Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Software Medicine Your Rights Online

Hope For FOSS In Electronic Health Records 92

Fred Trotter writes "CCHIT is the dominant Electronic Health Record certification body in the US. It is also decidedly anti-FOSS and has been for years. Certification of one kind or another will be required for EHR systems to qualify for funding under the Stimulus Act. If CCHIT is chosen as the certification body, and the current certification strategies continue, it will not be possible to have a funded EHR that is both certified and truly FOSS. Now, however, CCHIT has agreed to meet the FOSS Health IT community at HIMSS 09 to address this issue." We discussed the shortcomings in the stimulus bill as it relates to FOSS a few days back.
This discussion has been archived. No new comments can be posted.

Hope For FOSS In Electronic Health Records

Comments Filter:
  • I will pay special attention to it.
  • Anti-FOSS? (Score:5, Interesting)

    by FooGoo ( 98336 ) on Saturday March 14, 2009 @04:41PM (#27195695)

    So let me get this strait...CCHIT is considered anti-FOSS because they charge fees that for certification that the FOSS folks cannot afford?

    Sounds like we need a welfare program for FOSS apps to be able to play in the big leagues. How do you think CCHIT gets their operating budget? Through fees I would expect.

    • Re:Anti-FOSS? (Score:5, Insightful)

      by Compholio ( 770966 ) on Saturday March 14, 2009 @04:47PM (#27195729)

      Sounds like we need a welfare program for FOSS apps to be able to play in the big leagues. How do you think CCHIT gets their operating budget? Through fees I would expect.

      Sounds to me like this organization should be getting funded a better way. It's pretty commonly accepted that certification groups that get their budget from fees have a pretty significant conflict of interest wrt. properly executing their duties.

      • It's pretty commonly accepted that certification groups that get their budget from fees have a pretty significant conflict of interest wrt. properly executing their duties.

        And a 25 to 35k entry fee with a 5k yearly fee is a prety BIG conflict of interest.

        • Re: (Score:1, Troll)

          by FooGoo ( 98336 )

          FOSS is the ultimate conflict of interest. God forbid I need to make some money in order to get my FOSS software product in use in the medical industry. The community will think I sold out :((

      • Re: (Score:3, Insightful)

        by ColdWetDog ( 752185 ) *
        Sounds like they're charging a lot for what you get. From the "CCHIT Physician's Guide 2008":

        A jury of three EHR experts--including at least one practicing physician--observes a carefully scripted product demonstration. This inspection takes a full day and covers four distinct clinical scenarios. The Roadmap provides guidance to providers and the industry by offering a realistic time table for incremental improve- ments in EHR systems. Each year the Roadmap is extended to project criteria two years into t

      • Re: (Score:3, Insightful)

        It's pretty commonly accepted that certification groups that get their budget from fees have a pretty significant conflict of interest wrt. properly executing their duties.

        That's actually the point of such certification groups; they serve their paying clients by creating a competitive advantage for the existing big players that any new competitor has trouble meeting. That's even moreso, often, the point of such groups when certification through them is required by government regulation, as such regulations

      • 35k+5k is trivial compared to the other costs of developping and maintaining such a complex system.

      • Sounds like we need a welfare program for FOSS apps to be able to play in the big leagues. How do you think CCHIT gets their operating budget? Through fees I would expect.

        Sounds to me like this organization should be getting funded a better way. It's pretty commonly accepted that certification groups that get their budget from fees have a pretty significant conflict of interest wrt. properly executing their duties.

        Well lets see

        The Certification Commission is a private nonprofit organization with the sole public mission of accelerating the adoption of robust, interoperable health information technology by creating a credible, efficient certification process. Certification Commission [cchit.org]

        Well it seems to me that the authority of the CCHIT is self-assumed, they are a private organization, not a public one; being non-profit simply means they have to spend all their money each year, not that they are good or charitable or ev

    • Re:Anti-FOSS? (Score:4, Interesting)

      by sumdumass ( 711423 ) on Saturday March 14, 2009 @05:06PM (#27195845) Journal

      Outside of the entire Fees for OSS idea, I think it is preposterous to think that once you certify a program or application to do a certain thing, you have to continue paying them based on annual sale of your program or application to keep that certification.

      We don't need welfare for OSS, we need something different in place. A certification process shouldn't be dependent on future fees paid nor should it base any of the fees on the sales of the software. If you want to know why health care is so expensive, it's shit like this.

      Think about it, 25K can go into 25 copies sold $1000 at a time. That isn't so much when considering what the software brings to the table. But an annual $5000 on top of that based on sales means the same program that was certified at $1000 a pop is now not certified if more money isn't paid. The question is, is that 5k a version sold?, up to 25 licenses sold? or is it 5 licenses sold? Now licenses could be a misnomer too, Take MS servers for instance, you need a license for the server, a license for the workstation's MS operating system, a license for the network connections to the server, and a license for all the MS applications running on those systems. Lets say MS Office is a given and for shits and giggles, lets say MS dynamics CRM is installed. Now, that means 1 server license, 1 workstation, 1 connection, 1 office and 1 CRM, that's 5 licenses just to be up and running. OF course more workstations will need less licenses but in the certification ordeal with CCHIT, how many of those licenses count as sales? I mean the ERM software could have modular features and easily require 5 licenses, so with the 5k based on sales, if that is for every 5 licenses, then you might need to recover 5k per workstation on top of your profit and expenses for creating the damn thing.

      It's a racket that shouldn't be allowed. If we are going to require certification, then there should be some rules and guidelines and limits on costs instead of creating a get rich quick scheme that drives the cost of health care up so some damn politicians can fool the people when they claim to be fixing the problem. The opposite of that would be to open up the ability for other companies or organizations to become certifies and forbid lock ins to certain companies or organizations so competition can drive costs down to something more reasonable.

    • When you choose to make your Product FOSS, you should realize you are automatically putting yourself at a disadvantage, by closing off the most direct and profitable revenue stream. So when the industry demands certification and standards if you want to keep going you need to pay for them. I am sorry that is the case.

      If you want to be a Medical Doctor you need to pay for enough college for an MD. I am sure there are a lot of people without MD who could be great doctors and have the knowledge and skills to

  • by davidsyes ( 765062 ) on Saturday March 14, 2009 @04:48PM (#27195741) Homepage Journal

    Here are a few more links...

    List of open source healthcare software:
    http://en.wikipedia.org/wiki/List_of_open_source_healthcare_software [wikipedia.org]

    Welcome to openEHR:
    http://www.openehr.org/home.html [openehr.org]

    "openEHR is about enabling ICT to effectively support healthcare, medical research and related areas. Today ICT is used ubiquitously elsewhere, but is far from effective in Healthcare. The main problem in health is the lack of shareable and computable information.

    The principal challenge for health ICT is to represent the semantics of the sector, which are far more complex than in other industries. Doing this requires a knowledge-oriented computing framework that includes ontologies, terminology and a semantically enabled health computing platform in which complex meaning can be represented and shared. At the same time it must support the economically viable construction of maintainable and adaptable health computing systems and patient-centric electronic health records (EHRs).

    The openEHR endeavour is about creating specifications, open source software and tools in the technical space for such a platform. In the clinical space, it is about creating high-quality, re-usable clinical models of content and process - known as archetypes - along with formal interfaces to terminology."

    If the US has idiots in onbstructionist ways working in positions of power, then maybe, if other countries are technologically superior in such areas, offer help to them so they can grow and come back to haunt and compel the USA to "get with it, already!".

    • tively...

      Screenshot of OpenEMR:
      http://sourceforge.net/projects/openemr/#item3rd-2 [sourceforge.net]

      The resources that already exist in the USA can be brought to bear by offering these to as MANY doctors as possible. It will first requiring conducting info gathering on providers, their electronic systems, having some insiders in the many types of medical offices to come in and user-test/kick the tires on these apps, and get THEIR opinions as to whether the software is worthy of being supported. It appears that some of the ope

      • Re: (Score:3, Informative)

        by jkx ( 1500739 )
        For a discussion of FOSS medical records systems, circa 2005, see http://www.ssrc.org/wiki/posa/index.php/F/OSS_Opportunities_in_the_Health_Care_Sector [ssrc.org]
        • Thanks....Interesting, additional and refresher information!

        • Re: (Score:3, Informative)

          by Unordained ( 262962 )

          Also, consider that the US government has already paid to develop several healthcare systems itself. VistA and RPMS (they're related) serve the VA and Indian Health Services. They're free to download, and local sites often create, apply, distribute, and support various patches independently of any central control. It's free and open-source, at least in a sense. Installation and support (and hardware) aren't free, but a FOIA request will get your the code for free, at least. There's at least one other piece

  • by MonoSynth ( 323007 ) on Saturday March 14, 2009 @05:01PM (#27195829) Homepage

    If the law states that there should be a 'view but not save/copy/print' right (like here in the Netherlands), how could you enforce that *and* be truly open source? You have to certificate each and every release of the full software on a source code level (and provide authorization based on the (i.e.) md5 sum of the executable) to enforce such rights. One simple edit & recompile and you can save/print those x-ray pics, which is against the law.

