Observations derived from many conversations and interviews:
1. Almost everyone I spoke to is interested in thin clients and care giver mobility. Fat clients just don't work in health care, because of operational cost and privacy and security.
2.
Health care CIOs are interested in solutions, not in components.
Sometimes this leads to the mess of many point solutions without
sufficient interoperability. However, Health Care is a solution driven
industry, and technology companies like Sun have to put more effort in
designing and delivering solutions, not point products.
3. Greg Papadopoulos told me in a conversation a few months ago, "Healthcare is big, but messy". That's right - Health care CIO's feel the mess of proprietary standards, lack of interoperability, misalignment of incentives and half hearted regulation every day.
Looks like we have to clean up some of the mess. The first workshop I attended was titled "Health Information Exchange / SOA / Integration".Marc Holland from Health Industry Insights did a survey among the CIO Summit participants and found that 75% of the participating providers (a random sample of the entire health care CIO population) were in some shape or form involved in a regional Health Information Exchange (HIE) activity - which flies in the face of recent publications that RHIOs are failing due to lack of financial sustainability and only a small fraction (14) was actually operational. Or does it? Among CIOs it seems to be clear that access to information will improve quality of care and reduce cost, which is why most hospitals have programs underway to create regional information exchanges. I heard in the discussion often the phrase "doing the right thing" and figuring out how to get paid later. On the other side, a major concern of the discussion was sustainability of funding for such activities, and related to this participation incentives for primary care physicians.
In the same workshop we also talked about open standards. I stated my well documented view on the network effect of open source and open standards and am always surprised that in health care there are still many people who either question the value of open standards, or don't believe they are powerful enough to force proprietary vendors like McKesson, Cerner or Epic to endorse open standards. Fact is that we have plenty of evidence throughout the history of industrialization that a lack of standardization occurs in immature industries, and as the industry matures and standards emerge, network benefits are created.
Read the discussion about standardization of voltage for railroad electrification in the Transactions of the American Institute of Electrical Engineers from 1916, in which different parties argue if it would be an impediment to progress if voltage was standardized. Some people argued for the freedom to innovate with different voltages, and standardization thus was bad. Well, we pretty much know now that its a good thing we have standardized voltage because many companies can make devices that inter operate, so the entire market derives net benefits from standards (= network effect). Amazing that we still have to argue about a transposition of this principle into health care.
The other workshop I attended was about information security, one of my favorite topics. It was, of course, not a well attended session. One participant explained the lack of investment and management support for health care CIOs to get security investments with a simple truism: "Security costs money, it doesn't generate money". Nevertheless, security is important and required by HIPAA. I pointed attendees to the most recent CSI report and emphasized that the most damaging threats do not come from outside anymore, but are insider abuse, which needs to be addressed with role based access controls and host intrusion defense. Virus Scanners and Firewalls are just not enough to protect highly sensitive patient data. Furthermore, products itself will not address security, but CIOs need to implement comprehensive policy frameworks with regular assessments and user trainings. Unfortunately, only one person in the audience and on the panel knew about COBIT and ISO 17799 - and this person represented a payer, not a provider. I'm inspired to launch a secure email campaign after listening and participating in this session. We need security in information systems, and we need to make it simple.
BTW: our weather in NorCal is nicer than what we had there in SoCal. I'm glad I live south of San Jose and not in Marina del Rey (although there are, of course, worse places.)
![[my boss] about public sector (Government, Education and Health care)](http://www.unitedfeatures.com/ufs/images/comics/characters/cast_dilbert_The_Boss_sm.gif)
We have an opposite situation in Spain, where RHIO are growing and they are in the top priority of CXO's since more than five years. In the Spanish market the requirements for standards is not discussed. This situation is due to big power of healthcare payers or providers compared with ITC companies. When the power is in the customer side, standars, security, interoperability are requirments, not just best wishes.
The funding is really a problem, because we are investing about 0,7% of total budgets, but the offering is mainly local and adapted to the reality of ecosystem. So probably there are not the best solutions, but there are solutions.
Posted by Eloy M. Rodríguez on May 11, 2008 at 11:34 AM PDT #
Similarities and Differences: it looks like both in the U.S. and in Spain, HIE are an important topic. The difference is that payers and providers use their power to enforce standards. This is exactly what is missing here. It looks like even the large HMOs like Kaiser accepted vendor proprietary architectures. But from the discussion at the forum, and other discussions we are having, it looks like this is changing.
Standardization is a sign and function of maturation of an industry (as I tried to indicate with the reference to the electricity industry), and it seems health care is beginning this maturation process now.
Posted by Joerg on May 12, 2008 at 07:04 PM PDT #
I totaly agree. Just to underline that it's easier to get the maturation when the legacy of robust propietary systems is not so strong and when the driver of business is the citizen versus the client.
Posted by Eloy M. Rodríguez on May 12, 2008 at 11:12 PM PDT #