The issue of data portability is the single largest future problem that we need to address today if we have any hope of saving ourselves from our self imposed enslavement to our EMR platforms.

It is without doubt that our governments understands this.

The creation of the OntarioMD CMS v3.0 specification specifically ensures that compliant solutions will have to provide both import and export functions for a core patient data set.

In concept, this sounds very powerful. With the current standard, you are able to export and import data from any certified vendor EMR into any other certified EMR solution.

Unfortunately, this standard does not protect the doctor from EMR lock in. Unfortunately, this standard only perpetuates the problem.

It doesn’t matter if today you have the most super-amazing-incredibly-awesome EMR ever invented. Are you willing to wager that your EMR will always be the very best? Forever? Forever and ever?!?

If you are not careful you will potentially chain yourself to your EMR for the rest of your life!

By defining a standard based on the concept of a finite core data set, one guarantees that valuable information will never be able to be moved from one system to another. Stated another way, by the very definition of the data set, by the identification of a finite set of important information, the government has ensured that anything not in this data set will not be abled to be moved.

By standardizing a core data set, we are making a bet on what information will be important to future medical applications. Who can predict what will be important in the future? We can guess, extrapolate, hypothesis, but we can not be sure.

The core data set is a 68% solution.

The future of your practice and the health of your patients may depend on information captured in the other 32%.

We do not live in the world of finite solutions, finite concepts, finite applications, or finite innovation. We live in a world of constant innovation, of constant refinement to what we deem important.

To make matters worse, day by day, the data pie keeps growing. The core data set, over time, will become less and less relevant. Unfortunately, this is guaranteed by the very definition put in place to protect us.

We applaud efforts to ensure data portability, however we encourage our government to go all-in: require all vendors to guarantee that 100% of the data you enter into you EMR is able to be extracted whenever you feel like doing it.

(While you are doing this, please legislate that software bombs must not be included in medical software systems — their inclusion is morally reprehensible and those vendors that use them should be ashamed of themselves.)

100% data portability is an easy standard to define. It is future proof. Once implemented, it never has to be revisited.

If all vendors are required to make available all data at all times under all circumstances, you will be able to move to new technologies in the future, to new applications that haven’t even been dreamed up yet, to new applications that will transform the way you will live, work, and practice medicine.

Today, we don’t need to know what the applications will be. Today, we know with absolute certainty that they will come. We don’t know what data sets these fantastic new tools will require. How could anyone know this? These brilliant new tools haven’t been invented yet.

But there is one thing we do know. We know that high tech innovates on an every increasing cycle. The current technology world reinvents itself every 3 years or so.

For example, Twitter was founded in 2006. Who in 2003 could have predicted that in 2009, electoral fraud in Iran would be exposed and a revolution catalyzed by a technology that would be invented three years hence.

In 2003, no one could predict that a transformative social network, Facebook, would be founded in 2004. How could they, in 2003, people were busy trying to figure out how to integrate the modern Blackberry (first released in 2002) into their lives. In 2003, these first Blackberry users had no idea that the incredible technology that just changed their lives would be obsoleted by YouTube (founded 2005) watching iPhone users in 2007.

Now, are you absolutely sure that the EMR you implement in your office today, tomorrow, or next week will allow you to move to the next wave of technology? Are you willing to bet the health of your patients on that?

If you can only access 68% of your data, your prognosis is not encouraging.

If you deploy OSCAR in your office, your future is bright.

Congratulations to Dr. Peter Hutten-Czapski, Dr. David Price, Dr. Elizabeth Shaw, each from Ontario, and Dr. Cameron Ross, from British Columbia are in order.

These four OSCAR users are recipients of the 2009 Award of Excellence by the College of Family Physicians of Canada.

Award recipients have either performed extraordinary patient care, service to the community, humanitarian work, or service to the profession that is beyond the normal practice for family doctor.

The complete list of the 2009 Award of Excellence recipients can be found here.

Dr. David Chan will be presenting OSCAR at the Ontario GNU Linux Fest this Saturday, Oct. 24th, in Toronto.

Ontario GNU Linux Fest is the lead-off event for Toronto Open Source Week as Proclaimed by Toronto Mayor David Miller.

We hope to see you there.

Canadian Bar Association Privacy Sub-Section Talk – April 15, 2009
Excerpts of Presentation by Micheal Vonn

. . . Policy being driven by technology,
and privacy seen receding in the rear-view mirror,
this is clearly the central privacy challenge of our time.

Although the study of health information systems is now its own sub-discipline in the academy, there is no public awareness of this issue, let alone public discussion. Patients, citizens, the public have been no part of these developments and are practically barred from even venturing an opinion because of a complete failure on the part of the government to provide any meaningful information at all.

Where we would hope for comprehensive, balanced information, when we have received what amounts to advertising slogans from the PR department: Viagra will save your marriage, iPods will make you groovy, and e-Health will make you safer, cheaper.

Where, exactly would the average citizen look for a foothold to enter such a non-debate?

