e-HealthExpert.org - Primum non nocere

Leaders often think about succession plans for their direct reports, but what about themselves?
What if I had a serious health problem or accident that impaired my ability to lead my IT organizations? Here's my brief analysis.
BIDMC
My role at BIDMC is to document the strategies prioritized by our governance groups, ensure our organizational chart structure is optimized for executing the strategies, and to find/retain the best people. I also work on the processes that support our strategy including governance, budgeting, and communication.
In the 1990's, I wrote the code that powered our clinical web-based applications and intranet. At this point, we've retired all the code I've written or transitioned its development/support to full time programmers. I am no longer a single point of failure for any application or infrastructure. At BIDMC, about 30% of applications are built and 70% are purchased. Occasionally some stakeholders wonder if building a few applications is a risk. It's actually a risk mitigator. We create the "glue" that links together vendor applications via portals and web-based service-oriented architecture approaches. Since we control the front end that clinicians see for electronic health records and provider order entry we can rapidly add features needed for meaningful use, healthcare reform and Joint Commission requirements. We've implemented novel solutions for medication reconciliation, decision support, and health information exchange. Building what is not available in the marketplace and buying products that are mature is the best way to reduce risk.
Some projects depend upon my strength of will - implementing EHRs for the community, embracing interoperability/standards, and keeping us focused on the large projects that move us forward. If I were to disappear, it is true that efforts to achieve meaningful use would slow significantly. As I've discussed in my blog several times, it takes all the energy and reputation I have to ensure all our clinicians - those in academic health centers and those in small community practices - have all the tools they need and training/education they require to achieve meaningful use.
In any large complex organization, satisfaction with IT goes up and down. As resources are pulled into large projects, smaller projects suffer and stakeholders may feel underserved. As compliance requirements, new regulations, Joint Commission mandates, and senior management signature initiatives appear, existing initiatives may be slowed or cancelled. My role is to foster communication, ensure that governance includes all stakeholders, and to provide a buffer for my staff from the ups and downs of opinion and changing priorities. If I disappeared, the "tyranny of the urgent" may triumph, preventing IT from staying focused on the functionality needed to achieve meaningful use.
HMS
At Harvard Medical School, my role in governance, strategy, structure, staffing and process is similar to BIDMC. I work with research, education, and administrative stakeholders to define their priorities and allocate resources. My major projects include building one of the top 100 supercomputers in the world, providing a petabyte of storage to support translational research, and supporting all the interactive media for over 1000 courses. My role is a balance of managing day to day issues while also engaging all stakeholders in long term planning activities. If I were to disappear, the communication/education of stakeholders and the delicate balance of services among the research/education/administrative communities would suffer.
Overall in my roles as CIO of two institutions, my greatest utility is to provide a common link between the academic/education/research activities of the medical school and the clinical/financial/research activities of the hospital while also leveraging my state and federal activities to ensure BIDMC and HMS are early adopters of federal requirements and participants in pilots. My multi-organizational role provides economies of scale, knowledge sharing, and community-wide visibility for IT activities. My absence would diminish these cross-organizational collaborations, slowing down our work.
My role has evolved substantially over the past decade and I've moved from programmer to convener, from a focus on operations to a focus on innovation, and from technologist to policymaker. Senior leaders owe it to their organizations to periodically reflect on their role and how their organization would carry on without them.

The agenda began with comments from Jon Perlin and me reflecting on the busy Summer, reacting to the final rules, and planning for the future of policies and technologies to support interoperability. I summarized my experience with questions and feedback on the Standards Final Rule. Thus far, questions about consistency of content, vocabulary, and standards named in quality measures have been clarified without requiring changes in the rule.
Sam Karp and Aneesh Chopra summarized the Enrollment Workgroup deliverables that satisfy the requirements of Section 1561 of Affordable Care Act. The recommend use of the NIEM framework to support standards and processes going forward. They recommend the creation of web services on top of existing legacy systems as well as create a reference implementation of running software that could be used by states and other stakeholders (note, this does not imply creating a single Federal hub for all transactions). They recommended use of the HIPAA Content standards (834, 270, 271) and codification of human readable business rules using tools such as OMG’s SBVR. Finally, they made a number of privacy/security recommendations that highlight consumer access to data and disclosure logging.
Deven McGraw and Paul Egerman summarized the Privacy & Security Tiger Team Recommendations. Most important are the consent recommendations that require the patient be provided with an opportunity to give meaningful consent before the provider releases control over exchange decisions. The trigger is when the decision to disclose or exchange the patient’s identifiable health information from the provider’s record is not in the control of the provider or that provider’s organized health care arrangement (“OHCA”), patients should be able to exercise meaningful consent to their participation.
Doug Fridsma provided an overview of Standards and Interoperability Framework and its associated RFPs.
The awardees thus far are:Harmonization of Core Concepts (NIEM Framework) - DeloitteImplementation Specifications - DeloittePilot Demonstration Projects - LockheedReference Implementation - LockheedTesting - StanleyTools and Services - Stanley
The role of the HIT Standards Committee will be to provide oversight, coordination and prioritization advice on the Standards and Interoperability Framework to ONC.
Jamie Ferguson presented the Vocabulary Task Force Update. Judy Murphy and Liz Johnson presented the Implementation Workgroup Update. The work ahead in September is defining the Standards requirements for Meaningful use Stage 2 and 3. It will be a busy Fall!

As a followup to the HIMSS Webinar I gave last week, here's an FAQ in the spirit of last month's Meaningful Use and Standards Rule FAQ.
1.. The Emergency Department is mentioned in 9 Core Measures and 3 Menu Measures, yet industry discussions seem to focus on the ED for CPOE and Discharge instructions. What functions do ED Information Systems need to support? Are these functions for just admitted patients or all ED Patients?
In my conversations with CMS, I believe that CMS will be issuing a corrections notice to clarify the role of the ED in the rule.
2. There are 44 Quality measures for Eligible Professionals. Do EHRs need to support all 44 measures to be certified?
To achieve certification, EHRs must support the 3 Core Measures, the 3 Alternate Quality Measures and at least 3 others from the remaining 38 measures.
3. Can eligible professionals from ancillary service providers such as stand alone radiology imaging centers qualify for meaningful use?
Although it seems a bit of stretch, if these professionals can meet all the meaningful use measures, then can qualify. This implies that radiologists will have to chart weight/height, ask about smoking status, record race/ethnicity etc.
4. The original implementation guide for the CCD specified one preferred vocabulary for each data content type. The Final rule includes SNOMED-CT and ICD9 as problem list vocabularies. Is there an inconsistency?
No, the C32 2.5 implementation guide supports all the vocabularies specified in the final rule. See Keith Boone's blog for details.
The XML for CCD in the C32 v. 2.5 implementation can accept any vocabulary for structured data elements.
5. The Quality Measures in Meaningful use mention vocabularies like RxNorm and SNOMED-CT to compute numerators and denominators. The Standards Final Rule offers vocabulary options. Is this an inconsistency?
No. The Final Rule for certification indicates “Any source vocabulary that is included in RxNorm, a standardized nomenclature for clinical drugs produced by the United States National Library of Medicine.” The Final Rule further difines the following source vocabularies as being included in RxNorm: GS – Gold Standard Alchemy, MDDB – Medi-Span Master Drug Data Base, MMSL – Multum MediSource Lexicon, MMX – Micromedex DRUGDEX, MSH – Medical Subject Headings (MeSH), MTHFDA – FDA National Drug Code Directory, MTHSPL – FDA Structured Product Labels, NDDF – First DataBank NDDF Plus Source Vocabulary, NDFRT – Veterans Health Administration National Drug File – Reference Terminology, SNOMED-CT – SNOMED Clinical Terms (drug information), and VANDF – Veterans Health Administration National Drug File. “Consequently, an one of these “source vocabularies” identified by NLM may be used, or any other source vocabulary successfully included within RxNorm.” (pages 132-133 of DHHS Final Rule 45 CFR Part 170, RIN 0991-AB58)
In creating value sets for the measures, providing 11 options (those listed in the Final Rule) was overly cumbersome, as was selecting NDC codes. By listing medications with RxNorm codes, the measures allow any user of an acceptable source vocabulary to map to the medications required by the measure. The measure criteria, therefore, can be used by any compliant EHR that uses a source vocabulary.
In general the measure specifications provide currently used terminologies as expected in the Final Rule. However, since there is a requirement for billing to use ICD-10 by 2013, the measures also provide, for those considering future implications, ICD-10 and SNOMED for appropriate concepts. While ICD-10 and SNOMED are not required, many have appreciated the ability to consider how to map their local term usage to these potential future options. Note, all measures provide “Groupings” (or nested) value sets which include a number of options. For example, all conditions (diagnoses) include ICD-9, OR ICD-10, OR SNOMED. There is one exception: persistent asthma is not an available concept in ICD-9. Therefore the measure provides an option of “persistent asthma” in ICD-10 OR SNOMED; it also provides the option of “asthma” using ICD-9 with a constraint that severity = persistent. The measures do not seek to require any terminology that is not specified in the Final Rule. The decision to include ICD-10 and SNOMED options was a conscious decision made in concert with CMS.
6. The Syndromic Surveillance implementation guide in the Final Rule seems to be the wrong document - it's the CDC's "Public Health Information Network HL7 Version 2.5 Message Structure Specification for National Condition Reporting Final Version 1.0 and Errata and Clarifications National Notification Message Structural Specification" which is for disease reporting, not symptom reporting.
It's true that the wrong implementation guide is included in the final rule. ONC is hard at work correcting this. We'll discuss it today at the HIT Standards Committee August meeting.

In my recent hiking trip on the John Muir trail, I limited my pack weight to 10 pounds so that I could cover 25 miles a day.
Some backpacks weigh 4-5 pounds when empty.
Mine weighed 13 ounces. It could have weighed 6 ounces if I gave up a bit of durability.
I used the Zpacks Dyneema X 26 holding 2,600 cubic inches.
Dyneema Gridstop is a heavy duty 4.2 oz/square yard. Each white Dyneema thread can hold over 150 lbs. A secondary ripstop grid is angled at 45 degrees.
I've successfully used Dyneema for my outdoor activities for years.
It's abrasion resistant, puncture resistant, and completely sufficient for supporting typical backpack gear weights.
As I hiked, I watched numerous people struggling with 35-50 pound packs.
My advice - start with an 13 ounce pack and only carry what you'll need. You'll enjoy the experience instead of struggling with every step.
A 13 ounce backpack that's stronger than steel - that's cool.

Recently my 17 year old daughter and I discussed my nearly 50 years of experience with life, the evolution of my mindset through time, and my thoughts about roles/responsibilities at each age. I summarized life as
0-10 A time to master the day to day activities of being human11-20 A time to master the process of learning21-30 A time to experience the world, take risks, establish relationships, and seek stable employment31-40 A time to build a household, a family, and a career ladder41-50 A time to build financial security, support growing children, think about wellness, and nurture your relationships51-60 A time to fund college, assist adult children with their increasing responsibilities, and to support aging parents61-70 A time to begin the transition to a different phase of life, pursing those activities that you did not have time or resources to do in the past. Note that this phase is getting later and later in life with many people working past 70. A time to start playing with grandchildren and assisting your children's growing families. Continuing to support aging parents, given increasingly long human lifespans.71+ Exploring new ideas, new places, keeping your mind and body healthy, aging well.
To which my daughter responded - "How depressing...that you think of life as so linear"
I suggested that life is anything but linear. When I was 5, I wrote a first grade homework assignment declaring "I want to be a scientist". When I was 12, computer science seemed like the right direction. When I was 16, medicine and engineering seemed the right approach. Now nearly 50, I'm a CIO, married for 26 years, with a 17 year old daughter. Completely unpredictable and more of random walk than a linear progression.
Of course, my suggested life timeline is a bit traditional and stereotypical. There are hundreds of variations that may involve zero or multiple marriages, zero or many children, zero or dozen careers. I will not measure my daughter's life success by her adherence to my timeline.
Pondering my life experience, I realize that my current mindset in the 41-50 span includes a different set of challenges, goals, and dreams than in my 21-30 span. I'm continually changing. I remember the pride I felt when I exceeded some of my parents capabilities when I was in 11-20 span. I now feel great humility as my daughter begins to exceed some of my capabilities at the same time in her life.
When I'm asked what span is best, my answer will always be, wherever I am now. My current experiences, frustrations, and relationships always seem most appropriate to my current condition. I only look backwards to gather lessons learned, not to relive any previous events. I recently skipped my 30 year high school reunion because the joys and sorrows of my 11-20 span are no longer relevant after the experiences of three decades.
At times, I struggle with the politics, conflicts, and uncertainties of daily living. I think back on the challenges of my 20's and 30's and realize that any anxiety I felt earlier life was over minor and inconsequential events. In my 50's I'm sure I'll feel that same way about my 40's. Realizing that life is a continuous progression with different roles, responsibilities, and expectations at each stage enables us to look forward to the future, relish the present, and learn from the past.
Learn from the past, live in the present, and hope for the future. Onward to the stages ahead!

I've written several blog posts about the need for consent policy and technology.
For 2011, the Meaningful Use Stage 1 data exchanges are a "push" of data from provider to public health, quality registries, and other providers. Consent is obtained by the provider when the patient is present during an episode of care. The consent process will be driven by Federal/State policy and workflow rather than technology.
For 2013, the data exchanges are likely to be "pull" based on patient controlled consent for release of information from institutions. The consent process will be a marriage of policy and technology.
On August 19, the Privacy and Security Tiger Team released its recommendations for the consent policy to support Stage 1 data exchanges.
Here's a powerpoint summary.
Key points include:
When the decision to disclose or exchange the patient’s identifiable health information from the provider’s record is not in the control of the provider or that provider’s organized health care arrangement (“OHCA”), patients should be able to exercise meaningful consent to their participation.
where meaningful consent is defined by
Advanced knowledge/time Not compelled, or used for discriminatory purposesFull transparency and education. Commensurate with CircumstancesConsistent with Patient ExpectationsRevocable
Although granular consent is a desirable future goal (i.e. line item redaction of medications depending on the recipient of the data), technology has not yet evolved to the point where this is widely implementable. It is important that ONC find evidence (such as through pilots) for successful models and not rely on theoretical possibilities. In the interim, patient education is paramount. Realistic expectations about privacy need to be established.
State Health Information Exchanges are busy defining their own policies and technologies to support Meaningful Use Stage 1 Data Exchanges:
Core Set1. Provide patients an electronic copy of their ambulatory, ED or inpatient summary of care record record2. Transmit prescriptions 3. Capability to exchange key clinical information among care providers and patient authorized entities4. Report clinical quality measures
Menu Set (must include at least one public health reporting transaction)5. Incorporate clinical lab tests results into EHRs as structured data6. Provide summary of care record for patients referred or transition to another provider or setting7. Capability to submit data to immunization registries, provide syndromic surveillance and lab data to public health agencies
The guidance from Privacy and Security Tiger Team provides a valuable framework to inform state activities. In Massachusetts, we have Chapter 305, which requires opt-in consent for data sharing.
By adopting a national policy that ensures providers educate their patients about Meaningful Use data exchanges and obtain consent before sharing information with outside organizations, we will ensure that patient privacy is protected.

I've written many blog posts about leadership and the challenges of running large complex organizations. Recently, I've thought about how I have personally changed during my 15 years in healthcare leadership positions.
In my early years, the initial challenges were to break through technical barriers by creating prototype applications and demonstrating the possibilities of the emerging web in the mid 1990's.
I then progressed to organization building, devising the strategy, structure and staffing of a growing IT organization.
From there I evolved to thinking about processes - how to ensure reliability, security, and performance of complex infrastructure and applications.
I then moved on to education - writing and speaking about our efforts inside and outside my organizations.
Where am I today as a leader? I believe I'm a convener.
Whether it's my Federal, State, hospital or medical school roles, my most important leadership task is assembling people with various opinions, some of them very vocal, and achieving a set of priorities, next steps, and policies.
In some ways, I'm becoming less technology focused and more business focused. Many of the technologies that were risky/bleeding edge a few years ago - the web, clouds, clusters, enterprise storage, and thin clients, are now mainstream. My day is less about getting the technology working right and more about ensuring we're using the right technology to meet the needs of business owners. Unfortunately, many business owners do not know what they need, although they have high expectations.
The theme of my next leadership year will be governance.
Of course there is meaningful use, EHR implementation, and privacy policy change - but convening stakeholders via a recognized governance model is a prerequisite to getting those done.
It's painful at times to gather everyone together and hear a multitude of diverse opinions, some of which may be factually incorrect and many of which can be critical. All of us are tempted to 'wait to speak' instead of listen. However, the best way I can serve my staff and ultimately all my stakeholders is to condense the messiness of contentious viewpoints and competition for resources into a well communicated list of priorities.
Now that Meaningful Use Stage 1 and the Standards Rules are final, the pace of my Federal responsibilities will be a bit less. This will give me a chance to focus on Massachusetts and hospital/medical school governance. The measure of my success should be the projects we decide NOT to do, since great governance will set priorities and align them with limited budgets and fixed timeframes. A sign of failed governance is saying yes to everything, flogging staff until they resign in fatigue, and creating general dissatisfaction throughout the organization because scope is too large and resources are too small.
Convening and governance will be my role as a leader over the next year. Only when I can master that can I progress to my next leadership stage.

I've been lucky when it comes to health issues. In my 48 years of life, I've had Lyme disease twice (still not out of the woods), a corneal ulcer caused by windblown grit while kayaking across the Baltic Sea, a benign AV nodal reentry tachycardia, a kidney stone from dehydration, and elevated intraocular pressure (multiple generations of males in my family history had glaucoma). I've never broken a bone, had any GI/Neuro/Pulmonary/Rheumatological issues or taken any chronic medication, other than Xalatan for my intraocular pressure.
My family history is otherwise unremarkable.
Thus, it came as a complete surprise when the call came in at the end of last week that my father was having a posterior/inferior myocardial infarction and was on his way to the cath lab to be stented.
On Thursday night my wife and I flew to Los Angeles to be with him in the ICU.
The process of medical care is like any complex project - there's a technical part and there's a people part. The doctors and nurses did a remarkable job on the technical part. The role my wife and I played was to manage the people part - building confidence in my parents that everything would be okay, that the quality of life would be just fine, that returning home would be safe, and that the future would be bright.
We stocked the refrigerator with low fat vegan foods. We helped interpret patient education materials, discussed life style recommendations, and managed the process of transitioning from inpatient to outpatient.
Hospitals are a great place in a crisis, filled with professionals who can medicate, operate, and heal. But the larger social context of healthcare - the orchestration of emotions, calming of fears, and regaining the cadence of daily life requires a support system.
In the past, extended families lived together or at least clustered together in a community. With increasing specialization of employment, a challenging economy, and the ease of long distance travel, we've lost many of our family support systems. What I experienced was a remarkable coming together of a virtual extended family in support of my father. Colleagues, former employees, and friends gathered together to support my parents. My father was rarely alone during his ICU stay. In a world that can be filled with road rage, competition for resources, and a lack of civility, I was grateful to experience healthcare supported by the community around my family.
The circumstances, a heart attack, were bad, but the outcome was good. My father is back home, back to his usual routine, and the love and respect of his network of supporters will always be with him.

I've returned to Boston, to fast wireless networks, humidity, and traffic.
It's a marked contrast to my time on the John Muir trail. Not better or worse, just different.
On the trail, time slowed to the point that my measurement rubrics became dawn and sunset, the amount of water left in my hydration pack, and the time until my next snack.
I walked about 150 miles through the Sierra, up and down numerous peaks and passes. I gathered wild mushrooms (Leccinum, Lentinus, Agaricus). I ate numerous wild plants (waxy currants, gooseberry, swamp onion, mint). Temperatures varied from the 20's at night to the 60's during the day.
When I rested, I was joined by golden marmots, pikas, chickarees, Belding's ground squirrels, mule deer, and even a beaver, dragging an aspen branch across the trail at dawn.
During the day, my constant companions were Clark's nutcrackers, grouse, hairy woodpeckers, stellar jays, and the occasional great horned owl.
I stored my food in a 6 ounce Ursack, a kevlar bag approved for backcountry use everywhere along the Pacific Crest Trail except in Yosemite and Sequoia-King's Canyon. Since I never slept within the borders of those national parks, I was fine. No bears ever bothered the vegan food I was carrying.
My pack with food and water never weighed more than 10 pounds, enabling me to cover 20-25 miles per day with several thousand feet of daily elevation gain.
I only met two other north bound hikers along the trail but we walked at different paces, so I spent the time in solitude.
The physical challenge was not a problem - once I acclimated to 10,000 feet I had no problem with the hiking. The emotional challenge of being alone in the wilderness, with no one to speak with, no internet connection, and no pressure other than to keep warm and hydrated was admittedly a struggle.
Numerous studies have been done or are in progress to examine the effect of constant connectivity on our brains. We all develop a kind of ADHD, losing the ability to maintain focus, explore issues deeply, and savor the experience of the world around us.
The Last Child in the Woods explores the way our children have lost touch with the rhythm of the natural world.
It took a few days, but I regained the ability to sit on a rock, listen to the wind, and soak in the details of every flower, tree, and waterfall.
It's tempting to believe that I could maintain that reverie for months, living in that archetypal cabin in the woods that many of us dream about.
However, by the end of my trip, I realized that my highest and best purpose at this time in history is to share my technology, management, and problem solving skills with government, academic, and industry leaders to accelerate positive change. If I work hard enough, I can ensure my daughter and her future family never experience a medical error, a problem with care coordination, or a bankrupt healthcare system.
So, I'm back, recharged and rejuvenated, with a new sense of perspective. The world will continue to have its pessimists, its critics, and naysayers, some of whom will direct their ire at me. However, if I just think back to sitting on a rock in the Sierra, not knowing what time it was or having a to do list, I can keep it all in perspective. This time of Stimulus funding, healthcare reform, and meaningful use is creating high pressure, unreasonable deadlines, and unrealistic expectations for everyone. As long as we treat each other right and remind ourselves of the true cadence of the natural world around us, we'll be fine.

For 10 days every August, my family and I travel to an isolated canyon filled with aspen, pine, and wildflowers just north of Mono Lake in the Eastern Sierra.
This year, we'll hike, explore old mines, harvest sage, and study the complex ecosystem of the Mono Basin.
I'll also do a solo hike along 50 miles of the John Muir trail from Mammoth to Yosemite Valley.
From August 6-16, I'll have episodic web connectivity, so I will not be blogging.
By 6pm tonight, I'll be into the wild!

On Fridays I write about emerging technologies that I experience at the office and in my day to day life.
Recently, I wanted to join a colleague for an elegant meal in Washington DC which would enable us to catch up on many strategic issues during our dining experience. (We went to Nora - it was fabulous.)
A few moments after we agreed on the restaurant, an email appeared in my inbox from OpenTable with all the details - where, when, how to get there etc. Really amazing integration of email, the web, calendaring, and restaurant table availability databases.
OpenTable has created a software as a service model for supporting in restaurant and customer facing workflow that is easy to use, convenient, and timesaving.
I was curious about their business model and technology. I did some searching on the web and found a discussion forum entry that seems to explain it all. This is not an official OpenTable communication, so it may not be perfectly accurate, but it seems reasonable.
"I use OpenTable at work, so I can explain it pretty well. I believe the restaurant pays a flat rate per person, and that rate is higher for an online reservation versus a reservation taken in person or over the phone. The "high point" (a kind of coupon) reservations are actually for restaurants that want to fill tables at off-peak hours. I would imagine that these reservations are going to cost the restaurant significantly more than a normal reservation, which is why these are generally seen only at higher end restaurants.
There isn't a certain number of tables that can be booked only through OpenTable. When I make a reservation for someone over the phone, I use an interface quite similar to the one that you use online. The difference is that I can look through the whole book and decide that we can fit in another table at 7:30. So, if you look online and don't see the time slot you want, you can always call the restaurant to see if you can get a table at your desired time.
We can also take notes about your reservation (birthday, anniversary, wants a booth, needs a high chair, et cetera), and also keep permanent notes on each guest (prefers a certain waiter, always gets Fiji water, VIP, etc.). When you put a comment in online, it automatically shows up in our reservation notes. Along with that information, we also see if it's your first time at the restaurant, and if you have OpenTable VIP status."
A web-based, software as a service that supports restaurant and customer workflow. That's cool!

I've written several posts about the need for civility, good karma, and a thoughtful process for every issue.
I have to react to negativity several times each day. As I review my email, I read numerous reports of challenges, frustration, and dissatisfaction. It's an expected part of being a senior leader in large, complex organizations and being a CIO.
Some of these emails have a controversial he said/she said character.
Responding to them requires tact and diplomacy. I want to support and protect my staff but also want to ensure we improve our processes in the interest of continuous quality improvement.
Recently, I read an article about the Shirley Sherrod case by Steve Adubato, who speaks and coaches on leadership and communication. His observations mirror many of the lessons I've learned when reacting to controversy.
*Don’t be so quick to judge if you haven’t heard the entire story.
*Due diligence is critical when it comes to communication.
*Realize how dangerous it is to assume.
*Get the whole message.
As my due diligence progresses, I find that many emails have the quality of Roseanne Roseannadanna (for you 1978-1980 Saturday Night Live Fans).
People misrepresent the facts, distort the truth to suit their own ends, and highlight events that are in their self interest and not the greater good.
It's really important to check out the facts from multiple stakeholders before drawing a conclusion.
It's really important to pick up the phone and talk through the issues, listening and taking an active interest in all sides of the story.
It's really important to suggest next steps, assign accountability, and deliver on your promises.
Understanding the facts, having a dialog, and meeting expectations for followup resolves most conflicts.
As with the Sherrod case, once you know the whole story, most controversies are not what they seem.

Recently at the Massachusetts Health Information Exchange (HIE) Ad Hoc Workgroup we made a list of the 7 services we intend to support in 2011 (Routing, Directories, Certificate management, Vocabularies, Population Health Aggregation, Quality Registries, and Consent) then we created a matrix of solution providers. HIE is an evolving market and I'm convinced that the next year will bring many new entrants. They key will be separating fact from fiction i.e. running software from powerpoint demonstrations. Here are a few thoughts from at the services list.
Routing - In Massachusetts we believe that machine to machine, EHR to EHR, and hub to hub routing is preferable to web-based portals since it ensures the workflow of health information exchanges happens inside the software that clinicians are using to deliver care. There are few machine to machine routing products available in the marketplace. Vendors offering general HIE products include Medicity, Axolotl, RelayHealth, Covisint, Epic, eClinicalWorks, GE, Orion, Medplus, Medseek, CareFx, Intersystems, Microsoft, dbMotion, HealthUnity and Patientkeeper. Of these I know of machine to machine solutions offered by Covisint, Epic, eClinicalWorks, General Electric, Orion, and Intersystems. Verizon is a new entrant and Ingenix is rumored to be preparing an offering. Surescripts offers medication routing and may be expanding into other areas.
Directories - an index of payers, providers, and public health entities is needed as part of routing to direct transactions to the right trading partner. I have yet to find a provider with a standards based (LDAP) or RESTful API for directory query and update. However, there are many sources of provider address data such as the Council for Affordable Quality Healthcare (CAQH).
Certificate Management - Public Key Infrastructure for organizations and providers is key to secure the endpoints in routing transactions. Providers of certificates and management tools include Verisign and Covisint, which has done work for the American Medical Association.
Vocabularies - the Federal Government is the major provider of vocabularies and code sets curated by the National Library of Medicine or licensed from Standards Development organizations.
Population Health Aggregation - There are existing public sector aggregators of data at the Federal (CDC), State (Department of Public Health) and City (local health departments) level. At the moment, I am unaware of commercial companies providing this functionality.
Quality Registries - Companies like Ingenix, and Healthcare Data Services offer aggregation of financial data. Community-wide repositories and specialty specific registries for quality reporting are an evolving marketplace largely comprised of self-built solutions.
Consent Management - Supporting patient controlled consent for health information exchange is key to building trust. There are a few emerging companies, including Private Access.
I welcome comments on other emerging companies in this space and experiences you have had with real world implementations of their products.

I recently joined my team while troubleshooting a complex infrastructure problem affecting our community EHR hosting private cloud.
From years of experience doing this, here are my lessons learned.
1. Once the problem is identified, the first step is to ascertain the scope. Call the users to determine what they are experiencing. Test the application or infrastructure yourself. Do not trust the monitoring tools if they indicate all is well but the users are complaining.
2. If the scope of the outage is large and the root cause is unknown, raise alarm bells early. It's far better to make an early all hands intervention with occasional false alarms than to intervene too late and have an extended outage because of a slow response.
3. Bring visibility to the process by having hourly updates, frequent bridge calls, and multiple eyes on the problem. Sometimes technical people become so focused they they do not have a sense of the time passing or insight into what they do not know. A multi-disciplinary approach with pre-determined progress reports prevents working in isolation and the pursuit of solutions that are unlikely to succeed.
4. Although frequent progress reports are important, you must allow the technical people to do their work. Senior management feels a great deal of pressure to resolve the situation. However, if 90% of the incident response effort is spent informing senior management and managing hovering stakeholders, then the heads down work to resolve the problem cannot get done.
5. Remember Occam's Razor that the simplest explanation is usually the correct one. In our recent incident all the evidence pointed to a malfunctioning firewall component. However all vendor testing and diagnostics indicated the firewall was functioning perfectly. Some hypothesized we had a very specific denial of service of attack. Others suggested a failure of windows networking components within the operating systems of the servers. Others thought we had an unusual virus attack. We removed the firewall from the network and everything came back up instantly. It's generally true that complex problems can be explained by a single simple failure.
6. It's very important to set deadlines in the response plan to avoid the "just one more hour and we'll solve it" problem. This is especially true if the outage is the result of a planned infrastructure change. Set a backout deadline and stick to it. Just as when I climb/hike, I set a point to turn around. Summiting is optional, but returning to the car is mandatory. Setting milestones for changes in course and sticking to your plan regardless of emotion is key.
7. Over communicate to the users. Most stakeholders are willing to tolerate downtime if you explain the actions being taken to restore service. Senior management needs to show their commitment, presence, and leadership of the incident.
8. Do not let pride get in the way. It's hard to admit mistakes and challenging to acknowledge what you do not know. There should be no blame or finger pointing during an outage resolution. After action debriefs can examine the root cause and suggest process changes to prevent outages in the future. Focus on getting the users back up rather than maintaining your ego.
9. Do not declare victory prematurely. It's tempting to assume the problem has been fixed and tell the users all is well. I recommend at least 24 hours of uninterrupted service under full user load before declaring victory.
10. Overall, IT leaders should focus on their trajectory not their day to day position. Outages can bring many emotions - fear for your job, anxiety about your reputation, sadness for the impact on the user community. Realize that time heals all and that individual outage incidents will be forgotten. By taking a long view of continuous quality improvement and evolution of functionality rather than being paralyzed by short term outage incidents, you will succeed over time.
Outages are painful, but they can bring people together. They can build trust, foster communication, and improve processes by testing downtime plans in a real world scenario. The result of our recent incident was a better plan for the future, improved infrastructure, and a universal understanding of the network design among the entire team - an excellent long term outcome. I apologized to all the users for a very complex firewall failure and we've moved on to the next challenge, regaining the trust of our stakeholders and enhancing clinical care with secure, reliable, and robust infrastructure.

On July 27 and 28, the Institute of Medicine hosted a workshop series, Electronic Infrastructure for the Learning Healthcare System: The Road to Continuous Improvement in Health and Healthcare, sponsored by ONC. Here's the agenda and the presentation materials.
The attendees included an amazing array of informaticians, professors, policymakers, scientists, and industry leaders.
I had the opportunity to serve as a panelist for Session 2: Technical strategies: Data Input, Access, Use and Beyond as well as to moderate Session 7: Perspectives on Innovation.
Here are few highlights from those sessions.
Technical strategies: Data Input, Access, Use and Beyond
Doug Fridsma (ONC) - We need a standards and interoperability framework that ensures accountability across the continuum of standards activities from business driven requirements to standards harmonization to implementation specifications to reference implementations to testing to certification. The National Information Exchange Model (NIEM) plus 10 RFPs from ONC will accomplish this. The RFP contractor selections will be announced in a few weeks.
Rebecca Kush (CDISC) - Re-use of data for multiple purposes is key. Rather than thinking of clinical research as a secondary use, we should put syntactic, semantic, and process interoperability in place with appropriate metadata and consent to facilitate data reuse for research with patient permission.
Jonathan Silverstein (University of Chicago) - Clouds are equivalent to remote hosting. Grids are equivalent to federated services. We should outsource complex and mundane tasks to cloud-based grid services providers to enable developers to focus on innovative functional modules.
Shaun Grannis (Regenstrief Institute) - The most important aspects of health information exchange are governance, value sets/mapping, and reassurance/trust in the community. Standards and use cases are not enough.
My summary of the five most important technical strategies for health information exchange:
1. There must be a business case for health information exchange. Meaningful use provides such a business case because stimulus funding depends upon it.
2. Policies must be developed in parallel with technology to build trust for health information exchange among stakeholders.
3. Standards for consent, vocabulary and especially transmission are a pre-requisite for interoperability
4. There is a need for metadata describing the source of data, where in the workflow it was captured, and who captured it.
5. Persistant consent controlled by the patient will enable data reuse as long as good metadata is included during health information exchange to enable opt-in release of selected data for a particular purpose by stakeholders in specific roles.
Perspectives on Innovation
Daniel Friedman (Public Health Informatics Institute) - There are no good data sources for functional status/well being. We need creative informatics solutions to bring together data from disparate sources to support novel applications for population health.
Molly Coye (Public Health Institute) - We need decision support, comparative effectiveness data, telehealth to connect patients/providers, and cloud/grid computing services.
Michael Liebhold (Institute of the Future) - We need "event driven medicine" that combines data just in time to offer decision support to providers. Resource Description Framework (RDF) subject/predicate/object syntax provides us with a toolset to bring semantic interoperability to the web.
Matthew Holt (Health 2.0) - We need navigators/advocates for patients. Social networks are powerful ways to bring together patients, providers, and payers.
My summary of the five most important technical strategies for innovation.
1. Decision support service providers in the cloud will become increasingly important.
2. Novel sources of data including patient sourced data will enable innovative approaches to population health.
3. Event Driven Medicine will enable us to turn data into information, knowledge and wisdom.
4. Social Networking applications are more than just a idle chat. They connect intellectual property, people, and ideas.
5. Identity management - figuring out how to uniquely identify patients and those who need to access data is key to innovative applications.
A great conference. I look forward to the next workshops and the IOM book that will result.

My daughter, Lara, served as an intern this Summer at the Tufts Center for Engineering Education and Outreach, testing and developing the next generation of LEGO Robotics. Her lab notebook is a daily blog, which includes a complete video record of all devices she's built.
Her final project and my Cool Technology of the week (I admit the conflict of interest in presenting my own daughter's work as a Cool Technology on my blog) is a mobile robot that traverses a garden, inserts a sensor into the soil, measures the moisture level in realtime, and selectively applies water as needed.
It's fully functional and demonstrated in these videos.
The interesting personal side effect of her engineering Summer was a life choice.
She has been debating a fork in the road - Environmental Science/Studies at places like Connecticut College/Middlebury or Environmental Engineering at places like Tufts/Dartmouth. Both are admirable careers. The Summer has led her to the pursuit of engineering. Per a recent article in the Boston Globe, environmental engineering will be one of the top 30 jobs by 2018, about the time Lara will be seeking employment. I will support whatever she decides, knowing that life will have many forks ahead for her two brains to explore.

The July HIT Standards Committee meeting focused on a review of the final Meaningful Use/Standards regulations and the processes for the next stage of our work.
Today, the Federal Register published the Meaningful Use Final Rule (down to 276 pages from 874) and the Standards and Certification Final Rule (down to 65 pages from 228).
Karen Trudel and Doug Fridsma began the meeting with an in-depth overview of Stage 1 Meaningful Use and Standards/Certification criteria.
Key discussion points included:
*EHRs do not have to be certified before the 90 day Stage 1 Meaningful Use demonstration period, just by the end. You can start the demonstration data collection before certification is completed. The entire CMS program begins January 2011, so it's possible to demonstrate Meaningful Use January 1 to March 31 using an EHR that is certified February 15.
*Although the Meaningful Use Menu set contains 10 choices from which Eligible Professionals(EPs) must choose 5, one of those five must be a public health/population health measure. Since there are only two choices for EPs, Immunization reporting and Syndromic Surveillance reporting, every professional must demonstrate one of these two public health transactions to qualify for meaningful use.
*Emergency Departments are now included in Hospital measure computation. This may create challenges for some organizations that have 100% CPOE use in the hospital but 0% CPOE use in the ED. Many hospitals have niche systems in the ED that may not integrate into hospital CPOE workflows. There is no question that the ED should have CPOE, but in 2011, not all EDs will. If a hospital has 60,000 ED visits without CPOE and 20,000 inpatient admissions with 100% CPOE use, the computation of 20,000 patients with medication orders entered via CPOE/(60,000 ED patients + 20,000 inpatient admissions) = .25 and thus will not qualify for meaningful use.
*EHRs must be capable of producing electronic Office visit summaries, as discussed in my previous blog, but meaningful use supports (and requires upon patient request) use of paper.
*It's unclear if Meaningful Use/Stimulus payments are taxable income to eligible professionals. No one has clarified this yet.
*The current standards required for patient summaries are CCR or CCD/C32. The current problem list vocabularies are ICD9 or SNOMED-CT. Although the CCR can use ICD9, the CCD/C32 implementation guide requires SNOMED-CT. It may be that the implementation guide will be relaxed to allow either ICD9 or SNOMED-CT for the problem list vocabulary in the CCD/C32.
*The Syndromic Surveillance Standards required are HL7 2.3.1 or HL 2.5.1. Although 2.5.1 has a detailed implementation guide (Public Health Information Network HL7 Version 2.5 Message Structure Specification for National Condition Reporting Final Version 1.0 and Errata and Clarifications National Notification Message Structural Specification), there is no current HL7 2.3.1 guide. It's been retired and is no longer used. Hence it may make sense for ONC to remove HL7 2.3.1 as a possible standard for this transaction. Otherwise it will be challenging to certify the transaction and guarantee interoperability.
*Although no transport standards are currently specified, enabling innovation in this area, it is important than in the future, after we learn more from HIE pilots, NHIN Direct, and Beacon Communities, that some specificity is provided to accelerate interoperability.
*A Smoking status vocabulary has been suggested, but is not a certification criterion.
*Eligible professionals have a choice of quality measures to report (3 core or 3 alternate core plus 3 from a list of 38 measures), thus EHRs have to produce at least 9 quality measures to be certified. The Meaningful Use Final Rule on page 238 states: “In order to permit greater participation by EHR vendors, including specialty EHRs, the certification program will permit EHRs to be certified if they are able to calculate at a minimum three clinical quality measures in addition to the six core and alternative core measures.”
*Medication Reconciliation needs only to be done between institutions not within an institution to satisfy the Meaningful Use measure.
Doug also informed the committee that of the 10 Standards and Interoperability Framework RFPs, two have been awarded - the NHIN RFP to Stanley (a large consulting company) and the Standards Harmonization RFP to Deloitte. It will be interesting to see how the Standards Harmonization activity serves as a successor to HITSP.
Next, Jamie Ferguson discussed the need for a framework to support clinical summaries of all kinds. The committee discussed that a modular, CDA-template-based approach would work well. Efforts such as hData and Green CDA are complementary to this idea. Basically, anyone needing to send a summary document for a particular purpose could assemble CDA templates as needed to create a human readable and computable content package. We also agreed to followup on any modular approaches the CCR authors may be working on.
Jamie updated us on the Vocabulary Task Force and its upcoming hearings. Our hope is to document the requirements for a vocabulary/codeset resource containing all intellectual property needed for Meaningful Use in a web-based repository.
Janet Corrigan and Floyd Eisenberg described the process of work group meetings and information gathering to specify the stage 2 and 3 quality metrics.
I had to leave the meeting to moderate the afternoon session of the ONC/Institute of Medicine Building a Learning Healthcare System conference. I'll blog about that on Monday.
Per Jon Perlin, the afternoon of the HIT Standards Committee meeting including a rich discussion of the Privacy and Security Tiger Team Update by Deven McGraw/Paul Egerman, an Enrollment Workgroup Update, and public comment. During the public comment period, the committee was deeply moved by a speech from the mother of a child with a serious illness. She thanked the committee for all their work to date to empower patients and improve the quality, safety and efficiency of care. Regulations are final, stakeholders are thankful, and we're making progress! Thanks to everyone who has contributed the process thus far.

On summer evenings and on weekends I kayak the Charles River, exploring its twists and turns through the western suburbs of Boston.
This section of the river is secluded, quiet, and filled with natural wonders. Here are a few of my favorite spots. Note that I paddle upstream first when I'm fresh, then enjoy the boost of the downstream current when I'm tired.
South Natick to Rocky Narrows - 5 miles/10 miles round trip I put in my kayak just above the South Natick Dam and paddle upstream under Sargent's bridge, a beautiful oriental footbridge spanning the Charles. I continue past the praying woman statue, which Sargent placed on the south side of the river. For the next 3 miles, the river winds near the Audubon Broadmoor preserve, the Peters Reservation, and a few hidden houses. This section of the river is filled with Herons, Kingfishers, and Wood Ducks. I pass under the Farm Road Bridge and paddle to a narrow canyon in the river, Rocky Narrows, near King Phillip's overlook. When my daughter was young, we used an Old Town Pack single person canoe to paddle from the Farm Road Bridge to the Rocky Narrows Reservation. The entire length is tree lined, filled with muskrats, swallows, snapping turtles, and enormous carp.
Dover to South Natick - 5 miles/10 miles round tripI put in my kayak at Redwing Bay in Dover. The 29 acre Charles River Peninsula reserve is a hidden gem on Fisher Street near the Cochrane Dam with a great boat launch and walking trails, filled with purple martins, hawks, and milkweed. This section of the Charles is laden with hidden coves and can be very challenging to navigate. It's anything but a straight line through Dover and Wellesley. I pass under the Central Street railroad bridge and along a wider, slower portion of the river going by fields, farms, and estates. I cross Charles River Street and enter Elm Bank Reservation, winding past the intersection of Fuller Brook and Waban Brook (the drainage from Lake Waban where my wife and I walk every morning) which run under an impressive stone bridge built in 1877.
Waltham to Wellesley - 6 miles/12 miles round tripI put in at Charles River Canoe and Kayak and paddle upstream, quickly passing the freeway overpasses of 128 and entering the isolation of the Leo J. Martin Memorial Golf Course. Once I pass the Park Street bridge, the Charles is surrounded by meadows and secluded woodland, filled with water birds, fish, and muskrats. I paddle through the shallows (about 3 inches deep this time of year) all the way to Wellesley, then turn around at the Cordingly Dam. I retrace my steps and paddle back to my starting point, then continue for 3 miles along the "Lakes" area of the Charles, passing islands (E island, Fox island), the Forest Grove Park, the old Waltham Watch factory, and the Prospect Street Bridge. I turn around at the Moody Street Dam and return to my car. The only downside of the "Lakes" area is that powerboats are permitted. At times, their noise, wakes, and occasionally intoxicated skippers makes kayaking a bit challenging. Once this summer I had to leap from my kayak into the Charles to avoid a powerboat collision!
The Charles River is 80 miles long from its source in Hopkinton (same place the Boston Marathon starts) to the sea. The less traveled upper Charles from Medfield to Waltham is my paddling sanctuary.

To help all stakeholders who want to better understand the latest HIT regulations:
1. Here's a quick summary of the Meaningful Use Core and Menu Set Objectives and Measures compiled by Robin Raiford.
2. Here's a quick summary of the Standards cross referenced to the Code of Federal Regulations Citations compiled by Robin Raiford.
3. I've been asked to summarize the Quality Measures as simply as possible
a. The Core Measures for All Eligible Professionals, Medicare and Medicaid are in the Final Rule Table 7, page 287. The Measures are
*Hypertension: Blood Pressure Measurement*Tobacco Use Assessment and Tobacco Cessation Intervention*Adult Weight Screening and Follow-up
b. If the denominator for one or more of the Core Measures is zero, EPs will be required to report results for up to three Alternate Core Measures. The Alternate Core Measures for Eligible Professionals are in the Final Rule Table 7, page 287. The Measures are
*Weight Assessment and Counseling for Children and Adolescents*Preventive Care and Screening: Influenza Immunization for Patients ? 50 Years Old*Childhood Immunization Status
c. The Clinical Quality Measures for Submission by Medicare or Medicaid EPs for the 2011 and 2012 Payment Year (EPs must choose 3) are in the Final Rule Table 6, page 272 . Here's a summary of the 44 quality measures that CMS posted last week.
d. The Clinical Quality Measures for Submission by Eligible Hospitals and Critical Access Hospitals for Payment Year 2011-2012 are in the Final Rule Table 10, page 303. The Measures are
*Emergency Department Throughput – admitted patients Median time from ED arrival to ED departure for admitted patients*Emergency Department Throughput – admitted patients Admission decision time to ED departure time for admitted patients*Ischemic stroke – Discharge on anti-thrombotics*Ischemic stroke – Anticoagulation for A-fib/flutter*Ischemic stroke – Thrombolytic therapy for patients arriving within 2 hours of symptom onset *Ischemic or hemorrhagic stroke – Antithrombotic therapy by day 2*Ischemic stroke – Discharge on statins*Ischemic or hemorrhagic stroke – Stroke education*Ischemic or hemorrhagic stroke – Rehabilitation assessment*VTE prophylaxis within 24 hours of arrival*Intensive Care Unit VTE prophylaxis*Anticoagulation overlap therapy*Platelet monitoring on unfractionated heparin*VTE discharge instructions*Incidence of potentially preventable VTE
I hope these help!

As we all implement Meaningful Use stages 1, 2, and 3 from 2011-2015, we will increasingly share data among payers, providers and patients. Protecting privacy is foundational and we should only exchange data per patient preference. How will we achieve that in Massachusetts?
Stage 1In the first stage of meaningful use, there are limited data exchanges - ePrescribing, a demonstration of pushing data from provider to provider, and public/population health exchanges for lab, immunizations, and syndromic surveillance.
These can be achieved using the consent mechanisms we have in place today i.e.
A clinician asks a patient (or the patient signs a paper-based general consent in the office or hospital) if the clinician can retrieve their national medication history from Surescripts during the course of e-prescribing.
A clinician asks a patient if the clinician can push a summary of their care to another clinician such as a primary caregiver/specialist or hospital/primary caregiver data exchange.
Aggregating de-identified data for public health purposes is permitted by HIPAA and ARRA without consent. Since no patient identifiers are involved there is a reduced risk for privacy breaches.
In our community EHR rollout of eClinicalWorks via our private cloud (a physically secure, environmentally controlled, generator supported co-location facility that is professionally operated and provides all the inbound interfaces needed for meaningful use), we've designed our infrastructure to support consent for Stage 1 exchanges.
1. Every practice has its own virtual server, separate eCW software, and isolated database instance. The data is owned and controlled by the practice
2. De-identified data is used for pay for performance and quality reporting, but BIDMC/BIDPO has no access to your EHR or billing system
3. Data can flow from provider to provider with NEHEN or the eCW push product (P2P), but that is at the provider's discretion after consent of the patient is obtained.
Stage 2Although Stage 2 of Meaningful Use is still in the design stages, it is likely that increased provider to provider data sharing will be included. There will need to be a consent mechanism for providers to pull patient data from multiple data sources as needed for care. Push is great for some workflows, but pull is needed for emergency rooms to obtain critical treatment data in a timely fashion to ensure safe, quality care.
A push architecture supports provider initiated consent - the clinician can ask the patient before pushing data. Pull requires a different approach. The patient's data sharing preferences must be stored somewhere so that when data is pulled, only those data elements consistent with patient privacy preferences for that type of clinical encounter are shared.
In Stage 2, I expect that such consent will be federated, stored in various EHRs and community exchanges. At the moment there is no plan for a national health identifier or patient controlled national consent infrastructure.
In Massachusetts, we have legislation (Chapter 305) and a community standard which requires an opt-in consent for data sharing between healthcare organizations.
Some EHR vendors have created consent functionality within their produces to support the recording of consent for information exchange. Some community HIEs have created city-wide databases to record consent preferences.
In our community EHR rollout of eClinicalWorks, we've designed our infrastructure to support consent for Stage 2 exchanges.
We use the EHX product from eClinicalWorks which includes an opt in consent database, a clinical summary data store, and means for clinicians to pull data across practices if a patient opts in to support it.
This works great for the 1700 clinicians in BIDPO, but does not support pull transactions across competing organizations.
For that, we need to look to stage 3.
Stage 3I believe that Stage 3 which include several community, state, and national data exchanges to support care coordination and population health. It will require master patient indices (given that a national identifier is unlikely). It will require a centralized patient controlled consent framework.
To ensure we are ready for patient controlled, centrally managed consent, the state of Massachusetts HIE ad hoc workgroup recommended that we begin work building a central consent management framework now using our ONC HIE funds.
Thus, we'll use provider initiated consent and patient opt in via EHRs and community exchanges for stage 1 and 2, but we hope to have a patient controlled state wide consent infrastructure ready for Stage 3.
Opt in consent that is patient controlled is the right approach and we need to build the infrastructure to support it. In the meantime we'll protect patient privacy preferences using the best technology available.
On Wednesday, I'll write about the July HIT Standards Committee meeting at which we'll discuss the latest ONC Privacy and Security Tiger Team work. Hopefully, our local, state and Federal policy and technology will converge to support the patient centric consent that ensures we support everyone's preferences for data exchange.