Computers run our cars, they manage our markets, and increasingly they're in the medical devices that keep us alive.

But go to any doctor and you're still going to fill out a paper form. Get referred to a second doctor and you will probably find a second form. And on and on. The cost of managing this paper helps keeps medicine mired in the 20th century.

Having covered this beat since July, 2007, I have heard many theories. Complexity, government action, and government inaction are the most common.

But I have found mistrust of motives to be much more prevalent.

The most common motive in the U.S. health care system is the profit motive. Everyone wants to make more money. Doctors, hospitals, device makers, drug makers, and insurers are all united in their search for profit.

But profit is a pretty base motive.

Health care, at its heart, is a struggle between life and death. Passionate people of all sorts are drawn to that struggle. Their motives are often absolute, and in the contradictions between absolutes others' worthy motives can be seen as evil.

Take drug company marketing for instance.

In every other industry it is common practice for manufacturers to track sales channels. You want to know how retailers are performing and, if they are not, offer them help to get on track.

(Image of junk mail from Wikipedia.)

In medicine doctors are the retailers. Their prescriptions are filled at pharmacies, which break bulk for manufacturers, turning big bottles of powerful pills into little bottles with instructions and warnings.

Customer relationship management (CRM) software mines the data of pharmacists to learn prescribing patterns among the retail outlets, which drug company "detail men" then try to fix.

In a business sense it's all perfectly innocent. But those are medical records, so in trying to change the patterns of Doctor X, the detail men are trying to change the care of Patients A, B, and C.

Some doctors believe this is interference in their work. But a U.S. Appeals Court has just ruled Vermont can't stop it.

Ever since Latanya Sweeney and UT-Austin researchers showed, early this year, that identities of Netflix subscribers in "anonymous" records can be teased out using software, privacy advocates have been on the warpath, insisting that any use of data in medical studies is a privacy violation.

But there's an assumption in these complaints, namely that researchers, drug companies, or any other economic actor cares about your lumbago, or any of your other personal medical conditions.

They don't. Just because you can track how many tubes of toothpaste remain on a WalMart shelf doesn't mean you care about the person walking out the front door with a tube in their bag.

Not as an individual. Only as a dollar sign. Junk mail doesn't come to your door because the sender cares about you. They only want your money. They have identified you as a prospect. They will measure your decision, and those of others, as data.

If WalMart has some idea of your age, income and psychographic profile, that can inform marketing of toothpaste to people who are like you. The only interest is in following the money.

The same thing is true in medical studies, like those released by the Texas State Health Services to medical researchers of all kinds. Just because identities may, in theory, be teased-out of that data through considerable effort, doesn't make the release of that data a Fourth Amendment violation.

Researchers aren't interested in individuals, only numbers. They have no motive to know who you are.

There are companies with a motivation to tease identifies out of anonymous data. Employers have one, and insurers have one, because health insurance today is risk-rated. That is, people who are likely to become sick pay more for insurance than those who are presumed to be healthy.

The key to protecting privacy, then, is to eliminate the motive for violating it. It's not to halt medical or market research with claims which assume false motives on the part of such researchers. To me, that's Luddism, and I don't mind saying so.

Unfortunately this distrust of motives can infect me as well as others. Does the fact that privacy advocacy winds up halting the use of medical data make privacy advocates Luddites? I am wrong to assume so. I apologize for ever having done so, even though that may be the result of such advocacy.

But until everyone in health care deals with their deep-seated mistrust of others' motives in this business, health IT will continue to struggle uphill.

Fears about the leakage of private health data have kept health an IT backwater since the HIPAA law went into effect.

Why a system where you can't find records and have to re-enter them each time you see a new doctor is considered safer than an automated system remains beyond me. But that's what many doctors believe.

They're acting as data hoarders, no different in their way from kids who download songs from BitTorrent because they fear losing access to them. But the Man wants to put the kids in jail. He coddles the doctor.

Today rules for the Nationwide Health Information Network (NHIN) are being held up by a dispute over whether day-to-day governance will be done through private groups or government rules, said National Coordinator for Health IT David Blumenthal (below).

Questions about implementing privacy and security are delaying recommendations from a Tiger Team tasked with advising the government policy committee which is creating the meaningful use rules.

At the same time activists like Dr. Deborah Peel (above) hover around the media, claiming that EHRs are all "designed for backdoor data mining," deliberately confusing the use of anonymous data in studies with the seizure of individual records by employers or insurers.

Turning records into numbers is the best way of finding out what works in medicine. That's not a privacy violation. Getting fired because your employer found you were seeing a shrink on your own dime is a privacy violation, but that's what EHR systems are designed to prevent, not enable.

Dr. Peel opposes health reform, but rReform is the answer to the problem. Only by eliminating the incentive employers and insurers have to peek at records, by having everyone pay equivalently into a common pool, can we gain a measure of medical privacy.

This is not to say that privacy and security are unimportant. They are. But we have a lot more to fear from insiders putting a few gigabytes of data onto a USB stick and selling that stick to an identity theft ring than from what's in the medical records.

Medical records are financial records first.

The answer to that question lies in secure identity, in better keys that keep both our financial and health records safely under our control. Until this key is in our hand, until we settle on a unique identifier for all personal databases, then privacy is unachievable. We'll be going around-and-around until 2020 looks like 1999 does now.

"Insurers do not compete for insured business on the basis of improving health status and lowering the long-term costs of health care," writes economist Kay Plantes.

Except, she writes (and this is the important point) where companies self-insure.

"The data shows that the self-insured employers are winning at controlling health care costs relative to the rest of us," she writes.

How? By doing precisely what those who supported health reform said must be done.

• Individual risk assessments
• Health savings accounts
• Free primary care
• Case management for the chronically ill

All these are done routinely, in the private market, on behalf of those who have an incentive to capture those savings, she writes.

So how can the rest of the market capture those savings?

Plantes recommends that insurers create statewide pools, before the Affordable Care Act mandates their creation, to which anyone can subscribe, with a simple defined benefit and competition based on this concept of value that has already worked.

She concludes:

I understand why health insurers would not like the single pool – they make a lot of money by having oligopoly-pricing power over small and medium-sized employers and individuals. But can anyone tell me what is wrong with this approach to disrupting the insurance business model? In a nation facing epidemic obesity and diabetes, in adults and our children no less, with costs totally out of balance with health status results relative to other developed nations, disruption is our only health care policy option.

Learning lessons from companies which self-insure is the private market's best chance of resisting a future government takeover. We know what works. The only question is what will make it happen, the private sector or the political system.

Personally I prefer the former.

A Forbes blog post titled "open source makes debut in health care" is making its rounds about the Internet this morning.

It describes an effort by Allscripts to build the equivalent of an "app store" within its online Electronic Health Record (EHR) system. It's called the "Application Store and Exchange."

Apple's app store is not open source.

Even if Allscripts were making all its code visible (which is what open source means) this would not be its introduction to the health care market, either.

Medsphere and other EHR companies based on the VA's VistA system have been around for years. There are many open source companies in health care beyond those devoted to VistA. The whole National Healthcare Information Network (NHIN) effort being conducted by the government right now is geared around open source, visible code that vendors can adapt as they see fit.

This is not to dump on what Allscripts has done here. Giving SaaS customers a secure way to trade enhancements is a great thing. The example cited by Zina Moukheiber, of adapting an e-prescription system to another vendor, is a good thing.

But that's not open source. Apple is not an open source company. Copying Apple doesn't make you an open source company. There is a ton of health IT stuff in the open source world. Open Health Tools is all over it. The government is a big supporter of open source health IT.

But IBM is convinced that the future of health care is in the clouds, and it has been moving steadily, if quietly, in that direction for some years now.

The importance of its deal with the National Marrow Donor Program, which Dave Rosenberg of CNET wrote about yesterday, is that it's a demonstration of what can be done with cloud-sized databases and processing power.

IBM's new deal in Puerto Rico is a beta test of something it can quickly roll out nationwide.

What this means for clinics and hospitals is that most of the gear does not need to be in your office. Collecting EMR data on your patients by hand, and turning a hard drive into your file room, is not the future.

This will be a relief to many doctors who find such systems to be an enormous pain, despite the promise of that sweet, sweet stimulus cash. What they want is actionable advice on what to do for their patients. What they want is an end to the current paper-based runaround.

That's what IBM plans to deliver. The company is working hard on increasing analytics processing speed, because medicine produces great rafts of data that must be tied to other rafts in order to get everyone down to the sea.

In health care, clouds have to be private, they have to be secure, and they have to be managed, or they're no good. Local offices are clients, not servers, so it's interfaces that matter there. An iPad for everyone is fine with IBM --they got out of the client space years ago.

IBM is not wrapping this with a bow and going on TV with it because they want it to work before they sell it to the mass market. But it's clear that they want medical data to live in the cloud, not in the office or hospital, and that they want to be delivering answers, not data.

Which is just what the doctor ordered.

The idea is that its people will help HealthPoint scale its system, which depends on rural clinics and outreach by people using mobile phones. (Picture of a clinic from HealthPoint Services at globalhealthpoints.com.)

The phones will be able to conduct simple medical tests and collect Electronic Medical Record (EMR) data. Prescriptions and (when necessary) safe drinking water will be provided through the clinic network.

All this is the brainchild of Al Hammond, an entrepreneur who helps run an incubator called Ashoka dedicated to creating businesses that do good works.

The story pushed buttons in both the entrepreneur community and among liberal activists. Since HealthPoint will be a for-profit company, it can hopefully scale, which is something philanthropy has a tough time doing on its own.

Of more interest to me is whether this model could be applied to the U.S.

There are many places in America where health care is little better than in rural India. Even parts of my home town of Atlanta.

The traditional way to serve is for a charity hospital to open clinics. These don't scale, and many facilities, like Grady Hospital in Atlanta, have been cutting back on clinic hours.(This is true for their clinic in my neighborhood.)

The result is you're waiting for your customers to come to you, and then making them wait a long time before they get any service. That service, as a result, is emergency service and not wellness service.

An entrepreneurial model for outreach can change this. Having a para-professional, equipped with technology, going into the homes of poor people, collecting data, taking tests, and selling generic medicines directly, might actually work.

It's sort of an Amway model, only more systematized. The question is whether paranoia over privacy and the qualifications of the outreach staff would ever allow this to go forward.

India doesn't share those concerns. It's dealing with customers who have nothing save pride and a work ethic. How long will American pride stay its medical work ethic, I wonder.

(Image from the MedTera home page.)

Those ranks of pamphlets in your doctor's office, talking about common and chronic conditions like hypertension and diabetes? Chances are MedTera sent them.

The pamphlets have big name sponsors who see patient education as important to their mission or their bottom lines.

Online, President David Duplay said, the company has built "a lifelong learning platform. It's built for patients and caregivers who are newly diagnosed, who need to get quality information in their preferred channel."

"It all centers around education," because the lack of education costs big money.

"We followed 3 million patients and saw when they dropped off therapy. Some 29-71% drop off therapy in the first month of diagnosis – people with asthma, with breast cancer, depression, high cholesterol and diabetes. The numbers blow your mind."

Duplay calls these people "rookies at risk" and has produced a case study showing how his integrated use of print, web and mobile technologies can increase compliance, saving lives and money.

He can't be too granular because MedTera isn't an ad platform, and thus isn't collecting data on specific patients. "A lot of people who try to build mobile apps or web sites violate the trust of the patient by trying to capture too much information.

"If you're going to extend the relationship you can't violate that trust. If they come to you looking at something you can't have an algorithm that if they looked at A maybe I should sell B."

MedTera uses a sponsorship business model with publishing metrics. "If I can take you through an educational piece" with quizzes "I know who's come in, I can tell how long you've stayed, how well the content was comprehended. But I'll never guarantee a client I can get 40% of the viewers into this environment."

Everything is done indirectly. "We do patient starter kits that are either sent into the office or come in via a pharmaceutical sales rep. That kit will include information about the diseases, the therapy, it might have a co-pay assistance card, and it gives the patient an option to come into our platform to get more information."

MedTera gets its information from groups like American Heart Association, which has guidelines on blood pressure. If patients are persuaded to download its mobile app,

"You'll answer five or six questions, it will give you a numerical ranking, and it will post that in a calendar. So you can show the doctor your calendar on your iPhone, and he can see how things are going."

I asked how much better things could be if that loop were closed, if the doctor were part of that wellness relationship, coaching, pushing their patient toward compliance.

"The doctor is going to ask if he's being compensated for the time spent on email. Will it reduce malpractice costs? Will third party payers reimburse? What's my liability?

"These are unanswered questions from the medical community, and since most physicians are small practitioners it is going to take a while" to close the loop.

When it can, however, MedTera will be ready.

The winner, Computer Sciences Corp., said it is worth "up to" $230 million. But it's a very short leash. Medicare can opt out after six months, and the deal renews every year after that for six years.

The goal is to create a service-level architecture consolidating "the Standard Data Processing System, the Value Based Purchasing and the End Stage Renal Disease" groups, and supporting "the collection, analysis, reporting and management of claims, clinical, survey and project data from Medicare and Medicaid providers."

In English, upgrade present systems and maintain the most important provider relationship databases. Indian-owned 2020 Company and a management unit of General Dynamics will also work on the contract.

It's an important deal for Medicare, which is expected to find hundreds of billions of dollars in cost savings out of the data it collects during the next several years. Its savings and processes could then inform the insurance industry in bending the cost curve of health care costs.

The driver for these savings is supposed to be the Center for Medicare and Medicaid Innovation, which opened today under Dr. Richard Gilfillan, formerly president of the Geisinger Health Plan.

Geisinger, based in Pennsylvania, is considered a "model" health plan, combining insurance with care, and using "best practices" to maximize quality and minimize cost.

All this is also being announced a day before Berwick testifies to Congress for the first time since his recess appointment, which is also the first Administration testimony on health since Republicans won the House, partly on the strength of opposition to health reform.

In his prepared testimony, which has been made public, Berwick will insist that he can achieve savings without rationing care, through "integrated care" that includes wellness support, and using tools given him under the health reform law.

Expect fireworks. Berwick faces a choice between staying calm under withering criticism or firing back and provoking headlines.

But before grabbing for the popcorn note performance. A short-leash computing contract and the Gilfillan appointment are hard to argue against.

Meaning Based Healthcare is designed to provide diagnostic help as soon as it's installed, and to improve that help as it's fed Electronic Medical Record (EMR) data.

"An EMR on its own will not bring about improvements in patient safety, in cost, in quality," said Joseph Britto, the company's head of medical technologies. "It's like the cable in your home."

What's needed, he said, is the kind of help Bloomberg terminals gave stock traders, a set of analytic tools that tell them what the data means and what should be done about it.

"What we do is we're able to search for patterns within EMR, medical textbooks and journals" on diagnosing, ordering tests, and monitoring treatment.

So unlike other vendors, who can't provide value to doctors until the practice is committed to overhauling their entire back office, Autonomy provides value right away.

"We're able to leverage your EMR patterns, or if you're starting we use the content repositories and silos you have access to," said Britto.

Britto's analogy for all this is the GPS device. What began as a separate unit is now integrated with the dashboard on new cars. "On the road you know when you're lost. In health care we don't know what we don't know when we don't know it." But Autonomy hopes to tell you.

If Americans are familiar with Autonomy, which is based in both Cambridge, England and San Francisco, it's as a "shirt sponsor" for the London soccer club Tottenham Hotspur.

Autonomy evolved its new offering with technology that Britto, who is based in England helped develop at Isabel Healthcare, automating checklists.

"When people are starting off without an elaborate EMR system our platform can handle their intelligent rules. When EMR is present we are able to deliver value within it," he said.

He then issued a challenge to his medical colleagues. "We're at an inflection point. We're the last knowledge sector to get digitized. And we're the most knowledge intensive."

Told that many doctors say they would rather retire than automate, Britto admitted "It's a generational thing. You talk to the digital generation and it's a no-brainer. I talk to medical schools, and the conversation is changing. Yes, they know there must be usability and interoperability. But we can't go on as we have.

"Some 100,000 Americans die every year from preventable medical error. The way toward improvement is improving decisions.

"Some 15% of patients are misdiagnosed. That's the tip of the iceberg. That's 1 in 7. If a pilot told you they had a 1 in 7 chance of landing at the wrong airport we wouldn't take the chance.

"You can have the best word processing software, the best calculator software, but that doesn't make you an expert. These systems will only enable a better quality deicsion. Finance has adopted decision support – why are we in medicine the last to adopt data-driven decision making?"

Why indeed?

The home pages of both companies are currently trumpeting the relationship. SureScripts is calling the offering clinical interoperability services. Kryptiq calls it America's interactive network.

All this starts to become real next month when SureScripts launches messaging based on Kryptiq technology. I wrote about Kryptiq during HIMSS, interviewing CEO Luis Machuca about how its systems get around the FUD concerning HIPAA, allowing doctors to e-mail doctors and patients without worrying about privacy or security.

On Friday ZDNet talked with Cris Ross, an executive vice president for SureScripts and the company's general manager of clinical interoperability services (right, from SureScripts), about the new offering.

"We have 200,000 doctors and 2-300 systems doing 25% of all prescriptions electronically" today, he said. "We want a physician to have one plug into their practice for multiple channels of clinical information. The network advantage of using one network for multiple things can be significant."

Currently, "There is separation between clinical and administrative systems. In the near term we won't be carrying claims or administrative data. This is being built to mainly meet the needs of Meaningful Use stage one, which is clinical exchange between physicians for purpose of continuity of care, discharge notes, referrals, structured and unstructured notes."

The relevant document here is called a Continuing Care Record (CCR). A CCR should be completed after each patient visit, it can be printed and handed to the patient, and it can be sent to another doctor.

"For the last two years we've been carrying CCR records for MinuteClinic to primary care physicians. We've done about 1 million transactions to all 50 states," Ross explained. "Most go through the SureScripts network and then go to a fax, because physicians aren't wired to receive."

This need brought the two companies together. "We've partnered with Kryptiq previously to put end points in place for MinuteClinic. This is a chance to increase that by a couple of orders of magnitude. The SureScripts network is augmented with edge tools provided by Kryptiq so we can do the last mile delivery of clinical messages."

While the firm's press release calls these "health information superstores," the text makes clear that moving Electronic Medical Record (EMR) data in order to extract value from it will be the key driver in this consolidation.

Afsaneh Naimollah (right, from Marlin's Web site) said her conclusion is based on a a series of surveys the company conducted of vendors during the year.

If her name is familiar to readers or other reporters here, her bio says she was on the board of ON Technologies before it was bought by Google, and that she advised on CNET's purchase of TechRepublic.

Naimollah compared what is happening to what Bloomberg and Thomson Reuters did in the finance space. Both companies developed terminals for analyzing market data, which later became services that earn billions of dollars.

Among the players the firm thinks might emerge are tech heavyweights like Microsoft and IBM, telecom companies AT&T and Verizon, and UnitedHealth's Ingenix unit, which has been buying smaller software companies for 18 months now.

What will make the difference will be business models, specifically innovations in how doctors and hospitals pay for Health ISP services.

While acknowledging the role the government's HITECH stimulus, as well as its CONNECT and DIRECT open source projects, have had in jump-starting all this, Naimollah insisted that private interests will drive future standards, much as private interests drive the standards of the current Internet.

Many aspects of the conclusion ring true. Doctors are looking for value from their EMR investments, networks can provide that value, so network applications could well be the "killer apps" that drive change and consolidation in the market.

But while hindsight is 20-20, foresight often isn't. The next few years in this market are going to be very exciting. It doesn't take a crystal ball or a survey to see that.

It's not a long trip.

It's really based on two open source projects:

• CONNECT, which defines interoperability standards for exchanging health data, and
• DIRECT, which defines network standards for moving the data.

How do you get on to these networks? Well, the meaningful use guidelines for that sweet, sweet stimulus cash include interoperability requirements, like those used in CONNECT. So it's not just cash, it's standards. And I've written about the rapid progress of DIRECT before.

A trial of all this has already begun.

With a secure connection you should be able to e-mail your doctor, and they should not fear e-mailing you. Faxing will go away. You will be able to have your records downloaded to a secure location you control. And when a hospital or another doctor needs your record, the doctor's office should be able to get it to them.

It's a problem with lots of layers. Identity. VPN design. File standards. Interfaces. All of which have to work on top of the IP protocol.

Oh, and Fred notes that NHIN no longer stands for National Health Information Network. It stands for Nationwide Health Information Network.

That's because the bureaucrats who came up with the acronym failed to do a complete trademark search. Turns out a Fort Worth company holds the old trademark for their e-prescribe system.

That's not a big deal.

What is a big deal is that the Health Internet is coming on fast. Right now my regular doctor can get prescriptions to my pharmacist and records to the hospital where he has privileges. When my wife needed some imaging done recently, she just showed up at the right time, handed in her insurance card, and was out within minutes.

As that network is linked to other networks via NHIN standards, as the people who build networks and software come to adopt the CONNECT and DIRECT projects into their software, change will come swiftly.

It's easy to be cynical about something that has been delayed a long time, but that's the thing about computing. It doesn't work and doesn't work until it all works, then suddenly it works and we don't have to think about it.

Figure five years at the outside.

Celebrities like Ted Turner and Bill Gates have addressed a throng estimated at 2,700, triple last year's number.

Norway and HP have both announced million dollar contributions. The Department of Health and Human Services announced a program called Text4Health.

Analysts are comparing it with the Lollapalooza festivals, big rock shows that brought in a lot of excitement and money.

The comparison may be unfortunate. Lollapalooza itself has had an up-and-down history. It began in 1991, then died in 1997, and failed twice more as a tour, before being re-defined as a Chicago-only festival in 2005.

On the other hand, the comparison may be apt. Chicago is, among other things, the headquarters town for American medicine. Today's excitement could easily flame out, as alternative rock did in the late 1990s.

Clive Smith is the mHealth Alliance's director of global operations, and told me today that won't happen. "It's getting ready to explode," he said, in a good way.

That's because, especially in the developing world, the technology for this is widely available. "There are many applications that are text or voice based," that run on old "feature phones" (as opposed to "smart phones" like the iPhone and Android.)

Innovations developed for the smart phone consumer market can quickly filter down to the mass global feature phone market, Smith said. "There will be a rapid migration," he predicted.

The group seems well plugged-in to the global philanthropic mainstream. Its board is headed by a venture capitalist, with a philanthropist and two cell phone executives joining him. The staff is headed by David Aylward, a successful Washington consultant.

But it's today's events, mostly held out of public view, that will mainly tell the tale here. These focus on problems with security, privacy and regulation, which have stymied the American adoption of mHealth.

What happened, as I told Smith, is that consumer products outfits like Apple or Nike might launch something cool in the consumer market, but serious medical applications go through a regulatory process, both medical and insurance, which leaves their sales channels with outdated, primitive solutions that cost 100 times more than what you can find on the street.

"The technical solutions have outstripped the regulatory practice." he admitted.

"Clearly there are many specialized interest groups that have concerns about how this will work, which is one reason so much innovation is happening elsewhere. In other countries mobile is the difference between health care and no health care."

The expectation is that clinical studies now coming forward and interest from mainstream IT vendors like HP will break down these barriers.

That's the expectation. Or is it more like a hope?

Why is that?

Dr. Patel suggests fears of malpractice and loss of autonomy are behind the resistance.

The HITECH stimulus, with its meaningful use regulations, aims to break one line of resistance, the idea that gear and training cost a ton of money and time.

That sweet, sweet stimulus cash basically pays for the training and installation hiccups that come with any new system. It can also be used to pay for cool toys like an iPad for every doctor.

But the stimulus doesn't solve these other problems.

The first is a question for lawyers. It should be possible to write an effective "hold harmless" regulation so that doctors aren't liable for mistakes made by software. Damages from this cause should be limited to actual damages -- software won't respond to punitive awards.

If politicians must get involved, how about if Speaker Boehner pushes through a malpractice reform act in the next Congress? At least be willing to negotiate one.

I know, the plaintiff's bar will object. What if the software company knows about a problem and is refusing to solve it, relying on the hold harmless clause to get away with "murder?" There's a difference between malice and mistakes.

If you think you have evidence to prove malice, then sue the software company for malice. Make it a class action. But you need to prove some human acted with intent to cause harm, or reckless disregard. I'd even hold that open to prosecution by ambitious DAs. Make a great TV episode.

The second is more of a cultural problem.

Many doctors still resist checklists. It seems to go against their training, and their instincts, for anyone to question what they're doing in the heat of medical battle.

The solution here, it seems to me, must lie in education. Medical schools should be teaching new doctors to respond favorably to checklists, to be team managers rather than lone wolves. And this needs to become a feature of continuing education.

I suspect the two issues are closely related. If we can get all doctors using checklists, all doctors working as teammates with nurses and other staff, then accepting the aid of software becomes a lower hurdle.

In any case, what seems clear is overcoming these valid concerns needs to be a big concern for the profession, and given the speed with which gear needs to be bought to qualify for that sweet, sweet stimulus cash I have a medical term to add to that.

Stat.

McGaughey, who earned fame launching Eclipse while with IBM, had retired to Asheville and was looking for a way to be of use.

He's been of use.

In just 30 months OHT has launched 57 open health software projects, and now has dozens of members, some of which came out of the medical software field, others best known for their open source work.

Last month the group brought in Chris Mackie from the Andrew Mellon Foundation as its chief innovation officer, assuring a succession plan and continued growth. Mackie is based in Princeton, New Jersey and also gives OHT a physical presence closer to the center of the industry.

The most active project is HL7 Static Modeler Designer, which is now hosted at CollabNet. The goal is to build an HL7 message modeling tool under Eclipse.

This is important, because HL7 codes are how doctors and hospitals get paid. What they do is defined by the codes, which insurers process into bills. They are at the heart of every Electronic Medical Record (EMR) package out there, not to mention the Health Internet.

Secure, reliable messaging on HL7, under open source, will give the medical software field a common language, allowing for interoperability and an end to having to fill out your medical profile each time you see a new doctor.

HL7 tooling was among the group's charter projects, approved in 2007, and the progress being made is tremendous. All sorts of vendors are benefiting from this work, as are hospitals, doctors, and patients.

I had hope when I first interviewed Mr. McGaughey and I am pleased to report that the hope has become a reality.

(MouseTrap. It's more than a Christmas gift. By Hasbro.)

Patents make good sense in medicine. Drugs and devices take money to develop. Patents offer good protection without hampering innovation.

Patents don't make good sense in software. They wind up covering the idea of something, not just a specific expression of it.

I call this the "mousetrap test." You should be able to patent a mousetrap but not the idea of killing mice. Too often software fails the mousetrap test.

Well, this down side of patents are now moving into medicine as software patents are awarded on medical software.

Here's one. Zynx Health, a unit of Hearst, has just won a patent for its software "to establish and maintain an evidence-based best practice approach to providing patient care." If you're scoring at home it's number 7,822,626.

If this just covered the way Zynx Health works there might be no problem. But that's not the way software patent law seems to work.

Bringing best practices, based on clinical evidence, to the patient's bedside is very important. A computer network can hold much more data than any doctor or nurse's memory, and as practices change it can adapt quickly, without even a weekend of coursework.

Every large health IT company is now working on collecting the evidence, on algorithms to analyze it, on ways to deliver it, and on its presentation. Can Zynx now take them all to court?

I hope not, but even the threat of such a move has a chilling effect. It can dissuade start-ups, it can turn capital away from good ideas, and it only makes lawyers rich if we're arguing about a company's rights to do something that's necessary.

Also, while the folks at Zynx may be saints, anxious only to protect their own software algorithms, what if the company should fail? This asset might be picked up, years from now, by a company that's little more than a glorified law firm, a "patent troll" anxious to tax an idea after it is proven in the market.

That's the way it is in software. That's the way it may get to be in medicine, unless the two industries get together and find a way to make the "mousetrap test" law.

With that work nearing completion, the people behind it are asking themselves how big such a group should be. Should it be broad and deep, covering all stakeholders, or narrow and focused so it can move quickly?

It's an important question, because while the original NHIN Direct group contained mainly health IT specialists, big vendors like AT&T are now going to crowd into the market and seek to define its future direction.

An overview of the project, published last month, describes it as "a simple, secure, scalable, standards-based way for participants to send authenticated, encrypted health information directly to known, trusted recipients over the Internet."

Follow the standards, in other words, and you can become a health ISP. Let 1,000 Health Information Exchanges bloom.

Each side of any data transmission will have its own Health ISP. The Health ISP will be responsible for assuring that privacy and security are maintained, that the recipient of the data is authorized to get it, that everything is encrypted and safe.

Essentially, Health ISPs will maintain what amounts to both a virtual private network and a file translation service, which clinics and hospitals will join through contracts.

