Category: healthcare

The six million dollar man a reality?

This interesting PBS Hour video shows several bionics projects that use state-of-the-art robotica in creating artificial limbs to assist the disabled.


Article in Surgeon’s journal

The Dutch Journal for Surgeons, publishes an article written by my collegue Younass and myself. We wrote this article to further explain some of the points we made during our  keynote at the natinal Convention of Surgeons last month. The entire article here in English and Dutch, the PDF of the journal here. Background links and articles here (mostly Dutch).


When surgeons and IT architects work together…

Younass Aboulghit and Arjen Kamphuis

We live at a time when information technology is drastically changing our lives. We can see the digital process all around us in information systems and the change in our working procedures. People always expect to be able to get information quickly and share it with each other if it’s important. In healthcare there are opportunities and a new generation of patients has high expectations. The question is: how do we embrace the potential of information technology while maintaining quality and professionalism? How do we prevent the indiscriminate use of IT making the work of the specialist more difficult, rather than easier? That things can go badly wrong with healthcare projects has been demonstrated with the case of the Electronic Health Records (EHR).

EHR and related IT projects in healthcare often confuse medical and logistical functions. Different groups within a health institution experience different problems that they want to see solved through IT. Non-medical planning and logistics work is often an important way to improve the efficient use of manpower and resources. However, from the perspective of front-line healthcare providers, this can mean that they feel treated like a cog in a machine, and this does not fit with their sense of professional autonomy. Certain lessons of the logistics of care can be drawn from the tailor-made principles of 20th century industry.  However, a hospital is not a widget factory and a patient is certainly not a widget. The factory metaphor is useful, but also has its limitations. And, by not recognising these distinctions, software vendors and corporate buyers over the last 20 years have often gone wrong.

The fundamental problem began with the introduction of the national EHR. Since the mandatory imposition of a national administrative system was considered unfeasible, the decision was taken to centralise and maintain the existing IT systems from 9,000 health care institutions as efficiently as possible. Merging all these systems into one structure was a political and administrative nightmare. Unfortunately, the quality, speed and reliability of the overall national EHR relied on the standards used by each of the individual 9,000  institutions. A critical care professional cannot make decisions based on medical data of questionable reliability. Since no one knows how all these institutions store potentially relevant data about a specific patient, nor how reliable the information is, care professionals are reluctant to use the system. Gendo raised this fundamental problem back in 2005 after a test hack of two hospitals initiated by writer and privacy campaigner Karin Spaink.

Now the First Chamber has quashed the idea of a national EHR, the field is clear for local and regional initiatives to apply lessons learned.

A mistake often made in healthcare is the implementation of large-scale IT systems basically not designed for healthcare. These systems compel hospitals and care institutions to align their processes to the IT rather than vice versa. This ultimately leads to a lot of frustration among service providers. We need to listen to the medical professionals who rely on IT systems in order to perform their job. A successful system should be based on a clear answer to the problems it solves. What are the needs of different stakeholders? Besides a clear definition of the problems, it is very important that stakeholders agree on the way forward. In other words, a shared IT strategy.

A clearly defined strategy can be learned from the experiences of the St Anthony Hospital, which in 2008 began to build its own EHR based on open standards and open source software. The St Anthony consciously chose a longer route where the problem was not fixed by an external supplier, but developed its own solution. One of the steps the hospital took was to establish a steering committee consisting of different types of caregivers. Together they defined the vision and controlled the implementation. The principal reason for choosing open standards was the  guarantee of future interconnectivity with other systems and organisations. The choice of open source makes it possible in future to develop new systems jointly with other institutions,without one party having all the control.

The healthcare professionals most closely involved in developing the system need to be assured that they are actually helping their business. Both IT workers and health professionals need to be interested in each area and have the patience to learn. IT professionals are not surgeons, but can understand the problems of surgeons; good surgeons can grasp the basics of IT architecture, learning how to use it without the IT worker having to be present. Only through cross-pollination of knowledge is it possible to create solutions appropriate to both the medical and IT technical reality.

Medical information is complex, and careful handling of patient information is a legal and moral obligation. The IT systems that process such information must be reliable. To ensure reliability, the IT architecture has to meet certain requirements, such as: modular, secure, transparent and easy to audit, scalable, reliable and interoperable. To make these architectural requirements a reality, proven methods and components must be used. Transparency is achieved by using open source and providing proper documentation. IT systems need to be scalable and have built-in redundancy to allow for a comprehensive back-up, recovery, and restoration strategy. To ensure that different IT systems can communicate with each other, they should be based on open standards like DICOM and HL7 messaging for information processing and image sharing. In addition to the above, it is also important that the architecture complies with the laws and regulations laid down for health care institutions, such as NEN7510.

One of the goals of an IT strategy is a vision of the method of software development. An important part of the development philosophy is always to start small and modular. The basis for this is discrete units – ‘blocks’ – performing one very simple function, that are interoperable with other blocks. By such a process of small steps we can clearly prevent out-of-control monster projects costing many millions. A system that has modularity as a design principle will always remain future-proof: new or individual modules can be added to adapt to new medical insights or changing legislation. Another important philosophy is to maximize the use of proven technologies and methodologies: in other words, use technological components where a consensus exists that they are reliable and future-resistant. The Unix OS is a common example of what can be achieved with this method of development. The UNIX family of operating systems currently runs TomTom, super computers, phones and all Apples (including the iPhone and iPad). For those willing to to use it, the modular philosophy has proven to be flexible, scalable, secure and free.

Building an EHR should involve close collaboration between medical professionals and IT architects, and result in compliance with key framework policies. The main challenge is for these two groups of professionals to explain clearly to each other their needs and expertise, and build an EHR structure, block by block, that will encompass everything.

(The authors gave a keynote at the Dutch Surgeons’ Day 2010. We are looking forward to talk with health care professionals who are interested in the above vision to work towards building an EHR)


Autoimmune disease in the pig pen

<webwereld column – in Dutch>

Computer viruses and palliatives against them are a growing threat to high-tech care. There is a classic solution for the old problem of a vulnerable mono-culture: diversity.

Last Monday alarm bells went off in many IT departments. A viral infection on Windows XP computers was initially caused by an anti-virus update from McAfee. The update made part of the system appear to be a threat and system file protection software made the system unusable, a type of auto-immune disease.

In hospitals and care institutions XP is still widely used, as specialised medical applications are often not ready for the new Windows version (and as often purely because of under-investment). This time it was McAfee, but almost all anti-virus products from time to time cause such problems. Anti-virus updates are a real-time arms race and sometimes in the rush things goes wrong.

From agriculture and ecology, we know that monocultures are efficient but also very vulnerable. It is no different in the pig pen of IT. The management of 4500 identical systems seems simpler than a more varied infrastructure – until a virus or autoimmune disease outbreak. Then the overtime starts. The scale of many of these incidents shows that even large health care institutions do not have proper internal firewalling and compartmentalisation. Nevertheless, the situation is better than five years ago.

Security issues caused by monocultures are not a new story. In 2003 Daniel Greer and Bruce Schneier wrote a report about the security implications of the dominant OS monopoly. Since that time neither the market nor the government has succeeded in effectively breaking this monopoly. In health care applications with medical or laboratory equipment included, many are Windows-only. Vendors often set additional conditions on the PCs, for example no firewall, before guaranteeing proper functionality for of their own applications. Thus a computer virus (or an autoimmune disease) is not only annoying for the admin department, but can also make scanners unusable. The MRI scanner can still take images, but the PC is crucial to the operation and viewing the results. So a Philips or Siemens unit worth a cool million is effectively scrap metal and patients cannot be treated. Sooner or later, this is a real time problem and then way more people than just the help desk are affected. In England, more than 1100 National Health Service computers were infected with a data-thieving worm. And there goes your medical confidentiality.

From the many conversations I have had in recent years with IT workers, I conclude that the difference between a product monoculture (a ‘standard’ desktop) and the application of standards to achieve interoperability is still not understood. Some years ago I spoke to a ministry official who enthusiastically told me that a ‘standard’ desktop was going to be implemented for the entire government. When I asked what standards would be applied, he launched into a list of products, "this version of an OS, this version of a word processor" and so on. The perception is prevalent amongst many IT managers that systems can only work and be properly managed if they are all from the same vendor and version. But this is much more a symptom of market failures and the immaturity of the IT industry. It is a problem to be solved, not a law of nature to which we have to adapt.

That there is another way to do things can be seen from the work over the past 10 years in the Antonius Hospital in Nieuwegein. There they have consistently, in small steps, consciously worked to minimize dependence on a particular vendor, platform or application. What most IT managers of health institutions describe as ‘impossible’ has been done in Nieuwegein. Fortunately this hospital is in the centre of the Netherlands so when a really big crash occurs all critical patients can be sent there. In 2010 we can avoid succumbing to the first virus or software-update-gone-wrong by using virtualisation, web-enabling and open standards environments to build greater diversity and interoperability.