The presentation is so relentlessly one-sided that there is essentially – and irresponsibly – no discussion of the profound risks beyond the mandatory endorsement that systems will, of course, be “privacy protective” and “secure”.

The very troubling lack of public awareness on these issues has driven a small, informal coalition of privacy-concerned organizations to try to fill the informational void on e-Health. And I’d like to share some examples of what we think it is critical for the public to understand about the profound transformation in health care that is underway through e-Health.

First, let’s get specific about what we’re talking about. “e-Health”, writ large, is a vast field and includes all kinds of technologies that are of undisputed benefit with no privacy concerns. Technology, for example, that allows specialist surgeons to remotely direct and guide surgeries being undertaken in far-off locations. Just to be clear, there is no Luddite Conspiracy trying to derail such fantastic uses of technology.

Nor are we concerned with electronic health care records per se. If my doctor records my data electronically and that data is stored on a server in her office, there is not very much of a difference between that and paper files locked in a filing cabinet. She is the guardian and custodian of that information in the same way. We have no problem with that, naturally.

The concern is centralization: vast repositories; massive, longitudinal databases of citizens’ health information, envisioned, as you know, to ultimately be accessible across the entire country.

I have looked everywhere I can think to look and waited in vain for any government, or indeed, anyone to provide compelling evidence that a vast centralization of citizens’ health data improves health care outcomes and/or saves money.

There appears to be almost no evidence to support the very elaborate promised benefits of this system.

This is a very serious point, and yet, I admit it often takes a comic turn. Like when minutes before her keynote address at a recent e-Health conference, a BC government official changed the name of her talk from “Evidence-based Innovation” to “Leveraging the Investment”. Or the researcher at another e-Health conference who I credit with inventing the term “soft but compelling evidence”; which is rather like saying “vague but definitive”. . .

As Ross Anderson, Professor of Security Engineering at Cambridge, wrote in the Feb 2008 edition of “The Economist”:

Patient data held at a GP practice may be vulnerable to security lapse on the premise, but the damage will be limited. You can have security, or functionality, or scale – you can even have any two of these. But you can’t have all three, and the government will eventually be forced to admit this. In the meantime, billions of pounds are being wasted on gigantic systems projects that usually don’t work and that place citizens’ privacy and safety at risk when they do.

Britain, in fact, has had to stop even pretending that it can safeguard patient data faced with tens of millions of records lost or compromised and just recently, the Prime Minister’s own medical data illegally accessed and given to the media. The Telegraph reports that civil servants in the UK are fired or disciplined for privacy breaches at a rate of about one per day.

All the credible, independent security experts that I am aware of say that a massive concentration of electronic health information imperils the privacy of that data. The “Honeypot Problem” was discussed recently in an article in the Guardian:

This is the recurrent problem with large databases that contain valuable data. Because they are so valuable, they attract malevolent attention of large numbers of hackers, fraudsters, criminals, even terrorists. Under sustained attack, even such sophisticated organizations as Microsoft and the Pentagon have succumbed…

… As well as the honey pot problem, there is another difficulty that applies to these vast government databases. To do their job, these databases have to be accessible to many people…. they can only work if they have thousands of access points. If the government cannot protect one laptop or one flash drive, what chance a system with over ten thousand terminals?

All of which, I suggest, is obvious.

So, let me conclude my prepared remarks by saying this. Contrary to the reports that consensus favours the development of centralized electronic health records, I quote from the Rowntree Report:

There is a developing consensus among medical practitioners that for safety, privacy and system engineering reasons, we need to go back from the shared-record model, to the traditional model of provider-specific records plus a messaging framework that will enable data to be passed from one provider to another when it is appropriate.

In other words, the system needs to be an architecture in which data is pushed from one health care provider to another. Not pulled from every health care provider into a massive database.

We are not building the right model of patient information sharing.

Christina Blizzard of The Toronto Sun writes:

There is a strong argument that government is the wrong culture to build such IT projects. In the private sector, it’s often start-ups, or companies with a bottom line to satisfy that come up with the innovation and know-how to develop these programs efficiently.

On Global’s Focus Ontario last week, McCarter pointed out the project has been nine years in the works, $1 billion down the drain — and precious little to show for it. (You can catch the show at midnight tonight or at globaltoronto.com.) McCarter said it will be a “challenge” for this province to make the 2015 deadline for getting health records on line. This province is lagging embarrassingly behind all other provinces on this.

Perhaps the government should turn to one of its own universities for help.

McMaster University announced last week that it has developed a, “comprehensive, secure, web-based and open source electronic health records system which is ready to be rolled out across Canada.”

[...]

The system, called OSCAR, was developed by Dr. David Chan, an associate professor with McMaster’s department of family medicine.

In a press release, Dr. David Price, chair of that department, said that 8,000 family physicians in this province who are not using electronic medical records could be on-line within the next 24 months.

The cost? $20 million. Compare that to the $1 billion the government piddled down the eHealth drain.

Well said.

