Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"


H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Thursday, July 31, 2008

Three Interesting Reports on Parts of Health IT

It seems the last week or two has been a big one for new reports.

First we have a review of Health Informatics in the UK NHS.

NHS Informatics Review says trusts need 'interim' systems

10 Jul 2008

NHS trusts are to get support, and in some cases may get national funding, to select and install “interim” systems as a result of the NHS Informatics Review.

The change in emphasis comes in response to delays of four years or more in the strategic, detailed electronic record systems at the heart of the National Programme for IT in the NHS.

The review, which was led by the Department of Health’s interim chief information officer, Matthew Swindells, before his departure to the private sector, says that good information and good information systems are essential for the delivery of Lord Darzi’s Next Stage Review of the NHS.

It reaffirms the goal of the national programme to deliver integrated care records systems, but acknowledges the impact on trusts of lengthy delays in the delivery of strategic systems from local service providers.

It also spells out the need to use proven systems until better ones becoming available. Interim systems are expected to range from very specialised departmental systems through to hospital-wide patient administration systems.

More here:


Additional information is found here:

HealthSpace set for big expansion

15 Jul 2008

HealthSpace, the government’s secure online site for patients, is to be expanded to include shared records and GP appointment booking, according to the Health Informatics Review.

The review, published last week, outlines a much wider role for HealthSpace and says its consultation highlighted strong support for the HealthSpace initiative.

In future HealthSpace will be accessed via the NHS’s website NHS Choices and the reviews sets out the proposed features including the ability for patients to record their treatment preferences, to view their Summary Care Record and, for those with long-term conditions, to access a shared record.

The document adds: “We propose an early implementation of a shared record for patients with long-term conditions such as diabetes, which will allow a more active and participative role in their care.”

The list of features which patients could benefit from includes:

• a self-care section to enable patients to monitor their condition and load the results for GPs to view and discuss at future appointments.

• Access to Summary Care Records and the ability to store information and preference.

• Reminders on tests, appointments and screening and personalised information for those with long term conditions.

• Secure online interaction with GPs and the ability to email a request for a repeat prescription.

• The ability to see available slots and book an appointment with their GP, practice nurse or hospital.

• An accessible and secure site which will show patients who has accessed their information.

More here:


The full report (.pdf) can the downloaded from the following link.


Second we have the following from iHealthBeat.

Two Reports Highlight Importance of Health IT

by George Lauer, iHealthBeat Features Editor

Last week, in a scorecard rating the most expensive health care in the world, the Commonwealth Fund said the U.S. isn't getting its money's worth.

Last month, a respected health researcher and academician said it's getting difficult to be a competent physician in this country without technical support.

The two reports are not unrelated.

David Mechanic, director of the Institute for Health, Health Care Policy and Aging Research at Rutgers University, argued in the health policy journal Milbank Quarterly last month that physicians who don't use IT might not be performing to professional standards.

Asked how his assessment related to the Commonwealth Fund scorecard last week showing that the U.S. health system is falling short in several areas, Mechanic said, "There is, of course, a link in that IT and [electronic health records] are important tools that will facilitate addressing many of the deficiencies and absurdities of health care in America."


Reaching Similar Conclusions

The Commonwealth Fund scorecard ends with a recommendation to pursue several strategies including:

  • Universal and well-designed coverage that ensures affordable access and continuity of care, with low administrative costs;
  • Incentives aligned to promote higher quality and more efficient care;
  • Care designed and organized around the patient, not providers or insurers; and
  • Widespread implementation of health IT with information exchange.

Mechanic ends his book with similar sentiment:

"At some point, we as a nation will have to decide whether we wish to design our health care system primarily to satisfy those who profit from it or to protect the health and welfare of all Americans ... anything is possible if the public begins to appreciate how little it gets for what it really pays."


Much more here:


There is an abstract for the full Milbank Quarterly article available


Rethinking Medical Professionalism: The Role of Information Technology and Practice Innovations

David Mechanic

Context: Physician leaders and the public have become increasingly concerned about the erosion of medical professionalism. Changes in the organization, economics, and technology of medical care have made it difficult to maintain competence, meet patients’ expectations, escape serious conflicts of interest, and distribute finite resources fairly. Information technology (IT), electronic health records (EHRs), improved models of disease management, and new ways of relating to and sharing responsibility for patients’ care can contribute to both professionalism and quality of care.

Methods: The potential of IT, EHRs, and other practice facilitators for professionalism is assessed through diverse but relevant literatures, examination of relevant websites, and experience in working with medical leaders on renewing professionalism.

Findings: IT and EHRs are the basis of needed efforts to reinforce medical competence, improve relationships with patients, implement disease management programs, and, by increasing transparency and accountability, help reduce some conflicts of interest. Barriers include the misalignment of goals with payment incentives and time pressures in meeting patients’ expectations and practice demands. Implementing IT and EHRs in small, dispersed medical practices is particularly challenging because of short-term financial costs, disruptions in practice caused by learning and adaptation, and the lack of confidence in needed support services. Large organized systems like the VA, Kaiser-Permanente, and general practice in the United Kingdom have successfully overcome such challenges.

Conclusions: IT and the other tools examined in this article are important adjuncts to professional capacities and aspirations. They have potential to help reverse the decline of primary care and make physicians’ practices more effective and rewarding. The cooperation, collaboration, and shared responsibility of government, insurers, medical organizations, and physicians, as well as financial and technical support, are needed to implement these tools in the United States’ dispersed and fragmented medical care system.

I am sure many who are interested will be able to access to full article via their library services.

