Featured Post

Hacking Health in Hamilton Ontario - Let's hear that pitch!

What compelled me to register for a weekend Health Hackathon? Anyway, I could soon be up to my ears in it. A pubmed search on Health Hack...

Wednesday, November 28, 2012

CMA - Docs for Patients & EMRs


I have been seeing this and other spots on TV. Further info leads to the docsforpatients.ca  site and more information on the outspoken advocate for EMRs, Dr. Ewan Affleck. It is great to see more doctors advocate for Electronic Medical Records. Sponsored by the Canadian Medical Association.  This is why I still keep a cable TV subscription!


I’m Ewan Affleck, I’m a GP, and I live and work in Yellowknife, N.W.T.
The North is a remarkable place for those of us who have come to call it home. I’ve been here 20 years and it’s a privilege as a Canadian to get to know the North. It’s a big part of our identity but many of us never get here.
The health care system globally is under stress. In The North we’re in a bit of a fish bowl, which presents us with an opportunity to be creative and try to find solutions. We have this huge place – this vast territory with 42,000 people and 33 remote communities – and we have to provide some measure of equitable, efficient and safe care. That’s a difficulty, a challenge and a gift, all at the same time.
Last year, over a quarter of the population of the Northwest Territories was physically moved for health care purposes. That drives massive cost. We’re moving people over long distances when what we really need to do is share information over long distances.
Last year, over a quarter of the population of the Northwest Territories was physically moved for health care purposes
My work with health informatics systems started with an outreach clinic that I run at a women’s shelter. Obviously you can’t leave charts in an environment like that given security and privacy concerns. I had to transport charts in and out, and so I went and got an old airline trolley and I would take it down the road with this box of charts, and I thought to myself, there has to be a better way to do this.
I went and got an old airline trolley and I would take it down the road with this box of charts, and I thought to myself, there has to be a better way to do this.
I was very committed to making this outreach clinic work, so I thought whatever it takes I’ll do it. That’s how I started with digital charts and the territorial Electronic Medical Record. Now we have over half of the patients in the territory on that system, and the plan is to have the entire territory on this single charting system, and to have as many of the divisions within the health service on the system so we can provide quality care.  We can provide networked care in the patient’s chart.
As told to the CMA, abridged from a longer interview.

It’s Your Health! Learn more about reaching your fitness goals.

No-excuses ExercisesExercise in PregnancyClassical StretchKick it up a notch and take a hike!


Wednesday, November 21, 2012

Ethical hacking to prevent health records held for ransom




A story about hacking that had a different angle was of interest to our privacy and security group. In this scenario, the hackers did not maliciously penetrate a system to cause chaos and destruction, but to virtually hold for a ransom a huge store of health records and personal health information.



Hacker holds patient health information for ransom

A Virginia hacker is asking for $10 million in exchange for the safe return of the personal health and prescription drug information of 8.3 million patients, HealthLeaders Media reported on May 5.

The hacker allegedly stole the information from the Virginia Prescription Monitoring Program’s (VPMP) Web site, which tracks prescription drug abuse and contains 35.5 million prescriptions in addition to enrollees’ personal information, including names, social security numbers, and addresses.

The hacker, who replaced the VPMP site with a ransom note, claims to have deleted the original back-up file for the information and created a new password-protected back-up file.

The VPMP site and the Virginia Department of Health Professions site are both temporarily disabled and the incident is under federal investigation.

This is when I realized that healthcare institutions need certified ethical hackers. These are the "white hat" hackers, who have a code of ethics, who know how to find the flaws in system security and work to prevent the "black hat" hackers from gaining admission.  In fact one in our group who works in healthcare said "oh, we do that." It is good to know there are ethical hackers in healthcare.  One of my earlier posts on this blog was about a computer security expert who hacked his way into an insulin pump, which fortunately was his own.

The White Hat Ethical Hacker Code of Ethics:


This CODE OF ETHICS expresses the consensus of the profession on ethical issues and is a means to educate both the public and those who are entering the field about the ethical obligations of all e-commerce consultants. By joining EC-Council each member agrees to:
Privacy:
Keep private any confidential information gained in her/his professional work, (in particular as it pertains to client lists and client personal information). Not collect, give, sell, or transfer any personal information (such as name, e-mail address, Social Security number, or other unique identifier) to a third party without client prior consent.
Intellectual Property:
Protect the intellectual property of others by relying on her/his own innovation and efforts, thus ensuring that all benefits vest with its originator.
Disclosure:
Disclose to appropriate persons or authorities potential dangers to any e-commerce clients, the Internet community, or the public, that she/he reasonably believes to be associated with a particular set or type of electronic transactions or related software or hardware.
Areas of Expertise:
Provide service in their areas of competence, being honest and forthright about any limitations of her/his experience and education. Ensure that she/he is qualified for any project on which he/she works or proposes to work by an appropriate combination of education, training, and experience.
Unauthorized Usage:
Never knowingly use software or process that is obtained or retained either illegally or unethically.
Illegal Activities:
Not engage in deceptive financial practices such as bribery, double billing, or other improper financial practices.
Authorization:
Use the property of a client or employer only in ways properly authorized, and with the owner’s knowledge and consent.
Disclosure:
Disclose to all concerned parties those conflicts of interest that cannot reasonably be avoided or escaped.
Management:
Ensure good management for any project he/she leads, including effective procedures for promotion of quality and full disclosure of risk. 
Knowledge Sharing:
Add to the knowledge of the e-commerce profession by constant study, share the lessons of her/his experience with fellow EC-Council members, and promote public awareness of benefits of electronic commerce.
Confidence:
Conduct herself/himself in the most ethical and competent manner when soliciting professional service or seeking employment, thus meriting confidence in her/his knowledge and integrity.
Extreme Care:
Ensure ethical conduct and professional care at all times on all professional assignments without prejudice.
Malicious Activities:
Not associate with malicious hackers nor engage in any malicious activities.
No Compromise:
Not purposefully compromise or cause to be compromised the client organization’s systems in the course of your professional dealings.
Legal Limits:
Ensure all penetration testing activities are authorized and within legal limits.

Involvement:
Not partake in any black hat activity or be associated with any black hat community that serves to endanger networks.
Underground Communities:
Not be part of any underground hacking community for purposes of preaching and expanding black hat activities.

Saturday, November 17, 2012

Now that's getting personal: how small data is the new oil

I am not sure what to make of the personal.com company and application. There is a health information component, making it relevant to this blog. I am not sure I am so hyper concerned about personal information that I would use the personal login to access my facebook account. I suppose I am more of an exponent of open data, and even big data for that matter. Don't get me wrong. I understand the need for privacy and security of data. But "small data is the new oil"? They really might have something here:


Small data puts the power and tools of big data into the hands of people. It is based on the assumption that people have a significant long-term competitive advantage over companies and governments at aggregating and curating the best and most complete set of structured, machine-readable data about themselves and their lives – the “golden copy”. With proper tools, protections and incentives, small data allows each person to become the ultimate gatekeeper and beneficiary of their own data.
Built on privacy by design and security by design principles, small data can help people become smarter, healthier, and make better, faster decisions. It can help people discover new experiences more easily, reclaim time in their busy lives, and enjoy deeper, more positive relationships with others.

Saturday, November 10, 2012

Should diabetics eat grapes?


I was listening to an acquaintance of mine talk about her mother who was recently diagnosed with diabetes. She was debating with her whether or not grapes could be part of the diabetic diet. Where to get an answer on that one? Yes, make an appointment with a professional dietician, which is what she recommended to her mother.

But what do most people do? Right, they google. And, what do they find? Research has shown that most people will click on the first five search return links that come up (thus the lucrative power of Search Engine Optimization or SEO). But when searching for health information, which is one, if not the highest usage for internet searching, do most people know if they are getting reliable or trustworthy information? Anyone even heard of Health on the Net?

I just searched on "should diabetics eat grapes?" and I did not see some of the more trustworthy internet health sites out there, like mayoclinic.com or medline. I don't know if Canadians automatically go to their provincial health authority website to seek this information. There is a lot of research on health information seeking behavior, and what patients print off before they visit their family physician.

What I am getting at, is that the trend towards personalized medicine should be able to answer this question in the context of their personal health record system (which ideally has been prescribed or recommended to them by their personal family physician).  You could have a Dr. Watson type search engine answer the question. You could have data crunchers analyzing health information in the health record, comparing to the ocean of health data that could be analyzed. Genetic information could be a factor for grapes, blood type, and insulin levels. Socio-economic factors loom large, for example, what is a grape in a food desert?

But what I think the reality is, most people don't have personal health records or know how to set them up, and the personal health records that do exist, won't be able to automatically answer this type of question, though we all speculate that it should. The family physician should be answering this question, either through a referral to a nutritionist, or a diabetes guidance counsellor. 

And this has made me think that what we need are more self-tracking stations. These would be counselling services where people can go to learn and maybe even procure self-tracking technologies, like fitbit, personal health records, mobile smartphones with blood pressure cuffs, etc.  What if there could even be fMRI, ultrasound, and Transcranial Magnetic Stimulation machines in these stations. This would be one way to deconstruct medicine, and I would like to venture on this idea in a future post on practising medicine without a license. There are so many medical and other devices which can be used to support healthy living. Maybe the model of the York University "Health Coach" would fit this idea, or the Self-Tracking Station counsellor.