From Anna Paperny of the Globe and Mail

Efforts by governments in Ontario and British Columbia to drag their provinces’ medical records into the 21st century haven’t gone well: Both provinces are embroiled in eHealth scandals that have turned the endeavour into a political poison pill.

But the doctors behind two made-in-Canada electronic record systems designed years ago and adopted around the world insist it doesn’t have to be this hard.

OSCAR, an open-source software pioneered by McMaster University’s school of medicine, is being used by hundreds of doctors from Prince Edward Island to British Columbia, and many more from outside the country.

It puts patients’ information on secure servers that are based in a doctor’s office but can be accessed online from just about anywhere by logging on the same way one would to an online bank account. A separate sister system, MyOSCAR, lets patients access their own records online.

Clearly the discussion coming from the eHealth scandal is creating a conversation on what we want as a society, and whether or not we should allow the powers at be to decide what is right for us.

It is time for us to start thinking about this issue.

Who owns your medical information? Who do you want to maintain the stewardship of this, the most personal of your personal information? Would you like it to be kept, as it is today, in the private offices of your family doctor, or do you prefer that this information is keep in a large government run registry?

The security community is pretty clear on how it feels about governments maintaining large databases of their population’s personal information (“1984″ anyone?), but this isn’t a decision that should be made by the security community.

Currently, you own your own personal information. Most people currently trust their family doctor to maintain their medical information on their behalf. Would you like this to change? It is your choice on how this story ends.

From the Globe and Mail:

The eHealth scandals unfolding in both B.C. and Ontario can be tied by one theme: Governments can get into a “bagful of trouble” when they rush to embrace technology they don’t really understand.

This week, the Ontario eHealth debacle continued to spread when the Auditor-General tied Premier Dalton McGuinty to the appointment of top officials who have resigned over untendered consulting contracts.

In British Columbia, detailed allegations of breach of trust, influence-peddling and fraud involving B.C.’s share of the federal-provincial initiative were revealed in an RCMP search warrant that names a senior government official, now retired, who headed the program. No charges have been laid.

Interestingly, the highest number of OSCAR users in Canada are in… Ontario, and British Columbia.

Coincidence? I think not. Doctors know when they are being scammed by the government.

Supporting open source software as an alternative to proprietary systems is increasing becoming a global government initiative to ensure consumer protection and customer advocacy. However, the Ontario government seems to have missed the point.

This article from the Joanne Frketich of The Hamilton Spectator identifies what is missing – the will of the patients, practitioners, and bureaucrats to force the system to change.

OSCAR is one of several electronic health systems approved by the Ministry of Health, and is used by more than 600 doctors in Ontario, Quebec and British Columbia.

It’s not the most popular of the electronic health systems but it uses open source technology, making it much cheaper than others because the university doesn’t make a profit.

“People can use it and it doesn’t cost an arm and a leg to get it and modify it,” said Kevin Leonard, a scientist with the Centre for Global eHealth Innovation at Toronto’s University Health Network.

He has no doubt McMaster could deliver as promised within 24 months for around $20 million.

“It would be in the ballpark,” he said. “I think that statement would be true. But the problem is, we don’t have the will. Someone has to have the will.”

He believes patients are going to have to get much more demanding before the government will make real progress on electronic health records.

He hopes public outrage over the ongoing eHealth scandal, which saw the province spend 10 years and $1 billion in a largely failed effort to create digital health records, will be enough to force change.

After a billion dollars of wasted money, it is no longer acceptable to hide behind the fact that they don’t understand open source.

It’s easy folks… Ask your kids!

It is called a “learning opportunity”, or perhaps a “teachable moment” – how not to spend one billion dollars.

The Ontario government, through arrogance and folly decided that they new best how to pick the market winners, run their own networks, decide on which technologies to approve and which to ignore. Basically, big brother knows best.

So how did that work out for you?

Typically, one would expect that business folks are best at running efficient businesses, network folks are best at running stable networks, doctors are best at practicing medicine, and public officials are good at representing their constituents. We continue to run into trouble when we start mixing up the deck.

Now, as a leading example of what not to do, other nations are noticing:

On the other hand, McMaster University has long maintained an open-source e-health record system called OSCAR, which is already in use in hundreds of clinics in the country. The technology is based on Java, MySQL, PostGreSQL, Tomcat and Linux and the estimated cost of deploying it in all of Canada’s clinics is CAD 20 million (as compared to 1 Billion already spent on eHealth Ontario).

What is most interesting is that the report is written by the Auditor-General of Ontario.

This raises once again the question of what our own National ID project (led by Nandan Nilekani) would look like. While the government should unquestionably hire contractors, willing to do the due diligence for the project, I see no alternative but to develop the solution in an open-source manner and not enslave ourselves to some code-monkey’s bad software.

Via The Indian digital government.

A few months ago, I posted that OSCAR was being installed in 35 countries. I just check the stats and this past month, people from 48 countries have looked at installing OSCAR.

Here are this past months top ten installers: