Slashdot Mirror
Hope For FOSS In Electronic Health Records
Fred Trotter writes "CCHIT is the dominant Electronic Health Record certification body in the US. It is also decidedly anti-FOSS and has been for years. Certification of one kind or another will be required for EHR systems to qualify for funding under the Stimulus Act. If CCHIT is chosen as the certification body, and the current certification strategies continue, it will not be possible to have a funded EHR that is both certified and truly FOSS. Now, however, CCHIT has agreed to meet the FOSS Health IT community at HIMSS 09 to address this issue." We discussed the shortcomings in the stimulus bill as it relates to FOSS a few days back.
So let me get this strait...CCHIT is considered anti-FOSS because they charge fees that for certification that the FOSS folks cannot afford?
Sounds like we need a welfare program for FOSS apps to be able to play in the big leagues. How do you think CCHIT gets their operating budget? Through fees I would expect.
People who bite the hand that feeds them usually lick the boot that kicks them
Here are a few more links...
List of open source healthcare software:
http://en.wikipedia.org/wiki/List_of_open_source_healthcare_software
Welcome to openEHR:
http://www.openehr.org/home.html
"openEHR is about enabling ICT to effectively support healthcare, medical research and related areas. Today ICT is used ubiquitously elsewhere, but is far from effective in Healthcare. The main problem in health is the lack of shareable and computable information.
The principal challenge for health ICT is to represent the semantics of the sector, which are far more complex than in other industries. Doing this requires a knowledge-oriented computing framework that includes ontologies, terminology and a semantically enabled health computing platform in which complex meaning can be represented and shared. At the same time it must support the economically viable construction of maintainable and adaptable health computing systems and patient-centric electronic health records (EHRs).
The openEHR endeavour is about creating specifications, open source software and tools in the technical space for such a platform. In the clinical space, it is about creating high-quality, re-usable clinical models of content and process - known as archetypes - along with formal interfaces to terminology."
If the US has idiots in onbstructionist ways working in positions of power, then maybe, if other countries are technologically superior in such areas, offer help to them so they can grow and come back to haunt and compel the USA to "get with it, already!".
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
tively...
Screenshot of OpenEMR:
http://sourceforge.net/projects/openemr/#item3rd-2
The resources that already exist in the USA can be brought to bear by offering these to as MANY doctors as possible. It will first requiring conducting info gathering on providers, their electronic systems, having some insiders in the many types of medical offices to come in and user-test/kick the tires on these apps, and get THEIR opinions as to whether the software is worthy of being supported. It appears that some of the open source software might be qualified to pass the end-user-suitability-test (for lack of a better description). If ANY of these apps are found to be half-baked, like many apps written BY developers FOR developers (rather than BY developers FOR end-users), then they should by all means be shunned so they are forced to be upgraded to suitability for the office. After all, if medical, dental, and other offices reject the software, why should regulatory and office personnel even *listen*?
But, again, some/most of these apps *seem* to have what it takes; they seem to be the survivors of the past few years that i've noticed their names (since, oh, ~2001/2003).
Beyond that, the biggest hurdle will be lobbyists/SIGs (Special Interest Groups) that could be working on behalf of defense contractor-named companies (your Lockheed/GE/ and others-- who, incidentally have their hands in ship passenger reservation/assignment software, too...) who want NO competition that would undermine their self-anointed positions of high income.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
If the law states that there should be a 'view but not save/copy/print' right (like here in the Netherlands), how could you enforce that *and* be truly open source? You have to certificate each and every release of the full software on a source code level (and provide authorization based on the (i.e.) md5 sum of the executable) to enforce such rights. One simple edit & recompile and you can save/print those x-ray pics, which is against the law.
At the very least, forking, maintaining your own version and fixing bugs for your (employer's) own use is either impossible or very expensive.
I see a bigger issue here than the scam this particular group is running.
As I understand it, the stimulus bill allocates $17B to help hospitals across the country pay for medical record systems. Think about that number, $17 Billion.
There is absolutely no reason to distribute $17 Billion to a long list of organizations to individually license an EMRS. For far less than $17B the Federal government could buy any medical record system in the world to be deployed wherever and whenever they want at a fraction of the cost. Or, alternatively, for a lot less than $17B they could sponsor development of a standard, open source EMRS that could, again, be deployed by anyone who wants to at a fraction of what it would otherwise cost.
Obviously there are costs associated with deploying these systems, but the current "plan" amounts to a giveaway of $17B to Semens, GE and whatever other companies produce "certified" EMRS.
For a discussion of FOSS medical records systems, circa 2005, see http://www.ssrc.org/wiki/posa/index.php/F/OSS_Opportunities_in_the_Health_Care_Sector
No...it says a lot about requiring certification fees and that in all likely hood and little about commercializing FOSS. In fact, it has pretty much nothing to do with commercializing FOSS unless you are talking about a market that has a government mandated certification process and a certification board dumb enough to let someone take the source code of a certified FOSS project and reeuse that code without forcing that organization to get their individual product certified. So...really what we are talking about here is insane certification requirements and behaviors brought on by government mandate...not FOSS commercialization. Nice try though.
The only change I can believe in is what I find in my couch cushions.
The problem is that the model breaks when the software environment breaks because of fees to make the software useful.
Requiring a certification isn't part of the normal software process or model. It's actually an add on that isn't necessarily needed but has advantages. If the model was changed and the vendor certified the software in house to pass a third party review and the customer had to cover the expense from a third party verification service, it would be the same model and nothing would be broke. But no where else in software, do you have to pay someone in order for your software to be used unless your licensing someone else' product. Of course if your licensing someone else' product and they don't want it open sourced, you can't open source your product that contains theirs.
And something you should note, it's only a problem currently because of the outrageous costs associated with certification. If the costs were lower and more reasonable, the problem disappears. It's disingenuous to associate the problems with the FOSS model or commercializing FOSS software without pointing to what broke it. It isn't like many other software packages ever require third party certifications that require large sums of money either. And of those that might, the sums generally aren't as outrageous and ongoing like this.
Something the poster didn't mention that could negate most all of his fears and black out the point you raised is that they could certify the software under a trademark name and do the releases with the normal name. This would lock the certification into something only he could use. For instance, he likes the program MirrorMed. Now he can create a company called Trotter inc. and certify MirrorMed as "Trotter's certified MirrorMed" software. He then distributes it under that name "Trotter's Certified MirrorMed" and distribute his code as MirrorMed. No one else could claim MirrorMed was certified under his certification because they couldn't use his trademark "Trotter's certified" in the name of the product even though he distributed the code and the certification is in his trademarked name.
In short, the certification would be locked to the "trotter's certified" which is the over package he provides instead of just the software MirrorMed. He could control this because MirrorMed itself as a name wouldn't have been certified. Now the code would have technically been certified so everyone else wanting to do the same could certify it themselves without fear of it failing, and most likely they would certify it under their own trademarked name too.
Certification requirements are a government-imposed market distortion that, if imposed in a way which attaches the cost to the developer systematically disadvantages FOSS software. Of course, since certification requirements, however loudly they are trumpeted as serving a public interests, are almost invariably crafted with the cooperation of the major commercial vendors in the field with the primary intent of reinforcing their position against any possible upstart competitors, this isn't exactly an unintended feature.
Also, consider that the US government has already paid to develop several healthcare systems itself. VistA and RPMS (they're related) serve the VA and Indian Health Services. They're free to download, and local sites often create, apply, distribute, and support various patches independently of any central control. It's free and open-source, at least in a sense. Installation and support (and hardware) aren't free, but a FOIA request will get your the code for free, at least. There's at least one other piece of such software in use for active military personnel, I remember it being mentioned on /. within the last few weeks (but I'm too lazy to find the link.)
Speaking of cost... 25 to 35K one time fee and 5k a year? What kind of *scam* is that? One gurenteed to make it possible only for those with a huge finantial interest (and thus low OSS interest) to gain entry. Total bullshit. Who made these yahoos incharge?
I assume you have some basis for your outrage? Do you know how many hours of work goes into the one-time certification process? What sort of legal review is required? How much money in third party disbursements are involved?
Seriously, if you don't have $30K to pony up for the certification, what are the odds that you've spent the necessary money to ensure full compliance with all aspects of relevant legislation? Have you gone over your application with a team of lawyers to ensure full compliance? Have you hired UI designers to come up with a sane user interface and paid for a panel of doctors from various professions to perform UI testing and implement any suggested changes? Do you also have professional liability insurance to cover any errors and omissions that you might have made? How large is your support department, what's your SLA for support turnaround times, and what's the SLA for any bug fixes or feature improvements? What kind of physical and network-based authentication and permission policies do you employ in your office? If someone were to break into your office during the night and you've been examining data from my systems to track down a bug, can you guarantee that the data won't get compromised because proper information handling procedures have been followed? What's your two year roadmap for the product so that people comparing it against offerings can see where you're headed?
What it boils down to is that the $25K - $35K in fees is partly to cover the actual costs of the certification and partly a statement that "if you can't afford these costs, don't waste our time because odds are good you won't be in business in a year from now". Seriously, that's the salary and overhead cost of a half decent developer for a few months let alone all the other support staff you'll need to maintain a viable business.
Also from the article:
The "seal of approval" model is also problematic. Suppose I pay the fee to have MirrorMed (my project of choice) certified. There is no way for me to guarentee[sic] that only I benifit[sic] from the "seal". My competitors which have full access to the code that I would have certified would be able to correctly claim that the code had been certified, and would benifit[sic] with me. As with the original pricing there is no way to fairly spread these kinds of costs across a community.
Waah... cry him a river. He's complaining that because he's choosing to make his code available for everybody at no cost, that he's putting himself at a disadvantage because others can use his code at no cost? What the FUCK, dude? Choosing to use the GPL means that you've also chosen all the consequences of that particular license. If you don't like the consequences, then don't ask for special treatment because you think the GPL automatically gives you some kind of entitlement. Change your license!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Disclaimer: I work in this industry.
To be blunt, CCHIT is among the least significant and cheapest of the regulatory considerations in healthcare software, particularly when you're talking hospital-caliber systems. Far more onerous are the FDA regulations and oversight (at this level, healthcare software is regulated as a medical device), and similar bodies in other countries. Software bugs can also create enormous legal risks; malpractice or wrongful death claims are never cheap, and bad code or human error does not get you off the hook. All of this means enormous testing and documentation costs, shared by both the software companies and the hospitals. (The VA, as an arm of the federal government, enjoys some legal advantages over other hospitals in this regard.)
Combine this with the enormous complexity and the domain expertise required to model what can occur in a hospital, and you have a market with a very high cost to enter - not the best opportunity for open source. Indeed, there's been several highly-capitalized and failed attempts to enter the market by tech giants ...
That said, most modern healthcare software contains and uses healthy quantities of open-source code, but generally not of the GPL variety. We regularly contribute to the projects we use, inasmuch as our employment contracts permit. However, generally speaking, these projects are not specifically healthcare oriented (though there are exceptions - hapi is a personal favorite.)
The medical records system has to get it right the first time. The cert is not going to be easy to get. It is not going to be cheap.
Now the code would have technically been certified so everyone else wanting to do the same could certify it themselves without fear of it failing
This sounds --- simplistic.
Is it the code that that is being certified here - or is it the implementation of a turn-key medical records system?
Isn't it responsible to demand that you demonstrate a deep understanding of how the thing works?
That you have the resources to maintain your system, upgrade it, provide service and support?
the open source movement needs to be active on standards bodies. Standards selection is vendor selection.
Its really disheartening when you write software all year to provide useful tools for doctors that improve the standard of care, and then have a bunch of useless and counterproductive features slapped on because of an upcoming CCHIT certification.
Great ideas often receive violent opposition from mediocre minds. - Albert Einstein