Open Source Solutions for Public Health?

ubiquitin asks: "This week at the CDC's PHIN conference there is a lot of buzz about the possibilities of building out an infrastructure for the public health information network with both closed and open source technologies, especially since the work needs to be solidly secure and is typically done under tight budgets. A handful of states are currently involved and more are getting on board, so it may well be a genuine growth opportunity for Linux/Apache/MySQL-based systems. What would really be helpful are stories about how Open Source systems have been put to use in public health departments, labs, or clinics. Does Slashdot have any such anecdotes to share?"

HIPPA

[bofh31337]

I would take a serious look at HIPPA requirements before implementing something not specifically designed for health care related systems. The requirements for HIPPA (Healthcare Information Privacy and Portability Act, I think) are pretty strict about the format of data. That being said, I'd head over to The Open Source Health Care Alliance. I'm not sure they are still active.

Re:HIPPA

[Unordained]

Format? Posh. However, they do require security, though you can (as I recall) get by without over-the-wire encryption so long as everything is inside a secured network not shared with people who shouldn't have access. Or some such.

HIPPA is actually more often violated by nurses and doctors who talk too freely -- the best security in the world won't prevent them from talking, leaving charts out, leaving doors open, or just generally not being discrete.

The other thing is that you probably won't find many open-source programmers looking forward to implementing HL7, X12, and other protocols, particularly after designing a database schema of their own (thus you have to translate not only the layout of your database, but also the format of individual fields, etc.) I'm paid, and I still don't look forward to it. But ya gotta do ...

So far as I can tell, medical/insurance stuff is scope-creep in action. That lends itself well to projects being handed over from one team to the next over the years, or bits being developed (freely) by parties involved in the scope-creep, but if you like to keep things tidy, it could get messy. You'll want at least a few architects everyone else listens to.

And as a reminder, open-source does NOT mean mysql. Medical data is too important to have wandering around a system not designed around transactions, constraints, and concurrency. Look more in the direction of Postgresql or Firebird for your open-source database needs.

And please, for the love of something holy, don't use magenta and cyan as your base colors. And align things to grids. And don't roll your own file format. Some of us have to come in and clean up after that, and if we can't stand to even -look- at it, we can't emulate it. I mean really ... (did I mention that the use of random fonts isn't appreciated either? Nope, looks like I forgot that one too.) Oh, and please design your systems to be multi-user from the start, working well under multi-user loads.

I should get back to work ... those billing wizards aren't going to write themselves. Unless ... open-source software to write other open-source software automatically? Hmmm.

But is it HIPAA compliant? And who certifies it?

[WarPresident]

With the overreaction to HIPAA rules driving everyone to distraction, I doubt open source software is going to gain much traction in the U.S. What guarantee (from a manager's or director's point of view) is the software HIPAA compliant? What the hell does that mean, anyway? Buy it from a vendor and it's their fault if something goes wrong (again, from a manager's viewpoint), download it from the Internet and something goes wrong... important people are in trouble!

HIPAA madness has hit a major teaching hospital that will remain nameless. They're rolling out an expensive new HIPAA-compliant (certified! --of course) Health Information Management System. It's replacing an existing infrastructure that works perfectly, and is completely paid for (except for maintenance contracts). 400+ people have to be retrained on the new software, new hires have to learn both systems as they'll both be operating over the 2 month roll-out.