When it comes to Google Apps, I’m certifiable

Back in mid-2007 I deployed my first instance of Google Apps, replacing a Microsoft Exchange 2003 server. It was a controversial choice back then — Google Apps was still pretty new and it wasn’t yet clear whether Google was going to stick with the platform and build it out. But there were several deciding factors that pushed me to an Apps deployment:

  • I was working at a nonprofit, so Google Apps was free for us; worst case I could always fall back to the in-house system
  • Our Microsoft Exchange 2003 server was constantly running out of space and was a pain to backup
  • We lived under a monstrous waterfall of spam that required a special appliance outside the Exchange box that worked well but was costly
  • Our Internet connection was relatively slow and outrageously expensive, so handling all the mail traffic in-house was painful, especially when the in-house web site was what we really wanted to share with the world, not our email system
  • Our users wanted to send and receive larger and larger files via email, which only strained all of the above factors further

We made the switch, I uploaded a bunch of mail using Google’s then-primitive migration tools,  and I put everyone onto the web-based interface — no Outlook allowed. We did trainings and I spent a lot of time helping users get acclimated to the new way of doing things. This was before drag-and-drop email attachments in Gmail. It was before full compatibility with external calendar invitations. It was before Chrome.

And I was immediately hooked.

Why Go Google?

From an IT perspective, this Google Apps thing was awesome. There were no servers to own, nothing to back up, nothing to manage — aside from creating and deleting accounts. The users had far more space than they’d ever had (7GB at the time) and far more space than I could have ever offered locally at a reasonable price. The system was accessible everywhere, and no matter where you got your mail or looked at your calendar, it functioned the same way. And, as a nonprofit, it was all free! We even started using Google Docs right away, sharing selected spreadsheet data with remote workers and volunteers, allowing for real-time collaboration that at the time was mind-blowingly simple yet powerful.

Since then the Google Apps platform has matured with better features, a more homogenized interface in the apps, better administration tools, more reporting, more granular controls, and great (paid) add-ons for email archiving and spam control. And since then I’ve deployed Google Apps 4 more times, not to mention personal use. My most recent migration was last year, again dropping Microsoft Exchange 2003 and Outlook to go all-cloud all the time.

And then there was this past weekend.

Getting Certified

After managing and evangelizing Google Apps all these years, I stumbled across a certification program for Google Apps nerds like me: the Google Apps Certified Deployment Specialist. So I dug through the Study Guide, re-read a lot of stuff I knew, learned a few new tricks Google has developed in the last couple of years, and paid my testing fee.

The weird part was the testing method. Rather than send you to a local testing center — where you might sit for Microsoft or Citrix or VMware or other vendor exams — this one is done at home or in your office. You can take the test anywhere you have a live Internet connection, a Windows or Mac machine, and a special USB webcam they make you buy. Total cost is about the same as those other exams, but you can schedule it on weekends in evenings and take it at home. They proctor the exam through the webcam and special software.

It worked great. The only thing I was “corrected” on during the exam was the fact that I started to read some of the questions out loud, to puzzle them out audibly. That’s verboten, probably because they fear you’d read the questions out loud so you could either record the questions (and give them away to others wanting to take the exam) or ask someone else nearby to provide an answer. It’s too bad, because I like to “talk out” technical solutions. Oh, well.

61 questions after starting, I had passed the exam, so now I’m certified! It’s the first major cert I’ve picked up since the “good old days” of Windows NT 4 and Lotus Notes and Domino. And it’s fun to have a Google certification, perhaps because it’s so rare. My certificate was numbered “1298″, which suggests there were less than 1,300 people certified when I took the exam. That’s cool — I’m in a group smaller than my high school census (except we’re all certified Google Apps pros!).

Can you use Google Apps in a healthcare environment?

I may need to address this further in a future post, but the short answer is yes. People freak out about HIPAA (as they well should) but the key thing to consider is how you use your email system. Bottom line: If you don’t store or share PHI (protected health information) in your email system, then HIPAA rules don’t apply. And for those that are using email systems (of any kind) to share or transmit patient data, I have a question: Are you out of your mind? Email is a promiscuous platform by design — it’ll “sleep” with anyone and it’s 1 degree away from every email account worldwide — so why would you ever push patient information through it? If it helps, I’ve actually addressed the Apps/HIPAA discussion elsewhere before.

Sidebar: I may also have to write a post someday (really a rant) about email footers with lots of legal language in them — a silly practice that has no force of law behind it. If you want to put in a “please don’t share this” message down there, that’s cool, but stop trying to create unilateral contracts with your footers — that’s not a thing.

All that said, I do think Google needs to rethink their stance on signing HIPAA Business Associate Agreements (they won’t sign them). They either need to start signing or they need to post a definitive position paper on HIPAA issues related to Google Apps. Microsoft has shown a willingness to sign BAAs for Office 365 services, which makes their service more attractive, despite their downtime problems. Google has done a good job addressing the overall security of Google Apps, but they need to go a step further, to assuage the fears of healthcare executives and Boards that don’t understand technology very well.

What’s next?

For now I’m a happy Google Apps administrator, still learning, still sharing tips with users new to the platform. Oh, and I’m a Certified Deployment Specialist, of course! So if you’ve got questions about going Google in your healthcare environment (or any business, really) just let me know. I can answer some questions in the comments or we can take the conversation offline.

Defining informatics for health center teams

I just ran across this great short post on informatics and had to share it. I wish Dr. Gibson had written this post a couple years ago when I first used the word “informatics” with my new health center colleagues. When I said the word, I might as well have been speaking Klingon — no one knew what it was — not the clinicians, the business folks, operations… no one had heard the term. Of course it didn’t help that I recommended we consider hiring an informaticist — a new position that no one knew they needed and couldn’t define. ;-)

At the time, and to some degree even today, there was an expectation that mainline IT staff would fill the role of informaticist for the company. And in some small ways, we do. But not in the big ways, not in transformative ways. Our IT staff are saddled with basic systems maintenance, user support, new system installation and integration efforts, and so on. We’re not clinicians by training. While we listen and learn a little every day about our clinical operations, we’re still not doctors or nurses. (Funny how that works.)

So what is informatics? What does an informaticist do? Dr. Gibson explains it like this (boldface mine):

Important informatics skills include change management (not just IT change management, but culture and process change management as well), business analysis, stakeholder engagement, project management, requirements development, strategic thinking to place projects into a larger vision, building for inter-operability, translating between IT & business, system life cycle, communications, [etc.]). A good informatician can speak the language of both IT staff and program staff, and should be a good communicator and group facilitator.

Informatics skills are not necessarily present in IT departments. A programmer may be very skilled in writing a program to do what he wants, but is rarely skilled in getting the thorough understanding of what users need. The database administrator may be very skilled in structuring a database to run very quickly, but usually does not understand the content well enough to create operational definitions that address what program managers want to know.

My recommendation from a couple years ago was that we needed to hire an informaticist, or at least someone who had clinical background and technical chops. With all the reporting and analysis requirements in UDS, Meaningful Use (MU), and Patient Centered Medical Home (PCMH), not to mention workflow changes needed to meet increasing security and privacy requirements (HIPAA, HITECH) and general efficiency needs, having someone who could drive workflow / care / data change projects and communications would help a lot.

In the end we didn’t hire a classic informaticist, but we do have a high-level manager driving Quality Improvement (QI) efforts, PCMH, and MU, and she’s quite technically capable as well as a licensed provider. So we’re covering the need for now.

It’s possible that at our scale (currently around 130 employees), perhaps a full-blown highly-paid informaticist won’t be necessary in the future. It’s possible the EHR vendors and various governmental agencies will settle on a collection of core measurements and workflows that work for everyone and those features will just be built-in to our systems. (Ha! Sometimes I crack myself up…)

But for now, I would argue everyone in the health center space (50-500 employees) needs to be thinking about hiring an informaticist. Someone that has clinical training. Someone that isn’t afraid of computers and likes data and analysis. Someone that can communicate well and can drive change projects. So yeah… a miracle worker!

Meanwhile, everyone on your management team needs to know what informatics is. Your health center needs to get comfortable with data and change. Because “accountable care” demands proof, and the proof is in the data.

BONUS: Informatics Links

Buzz is building around the Fitbit Flex

Fitbit was one of the first to bring a consumer activity tracker + web site + mobile app ecosystem to the edge of the mass market, and they’ve won a lot of converts over the last couple years. But at the same time, there’s been an explosion of other trackers and platforms for capturing physical movement, encouraging more activity, and viewing and sharing the data collected. Can Fitbit stay on top?

Well, they’re certainly going to try.

This week Fitbit introduced yet another revision to their activity tracking lineup, a new design intended to recapture users that defected to the wristband-style Nike+ FuelBand or the Jawbone Up. And the tech press, in their annual CES frenzy, are trumpeting the announcement as the next big thing:

The details are simple, really. The Fitbit Flex will be $100 and launch sometime in the spring. You can pre-order right now.