    At the very least, forking, maintaining your own version and fixing bugs for your (employer's) own use is either impossible or very expensive.

    • > You have to certificate each and every release

      I have no idea why the aviation world decided that the perfectly good words "certify" and "certified", used to describe those concepts since the dawn of aviation regulation, should be replaced with abominations such as "certificate" and "certificated". But let's not bring yet another set of made-up words into the realm of software - we already have too many of them as it is.

      sPh

      • Sorry, English is not my first language and I already thought that I didn't use the right word. I even used my dictionary, but to no avail.

        • by sphealey ( 2855 )

          > Sorry, English is not my first language and I already
          > thought that I didn't use the right word. I even used
          > my dictionary, but to no avail.

          My apologies - I did not mean to criticize the English skills of a non-native-speaker. In general United States English usage a person or object is granted (or possesses) a certificate, and is then said to be certified. As I noted the world of aviation recently (within the last 10 years) started using the word "certificated" (ser-tif-eh-cate-ed). English

      • Although I am inclinated toward your position, agreement-wise, I think we should conversate about this before decisionating the matter.
    • by DragonWriter ( 970822 ) on Saturday March 14, 2009 @05:49PM (#27196169)

      If the law states that there should be a 'view but not save/copy/print' right (like here in the Netherlands), how could you enforce that *and* be truly open source?

      The same way you would do that for commercial programs.

      Being open source doesn't mean that there is an absence of government regulations that restrict your ability to distribute and/or use modified versions.

      You have to certificate each and every release of the full software on a source code level (and provide authorization based on the (i.e.) md5 sum of the executable) to enforce such rights. One simple edit & recompile and you can save/print those x-ray pics, which is against the law.

      And...so, what? Its always possible for the user to modify either the software, the software environment in which the application software runs, or the hardware platform on which the software runs to avoid such restrictions. Certification of software only provides assurance for the software in the form it is sold, not anything that is done by the purchaser after they have received it. Other enforcement measures, like on-site audits, are necessary, whether or not the software is open source, to assure that the user uses the software in a manner which complies with the law.

      At the very least, forking, maintaining your own version and fixing bugs for your (employer's) own use is either impossible or very expensive.

      It doesn't add any cost that isn't added to purchased software, even if the certification requirement is on software used and not software sold for a purpose, since you are going to be paying the cost of certification for any software you purchase, as well. OTOH, since the modification and use of software in house is part of the internal practices, it makes more sense to include those in whatever regulation and certification requirements exist for internal practices, rather than in the kind of certification requirements that are imposed on software sold for a regulated purpose.

    • by sumdumass ( 711423 ) on Saturday March 14, 2009 @06:01PM (#27196249) Journal

      Opensource is about the code in question and the freedom to adapt it to your needs.

      That being said, the ability to give the code away again is still there even with certification is the certification is assigned like a patent or copyright. In this case, the assignment of the certification would be a specific implementation by a specific company or person or person representing the company.

      To walk through this just so we are clear, if I create an open source product called "Little Dog" and I get it certified, if the certification is assigned to me for version 1.0, then version 1.2 or 1.45 or whatever would need a new certification. And because the certification is assigned to me, if you decided to take the code and offer your own product or even improve it, you wouldn't be able to claim it was certified because only the person assigned the certification could do that. Technically, the code would have been certified so you could get a certification in your name without fear of failing but you couldn't lay claim to my certification.

      Now, I believe this follows along with the open source model and principle because you can get the code, you can distribute the code, you can modify it, you can still do anything you want with it. The only thing you couldn't do is make claims or representations over a certification for use that was assigned to me. Think of it like this, if Time magazine said you were the hero of the month because of some open source program you created, I couldn't accurately take the code, distribute it, and claim Time Magazine called me the hero of the month even though I would be using the same code you created that caused them to notice you.

      I hope I didn't just write in circles and confuse my point.

    • by maxume ( 22995 )

      It might be cost effective to have a third party certify patches (but probably not).

    • by lawpoop ( 604919 )
      Yeah, but do you really think the end users of any certified open-source medical software ( i.e. Doctors, nurses, hospital staff ) are going to be messing with *any* source code, at all?

      I think the more likely scenario is that certain versions or releases of any FOSS software would be certified. A health care organization is only going to be running binaries. If there's a concern about a bad actor within the health-care organization re-compiling FOSS code to run renegade binaries, I'll bet that person ha
    • Comment removed based on user account deletion
    • by fermion ( 181285 )
      Point in fact, this already happens with PDF viewers. Most follow the rules. It is true that an individual user can get into the code and change it, but, given the spec, any individual user can always get into any file and do whatever they want with it.

