Insist on Open Source What is the idea? Those deciding on health IT solutions should insist on Free and Open Source (FOSS) software. When people use proprietary Health Information systems, there is always one party, the developers of the proprietary system, that has a dramatically skewed proportion of the control of the health information. People will suggest many wonderful ideas on this board: PHR's, transparency, consumerism, Health 2.0, interoperability etc etc. But if those good ideas are implemented in proprietary systems, then the true "owners" of the health information are the vendors. They are the only ones who can change what the software needs to do. This is important because we have no idea what a Health IT applications should be doing in two years. Arguably (just check my comments) the best EHR in the world is VA VistA. It is the best because it was developed with the following way: • Openly, everyone could see the code • Collaboratively, different people did different parts focusing on solving local needs. • Distributed, there was no central body who created the "specs" for VistA That is essentially the open source development model. Freedom is not incidental to the quality of VistA. It is the foundation of VA VistA. Without the local control and the centralized coordination that are the hallmarks of the FOSS development model, we will never realize the potential for software to improve healthcare -Fred Trotter
Why is it important? Proprietary licenses are only good for the vendor: not the patient, not the provider, not the hospital, not the clinic.They put the vendor in control of patient data. One could argue all day about who should "own" patient data, but it should not be the software vendor. All of the good ideas that are proposed here will be tainted by the licensing unless those who are interested in the greater good take a strong stand against those who wish to guarantee thier own profitablity.
Vista is certainly one of the most cost effective solutions out there and the VA has the highest quality outcomes of any system but that might be more a reflection of "owning" their patients versus the IT system they are using. I am a strong proponent of patient's owning their own data if you glance at my other comments you know that vendors who fail to autormacially allow their own clients (hospitals) to exchange data with one another (ie 3 hospitals in CA in the same city with the same vendor and you have to print out paper copies since no one will pay for the IE to exhange patient files between them). The VA is also now carving up some of the Vista modules and recently gave one of the vendors the lab module The biggest challenge with open source software isn't the implementation costs or the technology but the support down the line. There are already private firms that offer to implement the VA system but there have been very few takers so far. Why do you feel that is? Would people be comfortable with one system holding their entire record as long as we don't have guarenteed access to health care? Sherry Reynolds Alliance4Health Comment from Alliance4Health at Alliance 4 Health Would love to hear more about the relationship of privacy to open source systems. Do they provide better potential to protect patient privacy, and if so, how? Comment from dmcgraw at Center for Democracy & Technology responding to dmcgraw .. more about the relationship of privacy to open source systems. Things like privacy and security are mostly trust issues, but with Open Source trust is based on transparency where as in proprietary land, trust is based on reputation. For instance, when Microsoft HealthVault says "We will never share user data without the users permission", we have to accept that on faith based on the fact that Microsoft is a company that does what it says. Now Microsoft usually does what it says, but it also abuses its position in the operating space to perform monitoring. Is Microsoft actually worthy of trust? Who knows. Take Dossia, however. Dossia is based on Indivo which is open source. That means that I can trustbut-verify. If I do not trust Dossia to protect me privacy I have the following options: • Read the source code to see what Indivo does, to ensure that what I see on the front-end is what Dossia is really doing on the backend. • Run my own instance of Indivo so that I know everything that the backend is doing Really the questions should be "How is trust in a Health IT system possible without source code availability?" and then "How is true privacy possible without that trust?" Comment from ftrotter at Open Source Hacktivist Agree with Fred's essay. In economic terms, Electronic Medical Record software is a 'public good' like a lighthouse, not a private good like cars or furniture yet the country still tries to ram that proprietary square peg into that round healthcare hole with predictably poor results that people somehow consider to be normal. There is good uptake of VA VistA in the private sector. Whole states like North Carolina are adopting it. It appears to work nearly every place it has been tried with one exception that I know of and that 'failure' was largely due to massive staff turnover and loss of physician champion than the software. The naysayers are always saying prove it, then after it is proven over and over again (our
