Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The Downside of Interoperability

Posted on May 2, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s hard to argue that achieving health data interoperability is not important — but it comes with risks. And I’ve seen little discussion of the fact that interoperability may actually increase the chance that a major attack could hit a wide swath of healthcare providers. It might be extreme to suggest that we put off such efforts until we step up the industry’s security status, but the problem shouldn’t be ignored either.

Sure, data interoperability is a critical goal for healthcare providers of all stripes. While there’s room to argue about how it should be accomplished, particularly over whether providers or patients should drive health data management, there’s no question it needs to get done. There’s little doubt that most efforts to coordinate care will fall flat if providers are operating with incomplete information.

And what’s more, with the demand for interoperability baked into MACRA, we pretty much have no choice but to make it happen anyway. To my knowledge, HHS has proposed neither carrot nor stick to convince providers to come on board – nor has it defined “widespread” interoperability to my knowledge — but the agency has to achieve something by 2018, and that means change will come.

That being said, I’m struck by how little industry concern there seems to be about the extent to which interoperability can multiply the possibility of a breach occurring. Unfortunately, security is only as good is the weakest link in the chain, and data sharing increases the length of the chain exponentially. Of course, the risk varies a great deal depending on who or what the data-sharing intermediary is, but the fact remains that a connected network is a connected network.

The problem only gets worse if interoperability is achieved by integrating applications. I’m no software engineer, but I’m pretty sure that the more integrated providers’ infrastructure is, the more vulnerabilities they share. To be fair, hospitals theoretically vet their partners, but that defeats the purpose of universal data sharing, doesn’t it?

And even if every provider in the universal data sharing network practices good security hygiene, they can still get attacked. So it’s not a matter of requiring participants to comply with some network security standard, or meet some certification criteria. Given the massive incentives these have to steal health data (and lock it up with ransomware), nobody can hold out forever.

The bottom line is that I believe we should discuss the matter of security in a fully-connected health data sharing network more often.

Yes, we almost certainly need to press ahead and simply find a way to contain the risks. We simply can’t afford our fragmented healthcare system, and data interoperability offers perhaps the best possible chance of pulling it back together.

But before we plunge into the fray, it only makes sense to stop and consider all of the risks involved and how they should be addressed. After all, universal interconnection exposes a virtually infinite number of potential points of failure to cybercrooks. Let’s put some solutions on the table before it’s too late.

This Time, It’s Personal: Virus Hits My Local Hospital

Posted on March 30, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In about two weeks, I am scheduled to have a cardiac ablation to address a long-standing arrhythmia. I was feeling pretty good about this — after all, the procedure is safe at my age and is known to have a very high success rate — until I scanned my Twitter feed yesterday.

It was then that I found out that what was probably a ransomware virus had forced a medical data shutdown at Washington, D.C.-based MedStar Health. And while the community hospital where my procedure will be done is not part of the MedStar network, the cardiac electrophysiologist who will perform the ablation is affiliated with the chain.

During my pre-procedure visit with the doctor, a very pleasant guy who made me feel very safe, we devolved to talking shop about EMR issues after the clinical discussion was over. At the time he shared that his practice ran on GE Centricity which, he understandably complained, was not interoperable with the Epic system at one community chain, MedStar’s enterprise system or even the imaging platforms he uses. Under those circumstances, it’s hard to imagine that my data was affected by this breach. But as you can imagine, I still wonder what’s up.

While there’s been no official public statement saying this virus was part of a ransomware attack, some form of virus has definitely wreaked havoc at MedStar, according to a report by the Washington Post. (As a side note, it’s worth pointing out that if this is a ransomware attack, health system officials have done an admirable job of keeping the amount demanded for data return out of the press. However, some users have commented about ransomware on their individual computers.)

As the news report notes, MedStar has soldiered on in the face of the attack, keeping all of its clinical facilities open. However, a hospital spokesperson told the newspaper that the chain has decided to take down all system interfaces to prevent the spread of the virus. And as has happened with other hospital ransomware incursions, staffers have had to revert to using paper-based records.

And here’s where it might affect me personally. Even though my procedure is being done at a non-MedStar hospital, it’s possible that the virus driven delay in appointments and surgeries will affect my doctor, which could of course affect me.

Meanwhile, imagine how the employees at MedStar facilities feel: “Even the lowest-level staff can’t communicate with anyone. You can’t schedule patients, you can’t access records, you can’t do anything,” an anonymous staffer told the Post. Even if such a breach had little impact on patients, it’s obviously bad for employee morale. And that can’t be good for me either.

Again, it’s possible I’m in the clear, but the fact that the FUD surrounding this episode affects even a trained observer like myself plays right into the virus makers’ hands. Now, so far I haven’t dignified the attack by calling the doctor’s office to ask how it will affect me, but if I keep reading about problems with MedStar systems I’ll have to follow up soon.

Worse, when I’m being anesthetized for the procedure next month, I know I’ll be wondering when the next virus will hit.

Mobile Health Security Issues To Ponder In 2016

Posted on January 11, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In some ways, mobile health security safeguards haven’t changed much for quite some time. Making sure that tablets and phones are protected against becoming easy network intrusion points is a given. Also seeing to it that such devices use strong passwords and encrypted data exchange whenever possible is a must.

But increasingly, as mobile apps become more tightly knit with enterprise infrastructure, there’s more security issues to consider. After all, we’re increasingly talking about mission-critical apps which rely on ongoing access to sensitive enterprise networks. Now more than ever, enterprises must come up with strategies which control how data flows into the enterprise network. In other words, we’re not just talking about locking down the end points, but also seeing to it that powerful edge devices are treated like the vulnerable hackable gateways they are.

To date, however, there’s still not a lot of well-accepted guidance out there spelling out what steps health organizations should take to ramp up their mobile security. For example, NIST has issued its “Securing Electronic Health Records On Mobile Devices” guideline, but it’s only a few months old and remains in draft form to date.

The truth is, the healthcare industry isn’t as aware of, or prepared for, the need for mobile healthcare data security as it should be. While healthcare organizations are gradually deploying, testing and rolling out new mobile platforms, securing them isn’t being given enough attention. What’s more, clinicians aren’t being given enough training to protect their mobile devices from hacks, which leaves some extremely valuable data open to the world.

Nonetheless, there are a few core approaches which can be torqued up help protect mobile health data this year:

  • Encryption: Encrypting data in transit wasn’t invented yesterday, but it’s still worth a check in to make sure your organization is doing so. Gregory Cave notes that data should be encrypted when communicated between the (mobile) application and the server. And he recommends that Web traffic be transmitted through a secure connection using only strong security protocols like Secure Sockets Layer or Transport Layer Security. This also should include encrypting data at rest.
  • Application hardening:  Before your organization rolls out mobile applications, it’s best to see to it that security defects are detected before and addressed before deployment. Application hardening tools — which protect code from hackers — can help protect mobile deployments, an especially important step for software placed on machines and locations your organization doesn’t control. They employ techniques such as obfuscation, which hides code structure and flow within an application, making it hard for intruders to reverse engineer or tamper with the source code.
  • Training staff: Regardless of how sophisticated your security systems are, they’re not going to do much good if your staff leaves the proverbial barn door open. As one security expert points out,  healthcare organizations need to make staffers responsible for understanding what activities lead to breaches, or security hackers will still find a toehold.”It’s like installing the most sophisticated security system in the world for your house, but not teaching the family how to use it,” said Grant Elliott, founder and CEO of risk management and compliance firm Ostendio.

In addition to these efforts, I’d argue that staffers need to really get it as to what happens when security goes awry. Knowing that mistakes will upset some IT guy they’ve never met is one thing; understanding that a breach could cost millions and expose the whole organization to disrepute is a bit more memorable. Don’t just teach the security protocols, teach the costs of violating them. A little drama — such as the little old lady who lost her home due to PHI theft — speaks far more powerfully than facts and figures, don’t you agree?

Analytics Integration Back to EHR Can’t Disrupt the Workflow

Posted on November 3, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the challenges we face with healthcare analytics is getting the right information to the right care provider at the right time. In many cases that means presenting the analytics information to the doctor or nurse in the EHR at the point of care. It’s hard enough to know which data to present to which person and at what point in the care process. However, EHR vendors have made this integration even more difficult since it’s not easy to interface the healthcare analytics insights into the EHR workflow. The integrations that I’ve seen are crude at best.

That’s absolutely where we need to go though. There are very few situations where you can disrupt the healthcare providers workflow and send them to another system. I love the second screen concept as much as the next, but that’s not reasonable for most organizations.

I did recently talk to a BI Manager from a hospital who talked about the way they’ve integrated some of their analytics into the EHR workflow of their doctors. What they were doing was basic at best, but did illustrate an important point of learning: inform, don’t interrupt.

The concept of informing the doctor and not interrupting the doctor is a good one. While there are likely a few cases where you’d want to interrupt the doctor, it’s more common that you want to inform the doctor of some insight on the patient as opposed to interrupting the workflow. Doctors love having the right information at their fingertips. Interrupting their workflow (especially when it was unnecessary) causes alert fatigue.

No doubt you have to be careful with how you inform the doctor as well. The insights you offer the doctor better be actionable and useful or they’ll become blind to that as well. That’s the challenge we face with healthcare analytics. How do we take the data and make it useful to the providers? The first step is going to be creating a pathway of communication from the analytics into the EHR. Everything else will evolve from that connection.

My Prediction for the Epic App Store

Posted on March 5, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today I was talking with a healthcare IT vendor which really needs to integrate deeply with an EHR to be valuable. Without that integration the product is not nearly as useful for doctors. Therefore we started talking about their current EHR integration and the potential for future EHR integrations. At that point he asked me what I thought about the coming Epic App Store (officially called the Epic App Exchange).

In case you missed it, I wrote about the Epic App Store over on Hospital EMR and EHR. I cover what’s been said about the Epic App Store (not much from Epic itself) and make some predictions. However, today’s conversation solidified my predictions.

Epic has always been open to working with their customers and a tech partner to integrate something with Epic. Basically, the customer is king and so if the customer wants the integration, Epic will provide the SDK that’s needed for the integration and make it possible for the customer to do what they need. Everyone’s known that if you want to integrate with Epic, then you need to work through a customer.

With this in mind, I believe the Epic app store is a way for Epic to allow for distribution of these apps that have been created by their customers (often with a tech partner) to other Epic customers.

Basically, this is in line with Judy’s focus on the customer. Some might say that this focus is great. Hard to argue with Epic’s success. However, this approach misses out on the opportunity of the Epic app store facilitating entrepreneurial innovators to build something on top of Epic that their customers didn’t even know they wanted yet.

Epics current strategy is more in line with staying the entrenched incumbent. Real transformation comes when you provide a platform for innovation that goes beyond yourself and your customers. I hope one day Epic sees this vision and really roles out an open app store. Until then, the Epic connected customer applications are going to have a bit of a monopoly selling their add on services to Epic customers.

HL7 Backs Effort To Boost Patient Data Exchange

Posted on December 8, 2014 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Standards group Health Level Seven has kicked off a new project intended to increase the adoption of tech standards designed to improve electronic patient data exchange. The initiative, the Argonaut Project, includes just five EMR vendors and four provider organizations, but it seems to have some interesting and substantial goals.

Participating vendors include Athenahealth, Cerner, Epic, McKesson and MEDITECH, while providers include Beth Israel Deaconess Medical Center, Intermoutain  Healthcare, Mayo Clinic and Partners HealthCare. In an interesting twist, the group also includes SMART, Boston Children’s Hospital Informatics Program’s federally-funded mobile app development project. (How often does mobile get a seat at the table when interoperability is being discussed?) And consulting firm the Advisory Board Company is also involved.

Unlike the activity around the much-bruited CommonWell Alliance, which still feels like vaporware to industry watchers like myself, this project seems to have a solid technical footing. On the recommendation of a group of science advisors known as JASON, the group is working at creating a public API to advance EMR interoperability.

The springboard for its efforts is HL7’s Fast Healthcare Interoperability Resources. HL7’s FHir is a RESTful API, an approach which, the standards group notes, makes it easier to share data not only across traditional networks and EMR-sharing modular components, but also to mobile devices, web-based applications and cloud communications.

According to JASON’s David McCallie, Cerner’s president of medical informatics, the group has an intriguing goal. Members’ intent is to develop a health IT operating system such as those used by Apple and Android mobile devices. Once that was created, providers could then use both built-in apps resident in the OS and others created by independent developers. While the devices a “health IT OS” would have to embrace would be far more diverse than those run by Android or iOS, the concept is still a fascinating one.

