Medicine in an electronic age

The following is the fifth (and probably final) post in a series entitled, “Securing your Email.” I’ve spent the majority of the series talking about logistical things like why secure email is important and how to get started with public-key cryptography. If you look back at my first post, you’ll see that the reason I went out and learned all of this (and wrote about it ad nauseum) is because I feel like it’s an incredibly interesting and important topic where medicine meets technology.

Communication throughout the world is becoming more and more electronic, and things are changing rapidly. In the field of medicine five years ago, most institutions (including very large hospitals) were still using paper records. In fact, even today a number of institutions still do. Doctors communicated by telephones and pagers, and records from other facilities were carried in by hand or faxed. With the technological advances in the last 10 years, today a physician could easily be consulted halfway around the world with a simple email, and a copy of an X-ray or CT-scan could be sent electronically. These changes in the way health care is administered presents a new set of problems to the industry.

This electronic age spawned a strong concern about health care privacy in the United States, which was addressed by HIPAA. The health care industry spends an incredible amount of time and resources dedicated to preserving people’s privacy. They spend millions and millions of dollars on “enterprise level solutions” to make sure that they can work online safely. These are not always dollars well-spent, but that’s the topic for another day. Unfortunately these solutions end up restricting health care professionals in such a way as to reduce the utility of the system. As an example, I’m going to talk about email (as you might have guessed).

As I pointed out in my first post, I’ve been thinking about this for a while. How in the world can health care institutions, who are so concerned about privacy and protection of their patient’s data, not be doing more to provide secure email solutions? I think I’m in an appropriate position to answer that question. I’m part of a committee that has been charged with selecting a new email provider for the hospital. We’re currently looking into a number of different vendors, and a question that consistently comes up is about “email security.” We’ve got a number of people on our committee including people from IS, the legal department, and human resources staff as well as physicians, nurses and students. Their “email security” questions have the best intentions. They want to make sure that the solution we choose is going to keep our patients’ data safe.

At the same time, however, I feel like there is a knowledge gap as to what they know about email security. I feel like most (if not all) of the people involved just want someone to say “your email is super-duper secure with our system.” One vendor took it a step further and started talking specifics of cool stuff that their system can do to prevent, for example, someone from emailing Protected Healthcare Information, or PHI, to someone outside of Rush. The problem I (and some members of the legal department) have is that sometimes this information needs to be sent out, for example to a lawyer’s office. From a patient’s perspective, if I request that my physician contact me via email with my lab results as opposed to over the phone, should that be discouraged? But it is, and that’s because some of the people in the IS departments across the land realize how insecure email is. So we need to make it more secure, and in order to do that, we have to understand where its security flaws lie.

The problem is that most institutions don’t look at the problem like that. They don’t get an unbiased assessment of email security. Instead they get a vendor to sell them an “email security solution” in which the vendor defines what secure email is and how their solution fits the bill. I’m not saying that all companies are giving a false sense of security, but it’s definitely a concern. It’s exactly why you have to understand the problem before you go looking for an answer. Things would be significantly different if a group of people like the “free software community” assessed a health care institution’s email security needs. In fact, the purpose of my post is to propose the following: the health care community should embrace the free software community’s model of email security.

Health care institutions have all the right resources already in place. They simply need to implement it. It would be fairly easy the create a public key server for your health care institution. When Housestaff and Physicians begin their tenure, they could easily be required to create a key pair during new employee orientation. Key pairs could be distributed on cheap flash drives for safe keeping and stored on a private server for easy access while on campus. Alternatively, keys could be distributed on smart cards. Since an institution has verified who an employee is, their internal web-of-trust will form easily. As long as someone’s public key has been signed by the company’s IS department, it can be trusted. These key servers could be made to exchange keys with those of other institutions or even external key servers, such as one set up by the NIH or the Department of Health and Human Services. Physicians also often travel to conferences, and “key signing parties” or booths could be set up to create a more full-fledged web of trust.

Having public keys freely available would make it easy for physicians to communicate more securely with one another. They’d be able to trust an email from a colleague. Plus, they’d be able to encrypt emails and attachments containing PHI. Physicians would also be able to communicate with their patients via email more freely. Patients could be given instructions how to acquire the physician’s public key and how to use it. It would be even better to set up a way to simplify the process by just emailing the patient a link so that an encrypted email could be viewed directly on the institution’s website. They wouldn’t need to worry about having the proper GPG client software installed, since they’d just have to click a link and the web page would decrypt the email for them.

Unfortunately, there are many in the health care IS industry that would rather none of this communication go on via email. They are probably smart to have a firm stance that no PHI should be communicated via email at this point since their email system is probably very insecure. The problem with their plan is that both now and in the future PHI is being sent via email and it’s probably not going to stop unless some serious consequences are put into place at individual institutions.

I have to wonder though. If the email system was actually set up securely and properly, why couldn’t PHI be sent via email? Why shouldn’t I be able to request my test results in electronic format from my doctor? These aren’t questions that are going to be addressed by any single institution, unfortunately, and this presents a very big problem in the near future. A number of other industries are currently caught in a downward spiral because they chose not to adapt to the Internet era. Does a similar fate await a health care industry that wants to deny physicians and consumers access to the PHI electronically under the guise of HIPAA and “we know what’s best” for protecting patients rights? Doing so is just going to drive the process more underground, giving them less control over the situation in the future. They’d be better off embracing the idea now and preparing for the future of medicine in an electronic age.

Linux for Clinics

I ran across a new linux distro today that I thought was pretty cool. It’s called Linux for Clinics. It’s an Ubuntu-based linux distribution geared toward running an entire medical office. It utilizes a few project I’ve heard of before, like GNUmed, but this is pushing to be a full-fledged medical clinic OS. Development seems slow, but I’m hopeful that it continues because it could be a strong contender for clinics, especially ones with little funding. One critique I have in the development (which I of course know nothing about) is that they seem to be a vanilla Ubuntu install with a few different/altered packages. I wonder if this might be better accomplished using a Launchpad PPA as opposed to a full re-spin. It seems like this would make upkeep much more efficient between major Ubuntu releases every 6 months. I just don’t know if that’s feasible… If I have more time in the future, I may try to get involved in this.

M3 Clerkships Lottery

Rush has a “lottery” to determine what order everyone’s M3 clerkships will be in. For those who don’t know, our M3 and M4 years are entirely clinical. We’re supposed to rank them from best to worst depending on our preferences, and a computer program will crunch the numbers and determine which order each student will get. Here’s my top choices:

M3 Clerkship lottery

My picks for the M3 Clerkship lottery

You can’t see the end of my list, but I essentially put everything at the bottom where Internal Medicine and Surgery are last. I prefer to have Medicine in the first half of the year. Surgery is supposed to be the most intense, so I attempted to pad my schedule before and/or after with a break or Psych (a notoriously laid-back rotation). I doubt I’ll change it any before tomorrow. Feel free to suggest changes or let me know what you think!

Making Mistakes

Making Mistakes | iface thoughts.  This was a great realization by Mr. Nadgouda.  Making mistakes (and learning from them) is the key to true innovation in any field.  Unfortunately, mistakes are not so “affordable” in medical treatment.

What can we do to continue to advance our field without endangering the lives of patients?  Is the only way to innovate in medicine through approved research?  Or is there a place for innovating and learning from mistakes in every medical practice that will not harm our patients?  What about the efficiency of your office and its dynamics?  What about innovation in the economics of the health care industry?

It’s something to think about.  Unfortunately, I think the threat of being slapped with a lawsuit has stifled a lot of potential innovation in medicine.  There is a fear of making mistakes, and a desire to maintain the status quo.  No doubt we want to reduce the number of negative patient outcomes, but that should not be done at the expense of the future of medicine and its practice.

Taking Back The Power of Science

I read an article on Ars Technica [via /.]the other day that made me very worried about the future of scientific discovery in the US. With our currently failing economy, I don’t understand how we can still be making such idiotic decisions about the future of some of our most innovative industries.

The scientific research industry is fueled by governmentally funded programs like the NIH and NSF. As a taxpayer and citizen, I cannot believe the idiocy of some of statments against open access in Congress. There is a particularly poignant response on the /. article demonstrating how the greed of publishing companies in a dying industry are attempting to use their financial power and influence over government to squelch dissenters that oppose their bottom line. Let’s face it. With electronic distribution of written material available, the publishing industry as we know it is dying. There’s no way to stop it aside from them increasing their hold of copyrights and copyright law. There is no reason that publishing companies should be taking any sort of “ownership” of research that they publish. With the minuscule cost of publishing something online today, the publishers truly have almost no overhead to publish a scientific article. This was not the case 20 years ago when they had to print and ship their journals across the globe, but today they simply have to put it online. Their work is practically done for them by PubMed, the Google of biomedical science research. Sure, they need to find peer reviewers (one of the cornerstones of research), but do you think that publishing companies actually pay these reviewers? (No.) If that’s the case, why are they still charging thousands of dollars to researchers in order to publish an article? I think it’s because they used to have a reason to, and now that they don’t, it just means bigger profit margins. People don’t like it? They’ll pay the government to make them like it.

This article and the /. post made me start to wonder if an open access journal had already been started. A quick Google search showed me that it had: the Public Library of Science (PLoS). The PLoS is an open access journal published in the United States that guarantees that all of it’s material is available free of charge online. Not only that, but everything is released under a liberal Creative Commons Attribution license, the researchers retain their own copyright, and most importantly, the article is fully available on the day of publication. People don’t have to wait until tomorrow to learn about the discoveries of today. They can just dive right in. This is in stark contrast to the practices of current publishing conglomerates, who take over copyright and make non-subscribers wait a year or more (if at all) to access the material. Now, surely this is good for the publisher’s bottom-line, but you have to stop an ask yourself: Is this good for science?

Since most government-funded scientific research is done at large institutions with many faculty researchers, the scientists might not fully understand the problem. Their institutional affiliation gives them the ability to join together and pay the large fees for a subscription to the most popular journals. But some smaller institutions do not enjoy the luxury of being able to subscribe to anything. And even the largest institutions can’t subscribe to everything. There are simply too many journals. There are also many individuals, like students, and private researchers who wish to learn about what innovations our tax dollars are leading to and where these innovations might lead. Open access would likely generate a renewed interest in basic science and discovery, helping to fuel growth of the field. So should this even be an issue in today’s society? I mean scientists are generally trying to help us better understand the world we live in, the diseases we fight, and the things that affect us. The fact that a project has received a sliver of the ever dwindling government funding demonstrates that it’s a worthwhile project that will very likely yield extraordinary results for the world. Shouldn’t those results be available to anyone?

The PLoS has grown stronger since its inception, but it’s still generally small potatoes compared to the likes of Nature Publishing Group and even JACS. The PLoS now has separate journals in many of the biomedical sciences like biology, genetics, and medicine, and they even have a fast-track publication called PLoS ONE for those high priority articles.

So how is it that this journal, with its inherent ability to accelerate scientific discovery, has managed to stay beneath so many radars? The answer to that is two-fold. The scientific community does not currently seem to recognize both the underlying problem with current publishing companies and the innate ability of a publisher like PLoS to solve this problem once and for all. At the heart of this issue is the notoriety of publication. In order to be successful as a researcher, scientists want to be published in big name journals. Every one of them would love to have a publication in Nature or the NEJM. It’s extraordinarily competitive, and thus only the best of the best research makes it there. But scientists have lost sight of the fact that this notoriety is man-made. Nature is only as famous as it is because everyone wants to publish there. They get the best articles because of it. So if they want to break free of the hold that publishers have over their research, they need to set their own standards. If they want PLoS or any open access journal to be able to defeat the giants, or even get them to start listening, they have to remind the publishers that without their research, the publishers have no industry. Scientists do the work, and they should get to say what happens to it. In all likelihood, any attempt to dictate terms to a publisher is going to fail (at least at this point). But the scientific community needs to remember that they hold the power. They are the ones doing the research, and they are the ones volunteering to peer review. If the publishers won’t meet their demands, they need to meet their own demands. So listen up scientists: In this age of the Internet, you do not need them anymore. Take your research and your peer reviewers and make your own, new notoriety. Once they see you doing that, they’ll either follow suit or not. At that point, it won’t really matter.

But the reason that this has not happened and probably will not happen in near future is that scientists don’t see the dire need for open access because most of them are given most of the access they need. The sooner they realize that they need to demand open access to their work so that other scientists and the public can benefit from it, the better. Once they get past the encumbrance of permissions and red tape laid out by the publishers, they can get on with their life’s work in a much more open, collaborative environment. Otherwise, the publishing industry is going to keep tying researchers’ hands behind their backs, making it harder for them to exchange ideas, just so that they can continue to squeeze every possible dollar out of this industry. This is not good for the scientists, and it’s especially not good for science.

Disease-specific Stem Cells

A recent post on Ars Technica explains how researchers are converting adult stem cells from patients with certain diseases into embryonic stem cells. This will hopefully make studying the cellular basis of diseases like Parkinson’s easier by providing a virtually unlimited supply of tissue, which was previously difficult to come by. This technique was developed for ALS, and it’s been applied to 10 new diseases.

The full list of diseases represented: adenosine deaminase deficiency-related severe combined immunodeficiency (ADA-SCID), Shwachman-Bodian-Diamond syndrome (SBDS), Gaucher disease (GD) type III, Duchenne (DMD) and Becker muscular dystrophy (BMD), Parkinson disease (PD), Huntington disease (HD), juvenile-onset, type 1 diabetes mellitus (JDM), Down syndrome (DS)/trisomy 21, and the carrier state of Lesch-Nyhan syndrome.

Sound like a list of diseases we studied in class, anyone?

The Inner Life of a Cell

Harvard made a great video called The Inner Life of a Cell a couple of years ago using some great computer graphics [hat tip Sadie]. It tells a brief story of the mechanism of inflammation being activated in a leukocyte. It was put to some great music by Studio Daily. I highly recommend you check it out.

If you’re wondering what all that stuff is, you can check out one of Harvard’s versions, which contain a play-by-play. I must admit that (having no real idea of what I was looking at) I got a little bit lost in the video, so Harvard’s version definitely helped clear up a few things. But Sadie and I agree that it’s pretty cool that we can watch a video like that and actually mostly understand it. After spending years studying something like bio, you forget how much you know about it that the average Joe has never even considered.

Panda Throws in the Towel

Well after years of writing, it appears that Panda Bear, M.D. is throwing in the towel on his blog. His was one of the few blogs I read regularly, and it’s one that no doubt has left an impact on my past and future as a physician. He says that he’ll be working on a book at some point in the future, and that’s one I’ll definitely look forward to reading. So long, Dr. Bear. Your insight, honesty, and sardonic humor will truly be missed, especially by the up-and-coming who have not yet encountered your work. His “My Personal Statement” is a classic Panda take on the AMCAS Personal Statement for medical school applications.