American VistA software has worked in numerous foreign countries, people!) they still say it will never work and then you find that they have a tie to a proprietary vendor. Comment from ivaldes1 Another great benefit of this idea is he security of the systems. Open systems have proven to be quite secure due to the openness and exposure. This is critical for ensuring privacy of medical records and generating enough confidence for healthcare providers and consumers to feel comfortable trusting their information to these systems. Comment from GadgetComa I agree with the Fred's piece. Vista is a great EMR. The only issue with it that I can see is it is extremely hard to implement and it is not a web based product. I have heard that a company has developed a web based front end to OpenVista but am not sure. Comment from reddsman There are many good reasons to consider free open source software (FOSS), although, when in terms of privacy, there’s nothing inherent in FOSS that makes it superior to all proprietary products. I’d also add that it’s unwise to limit oneself only to FOSS because there are many truly useful, uniquely creative products that are not licensed as FOSS. Furthermore, there are non-FOSS vendors who do operate for the greater good, and who do give consumers/ patients complete control of their own personal health information, even though their businesses require modest profit to survive. So, it's important to keep one’s eyes and mind open. Comment from SteveBeller at National Health Data Systems, Inc. Regarding Open Source and Privacy: Open source allows for third-party auditing of the source code for security flaws, either that be programming bugs or bad practices. Comment from swaldren at American Academy of Family Physicians Steven wrote in terms of privacy, there’s nothing inherent in FOSS that makes it superior to all proprietary products. Yes there is. With FOSS you can trust-but-verify that the software respects privacy. With proprietary software you can just trust. Arguing that some proprietary vendors are trustworthy does not negate the fact that you have to trust their claims about privacy. They rely on "trust" rather than "trust-but-verify". I have taken this argument one step further in my blog post trust but verify and trust but fork. Comment from ftrotter at Open Source Hacktivist I agree with Fred comments on FOSS with two caveats: 1. Proprietary does not equal commercial. There is commercial value to services that can be provided. OSS allows for the incentive to the vendor to be tied to the service they provide. It also
allows for substitution in the market place, e.g. I don't like the service I am getting from WorldVista I can switch to Medsphere - just an example) 2. Open Source does not equal Vista. What I mean here is not the issue of FIOA vs. open source license. What I mean here is that there is a series of open source health-IT solutions out there to consider. For small ambulatory practices, I have not been convinced that VA Vista (or any of its OSS flavors) is a good choice for an EHR. * Disclaimer: I have a start up OSS healthcare project * Comment from swaldren at American Academy of Family Physicians Regarding I’d also add that it’s unwise to limit oneself only to FOSS because there are many truly useful, uniquely creative products that are not licensed as FOSS. This is the useful vs. freedom argument that is typical of proprietary vendors. They try to get users to pay attention to how useful the software is, rather than focus on the fact that they have given up their autonomy by using it. For people like me, freedom is more important than convenience. Thankfully, there enough people like me who are also working on making useful software that respects freedom by using a FOSS license, that soon there will be very little useful-but-proprietary software that does not have a useful-and-FOSS alternative. Comment from ftrotter at Open Source Hacktivist Regarding: Furthermore, there are non-FOSS vendors who do operate for the greater good, and who do give consumers/ patients complete control of their own personal health information, even though their businesses require modest profit to survive. The question is not whether proprietary vendors "support the greater good". The question is if the "greater good" would be better served with the same software under a FOSS license. Proprietary vendors, by definition, are the only ones who have access to the source code of their Health IT software. Therefore their patients/consumers/users can only use the software in the way that the vendor programs the software. When a user wants to do something that the software does not do, they cannot change the program to do that. Your idea of "complete control" is like saying "I give my children the freedom to run where ever they want, as long as they stay in the park" All companies, FOSS and proprietary alike, require profit to survive, but that profit should not be ensured by trapping users of Health IT software. Comment from ftrotter at Open Source Hacktivist Although is good, this discussion needs balance since few things are black & white. Fred wrote: With FOSS you can trust-but-verify that the software respects privacy. With proprietary software you can just trust. I like your argument, although it is limited to products in which the vendor stores (or at least has access to) a person’s health data. This is not the case with standalone software or other types of products that a vendor sells and then no longer has direct access to them. Fred also wrote: Proprietary vendors, by definition, are the only ones who have access to the source code of their Health IT software. Therefore their patients/consumers/users can only use the software in the way that the vendor programs the software. Three things: (1) There’s nothing I know that prevents a proprietary vendor from opening up to source code to a customer, (2) I’d bet that few customers have the ability to make enough sense of
any source code (FOSS and proprietary) to build in their own routines, and (3) the vendor can always enhance the software to accommodate different customer requests. And Fred wrote: Your idea of "complete control" is like saying "I give my children the freedom to run where ever they want, as long as they stay in the park." I was referring to ways in which patients/consumers/users have control of their data at an “atomic level” such that only they can dictate what data is shared and with whom. Comment from SteveBeller at National Health Data Systems, Inc. I agree with the principles of open source, and always prefer transparency over obscurity. To Deven's point though, simply building an open source system does not guarantee privacy and confidentiality protections for consumers and other actors participating in the system. An additional layer of supporting, enforceable policies (governing the actions of participants) is necessary. From a consumer perspective, I also think it's highly unlikely (nor is it desireable) that the lay public could perform audits on the code to ensure appropriate safeguards, etc... I agree that someone should do it, but that raises the question of governance. Open Source in Public Health http://www.csinitiative.com/publichealth.php There is a very interesting public health open source project in Utah
The TriSano project, launched Sept. 16 under the auspices of the Collaborative Software Initiative, is initially working with Utah state officials to develop a system for monitoring and managing disease outbreaks.
According to an article recently in Govenment Health IT there are already a number of other States interested in the project. One advantage of having public health drive the process is that there is already more of a collaboartive model in that sector and a shared mission. I am following the APHA meeting in San Diego this week so I will send some tweets via "twitter" and see if we can get more of them over here. Sherry (A4H) Comment from Alliance4Health at Alliance 4 Health There is an intriguing set of comments here. But can someone who is not technologically savvy really look into the back end of a system to figure out what's going on? I don't think I'd know the first thing to look for, and if I can't figure it out, I can promise you my grandmother can't. Or are you promoting open source because someone will be able to monitor this (government, nonprofit watchdogs, etc.), which will help improve privacy protections? Just want to understand better. Comment from dmcgraw at Center for Democracy & Technology Regarding But can someone who is not technologically savvy really look into the back end of a system to figure out what's going on? The question is best met with an analogy. Probably, you are not qualified to service your car, your home air-conditioning system, or your plumbing. However, there is a whole market of people that can help you with projects surrounding your car and home. What you, the novice have is ownership, you hire expertise. Suppose you thought it was a good idea to have a toilet on the roof (scrubs), since you own the house, you only need to convince one plumber that this is a good idea. Since you are paying customer you will have no trouble doing this.
A proprietary Health IT system is more like living in an apartment complex or hotel. All changes to the plumbing must go through the management. That does not mean that the will not change the plumbing. It means they will change the plumbing *when it becomes profitable to do so*. Generally that means you get a toilet on the roof only when 1000 other people think its a really good idea. The problem is that in healthcare, the strange, one-off feature request is the norm. That makes proprietary solutions ill-suited. Again, the basic answer to your question is "You need ownership, not expertise" FOSS gives you ownership which changes your relationship with expertise in a positive way. Comment from ftrotter at Open Source Hacktivist This all depends on (a) the kind of relationship a customer has with a proprietary vendor; (b) the dedication, competence and responsiveness of the FOSS development team; and (c) the benefits derived from their respective IT products. Thus, lumping all proprietary solutions into one basket and all FOSS into another, simply isn't justified, imo. Comment from SteveBeller at National Health Data Systems, Inc. But "(a) the kind of relationship a customer has with a proprietary vendor" is always exclusive. It might be good, it might be bad, but whatever it is, there is little a customer can do about it. Whereas "(b) the dedication, competence and responsiveness of the FOSS development team" can vary wildly, but because it is not exclusive it does not matter. If your FOSS support organization sucks, you just fire them, and get someone else. Comment from ftrotter at Open Source Hacktivist Fact: HIT is highly biased towards proprietary solutions. Fact: FOSS in health care is nascent at best. Fact: the cost to develop enterprise IT is huge, and is a significant barrier to the creation of FOS. Open source offers advantages over proprietary software like facilitating interoperability. FOSS will play a growing role in HIT but a better solution would provide the means to include conventional software business models in a broader industry solution, not exclude them. Comment from TimGee at Medical Connectivity Consulting I agree with Tim. We can even take interoperability as a case in point: A socially compassionate vendor offering an innovative proprietary solution for data exchange between disparate systems, which is more cost-efficient than existing FOSS (or other proprietary) solutions, is actually better for the country (humanity). So, enabling FOSS and proprietary software to live together cooperatively makes more sense to me than excluding either. Comment from SteveBeller at National Health Data Systems, Inc. I am a doctor and have an EHR (electronic health record). All I know is that the hospital system, the 3 different labs I work with, the radiology dept, etc all use a different system that will not "talk" with by system unless I get a bridge and pay extra for the uplink to be maintained. WHY can't it all talk together? Why am I charged extra if I want it to? I can go anywhere on the internet and it understands it all. Comment from stargirl65 Open source was a key factor in the VA's transformation into the best hospital system. This model is being replicated in the private sector. Midland Memorial hospital in Texas implemented VistA over
the past three years. It became one of only 14 HIMSS Stage 6 hospitals in a fraction of the time, and for a fraction of the cost. As for VistA support, there is now an entire industry behind it. More details in my newsletter, VistA & Open Healthcare News
. Comment from ramaduro regarding stargirls comments> You probably bought a proprietary EHR system. That means that, for the most part your vendor dictates the cost of "bridges" and everything else. But thankfully you do not have to "buy the bridge", you can use Mirth, an open source bridge, and it will probably do what you need. If not, it will soon.... IT may be expensive, but if it is it will be a reflection of the work involved rather than an arbitrary price. Comment from ftrotter at Open Source Hacktivist RE: A socially compassionate vendor offering an innovative proprietary solution for data exchange Until that company goes out of business, and its software becomes abandon ware. Or the company is bought, and the software is subject to forced upgrade. Your idea fails the seven generation test. Because it focuses on the symptom of the problem, rather than the root cause. Comment from ftrotter at Open Source Hacktivist regarding ftrotter you are right. my system does talk to my lab with HL7 protocols. I suppose the MIRTH would help if I even knew where to start. I have another lab to hook up to, want to do patient portals, and also e prescribing but these all add monthly fees to my base monthly support fee. The base covers the program and annual updates (diagnosis codes, drug names, charges etc) plus program improvements and is already expensive. EHR's do NOT save money. Comment from stargirl65 In response to stargirls comment about interoperability, an alternative to all this confusion is to use a decentralized node-to-node (peer-to-peer) architecture for exchanging data between disparate systems. The problem is that our healthcare system is locked into a complex, costly, conventional, centralized paradigm. Comment from SteveBeller at National Health Data Systems, Inc In response to Fred’s last comment, a socially compassionate vendor with an proprietary solution should open the source code if going out of business and should make sure the company purchaser would maintain its virtues. Likewise, a reputable FOSS vendor should guarantee that there will always be developers willing to support their product. In other words, don’t simply damn all proprietary nor embrace all FOSS products; determine which ones are best and insist on a responsible license. Comment from SteveBeller at National Health Data Systems, Inc. Past experience proves vendors can't give what clinicians need. We simply reject most tools they've created. As a RN and EMR Analyst, I submit to you that software development is like Science by nature because it's collaborative. Medicine and Science are symbiotic. Likewise, IT will be too if it is kept open. VA VistA has many modules created by medical personnel scratching their own itch.
