Open Source Solutions for Public Health? 13
ubiquitin asks: "This week at the CDC's PHIN conference there is a lot of buzz about the possibilities of building out an infrastructure for the public health information network with both closed and open source technologies, especially since the work needs to be solidly secure and is typically done under tight budgets. A handful of states are currently involved and more are getting on board, so it may well be a genuine growth opportunity for Linux/Apache/MySQL-based systems. What would really be helpful are stories about how Open Source systems have been put to use in public health departments, labs, or clinics. Does Slashdot have any such anecdotes to share?"
HIPPA (Score:3, Informative)
Re:HIPPA (Score:5, Interesting)
HIPPA is actually more often violated by nurses and doctors who talk too freely -- the best security in the world won't prevent them from talking, leaving charts out, leaving doors open, or just generally not being discrete.
The other thing is that you probably won't find many open-source programmers looking forward to implementing HL7, X12, and other protocols, particularly after designing a database schema of their own (thus you have to translate not only the layout of your database, but also the format of individual fields, etc.) I'm paid, and I still don't look forward to it. But ya gotta do
So far as I can tell, medical/insurance stuff is scope-creep in action. That lends itself well to projects being handed over from one team to the next over the years, or bits being developed (freely) by parties involved in the scope-creep, but if you like to keep things tidy, it could get messy. You'll want at least a few architects everyone else listens to.
And as a reminder, open-source does NOT mean mysql. Medical data is too important to have wandering around a system not designed around transactions, constraints, and concurrency. Look more in the direction of Postgresql or Firebird for your open-source database needs.
And please, for the love of something holy, don't use magenta and cyan as your base colors. And align things to grids. And don't roll your own file format. Some of us have to come in and clean up after that, and if we can't stand to even -look- at it, we can't emulate it. I mean really
I should get back to work
Re:HIPPA (Score:3, Informative)
again?! (Score:2)
But is it HIPAA compliant? And who certifies it? (Score:3, Interesting)
HIPAA madness has hit a major teaching hospital that will remain nameless. They're rolling out an expensive new HIPAA-compliant (certified! --of course) Health Information Management System. It's replacing an existing infrastructure that works perfectly, and is completely paid for (except for maintenance contracts). 400+ people have to be retrained on the new software, new hires have to learn both systems as they'll both be operating over the 2 month roll-out.
Re:But is it HIPAA compliant? And who certifies it (Score:2)
I believe it was NPR a few weeks ago (this reported via girlfriend) that had an interv
I believe... (Score:2)
dang (Score:1)
Some major problems... (Score:3, Insightful)
The company I work for gives its source code to its clients, but isn't Open Source. Why? Selling to states or communities, many of these products take dozens of man-years to create. No one state can afford all of the tools that technology can afford, so companies lose money on the first, hoping to gain money on the sale to other states.
That's the ultimate problem in this niche market. Either the states have to provide their own staff (which is problematic, because it's expensive to hire and release employees for government) or they have to pay the true cost of developing the software, rather than spreading the cost out through maintenance and other states.
That said, the company I work for is dependent on the Apache and Jakarta set of projects for our work. Our developers have also contributed code back to open source projects.
Cuba (Score:2, Interesting)
answer: very carefully (Score:3, Interesting)
The short answer is you do this very carefully. There are a whole raft of legal and ethical regulations, of which HIPAA are only the start, and certainly the easiest to attain. If the stuff you're doing falls under FDA regulation then you need to validate those systems: this is very hard indeed to do properly - I'd suggest hiring a validation lead to do this who's got experience of the industry.
Basically, you have to prove to an insane level of detail that everything is consistent, tested, and built/installed as per your testing. On our systems I can document them right from the Little Rubber Feet upwards: hardware firmware revision level, exact version of all drivers, wet-ink signed documents for each step of the build process, and demonstrate that they're locked down and an audit trail exists for Electronic Record/Electronic Signatures for anyone who's ever used it etc etc.
You may find it cheaper to buy in a software package, as you can audit the vendors and if they're considered validated you can reduce your testing - it's testing and documentation here that are going to take up the majority of your time and budget - the actual coding's the easy bit.
This is why OSS isn't automatically the cheapest way of doing things, although this is offset by the massive amount of testing and revalidation that's required everytime an MS patch comes out!
Basically, tread very carefully, speak to a validation rep and have a work with an FDA rep if you can to attempt to clarify exactly how strict the conditions are that you have to work under.
For us, worst case scenario might be that you sign off an implementation, you get audited, and the FDA discover an irregularity - maybe you didn't collect those evidence screenshots when you tested your data capture for example - and they decide any data captured over the intervening few years is suspect - result could be a formal warning (visible to the whole industry and your shareholders) or simply pulling a megabrand off the shelves...this is one area where a single mistake by a single IT guy can have massive direct impact on lives - both in terms of patients and in terms of your personal safety of employment...