywhere in the actual final security standard. Searches for 'vendor' and 'support' didn't expose any section that seemed to mention anything that looks like the above. If you could point out the actual location that would be a big help (I'm not being argumentative, I'm actually interested here, because I hadn't seen that before anywhere).

Re:bleck

[lonesome+phreak]

There's the rub, so to speak. It's only mentioned in the first security audit protocal draft, released in 2000. This rather expansive tomb was cut to shreds to be put in the final ruling. It had some issues, as requirering C2-level compliance. It was quite...insane. But, it's what the government wanted to impose. It's based off IRS 1075 (I think), which is the IRS security guidelines for their IT.

We now have a much 'looser' standard. The originals where protocals, this is just a standard. Nothing exact on purpose. If you read the whole thing including the comment and answer section (it's over 250 pages), there is much whining about it. Some suggested that it be dropped completely. We have some type of compromise.

However, when the HFC walks through the door with their auditors, I want to make damn sure my clients are not going to be fined or arrested. I try to hold them to as much of the original standard (and the generally recognized computer security standards) as is financially feasable. That's my risk analysis. I explain that to my customers too. Basically...it's go to someone else if you want to risk your license.

I have a copy of the original ruling on my companies site: http://www.med-is.com/files/proposed-sec.pdf
I don't know how avalible it still is on HMS's site. That's where that quote comes from. I would say "happy reading", but it really is a monstrocity.

I never thought of MS doing something like that, but I could really see it. As to the lockdown...Someone who is good at risk analysis would never suggest his customer go with a completely propriotory system. Most of the bigger clients run some *nix flavor for the backend...screw TCO, it's people's lives on the line.

But really I was just talking about that one particular instance of this medical software, and how they might not see a wide acceptence of it under the "rouge install" catagory. That's one of the major stregths of OSS, and they might not get all they where thinking of.

Re:bleck

[dagarath]

I see the reference in these files, Audit procedures.. one of the files seems to apply to carriers / datawarehouses.

http://www.cms.hhs.gov/manuals/pm_trans/AB02081. pd f
http://www.cms.hhs.gov/manuals/118_security_ove rsi ght/SSO_Appendix_A_APs.pdf

Re:bleck

[dagarath]

I can see your point, and I agree it would be an increased risk. (or at least the company using it would have to assume the responsibility of assuring that it's HIPPA compliant, ie become the vendor.) I can't imagine anyone taking that risk. I don't see it as being obviously illegal, though.

Re:bleck

[TastySiliconWafers]

I disagree. If it's GPL'ed open source, then there is no vendor. Because you have the source and the right to create derivative works, you are perfectly capable of providing your own support for the product in-house if you have your own development staff. A number of organizations use in-house developed software in their clinical operations every day. For example, Beth Israel Deaconess Hospital uses a homegrown HIS/RIS. The University of Michigan uses in-house developed RT software for their Radiation Oncology operations.

Alternately, there is nothing to prevent existing market players from acting like Red Hat, etc. by adopting the product and selling support. Open source software is already used in the medical market. For example, the current version of GE Medical Systems' flagship Advantage Workstation post-processing software runs on top of Linux.

Re:bleck

[lonesome+phreak]

A large group or company could do that, but a smaller business couldn't show enough evidence of the ability to do it in-house. It would not have the same abilities as non-mission critial software.

Of couse someone could pick it up in a distro and decide to support it. The smart move would be for a hospital with an IT staff to pick it up, start helping with it, then outsource the program (with support) to their local clinics. I know that's what I'll be doing with it if it goes anywhere.

Check out nosi.net

The nonprofit open source initiative, at nosi.net

Not sure if the directly answer your question, but: "The Nonprofit Open Source Initiative (NOSI) was begun in June 2001 to bridge this gap between the nonprofit and open source communities."

Seems like a good place to start, or at least to be in contact people who might be able to point you in the right direction.

Are you at a university?

You certainly sound like you're at one, or a teaching hospital. Most universities (& hospitals) have research offices to help professors & other researchers apply for and get grants. Many of them are quite good at it. Why?

Most US (& Canadian) universities make a pile of money by charging "overhead" on grants. This is supposed to cover the costs of physical plant, the library usage related to research, etc. etc.

There is no relation between the costs of overhead and the value of the services provided. Despite millions being collected from my Prof's research grants in overhead, it takes forever to get light bulbs fixed. We started referring to metaphysical plant.

LinuxFund

[ChipX86]

LinuxFund.org has been kind enough to supply two of my projects (GNUpdate and Gaim for Qtopia) with funding and hardware. It may not directly relate to your question, since it sounds like you already have someone that may be giving you the money, but you can look at their policies and requirements, and request more information.

Ask People Who've Done Similar Projects

[TastySiliconWafers]

I'd suggest you try contacting people at eFilm Medical. They developed PACS workstation software that, if I recall correctly, was funded by the Canadian government. You could also try contacting Bob Cox, who built a software package called AFNI for analysis of neurofunctional MRI data (an NIH funded project).

I don't see any reason why you shouldn't be able to get NIH funding and/or grants from other sources to build a low-cost or freeware EMR system with a well-written proposal and a knowledgeable Principle Investigator directing the project (you probably need someone with a PhD in Medical Informatics or an M.D./D.O. to be your PI). If you don't have a qualified PI to head the project yet, find one. You don't want to be perceived as a novice. The people you contact will likely be far more helpful the more you sound like you know what you're doing.

Grant Writing

[The+Ape+With+No+Name]

My advice to you (I have received several grants and fellowships) is to really be tight on the proposal. If the grant application asks you to write it in blood, write it in blood. I have also been on committees that review grant proposals. We would kick proposals, unread, for not having the correct format on the TITLE PAGE! When I complained that this was a minor thing, the committee chair looked over her glasses and said, "If it isn't perfect, then it doesn't deserve our consideration or our money." Be tight. That is my advice.

Re:Grant Writing

[JoeCommodore]

As far as how do you tell if you justifierd your grant...

Most grants have to include an objective as well as a summary of how the objective can be verified and progress measured. I would figure for a software project grant you would either work out a concrete specification of data and structure (such as a standardized system to base future developments and cross-platform data compatibility guidelines) or base system with a realitically obtainable (and usable) featureset.

Recruit A Specialist

[John+Hasler]

Grant proposal writing can be very esoteric and specialized. I suggest that you ask the agency offering the money for suggestions as to where you could get help writing your proposal.

Good luck. This is a field that desperately needs Free Software.

Who is the Donor?

[G4from128k]

Not that I want to know, but the goals and interests of the funding agency should be reflected in your proposal. For example, if the funding agency is interested in third-world health, then play up the low cost of the software for impoverished/disadvantaged clinics. If the donor is a big pharma company, then play up how they could "give this away" to potential customers or use it in clinical research. If the third party is more interested in academic research, then show how the system can support data collection, double-blind studies, etc. I'm not sure that the "open source" angle will have much traction unless you can show that the open source process multiplies the impact of the donor's money.

The more you know who the donor is, the better your proposal will sound to them.

Why are there so many posts advocating...

that this shouldn't be open source? Do you not remember what RMS has said about proprietary software?

A non-free program is a predatory social system that keeps people in a state of domination and division, and uses the spoils to dominate more. It may seem like a profitable option to become one of the emperor's lieutenants, but ultimately the ethical thing to do is to resist the system and put an end to it.

The last thing we need is to have a predatory social system injected into our medical profession. Hospitals and other entities should collaborate to create software to be used by all; it would be the inexpensive, ethical thing to do.

PS I predict most of the negative responses to this post will be proprietary software developers suffering cognative dissonance, who feel the need to write knee-jerk responses to anybody suggesting even for a millisecond that non-free software is somehow wrong.

Re:Why are there so many posts advocating...

Dude that was bold. It'll probably be modded down -1, Flamebait, but for what it's worth I tend to agree with you. Most Slashdotters would tend to agree with you to if your post was directed at Microsoft instead of proprietary software in general. Why is it that most slashdotters are so quick to bash Microsoft their preditory, unethical practices when they are simply the natural end result of our current software business model? They are just doing on a large scale what every proprietary software company is doing on a smaller scale.

At the risk of being redundant...

[Dr.+Smeegee]

I once developed a Callcenter Training Utility for our company in the early 90's using such a grant scheme. It used genetic algorithms to generate simulated customer complaints that were _very_ realistic, even to the point of using sample voices to "whine". Of course, the helpdesk trainees hated it...

But hey, the mewling was featureful.

Why don't you just SELL it ffs

[CypherDeaz]

I have worked at a company (for a short time) who's most of its software was BASED on GPL'ed free open source software, one of their software packages is a CMS based off phpnuke ( http://www.phpnuke.org ) They Make about $35,000 a MONTH from their commercial PHP based CMS system which was just ripped off from phpnuke my boss just paid a out of school programmer to just change it as much as possible. But its suffered from the same security exploits as nuke even after 1 year of selling and working on it.. Interestingly it seems to be bought by people who know there are free ones but want commercial support they want to know they can get help setting it up but of course there are others who just don't like about the free ones such as PHP nuke. Do I feel sorry for the GPL lovers who create these problems? No there just fools, theres no other way around it, this is what happens , if your not willing to BSD your licence then dont open source it at all because at the end of the day your living in a dream world. Instead of falling into the foolish trap of so many others why don't you just sell your softare? Open source grants might work but why do that when you could do things like provide real support and the like.

Re:Why don't you just SELL it ffs

[mabhatter654]

So you were just leeching right? Your Boss seems to have made quite a bit of money finding customers for someone else's work while taking all the credit for themselves and not puting any back. How have GPL lovers created problems for him? well they might now after you ratted him out on /.!

Your Boss represents the problems with public perception of the internet in general [RIAA, MPAA, KAZZA, etc]. Nobody wants to RESPECT other's rights in business. After all, there's no need to hide what he's doing, as long as he was to give back like the license says. Open source is about working together to build something that will last...corporations are not always the best instrument of that goal! When he's sued into oblivion by the FSF, where will his customers be...he appears to be defrauding them by NOT telling its GPL based. Then they will have an UNSUPPORTED system...why should anyone from the GPL project help them? If he was following the rules, there would always be someone there to pick up the slack should he leave the market! OSS makes the market MORE capitalistic [econ 101 definition] not LESS!

Job

[NitroPye]

1.) Get a job doing whatever. 2.) Buy caffeine and computer parts with money from job 3.) Use caffeine to stay up late working on the OSS Project

HIPAA

[barista]

First of all, HIPAA is only in the US. It wouldn't apply outside US borders (though, other countries may have similar laws, I don't know).

My guess, however, whoever is funding it will probably try to make some money off of it --> installing and servicing systems (hardware/software), that means they are a vendor, and can come under the Business Associate Agreements.

I would see problems if the IT staff of the hospital tried to make their owns changes to the source code without consulting the vendor. In open source it would be their right, but it would probably invalidate a service contract.

Re:HIPAA

[lonesome+phreak]

In creating medical software you have to use code sets. They are somewhat modular, but I don't know how modular they are to be able to change them between countries. That would be up to the writers, and is probably something they really need to look into. If they can make the codesets modular, then that would help in more world-wide acceptance.

I think the same about the funding. I really was commenting on the whole "open source" of it.

It won't have the "rouge install" factor behind it, because it can't. You can't use it without some type of vendor support, or at least where PHI is concerned.

If it violated the service contract, someone could end up in jail.

Re:HIPAA

[lonesome+phreak]

Wow. Your an ass. And you completly missed my entire point. I'm not talking about open source in general. Im talking about this particular project. Therefor, your entire argument is moot. I actually agree with you completly. I disagree with the way you say it, as that makes enemies, not converts. I see the thread from your other postings, but I can assure you I'm not the person to take your rage out on. 80% of the machines at my business run Linux. It would be 100% but it's hard to do Win32 security research just using WINE.

This particular law requires vendor support. It wants an externally designatted source that will say "we support this software for technical issues". This could be just about anyone who downloads it and takes the time to learn it. It could be them. It will probably be the people funding them.

I don't know where you copied and pasted that from, but don't throw your fanatisism at me. How long have you waited to post that? Or is it something you post often? I advocate Linux as much as I can, but I don't just attack random people, especially when I have a) no idea who they are and b) obivously don't understand their point.

Don't bother replying, as I don't think there is any point in discussing this any further. You are correct in the argument, completly wrong in your choice of posts to reply to. Flames like that make Linux look bad.

Congradulations, you have scored 100%

Re:HIPAA

[stanwirth]

No need to get angry. Read what you wrote:

don't know if anyone could even use it. Under HIPAA law you have to have a business associate's agreement with all vendors, and ALL vendors must supply support for the products or they aren't compliant. That's not even about the actual security or code flow of the program, but the whole project itself. I do HIPAA audits, and I couldn't give them a a good rating on the risk analysis if they used it, because of that. No support==non-compliant. I could suggest they buy it from your company if your selling it, I don't see it being used by an IT staff somewhere without a vendor.

The parent of that posting is the original article. Shall we quibble about what the word it means? Open Source? This project based on Open Source? The ONLY information you have on the project based on the original article is that (a) it is open source and (b) that it has the inside track on funding. If you read the sourceforge entry, the only additional information you can gain is that they plan to use Windows/Delphi/Kylix on the client side and MySQL on the server side. (eeeyuck! but that's a technical preference of mine, nothing to do with HIPAA audits).

So, whether you meant that you "couldn't give them a good rating on the risk analysis if they used [open source]" or that you "couldn't give them a good rating on the risk analysis if they used [project you know nothing about except that it uses open source and has an inside track on some funding]" -- the bottom line of what you wrote implies that (since the only substantive thing you know about the software they propose is that it will be an open source package for keeping medical records) this medical records system will be inadequate.

Obviously, there is a big difference between what you wrote and what you meant to say .

If what you meant to do was to alert the author to the imporance of having an SDLC or an SLA such that the institution using it wil pass HIPAA muster, then tell them, that they use open source it or not secondary to the importance of the quality of their SDLC and support SLA, in order that the institutions who may adopt their software pass an HIPAA audit. This is perfectly reasonable. You might also suggest that he use a slightly better and more platform-independent system than Delphi, as many Delphi components do not port nicely to Kylix. You might also suggest that he consider using a more robust database than MySQL -- PostGreSQL perhaps, one that can handle triggers and stored procedures, as the sheer size of medical records storage problems are legendary . There are a host of technical suggestions you could make that would contribute to the final systems' ability to actually work in the real world.

In your reply, your objection is that This particular law requires vendor support. It wants an externally designatted source that will say "we support this software for technical issues". This could be just about anyone who downloads it and takes the time to learn it. It could be them. It will probably be the people funding them.

So? Why not. Could be you. Are you objecting to the fact that one group wrote it, and any number of others might sell support for it? In that case, what do we do with all those MSCEs that would support the Windows part of it, but did not have any part in developing MS Windows?

There is only one developer registered for the sourceforge project, and while one beta prototype has been released, one would expect that the author intends, by stating he is open sourcing it, to check the code into the sourceforge CVS repository. Granted, CVS is only an SDLC tool, not the SDLC itself, but it bodes well.

What else? Oh, that toy RDBMS and thick Delphi-based Windows client. Well, until we see the proposal, we really have no idea what he's going to do to redevelop the prototype into something ready for Cedar-Sinai, do we

Other Medical Sources to Ask

Some time ago, one of our clients had a need for medical software for a very small business. Since they did not have a lot of income to purchase expensive software, I had researched into the medical field briefly. You might find a couple of the links below may lead you to some people that can help you find the information you need to get yourself on your way. Some may even be willing to lend you a hand.

http://www.hardhats.org/

http://www.debian.org/devel/debian-med/his

directory.google.com/Top/Computers/Software/Oper at ing_Systems/Linux/Projects/Industry_Specific/Healt h_Care/

www.hi-europe.info/library/opensource/default.ht m

government funding

Don't make any anti-military comments or your funding could get pulled.

HIPPA is a non-issue

HIPPA is a non-issue if you have the right business practices in place. It would most certainly not matter if your application was home grown, open source or from a vendor. You must have some framework for privacy, adhere to standards (that is what the law was intended for in the first place!) and some means of support, whether thru vendors, consultants or in house. Some of the best EMRs in use are home grown and self supported with occasional use of 3rd party components.

As for use by IT departments without a vendor....this is exactly the problem. IT should have nothing to do with record systems, they have neither the aptitude nor the ability to run these extraordinarily complex, yet crucial systems. IT departments and the informatics departments should be separate (but close friends). IT can provide the network, run the servers, maybe even manage the RDBMS, but beyond that they need to call for expert (i.e. informatics specialists) help.

Providing the software open source is a perfectly reasonable option. There is no such thing as a complete, effective, turn-key system that will meet the needs of anything other than a small community hospital (and even that is dubious and will require considerable time w/ integration and installation support from the vendor as they try to tie together the dozens of existing systems). Every system needs tremendous efforts to write new interfaces, match workflow to the local environment, adjust CPOE, write/implement CPGs and other decision support tools.

Coding is far from simple

Modular? The UMLS is rather complex to be called "modular". From their web site (http://www.nlm.nih.gov/pubs/factsheets/umlsmeta.h tml) :

"The July 2003AB edition includes 900,551 concepts and 2.5 million concept names in over 100 biomedical source vocabularies, some in multiple languages'

Given the complexity of the UMLS (which serves to map different medical vocabularies to each other) it is far from modular. Obviously needing such an instrument to translate codes between systems suggests that modular is the *least* accurate term to describe controlled medical vocabularies (e.g. SNOMED-CT, LOINC, Read Codes).

If you are thinking about using IDC 9/10 codes...they are made by the WHO and translations are available in English and French. However, it is well documented that they are inadequate for clinical record keeping. SNOMED-CT is available in English, Spanish, as well as several other languages.

AMA Grants

[taaminator]

Seriously, have you tried the American Medical Association?

The AMA awards grants for all kinds of things -- sometimes even worthwhile things -- sometimes even productive things!

Surely the prospect of funding a productive piece of medical software would be in their best interests!

A word of advice: make sure it's DOS so it will work on most doctors' computers.

Plenty of examples

[yiantsbro]

There are many examples of this available. My group (at a medical school) has collaborated on a number of grant projects (government and private granting agencies) where money was awarded for the development of open source software. In fact, the grants we have worked on require that the software be made publicly available (although most of what we do is of little interest outside of clinical/educational medicine).

If you want another great example, contact the IT group at the University of Delaware. They developed (under a grant and collaboration with a few other schools) uPortal. This is an open source portal system which is packaged and serviced by several different vendors (RedHat style) like SCT and Campus Pipeline. Since the development they have found they get a better response from other granting organizations as well as vendors (like Blackboard and WebCT to develop modules for it). So not only do you get the immediate benefit of money to assist in the development (to pay salaries, buy computers, buy software, etc.) but you get many continuing benefits from it as well.

HIPAA

[stanwirth]

I don't know if anyone could even use it. Under HIPAA law you have to have a business associate's agreement with all vendors, and ALL vendors must supply support for the products or they aren't compliant. That's not even about the actual security or code flow of the program, but the whole project itself. I do HIPAA audits, and I couldn't give them a a good rating on the risk analysis if they used it, because of that. No support==non-compliant. I could suggest they buy it from your company if your selling it, I don't see it being used by an IT staff somewhere without a vendor.

The underlying assumptions you are making are:

1. open source == no vendor
2. open source == no support
3. open source == pay no money to the vendor
4. open source == unknown parties are modifying the code in an uncontrolled manner

But all four of these assumptions are not necessarily so. Remember those little logic problems you had to solve to pass your GMAT? If some Snickers are Doodles and Some Snorkers are Doodles, is the statement "All Snickers are Snorkers" (a) True (b) False (c) Indeterminate? (hint: the answer is (c) Indeterminate).

I will disprove each of your assumptions by giving a counterexample.

1. open source == no vendor
The IBM Corporation develops open source software. But maybe you'll need to give them a call to determine if they're "real company" . You could just check their SEC filings, or perhaps their current stock price. But perhaps you will call IBM Coporation's CEO -- y'know, just to make sure that The IBM Corporation isn't just some kid working out of his mom's basement? D'ya think?
Therefore, the statement "open source == no vendor" is...(c'mon, I know you can figure it out...trying, trying) FALSE! correct.
.

2. open source == no support
I use SuSE Linux, which, when you register, gives you a free installation support contract. I've used it twice, and gotten the solution to the problem back within a couple of days. I therefore conclude that their support is good. If you need corporate-level instant-turnaround support, SuSE will happily sell you a support contract. Their terms are very good, and their reputation for honoring their support contracts is sterling .
Therefore, the statement "open source == no support" is... FALSE! Right again.

3. open source == pay no money to the vendor
Read the GPL. Open source means that you must distribute the source code with the executable, and that all derivative works must also distribute the source code. It does not prohibit you from accepting money for the executable, it does not prohibit you from supporting the code, and it does not prohibit you from providing the support, as a company, in exchange for money. Even the "Free" in "Free software" means "Free as in speech" not "Free as in Beer."
Therefore, the statement "open source == pay no money to the vendor" is ... FALSE! Hey, we're batting a thousand today.

4. open source == unknown parties are modifying the code in an uncontrolled manner
I think that Linus would be extremely surprised to hear this. Quite frankly, I have never seen an SDLC as tight, in any proprietary software house I've worked in, as tight as that applied to the development of the Linux kernel. Although I hear that *BSD is even harder to get code committed to than to Linux. In many open source projects, there is one person who decides whether each individual mod will be accepted or rejected. Insitituting tight SDLC, including source code version control, unit testing, conformance testing, integration testing and user acceptance testing -- is up to the manager, whether it's open source or proprietary code that's under development. Under open source, the customer actually has a far better guarantee that these tests are being completed than in a closed source environment, because the customer

Veterans Administration

You might want to do some investigation with the Veterans Administration also. They have done alot with Medical systems for the government both public and private system. I worked with one that used to be called Veterans File Manager.

Re:Veterans Administration

[NetSurferHI]

The VA did a lot more than just creating VA FileMan. They developed and continue to improve a complete suite of applications to manage every aspect of a Hospital or Clinic.

And since this is written by public employees, it is in the public domain, as in FREE. Since it is written in M(aka MUMPS) you are provided with full source code.

The DoD liked the code so much they bought it from a company called SAIC (who got the code for free) and paid SAIC $2B (two billion dollars) for it.

The VA calls it VISTA (used to be called DHCP) and DoD calls it CHCS. you can read about it at www.hardhats.org.

One of the things that make this software unique is that from day one, all of the features have been driven by the various specialists (i.e. doctors, nurses, lab techs etc.) making it highly relevant to their respective jobs.

This package includes a paperless medical record (which was implemented in a number of VA facilities several years ago), full HIPPA compliance, full ability to bill Medicare, other insurance companies, etc. using HICFA forms and DRG/ICD9/CPT codes with analysis and optimization. This same software is used by at least one country in Europe to run their entire medical care system.

This software has been in development for many years and was started long before the private sector even began to look at comprehensive computerization of hospital/medical care.

one example at the NIH

[drfireman]

One example I'm familiar with is the NIH Office on Neuroinformatics (no link provided, I don't want to Slashdot my funding agency!) supports the development of software for things like brain imaging and databasing. Their funded projects include lots of open source and GPLed projects, some directed by Slashdot readers (well, at least one). I don't know of any place where you can find successful applications, but you can at least browse some project descriptions.

This is just one example, I'm sure there are many others even just at the NIH (incl. at the new NIBIB).

Open Currency

[dr2tom]

This probably isn't the answer you're looking for, but there is work being done on an open currency for the open source movement. Check out: http://www.futureofmoneysummit.com/open-source-cur rency.php

Try for SBIR funding

[auferstehung]

1. Form a small business
2. Write Phase I proposal
3. Receive Phase I award
4. Write Phase II proposal
5. Recieve Phase II award
6. $$$

Check out the NIH SBIR page. You might be interested in the "Clinical Technology Applications" topic for the National Center for Research Resources (NCRR).

Open Mash + NSF

[Josuah]

Open Mash was funded for a while by the NSF, a common source of academic funding. I'm not sure if you and your colleagues are in an academic setting, but the Open Mash web site does have the proposals and reviews of those proposals available on the site. Check out the Papers and Publications area.

I'm not exactly sure what you're asking when you talk about measuring the results of an open source project for publication. But any proposal would have to talk about why the project you are proposing has value in-line with the goals of the committee or group you are submitting the proposal to. Knowing exactly what those goals are can be difficult. This is one of those situations where you really have to tailor your writing to the specific reader(s).

Wrong! US Gov(Veterans Affairs) and Many Univs

[spineboy]

Uh, the Veterans Administration (VA) is one of the largest Health care organizations in the nation and it has used a TOTALLY ELECTRONIC medical record system for about 6 years now. NO PAPER PATIENT CHARTS at all!- everything from clinic visits, operative notes, and most prescriptions are done electronically.
Many university hospitals and other large hospitals all have some sort of electronic record system, and many are converting to an all electronic system.

I am not aware of any that are open source, Most I imagine, as everything is in medicine, has to be tested relentlessly and thus is costly and a real pain in the butt to get certified for new security regulations.

From a doctors viewpoint (mine), they are a pain to use - they slow you down, patients wait LONGER!. It's much easier to dictate and have the secretary slip the note into the chart. A positive aspect of the EMRs is that charts don't get lost (yah, but computers crash).
Many of the younger doctors are used to EMRs and will probably goto that in their private offices, 'cause they're used to it. I could go on for hours, but I'll stop here.

Re:Wrong! US Gov(Veterans Affairs) and Many Univs

[Grotus]

I am not aware of any that are open source,

The source for VistA, the system used by the VA, is about 99.9% public domain. Hard to read, but freely available. Check out the Hard Hats site for more info.

Re:Wrong! US Gov(Veterans Affairs) and Many Univs

[LittleDan]

The Veteran's Administration is a government-run organization. It has tons of money to switch over to EMR. It's completely different in the private sector.

Hmm, my e-mail is backwards!

[kuleiana]

No seriously, people will pay to have their software improved, even if they believe that you have to use open source to do it, and that therefore your software must be open source. So go ahead, feel free to accept the money, it is an honor and it is in the public service. Should you ask, I am sure I could name many who've had that particular honor. Does anyone care about that?

Re:Open Source for Medical systems and the rationa

[platform]

I dig what you say but I can't help but feel that the statement:

For those of us who watched carefully we knew that the real money to be made in the world of software would be in support and support applications.

...is pure conjecture and weakens the rest of your argument significantly. There are a very many number of companies who make "real" money through the sale of software, including the 800 pound gorilla from Redmond. It doesn't seem right to me to assert that a relatively untested business model is where the real money is when current evidence is in fact to the contrary.

Be sure to Google

[IQGQNAU]

Googling on relevant keywords like: http://www.google.com/search?q=%22open+source%22+n ih+grant+proposal&btnG=Google+Search&hl=en&lr=&ie= UTF-8&oe=UTF-8 Turns up nice things. Here's the first hit: http://era.nih.gov/areas/com/SBIR_Awarded.pdf And there are other interesting pages like: http://informatics.regenstrief.org/funding Happy fund hunting!

Comment removed

[account_deleted]

Comment removed based on user account deletion

it's all about...