For me, Fitbit is challenging my devotion to the Nike+ FuelBand by combining what I liked about the FitBit with what I like about the FuelBand. Mostly. So here’s my take on the pros and cons of old Fitbit, current FuelBand, and the announced Fitbit Flex…

Where the Fitbit One Beats the FuelBand

  • Because the design calls for you to wear the Fitbit near the center of your body mass (at or near the waist), it’s much more accurate when counting steps or overall body movement than wrist- or arm-mounted activity trackers.
  • Fitbit has several data integrations included with its cloud-based platform, so you can send your captured data lots of different places, including Microsoft HealthVault. This bodes well for the Fitbit’s future prospects as a provider-integrated EHR-syncing activity tracking platform. You know… someday.
  • The Fitbit web and smartphone app platform is more feature-complete than Nike’s, especially if you’re anal enough to enter all your foods, moods, water, and any exercises not picked up by the activity tracker. Nike has a great iOS app with Facebook integration for social health purposes, but then so does Fitbit.
  • All the Fitbit activity trackers are cheaper than the FuelBand. It’s $70 and $100 vs. $150. That’s a big difference.
  • The Fitbit One (but not the “Zip” edition) can track steps climbed using an altimeter function. The FuelBand can’t do that.
  • Like the new Flex (discussed below), the Fitbit One syncs wirelessly with low-power Bluetooth 4.0 anytime you’ve got the app running on your smartphone.

Where FuelBand Beats the Fitbit One

  • The Fitbit One is easily lost in pockets, off your belt, and can end up in the washing machine (and then the trash). The FuelBand, by comparison, just goes on your wrist — end of story. It’s snug and doesn’t have to come off much, so you’re not going to lose it easily. This advantage cannot be overstated. Lots of users have switched to the FuelBand because the data captured, while less accurate, is more complete and consistent because the FuelBand is just more likely to be worn.
  • The FuelBand’s integrated display is attractive, engaging, and informative. The Fitbit One’s display is okay and functional, but not all that engaging. For the good stuff you have to hop into the smartphone app.

And Now the Fitbit Flex: Where Does it Win?

  • The Fitbit Flex can be used for sleep monitoring, just like its non-wrist predecessors. The FuelBand skips this feature, though the Jawbone Up matches it.
  • If you can be woken up by a vibrating wrist, then the Flex can be your alarm clock. LIke the Jawbone Up, it will theoretically buzz at the right moment in your sleep cycle so you wake up refreshed. Reviewers seem to think it works. The FuelBand has no such feature.
  • The motion-sensing part of the Flex can be popped out and dropped in a pocket if you don’t want to wear the wristband.
  • The Nike FuelBand is sold in 3 wrist sizes and you have to figure out which one is right for you (I screwed up on my first choice). The Flex comes with 2 bands and has a highly-adjustable watch-style wristband.
  • You can swap out different Flex wristband colors (if you must) by buying additional bands.
  • Using Bluetooth 4.0 means the Fitbit Flex can maintain smartphone connectivity all day without killing either the wristband’s or phone’s batteries. The FuelBand runs on older Bluetooth modes, requiring manual syncing and more power. The Jawbone Up isn’t even wireless, instead plugging in to your headphone jack for syncing.

Potential Fitbit Flex Problems

  • The FuelBand has a smooth, rounded shape across its entire body, but the Fitbit Flex has a blocky, squared-off top that’s much more likely to catch on clothing. I’m also wondering whether the watchband styling will be annoying. I haven’t worn a classic watch in years.
  • Aside from the 5 LED dots, there’s no multi-function display, so it’s a step ahead of the Jawbone Up, which has no display at all, but several steps behind the FuelBand, which can also act as a watch. (Of course, with Bluetooth 4.0 live syncing, you can view your Fitbit stats on your smartphone anytime.)
  • The Flex lacks the altimeter of the Fitbit One, so no tracking steps climbed.
  • While wrist placement is convenient, it’s also far less accurate in measuring activity when compared against the Fitbit One or any torso-bound tracker.

Conclusions: Fitbit Flex Wins, But It’s a Fast-Moving Market

  • The Fitbit Flex is a winner overall, if it works as advertised. Remember that the Jawbone Up was a disaster at launch and took a year to be revised. Time will tell, but Fitbit has successfully built and launched all prior models.
  • The Flex effectively neutralizes the threat of the FuelBand and the Jawbone Up by offering equivalent physical functionality at a lower price.
  • The Fitbit platform is a major advantage you can’t see on the box, but it will matter most in the long run. Their platform is purpose-built and widely-integrated with other apps and web systems. The FuelBand is, let’s be honest, a side project for Nike. The Up is similarly a side project for Jawbone, the Bluetooth headset and portable speaker manufacturer. Fitbit is focused where the others aren’t.
  • For all the good stuff about Fitbit and the Flex, the truth is the quantified self sector is just starting to reach the mass market. Who knows who wins in the long run?

For now, I’ve pre-ordered the Fitbit Flex for myself. And I can report back here in the spring.

Desperately seeking a HIPAA-compliant Ford Mustang

After the harrowing account of a hospice in northern Idaho being slapped with a $50,000 fine for 411 breached patient records, it’s good to see that even the big players — the biggest in the industry — screw up from time to time.

This widely-cited case, first reported by the L.A. Times, tells the story of how healthcare giant Kaiser Permanente got a little sloppy and ended up working with a contractor who stored electronic patient records all over the place, including sometimes storing records — and I love this — in the trunk of his Ford Mustang.

Which raises the obvious question: Are Ford Mustangs HIPAA compliant? What about a Honda Accord? Maybe a PT Cruiser?

And while that’s the wildest part of the story for me, what’s even more fun is the fact that Kaiser and their mom-and-pop patient records handler (yes, literally — mom-and-pop) have been trading accusations in and out of court for the past 2 years, each accusing the other of not caring about patient privacy and data security.

L.A. Times writer Chad Terhune did a masterful job painting a picture of the comical data security with these gems:

  • “On a recent day [the patient records] sat next to a red recliner where Ziggy, the family’s black-and-white cat, curled up for a nap.”
  • “…kept those patient records at a warehouse in Indio that they shared with another man’s party rental business and his Ford Mustang until 2010.”
  • “…Kaiser said the Deans put patient data at risk by leaving two computer hard drives in their garage with the door open. In response, Stephan Dean moved them to a spare room.”
  • “‘We could have sold these emails [with patient records] to somebody in Nigeria, but Kaiser doesn’t care about its patients’ information.’”
  • “‘[Kaiser] should have signed a contract prior to the commencement of this project,” the manager wrote.”

Be sure to read the article all the way to the end. That last sentence is a killer.

Kaiser got into this mess because they gobbled up yet another smaller hospital and needed to absorb all the patient records quickly. So they outsourced the job. No problem there, really. It’s who they outsourced to that ended up being a disaster.

So far, there’s no known patient data breach, which is great for patients. But authorities are investigating and Kaiser’s got a lot of egg on face with such a high-profile piece hitting the Times.

The lessons for your patient data security efforts? Wait… you really need me to spell this out?

It’s simple. You need your own Ziggy — a certified Patient Privacy Attack Cat — and a Mustang. IT’S RIGHT THERE IN THE FEDERAL CODE, PEOPLE.

Updated ‘quantified self’ gear coming this year

The quantified self movement keeps chugging along, with updated tech announcements coming from both Withings and BodyMedia this week.

BodyMedia will introduce an updated version of their arm-mounted health data collector, theoretically shipping in August. The new version is quite a bit more attractive than the current one. It measures activity / movement, sleep patterns, and calories burned. It competes with the Nike+ FuelBand, the FitBit One, and others.

Withings, who first arrived on the scene with a Wi-Fi weight scale, is introducing an updated scale — the Smart Body Analyzer — but also an activity monitor — the Smart Activity Tracker — to compete with FitBit and all the rest. It’s not clear when these products will ship, though Withings is claiming a Q1 release.

The Smart Body Analyzer is the most interesting addition to the field, as it’s bringing more sensors to the party. This thing will get your weight and body fat percentages, like the current model, but it will also capture heart rate and — this is the amazing bit — air quality, in terms of CO2 levels in the ambient air. Captured data syncs via Wi-Fi or Bluetooth, and naturally goes into their cloud-hosted data monitoring system and smartphone apps. You can sync over to Microsoft HealthVault if you like.

Personally, I’m wearing a Nike+ FuelBand right now and I love it. It actually think the FitBit is more accurate, but the FuelBand goes on your wrist and stays there — you don’t lose it off your belt or send it through the wash in your pants. The only one I really want to try out is the Jawbone Up, which has more features than the FuelBand, but lacks the FuelBand’s integrated data display.

Meanwhile, check out this article from AllThingsD on the trends in the space: