Harvard Medical School: John Halamka, CIO

Dr John Halamka, the CIO of Harvard Medical School, is an early adopter of RFID technology -- he's got a chip implanted in his arm. These tags can keep track of personal medical records, as well as hospital equipment. Halamka talks with ZDNet.com editor in chief Dan Farber about recent advances in patient care, and electronic prescriptions.
Written by Dan Farber, Inactive on

Q: You've been involved in the health care industry as a doctor, as a technologist for many years, and certainly the health care industry has lots of challenges ahead. Health care costs keep escalating. What are the biggest problems you're working on and how are you innovating around them?
Halamka: Well wouldn't it be great if you as a patient could go to any doctor in the country and that doctor would know who you are, what medications you take, the allergies you have; deliver really great high quality cost effective care. Well that would be wonderful if we had a uniform set of standards in this country that would allow your medications, allergies, labs, and other information to go from place to place.

The challenge in health care is not that we have a lack of standards, it's that we have too many. There are over 700 standards in health care. So over the last year I've spent time with the health information technology standards panel, HITSP -- the national effort sponsored by Health and Human Services to unify the health care standards in the country. So, ultimately, once we have a set of standards, you'll be able to get data sent from place to place. We also have to work on privacy and security, make sure there's a good architecture, and then make sure that incentives are aligned so that doctors adopt that technology.

In terms of security and privacy, that's certainly an area of great concern to many people. What can you tell me in terms of innovation that's happened in that area that would make people feel more safe?
Halamka: Sure. In the state of Massachusetts, we've been looking at what's the right way to consent a patient. For example, do you want all your data centralised in a database, but you have the opportunity at the point of care to say 'I opt out, doctor you can't look at that'. Or do you want control at the very beginning? No data gets shared or sent anywhere unless you opt-in for sharing.

So we've started an experiment in our state in three communities, and we've asked patients: What do you want to share, when do you want to share it? Well 96 percent of those patients in our communities have said 'actually I want to share it all in all circumstances when a doctor's caring for me'. So we're building a technology to enable that, we're building the secure transport mechanisms, but most importantly really engaging the patients in being the stewards of their own data.

Is this a technology problem, or is it more of a cultural problem?
Halamka: Really it's policy. We in this country have 50 different policy making organisations called states. They all pre-empt federal HIPAA standards and so clearly we want to make sure we document what are all the policies across the various states, we make sure that we understand what's possible, and once we have a uniform set of policies, then we can build the technology, the security to enforce them. But let's start with policy first.

And on the technology front, what are some of the key technologies that are involved in making electronic health care much more secure?
Halamka: We have the usual Web standards: https and we want to make sure that everything is audited, so that patient has the opportunity to see who looked at what and what they saw. We need to make sure that we have appropriate secure mechanisms like secure e-mail, new standards such as S/MIME gateways, products that enable us to have doctors communicating patient-identified data securely.

We're certainly looking at best practices in other industries, looking at what's going on in the defence community, and making sure that health care has good encryption, good auditing, good controls, and even good authentication. Figuring out who you are before we let you in to see this data.

I know you've been doing a lot of work on the patient health care front. What are some of the issues you've been tackling lately in terms of the doctor/patient relationship and just on an on-going day-to-day basis?
Halamka: You'll see much more press about personal health records, or personally controlled health records. And what this means is the patient becomes the steward of their own data by getting access to the same information that doctors have.

At the same time?
Halamka: Exactly -- now you have to do this carefully, because certainly if I go in for a blood test, and it goes to the doctor, and it goes to me at the same moment, that's probably fine. But what if it's a cancer diagnosis? Do I really want to learn about my cancer diagnosis on the Web? Or, what about an HIV test? So we delay a very few test results that have a high emotional content, so that the doctor can share that information personally with the patient, before it appears on their personal Web site.

For doctors, nurses, anyone in the patient care arena, there's wireless technologies, handheld devices; is that becoming very pervasive at this point?
Halamka: We have two million square feet of wireless at the hospitals I oversee. And of course we want patients and their families to also access the same wireless. Now that's rather tricky. You have to build access points that can both do highly secure, high quality connections, and access points with effectively no security for any patient or family member who opens up a laptop. And you never want that patient downloading a streaming video to somehow impact the quality of service for the doctors and nurses who have mission-critical jobs to do. Wireless rollout in that kind of environment has taken quite a lot of engineering.

How far are you along that path to making it successful to split the network in that way?
Halamka: We're live with patients and doctors in a split network. The doctors get secure access using appropriate security protocols, EFAST, TCP/IP, MIC, WPA; whereas the patients and families have the standard, unsecured network, and it actually goes over a different Internet path. So if they want to download the latest in streaming videos, or look at their stock quotes, no problem, it doesn't impact clinical care.

Now RFID is also an area -- radio frequency identification -- in which you've been a pioneer -- you've put a chip in your arm about a year ago ...
Halamka: I have my medical records right here.

So what's happened since then, because it seems like I don't know many other people who have chips in their arms at this point.
Halamka: Well RFID is becoming more and more common in health care to track equipment. So we have 5,000 pieces of equipment with RFID transmitters on them, this is active RFID, over our wireless networks so we can figure out, well ... where is the closest ventilator? It helps us prevent theft. Helps us be much more efficient about using our supplies.

For the use of RFID, patient wristbands makes sense, not necessarily implanted RFID, I mean that may be good for some people. But I'll tell one exciting area of RFID development -- the ability of RFID sensors to check glucose levels. This means if you're a diabetic, no longer do you have to prick your finger. You scan your RFID to measure your glucose. Those will be coming in the next year to two.

And what about the cost of a device like that -- is it going to be cost prohibitive for most patients?
Halamka: Well RFID like so many technologies is becoming cheaper and cheaper with each passing year. Obviously when you look at Wal-Mart they're seeing 5 cent RFID tags. Well for humans you're still up in the 100 dollar range for implants, but I suspect that will come down over time.

As someone who's managing a fairly large and significant IT infrastructure, I guess you're concerned about data centre in terms of the power, in terms of the cost to cool that data centre. Are you taking advantage of any particular innovations at this point?
Halamka: We're actually spending a lot of time thinking about the use of virtualisation. How do we not put yet another physical server in the data centre, but use our existing hardware inventory much more intelligently. With the idea of both virtualising our servers, virtualising our storage, what we're able to achieve is a much cooler, less power consumptive use of what we already have.

What are you doing in the area of business intelligence, or medical record intelligence?
Halamka: Well we have 100 terabytes of data online. And so we recognise the use of OLAP tools, and business intelligence tools. We do roll-ups and hypercubes of that data for real-time reporting to senior execs. But I'll tell you a place where it's really quite helpful in workflow. Wouldn't it be great if we knew instantaneously what beds were available in the hospital. What patients should go to those beds. What labs just came back. So we've taken really event-driven medicine forward by gathering data in real-time and delivering it to our clinicians just-in-time so they can take appropriate action.

Editorial standards