All in all just too much reading for one week following on the huge Quality and Safety Report from last week!


Wednesday, July 30, 2008

Wireless and HealthCare Delivery.

The following release appeared a few days ago

Mobile Medics Will Shape The Medical Device Market

Doctors on the move and domiciliary healthcare workers are changing the way patients are treated and are creating new and exciting opportunities for both medical device manufacturers and the consumer electronics industry, according to research by UK based analysts Wireless Healthcare.

Cambridge, UK (PRWEB) July 22, 2008 -- The increase in the level of healthcare being delivered by mobile medical practitioners outside of hospitals will become a key driver within the medical device market over the next decade. According to a report by Cambridge UK based analysts Wireless Healthcare, as healthcare providers are pushing more diagnostic and monitoring processes out to the edge of their care networks, medical device vendors are responding by adding more advanced communications technology to their products.

The report, "Wireless Healthcare 2008", also identifies a number of consumer electronics companies that have successfully positioned their products within the mobile healthcare market. According to Peter Kruger, Analyst with Wireless Healthcare: "Some of these companies are attempting to emulate Polar Electronics, who have built a strong presence in the ehealth sector and use their sports and fitness monitoring technology to capture vital signs data in ehealth applications."

The report sees diet and fitness monitoring as a key entry point for companies coming into the medical device market, due to the fact that devices can be launched without the need for long, complex and expensive approval procedures. Sales of devices aimed at the preventative healthcare market are also being driven by ageing baby boomers, concerned enough about their health to purchase a device privately rather than wait for their healthcare provider to prescribe one. Wireless Healthcare points out that once established in the consumer healthcare market, vendors can add features to devices that will attract the attention of established healthcare providers.

Wireless Healthcare's research points to a degree of convergence occurring within the healthcare sector once incumbent healthcare providers have finished building their core IT infrastructure. Pressure from small "nextgen" healthcare providers will create a struggle to open up the last mile of the healthcare network - similar to the battle between small ISPs and incumbent Telcos during the late 1990s for access to the last mile of the telecommunications network. This time, however, according to Wireless Healthcare, the key weapon will be mobile, rather than fixed line communications technology.

"Wireless Healthcare 2008" is available from www.wirelesshealthcare.co.uk

About Wireless Healthcare

Wireless Healthcare are UK based analysts specialising in mobile and wireless technology in the healthcare sector.

Release URL:


Many more details on this report are found here:


I only wish I had the $1600 dollars to buy the report. I am sure it would make very interesting reading. It seems to me that mobile wireless devices are going to play an increasingly important part in health care delivery. Certainly we are seeing rapidly expanding use of such devices in Medical Schools worldwide.


Tuesday, July 29, 2008

Open Source Starts to Bite in e-Health

It seems not a month can go past without major open-source news in the e-Health space.

The most recent appeared a few days ago.


Open eHealth Foundation Defines Development Priorities

Open eHealth Foundation Now an Official Nonprofit Organization - Board of Directors and President Elected - Development Priorities Defined

Last update: 1:15 p.m. EDT July 24, 2008

WAYNE, Pa. and WALLDORF, Germany, July 24, 2008 /PRNewswire via COMTEX/ -- The Open eHealth Foundation (OeHF), an open source initiative for the efficient exchange of medical information based on existing standards, is officially registered as a nonprofit organization in Delaware. This milestone enables the foundation (which was launched at HIMSS 2008 by Agfa HealthCare, InterComponentWare and Sun Microsystems) to begin operations.

Board of Directors and President Elected

As the OeHF's first Chairman of the Board, the foundation members elected Lindsy Strait from Sun Microsystems. Additional board members include Thomas Liebscher, InterComponentWare, and Evgueni Loukipoudis, Agfa HealthCare. As Chief Technology Officer (CTO), Loukipoudis will be responsible for the architecture as well as the interoperability of software components developed by the OeHF.

Alexander Ihls was appointed OEHF's President and also acts as Chief Business Development Officer (CBDO). In this function, he is directing the foundation's orientation and is responsible for the acquisition of new partners and members. Richard Golden assumed the role of Chief Operating Officer (COO) for the foundation and will be responsible for setting up the infrastructure and the organization of development projects.

Development Priorities Defined

The OeHF will use existing IHE (Integrating the Healthcare Enterprise) profiles as a guideline for its development activities. All the OeHF service components will be designed flexibly, will offer IHE compliant functionality, and will be usable in national initiatives such as the Canada Health Infoway or the Fraunhofer electronic case record in Germany.

The OeHF has prioritized the initial IHE profiles, which will be given priority for being implemented as open source components. Initially, actors from the IHE PIX/PDQ (Patient Identifier Cross Referencing / Patient Demographics Query) profile (and related profiles) will be implemented. The development work for these components has already started. The results will be presented at HIMSS 2009 in Chicago to the general public.

Open Membership

The OeHF is open for additional members interested in participating in the community. Visit www.openehealth.org for additional information.

About Open eHealth Foundation

Open eHealth Foundation (OeHF), launched at HIMSS 08, uses existing open source projects for developing a platform on which its members and other providers can create open source components that are made available free of charge, including reference implementations to obtain high semantic interoperability based on open standards. Open eHealth Foundation will not develop any new interoperability standards, but teams up with the existing standardization organizations to implement already defined standards in its open source components, and to provide reference implementations for these standards.

All your questions on this new initiative are answered here.


This follows relatively hard on the heels of other recent announcements.

Of considerable importance is the Open Health Tools Initiative which can be found here.


The list of partners is very impressive.