[koekepeer]

writing a good grant! focus on this.

don't worry about the open source thing, publishing under an open source license is very compatible with the spirit of doing science. after all, your peers should be able to use the outcome of your research, and follow up on it, right?

but: who will own the copyright to the software? this is the only thing you need to figure out. all the research i do belongs to my employer (university), which becomes especially important when i would like to make money with it. check whether your institute likes the idea of opensourcing the application. but, judged by the way you asked your question, it appears that you are already developing it, so there's likely no problem there.

so: just write like any other grant application, make it good, and get the money. good luck!

There is Freemed

There is already FreeMed (www.freemed.org). Check them out. You might join forces. They are very nice people and need all the help they can get.

grants

You MUST go to the people who will JUDGE the grant proposal and obtain an EXAMPLE of a SUCCESSFUL grant proposal.

In my experience with US military grant proposals, a successful proposal for a software project was as big and expensive as the code it was proposing. In fact, we always wrote the code first and the proposal second and used the money given for writing the code to actually write the follow up code and it's proposal.

Re:grants

[DreamTheater]

Any idea where to find copies of successful grant proposals online?

open source

[vudmaska]

Medical records NEED to be open source precisely because of the nature of the business of keeping medical records. No one wants to share. I dont care if you can't read mine. Without an industry push possibly backed by big players the medical records will remain on islands, lost, inefficient and ineffective.

Re:I don't know if you count this as a grant but..

[listen]

The licencing of your cell project is inconsistent:

doc/licence says LGPL.
But it also has a vague preamble that adds additional terms to the LGPL, namely that derivative works authors must distribute the work back to you ( and thereby release the source to you too.) The plain LGPL does not require this.

readme says that it is a "commercial open-source" project that can be licenced for $99. This is confusing.

It would be good if this could be cleared up. I would recommend that you make it LGPL. Ask a lawyer how to add your extra restriction if you really want it. Be aware that this will make it incompatible with the GPL, and the plain LGPL.

If you also want to offer commercial licencing under different terms, make the dual licence nature clear. However, going this route, the GPL is a better bet as the free licence to get commercial users to cough up. There is very little that a commercial project can't do with an LGPL'ed library.

ITK itk.org

[WillSchroeder]

The Insight Segmentation and Registration Toolkit (ITK at itk.org) was funded by NIH/National Library of Medicine. From the beginning of the $10 million project, the contract required all code and data to be delivered in open-source form. It defined a consortium of 6 prime contractors (3 academic, 3 commercial) each of whom had a particular role (e.g., architecture, algorithms, software process). It has been a great experience (version 1.4 will be released in two weeks).

Good!

It should be all right as long as you avoid the GPL.

Incidental

[4of12]

If you look at most open source software, its development was not the prime objective of the research project.

Rather, the objective is to do something new, interesting and different from what has been done before.

Your proposal should combine some ingredients that would make the medical records system better in a signficant way. It doesn't have to be rocket science, but it can include some ideas that you have to make it a different project than just wrapping up a SQL engine with a GUI.

My own suggestion is wrapping in some traceability mechanism, so that everyone that reads or writes the record leaves a signature with the records.

These days a lot of people are concerned about their sensitive data becoming compromised, spied upon, etc. A medical records system with a well-designed access system could become popular if it is also easy to use and has flexible interfaces (XML).

Professional Grant Writers

There are people who are paid to write grants. They have experience writing the grants, in the form, and including the infomation, that is likely to get them approved. I would start looking for one at a local university. Perhaps one with a medical school. Instructors usually know a of a colleague who writes grants.

Open Source Grants?

[Nuclear+Elephant]

Isn't that what the "Paypal Donate" button is for (the one that never gets clicked...once) ?

HIPPA expert opinion?

[sphealey]

It has to be HIPAA compliant to hold PHI. It's a medical record app, so obviously it would have that in it. To be HIPAA compliant you have to only use vendor supported software. With that vendor you need to sign a BAA.

Therefor, I don't think you could just download it and use it without vendor support and it stay compliant. You would have to get support from someone who could sign a BAA, which probably shouldn't be an employee. Or, your IT staff might be able to become the "support", depending on the software and if they understood the sourcecode enough to fix it on their own..

Sounds as if there are some people in this discussion who actually understand HIPPA, so perhaps they could address a question I have had for the last year or so. I have a surfact knowledge of HIPPA, and have heard a lot of comments from IT people along these lines. And when I have made use of major medical facilities in large urban areas it seems from what I can see as an outsider that they are making some effort to comply with the spirit of these regulations.

But when I receive medical care in small towns, or small cities for that matter, this is not the case. They have me sign all sorts of "HIPPA Compliance" forms, but I can clearly see from the way they process charts, records, etc. that they are in no way shape or form complying with the spirit or even the form of HIPPA as I understand it.

So what gives? Is HIPPA just another make-work program honored by the honest or in the breech? Or are these smaller medical providers going to be in big trouble soon?

sPh

Re:HIPPA expert opinion?

[lonesome+phreak]

That's a really good question. I'm thinking that there will be some cases brought to court, a spectical made of them by the gov, and then other places will scramble. The computer security portion hasn't passed it's dealine yet, but the privacy part has.

The basic idea is to keep personal health information private. If you can see other people's charts, then that's not being private, and they are in violation. Someone could report them, and there would be an investigation. It's as simple as going to a website, or making a phonecall.

There is a cut-off point where a entity is no longer covered under HIPAA. It's not in the original specs, but was passed later as part of the extension. If you have nine or less full-time employees, or less than 25 and are hospital, then you don't have to comply. However, they make no guarentee that your medicare claims will be processed quickly. You might have problems finding a claims processor to process them as well.

A full open hospital package already done by DVA

[NetSurferHI]

You are a bit late. The Department of Veterans Affairs (VA) has been developing a fully integrated suite of applications to run its entire system of hospitals for years, and since it was done by public employees, it is available for free to anyone. It is written in M (or MUMPS) so you always get the source code. This package, called VISTA (used to be called DHCP) runs every aspect of their hospital system, from counting calories in your breakfast to full reporting to Washington, DC, and includes a true paperless medical record. The package has had HIPPA in mind for several years, long before the private sector started becoming concerned with it. And yes, it can bill Medicare as well as insurance companies using DRG's, CPT, etc. In fact, SAIC got a full copy of everything from the VA a few years ago and sold it back to the Department of Defense for $2B (two Billion dollars) and called it CHCS (Composite Health Care System.) If you want to find out more about it go to http://www.hardhats.org/ and all the info is there, including links to get the software from the VA. The package is so good, there are other countries which use it for their national health care system. This suite was driven from the bottom up by the users in each area of the hospital, so the Nurses decided what the Nursing package needed, the Psychiatrists decided what the Psychiatry package needed, etc. Read the site - it is impressive!

Test

[revscat]

Don't even waste your mod points. This is only a test.

MUMPS?

What rock have I been living under that I've never heard of it before? If I can't find an O'reilly book on it, how real can it be? I did find two books on it on Amazon though: The Complete Mumps (John Lefkowitz) and M Programming: A Comprehensive Guide (Richard Walters).

So how popular is this language? Which industries is it in? What's its penetration?

Salaam.

Re:MUMPS?

[ivoryt]

It was developed at Mass. General Hospital specifically for medical uses a long time ago (1970's I think). The hospital where I work has a commercial patient billing system based on mumps. The only tech I recall is that the language and the underlying database are 1 thing, inseparable.

Re:MUMPS?

[opkool]

MUMPS used to be first a language, then an OS + a language, then a language + database....

MUMPS is very used in Healthcare industry. It's from before the internet.

Intersystems is a company that sells you the MUMPS set (database, language...) and runs on *nix, Windows and Linux (on Linux since 1998, IIRC). Intersystems sells it as a Post-relational Database System. They usualy advertise on Linux magazines, with an image of a 1/2 truck + 1/2 racing car. Or 1/2 cargo animal + 1/2 cheetah.

MUMPS has also been called M, OpenM... and now it's called CACHE.

It's very robust, fast (as it has been developed and debugged for decades). MUMPS is used when you absolutely cannot go down and you cannot loose data and you need huge amount of records and you need to access the data fast. Like, say, patient data for milions of patients, data from the last 15 years.

I've usualy seen MUMPS applications run in terminal emulations. 5 (?) years ago, some module was released to run those apps as Windows-clients (GUI app) or on Browser-clients (Web App).

See http://www.intersystems.com/

Note: I don't work for Intersystems nor I own intersystem's stock. I've worked "side-by-side" with MUMPS systems on a big organization for several years. Zero problems, amazing speed while dealing with massive amounts of data. I was impressed with it, as you can tell. Then I learned that it runs on Linux as well. Life was good. Now, I don't work there (wrong career move!) and I see the difference everyday.

Peace!

WebObjects? Noooo!

[Dog+and+Pony]

some pretty powerful, yet inexpensive software like Web Objects

Whoooaaaa there, boy! Whatever, and I do mean whatever you choose as your platform, let it be .NET, Befunge och Commodore 64 BASIC - just don't let it be WebObjects. It is one of the crappiest systems in the business and will only drive you mad and poor.

Not because the idea as such isn't a good one. The philosophy behind WO is really nice (basically, imitate an application even when developing), after all, it was the NeXt guys that came up with it, so that is to be expected.

It is reasonably effective to develop in, that is also true. No worse than any other java platform at least.

But. Big buts:

It is very buggy - and always waaay deep down in the frameworks, so it will bite you a month after you wrote the code, or after you've deployed it. The basic stuff works, but there are sooo many edge cases that suddenly break.

It is very slow - all those layers of abstractions - and they are MANY - slows the applications down by a LOT, and often unnecessarily. Pull a simple list from a database should be an easy and fast task. 80 objects and 200 SQL queries later with EOF... 10 lines of code and 1 SQL query with some other system. And it gets exponentially worse.

It doesn't scale. At all. Concurrency is a joke, or at worst it is a bluff. WO has no real concurrency, because the worker threads does not work with the whole response, just the delivery. So you are basically stuck with 1 request at the time, per machine. Wooohooo. It is possible to make these threads do a bit more work, but then thread safety in EOF and WO libraries are no more. You will have to handle ALL thread safety and locking yourself.

There are tons of other problems, but those are the most important. It doesn't matter that it is somewhat inexpensive (I don't really aggree.. the hardware required for *anything* becomes very expensive quickly, esp. since it wants Macs) when it simply doesn't work.

Just check out the mailing lists. Don't listen to what Apple says, listen to what the people using it are saying. You will quickly find that just about nothing works when you go beyond the test-it-out apps.

Word of warning dude. This product ran a company I used to work for into the ground. Hard. And Apple just ignored us, even though we paid for support!

Re:WebObjects? Noooo!

[BWJones]

To save time I will respond to most of your points with the simple reply: "I have actually heard very good things about Web Objects." I have not yet used it myself, but many folks whose opinions I respect have very sucsessfully implemented WO solutions.

To specifically respond to your point: It doesn't scale. At all.

I will state simply that the DOD is using Web Objects to manage all of the medical history and data of their employees including Army, Navy, Air Force and Marines, Semper Fi as well as many other branches of that department. That to me suggests it scales rather well, into the many hundreds of thousands if not millions of comprehensive records.

Re:WebObjects? Noooo!

[Dog+and+Pony]

The DoD would have the money to make it work alright - especially if they happened to build too far to be able to back up easily.