      This is where the laws and audits come in. It is just like keeping records in a filing cabinet. There is nothing inherent in the file cabinet that prevents users from copying information, taking the records home, etc. It is simply policy that is enforce

  • CCHIT? (Score:5, Informative)

    by Anonymous Coward on Saturday March 14, 2009 @07:51PM (#27196843)

    Disclaimer: I work in this industry.

    To be blunt, CCHIT is among the least significant and cheapest of the regulatory considerations in healthcare software, particularly when you're talking hospital-caliber systems. Far more onerous are the FDA regulations and oversight (at this level, healthcare software is regulated as a medical device), and similar bodies in other countries. Software bugs can also create enormous legal risks; malpractice or wrongful death claims are never cheap, and bad code or human error does not get you off the hook. All of this means enormous testing and documentation costs, shared by both the software companies and the hospitals. (The VA, as an arm of the federal government, enjoys some legal advantages over other hospitals in this regard.)

    Combine this with the enormous complexity and the domain expertise required to model what can occur in a hospital, and you have a market with a very high cost to enter - not the best opportunity for open source. Indeed, there's been several highly-capitalized and failed attempts to enter the market by tech giants ...

    That said, most modern healthcare software contains and uses healthy quantities of open-source code, but generally not of the GPL variety. We regularly contribute to the projects we use, inasmuch as our employment contracts permit. However, generally speaking, these projects are not specifically healthcare oriented (though there are exceptions - hapi [sourceforge.net] is a personal favorite.)

    • by ilo.v ( 1445373 )

      Software bugs can also create enormous legal risks; malpractice or wrongful death claims are never cheap, and bad code or human error does not get you off the hook

      What, you mean I can't make every shmuck that comes in my hospital click on an EULA that says that they can't sue me even if I kill them?

      • by dkf ( 304284 )

        What, you mean I can't make every shmuck that comes in my hospital click on an EULA that says that they can't sue me even if I kill them?

        Sure you can! But the courts will ignore it I bet; some types of clause are generally reckoned to be unconscionable and "can't sue me if I kill you" would be a prime candidate for that sort of thing.

        • by ilo.v ( 1445373 )

          ... some types of clause are generally reckoned to be unconscionable and "can't sue me if I kill you" would be a prime candidate for that sort of thing

          That hasn't stopped Microsoft or most of the rest of the software industry from doing exactly that. Their EULAs basically all say that if defects in their software cause harm, they are only liable for the cost of refunding the purchase price. If their software defects kill someone, they are trying to be not liable. To my knowledge that type of clause has

  • by Anonymous Coward

    There is a HUGE problem with this issue of electronic records and it relates to the philosophy of who should be responsible for what. IMHO each person should be responsible for his own records. When you use medical services, you always receive the records produced during those services, and the provider will keep a record as they always have. But these records should not be shared with anyone nor go into any kind of national database. These records can be in a standardized electronic format if that makes li

  • by Presto Vivace ( 882157 ) <ammarshall@vivaldi.net> on Saturday March 14, 2009 @09:43PM (#27197341) Homepage Journal
    the open source movement needs to be active on standards bodies. Standards selection is vendor selection.
  • CCHIT is SH*T (Score:3, Interesting)

    by Omega1045 ( 584264 ) on Saturday March 14, 2009 @10:31PM (#27197559)
    I spent a few years working as a software engineer for two electronic medical records companies. The second company certified some of its software with CCHIT. From that experience I can tell you that the CCHIT requirements are idiotic, and don't lead to better patient care, or better software for that matter. They are a hoop businesses jump through (both software companies and clinics). There are states that offer tax incentives for physicians that use CCHIT certified software. I know we spent a lot of time and effort implementing stupid features that were supposed to enhance security around patient data, help the physician provide better patient care, etc. In many cases these "CCHIT features" did just the opposite.

    Its really disheartening when you write software all year to provide useful tools for doctors that improve the standard of care, and then have a bunch of useless and counterproductive features slapped on because of an upcoming CCHIT certification.

  • IIRC the VA uses a pretty robust system, and it is FOSS (public domain).

    Is there some paricular reason it cannot (or isn't) certified, and or become the reference system?

  • A standards organization that charges these big fees is part of the problem rather than part of the solution to the stated goal of reducing health care costs.
  • I would like to respond generally to some of the high ranked comments.

    First, one of the assumptions is that an EHR is -one- kind of thing and it needs to be certified. This is much more a category buster, like a car. If a required car certification mandated that all cars should have beds like a truck, be able to off-road and break 150 mph, then you would have a tremendous change in how the auto-industry works. Even if you have seemingly reasonable requirements like "auto-door locks" or "automatic transmi

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...