Should Health Care Standards be Open Source?

Recently there has been some chatter on Twitter about health standards and open
source, so I thought I would write a little commentary on the topic.

Anyone who knows me well, knows that I am huge fan of Linux and open
source.  This is perhaps why I get so frustrated with the US health
care industry and its general lack of interoperability.  I could use
many standards as an example, however, for this discussion I’m using
the ASTM Continuity of Care Record (CCR) as an example.  Now I’m not
picking on the CCR. The format is XML (good), and while there is always
room for improvement, I think the general structure is reasonable and
workable.  I’d also point out that David Kibbe and Steven Waldren, two
keep champions for the CCR, have always been nice and helpful any time
I’ve asked a question on the list serve. I’m using the CCR as example
just because the barrier to access is so low ($100).  Much of the
following is summarized from an inquiry I made to the CCR list serve
about a year ago.

Why isn’t the CCR Open-Source? Why is there a $100 Fee to Access the Format?

Well those questions can be answered in with a single answer.  CCR
is a product of the standards development organization (SDO) ASTM.  It
is ASTM’s model to charge for access fees to the standards they
create.  I always get the same response every time I ask this
question.  I always hear something similar to, “If we don’t charge for
membership/access, the how else can we pay for the standard to be
developed? …This is the model of the SDO.  Besides, a $100 is such low
barrier”.  Agreed.  $100 is a low barrier, but if you look at some of
the other SDO generated formats, namely HL7, you will find that the
cost is much greater.

My argument is that the $100 really isn’t the point, but it is the
lack of access, the lack of “eyeballs” that this situation causes acts
as an impediment to health care transformation.  The fact that Jack,
the computer science undergraduate, can’t just go download a copy and
start building the next big Health 2.0 company should be a real source
of concern.  I’d argue that the total openness of protocols such as
HTTP, and TCP/IP is one of the key reasons why the Internet itself
works and is generally interoperable.    In the words of Linus
Trorvalds, “Given enough eyeballs, all bugs are shallow”. More formally
“Given a large enough beta-test and co-developer base, almost every
problem will be characterized quickly and the fix will be obvious to
someone.”  Health care standards need to take the same approach.  It is
my belief that a truly open, easy to access format would act as
fertilizer in the garden of health transformation.  I’ve been following
a thread  by @SusannahFox on e-patients.com talking about Open Access to Publicly funded works.
Someone posted a TED talk there of, HTML inventor, Tim Berners Lee
talking about the importance of openness in computer systems.  I
thought I’d share because he shares my sentiments.

A Schema without a Home (URL)?

Not to get too geeky on my readers, but let us consider the
relationship between an XML document at its schema definition (XSD).  A
schema definition is used to validate the adherence to the format of an
XML document.  As many of you already know it is normal XML/Web Service
practice to give the schema itself, the XSD, a URL (web address).  This
way all applications and services that rely on the format can have a
central place to point to for correctness.

So the CCR standard schema (XSD) would have a URL (e.g. http://www.ccrstandard.com/ccr.xsd)?

If the XSD is published on the web, then CCR validation is open to
all applications, developers, doctors and patients on the Internet.  
This would allow http://www.ccrstandard.com/ccr.xsd
to be the true, formal, point or reference for the standard…warding off
one-offs and increasing its overall use and acceptance.  Wouldn’t this
make it drop dead simple for anyone to determine if the output of
HealthVault, Google Health, or other personal health record (PHR) is
indeed compliant with the standard?  My friends this is the way XML and
XSD was meant to be used.  Because of the lack of access, fees. we
cripple the full power of the technology.  Even if we charged only $1,
we still have the same access issues.

For illustration purposes, I’ve created a sample of what the CCR URL header (first few lines of XML in the XSD) would look like:


<?xml version=”1.0″ encoding=”UTF-8″?>
<xs:schema xmlns=”urn:astm-org:CCR
xmlns:xs=”http://www.w3.org/2001/XMLSchema” xmlns:ccr=”urn:astm-org:CCR
targetNamespace=”urn:astm-org:CCR” elementFormDefault=”qualified”
<!–E2369-05, Standard Specification for the Continuity of Care (CCR)
– Final Version 1.0 (V1.0) November 7, 2005,  ASTM E31.28 CCR
<!–Copyright 2004-2005 ASTM, 100 Barr Harbor Drive, West
Conshohocken, PA 19428-2959. All rights reserved.–>
<xs:element name=”ContinuityOfCareRecord”>


<?xml version="1.0" encoding="utf-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema
<!–E2369-05, Standard Specification for the Continuity of Care (CCR)
- Final Version 1.0 (V1.0) November 7, 2005,  ASTM E31.28 CCR
<!–Copyright 2004-2005 ASTM, 100 Barr Harbor Drive, West
Conshohocken, PA 19428-2959. All rights reserved.–>
<xs:element name=”ContinuityOfCareRecord”>

Should we Consider Fundamental Changes to the Role of the Standards Development Organizations?

