Other People's Code – FOSS vs Proprietary Health IT

This is a great article by Richard Braman, the CTO of EHR Doctors a company that produces Interoperable Electronic Health Records (CCD, C32, CDA) from disparate Health IT systems and delivers them over a Secure Exchange certified to US Health and Human Services standards for Content, Privacy, Security, and Trust. In a very succinct way Braman captures the key concepts as to why hospitals should look to open source health IT solutions as the least risky and most rewarding path to building their IT solutions.  Roger A. Maduro, Publisher and Editor-in-Chief, OHNews.

Other People's Code–FOSS vs Proprietary Health IT

Richard Braman, May 15, 2012

By now,  if you haven’t  been hiding under a rock somewhere, you have probably heard of OPM (Other People’s Money), and OPP (Other People’s (relationship) Partners).  But today, I want to talk to you about what I like to refer to as OPC “Other People’s Code”, especially as it pertains to health care.  OPC is my funny way of referring to all off the shelf software, because most of the code was written by someone else.  We all use it, some LOVE of some of it, and others hate other parts.  As a software developer and CTO of a Health Information Exchange technology company, I always end up working on OPC unless I wrote the code myself.  There are two forms of OPC: proprietary and community, aka Free Open Source Software (FOSS).


FOSS is OPC that is royalty FREE. I have always been a huge fan of FOSS.  Over the years, I have contributed to FOSS projects ranging from Jabber (predecessor to XMPP) to Apache to WorldVistA.  I have also dedicated time to Open standards such as OASIS, before there was one, and W3C.  I spoke about FOSS at the O’Reilly P2P and Web Services conferences back in 2001, which seems like a lifetime ago.  Lots has changed since then, and now FOSS development more collaborative, quality is excellent, FOSS is used by the mainstream.

With the explosive growth of the Internet, FOSS has evolved to a point where there is an FOSS project for everything these days.  FOSS’s most significant contributions to computing have been in the form of what I would call basic computer infrastructure.  FOSS is used for enterprise Operating Systems (Linux/BSD), Developer tools and IDEs (Java, Python, PHP, Eclipse, Netbeans), web application servers (Apache/Tomcat) to LDAP (OpenDS), databases (MySQL, Cassandra) all the way down to the most obscure software widget.  In 2001, these FOSS projects were all relatively nascent efforts, but now days these products are common to see in technology stacks in an enterprise setting. I would be surprised now if there is someone who reads this article who doesn’t run some form of FOSS in their organization.  If you still don’t, you should.

FOSS has been adopted by many cutting edge technology firms (including Apple and Google) because of its obvious advantages over traditional proprietary development, including the fact that the licenses are royalty free and you have access to the code in case the vendor goes out of business or refuses to cooperate.  Most people don’t know that Apple Operating System is a derivative of BSD Unix, which is FOSS.  Google uses a LAMP (Linux, Apache, MySQL, and PHP) stack enterprise-wide for their web applications.  Why do the 2 biggest IT companies in the world do this?  The answer lies in the advantages of FOSS.  In a FOSS model, the costs of development are shared between the community of core contributors to the code base.  Some people volunteer their time, which costs them and not you.  Companies and Governments also hire people to contribute code to FOSS projects and the entire FOSS user/developer base share the benefit. In short, you get to use OPC for free instead of paying for it.

What's Proprietary about FOSS?

With both proprietary and FOSS systems, a users need to learn how OPC works and develop an expertise of it for your own purposes.  Fortunately for the FOSS user, any FOSS project worth its salt has extensive online documentation on installing and configuring it.  As a FOSS user, you can always hire someone knowledgeable to install it an configure it for you,  but the Intellectual property is knowing how to install, configure and customize these systems.  The more you can do for yourself, the less you need to rely on someone.  There is an old saying about there’s so such thing as free.  FOSS is no exception, it just costs less than straight proprietary software.  FOSS will cost you your internal time to develop skills necessary to deploy it .  Closed source systems costs the same or more because the company that owns it always does its best to try to control who support it and develop applications for it.  You will likely need to hire external sources to help, support and customize it for you.  Again FOSS costs less because there is usually a greater market of vendors ready to do that for you.

Current FOSS Health IT

While most HealthIT is proprietary, FOSS has certainly started to make its mark in health care.  Open Health Tools (OHT), which is modeled after the FOSS Eclipse project, has members who have contributed code for everything from full Electronic Health Records systems (DSS vxVista and Medsphere OpenVista) to Master Patient Indexes (Misys OSS), to XDS tool kits (IBM).  OHT has led FOSS efforts in Health IT and the good quality code that’s out there shows how successful they have been at convincing certain vendors to embrace the FOSS model and make their code available.

The government, not usually known for being cutting edge, has also leveraged the FOSS philosophy to encourage the adoption of Health Information Exchange and Electronic Health Record.  FHA Connect and the Direct Project are both FOSS efforts aimed at making stock source code available for those needing to deploy Health Information Exchange technology.  The VA also took a large step forward, by funding a custodial agent to manage the public opensource-ness (which is a word I just made up) of its VistA EHR.  For years, VistA software had to be pried out of the VA via the bureaucratic Freedom of Information Act process, now there is a process for the VA to share their code and for the public to contribute code back to the VA. Ahh Progress.

What’s needed to move FOSS forward?

One of the most amazing things I have noticed in the Healthcare IT industry is that there is still uncertainty and doubt over FOSS.  Take VistA for example:  It is the most widely deployed EHR in the country, been in use at the largest IDN in the country (the VA), and has no fewer than a half a dozen very reputable companies who install, support, maintain, and develop additional functionality.  It costs a fraction to deploy a VistA system compared to an EPIC or a Cerner, so why is it not being used by every hospital out there?

The HIT Education System is rotten.

Part of the problem is education and I am not NOT talking about high schools and colleges. How are healthcare decision makers to know about the availability of FOSS solutions for their Health IT problems?  Part of the onus is on the supporters of  FOSS to educate the prospective customer, but in a perverted irony, FOSS can’t compete with the educational system setup by the ONC for Health IT (US Government).  HHS has invested hundreds of millions of taxpayer dollars to fund RECs, or Regional Extension Centers for the purpose of educating providers on EHR adoption.  ONCs intentions were good. Unfortunately, many of those efforts have been infiltrated by vendors.  The vendors have captured the RECs and used them as a vehicle to promote their products. Many RECs approve a list a vendors, and I have yet to see FOSS alternatives even mentioned on a REC website.  Vendors need to be kicked out of the RECs and RECs need to stick to their charter of providing impartial education.  FOSS should be emphasized.

Cut the FUD.

Fear, uncertainty, and doubt: my favorite sin in IT sales (besides vanity).  Besides hijacking RECs, many vendors have selfishly created the stigma around open source and (successfully) convinced many CIOs that FOSS is too risky.  Better go with their proprietary system that costs millions more.

Basic FUD principles have been deployed here.  The lines I have heard at HIMSS and other places are great.

Fear: “You know, FOSS vendor XYZ could go out of business, and then what will you do?”  Such a Jedi mind trick would never work on me, because my answer would be: “Well I have the source code, so I would be better off then if you went out of business, or stopped supporting me for some other business reason?”

Uncertainty: “Are you really sure you want something developed in your garage running the clinical operations in your hospital?”  Never mind that VistA runs the largest healthcare system in the country and was developed over 20 years by clinicians with billions of dollars invested in it.  Some FOSS HIT  has come from the largest companies in the world such as IBM and Sun (Oracle).  Inconvenient facts.  I have also heard ” VistA is antiquated” and “FHA Connect is junk”.  Neither can be farther from the truth.  No system is finished until it is on the shelf and no longer used.  Every software, whether it is FOSS or proprietary, needs to be continually developed, continually invested in, and improved.  Every system has things that need to be improved.  The best thing about FOSS, is that you don't need to wait for someone to improve it, you can do it yourself, and accrue the IP to yourself.

Doubt: “I doubt that that FOSS EHR XYZ can do XYZ like Proprietary EHR XYZ can”.  Even if it cant, you could develop that functionality yourself given the open nature of an OSS system, get exactly what you want, and still save millions.

Some leading hospital CIOS, David Whiles of Midland Memorial in Texas and Steve Art of Lutheran Medical Center in Brooklyn are two that I know personally,  have embraced OSS and you can see the results for yourself.  Midland has been Stage 6, Top 100 most wired, and TR 100 Best Hospital in the US, in the past few years.  But it takes a certain type of person:  Not someone who is easily dissuaded by FUD.  I personally think CIOs who have accomplished great things with FOSS really need to get out and evangelize.  This needs to come directly from them, CIO to CIO, not from any FOSS company that they bought services from.

Keys to FOSS success

FOSS hold great things for health care if the decision makers embrace it. To do that they need a clear picture of how FOSS will save the money.  The folks advertising a Free EHR are doing themselves a disservice by cheapening themselves and giving the FOSS FUDers an opportunity to exploit the stigma.  And FOSS is not Free, only royalty free to use. That distinction needs to made between “free” and “costs less”. That's why I am writing this article.

The keys to embracing  and being successful with FOSS are:

1. Understand what FOSS requires. FOSS isn’t any different from any other system (it just costs less). You and your IT staff need to become knowledgeable about a given FOSS system and be able to add/change things in the system.  You should want to download and work on the source code on a regular basis, unless the FOSS is super stable (like Apache or Linux).  Midland and Lutheran did this by hiring expert VistA programmers who know MUMPS and can change code in the system when and where needed to meet their particular needs.

2. Get a good vendor to support your effort.  There are many vendors who support FOSS HIT, including EHR Doctors.  We like supporting FOSS because we get to leverage a huge code base that we have access to, and we can write code to fill in the gaps or provide features that the downloadable FOSS version doesn’t come with.  It doesn’t have to be a huge vendor.  Small shops with experience are just as viable.  So long as you have the source code and internal resource who can work on it, you are protected, and you can change vendors if the need arises.

3. Understand where FOSS fits in.  Because of its open nature FOSS can fill voids in your health IT system.  Many hospitals use different systems for ER, Pharmacy, Lab, Radiology, and Surgery.  an FOSS EHR like Vista make a great choice as a clinical data repository to interface with these other systems.  That way, you can use VistA for any functionality you need that it provides.  You could use it for CPOE or for Clinical Documentation, but even if you have another system for those things you could still use it for reporting and interoperability. FOSS doesn’t have to be your entire system.  It is equally adept at being a utility.

In conclusion, I will offer you a shameless confession:  EHR Doctors uses open source in its HIE stack.  In fact, only the CCD generator, Patient Portal, Physician Portal, ROI Portal, and various finishing touches are the only code we developed ourselves.  Our IP comes in knowing how to install, configure, support, and customize OPC from FOSS projects.  When you get a system from us, most of the licenses you get will be from FOSS projects.  This saves you time and money.  The dirty secret is most HIE vendors are basing their warez on Direct and Connect, both FOSS projects.  Some are just afraid to admit they are using OPC.  Fortunately for EHR Doctors, we are down with Free OPC.