Support for open standards is key. Comment from jesran at CHLUG While the Federal government has not taken a definitive stance on Open Source in Health IT, it has taken the role of setting interoperability standards for Health IT software. (ONC's CCHIT body) Even if the software is not open source - if certified by CCHIT, data would be interoperable with other certified systems. Regarding the question as to why there are fewer takers of VistA - VistA was built in the 90s using an old language - MUMPS. Comment from rleung at CGI I agree that interoperability standards are important, for both FOSS and proprietary software, although it’s a far more complex issue than most realize (see a series starting at this link). And standards ought to evolve continually by seeking and adopting more cost-effective alternatives. This means we need very flexible software systems that can readily adapt to changing standards. And about VistA, I know a company that ported it to a Windows version. Comment from SteveBeller at National Health Data Systems, Inc The key drawback to VA VistA, and almost all EMRs in general, is that they are not web-based. If clinicians could log in from any thin browser they might uptake EMR more enthusiastically. Look to web-based open source projects like OpenEMR (http://www.oemr.org) for traction. Alternatively, VistA may bloom a web-client in the future. As for proprietary vendors the web-based clients still seems like vaporware, i.e. GE Centricity and Eclipsys Sunrise. Comment from jesran at CHLUG Regarding rleung's comment about CCHIT and Interoperability: I would recommend looking at the actual interoperability requirements for CCHIT. There are not very many and they are the standard forms that are widely available ( Lab and eRx). Also the software on the other side of the connection (e.g. laboratory and pharamcy) are not covered by CCHIT. Comment from swaldren at American Academy of Family Physicians Re EMRs not being web-enabled ... Web-based/thin client vs. desktop/rich client: Different benefits in different situations. As with OS and proprietary applications, one shoe does not fit all. And note that certain application server technologies actually enables someone using a browser on the web control to control a desktop application residing a web server. Comment from SteveBeller at National Health Data Systems, Inc. Great idea, great comments, In the open-source debate I would put more stress on: userfriendelyness (+removing bloat) and freedom of flexibility and connectivity, which lead to more employee efficiency and thus better customer-service Some usefull links: Open Source Healthcare (zorgbeheer)
Statement of Matthew King (House of Representatives) Benefits and Limitations of FOSS EHR (CHCF - .pdf) Web2.0 and Social Networking come to Healthcare (Newsweek) Open source versus commercial web software (isite design - on a light note) Comment from bartcollet at zorgbeheer FOSS isn't the core issue. I support the FOSS direction but wish to acknowledge that the issue is support for enterprise applications as much as it is holding an open source license. The ownership of data in today's hospital lies with the hospital even though they use a vendor's system to capture and manage patient data. We need laws that protect patient privacy by making transparent any agreement a vendor seeks to arranage with a health care organization for the purchase or use of the personal health data held by the institution. I think HIPAA provides some protection against the abuses of the past. There probably needs to be more explicit legislation addressing the sale of data, whether it is de-identified or not. The issue of selling data has nothing to do with open source. As a former employee of a major HIT vendor, I would argue that vendors are not in control of patient data. Successful vendors make money by getting the client to assume ownership for the system, to rely on themselves to support it. Yes, vendors maintain backdoors into clinical systems to make sure they can support it when called to and/or to shut if off if the client is in default of the contract, but that access does not represent data control. Clinical information systems have made large advances because there was a profit to be made by building a better mouse trap. If FOSS systems do evolve to eventually match the power of today's HIT systems they will win out in the market place. Brazil is implementing a FOSS health information system that apprears to be brilliantly executed, built around modern tools, able to use industrial strength database products and even includes population health in its overall design. If systems like this continue to emerge their power will be felt in the US. Comment from daross at Public Health Informatics Institute Clearly open source would be more efficient than closed source, if programmers have good motivation and enough time. To achieve this, an unbureaucratic framework seems necessary which makes it financially attractive to create open source code according to the needs of the community, because today usually money seems to be attractive. Comment from wolfgang at UKSH I am not familiar with the details of the various software programs which will link various parts of the medical system and provide interoperability. I do understand the value of this for physicians, hospitals, laboratories, etc. However, I don't think patients want to be the 'owner' of all this data, responsible for sending it to the parties who need it and determining who these are. This is part of the flaw in thinking that patients should become the owner, and discloser, of all their medical information. When it comes to mental health information, there are special problems. HIPAA has an exception about information being shared with patients if the clinician thinks it might cause harm. This is a significant concern for mental health clinicians when the patient is not ready to heat the specifics of how the clinician has diagnosed them. Patients maybe aware that they feel understood by the clinician without knowing the way the clinician understands their problems for quite awhile. Another concern I have about making the patient the owner of his/her records is how this will be implemented by people who may be homeless, incarcerated, unable to understand the disclosure
process, or otherwise off the grid of being able to keep track of their own information. Laura Groshong, LICSW, Director, Government Relations, Clinical Social Work Association Comment from lwgroshong Open source is essential. I have worked in proprietary systems and it is to restricting to be helpful to all the parties that need to be involved.;and there are many parties that need to be involved in this health care coordination of information. Comment from gerrigray at NAMI Laura makes good points. But I don't think anyone is making the case that consumers should control every piece of data used by their healthcare providers. In fact, as things now stand, many states (including mine, NY) don’t even allow consumers get their own blood test results; they must obtain it through a physician. Any way, it would be foolish for a consumer to dictate whether or not their primary care doctor or appropriate specialist should be allowed to view their lab results, imaging studies, etc. as it may be life threatening decision for which consumers are ill-prepared to make. However, they should have control over whether their employer (or others) gets to see this type of health information. Most mental health information, on the other hand, is not life threatening, except, perhaps, suicidal and homicidal ideation/tendencies, knowledge of which providers are already required to report to authorities (along with and sex and physical abuse). But no one is forcing a consumer to reveal such ideation/tendencies if he or she is unwilling to do so. For all other mental health information--including one’s cognitions (thoughts, perceptions), emotions, behavioral tendencies, psychosocial history and relationships, etc.,--I suggest that consumers should have full ownership/control over whom, if anyone, gets to learn about it. And if someone doesn't have the capacity to make determinations about sharing the health information, a health proxy (or other “trusted partner”) could assist them. So, to me, it’s not about having a consumer track and control all one’s health information by disallowing one’s healthcare provider from accessing essential information needed to make lifesaving and wellness decisions. Instead, it’s about having control over who gets to see one's mental health information, and who, other than the physician(s) involved in one's care, is authorized to view one's biomedical information. Comment from SteveBeller at National Health Data Systems, Inc. Regarding Yes, vendors maintain backdoors into clinical systems to make sure they can support it when called to and/or to shut if off if the client is in default of the contract, but that access does not represent data control Wrong. It obviously does mean data control, what you mean is that this data control is typically not abused. But that is just what your proprietary company did. Its great that your company did not abuse its position of power and control. But that does not mean that it is not a position of power and control. Just because one master was good to one slave does counter the argument that the master/slave relationship is fundamentally immoral. Dr. Notes is a perfect example of the "bad master" that demonstrates that the whole type of relationship is not equitable. Comment from ftrotter at Open Source Hacktivist In response to gerrigray's comments, I agree that open source is essential. But not all proprietary systems are too restricting to be helpful to all the parties that need to involved in the coordination of
health information. I offer as evidence a system I've been working on for many years that is specifically designed to forever evolve through collaboration with all stakeholders--see a series of blog posts starting at http://curinghealthcare.blogspot.com/2008/04/personal-health-profiler-part1.html Comment from SteveBeller at National Health Data Systems, Inc I think Fred and other supporters of FOSS in health care are making unfounded assumptions about the history and market dynamics of software in health care. Health care software vendors have always been held to a higher standard. Health care institutions, for the most part, adhere to the “first, do no harm” mantra (which is not part of the Hippocratic Oath, by the way.) They are extremely risk averse. Since we are all consumers of health care services at one point or another, we rely on this being true. It’s inherent in the psyche of most health care professionals. No one wants to be responsible for making a decision that puts patient safety at risk. They, in turn, demand that their vendors show the same commitment towards minimizing risk in the products and services that they provide. The only “right” that they demand is the right to have a system that works and is error free. Many health care institutions have been using automated systems for over 4 decades. The institutions are quite sophisticated and where they lack sophistication, they hire consultants. This is a very competitive industry and smart negotiators will usually get what they want, e.g. putting source code into escrow has become standard procedure. Over the years, many of the traditional, mainstream vendors have allowed access to the internals of their system, admittedly, often with great reluctance, but they do it. They are reluctant not because of fear that someone will steal their code but because they feel that unqualified users can break the integrity of the system and put patient safety at risk. FOSS software in health care has yet to establish a successful track record, and no, VistA is not FOSS even though its development history looks very similar. If one “insists” on FOSS in healthcare their choices become very limited indeed and they lose the “right” to choose a solution that they feel satisfies their business needs. Comment from MikeGinsburg at DSS, Inc. Earlier in this discussion I read: Fact: HIT is highly biased towards proprietary solutions. I don't know that this is true, since HIT (Health Information Technology) is defined by each individual. What some people call HIT would be totally unacceptable to other people. So the term is vague and only means what you think it means. Regardless of this, most Information Technology is biased towards proprietary solutions, because just using a computer isn't generally Information Technology. In many people's minds, just running a website or doing business using a computer isn't generally IT, as IT is defined to include a group of people either as a separate business or a separate department who are dedicated to making sure that using the computer is easy for everyone else in that company. Many people equate proprietary software with control, and feel they can't make money as a business, or can't get allocations as a department, if they don't maintain control. So the above fact is true because the more general statement is also true i.e. that all IT is highly biased towards proprietary solutions, not just HIT. Fact: FOSS in health care is nascent at best. according to one defintion: nascent is 1. [a] coming into existence. I am confused by this statement, and perhaps a little frustrated by it. Source code availability has been a strong aspect of health care computing at least as far back as the 1970s. It is true that the term "Free and Open Source Software" is a new term, but the concept that health organizations shared code with each other, legally and legitimately, has been around a very long time. One of the social factors that
pushed the ANSI standard for MUMPS is that people wanted to share code, and couldn't do it because the various vendors were creating implementations that were incompatible. Also, the idea of "public domain" work by the government, again allowing easy access to source code, and other publications of the government is old enough that it is written into copyright law as a specific detail. I would hope that those sharing the idea of "nascent HIT" just are talking about the idea as only just coming into existence within their own experience, not within the industry as a whole. Fact: the cost to develop enterprise IT is huge, and is a significant barrier to the creation of FOS. I agree that enterprise IT is a huge cost. However, I would expect rather than a barrier, that it would actually be an incentive to the creation of FOSS. Basing your solution on a shared model may be the only way you can get a dependable, reliable, and broad coverage of the field of medicine. Elevating code from locally useful with one or two users, to being used by a large group of people takes time and money. When the large group of people is actually a large number of small groups of people, the only solution might be FOSS, as a proprietary solution can only be advanced by a single entity that has to bear the cost of making the software available to each one of them. This can only happen when the profit/cash-flow of gaining each adopter allow the process to be self-sustaining. If the cost of delivery to one possible adopter is greater than the funds coming back from that delivery, how can you sustain the process? With FOSS, you have multiple delivery agents, but a single expense of development that is shared among all the agents. With the additional comment : Open source offers advantages over proprietary software like facilitating interoperability. FOSS will play a growing role in HIT but a better solution would provide the means to include conventional software business models in a broader industry solution, not exclude them. I generally agree that FOSS makes interoperability easier, but the interoperability problem is actually one of information flow and knowledge representation. It does no one any good if you have a well defined transport mechanism, but you have no way to guarantee that the information you are sending is accepted and interpreted in the way that you meant on your system. The hard part of interoperability is determining where the payoff is for the effort to describe what you are doing completely enough so that you have a good hope that this can happen. There are multiple proprietary and FOSS technologies availabe to allow someone to describe the meaning. The ISO Common Logic standard, CycL (at www.cyc.com), and OWL-Full are good beginnings. Augmenting CCR/CCD with these description technologies to say what the sending system "meant" by the CCR/CCD terms goes a long way. The interoperability issue, as was stated earlier, boils down to cost as much as technology. I'll leave the social and privacy costs to a later posting, and to the other esteemed collegues on this site. Comment from whitten Twenty-six years ago I was introduced to what was then DHCP from the Veterans' Administration. Because is was both free and open we were able to implement it in the Family Practice clinic at UC, Davis and modify it to meet our needs. I'm currently involved in doing the same with VistA at a large Mental Health facility in Washington state. In neither place could we have begun to afford the functionality and flexibility of the VA solution if we had been obliged to use commercial, closed source software. Indeed, in all these years I've seen precious few industry applications that even came close despite sky-high prices for installation, maintenance and customizing. Health care cannot afford to continue paying large sums for marginal applications that we cannot modify and adapt as we need.. Comment from mmendelson