AT&T, which is already a major backbone provider and Internet Service Provider (ISP), would seem to be perfectly positioned to become a large Health ISP.

AT&T does not want to stop there. It sees itself delivering mobile and cloud services based on the health care applications of various companies it partners with. It said $4 billion in revenue came through last year from health companies.

But what NHIN Direct seems to need most are health ISPs that will stick to their knitting, acting as honest brokers of data between any applications, rather than favoring their own partners.

It remains to be seen whether AT&T will play that way.

Identity thieves know it.

I was honored to talk yesterday with Michael Maloof, CEOCTO of TriGeo Network Security. He was flogging a recent report from the Identity Theft Resource Center indicating that health care suffered 26.3% of all commercial security breaches last year. That's second to retail's 40.5% but well ahead of any other economic sector.

Contrary to what you may suppose, they're not really after your health records. Unless you're famous or an Octomom, they don't care about the secret hangnail you suffered in fourth grade.

They just want your money.

With the records in any hospital or clinic, they can get it. "If they have your Social Security Number, your address and date of birth they can take your persona, pretend to be you," Maloof said.

They can get credit in your name and run up the bills. You may not be charged, because "fraud costs are built into the system," but merchants will be, and those costs will eventually find their way into the prices you pay.

Too many health systems have awful security, Maloof added. "I've seen institutions where every doctor uses the same ID – The Doctor. And the password is known. That's an easy access point for the hacker."

TriGeo offers an appliance that can sit behind your firewall, track user traffic, and detect problem patterns, even detect when someone is plugging in a USB thumb drive. This not only protects against outside criminals, but disgruntled insiders.

Most of the company's prospects are in the mid-market range, hospitals with anywhere from 250-1,000 employees. They may have an Information Technology team but they probably don't have a security expert on staff. At $20-40,000, then, TriGeo's software becomes that security employee.

Don't worry if you're smaller. "In early December we'll announce a virtual version of our appliance which brings the cost down further, and people will start using cloud based services. You'll get it from a service provider."

Just so long as you get something. And use it. If you're in the medical field you are a merchant, and you need a merchant's data security.

The initial agreement covers only WuXi, a city due east of Shanghai near Taihu Lake, but the aim is the whole market.

To accelerate solution development and market adoption, iSoftStone is launching a digital health innovation center in Wuxi, with support from Microsoft. This facility will include a HealthVault datacenter, a test lab for HealthVault software and device developers, and training facilities for solution providers that build on the HealthVault platform. Microsoft and iSoftStone will be responsible for the localization of HealthVault and will lead efforts to identify health and wellness scenarios for which they will recruit or build solutions in-market.

Microsoft is not the first U.S. software company to make a deal for China. MMR Global made a deal to create a Chinese version of its MyMedicalRecords Electronic Medical Record (EMR) last year.

Healthvault, however, is a Personal Health Record (PHR) system. The idea, in the U.S., is that a personal health record is downloaded to a publicly-accessible site and is owned by the patient, while the EMR is created by a clinic or hospital and remains subject to privacy controls.

It would be ironic if China, which is just now building a private health insurance market to replace a system many view as failed, were to develop a mass market for electronic health records faster than the U.S., which has put $19.2 billion in federal subsidies behind its effort.

But that may yet be the case.

The American people "need to be convinced" that their private health matters will remain private, he told a panel hosted by the Alliance for Health Reform.

Blumenthal was responding to case studies presented on Denmark, Sweden and New Zealand, all of which have better health IT infrastructure than the U.S.

The solution offered by Tom Bowden, who presented New Zealand's case, was that all stakeholders be involved in the development of solutions, not just a few.

In the U.S. solutions are generally offered by private companies, and implementation is being driven by the government's stimulus cash.

Asked later about the possibilities of social networking in relation to health problems, Blumenthal called automation of records a pre-condition for that.

Even as Blumenthal spoke, venture capitalist Vinod Khosla was re-tweeting the TED Talk of Eric Topol (above), who touted the possibilities of smartphones for collecting medical data. People can monitor their vital signs on a smartphone and will be able to collect that data with the same technology.

But how can they if privacy is creating such barriers to implementation that no one can move anything for fear someone may be overhearing it?