It’s also neat to hear that the collective has committed itself to a fairly aggressive timeline, promising to accelerate current FHIT development to provide hands-on FHIR profiles and implementation guides to the healthcare world by spring of next year.

Lest I seem too critical of CommonWell, which has been soldiering along for quite some time now, it’s onlyt fair to note that its goals are, if anything, even more ambitious than the Argonauts’. CommonWell hopes to accomplish nothing less than managing a single identity for every person/patient, locating the person’s records in the network and managing consent. And CommonWell member Cerner recently announced that it would provide CommonWell services to its clients for free until Jan. 1, 2018.

But as things stand, I’d wager that the Argonauts (I love that name!) will get more done, more quickly. I’m truly eager to see what emerges from their efforts.

Population Health Management and Business Process Management

Posted on June 13, 2014 I Written By

Chuck Webster, MD, MSIE, MSIS has degrees in Accountancy, Industrial Engineering, Intelligent Systems, and Medicine (from the University of Chicago). He designed the first undergraduate program in medical informatics, was a software architect in a hospital MIS department, and also VP and CMIO for an EHR vendor for over a decade. Dr. Webster helped three healthcare organizations win the HIMSS Davies Award and is a judge for the annual Workflow Management Coalition Awards for Excellence in BPM and Workflow and Awards for Case Management. Chuck is a ceaseless evangelist for process-aware technologies in healthcare, including workflow management systems, Business Process Management, and dynamic and adaptive case management. Dr. Webster tweets from @wareFLO and maintains numerous websites, including EHR Workflow Management Systems (http://chuckwebster.com), Healthcare Business Process Management (http://HCBPM.com) and the People and Organizations improving Healthcare with Health Information Technology (http://EHRworkflow.com). Please join with Chuck to spread the message: Viva la workflow!

This is my fifth and final of five guest blog posts covering Health IT and EHR Workflow.

Way back in 2009 I penned a research paper with a long and complicated title that could also have been, simply, Population Health Management and Business Process Management. In 2010 I presented it at MedInfo10 in Cape Town, Africa. Check out my travelogue!

Since then, some of what I wrote has become reality, and much of the rest is on the way. Before I dive into the weeds, let me set the stage. The Affordable Care Act added tens of millions of new patients to an already creaky and dysfunctional healthcare and health IT system. Accountable Care Organizations were conceived as virtual enterprises to be paid to manage the clinical outcome and costs of care of specific populations of individuals. Population Health Management has become the dominant conceptual framework for proceeding.

I looked at a bunch of definitions of population health management and created the following as a synthesis: “Proactive management of clinical and financial risks of a defined patient group to improve clinical outcomes and reduce cost via targeted, coordinated engagement of providers and patients across all care settings.”

You can see obvious places in this definition to apply trendy SMAC tech — social, mobile, analytics, and cloud — social, patient settings; mobile, provider and patient settings; analytics, cost and outcomes; cloud, across settings. But here I want to focus on the “targeted, coordinated.” Increasingly, it is self-developed and vendor-supplied care coordination platforms that target and coordinate, filling a gap between EHRs and day-to-day provider and patient workflows.

The best technology on which, from which, to create care coordination platforms is workflow technology, AKA business process management and adaptive/dynamic case management software. In fact, when I drill down on most sophisticated, scalable population health management and care coordination solutions, I usually find a combination of a couple things. Either the health IT organization or vendor is, in essence, reinventing the workflow tech wheel, or they embed or build on third-party BPM technology.

Let me direct you to my section Patient Class Event Hierarchy Intermediates Patient Event Stream and Automated Workflow in that MedInfo10 paper. First of all you have to target the right patients for intervention. Increasingly, ideas from Complex Event Processing are used to quickly and appropriately react to patient events. A Patient Class Event Hierarchy is a decision tree mediating between low-level events (patient state changes) and higher-level concepts clinical concepts such as “on-protocol,” “compliant”, “measured”, and “controlled.”

Examples include patients who aren’t on protocol but should be, aren’t being measured but should be, or whose clinical values are not controlled. Execution of appropriate automatic policy-based workflows (in effect, intervention plans) moves patients from off-protocol to on-protocol, non-compliance to compliance, unmeasured to measured, and from uncontrolled to controlled state categories.

Population health management and care coordination products and services may use different categories, terminology, etc. But they all tend to focus on sensing and reacting to untoward changes in patient state. But simply detecting these changes is insufficient. These systems need to cause actions. And these actions need to be monitored, managed, and improved, all of which are classic sterling qualities of business process management software systems and suites.

I’m reminded of several tweets about Accountable Care Organization IT systems I display during presentations. One summarizes an article about ACOs. The other paraphrases an ACO expert speaking at a conference. The former says ACOs must tie together many disparate IT systems. The later says ACOs boil down to lists: actionable lists of items delivered to the right person at the right time. If you put these requirements together with system-wide care pathways delivered safely and conveniently to the point of care, you get my three previous blog posts on interoperability, usability, and safety.

I’ll close here with my seven advantages of BPM-based care coordination technology. It…

  • More granularly distinguishes workflow steps
  • Captures more meaningful time-stamped task data
  • More actively influences point-of-care workflow
  • Helps model and understand workflow
  • Better coordinates patient care task handoffs
  • Monitors patient care task execution in real-time
  • Systematically improves workflow effectiveness & efficiency

Distinguishing among workflow steps is important to collecting data about which steps provide value to providers and patients, as well as time-stamps necessary to estimate true costs. Further, since these steps are executed, or at least monitored, at the point-of-care, there’s more opportunity to facilitate and influence at the point-of-care. Modeling workflow contributes to understanding workflow, in my view an intrinsically valuable state of affairs. These workflow models can represent and compensate for interruptions to necessary care task handoffs. During workflow execution, “enactment” in BPM parlance, workflow state is made transparently visible. Finally, workflow data “exhaust” (particularly times-stamped evidence-based process maps) can be used to systematically find bottlenecks and plug care gaps.

In light of the fit between complex event processing detecting changes in patient state, and BPM’s automated, managed workflow at the point-of-care, I see no alternative to what I predicted in 2010. Regardless of whether it’s rebranded as care or healthcare process management, business process management is the most mature, practical, and scalable way to create the care coordination and population health management IT systems required by Accountable Care Organizations and the Affordable Care Act. A bit dramatically, I’d even say business process management’s royal road to healthcare runs through care coordination.

This was my fifth and final blog post in this series on healthcare and workflow technology solicited by John Lynn for this week that he’s on vacation. Here was the outline:

If you missed one of my previous posts, I hope you’ll still check it out. Finally, thank you John, for allowing to me temporarily share your bully pulpit.


Patient Safety And Process-Aware Information Systems: Interruptions, Interruptions, Interruptions!

Posted on June 12, 2014 I Written By

Chuck Webster, MD, MSIE, MSIS has degrees in Accountancy, Industrial Engineering, Intelligent Systems, and Medicine (from the University of Chicago). He designed the first undergraduate program in medical informatics, was a software architect in a hospital MIS department, and also VP and CMIO for an EHR vendor for over a decade. Dr. Webster helped three healthcare organizations win the HIMSS Davies Award and is a judge for the annual Workflow Management Coalition Awards for Excellence in BPM and Workflow and Awards for Case Management. Chuck is a ceaseless evangelist for process-aware technologies in healthcare, including workflow management systems, Business Process Management, and dynamic and adaptive case management. Dr. Webster tweets from @wareFLO and maintains numerous websites, including EHR Workflow Management Systems (http://chuckwebster.com), Healthcare Business Process Management (http://HCBPM.com) and the People and Organizations improving Healthcare with Health Information Technology (http://EHRworkflow.com). Please join with Chuck to spread the message: Viva la workflow!

This is my fourth of five guest blog posts covering Health IT and EHR Workflow.

When you took a drivers education class, do you remember the importance of mental “awareness” to traffic safety? Continually monitor your environment, your car, and yourself. As in traffic flow, healthcare is full of work flow, and awareness of workflow is the key to patient safety.

First of all, the very act of creating a model of work to be done forces designers and users to very carefully think about and work through workflow “happy paths” and what to do when they’re fallen off. A happy path is a sequence of events that’s intended to happen, and, if all goes well, actually does happen most of the time. Departures from the Happy Path are called “exceptions” in computer programming parlance. Exceptions are “thrown”, “caught”, and “handled.” At the level of computer programming, an exception may occur when data is requested from a network resource, but the network is down. At the level of workflow, an exception might be a patient no-show, an abnormal lab value, or suddenly being called away by an emergency or higher priority circumstance.

Developing a model of work, variously called workflow/process definition or work plan forces workflow designers and workflow users to communicate at a level of abstraction that is much more natural and productive than either computer code or screen mockups.

Once a workflow model is created, it can be automatically analyzed for completeness and consistency. Similar to how a compiler can detect problems in code before it’s released, problems in workflow can be prevented. This sort of formal analysis is in its infancy, and is perhaps most advanced in healthcare in the design of medical devices.

When workflow engines execute models of work, work is performed. If this work would have otherwise necessarily been accomplished by humans, user workload is reduced. Recent research estimates a 7 percent increase in patient mortality for every additional patient increase in nurse workload. Decreasing workload should reduce patient mortality by a similar amount.

Another area of workflow technology that can increase patient safety is process mining. Process mining is similar, by analogy, to data mining, but the patterns it extracts from time stamped data are workflow models. These “process maps” are evidence-based representations of what really happens during use of an EHR or health IT system. Process maps can be quite different, and more eye opening, than process maps generated by asking participants questions about their workflows. Process maps can show what happens that shouldn’t, what doesn’t happen than should, and time-delays due to workflow bottlenecks. They are ideal tools to understand what happened during analysis of what may have caused a possibly system-precipitated medical error.

Yet another area of particular relevance of workflow tech to patient safety is the fascinating relationship between clinical pathways, guidelines, etc. and workflow and process definitions executed by workflow tech’s workflow engines. Clinical decision support, bringing the best, evidence-based medical knowledge to the point-of-care, must be seamless with clinical workflow. Otherwise, alert fatigue greatly reduces realization of the potential.

There’s considerable research into how to leverage and combine representations of clinical knowledge with clinical workflow. However, you really need a workflow system to take advantage of this intricate relationship. Hardcoded, workflow-oblivious systems? There’s no way to tweak alerts to workflow context: the who, what, why, when, where, and how of what the clinical is doing. Clinical decision support will not achieve wide spread success and acceptance until it can be intelligently customized and managed, during real-time clinical workflow execution. This, again, requires workflow tech at the point-of-care.

I’ve saved workflow tech’s most important contribution to patient safety until last: Interruptions.

An interruption–is there anything more dreaded than, just when you are beginning to experience optimal mental flow, a higher priority task interrupts your concentration. This is ironic, since so much of work-a-day ambulatory medicine is essentially interrupt-driven (to borrow from computer terminology). Unexpected higher priority tasks and emergencies *should* interrupt lower priority scheduled tasks. Though at the end of the day, ideally, you’ve accomplished all your tasks.

In one research study, over 50% of all healthcare errors were due to slips and lapses, such as not executing an intended action. In other words, good clinical intentions derailed by interruptions.

Workflow management systems provide environmental cues to remind clinical staff to resume interrupted tasks. They represent “stacks” of tasks so the entire care team works together to make sure that interrupted tasks are eventually and appropriately resumed. Workflow management technology can bring to clinical care many of the innovations we admire in the aviation domain, including well-defined steps, checklists, and workflow tools.

Stay tuned for my fifth, and final, guest blog post, in which I tackle Population Health Management with Business Process Management.


Usable EHR Workflow Is Natural, Consistent, Relevant, Supportive and Flexible

Posted on June 11, 2014 I Written By

Chuck Webster, MD, MSIE, MSIS has degrees in Accountancy, Industrial Engineering, Intelligent Systems, and Medicine (from the University of Chicago). He designed the first undergraduate program in medical informatics, was a software architect in a hospital MIS department, and also VP and CMIO for an EHR vendor for over a decade. Dr. Webster helped three healthcare organizations win the HIMSS Davies Award and is a judge for the annual Workflow Management Coalition Awards for Excellence in BPM and Workflow and Awards for Case Management. Chuck is a ceaseless evangelist for process-aware technologies in healthcare, including workflow management systems, Business Process Management, and dynamic and adaptive case management. Dr. Webster tweets from @wareFLO and maintains numerous websites, including EHR Workflow Management Systems (http://chuckwebster.com), Healthcare Business Process Management (http://HCBPM.com) and the People and Organizations improving Healthcare with Health Information Technology (http://EHRworkflow.com). Please join with Chuck to spread the message: Viva la workflow!

This is my third of five guest blog posts covering Health IT and EHR Workflow.

Workflow technology has a reputation, fortunately out of date, for trying to get rid of humans all together. Early on it was used for Straight-Through-Processing in which human stockbrokers were bypassed so stock trades happened in seconds instead of days. Business Process Management (BPM) can still do this. It can automate the logic and workflow that’d normally require a human to download something, check on a value and based on that value do something else useful, such as putting an item in a To-Do list. By automating low-level routine workflows, humans are freed to do more useful things that even workflow automation can’t automate.

But much of healthcare workflow requires human intervention. It is here that modern workflow technology really shines, by becoming an intelligent assistant proactively cooperating with human users to make their jobs easier. A decade ago, at MedInfo04 in San Francisco, I listed the five workflow usability principles that beg for workflow tech at the point-of-care.

Consider these major dimensions of workflow usability: naturalness, consistency, relevance, supportiveness, and flexibility. Workflow management concepts provide a useful bridge from usability concepts applied to single users to usability applied to users in teams. Each concept, realized correctly, contributes to shorter cycle time (encounter length) and increased throughput (patient volume).

Naturalness is the degree to which an application’s behavior matches task structure. In the case of workflow management, multiple task structures stretch across multiple EHR users in multiple roles. A patient visit to a medical practice office involves multiple interactions among patients, nurses, technicians, and physicians. Task analysis must therefore span all of these users and roles. Creation of a patient encounter process definition is an example of this kind of task analysis, and results in a machine executable (by the BPM workflow engine) representation of task structure.

Consistency is the degree to which an application reinforces and relies on user expectations. Process definitions enforce (and therefore reinforce) consistency of EHR user interactions with each other with respect to task goals and context. Over time, team members rely on this consistency to achieve highly automated and interleaved behavior. Consistent repetition leads to increased speed and accuracy.

Relevance is the degree to which extraneous input and output, which may confuse a user, is eliminated. Too much information can be as bad as not enough. Here, process definitions rely on EHR user roles (related sets of activities, responsibilities, and skills) to select appropriate screens, screen contents, and interaction behavior.

Supportiveness is the degree to which enough information is provided to a user to accomplish tasks. An application can support users by contributing to the shared mental model of system state that allows users to coordinate their activities with respect to each other. For example, since a EMR  workflow system represents and updates task status and responsibility in real time, this data can drive a display that gives all EHR users the big picture of who is waiting for what, for how long, and who is responsible.

Flexibility is the degree to which an application can accommodate user requirements, competencies, and preferences. This obviously relates back to each of the previous usability principles. Unnatural, inconsistent, irrelevant, and unsupportive behaviors (from the perspective of a specific user, task, and context) need to be flexibly changed to become natural, consistent, relevant, and supportive. Plus, different EHR users may require different BPM process definitions, or shared process definitions that can be parameterized to behave differently in different user task-contexts.

The ideal EHR/EMR should make the simple easy and fast, and the complex possible and practical. Then ,the majority/minority rule applies. A majority of the time processing is simple, easy, and fast (generating the greatest output for the least input, thereby greatly increasing productivity). In the remaining minority of the time, the productivity increase may be less, but at least there are no showstoppers.

So, to summarize my five principles of workflow usability…

Workflow tech can more naturally match the task structure of a physician’s office through execution of workflow definitions. It can more consistently reinforce user expectations. Over time this leads to highly automated and interleaved team behavior. On a screen-by-screen basis, users encounter more relevant data and order entry options. Workflow tech can track pending tasks–which patients are waiting where, how long, for what, and who is responsible–and this data can be used to support a continually updated shared mental model among users. Finally, to the degree to which an EHR or health IT system is not natural, consistent, relevant, and supportive, the underlying flexibility of the workflow engine and process definitions can be used to mold workflow system behavior until it becomes natural, consistent, relevant, and supportive.

Tomorrow I’ll discuss workflow technology and patient safety.