Now there is nothing wrong with Standards Development
Organizations.  Certainly they need a revenue source just like any
other business. Membership fees and fees to access formats are one way
to achieve this goal. The real question is, should the health care
industry and the US government consider revising the role or at least
the accessibility resulting standards?  There are a lot of taxpayer
dollars going into the development of many of health care standards. 
If it is information about me and my tax payer dollars are paying for
the development, if only in part, then shouldn’t I have access to the
format?  Sure most people don’t care.  But shouldn’t  someone who does
care have the right to access the formats? Even if I wasn’t a computer
scientist, I would still like the idea of the formats being open even
if I never used it.  Just the fact of knowing it is open gives me, the
consumer, a warm and fuzzy feeling.

Could the US government, namely HHS, the newly formed HIT Standards
Committee, HITSP, and NIST find another way to support the SDO while
ensuring all the resulting work product be open access for everyone?  I
truly believe that standards development will accelerate with total
openness.  We will only get to a state of interoperability when the
standards themselves are in the public domain subject to the scrutiny
of the collective open source community.  In the long run, this may
bring down the cost of health IT systems and open up the market by
bringing in even more vendors.  Depending on who you are, or who you
work for, this could be a good or bad thing.  As American citizens
however, we need to demand access to the formats and standards that
your tax dollars help create.  Its your health.  Its your data.  Its
your right.  Write your senators and congressmen!

So world, what do you think?  – Alan

Alan Viars is President and CEO of VIDENTITY Systems.

Spread the love

Categories: Uncategorized

Tagged as:

10 replies »

  1. Why isn’t NIST in charge of publishing open source health care standards? Such is the case in biometrics standards. Maybe this is because biometrics is seen as a matter of national security?

  2. As a developer, I think yes. There is nothing more frustrating than trying to do something innovative, that you know have the technical skills to create, only to have commercial issues get in the way. But I understand that someone has to pay the creators of the standards. It seems like this is an excellent place for the government to put money; standards creators would get paid, it would benefit the public good, and it would open up new markets for innovation based on those standards.

  3. The best way to deploy electronic medical records in a cost and effective manner is to have a central records center operated by an independent agency, and under strict government oversight. Such body should be able to implement an open source database accessible through the Internet in a secure manner, the same way as we access our bank accounts or e-mail.
    The standardized health record form could then be easily created and updated by patients and authorized healthcare providers, using both the patient’s personal ID key (i.e. RSA key) and the provider’s ID key. That way both the patient and the authorized providers can access the record during every visit, update it and keep track of it as needed, in a reliable and very secure manner. There is no need to buy expensive software or hardware.
    Most doctors and healthcare providers already have Internet connection and computers with web browsers capable of encryption and secure authentication. It would save tens of billions of dollars of the stimulus bill that should be better allocated to improve quality and coverage of healthcare where it is most needed. Those institutions that for any reason purchased expensive applications would also save many millions in current and future costs of technical support and license upgrades.
    Open source is the most universal and scalable platform to support the current and future developments and needs of electronic medical records worldwide and the myriad applications that can be used for health prevention and management, as well as for research and policy making.

  4. Some medical standards (e.g., DICOM: http://medical.nema.org and IHE http://www.ihe.net) are free to use. I think that this is the way it should be. But you need to figure out how to pay for the costs of developing a high quality standard. In the case of DICOM, the equipment vendors voluntarily cover the roughly $1 million/yr direct costs and the many millions per year of indirect costs (travel and volunteer salary) that it takes to develop and maintain the standard.
    If you do not solve that problem properly, the “free” standards will be of inadequate quality.
    Making the change to open up DICOM without costing quality took years of effort by many people. There was a lot of organizational pain involved. It shows that it can be done. It also shows that it takes time and care to make it succeed. The IHE effort was free from the beginning, because the sponsors and participants wanted it that way. But this has also been very difficult for some of them. It is hard to make donations of this magnitude in the current economic climate. Both DICOM and IHE still must refer to other standards that are not free, but at least they themselves are free.

  5. It(He,She) is lamentable these things, because a time ago behind wise that the medical services were a problem for many persons and up to the moment they neither find they do not even give any solution, apparently the government forgot what promised and it is now where it is that to there be remembered(reminded), before that is very late, the medical assurance is important for many people, like that they indicate it in findrxonline, the web page that delivers a lot of information about this debate.

  6. Ravi:
    Agreed $30,000 to CCHIT for a small business is too much. They are on record recently saying it is only a marketing tool anyhow. (See Jen McCabe’s blog.) My two cents on that is there should be freely available tools to “self test” and some body such as NIST just verifies…little to no cost.
    I was just using ASTM and CCR as an example. Mainly because CCR IS a good standard and the a barrier IS so low.
    We have much bigger proprietary, closed, problems around HL7, SNOMED, and CPT codes.
    I’m advocating for all health IT standards and codes to be released under a BSD or other similar open source license. If you agree with me, and I know there are a ton of you out there, please send me an email. We are forming an advocacy group to do something about it.
    We feel this is in the best interests of payers, providers, integrated providers, and the government because it will LOWER COSTS. And from a patient’s perspective, I think it is a civil right that a person be able to interpret their record.
    Does this mean that in the future a patient has to be provided with a copy of their health information, but access to the format (so it can be interpreted) costs money? Sure you can open up CCR on Google Health, but can you find a free (not online) tool just to open up and view it? In the case of HL7, the situation is much worse.
    As a US citizen, I say this is a violation of my patient rights, maybe even a violation of my civil liberties.

  7. Standards that are not free are a monopoly in disguise.
    If, for example, the AMA’s Current Procedural Terminology (CPT) codes become the national standard for documenting medical procedures, then HITSP will give the AMA a permanent franchise on the codes. The AMA effectively will have permanent license to charge exorbitant rates for access these codes — which it already does.
    Using expensive codes for industry standards is unheard of in the software industry. You can charge for high-end development tools like Visual Studio, you can charge for server licenses, or you can charge for data like a mailing list, but standards are generally free.
    The argument that these standards need to be maintained by expensive, full-time staff doesn’t hold. It’s stovepipe, Rust-belt, Big Three, you-don’t-know-shit-who-are-you thinking.
    Open source software is developed by a meritocracy of highly motivated, highly redundant teams of developers. If a developer gets too busy to maintain an important piece of software, someone else will step in to maintain it. In the proprietary marketplace, that piece of software is upgraded when the manufacturer sees financial opportunity — not necessarily when the market needs it.
    The AMA has hundreds of thousands of members that are highly qualified physicians and medical students. Some of them have to be technically savvy enough to be able to maintain portions of the CPT code. With Web 2.0 tools and a major recession, it’s actually absurd not to open up and democratize the code. You can still have review by an appointed consortium, but the practicing public is not locked out.
    SNOMED, CPT, HL7 and CCR are not software — they’re evolving standards. They’re the equivalent of a common language like XML, HTML, or CSS, all of which are managed by the World Wide Web Consortium (W3C). These standards are built into the core of all web-related software and are free for all to use. Manufacturers are free to charge for software built on these standards, but the standards themselves are free.
    Even with proprietary technologies like Microsoft’s .NET and Adobe’s Flex, software companies ensure that developers have free access to the technology. It’s common practice to make a software development kit (SDK) available for free, but charge for more feature-rich development tools like Visual Studio or Flexbuilder. This model allows for manufacturers to profit, but also lowers the barrier for developers to enter the field.
    HITSP’s pay-for-standards approach will almost completely shut out innovation by small boutiques (such as my design firm) and individual developers. It paves the way for all sorts of anticompetitive behavior and costly monopolies.
    We’ll all end up footing the bill, with a health information backbone that could ahve been better and far less expensive.

  8. Allan,
    I am going to assume we both mean the same when we use the word ASTM.
    I think there model is prettyy good. They are unbiased. They use rigorous methods to develop the standards and lots of people are academia are involved. I did not know that ASTM is involved in IT and healthcare…but then I have not looked into it.
    I think the thing that is bothersome is people like CCHIT making money for certification….and which also has negative impact on small businesses. Or let me put this way, I have not heard from them a way to make is possible for SMEs. It is a a schuttle (sp) way to monopolize legally.

Leave a Reply

Your email address will not be published. Required fields are marked *