OHT Inaugural Members

OHT is a collaborative organization comprised of the following standards organizations, academia, national health systems, the open source community, vendors and IT professionals:

Government agencies in the United States, United Kingdom, Canada and Australia striving to provide healthcare professionals with rapid access to accurate and complete patient information, enabling better decisions about treatment and diagnosis:

  • Canada Health Infoway, Inc.
  • National e-Health Transition Authority (Australia)
  • National Health Service, Connecting for Health (United Kingdom)
  • Veterans Health Administration (United States)

Health standards agencies providing open, neutral, international standards for the effort:

  • Health Level 7
  • Healthcare Services Specification Project
  • International Health Terminology Standards Development Organisation
  • Object Management Group

Academia and research:

  • Linkoping University
  • Oregon State University, Open Source Lab
  • Mohawk College

Vendors and open source organizations providing compelling medical software, services and equipment solutions:

  • B2 International
  • BT
  • CollabNet
  • Eclipse
  • IBM
  • Innoopract
  • Inpriva
  • JP Systems
  • Kestral
  • NexJ Systems
  • Ocean Informatics
  • Oracle
  • Ozmosis
  • Palamida
  • Red Hat

Also impressive are the contributions made or planned from the UK NHS and the International Health Terminology Standards Development Organization (IHTSDO) (see July 17, 2008 announcement)

It seems to me what we have here are substantive moves towards a much more open e-Health future.

All this, of course builds on the work of others involved in such areas as openEHR (http://www.openehr.org/home.html) the OpenMRS (http://openmrs.org/wiki/OpenMRS) and a large range of others.

There is even some activity in Australia! See http://code.google.com/p/wedgetail/

For those with an interest there is a reasonably active e-mail discussion group.

List infolist openhealth@yahoogroups.com

Contact openhealth-owner@yahoogroups.com

Unsubscribe from the list: mailto:openhealth-unsubscribe@yahoogroups.com

This is clearly an area to close eye on.


Monday, July 28, 2008

Some Wise Words from a Departing Editor – How to Align Ducks in E-Health!

Gary Baldwin has finished up his stint as technical editor for Health Leaders. He did a pretty good job and the last article he produced, on implementing a health system wide EHR was a ripper!

One Record, Many Lessons

Gary Baldwin, for HealthLeaders Magazine, July 10, 2008

Allina Hospital made significant gains with its systemwide enterprise EMR. But the project cost more than just money.

Five years ago, Allina Hospital & Clinics declared an ambitious goal: Convert the entire 11-hospital system to a common electronic patient record system. Some $250 million later, Minneapolis-based Allina has achieved its vision of "one patient, one record." Allina's so-called "Excellian Project" is winding down to a handful of small community hospitals, and its 11 main hospitals and 70 clinics now share a common patient database that drive a core set of applications, including order entry, results reporting, pharmacy management, and picture archiving on the clinical side, and registration, scheduling, and billing on the administrative side.

The project was a massive undertaking that at its peak required full-time participation by 300 employees. Nevertheless, Allina is far from finished, having just begun to realize the efficiency of electronic data interchange (see sidebar, "What's Next"). Its accomplishments thus far, however, represent a textbook example of the big-ticket organizational makeover. During its hospital-by-hospital deployment, Allina learned plenty of lessons. They often came the hard way as the project upended the health system's traditions and conventions—sometimes with hard feelings.

Much more here:


The five main lessons he provided were:

Lesson 1: Implement enterprise governance—quickly

Lesson 2: Pay for physician leadership

Lesson 3: Avoid design by committee

Lesson 4: Set realistic expectations

Lesson 5: Prepare for ruffled feathers

These seem to me to be lessons all bureaucrats and implementers in Hospital projects in Australia should take very much to heart

The scale of the organisation make for quite sobering reading!

The Lowdown

Organization: Allina Hospital and Clinics

Location: Minneapolis

Description: 11-hospital health system with 70 clinics

2008 "Excellian Project" (EMR) operating budget: $17.4 million

2008 Excellian staff: 173

Excellian budget 2004-2007: $250 million, 300 staff

Honors: Winner, 2007 HIMSS Davies Organizational Award

Web site: www.allina.com

Key vendor partners: Epic, OnBase (document scanning), GE (lab system), and Emageon (picture archiving)

The whole article is well worth a careful read and printing out to keep.

Thanks Gary!


Sunday, July 27, 2008

Useful and Interesting Health IT Links from the Last Week – 27/07/2008

Again, in the last week, I have come across a few reports and news items which are worth passing on.

These include first:

Doctors, PHDs to edit new Wikipedia of medical information

Medpedia site is backed by health care heavies like the Harvard, Stanford medical schools

Heather Havenstein 24/07/2008 09:24:59

A project launched Wednesday aims to create what is in essence a medical Wikipedia, an online encyclopedia focused on explaining conditions, drugs, procedures, medical facilities and other medical topics written by physicians and PhDs.

The Medpedia Project launched a preview of the Medpedia site Wednesday with the support of medical heavyweights like Harvard Medical School, the Stanford School of Medicine, the University of Michigan Medial School and the University of California Berkeley School of Public Health.

These schools and other organizations have agreed to provide content and to urge their employees to sign up to be editors of the new site, which is scheduled to go live with 1,000 pages of information by the end of the year.

The site, which is built with the same open source software that runs Wikipedia, will be written and edited by volunteer medical doctors or experts with PhD degrees, noted James Currier, Medpedia's founder and chairman. The site will provide profiles of each of each editor, including their background and areas of expertise, he added.