Interoperable Health IT and Business Process Management: The Spider In The Web

Posted on June 10, 2014 I Written By

Chuck Webster, MD, MSIE, MSIS has degrees in Accountancy, Industrial Engineering, Intelligent Systems, and Medicine (from the University of Chicago). He designed the first undergraduate program in medical informatics, was a software architect in a hospital MIS department, and also VP and CMIO for an EHR vendor for over a decade. Dr. Webster helped three healthcare organizations win the HIMSS Davies Award and is a judge for the annual Workflow Management Coalition Awards for Excellence in BPM and Workflow and Awards for Case Management. Chuck is a ceaseless evangelist for process-aware technologies in healthcare, including workflow management systems, Business Process Management, and dynamic and adaptive case management. Dr. Webster tweets from @wareFLO and maintains numerous websites, including EHR Workflow Management Systems (http://chuckwebster.com), Healthcare Business Process Management (http://HCBPM.com) and the People and Organizations improving Healthcare with Health Information Technology (http://EHRworkflow.com). Please join with Chuck to spread the message: Viva la workflow!

This is my second of five guest blog posts covering Health IT and EHR Workflow.

If you pay any attention at all to interoperability discussion in healthcare and health IT, I’m sure you’ve heard of syntactic vs. semantic interoperability. Syntax and semantics are ideas from linguistics. Syntax is the structure of a message. Semantics is its meaning. Think HL7’s pipes and hats (the characters “|” and “^” used as separators) vs. codes referring to drugs and lab results (the stuff between pipes and hats). What you hardly every hear about is pragmatic interoperability, sometimes called workflow interoperability. We need not just syntactic and semantic interop, but pragmatic workflow interop too. In fact, interoperability based on workflow technology can strategically compensate for deficiencies in syntactic and semantic interoperability. By workflow technology, I mean Business Process Management (BPM).

Why do I highlight BPM’s relevance to health information interoperability? Take a look at this quote from Business Process Management: A Comprehensive Survey:

“WFM/BPM systems are often the “spider in the web” connecting different technologies. For example, the BPM system invokes applications to execute particular tasks, stores process-related information in a database, and integrates different legacy and web-based systems…. Business processes need to be executed in a partly uncontrollable environment where people and organizations may deviate and software components and communication infrastructures may malfunction. Therefore, the BPM system needs to be able to deal with failures and missing data.”

“Partly uncontrollable environment where people and organizations may deviate and software components and communication infrastructures may malfunction”? Sound familiar? That’s right. It should sound a lot like health IT.

What’s the solution? A “spider in the web” connecting different technologies… invoking applications to execute particular tasks, storing process-related information in a database, and integrates different legacy and web-based systems. Dealing with failures and missing data. Yes, healthcare needs a spider in the complicated web of complicate information systems that is today’s health information management infrastructure. Business process management is that spider in a technological web.

Let me show you now how BPM makes pragmatic interoperability possible.

I’ll start with another quote:

“Pragmatic interoperability (PI) is the compatibility between the intended versus the actual effect of message exchange.”

That’s a surprisingly simple definition for what you may have feared would be a tediously arcane topic. Pragmatic interoperability is simply whether the message you send achieves the goal you intended. That’s why it’s “pragmatic” interoperability. Linguistics pragmatics is the study of how we use language to achieve goals.

“Pragmatic interoperability is concerned with ensuring that the exchanged messages cause their intended effect. Often, the intended effect is achieved by sending and receiving multiple messages in specific order, defined in an interaction protocol.”

So, how does workflow technology tie into pragmatic interoperability? The key phrases linking workflow and pragmatics are “intended effect” and “specific order”.

A sequence of actions and messages — send a request to a specialist, track request status, ask about request status, receive result and do the right thing with it — that’s the “specific order” of conversation required to ensure the “intended effect” (the result). Interactions among EHR workflow systems, explicitly defined internal and cross-EHR workflows, hierarchies of automated and human handlers, and rules and schedules for escalation and expiration are necessary to achieve seamless coordination among EHR workflow systems. In other words, we need workflow management system technology to enable self-repairing conversations among EHR and other health IT systems. This is pragmatic interoperability. By the way, some early workflow systems were explicitly based on speech act theory, an area of pragmatics.

That’s my call to use workflow technology, especially Business Process Management, to help solve our healthcare information interoperability problems. Syntactic and semantic interoperability aren’t enough. Cool looking “marketectures” dissecting healthcare interoperability issues aren’t enough. Even APIs (Application Programming Interfaces) aren’t enough. Something has to combine all this stuff, in a scalable and flexible ways (by which I mean, not “hardcoded”) into usable workflows.

Which brings me to usability, tomorrow’s guest blog post topic.

Tune in!