Monday, 3 October 2016

Communicating science when we don't really understand it

(or how the heck do we explain what we actually know about epigenetics)


I was recently part of a Tweetchat [#EPNtalks](see here for @EpigenomicsNet storify of the chat)

I threw something out there that I have been thinking about for about five years.

Where is Genetics/Genomics/Epigenetics 's Stephen Hawking- or probably more accurately for today's kids our Neil Tyson DeGrasse?

N.B. While I love the Emperor of All Maladies, that is not the direction I envision with all due respect to Dr.Mukherjee.

I find it really frustrating that with all the great communicators that I know are in the field, we do not have a book that is targeted to the general public.

It is a frustration that I think has stunted the field, allowed a bunch of illogical mumbo-jumbo to replace clear concise analogy. 

In my mind there are a lot of reasons that we have gotten here...some of them are acceptable like the fundamental changes in funding levels that have been seen world-wide in the last decade or so. There are also some that I find completely unacceptable.

Here is a short list of unacceptable reason why "our" ability to communicate genetics/epigenetics sucks:
  1. We (scientists) don't actually understand much beyond their little patch of grass. I think we force a ridiculous level of specialization on trainees and students.
  2. We don't have well thought out experiments. In the last five or so years we have gone with this notion that you can collect data and find clear real, unbiased answers without a hypothesis.
  3. We  don't train Ph.D students to analyze (strongly related to #2). It is common fort MolBio, Genetics or Biochem graduate students to NOT take a statistics course prior to starting their Ph.D. 
  4. We have fallen in love with jargon. Getting through a Science or Nature paper nowadays is a horrendous effort in acronyms and 5 syllable words. 
  5. We have left public relations to the universities as we are too busy - doing science- to explain.  
I have put some thought into this and I have outline a potential book or probably better as a video series. I have attached it below. As always if you have any comments please add them below or email me directly at crwynder AT gmail  DOT com
Script for a potential script and book on epigenetics
My script/book idea for a book focused on how the machinery of Epigenetics relates to the real world examples of diversity and development.

Monday, 30 March 2015

It is not the EMR that sucks it is your lack of a information governance strategy

Hospitals are drowning is technological deficits; aging equipment, poor information security, unusable electronic health records and importantly no way to effective share patient records with patients or partners. A recent study shows that two out of three hospitals are not meeting HITECH standards for Health Information Exchanges. The authors note that even though there are fines (see here for HITECH fines), it is unlikely that these will spur adoption of health information exchanges (HIE).

Bernie Monegain (Editor Healthcare IT News) does a great job summarizing the article. From a software vendor perspective this seems like a perfect storm; a gap in capabilities, upcoming deadlines and a change in revenue models. In any other industry there would be lines of vendors at every hospital's CFO's door trumpeting their ability to help them meet their deadlines. Unfortunately the usual suspect vendors in HealthIT have not seized the opportunity (see here).

As I have mention before this is where ECM, WEM, etc vendors should be stepping in to fill the gap.Hospitals of all sizes will need to be able to confidently exchange patient information and make it available to patients once Meaningful use 2 standards for patient accessibility come into affect. Providibng a mechanism to share patient information in a standardized, secure manner is not a nice to have item, it is a required item to meet obligations-it should be on every hospital CIO, CFO and CEO's radar.

It also speaks to the larger problem of what electronic health records are strategically versus the narrow software characterization. Healthcare providers and thought leaders need to acknowledge the software sucks, and is not the best place to share and view information. It is just a dumb database designed to HOUSE patient information in a safe manner- as the name suggests a EHR is part of a records management strategy.

Electronic Patient information has the potential to increase the efficiency and cost effectiveness of healthcare delivery. The problem is the variety of solutions deployed by individual healthcare practices makes integration at the regional and national level difficult. As a rule they have been bought as point solutions to a immediate problem rather than as part of a healthcare information governance strategy.

It is time to look past a single solution that has a single set of technical specifications and build a system that manages data access.

As with any application rationalization process, it is important to define the costs, benefits and integration needs for any new enterprise application. Make no mistake; Health IT can no longer be a single application portfolio, they have to move to an ecosystem approach based on both clinical and administrative needs.