Apple's own applestore runs on WO, and it gave the classic WO error "No instance available" upon like every fifth request until they added a whole server room just to drive the store.

Yes, I've seen some sites doing ok with WO, it is possible if you bypass some of the core functionality, and especially if you stick to Direct Actions. But then, you are not using WO, you are writing CGI scripts, more or less. Which is fine. But doing CGI scripts right away will be lots more effective, and probably work with less hassle.

Also, there are a few *really expensive* consultants in the business that have written their own WO adapter (the part that talks to the web server) and lots of other custom software. When these guys gets called in, things start to work. They get things to work by replacing a lot of broken WO stuff with their own, that actually does work. I'm pretty sure one of those were involved in DoD and other similar projects. Almost noone deploys a big project without contacting any of those... at least, noone that survives.

But they cost, and they cost lots.

All in all, WO is too heavy and too big to be used for small sites, while it can't effectively handle medium to big.

I've also heard tons of people saying good stuff about WO. All of them Mac zealots, to whom it doesn't matter what reality is, as long as it is Apple. Apple does a lot of good stuff too, but some people will swear by dog shit as the finest cuisine if there is an Apple stamped on it.

Not trying to bash Apple or anything here, just trying to be a nice guy and save you a LOT of pain... and I should know, being in the receiving end of that pain. I think omnigroup.com still hosts the WO lists that matter - just go there, read a little. You'll have the usual fanatics thinking everything is the greatest (ask them what they actually built if you want to have some fun), but you'll also see lots of "negative feedback" to put it nicely.

And above all, do as you wish. Just don't ever say you weren't warned. That is all.

we got a grant for the reiser4 filesystem

[hansreiser]

They usually have a proposal information booklet.

You need to do a spreadsheet with a budget, but list only the Principal Investigator by name, that way if someone quits, everything is still fine. List people by job name not real name.

Accounting requires someone capable of real math or experienced, preferably both, because you need to calculate indirect costs and read about what is unbillable, etc. Take the accounting very seriously, any carelessness or worse will get you into real trouble (including legal prosecution if it is more than carelessness), and the auditors tend to know just where you are likely to screw things up (after a few decades of auditing academics they become good at that). Supervise all timesheets carefully at the end of the month, people WILL bill time to the wrong project. The usual pattern is for them to switch activities but continue to bill to the same project for reasons of thought conservation.

Review your expenses every 30 days, this is usually required, and it is a good idea, because after 30 days things get harder to remember....

Be terse and concise in your proposal if you can, they like that. If your proposal is half the max length, they won't be complaining....

Working for DARPA was a very positive experience, except for the accounting (nobody's fault, proper accounting is a lot of work), and the clerks who are supposed to send the checks (they waste enormous amounts of senior management time, and Congress jerks the funding around also, make sure you are very conservative about your cash flow). Still, it was great to work for them, and we learned from them (they are rather expert in computer security).

Similar projects and advice

[quasarc]

Similar open projects include FreePM (I've used it in the past, but can't find links now) OpenEMR and FreeMed

Worth a look so you don't reinvent the wheel... Show that your project adds something significant that the others don't have and it'll help your grant proposal. Ask yourself "What makes mine unique?"

Best of luck.

Academic eHealth projects - grant

I work in a teaching hospital affiliated with a University. I develop open source projects, and it seems I spend half my life writing grants. My three suggestions in increasing order of importance:

1)Follow the letter of the specifications when writing it. Reviewers are begging for excuses to shrink the list of proposals to review.

2)Start it months in advance if possible, to give you time to review, review, review and gather data/evidence to support your claims.

3)Think about ways to show how the money invested will have a multiplicative impact. Even non-profit funders or private philanthropists would like to see their money go as far as possible. For an open source project, that could be to show adoption/support at other institutions.

There is lots of work out there on open source med. records already. Have you investigated extending one of those to suit your needs, rather than rolling your own?

nih grant

Last year I submitted a grant to NIH/National Library of Medicine to develop an open source progect, It happened to work pretty well.
http://biomail.org

zherlock.

[hyfe]

I'm currently working on an open-source general data-analyses tool named Zherlock (www.zherlock.org).

We're actually funded by 'norsk forskningsrad' (norwegian councel of science), and we're situated at my uni. If you're going to take money, there are a couple of questions you're going to have to ask yourself:

1. What does the grant-giver want in return? While some grants are nearly no-strings attached, in the end there's strings on everything; and no exceptions made..

2. How much more time will you spend writing documentation/progress reports/other stuff purely for whoever gave you money?

3. And more importantly, how will taking a grant change the pace of the project? Will taking money for making something mean you're taking on responsibility you'll not be able to meet with your other responsibilites? When you're taking money for doing something, its going to be *alot* harder putting it away for a month because your wife/gf/dog/actionman turns sick, and your female boss at work gets her period.

Tux Paint

[Bill+Kendrick]

I want to be paid to write more stuff like Tux Paint.
But, I suppose that's mainly because I'm lacking a full-time job. (Stupid Worldcom) :^)

Citations are everything

[jd]

Your project cannot be wholly original. Research Grant organizations don't like originality. They like continuation; gap-filling. That sort of thing.

First off, decide what you want to do. Then, find copies of every research paper you can find that is related. When you write your proposal, follow the standard format for an academic paper or proposal. This involves showing how your work relates to the work done by these other people.

But what is Rongage about ?

[Etyenne]

You should have a description on your project on www.rongage.org, or a README in your FTP at the very least.

Thanks

[spineboy]

Huh, learn something new every day. I've used that damn program so many times, and I never knew it was open source.

Get to the point

Complete text below:

How about I give you the finger and you give me my money...