Rush Proxy Bookmarklet

Graham Walker, a tech-savvy ER Resident who blogs over at The Central Line, recently posted a really nifty little solution to a problem that plagues higher education. Many academic journals require subscriptions to view their contents, and although most school libraries offer proxy accounts to facilitate student access from home, these accounts are often cumbersome to use. His solution was to create a bookmarklet to streamline the process of accessing these materials via proxy account. His video demonstrates how this works really well.

I went ahead and created a Rush University version using his awesome proxy bookmarklet generator. You can create one too by going to the generator and entering: “” (without quotes) and clicking “Make the Bookmarklet!” You can save the new link as one of your favorites or simply drag it into your “bookmarks tool bar” if you use Firefox. Then, the next time you’re browsing your favorite academic journal, hit your bookmarklet to easily access the material via your proxy account. Obviously if you’re at a different institution, substitute your school’s proxy account.

If you’re interested, this is the code:

I’d like to reiterate that I did nothing to write this code, and it’s all thanks to Graham Walker. If you like this code, you may also want to check out Dr. Walker’s incredibly useful

Panda’s Back!!

I was just doing some reading yesterday and saw that PandaBear, MD’s blog is now being archived over at SDN. I’ve stayed subscribed to his original site’s feed since he retired just in case he ever popped back in to say anything. As I wandered over to the SDN archive expecting to find a 1:1 copy of his original site, I saw that he actually started writing again on this new site back in March! This just made my day. I’ve got some serious catching up to do! If you’ve never read Panda’s blog, you can start with some things that I thought were notable. Enjoy!

Medicine in an electronic age

The following is the fifth (and probably final) post in a series entitled, “Securing your Email.” I’ve spent the majority of the series talking about logistical things like why secure email is important and how to get started with public-key cryptography. If you look back at my first post, you’ll see that the reason I went out and learned all of this (and wrote about it ad nauseum) is because I feel like it’s an incredibly interesting and important topic where medicine meets technology.

Communication throughout the world is becoming more and more electronic, and things are changing rapidly. In the field of medicine five years ago, most institutions (including very large hospitals) were still using paper records. In fact, even today a number of institutions still do. Doctors communicated by telephones and pagers, and records from other facilities were carried in by hand or faxed. With the technological advances in the last 10 years, today a physician could easily be consulted halfway around the world with a simple email, and a copy of an X-ray or CT-scan could be sent electronically. These changes in the way health care is administered presents a new set of problems to the industry.

This electronic age spawned a strong concern about health care privacy in the United States, which was addressed by HIPAA. The health care industry spends an incredible amount of time and resources dedicated to preserving people’s privacy. They spend millions and millions of dollars on “enterprise level solutions” to make sure that they can work online safely. These are not always dollars well-spent, but that’s the topic for another day. Unfortunately these solutions end up restricting health care professionals in such a way as to reduce the utility of the system. As an example, I’m going to talk about email (as you might have guessed).

As I pointed out in my first post, I’ve been thinking about this for a while. How in the world can health care institutions, who are so concerned about privacy and protection of their patient’s data, not be doing more to provide secure email solutions? I think I’m in an appropriate position to answer that question. I’m part of a committee that has been charged with selecting a new email provider for the hospital. We’re currently looking into a number of different vendors, and a question that consistently comes up is about “email security.” We’ve got a number of people on our committee including people from IS, the legal department, and human resources staff as well as physicians, nurses and students. Their “email security” questions have the best intentions. They want to make sure that the solution we choose is going to keep our patients’ data safe.

At the same time, however, I feel like there is a knowledge gap as to what they know about email security. I feel like most (if not all) of the people involved just want someone to say “your email is super-duper secure with our system.” One vendor took it a step further and started talking specifics of cool stuff that their system can do to prevent, for example, someone from emailing Protected Healthcare Information, or PHI, to someone outside of Rush. The problem I (and some members of the legal department) have is that sometimes this information needs to be sent out, for example to a lawyer’s office. From a patient’s perspective, if I request that my physician contact me via email with my lab results as opposed to over the phone, should that be discouraged? But it is, and that’s because some of the people in the IS departments across the land realize how insecure email is. So we need to make it more secure, and in order to do that, we have to understand where its security flaws lie.

The problem is that most institutions don’t look at the problem like that. They don’t get an unbiased assessment of email security. Instead they get a vendor to sell them an “email security solution” in which the vendor defines what secure email is and how their solution fits the bill. I’m not saying that all companies are giving a false sense of security, but it’s definitely a concern. It’s exactly why you have to understand the problem before you go looking for an answer. Things would be significantly different if a group of people like the “free software community” assessed a health care institution’s email security needs. In fact, the purpose of my post is to propose the following: the health care community should embrace the free software community’s model of email security.

