VISTA Enterprise Network - Successful Implementation, World Class Support

Tuesday, July 7, 2009

Point 5: Users and Programmers Need a Shared Forum, part two

Dear Reader,

. . . resuming from part one, yesterday . . .

How to configure Forum and how it works to organize user requests and encourage dialogue are topics we'll spend a great deal of time on in this blog, eventually, but for now I just want to make three observations.

First, someone needs to host this system and supply a VISTA-savvy system manager to run it. This is a responsibility, and it supplies a service that everyone needs, but there is no strategic advantage to being the one who runs it. You can't charge for it without screwing up the VISTA lifecycle, and you can't tamper with the flow of dialogue between users and programmers. It's a responsibility that carries with it shared benefit but no advantage over the other VISTA vendors and organizations. At the moment, the network is testing out the Forum software on its Paideia educational server, and our community could start out by using that until we're ready for a more robust system.

Second, because VISTA is medical software, sometimes problem reports must include patient information to properly diagnose. The only way this is ethical and legal is if all of Forum's users (programmers and users alike) have signed Health Insurance Portability and Accountability Act (HIPAA) agreements to respect the privacy of all patient information they see there. That's only possible if Forum is not open to the world, only to the finite community of actual VISTA programmers and users.

Third, Forum is not an optional or replaceable part of the VISTA lifecycle, though it's the first part that open-source enthusiasts get excited about replacing, usually the moment they hear the words "problem reporting." Everyone wants to use either their home-brewed pet software or else the latest fad that's sweeping the open-source community. Such petty arguments over toolsets are at least half the reason why, eight years after I first proposed setting up a shared Forum system outside VA we still don't have one up and running.

So this time, let's sidestep this problem by starting out with the only hub ever proven to work with the VISTA lifecycle. Later, after the lifecycle is underway and we are all productively developing VISTA we can tinker with our toolset, but for now, I refer you back to the first point I made (five posts ago). Let's try to suppress our urge to tamper with the VISTA lifecycle before we truly understand it.

The shared Forum accomplishes half of the VISTA lifecycle: it gets the development priorities properly set in response to user needs. After that, the second half of the lifecycle is "easy."

Yours truly,
Rick

7 comments:

Rodney H. Kay said...

Again I find myself in complete agreement with you...but...

To set up a FORUM system that would be historically beneficial, you will have to upload the archives from the VA, the IHS, and the DOD. This means a monster coordination effort as well as enough continuous funding to build and maintain a server with a minimum data structure in the many-terabyte range. Once you get there, then as you add users, they are going to have to sign the HIPAA "business associate" agreement that matches the HIPAA security matrix (http://aspe.hhs.gov/admnsimp/nprm/seclist.htm).

To do all of this you are going to need either a well-heeled individual who is willing to make the effort and set up (at a minimum) a 501(c)(6) corporation to be able to accept donations to help carry on the work. You can not charge for access or membership, but you will have to make sure the HIPAA security matrix is satisfied, and I don't believe that includes electronic signatures at the time. If not, then the form will have to be downloaded, signed (notarized) and then mailed back to the entity before the user account could be established.

The biggest key to managing the system would be capacity management. As the number of users grows (and it probably would), then the amount of non-volatile memory consumed would be enormous, even if you keep it a strictly text-based system. The next key would be the administrative nightmare you would be creating with the paperwork and HIPAA compliance.

I totally agree with the need for the system (which is what we tried to get WorldVista to support), but getting past the first hurtles is going to be big.

But then the best things are never easy.

Rodney H. Kay said...

Rick, if you haven't had a chance lately, please check your LinkedIn account.

Unknown said...

First would like to state that I like the way your describing the VistA lifecycle.

Do we need to have FORUM users post patient identifiable information? The requirement can be that examples or other artifacts only have data that is scrubbed of patient identifiable information unless test patients are used.

Regarding archives from VA, DoD, IHS etc. I'm unsure what this refers to. If it means the current mail traffic on FORUM then that would not be appropriate and/or practical. Besides it's routinely purged from the system without an archives.

If for archives the references are to FORUM modules other than MailMan such as the Patch module the size will not be great. Certainly not in the terabyte range. There are currently VistA systems with 300+K patients and 25 years of data in the 300-400 megabyte range.

P.S. Did not World Vista start a FORUM instance several years ago? I'm not sure if it attracted much activity.

Unknown said...

Correction to my previous comment.
300-400 megabytes should read 300-400 gigabytes.

Rick Marshall said...

Dear Rodney,

Ideally, VA and IHS and all other VISTA adopters would pool their NOIS, E3R, and Remedy entries in a common system where we could detect and respond to the insidious cross-system problems that can be very difficult to detect otherwise. However, with the incestuous bunker mentality gripping VA currently, it is not going to happen.

Maybe CIO Roger Baker can shake VA up, return them to a healthy level of accountability and openness. If that happens, we could investigate the possibility of a shared forum, but until then it's hopeless.

Fortunately, even if we have to start over with new bug reports from nonfederal systems, we know from experience it can grow into the kind of communication hub we need.

And yes, capacity management is a huge deal. Fortunately, this is one area where the technology curve gives us a great deal of leverage. Properly managed - yes, no mean feat - a forum system can surf the tech curve with only the usual amount of chaos and disruption.

Yours truly,
Rick

Rick Marshall said...

Dear John Mack,

I agree, we do want to hold back patient information as often as we can, but from experience we know there are some bugs we can't debug without the actual data that contributed to the crash.

We should always seek to recreate problems with test patients before sending our error reports to Forum, but sometimes it is the nature of the bug that it will only reproduce with one patient, or with certain patients sharing some yet-unidentified characteristics that no test patient has.

Obviously this is not the normal case, but it is not unheard of.

When such cases arise, we cannot afford to get bogged down in bureaucratic procedures to open up access to the patient record at that time. What I mean is, we need to do the HIPAA and other confidentiality agreements first, in advance, so that when such scenarios arise everyone is already prepared legally to investigate the problem promptly and get it resolved.

Too often in the last decade VA has sacrificed its troubleshooting responsiveness unnecessarily. This is a good example. With proper agreement in place in advance, with the right legal framework, there's no reason you can't expose patient data in a controlled way to the people who need to see it in order to solve problems that, after all, may be compromising patient care.

A proper communication hub can allow, control, and record that exposure, simultaneously strengthening our HIPAA compliance and improving our responsiveness.

Protection of patient confidentiality (our secondary priority) can and must be done in a way that does not compromise patient health (our primary priority). If we plan in advance and our ruthless in our determination to meet those priorities - i.e., if we're willing to challenge the bureaucratic status quo in order to serve our patients' health and confidentiality - we can meet both priorities.

Yours truly,
Rick

Rick Marshall said...

Dear John Mack,

Regarding the WorldVistA forum instance, this was another example of that organization trying too hard to be everything, to be at the center of everything, spreading itself so thin that projects were never completed, only begun.

We need a functional forum, professionally managed by a small team whose whole mission is that hub. I'm working on getting such a forum with such a team set up and funded.

Yours truly,
Rick