Three Ways the Health IT Field is Slow to Modernize

Many observers have noted the incongruity of the US federal government paying out billions upon billions of dollars in the Meaningful Use program to convert health organizations to electronic records. No other industry required incentives (or subsidies, or some might even say bribes) to strive for the obvious improvements represented by digital technologies. I might add that no other industry has adopted these digital technologies to so little benefit.

Now that 86% of physicians have an EHR, we can ask why they have made so little progress exploiting digital technologies for such advances as eliminating routine tasks, exchanging health data, or using analytics to improve care. Certainly, a lack of incentives are partly to blame, and payers need to be more aggressive about rewarding long-term care of chronic conditions. (This article is not the place to argue over policies for doing this, such as single-payer.) What I’m going to focus on in this article is three aspects of modern computing that have been enthusiastically adopted by other industries, but seem strangely unappealing to health care providers.

Free and open source software

The unstoppable rise of Linux and other free software tools, such as the Python language, the Git source control system, and the Apache suite of data processing tools, has affected nearly every industry. But one can barely find an outpost in health care using these tools, or any other free and open source software. (I’m using the terms “free” and “open source” here interchangeably, because each term is favored by different groups of practitioners. The salient traits this development model offers are adaptability and community development.)

It must be understood that free software is not necessarily free of charge, even though it can always be downloaded without payment. Most organizations still pay a vendor to vet, install, and support the software. Nevertheless, free and open source software almost always costs a fraction of the fees charged for proprietary software products and services–especially in a bloated vertical market such as health care, where successful companies rack up more money than they know how to use.

On an immediate level, the cost of EHRs does nothing to help already struggling health care institutions, and is routinely blamed for their bankruptcies. Granted, the cost of a new EHR probably lies more in training and conversion than in the licensing fees proper, but the poor design and lack of standardization in the proprietary software adds to these ancillary costs as well.

This is where free and open source software shines: it offers much higher guarantees of compliance to standards and of interoperable data exchange. Ironically, at the same time, open source software is easier to customize and adapt to new situations (such as translating screen text into new languages), because the source code is publicly available and provided with a license that explicitly allows changes.

Open source software provides inherent incentives to promote standards:

  • Developers form communities in order to foster independent but cooperative progress. Changes come rapidly, but the authors of those changes are eager to upload them to the shared repository so that the changes pass into future versions of the software. The benefits of sharing and taking the best of each other’s contributions override any perceived reasons to keep enhancements private–and licenses sometimes reinforce this practice.

    In fact, when a company sees an open source software product take off, the company usually passes control over to a community-based foundation, so that developers feel confident that they can share contributions and participate in decision-making. (Many such foundations, such as the Apache Software Foundation, have been formed to support this community-building.)

  • Developers have no desire to get locked in to working for their current employer, so they ensure that changes are shared with the community and that their version doesn’t diverge in some arbitrary way from the core software.
  • As open source projects become popular, they tend to become de facto standards. Savvy developer organizations, such as the Internet Engineering Task Force, encourage this by favoring “rough consensus and running code.”

Vendors don’t always capitalize on the standard-setting potential of open source software. For instance, the fragmentation of the small industry that built up around VistA made it hard for any company to succeed; a few years ago an organization called OSEHRA was formed to try (with limited success) to bring everyone together into a more conventional and successful open source community.

The health care industry desperately needs the combination of low costs, easy customization, and standard-setting provided by free and open source software. It is hard to see digitization providing much benefit until they move in that direction.

Cloud computing

Another odd aspect of health care is the providers’ insistence on buying and running their own hardware, when other industries are moving to the “cloud” and creating one of the biggest growth opportunies in computing today for vendors such as Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. Certainly, every organization has to consider the unique equation that determines whether it is better off with on-premises equipment or a cloud offering. But the benefits of some kind of remote service are getting more and more compelling as these services improve.

Naturally, the cloud vendors encourage health care organizations to sign up by offering HIPAA-compliant services. And there are scattered services for specialized needs such as storing medical images. But the record of most cloud vendors in health care has been consistently disappointing. Practice Fusion was acquired by another EHR vendor; athenahealth has shrunk considerably. Various issues, such as management problems, could be cited for these particular cases, but the significant point is that the cloud space is not teeming with services in health care as it is in other industries. The Epics and Cerners, with their incompatible and expensive installations, continue to make strides while their cloud-based competitors languish.

Security is a potential victim of this reliance by health care organizations on installing their own systems. Few hospitals can devote the expertise and energy that cloud vendors invest in preventing break-ins. For a cloud vendor, security is fundamental and must be guaranteed. For health care institutions, at best, security is an afterthought and an orphan child.

Cloud installations theoretically create another layer that can be attacked by intruders (the container or hypervisor holding a service), but such attacks are mostly theoretical. I also recognize that most breaches in health care come from poor user management (attacks on passwords, or thefts of unencrypted laptops), but in general the health care providers are relinquishing an important security advantage by keeping records on their own hardware.

Healthcare IT Today is currently hosting a healthcare cloud survey to better understand this specific issue. We hope you’ll take part in the survey to share your insights and perspectives. We’ll be sharing the results with those who participate and in future articles.

Platform ecosystems

The explosion of innovation we are experiencing in the computer field is often attributed to a sharing of tasks between large centralized vendors and small entrepreneurs in a phenomenon known as the platform. This collaboration stems from divergent strengths: large organizations such as Google, Apple, and Amazon have enormous resources for building and maintaining rich infrastructures, whereas the individual entrepreneurs can think up new uses for that infrastructure that the massive vendors wouldn’t implement on their own. So the vendors provide access to parts of their infrastructure through application programming interfaces (APIs), creating an ecosystem for all to enjoy. The results are good for the infrastructure vendors, good for the small entrepreneurs, and good for the public. (Of course, someone has to inspect the apps to guarantee security and privacy.)

The health care industry recognizes the theoretical benefits of platform development but is too stuck in old, proprietary ways to do much with it. The slow advance of FHIR and SMART will hopefully change this. At least these APIs will make it technically easier to create a standard application that can send and receive data to and from multiple EHRs.

The SMART team, having created a stable standard, has spent the past several years trying to persuade the health care industry to create marketplaces for third-party vendors. The creation of such ecosystems would stimulate the faster adoption of analytics and perhaps even more usable user interfaces. But the industry still lacks the vision to move ahead full steam on platforms.

In short, several major technical barriers stand in the way of realizing the promise of digital health systems. These barriers may stem from unfriendly policies and business models, and thus are both symptoms and causes of dysfunction in health care. We can look for wider adoption of open source, cloud services, and platforms as evidence that the health care industry is pulling itself out of its rut.

About the author

Andy Oram

Andy Oram

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space.

Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Add Comment

Click here to post a comment