Health care institutions have all the right resources already in place. They simply need to implement it. It would be fairly easy the create a public key server for your health care institution. When Housestaff and Physicians begin their tenure, they could easily be required to create a key pair during new employee orientation. Key pairs could be distributed on cheap flash drives for safe keeping and stored on a private server for easy access while on campus. Alternatively, keys could be distributed on smart cards. Since an institution has verified who an employee is, their internal web-of-trust will form easily. As long as someone’s public key has been signed by the company’s IS department, it can be trusted. These key servers could be made to exchange keys with those of other institutions or even external key servers, such as one set up by the NIH or the Department of Health and Human Services. Physicians also often travel to conferences, and “key signing parties” or booths could be set up to create a more full-fledged web of trust.

Having public keys freely available would make it easy for physicians to communicate more securely with one another. They’d be able to trust an email from a colleague. Plus, they’d be able to encrypt emails and attachments containing PHI. Physicians would also be able to communicate with their patients via email more freely. Patients could be given instructions how to acquire the physician’s public key and how to use it. It would be even better to set up a way to simplify the process by just emailing the patient a link so that an encrypted email could be viewed directly on the institution’s website. They wouldn’t need to worry about having the proper GPG client software installed, since they’d just have to click a link and the web page would decrypt the email for them.

Unfortunately, there are many in the health care IS industry that would rather none of this communication go on via email. They are probably smart to have a firm stance that no PHI should be communicated via email at this point since their email system is probably very insecure. The problem with their plan is that both now and in the future PHI is being sent via email and it’s probably not going to stop unless some serious consequences are put into place at individual institutions.

I have to wonder though. If the email system was actually set up securely and properly, why couldn’t PHI be sent via email? Why shouldn’t I be able to request my test results in electronic format from my doctor? These aren’t questions that are going to be addressed by any single institution, unfortunately, and this presents a very big problem in the near future. A number of other industries are currently caught in a downward spiral because they chose not to adapt to the Internet era. Does a similar fate await a health care industry that wants to deny physicians and consumers access to the PHI electronically under the guise of HIPAA and “we know what’s best” for protecting patients rights? Doing so is just going to drive the process more underground, giving them less control over the situation in the future. They’d be better off embracing the idea now and preparing for the future of medicine in an electronic age.

M3 Clerkships Lottery

Rush has a “lottery” to determine what order everyone’s M3 clerkships will be in. For those who don’t know, our M3 and M4 years are entirely clinical. We’re supposed to rank them from best to worst depending on our preferences, and a computer program will crunch the numbers and determine which order each student will get. Here’s my top choices:

M3 Clerkship lottery

My picks for the M3 Clerkship lottery

You can’t see the end of my list, but I essentially put everything at the bottom where Internal Medicine and Surgery are last. I prefer to have Medicine in the first half of the year. Surgery is supposed to be the most intense, so I attempted to pad my schedule before and/or after with a break or Psych (a notoriously laid-back rotation). I doubt I’ll change it any before tomorrow. Feel free to suggest changes or let me know what you think!

Making Mistakes

Making Mistakes | iface thoughts.  This was a great realization by Mr. Nadgouda.  Making mistakes (and learning from them) is the key to true innovation in any field.  Unfortunately, mistakes are not so “affordable” in medical treatment.

What can we do to continue to advance our field without endangering the lives of patients?  Is the only way to innovate in medicine through approved research?  Or is there a place for innovating and learning from mistakes in every medical practice that will not harm our patients?  What about the efficiency of your office and its dynamics?  What about innovation in the economics of the health care industry?

It’s something to think about.  Unfortunately, I think the threat of being slapped with a lawsuit has stifled a lot of potential innovation in medicine.  There is a fear of making mistakes, and a desire to maintain the status quo.  No doubt we want to reduce the number of negative patient outcomes, but that should not be done at the expense of the future of medicine and its practice.

The Inner Life of a Cell

Harvard made a great video called The Inner Life of a Cell a couple of years ago using some great computer graphics [hat tip Sadie]. It tells a brief story of the mechanism of inflammation being activated in a leukocyte. It was put to some great music by Studio Daily. I highly recommend you check it out.

If you’re wondering what all that stuff is, you can check out one of Harvard’s versions, which contain a play-by-play. I must admit that (having no real idea of what I was looking at) I got a little bit lost in the video, so Harvard’s version definitely helped clear up a few things. But Sadie and I agree that it’s pretty cool that we can watch a video like that and actually mostly understand it. After spending years studying something like bio, you forget how much you know about it that the average Joe has never even considered.

Panda Throws in the Towel

Well after years of writing, it appears that Panda Bear, M.D. is throwing in the towel on his blog. His was one of the few blogs I read regularly, and it’s one that no doubt has left an impact on my past and future as a physician. He says that he’ll be working on a book at some point in the future, and that’s one I’ll definitely look forward to reading. So long, Dr. Bear. Your insight, honesty, and sardonic humor will truly be missed, especially by the up-and-coming who have not yet encountered your work. His “My Personal Statement” is a classic Panda take on the AMCAS Personal Statement for medical school applications.

The premise of education

I read a very interesting article today, linked from an article on ifacethoughts (a blog I read). The article itself is about undergraduate Computer Science majors, but I felt like the premise goes far beyond that specific example. In reality it speaks to the terms of higher education in general, and I’m going to try to take it to heart in my own education.

See, I seldom think about the professional nature of the physician anymore. The way they throw facts at you in Anatomy and Physiology (not to mention Pharmacology and the rest to come), it seems like anyone with half a brain and a whole lot of hard work can memorize them all and become a successful physician. After all, there are government recommendations and guidelines for treating almost everything. While this may be true, I’m reminded of something I heard here at Rush (although I can’t remember where) that was reflected in that article. In it, Braithwaite probes at the nature of the undergrad CS major, who claims that more class time should be devoted to teaching more computer languages and detail in programming. If most of their students simply go to work for businesses who want them to be programmers who can produce solutions for them, why isn’t more time spent on teaching the ins and outs of various programming languages?

You are describing a vocational job to me. The rote application of practical principles is nothing more and nothing less. How is what you’re describing any different than a job as an accounts receivable clerk or a dental technician? Or a land surveyor? Or a architectural draftsperson?

He goes on to point out that there’s nothing wrong with vocational work or being a technician as long as you’re not lying to yourself about it. His greater point is to emphasize that it is not incredibly difficult to earn a degree, even with high marks, while understanding very little about the field.

The reality is that your degree is only a pacifier, a way to make you feel good about yourself. The industry is selling you the illusion of respect. I’m telling you this because the sooner you figure out the game, the sooner you can start playing instead of being played. If you really want to be more than a clerk, you can pay more attention to what is to be done and how much freedom you have to do it and less attention to whether there is a title or a degree involved.

It’s easy to get lost in the minutiae of details presented in class every day and forget about the bigger picture. But the point is that it’s not enough to just know the facts. If you do, then you are just a form of “clerk”. You need to understand the processes, why things are done (and even taught) the way they are, and why the field is going where it’s going. Otherwise you’ll not be in charge of your professional career and where it’s leading you. This is one of the main goals of education, although it’s often lost somewhere along the way.

On a sort of tangential note, this is an aspect of being a full-time practicing physician that worries me. In a linked article to the one above, he speaks about the role of academics in progressing the field, citing that most of their advances come from academia. I worry about becoming a person who only practices a craft as opposed to being a developer.

The cost of medical education

Hi. I know most people think that doctors make a lot of money and therefore don’t need to worry about the cost of their education. However, in reality I (like most med students) am likely going to graduate over $200,000 in debt. Your reaction may be “yeah but you’ll be making the big bucks then, and you can pay it all back”. While it may be true that I’ll be making a decent living at some point, I will not be doing so when I graduate from medical school. In fact I will be making about $40,000/year for the next 3-5 years of my life in residency, which is for an 80 hour work week and therefore is actually closer to minimum wage (not bad for someone with a professional degree). Previously, I (like most medical students) was eligible to claim economic hardship for the first 3 years and have my $200,000 bill wait for me until I could afford to pay it and the government would pay any interest accruing. Approximately 67% of medical residents qualified for economic hardship. This past September, Congress and the President passed a bill that disqualifies almost all medical residents from being able to claim economic hardship during this period. This means that medical residents will be left with a choice. Foot a $2,000+ bill every month or go into forbearance. When in forbearance, we will accrue interest on our entire $200,000+ loan for the entire 3-5 years while in residency. This is a lot of money! In a country that needs more doctors, our government should not be making someone’s choice to go into medicine more difficult with a hefty financial burden.

If you’d like to read more about this issue, the AMA has written up a good outline of the events. If you’d like to contact your Congress-people (like I did) and let them know you’re outraged they would do such a thing to the country’s future physicians, the AMA made an easy form to do it for you. Spread the word if you care to.