More here:


This seems like a very interesting and risk controlled initiative with some pretty smart people behind it. If the success of Wikipedia is any guide – this should be a very interesting site to visit once operational.

Second we have:

Bedside technology proves its worth

Technology can improve medical handovers, but implementing changes may prove challenging, writes Lynnette Hoffman | July 26, 2008

KEVIN Murphy, in the words of an Irish magistrate, "should not have died" from a highly treatable condition known as hypercalcaemia, where calcium levels in the blood are too high.

The 21-year-old had classic signs of an over-active parathyroid gland, but despite complications including bone pain, neurological problems and, ultimately, renal failure along with the hypercalcaemia, the link between the test results and the correct diagnosis was never made and the seriousness of the situation not recognised.

Vital information about the young patient was not communicated effectively between different health workers, and was never passed to the doctors who needed it. Case notes did not mention his deteriorating condition, and he never received surgery to remove the overactive parathyroid gland, which would have saved his life.

The magistrate's damning words came at a hearing five years after Murphy's death. Murphy's mother, Margaret, has since gone on to lobby for patients' rights for the World Health Organisation, which last May launched nine patient safety solutions aimed at reducing healthcare-related harm.

Improved communication during medical handovers, when one nursing or medical team goes off shift and another begins, ranked in at number three.

Though Murphy's case occurred years ago in Ireland, it could easily have happened here in Australia this week, says associate professor Steve Bolsin, a patient safety expert at Geelong Hospital. "Poor clinical handovers remain a major problem, and there is a huge opportunity to do it much better, particularly for patients who move between different components of care, such as from their GP or aged-care facility to hospital," Bolsin says.

More here:


This is an interesting article that I feel somehow misses the point. Handover is best facilitated by having a reasonably complete set of current patient documentation regarding a patient available within a properly constructed Electronic Health Record that forms the basis of what is discussed as handover occurs. Much of what is discussed in this long articles are various short term interim approaches to try and make up for the lack of an EHR.

Third we have:

Medicare easy claim hard going

Frustration is rising over the roll-out of Medicare's Easyclaim system, reports Health editor Adam Cresswell | July 26, 2008

THE advent of the "push-button society" was supposed to make life easy.

Time-consuming tasks could be telescoped into seconds at the stroke of a finger, effort and hassle effectively removed, and bureaucracy tamed.

That has certainly been the vision behind various IT initiatives in health. Medical software programs have transformed racks of dusty patient files into instantly searchable, digitised data on doctors' computer servers; illegible scrawl on prescriptions is now crystal-clear printer type; and hope remains that electronic health records will improve care of patients, even if technical and privacy concerns have made progress slow on that to date.

Claiming of Medicare rebates, particularly when the doctor has charged a private fee rather than bulk-bill, is another area long recognised as overdue for revolution.

The appeal of Medicare Easyclaim -- an EFTPOS-based system intended to allow instant claiming of rebates at the doctor's surgery -- is obvious. It's just the reality that doctors and practice managers say is wanting.

The system uses an EFTPOS terminal to allow patients to pay their doctor's fee with a swipe of a bank card, and in the next step claim the rebate by then swiping their Medicare card.

The rebate is paid into their account almost immediately, reimbursing the patient sooner and obviating the need to go to Medicare.

Medicare itself also wins, by not having to process bundles of forms arriving from practices across the country.

It should be great, but uptake has been slow. Medicare Australia's website notes that of the 29 million services notified to it between July and December 2007, just 2.76 million were lodged electronically.

Of these, 2.67 million were lodged via a separate electronic method called Medicare Online, and just 88,000 were made using Easyclaim, first announced in August 2006.

This is despite the financial carrots on offer to tempt practices to make the switch. GPs can claim a $750 grant ($1000 in rural areas) to help them meet the costs of installing the new system. They also receive 18c for each transaction lodged electronically until December 2009, although this is also paid for systems using Medicare Online.

The Government committed yet more funds in this year's budget to encourage electronic claiming, earmarking a further $8.6 million over four years to make systems work better. At the time Human Services Minister Joe Ludwig said the Easyclaim system inherited from the Coalition "did little more than tie up (doctors) in red tape", which explained the 0.5 per cent take-up rates. The low take-up has been interpreted by some as medical bloody-mindedness. But the list of grievances against Easyclaim is lengthy and specific.

One GP told Weekend Health the system required a "huge amount of data entry" because it does not integrate with a practice's billing software -- every detail, from the amounts being charged and claimed, to the doctor's provider number (a unique identifying code used by Medicare to track doctors) has to be punched in manually all over again. This goes to a key AMA concern about Easyclaim, that it ties up receptionists at a time when even the Government acknowledges GP surgeries are being overrun with patients.

Much more here:


This is really an interesting article describing a Financial System black hole in the way the Health Sector works. Obviously the system needs to be offered in an integrated and very quick to use form – otherwise no adoption incentive is likely to ever work!

Fourth we have:

Therapy with the click of a mouse

Kate Benson Medical Reporter
July 23, 2008

TOO shy to venture out of the house or too sensitive to criticism to face up to therapy?

People with social phobias, anxiety and depression are being treated over the internet, answering online questionnaires and emailing their therapist with their darkest thoughts and fears.

Psychiatrists and lecturers who have been running the pilot programs through St Vincent's Hospital, in Darlinghurst, say the treatment has been as successful as face-to-face therapy even though the therapists and patients never meet. The program could help free up psychiatrists to see more needy patients with severe mental illness.

"It's the way of the future and it's fascinating," a professor in psychiatry at the University of NSW, Gavin Andrews, said yesterday. "We are treating people we never see and yet we are getting equivalent results to our world-standard anxiety clinic where we see people face-to-face. And these people are maintaining their wellness. If you grew up before the age of the internet, it seems a shock to think you can be treated without seeing a doctor, but it is working."

More here:


Another report of continuing work in the e-psychiatry space. Good to see!

Fifth we have:

'Health delay' penalties looming

Siobhain Ryan | July 22, 2008

THE federal Government will be held to account for the first timeover patients' delays in seeing a GP or finding an aged care bed, under draft targets to gobefore Australia's health ministers today.

The long-awaited set of performance indicators, drawn up by the Australian Institute of Health and Welfare, will force the federal Government to measure its progress on honouring planned healthcare pacts, to be finalised with the states and territories by the end of the year.

But the Government is yet to say whether it will accept penalties for any areas where it underperforms, despite warning its state counterparts they risk a federal takeover if they fail to deliver improvements on health.

Health Minister Nicola Roxon yesterday recommitted to increased spending to fix the nation's hospitals - a key demand of the states in the current healthcare negotiations.

"But as well as delivering that money, we need to be able to measure improvement, to make sure our investments are delivering high-quality care for ... every Australian," Ms Roxon said.

The targets will, for the first time, extend beyond hospital waiting lists into doctors' waiting rooms, nursing homes and mental, dental and community health clinics, reflecting the wider range of services to be covered under the new five-year deals.

Public hospital funding has dominated previous agreements. This time, indicators will record patients' out-of-pocket costs and the number who postponed seeking help because they couldn't afford treatment. Others will publish data on potentially avoidable deaths and independent peer reviews of cases where patients die on the operating table.

The AIHW's list of 40 indicators, however, lacks the detail and ambition of an earlier proposal from the Government's chosen adviser on health reform, the National Health and Hospitals Reform Commission.

More here:


This is an important – but apparently sadly watered down – approach to understanding what is going on with our health system. It is only by measuring real outcomes can we set priorities and make sure effort and investment is directed to solve real problems.

More coverage is found here:


States get new health benchmarks

And here:


Stricter reporting ahead for hospitals

Sixth we have:

Health IT research gets $20M boost

ICT aiming to improve healthcare industry

Rodney Gedda (Techworld Australia) 21/07/2008 14:43:50

The Australian e-Health Research Centre (AEHRC) became a national institution today with $20 million in funding from the federal and Queensland governments.

Established in 2003 as a joint venture between CSIRO and the Queensland government, the Brisbane-based AEHRC is used for ICT-related CSIRO health research.

Funding of $20 million will be provided to fund the centre's operations until 2012, CSIRO announced today.

The AEHRC has also relocated to new premises at the University of Queensland's Centre for Clinical Research at the Royal Brisbane and Women's Hospital.

More here:


On the face of it this is unequivocally good news. However I do wonder just in what context this money was made available and just where this work actually fits in the big picture?

A visit to the home page seems to me to be worthwhile to see for yourself what is planned and what is being achieved.


Additional coverage from the CSIRO is here:


I guess success will be defined by how much of what is being developed here actually makes it into routine care over the next decade or so.

Last we have our slightly technical note for the week:

Study finds huge rise in malware this year

Malware has risen by 278 percent so far this year according to ScanSafe.

Tom Jowitt (Techworld.com) 21/07/2008 08:23:13

Malware has risen by a staggering 278 percent in the first half of 2008, thanks in part to the large number of websites comprised last month, so says a new study by ScanSafe. And it warns that things are only going to get worse, especially after Dan Kaminsky goes public with details about his 20 year-old DNS vulnerability.

The ScanSafe Global Threat report is a study of more than 60 billion web requests that ScanSafe has scanned, as well as 600 million web threats it has blocked from January through June 2008 on behalf of corporate customers worldwide.

The report found that web-based malware increased 278 percent during this period. This was in part due to large websites such as Wal-Mart, Business Week, Ralph Lauren Home, and Race for Life, being compromised in June by SQL Injection Attacks.

Less than a year ago, web surfers were more at risk from social engineering scams and rogue third-party advertisers, with the outright compromise of legitimate websites being relatively rare, and when they did happen, they were fairly obvious cases such as website defacements.

But now it seems that instead of attacks on the website itself, the target nowadays is the site visitor. ScanSafe says that unlike defacement, the signs of compromise are not readily apparent as the attacks are deliberately crafted to avoid casual observation.

"Today, compromises of legitimate websites are occurring en masse and in nearly all cases there are no readily visible signs of the attacks," the security expert warns.

Large number of these SQL Injection Attacks was detected back in March this year. Then in April, attacks on legitimate web domains, including some belonging to the United Nations, expanded dramatically. In June, ScanSafe found that SQL injection attacks accounted for 76 percent of all compromised sites.

More here:


While one is always a little suspicious of alarmist reports on nasties out there on the Internet – the information on the changing nature of the attacks I found interesting. Worth noting.

More next week.


Thursday, July 24, 2008

Patients Googling their Doctor – A Coming Trend?

I came upon this interesting blog post the other day.

When Patients Googlestalk Their Doctors

Posted by Jacob Goldstein

Old doctors barely know what the Web is. Baby docs just out of residency would rather take a job in the Arctic than get rid of their Facebook page. And all of them are likely to get Googlestalked now and again by creepy patients.

That’s what a couple of Harvard psychiatrists say (albeit somewhat less glibly) in a commentary in this week’s JAMA.

“Many physicians over a certain age never envision their patients Web searching” for personal information about their doctor, write Tristan Gorrindo and James E. Groves. The older docs (naively) believe that “being absent from the Web is the surest way of avoiding disclosure of personal information on the Web.”


Given how easy it is to go online and find housing records, divorces, bankruptcies and whatever pack of slanderous lies your bitter ex wrote on his/her blog, there’s only so much anybody — M.D. or otherwise — can do. Still, for the benefit of old and young alike, Gorrindo and Groves lay out a few common sense tips to help docs manage their online identity:

  • Create your own Web page with basic information about your training and your practice.
  • Search for yourself regularly. Use the form “John Q. Smith” or “John Smith, MD,” including quotation marks
  • Go after sites that post slanderous material. (This WSJ story lists private companies that, for a fee, help deal with this sort of thing.)
  • On social networking sites, use privacy controls to keep juicy bits out of sight of the general public.
  • If you think a patient is searching for private information about you online, bring it up with the patient.

More here:


This is a trend that may alarm clinicians.

While it seems perfectly reasonable to check if a clinician you plan to consult has any adverse commentary available on the Web it would seem very poor if patients start to abuse the information they find.

Potentially worse are sites the purport to rate clinician performance but which allow totally un-moderated and potentially damaging posting.

This is discussed further here.

Online Doctor Stalking: America’s New Pastime?

Kathryn Mackenzie, for HealthLeaders Media, July 15, 2008

We hear a lot about patient privacy and rights. With high-tech heavyweights like Google and Microsoft getting into the online personal health records game, it's likely that publishing medical information online will become the norm, rather than a futuristic pipe dream. Of course, patients will still want to know that their private information won't be accessed by the prying eyes of bosses, friends, neighbors, or relatives. And, through advertising pushes, test cases, and studies, the industry is working very hard to prove to patients that their medical data will remain private.

But what about the healthcare provider's right to privacy?

Many providers, especially those of a certain age, may not have any idea just how much of their personal information is easily accessible online to anybody—including their patients.

Anyone who comes into contact with patients, whether it be a physician or hospital executive, is accustomed to the dependency of patients in a clinical setting. Yes, we look to our doctors to cure what ails us, but we also want them to offer us comfort and support when we're feeling scared or sick. Some of us also want to know a little about our primary caregiver's history. Where did she graduate from, what do other patients think of her, where else does she practice? With the click of a mouse and few keystrokes, it's a breeze to get that information online at sites like ratemds.com and physicianreports.com. Unfortunately, it's also that easy to access far more personal information. Just by entering my doctor's name in Google or one of the dozens of other search sites, I can find out everything from where my doctor lives to her marital status to how much mortgage she pays.

More here:

I guess this issues is like all sorts of other relatively new technologies. There are often un-intended consequences which it takes time for an appropriate way of dealing with such problems to evolve. I suspect we are at the front of this curve!


Wednesday, July 23, 2008

Data Security – A Pervasive and Difficult Problem.

In the last week or so the Poynter Review reported in the UK Treasury.

The background to the review is covered here.

The Poynter Review

On 20 November 2007, the Chancellor appointed Kieran Poynter, the Chairman and Senior Partner of PricewaterhouseCoopers, to investigate the circumstances that led to the significant loss of confidential personal data on Child Benefit recipients and other recent losses of confidential data and the lessons to be learnt. Kieran Poynter published his final report on 25 June 2008.

Media links

After the review was published an opinion piece appeared in the London Financial Times.

Data security is not just a matter of technology

By Kieran Poynter

Published: July 15 2008 18:57 | Last updated: July 15 2008 18:57

The recent spate of high-profile data security breaches and the regulatory responses to them have once again thrust issues of data management into the limelight. I have spent the past few months looking at the issue and talking to leaders from the private and public sectors about data security issues. What has emerged is that there is a decided lack of ownership when it comes to data security, which cuts across all organis­ations.

There is a widespread perception that information security is an information technology issue and that produces a tendency to focus on security safeguards such as encrypting data on laptops, preventing use of USB memory sticks, password protection and so on. However, even in these areas experience shows that there is a long way to go.

Technological measures risk creating a false sense of security. Most breaches are the result of quite mundane physical factors and are essentially caused by process failures and/or people simply not knowing what to do.

Organisations can have all the policies and processes they like, but if their culture and values, management systems and scrutiny are not joined up in a clear governance framework, this lack of integration lends itself to data security exposures.

As the volume and depth of personal information that organisations hold on their customers, employees – indeed, on all of us – continue to grow, so do the potential regulatory, legal and reputation risks associated with failing to keep that data secure. While more and more businesses are taking data security seriously, the fact remains that serious breaches are on the rise, as is malicious activity by criminals seeking access to companies’ personal data.

Organisations with weak data security are generally also weak in terms of wider risk management and governance. So a failure adequately to manage information security risks is often symptomatic of broader risk issues or a fragmented governance framework.

More here (subscription required):


Poynter review: HMRC has radically reduced security risks

Richard Thurston | Jun 27, 2008 10:25 AM

HMRC has radically improved its data security measures since the breach which caused it to lose 25 million child benefit records in October last year.

PwC chairman Kieran Poynter, the man tasked to investigate what happened in the catastrophic HMRC data breach, has revealed that significant progress has been made since the disastrous information leakage last October

Those are the thoughts of Kieran Poynter, chairman of Price Waterhouse Coopers, whose review into the data breach was published yesterday.

The positive statement was published as part of a largely critical report which said there were "serious institutional deficiencies" and "no visible management of data security at any level" of HMRC.

But Poynter did take the opportunity to outline HMRC's achievements since the breach.

Among the more important he picked out were:

- Creating a new post of director of data security;
- Issuing clearer at-a-glance data security guidance, which gives examples of what can be sent by what mechanism, and in what circumstances;
- Mandatory attendance at a half-day information security workshop for all staff;
- A review of post room processes and practice to identify high risk security issues;
- Locking down write access to removable drives, with reversal of that policy only able to be made by a small number of designated personnel;
- A ban on the use of unencrypted laptops outside secure premises;
- The introduction of new controls for bulk data transmissions;
- Progress on developing a mechanism for secure electronic transfer of information with external partners.

"I am pleased to say that HMRC has significantly reduced the risk of further data loss since the incident," said Poynter.

More coverage is available here.


The broader picture is revealed in the following from the BBC.

MoD admits loss of secret files

More than 100 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it has emerged.

The department also admitted that more than 650 laptops had been stolen over the past four years - nearly double the figure previously claimed.

The Liberal Democrats condemned the latest security breaches as evidence of "shocking incompetence".

But the MoD insisted its policies were "generally fit for purpose".

Previously the MoD had confirmed that 347 laptops were stolen between 2004 and 2007.

The Mod said it has no idea on when, where and how the memory sticks were lost.

Defence Secretary Des Browne issued revised figures after "anomalies in the reporting process" were discovered.

The official total is now 658 laptops stolen, with another 89 lost. Just 32 have been recovered.

In a separate response, ministers said 121 of the department's USB memory sticks had been taken or misplaced since 2004.

Some 26 of those went this year - including three which contained information classified as "secret" and 19 which were "restricted".

BBC security correspondent Frank Gardner said the incident was "embarrassing" for the MoD as they had no idea how or when they had been lost or stolen.

Liberal Democrat MP Sarah Teather received the information after tabling a question in parliament.

Ms Teather said: "It seems that this government simply cannot be trusted with keeping sensitive information safe.

"This shows a shocking degree of incompetence."

Shadow defence secretary Liam Fox said: "To treat national security in such a cavalier fashion is unforgivable."

A Ministry of Defence spokesman said any loss of data was subject to a full inquiry and measures were being put into place to improve data protection.

Much more with multimedia here:


When one adds this to all the stories of loss of hospital records from the US it seems just no-one has worked out how to keep sensitive information safe. It seems it even happens in Wales!

NHS trusts lose confidential data

By Brian Meechan
BBC Wales political reporter

More than 150 incidents of data being lost at NHS trusts across Wales have put patient and staff details at risk.

Among the examples over a three year period, patient details from an entire children's ward in Wrexham were found on a piece of paper in a puddle.

In another revealed by BBC Wales after Freedom of Information (FOI) requests, a highly confidential child protection file was sent to the wrong address.

Health Minister Edwina Hart said she was "quite horrified" by the findings.

She said staff losing such data should be disciplined.

The cases were revealed in responses to BBC Wales to FOI requests to the trusts, which provide services through hospitals, health centres and clinics.


As it almost always is, we find it is the people and the systems that have let us down and allowed the leaks of information to occur.

The story of what happened with the UK Customs Service makes a great and very educational read and describes well systemic failures and how they should be addressed once identified.

The reports are well worth a read – especially if you are a manager responsible for handling any sensitive information!


Big Money To Be Saved with E-Prescribing

The following brief appeared a few days ago

E-prescriptions could cut federal expenses by $29 billion over next decade

Federal health expenditures could be reduced by up to $29 billion over the next decade if all Medicare prescriptions were transmitted electronically by 2010, according to a new study by Atlanta-based technology trade association AeA. But "eHealth 301: Electronic Prescriptions" notes that although e-prescribing has increased over the past several years, only two percent of all prescriptions were transmitted electronically in 2007.

Source: Telemedicine and e-Health News Alerts

The full .pdf file is found here.


A very big number – even if only half true makes a compelling case!


Tuesday, July 22, 2008

Those Canny Scots are at IT Again!

Many reports of the Scottish Executive’s new E-Health Strategy this week.

Scotland commits to incremental e-health

01 Jul 2008

The Scottish government has pledged to further consolidate its SCI Gateway and SCI Store, and enhance its Emergency Care Summary Service, in its new e-health strategy for 2008-11.

The strategy lays out NHS Scotland’s approach to ‘electronic patient records and electronic communication becoming the primary means to manage healthcare information within the health system.’

While no specific budgetary commitment has been made, the Scottish Executive says it aims to boost the national e-health budget from the £40m spent in 2005/6 to £140m in 2010/11. In total it says NHS Scotland spent £225m on IM&T in 2006/2007.

It reiterates the commitment to stick to its current step-by-step approach and build on the systems already in use in Scotland: “We have already successfully implemented initiatives such as SCI Store, SCI Gateway and the Emergency Care Summary which help us to join systems and share information but we need to move further.”

Big bang approaches to e-health are rejected as risky and potentially disruptive: “An attempt to move to this new world in a single bound, even if achievable, would take a number of years and would be disruptive. NHS Scotland has to date chosen to approach this vision step-by-step; by building on what we have already successfully achieved, carefully addressing risks and resources to gain benefit from our effort as we go,” says the report.

Examples of exploiting existing systems includes using the SCI Gateway – a national system that integrates primary and secondary care systems - and SCI Store - an information repository which is integrated to other local systems - to support the information and reporting framework for the 18-week waits programme. This is envisaged to be completed by September

The Emergency Care Summary will also be enhanced over the next three years with additional items of patient information, such as a single medication record, and it will also be made available to a wider user base.

Lots more here:


Download the Strategy here e-health Strategy 2008.

The release is also covered here:

Scotland launches e-health strategy for 2008

Tuesday 1st July 2008

The Scottish government has launched its e-health Strategy 2008 at this year's NHS Scotland Event.

The vision for e-health supports the goals as set out in the Better Health Better Care Action Plan.

The plan aims to exploit the power of electronic information to help ensure that patients get the right care, involving the right clinicians, at the right time, to deliver the right outcomes. It is therefore as much about transforming traditional processes as it is about technology.

Nicola Sturgeon said: "Building for the future means an investment in new technology. Our eHealth Strategy demonstrates how we intend to harness the opportunities of new technology to enhance patient care.

More details are found here:


Coverage from the GP perspective is here:

Scottish GPs to get choice of systems

30 Jun 2008

The Scottish government is to set up a national framework contract for GP systems and launch a procurement for an IT system or systems to replace GPASS, according to its new e-health strategy.

The plan means Scottish practices are likely to be brought under a Scottish version of England’s GP Systems of Choice (GPSoC) agreement with boards given flexibility about how to meet the needs of community staff. In addition a procurement will be launched for a system to replace GPASS although it is unclear whether this will involve one or more systems. Plans to procure a system that covers both primary and community staff appear to have been dropped.

The e-health strategy for Scotland was launched by Scottish health secretary Nicola Sturgeon last week at the NHS Scotland Event held to celebrate 60 years of the NHS in Scotland.

The deputy first minister told the conference the three year strategy from 2008 to 2011 would enable Scotland to build the platform for an electronic patient record to support patients and improve their experience of care throughout the healthcare journey.

More here:


There is not much to really add. Scotland has worked steadily and incrementally and it is really paying off as their capabilities and range of available applications increases.

Well worth a browse.


Queensland Health Loses its CIO.

It seems there has been a major policy shift at Queensland Health. It now seems it is mandatory to have a clinician as the CIO to assist with the implementation of clinical systems.

Qld Health takes a turn for worse

Abstracted from The Australian Financial Review

Richard Ashby is the new acting CIO at the IT and telco division of Queensland Health. The appointment follows the sudden departure of Paul Summergreene, who had only stepped into the CIO role less than 12 months earlier. Under a restructuring, it is apparently a requirement for the office holder to also have a clinical background.

More here:


The full details are here:


and here:


This is not a bad idea, just as long as the individual appointed has both a strong clinical background, a strong understanding of how technology can be used to improve the health system, and the managerial skills to have the health sector come with him on the necessary journey of implementation and change. I hope Dr Ashby has all three!

Being a CIO for a State Health System is a real challenge! Sadly the incumbents often do not last long enough to get the job done.


Monday, July 21, 2008

The Most Important Report on e-Health and Quality and Safety for 2008.

The following report was released a few weeks ago.

The Impact of eHealth on the Quality & Safety of Healthcare

Friday, 27 June 2008

A Systemic Overview & Synthesis of the Literature Report for the NHS Connecting for Health Evaluation Programme

Josip Car, Ashly Black, Chantelle Anandan, Kathrin Cresswell, Claudia Pagliari, Brian McKinstry, Rob Procter, Azeem Majeed and Aziz Sheikh

- There have been substantial developments in information technology hardware and software capabilities over recent decades and there is now considerable potential to apply these technological developments in relation to aspects of healthcare provision.

- Of particular international interest is the deployment of eHealth applications - that is the use of information technology in healthcare contexts - with a view to improving the quality, safety and efficiency of healthcare.

- Whilst these eHealth technologies have considerable potential to aid professionals in delivering healthcare, the use of these new technologies may also introduce significant new unanticipated risks to patients.

- Also of concern is that even when high quality interventions are developed, they frequently fail to live up to their potential when deployed in the "real world"; a major factor contributing to this paradox is professional resistance to the introduction and use of poorly designed applications.

- Given that the NHS is now committed to the largest eHealth-based modernisation programme in the world, it is appropriate and timely to critically review the international eHealth literature with a view to identifying lessons that can usefully be learnt with respect to the future development, design, deployment and evaluation of eHealth applications.

Download The Impact of eHealth on the Quality & Safety of Healthcare (.pdf, 7.220 KB).

More here:


A useful presentation is also available here.


This is one of those reports that simply has to be read to be appreciated – at the very least the introductory 28 pages are vital and must not be missed by anyone interested in where e-Health is at present and where it probably needs to move.

It is good that those involved are now moving on with the following.

NHS Connecting for Health's NHS Care Record Service Evaluation Begins

Saturday, 12 July 2008

NHS Connecting for Health, the flagship NHS IT programme, is to be evaluated by a national team of researchers led by the University of Edinburgh. The £1.5m study, which begins on 1st September 2008, will run until December 2010 and also involves researchers from the Universities of Nottingham, LSE, School of Pharmacy and the NHS. It will evaluate specifically the adoption of the NHS' Care Record Service which is being implemented in hospitals throughout England.

More here:


The key lesson I take from my reading is that it seems very likely use of Health IT can make a difference to quality and safety of patient care (it is assumed efficiency and care co-ordination is doable and valuable – certainly in countries with high levels of administrative complexity like the USA) but that the hard academic work is yet to be done to prove that is actually the case.

The situation in academic e-Health in Australia is, I fear typical, where both funds and career paths are problematic. Until this is fixed and we can do the trials that are needed to link the use of technology to really improved clinical outcomes in the real world the debate will continue. I wonder will I last long enough to see that happy day?