The failure of the single point solution of EHR/EMR has cause many IT professionals to take a negative view of information technology itself. As I have mentioned before, the problem is not the storage of the information it is how to access the information- it is a content management issue-be it ECM, WCM or -gasp-(SharePoint). EHR.EMR systems are horrible at providing access. For meaningful use 3 compliance and for your external marketing you need some kind of content serving system.

For organizations in a position to move to the newest EHR/EMR products, there may be no reason to have an additional system.For everyone who doesn't see a rip and replace in their next five years, consider how all the devices and partnerships that you have (and will have to grow to stay in compliance with Meaningful use).

You have a variety of regulatory items to think about as you develop your information governance strategy:

HIPAA 5010 covers Electronic data exchange(EDI[X12]) compliance standards as mandated for 1/1/2012: It covers exchange of all data transmitted by FTP, HTTPs, etc. Also encompasses the letter and number codes used for identifying file types during transactions. 5010 is largely an attempt to standardize the file codes in a way that increases security through in-flight encryption with de-crypt at each end. This is only possible if there is a standard metadata set.

ICD-10 is completely different it is the International Classification of Diseases (Rev. 10). This is used mainly for e-billing purposes as part of the diagnostic reference. It is not the official standard in the US until 10/1/2013, HIPAA 5010 EDI standards is a prerequisite for use of ICD-10.

Device access Smartphones and tablet computers represent the next wave of technological innovation in healthcare not to mention medical devices and consumer health apps (see here for more thoughts).

Mobile is a key aspect of your long term success. Hospitals have a variety of high earning "part-time" and ad hoc employees with their own businesses to run. You need a way to integrate their independent process and access into your secure information systems.

As with any access decision the type of information that can be accesses has to be balanced against the need for audit and security. The key is to remember the needs of end-users:
Doctors need access to all data, so restricting parts of the records is not an option.
Nurses need to update records on the fly.

IoT devices- There has been a lot of new devices for use in healthcare- patient owned health apps, mobile phones and wireless medical devices (see here for more on this). One of the key short comings of today's EMR/EHR products is their lack of abilities on the user experience front. Hospitals need to move away from single point solution planning for applications to a information management strategy that includes integration of outside data- whether it comes from patients, partner clinics or device vendors.

IT managers need to take the initiative and do these three things:

  1. Ensure that the process involves care providers and administration in the same room. These meetings cannot be for show. All decision makers must be involved. 
  2. Get to know who the key decision-making doctors are in each department and develop a relationship. Some doctors are in favor of EHR find out who these are in your hospital/clinic and involve them in building a strategy for how to attack the implementation. 
  3. Get care providers on-board during the demonstration phase. Take your key decision makers through the products ask questions about the mundane parts of the software (first impressions of the GUI, how to access the records) not just the big picture items.

Tuesday, 24 March 2015

Supporting clinical research; a conversation with LifeQ

The age of biometric data is upon us, but the science is not ready to explain what the data means. In some ways it is really exciting, the potential is huge- even if we ignore the marketing materials and focus on the potential long term use of simple data collected under real world conditions. Stephanie Lee from buzzfeed had a sobering analysis of Apple's new Researchkit that the healthcare and clinical research value of the data is pretty much zero. I completely agree with (see my thoughts on Apple's foray into healthcare here). The only group that might see some value is the same group that has access to healthcare and quality jobs (see here for primary data from Pew Institute). This means that the biometric data pulled from "iEcosystem" will not reflect the population that acutely needs to be understood biometrically. (I'll provide a detailed example of the issues later in this blog.)
In my opinion; any data that is tied to a specific mobile device or "Internet of Things" (IoT) object is useless for healthcare unless it can be compared and combined on aggregate across devices and demographics.
It reminds of the mid-nineties when genomic sequencing was going to revolutionize healthcare and disease treatment. Twenty years later and we are finally realizing that the genome is an almost irrelevant piece. That the context of how that genome is read, acted upon by the cell, and communicated between cells is more important then any point mutations or small scale genomic changes. (I have written about thishere, in the context of cancer.)
The genomic age was necessary to spark the discoveries that are starting to change healthcare but the changes in healthcare won't be realized because of genomic biology. It seems to me that we are at the same crossroad with the Internet of Things (IoT). The technology is really cool and the visualizations are solid but......what do I do with it?
For example, I have a Fitbit it has literally change my activity due purely to trying to get to 10,000 steps......I think thats a good thing- I mean I lost weight, my back is better.....but I am left wanting more, what types of activity are related to my weight loss? Have I gone far enough-am I at lower risk for all of the things that I worry about from a health perspective?
I can tell you the data collected by my Fitbit is pretty useless to answer these questions. I downloaded it all ran it through a few different statistical models and guess what? None of it appears to be relevant to my on-going good health. I still use my Fitbit to track my activity but I have no illusions about the role that the collected data plays in my healthcare decisions.
I recently had a chance to talk to a really interesting start-up company called LifeQ. LifeQ (@LifeQinc) has restored some of my enthusiasm for IoT and real impactful changes in healthcare. LifeQ has taken a different approach to the internet of things. LifeQ owns intellectual property on for an optical sensor that uses light waves to penetrate the surface of the skin to monitor multiple biological measurables; heart rate, blood pressure, oxygen saturation, with other important measurables such as glucose in the beta testing phase. The real power of LifeQ is not the measurables. Most of the metrics that their sensor measures are relativelty common place. Many devices can measure heart rate, blood pressure, glucose, these are not unique. The true value of LifeQ as a IoT vendor is really in the predicative models and software that allows identification of changes in ones own biology. As Christopher Rimmer pointed out this very similar to the model that Google, Microsoft and Apple have pioneeered. LifeQ owns the core data acquisition ("OS") and the core platform for integrating and using the information ("search engine"). If LifeQ can be half as disruptive in healthcare as Google has been in mobile, they can be a driving force for systemic cost reductions and better treatment outcomes.

The device agnostic approach gives LifeQ a wide potential market in healthcare, fitness as well as the flexibility to weather the inevitable changes to the device ecosystem that end users are willing to use. The focus on data acquisition and analysis reduces the overhead and ensures that the width and breadth of data needed for accurate modeling can be gathered.
As LifeQ told me during our conversation "You can't build a great, high quality algorithm and data access AND build multi-functional devices at the level required to collect the data we need. There are plenty of companies in the health, medical and consumer device world with the pockets and desire to build high quality readers."
It is a really smart strategy, especially in the complex global healthcare and lifestyle market(s). Focusing on their strength and being choosy about the partnerships. This strategy allows LifeQ to ensure data quality and more importantly from a medical perspective, information security. High quality data that is combinable across devices is necessary to keep the predicative models relevant, and increase in accuracy with successive iterations.
Obviously the key risks are in how to ensure the partners continue to innovate on the physical devices and the integration of different device collected data into a single model. To keep with the Google analogy how do you build the back end to protect against the fragmentation of the device type when each device manufacturer has specific needs and market segments. The kind of companies that they are dealing with understand the necessity of spending on the hardware.
Not surprisingly the initial partnerships are consumer focused, within the personal potential niche, for example those that cater to extreme athletes. Some wider consumer focused. An interesting aspect will be how LifeQ can integrate the niche data into the predicative model without biasing against normal peoples fluctuations. For example, we know that part of what makes elite atheletes, well elite, is speed of recovery; their heartbeat decreases at rest faster, their rate of breathing decreases faster, muscles recover faster. So as LifeQ collects this data, what value does this data have for us "normals" will the models be accurate?
It is not an insurmountable challenge but the awareness of how the data can influence the model and vice versa is a concern for any IoT or Quantified Self technology. It is the early adopter problem, your initial feedback from fanboys and people who share your vision can blind to the general publics use cases and expectations. It is the exact problem that caused Google to shutdown Glass.LifeQ seems quite aware of the potential founder effect problems.
A more important (to me at least) is that they are also engaging the medical community to enable the kinds of use cases that have long term quality of life and better diagnostic test values for health monitoring. These kinds of markets are a growth market and can provide a reliable revenue stream. For example, at home monitoring or ambulatory care for basic monitoring of HR, breathing, Oxygen levels, blood glucose (coming soon). All of which can be monitored today by the LifeQ powered devices. The problem being that the current monitors that have the accuracy that LifeQ needs are cumbersome but they are easier to where than what most hospitals have- and can be worn for long periods of without patients being strapped to wires or stuck in bed. The potential for clearer test results under real conditions is tantalizing.
What is next?
Like all start-ups LifeQ is focusing on ensuring their product is the best by ensuring that every element that could negatively affect its core product. The really interesting piece will come from the meta-analysis once the number of users hits a large enough N to ensure predictability across populations.
LifeQ acknowledged the potential limitations of a optical sensor; skin color, lean muscle to fat ratios, as well as stability issues cause be user activity. They are working expanding the repetoire of sensors that LifeQ can collect data from as part of the platform.
The real issue that faces LifeQ and any of the more robust quantified self devices and analysis platforms really comes down to action steps. For that matter the same issue exists for personal genomics. What is the line between variation of the population and dangerous biometric signature? Is there more harm then good from telling folks everything?
LifeQ has a great platform, and appears to have all the pieces in place to be the "Google for healthcare." They certainly bear keeping an eye to see what they do next

Tuesday, 17 March 2015

Information Security and medical devices

Lately I've been thinking about consumer focused medical devices. I am a Fitbit user and only every access the information on my cell. I do not actively share my information in their communities but I assume that Fitbit uses my information, in aggregate, to make money.
I get it, they are an for-profit company and I am receiving a ultra cheap service, Fitbit needs to make money on that service somehow.
Now that I've got the niceties out of the way the rest of this blog is angry and rant-y. In terms of full disclosure some of my anger comes from the recent kerfuffle over General Mills' plan to treat social media as a binding contract to protect itself from litigation. My fright over the new internet of things and the push for an exponential growth in apps and developers by 2020 -which BTW is not that long from now.
Anytime we expand something gets left out....and usually in software development it is security and customer privacy (see here for a good summary of where we are at with App security). We already know that many vendors do not take information privacy and governance seriously. Look at the recent Anthem disclosure...and they know they are subject to HIPAA.
The Market potential is enormous
The potential market for technologically enhanced medical devices is huge. (The market breakdown and total value are Espicom numbers. All analysis of the potential of technology to replace or enhance each category is mine. The Canadian market numbers are easily available-and could be verified, most estimates put the US market at 10-100 times the size)
I estimate at a $2 Billion dollar market in Canada based on current trends and the potential for technology to enhance the current medical devices when broken down by category. If we assume that some of the devices will collect information this puts the potential software market at $1.2B in Canada alone. The opportunity is enormous...for both commercial adventures and the rampant loss of patient privacy.
A lack of responsibility on the part of software companies
The other part comes from my attempts at conversations with a couple of consumer focused but information sharing applications. One company provides a cloud based service that allows doctors and medical students to share patient information, including pictures, with other doctors. It is a great premise BUT......what protection is there for patients? I contacted the company and basically their protections are focused on their own bottom line, the have a "policy in place that meets all legal obligations in their local jurisdictions".....THEY ONLY HAVE POLICY......they also would not disclose and had no plans to be proactive about applying any technical protections to block the sharing of patient data.
Am I the only person that has a problem with this?!? This is a product designed for medical personnel to SHARE patient information and they have no plans to protect the data!@!
As we move forward into the wearables and internet of things era, what are the obligations to these companies that hold personal information? We, as consumers, need to hold customer facing companies responsible for protecting customer information. Doctors and people within the software industry in particular should be absolutely ashamed of the state of the medical device and health app security. Both groups have actively undermined efforts to enact better regulations by complaining that it will kill the industry. Here is a note if you lose private health information- it will kill your company. Shouldn't a company that provides a service that enables the sharing of medical information as accountable? Should they be allowed to merely point to a piece of "paper" and say "not our problem?!?" If your policy says that the user must comply with hospital regulations on patient data sharing, you should provide the hospital a method to enforce policy. As a patient I need to know that the med student is not sharing pictures of my serious and potentially embarrassing problem just to have a laugh with their friends. It is the reason that Box is such a fast growing product! It gives end users what they need and it gives the business the protections it may need. In this age of PRISM and companies selling your data (see here for stats), wouldn't it be a marketing advantage to tell customers you go beyond the minimal standards that were set for a paper based age?
Here is my POV on this: If you are enabling sharing of a person's medical information-whether they are your customer or the patient of a customer's- you are obligated to protect that data from the stupidity or laziness of your users. How many busy residents are really going to take the time to ask their patients if they can share the x-ray? Especially if they can control capture and share from a personally owned device? Should I as a patient be forced to spell out the conditions under which I will allow students and doctors to share my information? Is that really a winning strategy in an age of user experience? There should be no such things as Facebook, Dropbox or Google drive for doctors! At a minimum you should provide hospitals the option of enabling controls based on their policy and not just weasel out of it by throwing your hands up and saying hey we did our job, they told us that it was alright.

Thursday, 1 May 2014

The obligation of mHealth vendors to protect patient information

Lately I've been thinking about consumer focused medical devices. I am a Fitbit user and only every access the information on my cell. I do not actively share the information in their communities but I assume that Fitbit uses my information, in aggregate, to make money. I get it, they are an for-profit company and I am receiving a ultra cheap service, Fitbit needs to make money on that service somehow.

Now that I've got the niceties out of the way the rest of this blog is angry and rant-y. In terms of full disclosure some of my anger comes from the recent kerfuffle over General Mills' plan to treat social media as a binding contract to protect itself from litigation. The other part comes from my interactions with a couple of consumer focused but information sharing applications. One company provides a cloud based service that allows doctors and medical students to share patient information, including pictures, with other doctors. It is a great premise BUT......what protection is their for patients? 

I contacted the company and basically their protections are focused on their bottom line, the have a "policy in place that meets all legal obligations in their local jurisdictions"......they also would not disclose and had no plans to be proactive about applying any technical protections to block the sharing of patient data.

Am I the only person that has a problem with this?!? 

As we move forward into the wearables and internet of things era, what are the obligations to these companies? 

We hold customer facing companies responsible for protecting customer information. Shouldn't a company that provides a service that enables the sharing of medical information as accountable? Should they be allowed to merely point to a piece of "paper" and say "not our problem?!?" 

If your policy says that the user must comply with hospital regulations on patient data sharing, you should provide the hospital a method to enforce policy. As a patient I need to know that the med student is not sharing pictures of my serious and potentially embarrassing problem just to have a laugh with their friends. It is the reason that Box is such a fast growing product! It gives end users what they need and it gives the business the protections it may need. 

In this age of prism and companies selling your data (see here for stats), wouldn't it be a marketing advantage to tell customers you go beyond the minimal?

Here is my POV on this: If you are enabling sharing of a person's medical information, you are obligated to protect that data from the stupidity or laziness of your users. 

How many busy residents are really going to take the time to ask their patients if they can share the x-ray? Especially if they can control capture and share from a personally owned device? Should I as a patient be forced to spell out the conditions under which I will allow students and doctors to share my information? 

There should be no such things as Facebook, Dropbox or Google drive for doctors! At a minimum you should provide hospitals the option of enabling controls based on their policy and not just weasel out of it by throwing your hands up and saying hey we did our job, they told us that it was alright.

Tuesday, 8 April 2014

Clinical data random information

I've become an information hoarder. As I spend more time thinking about Information Management and speeding the move to better technical systems, I am amazed how general the principals of design are between the different industries.

Here is a noobs (i.e. me) "plain spoken" understanding of a key term in managing patient data across hospitials and for predicative analytics and personal health decison making.

Level setting (i.e. in general the definition of Clinical data warehousing) Clinical data warehousing is a patient identifier organized, integrated, historically archived collection of data.

For the most part the purpose of CDW is as a database for hospitals and healthcare workers to analyze and make informed decisions on both individual patient care and forecasting where a hospital’s patient population is going to need greater care (i.e. patient’s are showing up as obese; therefore the need for specific hospital programs to fight diabetes are a good idea).

Data warehousing in healthcare also has use in preparing for both full ICD-10 and meaningful use implementation. For example; McKesson through its Enterprise intelligence module probably has plenty of CDW management capabilities the only interested in meeting the upcoming ICD-10 and meaningful use deadlines. These kinds of worries are only for US hospitals. However since Canada requires ICD-10 compliance for all EMR systems this does present a benefit to Canadian healthcare.

In principal since data warehousing at its core is about building a relational database and should be EMR supplier agnostic. Since McKesson is an ICD-10 and meaningful use- ready supplier, the database itself should conform to standards that would allow general solutions to be used. This article goes through some of the potential benefits and pain points. It is tailored to clinical trials but the underlying message that building a CDW is a ongoing procedure is the same for other uses.

One example of how this may be done is Stanford’s STRIDE; they used HL7 reference information model to combine their Cerner and Epic databases. This is part of a larger opensource project that may be an option if an organization has some development expertise.

Since the main user of CDWs tends to be the people doing the analysis (current buzzwords for search for analytics include:BI, Predictive analytics, enterprise planning, etc) it is probably useful for Health IT professionals to understand its WHO and WHAT the CDW is for within the organization...i.e. have a full blown Information Governance plan that places a value on information not just a risk assessment. 

Friday, 28 March 2014

Security without usability isn't better healthcare

I spend a lot of my time understanding how information is stored, accessed and protected as part of my role as a IT analyst. I always am astounded at how little of what is standard practice in many industries as not filtered over to health care and/or life sciences (Pharma+Biotech+academia).

The recent hub-bub about ACA (AKA Obamacare) has completely yelled over the real transformation opportunity in healthcare. Up until the recent deadlines and political fights regarding ACA "everyone" was really concerned about meaningful use. The TL;DR version of the MU legislation is this: make information available to care providers and patients.

So what are we really talking about here? It is really pretty simple; it is information management and the processes that guard against mis-use while enabling productivity.

Lets be honest the EHR/EMR solutions implemented at most organizations do not enable productivity or protect information. Doctors hate them because they do not fit their work patterns (see here), hospitals are have significant issues with data protection (see here) and importantly it is not mitigating the biggest risk to patient outcomes (and hospital liability) (see here).  

It is time to re-think the information silos in healthcare.

So if a single poorly accessed EHR is not the answer, what is?

I would argue that we need to think about this based on information flow and how we expect the value to be delivered. In this case patient care.

An interesting model to think about is the Canadian delivery model. For example; Ontario E-health has determined it is neither cost effective nor timely to build a single system for every hospital.  At the moment, 70% of all physician practices and hospitals already have some sort of EHR system in place. So rip and replace is not an option, the reality is we need to make lemonade.

Since Ontario funds the hospitals through direct allocation of tax revenue, it is loathe flush that money down the drain. 

Therefore the best approach is to control the data itself (including digital images, prescription history, surgery, etc) and letting the individual hospitals control how they view and use the data. 

In other words- Make it easier to access information based on who you are and what you need the information for!

Focus on the Information exchange layer

Consolidated Information Management layout for Patient care focus. 
So how do we do this without moving to brand new systems and shiny new toys?

The same way every other industry is doing it; especially low margin high risk industries such as Oil and gas, Insurance and Manufacturing. Keep the clunky but very secure system and take advantage of the new technologies that enable information sharing. Instead of all-in-one solution add an ECM or portal to manage rights, search and presentation. It will be more cost-effective than doing nothing or rip and replace.

This structure controls movement and access to patient data, allowing for quick access to the appropriate information based on job and location.  It provides a structure that takes advantage of the current investment in a secure database yet provides a flexible layer that is designed to convey information in context for end users. 

This may not be the best system or the system that you would design from scratch with an unlimited budget, but it gives a long term flexibility AND doesn't require a rip and replace of your current EMR/EHR. It should provide very good, highly usable healthcare at a reasonable cost.

The way they are going about the change may not be splashy but it will work for both patients and doctors- that’s a great thing. The one thing it won’t fix is the doctors who refuse to use it-and that is a bad thing.

There is additional cost involved in this model but if teh doctors and nurses do not use what you have now.....would salvaging that investment be better?

Love any comments or critique of the model.