Re: Hello list
Brian Bray wrote: Right you are about Marvin. There are a million lists on the Internet and a lot of them have signs of life, but there's only one Openhealth[tm] list. Hmmm, does Minoru plan to assert its trade mark against the Openhealth list on Yahoo (see http://groups.yahoo.com/group/openhealth/ )? Why are you here? I tried to unsubscribe from openhealth-list@minoru-development.com but the administrative interface to the list has been broken for several years now - or it was last time I tried it. Is it fixed now? Tim C Tim Churches a écrit : Brian Bray wrote: To quote Marvin the paranoid android (Red Dwarf) Life... don't talk to me about life. Marvin was the `droid in the late and much lamented Douglas Adams' The Hitchhiker's Guide to the Galaxy. Kryten was the `noid on Red Dwarf - sad geezers like me can read more about Kryten at http://www.sadgeezer.com/RedDwarf/kryten.htm Unfortunately, the floor show has already finished at The Restaurant at the End of the Universe (also known as openhealth-list@minoru-development.com ). However, if you engage your Infinite Improbability Drive, you may find signs of life over on openhealth@yahoogroups.com Tim C
Re: How to (was Hello list)
Brian Bray wrote: There has never been an administrative interface. Just send a blank message with unsubscribe as a subject to either the list or [EMAIL PROTECTED] Yes, that's the administrative interface to which I was referring - you know, it is like a command line interface, but via email, with a set of define administrative commands. That's definitely an interface. Anyway, it wasn't working, but I'll try again now. If it works, so long and thanks for all the fish! Tim C Tim Churches a écrit : I tried to unsubscribe from openhealth-list@minoru-development.com but the administrative interface to the list has been broken for several years now - or it was last time I tried it. Is it fixed now? Tim C
Re: Oacis
[EMAIL PROTECTED] wrote: Do any of you know anything about Oacis (Open Architecture Clinical Information System) by DINMAR, a Sun Microsystems technology partner? Do you mean OACIS in South Australia? See http://www.health.sa.gov.au/oacisprogramme/DesktopDefault.aspx If so, I been to a few talks given by the people who run it. It seems to be one of the more successful population-based clinical data warehousing initiatives, mainly because they didn't have too much money for the implementation and thus the entire thing by necessity is relatively simple in its design and execution, and hence it actually works. It also helps that South Australia has only about 1 million population, mostly in one large population centre (Adelaide), with the rest in the southern eastern corner of the state. Tim C
Re: Oacis
Tim Churches wrote: [EMAIL PROTECTED] wrote: Do any of you know anything about Oacis (Open Architecture Clinical Information System) by DINMAR, a Sun Microsystems technology partner? Do you mean OACIS in South Australia? See http://www.health.sa.gov.au/oacisprogramme/DesktopDefault.aspx If so, I been to a few talks given by the people who run it. It seems to be one of the more successful population-based clinical data warehousing initiatives, mainly because they didn't have too much money for the implementation and thus the entire thing by necessity is relatively simple in its design and execution, and hence it actually works. It also helps that South Australia has only about 1 million population, mostly in one large population centre (Adelaide), with the rest in the southern eastern corner of the state. Seems that you do mean that OACIS. I was under the (false) impression that Oacis in South Australia was home-grown technology, but it seems that it is not. Or did teh South Australian govt pay for DIMAR to development of the technology but tehn allowed them to reatin copyright on it? Anyway, its not open source. Tim C
Re: Re: Urgent need for open source author/editor and references
Bruce Slater [EMAIL PROTECTED] wrote: Thanks Ignacio for those edits and additions. Anyone, Any thoughts on a larger published work either in peer-reviewed or web-published? How about http://bmj.bmjjournals.com/cgi/content/full/321/7267/976 PubMed is your friend - a search of Open source yields 139 hits... Tim C - Original Message - From: Ignacio Valdes [EMAIL PROTECTED] To: openhealth-list@minoru-development.com Sent: Thursday, September 15, 2005 8:38 PM Subject: Re: Urgent need for open source author/editor and references The Free and Open Source Software (FOSS) approach to system development has a rich history from the beginnings of the modern computer age. The GNU/Linux operating system was developed by a group of people interested in creating an operating system that retained important user and developer rights, such as the right to modify the software. Like Freedom of Speech, these rights are important to retain, but are not usually invoked by the majority of users. No one person or entity owns the Linux/GNU operating system. It is used by virtue of a GNU General Public License (GPL) which stipulates that the source code (human readable) of the project must be available at no additional cost to users. Most GPL'ed source code is delivered along with object code (computer executable) for free or nominal cost of the recordable media that contains it. The value of open source initiatives comes from the dynamic interplay of users helping each other solve unique and common problems with shared computer code writing duties. All parties benefit from this collaborative approach which has more in common with health research than proprietary software. Because the United States must develop a solution that any health provider anywhere in the country can exchange information with any other provider, the FOSS approach can yield superior results by avoiding problems of trade secrets in proprietary software and the weaknesses of using open-standards only.
Re: Attitudes of hospital workers towards electronic medical records
Adrian Midgley wrote: Comments against this study seem to be based on scientific research models. Is it not engineering, rather than science? Social engineering? Or wink, sociology (which is neither science nor engineering)? Tim C
Re: Attitudes of hospital workers towards electronic medical records
J. Antas wrote: The article, named Use of and attitudes to a hospital information system by medical secretaries, nurses and physicians deprived of the paper-based medical record: a case report, and has just been made freely available at: http://www.pubmedcentral.nih.gov/articlerender.fcgi?tool=pubmedpubmedid=15488150 That paper may have only appeared just now at PubMed Central, but it has been freely available to everyone on teh Web site of the journal which published it sinces 16 October 2004: see http://www.biomedcentral.com/1472-6947/4/18 Tim C
Re: Attitudes of hospital workers towards electronic medical records
Franklin Valier wrote: In science this type of study only has value as to its scientifically agreed upon use. Its ability to be relied upon to make reliable conclusions from the methodology has to be taken into perspective when reading the study. It has value, but in science you don't take it too seriously. We rely on empirical studies for serious evaluation of a phenomena. If they haven't been done, all you can say is this is all have and this is all we know right now. Not much. I wouldn't get too upset about this. I think that you are being overly dismissive of observational studies. Controlled experiments are great, but a) they can be hard to arrange when the thing being tested is a hospital-wide information system which costs tens of millions of dollars to implement and b) controlled trials can introduce their own sets of biases and limit generalisability due to overly tight selection criteria. And how practical is it to randomise whole hospitals to get teh computer system or stay with paper? OPolitically that is rather hard to do. Certainly in the case of evaluations of implementations of hospital and other clinical infromations systems it is best to use a before-and-after study design, in which the hospital acts as its own matched control, and the same survey instruments and methods are used before and after the implementation of the system. It is easy to say that in retrospect, but getting money from management to commission an expensive evaluation study of a new information system BEFORE the system has even begun to be installed can be a challenge, I suspect. Tim C
Re: Attitudes of hospital workers towards electronic medical records
Franklin Valier wrote: Perhaps you are right. The limitations you point out are indeed very significant. However when an individual reads a case study and comes to the conclusion that this is a major contribution to the development of knowledge about the subject in question, it needs to be pointed out that it is just a case study and where case studies fall within the scope of scientific investigations. With any study, one needs to consider how generalisable it is. Even though the study in question is based on a single hospital, its results are probably generalisable to similar hospitals in Norway implementing the same information system in the same way. And partially generalisable to to similar hospitals in other countries implementing the same or similar information system in the same or similar ways. Tim C
Re: Attitudes of hospital workers towards electronic medical records
Franklin Valier wrote: One has to be very cautious when generalizing from the conclusions of a case study. Sure, that's what I said - one has to put one's brain in gear... If the test instrument suffers from a shortage of reliability then the generalizations will suffer from a shortage of reliability. Well, yes, but that statement is as true of a randomised controlled trial or experiement as it is of an observational study. What would be better is to have a collection of case studies analyzed to see if there are any patterns in the studies that can be observed. Much better than one case study. Yes, that is called a meta-analysis. Yes, much better than one study. But unless individual studies like the one in question are published, you will never be able to do a meta-analysis Tim C
Re: Clinical IT increases the time intensive care nurses spenddocumentingcare.
Daniel L. Johnson wrote: My own experience, rather limited I must say, is that getting *to* the data-recording step with IT can be rather cumbersome, even if the actual typing is easy. A smart system will pop up the entry fields when needed, but making it smart may be quite an undertaking indeed. Very true, I think. Although it sounds very 21st Century, I think that wearable computers and voice recognition, combined with wireless networking may provide the answer. Oh, it is the 21st Century already! This article recognised the potential in healthcare a few years ago: http://linuxgazette.net/issue87/lodato.html Combine a headset-mounted display (based on devices like these: http://www.kopin.com/products/index_cyberdisplay.html ) with a headset-mounted microphone, connected to a wireless networked wearable computer based on a a PDA-style XScale low power processor (running Linux). The whole thing acts as a voice-activated thin client, communicating with the main hospital systems via wireless networking. All feasible with existing, off-the-shelf technology. A few years of RD and it could be made fairly unobtrusive, so that the wearable devices don't interfer too much with human-to-human interaction. Replaces phone and pager while in the hospital, of course. Interestingly, the sorts of screen displays and data entry forms best suited to such head-mounted display devices are not complex GUIs, but rather very simple text-mode terminal displays, remarkably like the screens used by VistA (not the VistA CPRS GUI) - very simple, fast and efficient to enter data and navigate with single keypresses (which would equate to single word commands). So, combine VistA on the back-end with a wearable display connected to a Sharp Zaurus (see http://www.zaurususergroup.org/modules.php?op=modloadname=Newsfile=articlesid=77mode=threadorder=0thold=0 ) or similar wearable PDA running Linux and IBM ViaVoice for Linux... Obviously a hospital full of staff all walking around muttering to themselves would take some getting used to - or would it? A year of so ago I accompanied my better half for a gastroscopy in a gatroenterologist's private rooms (clinic). He was wearing a Bluetooth hands-free earpiece and microphone, and dictated findings hands-free as he twiddled the knobs of the scope. With the fairly constrained vocabulary of endoscopy reporting, and a system trained to his voice, the printed report of the procedure was ready, error-free, for us to take back to our GP before the consultation had finished. If he had had encrypted email, he could have sent it directly to our GP's EMR. he said the system meant that there was more time for him to discuss the findings with the patient rather than spending time writing them down to be typed up later, and had paid for itself in a few months due to a reduction in the need for typists. Tim C
Re: Fwd: [Hardhats-members] The GPL has teeth after all
Martin van den Bemt wrote: This statement : project. We are not in any way opposed to the commercial use of Free and Open Source Software and there is no legal risk of using GPL licensed software in commercial products. Is incorrect btw, when you are using GPL'd java packages.. The risk here is that you need to GPL your commercial code if you depend on a java GPL package. Untill the FSF publically states that this is not the case, it is wise to not use GPL'd jars in your commercial software. A way around this is using reversed dependency strategy, so instead of you dependending on gpl, let the gpl depend on you, through eg a plugin, although if the software you have written cannot work at all without that dependency (so is core to your software), this strategy makes no sense and you have to make your system GPL or find a different package with better licensing. I think that idea of no dependency comes form one of the Free Software Foundations FAQs on the GPL, rather than from the GPL itself, and thus represents how they would like the GPL to be interpreted, rather than how it would actually be interpreted by the courts. The expert legal advice we received is that GPLed source code cannot be combined with non-GPLed source code and then distributed to others, nor can GPLed code be statically linked or otherwise compiled together into one programme with non-GPLed code and then distributed to others. However, there are unlikely to be legal problems with the distribution of non-GPLed code which merely calls GPLed code at runtime, or vice-versa - as long as there is a clear separation between the source code and/or the compiled code as it is distributed. The reason for this view is the following clause in Section 0. of the GPL, which is pretty unequivocal: Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. In other words, GPLed code must be clearly separated from non-GPLed code when it is being copied, distributed or modified, but what happens at runtime is out of scope of the GPL. BTW, we sought this advice because our code (licensed under the Mozilla Public License) calls a GPLed package. As long as we distribute the GPLed package separately, or instruct users to get it themselves from elsewhere, then there is no problem with such a run-time dependency, as clearly stated in the GPL itself. Tim C
Re: Medical Usability
Sherman, Paul (CEOSH) wrote: The only problem with the Unsafe.. analogy... It was fundamentally inaccurate; the Corvair was actually pretty safe. When I was an undergraduate I drove a Fiat 850 Sports Coupe - great little car - which had the same mechanical layout as the Corvair (engine behind the rear wheels, swing axle rear suspension) and the same sort of, err, interesting handling characteristics (as did every Renault 8 and Renault 10 and nearly every Porsche for decades). But it was the driver of that Fiat which was fundamentally unsafe... Tim C
Re: Software patents (was Re: Blinkx (was Re: Meditech and GNU/Linux))
Nandalal Gunaratne wrote: --- Tim Churches [EMAIL PROTECTED] wrote: Nandalal Gunaratne wrote: Tim, I am aware of this sad development, though I did not read the article you have given. It is a bit tricky that a communist paper is the one that has put this forward, after all, a very rich man did say that FOSS thinking were communist ideas! Hey, he was right, but what is so wrong with communist ideas? If you are poor, as most people on this planet are, there is a lot to be said for communist ideas? It is totalitarianism which peope need to resist, as well as the inevitable authoritarianism which flows from the undue concentration of capital (both material and intellectual property). It is important for well recognised people in the Indian IT industry or here in SL should talk about it. But the ones here I contacted via email are strangely silent. Even those known to me have not replied my emails. Is there a strong enough opposition in Australia? There is very little organised opposition to software patents in Australia, as we have had them for over a decade. People express outrage when a ridiculously obvious software patent application is lodged, but then do nothing. One of the reasons for this inaction is that the patent laws make it almost impossible for individuals or small organisations to oppose patents. If you ae oppose a patent and your opposition is overturned, then you have to pay the patent applicant's defence costs, whcih may be thousands or tens of thousands of dollars. As a result, hardly anyone opposes patent application even when they know they should not be granted due to lack of novelty or obviousness. I understand a similar unfair system also discourages opposition to patents in many other countries. Tim C Hi Tim, Thanks for the detailed answer and the link. I am really concerned about FOSS development/migration in a country with such patent laws. Sri Lanka has not got patent laws yset. Copyrights and IP foor software was brought in recently - two years ago - before that we were a pirate state - well we still are in a much smaller way :-) I hope we never have patent laws, but I doubt it. That populous nation to your north-west has recently introduced software patents - for an excellent background article on this unfortunate and very ill-conceived legislative move see: http://pd.cpim.org/2005/0130/01302005_snd.htm Tim C Unfortunately, patents on software algorithms and business methods have been granted here in Australia since 1990, and the courts have upheld some of these patents (but have struck out others). The only saving grace is that the test for novelty was recently made more rigorous - now an invention does not meet the test of novelty if aspects of it have been described previously but in separate published documents, and if the combination of those components is obvious (to someone skilled in the art). In the past, an invention had to have been described in its entirety in one document to have been considered prior art - now the scope of prior art is much wider, which is a good thing, and will hopefully prevent many trivial software, algorithm and business methods patents which are just minor variations on a theme from being granted, or at worst, from being upheld in the courts. However, the whole system is still stacked ridiculously in favour of the patent applicant. I was shocked to learn that as a private citizen, in order to object to the granting of a patent, not only do I need to pay a substantial opposition fee (about $600), if my objection is overruled by the Patents Commissioner, I have to pay the patent applicant's costs, which can run to thousands or tens of thousands of dollars. It seems that the patent system assumes that all patents are for the public good, and that anyone opposing a patent is just a troublemaker. We desperately need an organisation like PUBPAT (see http://www.pubpat.org/ ) here in Australia. In fact, every country needs one! Tim C __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Software patents (was Re: Blinkx (was Re: Meditech and GNU/Linux))
Nandalal Gunaratne wrote: --- Tim Churches [EMAIL PROTECTED] wrote: Nandalal Gunaratne wrote: Please try out blinkx on your windows machine before you delete it. www.blinkx.com A super new way to search - no linux version yet :-( Yes, some nice ideas there, but it is not open source, and without the source code, no-one can verify that the software does not contain spyware Hi Tim, True! BTW what is the position of Australia regards software patents issue? nandalal Unfortunately, patents on software algorithms and business methods have been granted here in Australia since 1990, and the courts have upheld some of these patents (but have struck out others). The only saving grace is that the test for novelty was recently made more rigorous - now an invention does not meet the test of novelty if aspects of it have been described previously but in separate published documents, and if the combination of those components is obvious (to someone skilled in the art). In the past, an invention had to have been described in its entirety in one document to have been considered prior art - now the scope of prior art is much wider, which is a good thing, and will hopefully prevent many trivial software, algorithm and business methods patents which are just minor variations on a theme from being granted, or at worst, from being upheld in the courts. However, the whole system is still stacked ridiculously in favour of the patent applicant. I was shocked to learn that as a private citizen, in order to object to the granting of a patent, not only do I need to pay a substantial opposition fee (about $600), if my objection is overruled by the Patents Commissioner, I have to pay the patent applicant's costs, which can run to thousands or tens of thousands of dollars. It seems that the patent system assumes that all patents are for the public good, and that anyone opposing a patent is just a troublemaker. We desperately need an organisation like PUBPAT (see http://www.pubpat.org/ ) here in Australia. In fact, every country needs one! Tim C
Blinkx (was Re: Meditech and GNU/Linux)
Nandalal Gunaratne wrote: Please try out blinkx on your windows machine before you delete it. www.blinkx.com A super new way to search - no linux version yet :-( Yes, some nice ideas there, but it is not open source, and without the source code, no-one can verify that the software does not contain spyware (despite the authors claims to the contrary), perhaps using steganographic methods or subliminal channels to leak information about you and your PC to the outside world. Of course, that is true of any closed source software, but one has to be doubly careful with software from a small start-up company which deliberately dredges and indexes everything on your system. The same is true of Google Desktop Search, although Google has so much at stake (as in a entire multi-billion dollar company) and so many staff reveiewing code that it is much, much less likely that spyware functions would be hidden in it. But a small start-up? Who knows? Tim C I am an Endocrinologist in Hagerstown, Maryland who has been lurking on this list for at least four years now and I finally have something useful to report after several years of trying: I am now successfully running Meditech Remote Workstation client version 3.22 on top of CrossOver Office version 4.2 over Debian Unstable using VPNC to connect to my Hospital's network. I shall post a How To once I sort through what are the truly essential steps to do this. It actually works better than under native W2K. I was never able to get pass-through printing working under Windows. I can finally kiss my native windows partition goodbye! __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
ANN: Febrl V0.3 released
Canberra, 7 April 2005 The ANU Data Mining Group is pleased to announce the release of Febrl 0.3, a prototype open source record linkage, deduplication and geocoding system intended to make probabilistic record linkage easier, faster and more accurate for biomedical and other researchers. The programs, known collectively as Febrl - Freely Extensible Biomedical Record Linkage - address the data cleaning and standardisation tasks which are essential first steps for most record linkage projects, and provide routines for probabilistic record linkage and record deduplication, as well as geocode matching based on the Australian G-NAF (Geocoded National Address File, www.g-naf.com.au) database. This fifth release Febrl Version 0.3 has been updated to Python 2.4 (also runs on Python 2.3). We would like to thank everybody who sent us bug-reports or other comments. The main features of the current release are: * Probabilistic and rules-based cleaning and standardisation routines for names, addresses, dates and telephone numbers. * A geocoding matching system based on the Australian G-NAF (Geocoded National Address File) database. * A variety of supplied look-up and frequency tables for names and addresses. * Various comparison functions for names, addresses, dates and localities, including approximate string comparisons, phonetic encodings, geographical distance comparisons, and time and age comparisons. Two new approximate string comparison methods (bag distance and compression based) have been added in this release. * Several blocking (indexing) methods, including the traditional compound key blocking used in many record linkage programs. * Probabilistic record linkage routines based on the classical Fellegi and Sunter approach, as well as a 'flexible classifier' that allows a flexible definition of the weight calculation. * Process indicators that give estimations of remaining processing times. * Access methods for fixed format and comma-separated value (CSV) text files, as well as SQL databases (MySQL and new PostgreSQL). * Efficient temporary direct random access data set based on the Berkeley database library. * Possibility to save linkage and deduplication results into a comma-separated value (CSV) text file (new). * One-to-one assignment procedure for linked record pairs based on the 'Auction' algorithm. * Supports parallelism for higher performance on parallel plat- forms, based on MPI (Message Passing Interface), a standard for parallel programming, and Pypar, an efficient and easy-to-use module that allows Python programs to run in parallel on multiple processors and communicate using MPI. * A data set generator which allows the creation of data sets of randomly generated records (containing names, addresses, dates, and phone and identifier numbers), with the possibility to include duplicate records with randomly introduced modifications. This allows for easy testing and evaluation of linkage (deduplication) processes. * Example project modules and example data sets allowing simple running of Febrl projects without any modifications needed. - An extensive 185 page manual. Febrl, which is written in the free open source Python programming language, is itself available under a free, open source license, which we hope will encourage others to contribute to its further development and support. Contact details, background information, documentation and, of course, the program code are all available from the project Web site at http://datamining.anu.edu.au/linkage.html as well as from 'sourceforge.net' at http://sourceforge.net/projects/febrl We would like to stress that the programs are still in the early stages of development, and we do not yet recommend them for production use, but we encourage you to try them and to provide us with feedback. We particularly welcome bug reports and ideas for future development. There are many ways to help with the project: testing, programming and software engineering, documentation and technical writing, translation, provision of (anonymous, non-confidential) training and example data sets, and testing. For the Febrl team, Peter Christen
Re: History of genral practice computing
Adrian Midgley [EMAIL PROTECTED] wrote: UK, 1985 Report of the Micros for GPs scheme. This brings back fond memories of the A Very peculiar Practice BBC TV series, in which serially-failed entrepreneur Dr Bob Buzzard desperately entered drugs trial data into his rinky-dinky little microcomputer (as the head of the practice, Dr Jock McCannon disparingly referred to it) in order to earn cash from pharmaceutical companies, . See http://www.bbc.co.uk/bbcfour/cinema/features/peculiar.shtml if you are not familiar with the show. Might be interesting as background - and having a feel for background helps with some design choices, I think. http://www.bopcris.ac.uk/imgall/ref20053_2_2.html Cool! Courier font from a daisy-wheel printer. Those were the days... Tim C
Re: Flush Letter: Fwd: Application Status/Director, National Center for Public Health Informatics, Centers for Disease Control and Prevention (AD10-05-008)
Ignacio Valdes wrote: We used to have fun in college posting our flush letters for job applications our senior year so I'm regressing. Perhaps it was my few journal publications in the field, no experience running any government agency and little experience with government grants. At least they were 'favorably impressed'. I think they are just jealous of Linux Medical News. That's it, they are just jealous! Enjoy. Iggy, Sorry to let you down, but I think it might be a form letter, not a handcrafted personal message just for you... But I doubt if you would have enjoyed the job - a mole working inside the CDC public health informatics beast tells me it is all about dealing with the large three-letter IT consulting firms to have them build, for vast sums of money, overly-complicated, much-too-generalised frameworks from proprietary components, using cumbersome and bureaucratic development methodologies, accessed via Microsoft-only client applications. Maybe that is slight hyperbole, but that's the general drift. Open source? Not the CDC way, my source was told. Free-as-in-beer software binaries, yes, but not open source. A pity, because many of the CDC public health software products have been and are incredibly useful to public health practitioners around the world - Epi Info is the best-known and most influential example - but the fact that they are not open source, just no-cost, leads to a long-term dependency on CDC which is undesirable, I think. Tim C --- the forwarded message follows --- Subject: Application Status/Director, National Center for Public Health Informatics, Centers for Disease Control and Prevention (AD10-05-008) From: Positions, Senior [EMAIL PROTECTED] Date: Fri, 25 Mar 2005 10:23:27 -0500 The ranking panel convened just this week for the position of Director, National Center for Public Health Informatics, Office of the Director (OD), Centers for Disease Control and Prevention (CDC), Atlanta, GA. Interviews will soon begin for those applicants ranked as highest qualified. Although the Search Committee was favorably impressed with your training and experience, your name was not among those to be interviewed at this time. On behalf of OD, I want to thank you for your willingness to consider this particular opportunity at CDC, and to wish you every future success in your professional endeavors. Anita Gregoire Human Resources Specialist Atlanta Human Resources Center Client Services Division Special Programs Team
Re: M$oft Word to XML or HTML conversion
Calle Hedberg wrote: Hi, Tim has a point with OpenOffice 2, but be aware that the beta version is buggy (I got tired of it bombing out on me and removed it until a more stable version is avaiable). In particular, I found it nearly impossible to open large files (I have lots of Excel pivot table files in the 50-300MB range and some large Word files with embedded data). Complex word files (graphics/tables/etc) would often come out funny. A 300MB spreadsheet...shudder! I must admit that I haven't used OpenOffice 2 beta very much, which is perhaps why I haven't encoutered a crash, and any Word files I convert tend to be fairly simple. So if you use that kind of tool in batch, I would make sure I twin every XML version with the original Word file so that users easily can go back to the original if they find the converted version messed up. With thousands of files converted in batch mode, assume that some of them won't be looked at by a sober human for maybe 10 or 15 years. Perhaps twin the XML with a PDF of the original Word file, since you don't want those sober humans in 10 or 15 years time to have to mortgage their house to buy an annual license for Microsoft Office Longhorn XXXP 2020 which they then have to install their computer onto (by 2020, computer hardware is very cheap, but proprietary software is very expensive - due to its tiny market share - so you install special purpose hardware onto the software in oeder to run it, not vice-versa as we do now...). Tim C -Original Message- From: Tim Churches [mailto:[EMAIL PROTECTED] Sent: 16 March 2005 06:49 PM To: openhealth-list@minoru-development.com Subject: Re: M$oft Word to XML or HTML conversion Daniel L. Johnson wrote: Dear All, Anybody here know of a tool to convert MicroSoft Word files to XML or HTML? We have a huge archive of Word files... What sort of XML? Ms-Word saves its documents as XML - but the DTD used is proprietary. As Ignacio said, MS Word can save as HTML, but the resulting HTML files are full of proprietary Microsoft extensions to HTML. MS-Word 2002 and later offer a choice to safe as filtered HTML which is a bit cleaner, but still horrible. The best way to convert MS-Word files to an open standards-based XML format is to use a beta version of the forthcoming OpenOffice 2.0 - see http://www.openoffice.org/ The beta versions work fine, and will save to the OASIS OpenDocument XML standards (see http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=office ). Actualy, I think OpenOffice 1.1.4 also allows you to save to OpenDocument format, but the OpenOffice 2.0 beta will do a better job at importing complex MS-Word documents (especially if they have nested tables). It should be easy to write a macro to automate the conversion, or you can drive OpenOffice from a Python script via PyUNO if you are keen. Tim C
Re: M$oft Word to XML or HTML conversion
Daniel L. Johnson wrote: Dear All, Anybody here know of a tool to convert MicroSoft Word files to XML or HTML? We have a huge archive of Word files... What sort of XML? Ms-Word saves its documents as XML - but the DTD used is proprietary. As Ignacio said, MS Word can save as HTML, but the resulting HTML files are full of proprietary Microsoft extensions to HTML. MS-Word 2002 and later offer a choice to safe as filtered HTML which is a bit cleaner, but still horrible. The best way to convert MS-Word files to an open standards-based XML format is to use a beta version of the forthcoming OpenOffice 2.0 - see http://www.openoffice.org/ The beta versions work fine, and will save to the OASIS OpenDocument XML standards (see http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=office ). Actualy, I think OpenOffice 1.1.4 also allows you to save to OpenDocument format, but the OpenOffice 2.0 beta will do a better job at importing complex MS-Word documents (especially if they have nested tables). It should be easy to write a macro to automate the conversion, or you can drive OpenOffice from a Python script via PyUNO if you are keen. Tim C
PING and patents (was Re: Software useful for the National Health Information Infrastructure (NHIN))
David Derauf wrote: Do you have PING? http://www.chip.org/research/ping.htm PING is a really good idea, but it is subject to provisional patent protection in the US and is the subject of a full patent application by its authors (see http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFu=%2Fnetahtml%2FPTO%2Fsearch-adv.htmlr=1p=1f=Gl=50d=PG01S1=kohane.IN.OS=in/kohaneRS=IN/kohane or *http://tinyurl.com/68arz or look up US Patent Application Number **20040199765 I'm not sure whether an international PCT application for it has been filed - if not, the patent, if it issues, may only affect the US. Nevertheless, anyone wishing to use PING should seek a written grant of a patent license from its authors - if I am not mistaken, the LGPL license under which PING is made available does not automatically grant such a patent license. The PING authors are good guys and are unlikely to use their patent to extract money from other open source projects or implementations of PING, but it is best to be safe than sorry and to get that in writing from them. Tim C *
Re: FW: [ANNOUNCE] PostgreSQL 8.0.0 Released
Calle Hedberg wrote: Hi, Cross-posting FYI. For us, PostgreSQL is now a REAL alternative (Africa is 98% Windows, so a Linux-only DBMS was not very relevant) 98% of desktop ssytems just about anywhere are still Windows, aren't they? It will take 5 years or more before that figure drops below 80%, I suspect. - but we obviously want to do some serious testing of performance/reliability. Is anybody on this list planning to do the same in the near future? (Re Tim C's comment about their stress-testing of PostgreSQL 7 on Linux and Windows some time back - do you have a piece of text describing HOW you did that, by the way?) We used a Python programme which injected synthesised data into the database abstraction layer of NetEpi Case Manager. Now that PG 8.0 is reelased, we'll repeat the testing and include the database stress testing code in the next release of NetEpi Case Manager. Note that the tests are not complete tests of all database functionality, only tets of the aspects of PG used by NetEpi Case Manager - for example, we don't use triggers or database stored procedures, so we don't test them. However, PostgreSQL comes with a comprehensive test suite, I think, in the full distribution. Might be worth adapting that to run it repeatedly on client several machines all using the one database simultaneously. Tim C
Re: Re: Definition of terms
Adrian Midgley [EMAIL PROTECTED] wrote: Ownership Is theft.[2] [2] Ah, but from whom? (and it is a quote, not an assertion) Proudhon (As a former anarcho-syndicalist, I knew that even without having to Google for it, but here's a link tot he primary source anyway: http://dhm.best.vwh.net/archives/proudhon-property-is-theft.html ) License for Derivation An essential component of the Free Software licences such as the GPL, and the Open Source licences. You can alter it, with or without telling anyone. (If it is FLOSS you must distribute your source code alterations if you distribute the compiled executable, but crucially in FUD-busting terms you need not distribute it, and therefore need not distribute the alterations at all to anyone. No, if the license is a Copyleft license, then the above applies. Are all FLOSS licenses are copyleft licenses? Probably yes. But not all Copyleft licenses are FLOSS licenses, if you listen to Richard Stallman. Its a debatable point. Tim C
Open source medical imaging software stores data in iPods
See http://story.news.yahoo.com/news?tmpl=story2u=/zd/20050105/tc_zd/142004 Two radiologists recently developed open-source software, called OsiriX, to display and manipulate complex medical images on the popular portable devices called iPods. Check the screenshots on their homepage at http://homepage.mac.com/rossetantoine/osirix/Index2.html - wow! I wonder how they address patient privacy issues when storing lots of images on oft-stolen iPods? Presumably the patient identifiers associated with the images, if not the images themselves, are encrypted? Tim C
Re: Open source tools for population health epidemiology and public health
David Forslund wrote: I know a number of folks who would be interested, but the inability to run the software on Win platforms removes them from consideration at this time. All of the tools and infrastructure used are cross-platform, with the exception of PostgreSQL - but that will soon be also with the imminent release of Version 8.0, which will run natively under MS-Windows as well. It's just that MS-Windows is not our primary development platform, and we haven't had time to recompile, test and package various components for it - but we will, in due course (or someone else might volunteer to take on that task). Tim C
Re: Open source tools for population health epidemiology and public health
Tim Cook wrote: On Thu, 2004-12-23 at 23:02, David Forslund wrote: I know a number of folks who would be interested, but the inability to run the software on Win platforms removes them from consideration at this time. Dave Maybe this will be enough of a trigger to get them to try out some linux / unix servers then. :-) Surely they aren't that closed minded? Just think of it...the possibility of getting some great software free and all you have to do to try it out is come up with an old x86 box that you probably have lying around. I applaud their efforts in not spending resources supporting legacy operating systems such as Windows. ;-) We certainly recommend Linux or Unix as a server platform, but we do want the tools to be able to run on Windows laptops for field and mobile use. Its just a matter of POSIX (both Linux and Mac OS X) being our development platform, and thus ports to Windows will always lag some time behind. Tim C
Re: Open source tools for population health epidemiology and public health
David Forslund wrote: This sounds reasonable and certainly is, but there are some more complications. I try to be database independent, too, letting the deployment of a particular database to be site specific. The problem I also ran into at our state is the required use of MSSql on an Windows platform. Something like PostgresSQL was beyond their willingness to move. Sure, but again, there is nothing fundamental which ties NetEpi Case Manager to PostgreSQL - it was just that PostgreSQL was (and is) our database server of choice for development purposes. We use the Python DB-API 2.0, which abstracts away most of the database server-specific characteristics, but of course, every SQL database has its own set of extensions, and there are a few Postgresisms which we have used out of expediency (we were under considerable self-imposed pressure to get something working in the midst of the SARS outbreak of 2003)- this use of Postgresisms also needs to be abstracted out in order to support a wider range of back-ends (including embedded databases such as SQLite) - that is a task we plan to do, but again it is not the highest priority (of course if someone wants to sponsor the work or do it themselves, the priority would be changed). Also, the system would have to meet CDC reporting requirements, for which much of their software is used, not because they find it useful, but because it is required to meet their reporting requirements. Yes, if use of the tools in the US is a goal, then meeting CDC requirements is a necessity. However, in developing the tools, the US did not even enter our thoughts - simply because so much money has been poured into public health informatics over the last two or three years in the US that it doesn't need any help from us. Frankly, when we started developing NetEpi Case Manager, the data collection tool, in early 2003, we had Australian needs primarily in mind, but were also mindful of its potential utility in developing and transitional countries, especially those to our north and north-west (where, incidentally, Linux and other open source infrastructure tends to have a much greater mindshare within government departments and NGOs than it does in richer countries, although MS Windows is still probably the dominant OS - and hence does need to be supported by the NetEpi tools, in due course). They will be using NEDSS because it is supported by CDC and reduces their exposure to responsiblity of software risk. Thus an open source solution also needs to be NEDSS-compliant or PHIN compatible in the US these days. Yes, I agree. However, we currently have no plans to make the NetEpi tools NEDSS or PHINS compatible, primarily because the US is already well-provided for in publc health informatics. We are more interested in maximising the utility of the NetEpi tools for use in Australia and other parts of the world. That said, we have borrowed (and will continue to borrow) ideas from NEDSS and PHINS where they are valuable and not overly complex (the NEDSS data model in particular tends towards the baroque, in my opinion, but it is trying to address a very wide range of problems, far more ambitious in scope than what teh NetEpi tools hope to address) - and of course not encumbered by patents, but as far as I know, none of the material in the NEDSS or PHINS design documents is patented or likely to be patented. Something better isn't the only driving force these days. Again, I agree entirely. But we don't claim that the NetEpi tools are better than anything else - we only strive to make them as useful as possible to the target audience, which is public health practictioners in countries which do not already have well-funded and strongly organised public health informatics programmes (like most developed countries, there is some funding for public health informatics in Australia, but compared to the US on a per-capita basis, it is still an order of magnitude less, and on an absolute basis, absolutely miniscule - the same is true of most OECD countries, I think, with teh exception perhaps of Canada in the last 18 months, for obvious reasons). Nor do we hope that the NetEpi tools drive out competitors - if they do no more than catalyse other open source development projects in public health informatics, then they will have served their purpose (although we do of course hope that they are used). Cheers, Tim C Original Message From: Tim Churches [EMAIL PROTECTED] To: openhealth-list@minoru-development.com Date: Fri, Dec-24-2004 8:01 AM Subject: Re: Open source tools for population health epidemiology and public health David Forslund wrote: I know a number of folks who would be interested, but the inability to run the software on Win platforms removes them from consideration at this time. All of the tools and infrastructure used are cross-platform, with the exception of PostgreSQL - but that will soon be also
Re: Open source tools for population health epidemiology and public health
David Forslund wrote: I have no problem with your comments, with one exception. The state of IT in public health in the US, despite the efforts of the CDC, NEDSS, and PHIN is pretty abysmal. I can't compare it to Australia, but on any scale, they are in the dark ages here in the US and need all the help they can get. I suspect that reflects decades of very low levels of investment in public health infrastructure (especially personnel) in the US prior to 2001. No matter how much money is thrown at the problem, it just takes time to build infrastructure, especially organisational infrastructure and trained, experienced personnel. It certainly isn't your job to do so, but it would be nice to provide them better capability (and more efforts and true interoperability). They keep asking for better case management tools, and this isn't really in the purview of the CDC. CDC has something called the Outbreak Management System (OMS), I understand, which I think has recently been re-written in Java? Not really sure - very hard for people outside US public health circles to find out what is going on inside CDC, beyond is published on the CDC web site, and all our email enquiries go unanswered. CDC is so big that I don't think people inside teh organisation know what everyone else is working on, either, particularly in teh last few years with all the funds flowing in for public health informatics. Tim C Original Message From: Tim Churches [EMAIL PROTECTED] To: David Forslund [EMAIL PROTECTED], Andrew McNamara [EMAIL PROTECTED] Cc: openhealth-list@minoru-development.com Date: Fri, Dec-24-2004 1:40 PM Subject: Re: Open source tools for population health epidemiology and public health David Forslund wrote: This sounds reasonable and certainly is, but there are some more complications. I try to be database independent, too, letting the deployment of a particular database to be site specific. The problem I also ran into at our state is the required use of MSSql on an Windows platform. Something like PostgresSQL was beyond their willingness to move. Sure, but again, there is nothing fundamental which ties NetEpi Case Manager to PostgreSQL - it was just that PostgreSQL was (and is) our database server of choice for development purposes. We use the Python DB-API 2.0, which abstracts away most of the database server-specific characteristics, but of course, every SQL database has its own set of extensions, and there are a few Postgresisms which we have used out of expediency (we were under considerable self-imposed pressure to get something working in the midst of the SARS outbreak of 2003)- this use of Postgresisms also needs to be abstracted out in order to support a wider range of back-ends (including embedded databases such as SQLite) - that is a task we plan to do, but again it is not the highest priority (of course if someone wants to sponsor the work or do it themselves, the priority would be changed). Also, the system would have to meet CDC reporting requirements, for which much of their software is used, not because they find it useful, but because it is required to meet their reporting requirements. Yes, if use of the tools in the US is a goal, then meeting CDC requirements is a necessity. However, in developing the tools, the US did not even enter our thoughts - simply because so much money has been poured into public health informatics over the last two or three years in the US that it doesn't need any help from us. Frankly, when we started developing NetEpi Case Manager, the data collection tool, in early 2003, we had Australian needs primarily in mind, but were also mindful of its potential utility in developing and transitional countries, especially those to our north and north-west (where, incidentally, Linux and other open source infrastructure tends to have a much greater mindshare within government departments and NGOs than it does in richer countries, although MS Windows is still probably the dominant OS - and hence does need to be supported by the NetEpi tools, in due course). They will be using NEDSS because it is supported by CDC and reduces their exposure to responsiblity of software risk. Thus an open source solution also needs to be NEDSS-compliant or PHIN compatible in the US these days. Yes, I agree. However, we currently have no plans to make the NetEpi tools NEDSS or PHINS compatible, primarily because the US is already well-provided for in publc health informatics. We are more interested in maximising the utility of the NetEpi tools for use in Australia and other parts of the world. That said, we have borrowed (and will continue to borrow) ideas from NEDSS and PHINS where they are valuable and not overly complex (the NEDSS data model in particular tends towards the baroque, in my opinion, but it is trying to address a very wide range of problems, far more ambitious in scope than what teh
Open source tools for population health epidemiology and public health
I am pleased to announce that developmental versions of some tools for population health epidemiology and public health are now available under a free, open source software license - see http://www.netepi.org (please note that the release notes for the NetEpi Analysis tool can be found in the documentation section of the project web page on SourceForge). The current development team (comprising two members: Andrew McNamara and myself) will be working on NetEpi fairly intensively over the first half of 2005, with a view to a Version 1.0 release of the tools by mid-year. We would be very happy to hear from anyone wishing to contribute to development in any way, including assistance with informal and/or formal testing of each new version. Wishing everyone a safe and happy Festive Season and a free and open source New Year, Tim C Sydney, Australia
Re: Free US ICD-9-CM as plain text?
David Forslund wrote: I have a question. There is a lot of info in the ICD-9-CM coding documents that isn't represented by simple text. It would seem that an XML representation of the codes with the exclusions, notes, etc. would be more generally useful. Flatting the data to the number and the name seems to remove some, if not a lot of, information. Comments? Sure, an XML representation which preserved the comments, scope notes etc would be ideal. Even better would be an XML representation which incorporated all the revisions (which seem to be annual in the US) into the one document. Howver, for our purposes we were just looking for a quick way to label US ICD-9-CM codes for the purposes of some demo code, since the US National Hospital Discharge Survey data from NCHS is a convenient, publicly available dataset. The ICD clinical variants (e.g. ICD-9-CM as opposed to ICD-9) are country specific eg we use ICD-10-AM (where AM=Australian modification) for clinical coding, but ICD-10 (as maintained by WHO) for deaths. Nevertheless, a single international XML standard for representing ICD codes would be great. Tim C Original Message From: Tim Churches [EMAIL PROTECTED] To: Openhealth [EMAIL PROTECTED] Date: Sun, Nov-28-2004 0:23 AM Subject: Free US ICD-9-CM as plain text? Does anyone know where a set of US ICD-9-CM codes and descriptions as plain text i.e. in a format which can be imported into databse - can be obatined at no cost? The data do not have to be re-distributable, just available on teh Internet for free. I have been able to find a free set of US ICD-9-CM files in RTF (Rich Text Format) format provided by the NCHS (National center for health Statistics), but they are laid out for printing, and would need a lot of error-prone parsing to render them as a database file. Various companies offer ASCII-format ICD-9-CM files, but only for a fee. Note that I am looking for ICD-9-CM, not ICD-9. Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: Free US ICD-9-CM as plain text?
Alexander Caldwell wrote: The Multum lexicon database which is available free at http://www.multum.com has a table in it representing the ICD9-CM I believe it is updated each month. It is in an MS-Access format. Yes, thanks, I had forgotten about Multum Lexicon. It is distributed under a liberal license which permits modification, reformatting and redistribution. However, the license has this provision: ii) If you incorporate modified files into a computer program, you must cause it, when started running for interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice, a notice that you have modified the Multum Lexicon database from Cerner Multum, Inc., and a notice that there is no warranty (or that you provide the warranty) and telling the user how to view a copy of this License. Honouring that requirement in our demo application is more trouble than it is worth for us, right now. Thanks, Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: RTF conversion
David Forslund wrote: I found this piece of opensource software: http://memberwebs.com/nielsen/software/rtfx/ which is at least 10 times faster than any commercial products I've tried at turning an RTF file into an XML file which can then be parsed with various XML tools. I know python can be used to take apart an RTF file directly, but this tool seems to allow me to use other tools for automatic conversion with no coding. Dave Nice find! Yes, it converts the NCHS ICD-9-CM RTF files perfectly, and teh resulting XML has enough hints contained in teh arguments to the para tags to be able to extract the semantic meaning we need. And rtfx runs on all platforms as a command line programme - perfect! Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: Free US ICD-9-CM as plain text?
Tim Churches wrote: Does anyone know where a set of US ICD-9-CM codes and descriptions as plain text i.e. in a format which can be imported into databse - can be obatined at no cost? The data do not have to be re-distributable, just available on teh Internet for free. I have been able to find a free set of US ICD-9-CM files in RTF (Rich Text Format) format provided by the NCHS (National center for health Statistics), but they are laid out for printing, and would need a lot of error-prone parsing to render them as a database file. Various companies offer ASCII-format ICD-9-CM files, but only for a fee. Note that I am looking for ICD-9-CM, not ICD-9. Sorry, forget it - I realised that it is quite easy to parse RTF files. About 100 lines of Python and I nearly have a perfect set of text from the RTF files available via anonymus FTP from NCHS. I'll include the parsing code in the packages we will be releasing by Xmas (2004). Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: Free US ICD-9-CM as plain text?
Pat wrote: Tim, Hey, I asked that same question not long ago. Yes, I do dimly recall it now that you mention it. No satisfactory answer, I presume? I look forward to using the parser. After you strip all the formatting out, the NCHS RTF files have a very regular format, thank goodness. BTW you better patent that method for parsing RTF ICD-9 files :-D Yes, it would seem to be at least as novel as many of Microsoft's recent patent applications. But I can't afford $5000 per day patent attorneys to help me describe something completely obvious and routine in a manner that makes it seem novel, or at least sufficinetly incomprehensible that the patent examiners can't be sure if it is novel, or non-obvious, or not. Tim C Tim Churches wrote: Does anyone know where a set of US ICD-9-CM codes and descriptions as plain text i.e. in a format which can be imported into databse - can be obatined at no cost? The data do not have to be re-distributable, just available on teh Internet for free. I have been able to find a free set of US ICD-9-CM files in RTF (Rich Text Format) format provided by the NCHS (National center for health Statistics), but they are laid out for printing, and would need a lot of error-prone parsing to render them as a database file. Various companies offer ASCII-format ICD-9-CM files, but only for a fee. Note that I am looking for ICD-9-CM, not ICD-9. Sorry, forget it - I realised that it is quite easy to parse RTF files. About 100 lines of Python and I nearly have a perfect set of text from the RTF files available via anonymus FTP from NCHS. I'll include the parsing code in the packages we will be releasing by Xmas (2004). Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: when published spec predates patent, was Re: A patent application covering EHRs
Elpidio Latorilla wrote: Hi, To win a game (and be officially declared as winner), one must play it according to its rules. On Tuesday 23 November 2004 17:18, Tim Churches wrote: The cost of lodging opposition to a patent before it issues here in Asutralia is AUD$550. I am willing to reimburse you this amount. Thanks, but I understand that other organisations will be opposing the patent application here in Australia. Also, AUD$550 is just the application fee. If the opposition tot he application is not upheld by the Patents Commissioner, then costs are awarded againstthe opponent - that's right - the person or organisation objecting tot he patent application has to pay the costs (eg patent attorney fees) of the aptent applicant. Totally absurd, and it shows how much teh system is stacked in favour of the patent applicant, who merely has to assert novelty, not prove it. The main point here is to actually lodge the opposition. All the documents, information and discussions on this list are excellent but they will be useless if nothing is done to play the game by its rules. I would suggest that others need to oppose the patent application in the US, UK and Canada. Separate patent applications have been lodged in those countries. Even is teh patent application is successfully opposed in Australia doesn't mean it won't be approved and issue in the other countries. However, if the opposition is not upheld, then the opposer is liable to pay for the patent applicants' costs in responding to the opposition. The entire system is stacked in favour of the aptent applicant, which is wrong. Hmm, I seem to be repeating myself. But I am flabberghasted just how unfair the patent system really is. Let me suggest this strategy: You create a foundation or a non-profit organization asap and have it legally registered. This organization (not an individual) must lodge the opposition. After lodging, send me copies of the documents, invoice and bank account info so I can reimburse you the above amount. Then you start campaigns to raise funds asap for information dissemination campaigns and in case you lose the case. You can ask for donations from individuals, groups, make a benefit gala, dinner, etc. Use proven marketing tactics to ignite interest in the case. Keep people talking, not just this list. Create publicity. Expose your opponents in the public. Tear down their facade. Yes, the idea is a good one. See http://www.pubpat.org for an organisation doing something like this in the US. Alas, I don't have the time or inclination to become a full-time patent buster - but I have been trying to interest others in such a role. And I am willing to help find prior art. Anyone wishing to oppose this patent in teh US, UK and Canada should contact me and I will provide details of candidate prior art assembled so far, and put you in touch with organisations which have indicated that they intend to oppose the application here in Asutralia. Of course, the application is still undergoing formal examination by the patent office - if it fails that, then we can relax. But that same patent office did approve an innovation patent (aka a petty patent) on the wheel a few years ago... Sounds ugly? No. In the battleground there is no room for niceties. I mean it. Unfair and inequitable intellectual property protection regimes are indeed the battleground of the 21st Century, just as concentrated ownership of factories and farms were in the 20th Century. Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: Another crazy software patent application
Tim Churches wrote: This patent application is a beauty, by Microsoft this time: Um, I just realised that the construction ...is a beauty may be an Australian colloquialism. It is not meant to convey that the thing being referred to is beautiful, but rather that it is surprising, jaw-dropping or otherwise gob-smacking. Tim C smime.p7s Description: S/MIME Cryptographic Signature
Free US ICD-9-CM as plain text?
Does anyone know where a set of US ICD-9-CM codes and descriptions as plain text i.e. in a format which can be imported into databse - can be obatined at no cost? The data do not have to be re-distributable, just available on teh Internet for free. I have been able to find a free set of US ICD-9-CM files in RTF (Rich Text Format) format provided by the NCHS (National center for health Statistics), but they are laid out for printing, and would need a lot of error-prone parsing to render them as a database file. Various companies offer ASCII-format ICD-9-CM files, but only for a fee. Note that I am looking for ICD-9-CM, not ICD-9. Tim C smime.p7s Description: S/MIME Cryptographic Signature
Re: A patent application covering EHRs
Tim Cook wrote: On Mon, 2004-11-22 at 18:29, Tim Churches wrote: At a glance, there would not appear to be much in the way of novelty in the claims, and several groups here in Australia plan to lodge objections to the application. Others may wish to object to the applications in their own countries. If anyone can suggest clear prior art which was published before April 2002, and ideally before April 2001, then please let me know (or post details to this list so the prior art can be shared around). Thanks for the heads up Tim. It likely will come down to who has the time/money to properly fight this. What is the name of the organization that caused the review for MS's patent application on the FAT filesystem? The Public Patent Foundation - see http://www.pubpat.org - they may be interested in taking it on, before the patent issues in the US. Thanks, Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Andrew Ho wrote: Tim, I published this invention back in 1998 titled Patient-Controlled Electronic Medical Records. Please see: http://www.txoutcome.org/scripts/zope/readings/patient-controlled and referenced here: http://www.txoutcome.org/scripts/zope/readings/oio This work has been online and retrievable via Google and other search engines for many years. Performing a Google search using patient-controlled electronic medical records as the search term retrieves this paper as the first hit. OK, many thanks. Your paper covers many of their claims, although it does not mention controlling selective uploading and access to particular data items via a template, which is also part of their claims - but I have found another paper which desribes that. But your paper covers their other claims nicely - the more the merrier! I wonder if the Australian pharmacists read my invention and is now trying to steal it? It would be amazing if they neglected to run a Google search on related prior art. :-) Possible but I doubt it. I suspect it is more a case of a set of solutions which are fairly obvious to anyone who considers the problem in detail. The Pharmacy Guild was part of a multi-sectoral committee which considered design issues for a shared medication record for Australia (now called MediConnect). They just happened to file this patent application just after that design work was winding down - which allegedly came as a surprise to the other committee members. Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Andrew Ho wrote: This means writing documentation to fully disclose innovative system features Agree. and filing some patents from time to time may become increasingly important for free software projects. Disagree. I, like many people, believe that Software, algorithmic and business method patents should not be permitted, and if one holds that position, one cannot then pursue software and algorithmic patents oneself (at least not without being a hypocrite). Better to work politically for patent reform, and to bust as many software and algorithmic patent applications as possible through prior art objections before they issue. Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Andrew Ho wrote: But do these prior systems provide the follwing set of functions? comprising the steps of : the consumer causing personal health data to be stored in a secure repository, said repository requiring authentication of the consumer's identity before the consumer is provided access to the repository; the consumer selecting items of personal health data to share and identifying a health care provider, or class of health care providers, to whom access will be provided for those items of personal health data; a health care provider providing authentication of their identity to the consumer's secure repository and being provided access to those items of personal health data of the consumer for which the health care provider has been identified for sharing; the health care provider using the personal health data of the consumer to determine health care advice or the provision of a health care service for the consumer; and the health care provider recording details of the consultation and the advice or service provided to the consumer in the secure repository of health data of the consumer. Quoted from Claim 1 of http://v3.espacenet.com/textclam?CY=epLG=enF=4IDX=WO02073456DB=EPODOCQPN=WO02073456 Prior art that do not read on the claims of the patent are not relevant to this discusssion. Specifically, subset implementation does not infringe a patent. This means if we build software that does not do all the steps spelled out above, it does not infringe. Yes, Andrew is correct - prior art needs to be specific to the claims, although the prior art does not need to be contained in a single document, as long as the connections between the prior art would be obvious to a person skilled in the domain. The burden of proof for novelty was recently tightened under Australian law (thank goodness for small mercies!), but unfortunately those changes only affect applictaions lodged after 1 April 2002, and the patent application in question was lodged on 14 March 2002. However, I have just revisited Ross Anderson's privacy principles which he developed for the British Medical Association, published in the BMJ and elsewhere in 1996, and available in full form here: http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html Andersons' paper describes patient-controlled access control lists, as well as data item-specific access control. He doesn't use the word template but does, of course, use the term access control lists, and the patent application describes a template as being a list. Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
David Forslund wrote: Thus the patent you describe would make the RAD OMG specification a violation of your patent, since it provides a mechanism to specifically what you say plus a lot more? If the patent application in question is approved in the US and the patent issues (yes, they have filed a US patent application as well as Australian, UK and Canadian applications) then anyone distributing or using the RAD OMG specification in the US may have to defend themselves against royalty claims in the courts. That's why it is important to oppose such patents to prevent them from issuing. Note that the RFP for this was issued in February, 1998: http://www.omg.org/cgi-bin/doc?corbamed/98-02-23. The result is a specific way to provide the capability you describe in your patent in a scalable, implementable way over a distributed network. Yes, definitley more relevant prior art. Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Andrew Ho wrote: On Wed, 24 Nov 2004, Tim Churches wrote: Andrew Ho wrote: Tim, I published this invention back in 1998 titled Patient-Controlled Electronic Medical Records. Please see: http://www.txoutcome.org/scripts/zope/readings/patient-controlled and referenced here: http://www.txoutcome.org/scripts/zope/readings/oio This work has been online and retrievable via Google and other search engines for many years. Performing a Google search using patient-controlled electronic medical records as the search term retrieves this paper as the first hit. OK, many thanks. Your paper covers many of their claims, although it does not mention controlling selective uploading and access to particular data items via a template, which is also part of their claims Tim, You are welcome! Even if all we have is prior art that reads on their claim 1, then their patent is already significantly narrowed. If you know how to reach any of these 3 inventors, perhaps we ought to invite them to join us for a discussion on the OpenHealth list? Why give them more time and material with which to work on ammendmnets to their application to avoid the prior art? The patent application is absolutely without merit, and I for one don't wish to help the applicants in any way. Nor am I interested in passing the time of day by chatting with them. - but I have found another paper which desribes that. Do you have an URL or reference that you care to share? Most of the claim of the patent application with respect to the use of templates to control the uploading and access to specific data items in an EHR record are described in this document by Enrico Coiera, dated Jan 2001 - see page 19 onwards: http://www7.health.gov.au/hsdd/primcare/it/docs/design.doc Sorry, its a word document - not my fault and beyond my control. It would be necessary to establish when the above docment was first revealed (not necessarily published, just revealed to others), but I daresay it was before the priority date of March 2002. But your paper covers their other claims nicely - the more the merrier! ok. I wonder if the Australian pharmacists read my invention and is now trying to steal it? It would be amazing if they neglected to run a Google search on related prior art. :-) Possible but I doubt it. I suspect it is more a case of a set of solutions which are fairly obvious to anyone who considers the problem in detail. Often this type of patent is never used to sue anyone. We should not get too alarmed (yet) but instead read it as any other kind of publication and try to contact the authors. We have had this discussion before... The only reason for applying for a patent is to obtain a state monopoly which allows you to stop others from using your idea, or to extract royalties from them. If all you wish to do is publish your idea in ordr to reveal it to the world, it is far more effective and cheaper just publish a scientific paper, or just make a Web page available. Patent attorneys may well advise you that a patent application is the best way to establish prior art, but then they would say that, wouldn't they? Publication in journals, particularly those indexed by major bibliographies like Pubmed, ISI Web of Science or CiteSeer, are just as good at establishing prior art. Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
David Forslund wrote: I agree, and the OMG has some boiler plate that typically removes them from any patent liability leaving it up to the implementor of the technology. What I have a problem is properly identifying prior art. The background papers clearly cover these issues long before these patents were submitted, but only in a general way by describing the general problem that the patent is dealing with in the specific. There are some more papers that are relevant at: http://cadse.cs.fiu.edu/research_projects/RAD/publications/ I've not checked it out, but the book by Bob Blakley on CORBA Security could have a discussion and early reference, too. I ran into a patent from HR Block wHich basically patented distributed object-based computing in 1995. The fact that this was awarded a patent is a travesty of our patent system. Dave Yes indeed. There is an excellent appeal to the EU Council to oppose a forthcoming motion on software patents by some open source software luminaries at: http://nosoftwarepatents.com/en/m/intro/app0411.html Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Gerard Freriks wrote: Hi, Lets be sensible. A template is nothing but a screen thta can be filled. As far as I know that has been described many times before 2001. Isn't it? Yes, but pointers to papers published prior to 2001 which specifically describe this would be appreciated. Formal and specific evidence of prior art is required to successfully oppose a patent application - in most countries, the whole legal process is weighted in favour of the patent applicant (which is the opposite of the way it ought to be, since the state is granting the applicant a monopoly on the idea). For instance, in Australia (and probably other countries), the burden of proof falls on the opponent to prove lack of novelty, not on the applicant to prove novelty. The applicant needs only to claim novelty and show evidence of a search for prior art. Tim C signature.asc Description: OpenPGP digital signature
Re: when published spec predates patent, was Re: A patent application covering EHRs
Andrew Ho wrote: On Tue, 23 Nov 2004, David Forslund wrote: Thus the patent you describe would make the RAD OMG specification a violation of your patent, since it provides a mechanism to specifically what you say plus a lot more? Dave, No, if RAD OMG spec is a superset of any subsequent patent, then the patent is invalid. Yes, but if the patent is issued regardless (as very often seems to happen), then its invalidity needs to be proven in the courts - very expensive. Better to oppose the patent application before it issues, to prevent it ever becoming a patent - still surprisingly expensive, but less expensive that a court case. Tim C signature.asc Description: OpenPGP digital signature
Re: when published spec predates patent, was Re: A patent application covering EHRs
Andrew Ho wrote: On Wed, 24 Nov 2004 10:08:57 +1100, Tim Churches [EMAIL PROTECTED] wrote: ... Yes, but if the patent is issued regardless (as very often seems to happen), then its invalidity needs to be proven in the courts - very expensive. Tim, Going to court and the associated expense may not be necessary. For US Patents, we can add citation: http://www.uspto.gov/web/offices/pac/mpep/documents/appxr_1_501.htm#cfr37s1.501 or ask for re-examination: http://www.uspto.gov/web/offices/pac/mpep/documents/appxr_1_510.htm#cfr37s1.510 Ex partes re-examination costs $2520. I am not certain, but here in Asutralia I don't think there is any mechanism for requesting re-examination by the patent office of a patent which has been issued and sealed. You need to take it to court. Better to oppose the patent application before it issues, to prevent it ever becoming a patent - still surprisingly expensive, Filing a Protest before the patent is issued does not look expensive at all from here: http://www.uspto.gov/web/offices/pac/mpep/documents/1900.htm In fact, I don't even see the mention of any filing fee. The cost of lodging opposition to a patent before it issues here in Asutralia is AUD$550. However, if the opposition is not upheld, then the opposer is liable to pay for the patent applicants' costs in responding to the opposition. The entire system is stacked in favour of the aptent applicant, which is wrong. but less expensive that a court case. Sure, but there are lots of things that can be done before ending up in court. Well, here in Asutralia, issue of the patent can be opposed. If that fails, then court or settlement are the only options, I think (but IANAL). Tim C signature.asc Description: OpenPGP digital signature
Re: A patent application covering EHRs
Gerard Freriks wrote: Hi, How serious is it really? If the patent is approved, it is potentially serious for anyone wishing to use or sell EHR ssytems which use the features in its claims. They hve only submitted applications in Australia, UK, US and Canada, so other countries would be unaffected. No matter how ridiculous the patent may seem, if it issues it can cause really grief. Is there anybody with a legal opinion? I only have a laymans opinion about this ridiculous patent. Gerard ps: A few snippets from en CEN/TC251 standard published in 1999. CEN/TC251 ENV 13606: 1. Scope This European Prestandard specifies messages that enable exchange of electronic healthcare record informationbetween healthcare parties responsible for the provision of clinical care to an individual patient. These messages allow information from an electronic healthcare record held by one health professional to be sent to another healthprofessional. The messages specified by this European Prestandard can be used to convey: a complete copy of a patient's record as stored in one information system; parts of a patient's record that form a logically sound extract or summary of that record; parts of a patient's record used for updating a parallel record on another system. The primary purpose of these messages is to support the provision of care to individual patients. The availability ofconsistent, continuing clinical care, when and where it is needed, requires appropriate and unambiguous communication between clinical professionals. The messages specified by this European Prestandard are designed to meet thisrequirement by enabling users of different clinical information systems to exchange electronic healthcare record information. Implementation of these messages will therefore assist the maintenance of timely and appropriate patientrecords. With a definition of Health care party: -- 3.39. healthcare party. Organisation or person involved in the direct or indirect provision of healthcare services to an individual or to a population. -- Met andere woorden. Hetgeen functioneel beschrven staat is omvat in de CEN voornorm voor het EPD. The concept Template is mentioned. Any input screen is a template. And before 1999 this concept was defined and in use. As far as Access Control is concerned Part 3 of the CEN/TC251 ENV 13606 is about the expression of elements needed for access control. 1 Scope This European prestandard specifies data objects for describing rules for distribution or sharing of electronic healthcare records in whole or in part. This European prestandard establishes general principles for the interaction of these data objects with other components and mechanisms within an electronic healthcare record application, thereby controlling the distribution of electronic healthcare records in whole or in part. This European prestandard establishes ways of creating information with associated security attributes. This European prestandard defines a methodology for constructing rules built from defined data objects, capable of being implemented using a range of techniques, to effect the control of sharing of electronic healthcare record data. This European prestandard establishes principles that allow security policies to be implemented and incorporated in order to ensure the safe use of the data. This European prestandard specifies a method for constructing an Access Log, that can be rendered human viewable, that records distribution of the data to which a Distribution Rule is attached. This European prestandard does not specify the mechanisms and functions that take part within the negotiation procedure and therefore fully automate the data distribution process. This European prestandard does not specify the mechanisms and functions that will allow some systems to continuously reauthenticate the data communication session and monitor its integrity. This European prestandard allows the sharing of records distributed in space, time or responsibility. This European prestandard does not specify the data objects and packages represented in an Information System. At this moment I have no time to browse further. But on the website of NIST more is to be found about Role based Access published before 1999. And persons like Bernd Blobel and Ross Anderson wrote about security in health care Yes, Andersons' BMA privacy principles paper from 1996 is full of prior art for this patent application. Thanks, Tim C -- private -- Gerard Freriks, arts Huigsloterdijk 378 2158 LR Buitenkaag The Netherlands +31 252 544896 +31 654 792800 On 23 Nov 2004, at 03:29, Tim Churches wrote: There is some concern here in Australia over a patent application lodged by the Pharmacy Guild of Australia over some rather generic features of EHRs. These concerns are reported here: http://australianit.news.com.au/common/print/ 0,7208,11467621%5E15319
A patent application covering EHRs
There is some concern here in Australia over a patent application lodged by the Pharmacy Guild of Australia over some rather generic features of EHRs. These concerns are reported here: http://australianit.news.com.au/common/print/0,7208,11467621%5E15319%5E%5Enb%20v%5E15306,00.html or here: http://snipurl.com/atst The application has been lodged under the international PCT (patent co-operation treaty), and it appears that country level applications have been lodged in at least the UK, Canada and the US, as well as Australia. At a glance, there would not appear to be much in the way of novelty in the claims, and several groups here in Australia plan to lodge objections to the application. Others may wish to object to the applications in their own countries. If anyone can suggest clear prior art which was published before April 2002, and ideally before April 2001, then please let me know (or post details to this list so the prior art can be shared around). The details of the patent application, and a related one filed on the same date, are as follows: METHOD AND SYSTEM FOR SHARING PERSONAL HEALTH DATA can be found here: http://v3.espacenet.com/textdoc?CY=epLG=enF=4IDX=WO02073456DB=EPODOCQPN=WO02073456 or here: http://snipurl.com/atol Click on the tabs at the top to see the details of the patent claims. The details of the CR Group application for METHOD AND SYSTEM FOR SECURE INFORMATION can be found here: http://v3.espacenet.com/textdoc?DB=EPODOCIDX=WO02073455F=0 or here: http://snipurl.com/ator The filing dates for both are 14 march 2002, with earliest priority dates of 14 March 2001. Just to whet your appetite, here is Claim 1 of the Pharmacy Guild application: CLAIMS : 1. A method for a health care provider to obtain personal health data relating to a consumer, the method comprising the steps of : the consumer causing personal health data to be stored in a secure repository, said repository requiring authentication of the consumer's identity before the consumer is provided access to the repository; the consumer selecting items of personal health data to share and identifying a health care provider, or class of health care providers, to whom access will be provided for those items of personal health data; a health care provider providing authentication of their identity to the consumer's secure repository and being provided access to those items of personal health data of the consumer for which the health care provider has been identified for sharing; the health care provider using the personal health data of the consumer to determine health care advice or the provision of a health care service for the consumer; and the health care provider recording details of the consultation and the advice or service provided to the consumer in the secure repository of health data of the consumer. If this patent issues, we (or our govts) may find ourselves having to pay royalties to the Pharmacy Guild of Australia to use any EHR applications which meet this description, or having to challenge the patent in court (expensive). Hence there is value in demolishing it with prior art in the application stage - assuming that it survives the examination phase (which it shouldn't, but as we know, the US patent office seems willing to approve a patent for just about anything, no matter how obvious or well-known the idea is, and the Australian patent office managed to issue an innovation patent for the wheel a few years ago...true!). Tim C signature.asc Description: OpenPGP digital signature
Interesting take on the UK NHS-Microsoft deal
See http://www.pbs.org/cringely/pulpit/pulpit2004.html I agree with his point that the big IT consultancy/integrator firms operate on a project management headcount basis, but he ignores the potential of open source development methods (as opposed to the use of open source software components). He also completely ignores the lock-in which Microsoft will achieve, not just with the NHS, but also with the major health system vendors such as iSoft (already a Microsoft buddy) and CERNER. Given the size of the NHS contracts, these and other large commercial health software vendors will have even more reason to concentrate on development of their products for the latest Windows platforms, rather than for open platforms. That will effect not just the UK NHS, but customers of these vendors elsewhere as well. I think the rich countries need to look to developing and transitional countries to save them from a Microsoft-dominated health IT environment over the next decade. Tim C PS I am sending this from MS Outlook Express instead of my usual Ximian Evolution mail client due to an upgrade now in progress on my desktop Linux machine. TRC
Re: OpenHRE software available
On Wed, 2004-11-10 at 00:40, Wayne Wilson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Forslund wrote: | The application doesn't need much in the way of J2EE support. It only needs JSP support. | Thanks David and Don for the information. Let me give some more perspective on why I asked the question. I am responsible for running (operations) a JSP server farm. We currently use Resin, but we used to use Tomcat back in the 3.X release days. What we have found is that our particular installation of the server, ranging from java release levels, to additional jar's to where we locate the software and finally to configuration directives gradually evolves over time into something quite specific to this server environment. Recently we ran into seemingly intractable robustness problems and I lobbied to switch to another JSP server, JBOSS. It turned out that the labor involved in such a switch was so great that we ended up investing significant time in problem solving. Thanks to a great staff and java 1.5, we think we solved the problem. Another data point: We have purchased two commercially supported applications based on JSP server technology. IN both cases, it became highly problematical to try to adapt those applications to our JSP server world. We ended up installing those applications according to how their developers packaged the system, including the supported install of the JSP engine. What that ended up doing is having my group, i.e. server operations, treating the application installed on a dedicated server as if it was a vendor supplied blackbox, i.e. an appliance. Since my long range strategy is to adopt appliance solutions where ever possible this should be acceptable. An issue arises, however, in that this model does not scale well unless one makes the move away from commodity hardware! By that, I mean that the installation, on-going physical operation and management of these appliances can get to be a problem in it's own right! And that leads me back to what the hardware vendors will supply and support as the starting point for any application bundling effort. Dare I repeat the old adage? Java: write once, debug everywhere. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Hi
On Sun, 2004-10-31 at 10:07, Aho wrote: :)) Presumably this message is the result of someone misusing Andrew's email address to send out malware. In this instance, they have even mimicked Andrew's characteristic use of smileys. This happens to me all the time - people complain that I sent them a virus. Conversation on how easy it is to use someone else's email address usually follows, sometimes with a demonstration in which I send them a message apparently from themselves. I have signed this message so you can check that it is really from me. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 signature.asc Description: This is a digitally signed message part
RE: OGC OSS report (was) Re: NHS/IA revisionism
From: Joseph Dal Molin [mailto:[EMAIL PROTECTED] Sent: Friday, 29 October 2004 6:22 AM To: [EMAIL PROTECTED] Subject: OGC OSS report (was) Re: NHS/IA revisionism OGC report published now what will the NHS say on their web site? The software could generate significant savings, according to the Office of Government Commerce (OGC). http://www.ogc.gov.uk/index.asp?docid=2190#finalreport BBC coverage: UK government departments moved a step closer to using open-source operating systems such as Linux after a study found that they were viable products. http://news.bbc.co.uk/1/hi/business/3960025.stm The NHS will just say that the OCG report focussed on typical government administrative functions, and that health care delivery is significantly different from other forms of government administration. They'll be correct, of course - it is different. However it doesn't logically follow that a FOSS approach has no utility in health. But that is what they will imply. Here in the state of New South Wales (Australia), a Dept of Commerce tender for all-of-govt contracts for Linux software and support services (especially the latter) closes today. When the tender results are announced in a month or two, it will make it considerably easier for government departments and instrumentalities, including health authorities and public hospitals, to deploy Linux and linux-based systems in mission-critical roles (where 24x7 in-depth support infrastructures are a sine qua non). Tim C Adrian Midgley wrote: On Tuesday 26 October 2004 21:48, Tim Churches wrote: Richard Grainger, the head of the NHS IA Certainly he is in charge, but of the NPfIT which is esentially taking over from the NHSIA. The IA was established when the Information Management Group (IMG) was dismembered into the IPU (Information Policy Unit - a part of the DH - Department _of_ Health) about 1992 in order to make it more difficult to make large mistakes rapidly in a monolithic centrally directed organisation. 1992 was therefore the time of the last big spasm in NHS IT policy, and gave rise to the plans to introduce X.400 email systems running in a virtually private network. X.400 went away last year or the year before, never having really worked, and having been introduced in about 1999 or so (I forget). contracts being offered. That probably means that open source won't get a much of a look in. Adrian, is that a correct surmise? There is expressed the theory that after it all goes wonderfully well for us, the rest of you will buy it and we will share the profits into the Exchequer. It sounds like a sales-talk to me but I know little of such things. There has never been any prohibition on the use of open source software, however one of the quid pro quos for the deal - if unspoken - seems to be that the developers get the onwership and control of the results... so as to make it easier for them to extract large amounts of money from the rest of the world which they will share with teh NHS and .gov.uk Who knows. Perhaps it might work. The developments in quantum computing seem interesting, they also operate as I understand it, in an arbitrarily large number of parallel universes.
RE: OGC OSS report (was) Re: NHS/IA revisionism
Adrian Midgley [mailto:[EMAIL PROTECTED] wrote: On Thursday 28 October 2004 13:08, Tim Churches wrote: Here in the state of New South Wales (Australia), a Dept of Commerce tender for all-of-govt contracts for Linux software and support services (especially the latter) closes today. When the tender results are announced in a month or two, it will make it considerably easier for government departments and instrumentalities, including health authorities and public hospitals, to deploy Linux and linux-based systems in mission-critical roles (where 24x7 in-depth support infrastructures are a sine qua non). Yes. A huge gap continues to be having some structure or fractal organisation that allows the Open Source/Libre community to generate a credible support operation. The difference is I think less than it might seem, because as time has gone by and I have seen a few things I have come to regard the large corporations not as they project themselves - monoliths of stable content and nature - but as transient clouds which hire and fire, reform and rebadge, coalesce and fragment, assimilate and divide so as to provide whatever it is that the customer has convinced themselves is essential. Yes. We runn Red Hat Enterprise Linux on several of our more important servers - what you pay for is essentially a support contract, rather than a software license (since it is all GPLed except for the Red Hat name and logos embedded throughout it). When we have required tech support, the phone is variously answered by quite know;edgeable people in Brisbane, San Fransico and mostly Manila. However, should we ever need someone on-site, there are similarly trained people a few minutes away in Sydney. In other words, they have a global cloud of support staff, linked via a shared, Web-based support information system. It all works very satisfactorily. Novell has a similar, but even better developed distributed support infrastructure, which is why their entry into the Linux support market is very welcome. And there is also IBM, but I have no direct experience with them. HP also offers combined support for various Linux distros running on its hardware, as do some of the other hardware providers. Increasingly the support is not just for the bare operating system, but for much of the stuff bundled in the distros, such as open source databases, email and Web infrastructure and for desktop deployments, office applications. So for large oragnisations, the necessary support infrastructure to swap mission critical operations to Linux and other FOSS solutions is already there, I feel, or just about there. People just don't realise it. However, such support does cost some money - not outrageously expensive, but not small change. For small-to-medium sized organisations, I think that there may still be a significant gap in cheaper support for Linux and FOSS offered by smaller, more local IT firms. What really needs to happen is for these firms to form consortia to provide after-hours support, in the same way that GPs often form consortia to provide after-hours coverage to each others' practices on a rotating basis. Tim C So apart from convincing the customers that what they want is Open Source, which is a process moving with something like historical inevitability, we need a few very sparse skeletons into which we can fit at need. But in the absence of those emergent structures, keep coding and talking and using FLOSS by preference, and we will get there. -- Adrian Midgley Open Source software is better GP, Exeter http://www.defoam.net/
RE: Virtual Privacy Machine - reprise
From: Tim Churches [mailto:[EMAIL PROTECTED] Sent: Friday, 22 October 2004 1:09 AM To: 'Horst Herb'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: Virtual Privacy Machine From: GPCG Talk List [mailto:[EMAIL PROTECTED] On Behalf Of Horst Herb Sent: Friday, 22 October 2004 9:53 AM To: [EMAIL PROTECTED] Subject: [GPCG_TALK] Virtual Privacy Machine The seems to resolve many of our security problems arising from inadequate choices of software and operating system: http://pvpm.metropipe.net/ I will review it and comment when I am finished, but this looks like something EXTREMELY promising, and might even be expanded to a complete electronic heath record system on a USB stick (not just the data, but the software to view and modify the health records as well) Yes, this is extremely clever and extremely interesting. The innovative part is that it does not require you to reboot the computer into which you plug the USB memory stick. Instead, it loads a CPU emulator (they use QEMU) under the currently running operating system - Windows or Linux - and then boots a completely separate Linux operating system inside the emulator. This emulated Linux environment is configured to only store data on the USB memory stick, so there is no danger of inadvertently leaving security-sensitive data on the host machine which may be your computer, or it may be someone else's computer. Unfortunately the reality is not so great. The performance of the Linux session running in the emulator is pretty poor - for example, using Firefox in the emulated session to access and interact with some Web-based forms via HTTPS (SSL/TLS) was barely acceptable on a 2.4GHz Pentium 4 machine (running Windows XP as the host OS). Still pretty cute to have a Linux session running under emulation in a window under on a machine booted with Windows XP. This has several implications: A) It provides an excellent environment for accessing privacy-sensitive Web sites, such as one's bank accounts, or one's Web-based EHR. It is a much under-appreciated fact that the biggest security vulnerability with Web-based applications is the client-side browser and all the information it leaves behind, such as cache files, cookies, stored passwords and other automatic form fill-ins. Things like Google Desktop Search (see http://desktop.google.com/ ) now make it incredibly easy to access all this stored-or-captured but not-directly-visible information. If you always use the same computer, and you are the only person to use that computer, none of this matters too much, but that situation is quite rare. At the very least, every computer is in some danger of being lost or stolen at some stage. Yes, you can use an encrypting filesystem to protect every file stored on a machine, but how many of us actually do that? Up until now, it has been possible to use a bootable Linux distribution like Knoppix or one of its many derivatives to overcome this problem, by storing all data on removal media like a USB memory stick. Knoppix provides excellent facilities for doing this, including encryption of the entire data partition on the USB stick. However, the need to reboot into the Knoppix or similar environment is often inconvenient - you need to close what you are doing, and if it is not your computer, the owners often get a worried look on their faces when they see a strange version of Linux booting on their machine. This Virtual Privacy Machine overcomes these objections. Despite the performance issues, I think there may still be some promise in this approach. However, I am beginning to think that specially customised versions of Firefox which leave no traces of a browsing session might be a better bet. Such browsers would have to be resistant to the techniques which allow things like Google Desktop Search to capture every page browsed via an encrypted (HTTPS, SSL/TLS) browsing session in Internet Explorer (discovering that Google Desktop Search could do that was a real eye-opener to me). B) PKI key generation, storage and use. There have been two broad choices for the generation, storage and handling of PKI keys and certificates until now: i) generation, use and storage of the keys/certificates on a general purpose computer - thus exposing the private keys to possible compromise via all the security holes and flaws present in general purpose computers used for everyday things. ii) Generate, store and process the private keys/certificates on a device which has an embedded processor and special-purpose operating system and software (typically a dongle, memory card or stick) - all access is via an API, and private keys are never transferred to the host computer. Typically a password is also needed to unlock the private keys on the cryptographic hardware module. Disadvantages of this approach include the cost of the special
RE: Virtual Privacy Machine
From: GPCG Talk List [mailto:[EMAIL PROTECTED] On Behalf Of Horst Herb Sent: Friday, 22 October 2004 9:53 AM To: [EMAIL PROTECTED] Subject: [GPCG_TALK] Virtual Privacy Machine The seems to resolve many of our security problems arising from inadequate choices of software and operating system: http://pvpm.metropipe.net/ I will review it and comment when I am finished, but this looks like something EXTREMELY promising, and might even be expanded to a complete electronic heath record system on a USB stick (not just the data, but the software to view and modify the health records as well) Yes, this is extremely clever and extremely interesting. The innovative part is that it does not require you to reboot the computer into which you plug the USB memory stick. Instead, it loads a CPU emulator (they use QEMU) under the currently running operating system - Windows or Linux - and then boots a completely separate Linux operating system inside the emulator. This emulated Linux environment is configured to only store data on the USB memory stick, so there is no danger of inadvertently leaving security-sensitive data on the host machine which may be your computer, or it may be someone else's computer. This has several implications: A) It provides an excellent environment for accessing privacy-sensitive Web sites, such as one's bank accounts, or one's Web-based HER. It is a much under-appreciated fact that the biggest security vulnerability with Web-based applications is the client-side browser and all the information it leaves behind, such as cache files, cookies, stored passwords and other automatic form fill-ins. Things like Google Desktop Search (see http://desktop.google.com/ ) now make it incredibly easy to access all this stored-or-captured but not-directly-visible information. If you always use the same computer, and you are the only person to use that computer, none of this matters too much, but that situation is quite rare. At the very least, every computer is in some danger of being lost or stolen at some stage. Yes, you can use an encrypting filesystem to protect every file stored on a machine, but how many of us actually do that? Up until now, it has been possible to use a bootable Linux distribution like Knoppix or one of its many derivatives to overcome this problem, by storing all data on removal media like a USB memory stick. Knoppix provides excellent facilities for doing this, including encryption of the entire data partition on the USB stick. However, the need to reboot into the Knoppix or similar environment is often inconvenient - you need to close what you are doing, and if it is not your computer, the owners often get a worried look on their faces when they see a strange version of Linux booting on their machine. This Virtual Privacy Machine overcomes these objections. B) PKI key generation, storage and use. There have been two broad choices for the generation, storage and handling of PKI keys and certificates until now: i) generation, use and storage of the keys/certificates on a general purpose computer - thus exposing the private keys to possible compromise via all the security holes and flaws present in general purpose computers used for everyday things. ii) Generate, store and process the private keys/certificates on a device which has an embedded processor and special-purpose operating system and software (typically a dongle, memory card or stick) - all access is via an API, and private keys are never transferred to the host computer. Typically a password is also needed to unlock the private keys on the cryptographic hardware module. Disadvantages of this approach include the cost of the special-purpose hardware device, and the fact that they are proprietary, which means you must trust the manufacturer to have gotten everything right - and there are several examples where this has not be the case. However, this Virtual Privacy Machine seems to offers an interesting middle path between the two: two-factor security due to the physical device (the USB memory stick) which one must possess, as well as a password to unlock it; and, as the name implies, a virtual private environment in which to do cryptographic and other processing - sure you are still using the host computer's CPU - but nothing else - in particular you are not using (and thus having to trust) the host computer's operating system or other files, and you are not using its hard disc. The real advantage is that the hardware part is a commodity item - any USB memory stick will do - and these are now very cheap - as opposed to a proprietary cryptographic device which tends to be expensive due to their low volume. Add to that the open source nature of the software components, and the fact that the system is far more general-purpose than a cryptographic device, and it has to be a winner. I think that government agencies and other organisations which are promoting both Web-based access to
RE: web based applications and PRINTING
From: Heitzso [mailto:[EMAIL PROTECTED] Sent: Tuesday, 19 October 2004 8:08 PM To: [EMAIL PROTECTED] Subject: Re: web based applications and PRINTING Web printing 'was' notorious difficult for quite awhile, from the developer's point of view as well as the user's. The primary reason was at first the lack of tools at the disposition of the webscreen designer, then later, the lack of faithful implementation of CSS (cascading style sheets) standards by the browser makers (ie, IE). This technical hurdle doesn't really exist anymore since (most) standards are fairly well integrated now and new ones have evolved rapidly to keep pace with needs. Couple of months ago I tried to use CSS instead of nested tables to control simple text placement. No way could I do that -- then current (Aug '04) IE and Mozilla (also tested Opera) implemented basic CSS text positioning differently. Hair pulling out time and/or beating head against wall time. I'm guessing everyone is still using nested tables to position text as a least common denominator instead of doing it the correct CSS way. Anyway, I'm flagging that CSS is not at all implemented consistently across browsers. I'm not saying that by using some subset of CSS that you couldn't get it to work to print pretty pages, but if you go into CSS cold with a book in hand about how you are supposed to format pages with CSS be prepared for a rude awakening. Yes, that is our experience too - CSS works OK across browsers for setting fonts and colours, and for supressing things like buttons and other widgets when printing a page, but using it for complex page layout leads to days of wasted time trying to sort out differences and bugs in the way browsers render syntactically and semantically correct CSS code. Out of IE, Mozilla/Firefox and Konqueror/Safari, often the best we could do was to achieve a satisfactory result (using CSS for layout) in 2 out of 3, with the odd one out different each time. That's not to say CSS is useful. Tim C
Re: Re: CPOE time studies.
Horst Herb [EMAIL PROTECTED] wrote: On Fri, 15 Oct 2004 23:34, Nandalal Gunaratne wrote: However it is great for short notes on mobile devices. The trouble is that they have tiny screens and I am over 40 :( So am I (over 40 :( ) One of the main reason for choosing a Zaurus as PDA (apart from having a proper operating system and running all my favourite Linux application natively) is the brilliant and crisp 640x480 screen of my SL-860 Where did you buy it, Horst? Are they available locally? Tim C
Re: Re: Re: CPOE time studies.
Tim Churches [EMAIL PROTECTED] wrote: Horst Herb [EMAIL PROTECTED] wrote: On Fri, 15 Oct 2004 23:34, Nandalal Gunaratne wrote: However it is great for short notes on mobile devices. The trouble is that they have tiny screens and I am over 40 :( So am I (over 40 :( ) One of the main reason for choosing a Zaurus as PDA (apart from having a proper operating system and running all my favourite Linux application natively) is the brilliant and crisp 640x480 screen of my SL-860 Where did you buy it, Horst? Are they available locally? Whoops! Sorry, was meant only for Horst, not the list. Tim C
RE: freenx
From: David Guest [mailto:[EMAIL PROTECTED] Sent: Sunday, 17 October 2004 1:02 PM To: [EMAIL PROTECTED] Subject: Re: freenx | I am having trouble getting Tim's NX technology to tunnel, however, | due to some ssh reverse lookup security issues. I RTFMed and it works without problem. http://www.linuxcompatible.org/print33481.html makes it pretty straight forward. How well does it seem to perform, compared to VNC or TightVNC? Better performnce over slower connections seems to be FreNX's main drawcard. Tim C
Dasher (was Re: CPOE time studies.)
On Fri, 2004-10-15 at 00:12, Nandalal Gunaratne wrote: Andrew, I want you to look at http://www.dasher.com I downloaded and tried the latest version of dasher under GTK on linux - it is even better now. I would dearly love to have dasher on my mobile phone (cell phone) - it would be vastly superior to the usual abc (cycling letters) and T9 (predictive letters) methods of entering text, which are slow, cumbersome and hard on the thumb. I suspect it would be much better that the Graffiti handwritten letter recognition system used on my PalmPilot too. If it is good on a PalmPilot, then it would be good on other PDAs. The question of whether it is suitable for entering notes and orders in a clinical application, which is used on ward rounds and in other time-pressured settings (all of clinical medicine and nursing is time-pressured...) really needs to be answered with some formal, empirical trials. The really nice thing is that it is an open source product. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Issue of freedom and migration, Re: CPOE time studies and a word from the other side.
On Wed, 2004-10-13 at 19:28, Nandalal Gunaratne wrote: I am not sure about these arguments. Migration is one issue as it is a possible permanent loss of a skilled person from one country to another. There is a loss of British, Australian, Austrian and others who also move to the USA for example. This is promoted by the USA too. The number of British scientists who have been recruited in such a manner to the US is well known. Do you think the British have not lost? Yes, but countries like Britain and Australia are better able to make up that loss than less wealthy countries. That was my point. The other problem is that the skilled medical or others in the poorer countries are not given the facilities to work. They can be thoroughly frustrated as a result. Their knowledge and skill is NOT appreciated in their own country. They maybe too qualified and skilled for the country of their origin. They try really hard to do something useful but nobody cares to help - particularly the administrators. Sure. But the solution to that problem is not for rich countries to try to attract these disaffected health professionals to migrate. The solution is more aid to help build and/or reform the health systems in poorer countries. They can be lost to their own citizens. What if some other country can make use of them to help their own people, and they want to have a better health care system, and can and will give them the conditions they need to work to the best of their skill and knowledge? Must they be lost to everyone? See above. Take away migration. Many of them do NOT want to migrate, They want to work w few years in another country which will allow them to improve their skills and knowledge and also earn enough to save something and go back to their own country. This is good for both countries. If this is encouraged and made easier to do, but migration is not, then neither side will lose. Sure, I have no problem with that, as long as it is not a permanent loss. Nor am I in favour of banning migration of skilled professionals from poorer countries to richer countries. I am just against richer countries actively promoting and assisting such migration flows. Tim C Nandalal On Wed, 2004-10-13 at 05:41, Andrew Ho wrote: On Tue, 12 Oct 2004, Karsten Hilbert wrote: When the UK, Canada or Australia recruits such a person to work in the UK, Canada or Australia, do they reimburse the South African government for the cost Double standard you use. No. Or rather, yes. Question is WHY a double standard is used. Tim believes applying a double standard is the morally right thing to do in this particular situation. This discussion needs to include consideration of personal freedom and discrimination (or preferential treatment) based on country of origin. Indeed, and our argument is that there should NOT be preferential treatment, through active recruitment and assisted migration, of skilled health care professionals from needy countries to wealthy countries. I think we are in violent agreement. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Issue of freedom and migration, Re: CPOE time studies.
On Wed, 2004-10-13 at 05:41, Andrew Ho wrote: On Tue, 12 Oct 2004, Karsten Hilbert wrote: When the UK, Canada or Australia recruits such a person to work in the UK, Canada or Australia, do they reimburse the South African government for the cost Double standard you use. No. Or rather, yes. Question is WHY a double standard is used. Tim believes applying a double standard is the morally right thing to do in this particular situation. This discussion needs to include consideration of personal freedom and discrimination (or preferential treatment) based on country of origin. Indeed, and our argument is that there should NOT be preferential treatment, through active recruitment and assisted migration, of skilled health care professionals from needy countries to wealthy countries. I think we are in violent agreement. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: browser vs. desktop, was Re: access keys, was Re: physician prescribing tool development
On Wed, 2004-10-13 at 06:12, Andrew Ho wrote: On Tue, 12 Oct 2004, Karsten Hilbert wrote: ... In the meantime, I wonder what are the critical differences that impede your efficiency? A browser cannot access card readers unless quite sophisticated add-on code is installed locally. Karsten, What about USB-accessible cards? Most operating systems have built-in support to read from these. Yes, but Karsten's excellent point is that in order to use such resources, you need to give the browser-based application (as opposed to the browser itself) a degree of autonomous access to your local filesystem. Such a degree of access might be acceptable for certain, trusted Web applications, but certainly isn't acceptable for any and every Web site or application which you might load into your browser. AFAIK, browsers do not provide the ability to allow certain privileges (such as access to the local filesystem or a special peripheral like a smartcard) for only some Web sites (which would need to be positively authenticated with a PKI certificate, to guard against spoofing), while disallowing access to the same resources to other Web sites or browser applications. In other words, Web browsers are promiscuous. That's OK, as long as they are configured to always engage in safe sex. Currently, it is not possible to configure a browser to discard the condom only with certain Web sites or Web applications. Or perhaps you know a way of making the commonly deployed browsers do that, securely? Desktop applications can just as easily (if not even more easily) compromise system security. Yes, true. But there is a far more deliberate step needed to install a desktop application, whereas with a browser, you just type in a URL, click on a link, or worse, some Javascript silently sends your browser to some malware site. That's why any application or code running in a Web browser need to have very limited access to your local system. Note that I am not against Web-based applications, even for collecting data, as well as just displaying it. They have their place. But I agree with Karsten regarding their necessary limitations. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Re: physician prescribing tool development
Daniel L. Johnson [EMAIL PROTECTED] wrote: On Sat, 2004-10-02 at 04:31, Karsten Hilbert wrote: ...snip... What I want to say is that I don't think a browser is the best choice for a prescribing client. I believe that the browser is useful for development because it minimises the time spent on developing the presentation layer and can be platform independent. (Once the engine is built, you can spend all the time you have at your disposal on developing and tweaking the presentation layer to make the user efficient or to impress the top brass.) Dan, That's true in theory but alas, not always the case in practice. Our experience is that a lot of time is wasted trying to work around the limitations of HTML, and/or dealing with the differences in which the various browsers (and versions of browsers) interpret HTML and CSS. And don't get me started on Javascript and the differences between the DOMs used by different browsers. Much of this grief can be avoided by avoiding Javascript and some aspects of HTML and CSS, but the first thing anyway says about the resulting applications is Gee it would be nice if they were a bit more interactive..., or Gee, its a bit slow (because in the absence of extensive use of Jvascript or embedded Java, every single interaction involves a round-trip to the Web server). Tim C
Re: Re: physician prescribing tool development
Adrian Midgley [EMAIL PROTECTED] wrote: I'm more and more impressed with thin clients - whether VNC or rdesktop or some variant of X over ssh. FreeNX (see http://www.kalyxo.org/twiki/bin/view/Main/FreeNX ) and/or the NX nomachine protocol on which it is based (see http://www.nomachine.com ) is also worth looking at. I believe the latest version of the bootable Knoppix CD-ROM Linux distributaion includes FreeNX - haven't tried this yet, but I hear it is very fast even over low-bandwidth and highish latency networks. Tim C
Re: Re: browser vs. desktop, was Re: access keys, was Re: physician prescribing tool development
Andrew Ho [EMAIL PROTECTED] wrote: On Tue, 13 Oct 2004, Tim Churches wrote: On Wed, 2004-10-13 at 06:12, Andrew Ho wrote: ... Karsten, What about USB-accessible cards? Most operating systems have built-in support to read from these. Yes, but Karsten's excellent point is that in order to use such resources, you need to give the browser-based application (as opposed to the browser itself) a degree of autonomous access to your local filesystem. Tim, Why is it necessary for the browser to have autonomous access to any local file system? It may be sufficient for the end-user to be prompted for permission to upload an authentication token from the USB device to the web-server. If you are using any form of PKI-based authentication, then the application needs to do some computation using the private key (or to cause such computation to be done via an API in the case of a smart dongle or smartcard), and then upload the results. So you are still left with the issue of how your browser based application does those computations. Most **browsers** have facilities to use PKI certificates for authentication purposes, but not applications running **inside** those browsers. At least I think that is the case - perhaps others could comment on this. In the case of OTP (one-time password) schemes, there is usually some API for extracting a value from the device. Likewise for secure smartcards designed to hold EHR/EMR data. In other words, authentication or data management which involves a smartcard or other external device is rarely as simple as the user picking a file to be uploaded to a Web server. Tim C
Re: access keys, was Re: physician prescribing tool development
On Mon, 2004-10-11 at 16:59, Andrew Ho wrote: On Sun, 11 Oct 2004, Tim Churches wrote: ... Different effects in different browsers when you press a given access key for a given Web page could lead to grief. Tim, 1) This is no more grief than having different buttons on different web pages. It is when **the same application** behaves differently with different browsers. 2) Different desktop applications also support different hot keys (=access keys). Sure, but that is not analogous. If you re-read the Web page to which you referred, you'll see that the same hot-key keystrokes in the same Web application but under different browsers will result in different actions. The main difference is between IE behaviour and netscape/Mozilla/Firefox behaviour with respect to access keys for radio buttons, checkboxes and submit buttons. Now that Firefox is becoming rightly popular amongst Windows users, it seems to me that these differences have the potential to cause confusion. Of course, if all the users of your Web app always access it from the same browser, then it is not an issue, but if you can be sure of that, then a desktop GUI app might have been a better bet. Nevertheless, the access key attributes are useful to know about, and we may find a limited use for them. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: access keys, was Re: physician prescribing tool development
On Tue, 2004-10-12 at 03:43, Andrew Ho wrote: On Mon, 12 Oct 2004, Tim Churches wrote: On Mon, 2004-10-11 at 16:59, Andrew Ho wrote: ... Tim, 1) This is no more grief than having different buttons on different web pages. It is when **the same application** behaves differently with different browsers. Tim, No matter how different each web-browser behaves, it is no worse than running different desktop applications, each with their own unique interface and features. OK, whatever you say. Going back to what Karsten said, browser features such as access keys (and XUL) allow browser-accessible applications to emulate functionalities of desktop applications. As this trend continues, web-based EMR systems will become increasingly useful. If everyone's browser was based on Mozilla, then XUL would be great. But the reality is that Mozilla-based browsers are never going to gain more than 50% of the market, and probably somewhat less. Thus to support XUL-based applications, you then require prospective users to install Firefox or Mozilla. That's probably a good thing for them to do anyway, but the whole idea of Web aps is that they run on a thin client (the browser) which users are very likely to already have installed. If you require them to install a new browser, then might as well give them a package of, say, wxWindows and Python, to install so your app can use a rich, fully-fledged GUI (although XUL doesn't leave much out). At this stage, there really is no one, right answer to the question of the best development and deployment platform for open source applications. And we haven't even mentioned Mono for .NET. C# is actually a reasonable language, and things like IronPython will make .NET even more attractive. But I worry that Microsoft will play its patent card(s) against free, open source implementations of .NET 2) Different desktop applications also support different hot keys (=access keys). Sure, but that is not analogous. If you re-read the Web page to which you referred, you'll see that the same hot-key keystrokes in the same Web application but under different browsers will result in different actions. There are several ways to resolve this issue. We encountered the same situation with using SVG for making graphs and diagrams in the OIO system. Our solution is to recommend using Mozilla with SVG built-in. :-) Once again you've found the answer to the problem. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: access keys, was Re: physician prescribing tool development
On Mon, 2004-10-11 at 04:21, Andrew Ho wrote: Would new browser features such as access keys (http://www.cs.tut.fi/~jkorpela/forms/accesskey.html) change your opinion? Reading through that page, I became less and less enthusiastic as the differences in implementation and behaviour of access keys in different browsers were described. Different effects in different browsers when you press a given access key for a given Web page could lead to grief. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Unicamp study/benchmarking: Postgres, Firebird/Interbase, Oracle and Mysql
On Mon, 2004-10-11 at 07:34, J. Antas wrote: Prof. Cardoso Guimares(*), author of the book Fundamentos de Bancos de Dados (Database Fundaments) just published the results of a DBMS benchmark including: Postgres, Firebird/Interbase, Oracle e Mysql. Surprisingly (or not) PostgreSQL was the best performer. No surprise. Has anyone (else) been testing the PostgreSQL V8 beta for Windows? For us, so far so good, but we have yet to do any torture tests. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Access keys
Andrew McNamara [EMAIL PROTECTED] wrote: Yes, would need to investigate how they work with current crop of browsers - could be a source of grief if very inconsistent behaviour between browsers. The business about IE using many of the hotkeys itself, but that accesskeys redirect these to the web page strikes me as a nasty security problem, to be honest (web page based javascript then gets to intercept key presses that the user expects to reach the browser unmolested). A very good point, if in fact the ACCESSKEY hooks are accessible via the browser DOM. Does anyone know if this is so for IE and/or Mozilla/Firefox? Tim C
Re: CPOE time studies.
On Wed, 2004-10-06 at 02:16, will ross wrote: We're agreed on the ultimate goal of capturing the data as standardised fields rather than rasters of handwriting. However, I know of one local clinic where the latter is a milestone en route to the former. Combining transcription saved as text files with scanned lab reports and other handwritten documents, they now have a complete offsite backup of their entire paper charts, including patient signatures captured on HIPAA forms in pdf. Is it searchable like an EHR? No. Is the electronic chart primary? No, the paper chart remains primary. But perhaps more importantly, they have internalised in their clinical documentation workflow a key interim step towards a future dependency upon electronic data storage and retrieval. They are now fluent in backup archives, and this is before thinking about EHR. When they finally jump to EHR in a few years, they will have an easy walk to the next milestone compared to their sister clinics which don't currently scan documents, are still all paper and have limited experience with data backups. Yes. Many general practices here in Australia which operate EMRs are forced to scan correspondence and reports, particularly letters from specialists, and then store the scans in an electronic archive, usually linked to the main EMR by a unique patient ID number and/or name (and store the original paper copies in a filing cabinet or other physical archive, which is rarely consulted). Everyone agrees that retreival of scanned documents is much more efficient, but there is much debate about the best way of doing the scanning, linking and archiving in the least disruptive manner possible. Everyone looks forward to a time when all reports are received in encrypted electronic form - if not as HL7 messages, then at least as word processor or PDF documents. Alas, the uptake of a national PKI for health has been slow, but there is at least an excellent open source, fully-supported, HL7-aware, secure communications gateway system available to practices - see http://www.argusconnect.com.au/ The majority of path labs now offer results in electronic form, as do some radiology and imaging services. Government sponsorship of broadband (well, 256k ADSL connections at least) for general practices will mean that more practices will be interested in receiving everything in electronic form. Still a way to go, and scanning in paper reports will still be an unavoidable nuisance for the next 3 to 5 years, it seems. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Issue of freedom and migration, Re: CPOE time studies.
On Tue, 2004-10-05 at 20:11, Calle Hedberg wrote: Finally, just to put the focus back where it started: One key difference between countries with far too few doctors - but often easier access to e.g. admin staff (South Africa has 40% unemployment rate, many of them matriculants that could fill admin positions) - is that it makes little sense to increase doctor workload but decrease admin workload. It makes more sense to do the opposite, and I think that's one reason why most EHR systems don't work well here - they are tailored for health systems with a much higher density of doctors. So while we might regret excessive brain-drain, it is not likely to change much in the short term. What needs to change is the design and focus of EHR systems in societies with already over-loaded health personnel. These are excellent points, and in such contexts handwriting recognition software is not the issue - rather it is designing paper forms in a way which maximise the ease of use by health care professionals, and minimise transcription errors when admin staff keypunch the information captured on them. There may be lessons to be learnt from other industries which also still thrive on paper forms filled out by clients and sales agents - such as the insurance industry. Has anyone done any RD into voice recording for health information systems, I wonder? Certainly there are highly developed dictation systems for radiologists and procedural specialists (such as endoscopists) who need a hands-free recording capability. Some of these systems even use voice recognition as opposed to a human typist. I recently borrowed a solid state MP3 player with 256MB of flash memory to record a seminar session with its in-built microphone. I was impressed by the quality of the recording, and many hours could be squeezed on to the device (even more if voice-specific compression algorithms like Speex were used). Might a cheap, ruggedised version of these devices designed specifically for voice recording might find application in healthcare settings in the two-thirds world? -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: CPOE time studies.
On Tue, 2004-10-05 at 08:01, Calle Hedberg wrote: Otherwise, I've just read the last annual HIV prevalence survey (survey in November 2003) for pregnant women: On average 27.5% for South Africa, with provincial rates ranging from about 13% to 37%. Not the first time I've seen such figures, but I am nevertheless dumbstruck by the size of the tragedy and enormity of the task ahead each time I am confronted with these data. This web site also helps to put things in perspective: http://costofwar.com/index-aids.html (the cost of Australia's direct participation in the Iraq war is thought to be about AUD$500 million over an 18 month period - a small proportion of the US cost, but nevertheless 25% of the total annual Australian foreign aid budget - which itself is way too small at just 0.25% of GDP). Add to that the fact that UK, Canada, Australia and other countries systematically poach doctors and nurses from SA (we have over 30,000 vacant nurse positions now) - the impact on workload should be obvious. Yes, and it is a totally unconscionable trade in human resources. It's okay for rich countries to fight amongst themselves for trained health staff, but plain wrong for them to actively drain such resources from countries with enormous needs. Just another aspect of the enormous rich/poor imbalance in the world. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Issue of freedom and migration, Re: CPOE time studies.
On Tue, 2004-10-05 at 09:47, Andrew Ho wrote: On Mon, 5 Oct 2004, Tim Churches wrote: On Tue, 2004-10-05 at 08:01, Calle Hedberg wrote: ... Add to that the fact that UK, Canada, Australia and other countries systematically poach doctors and nurses from SA (we have over 30,000 vacant nurse positions now) - the impact on workload should be obvious. Yes, and it is a totally unconscionable trade in human resources. Calle and Tim, Why is it unconscionable to freely trade human resources? It is unconscionable because the rich countries do not pay a fair price for the very valuable human resources they are encouraging (and helping) to migrate to their countries. For example, it probably costs the South African government (and hence the South African people) between US$50,000 and US$150,000 to train a medical student through to being a specialist physician or surgeon. When the UK, Canada or Australia recruits such a person to work in the UK, Canada or Australia, do they reimburse the South African government for the cost of that training, plus the much greater opportunity cost of having to train a replacement over a ten year period? No, they don't. That situation seems unconscionable to me, especially when the relative need for trained health staff in South Africa is so much greater than in the UK, Canada and Australia. - begin quote The German free-market economist Wilhehm Roepke once suggested that modern nationalism and collectivism have, by the restriction of migration, perhaps come nearest to the servile state . Man can hardly be reduced more to a mere wheel in the clockwork of the national collectivist state than being deprived of his freedom to move - end quote from In Defense of Free Migration, Richard Ebeling, The Future of Freedom Foundation http://www.fff.org/freedom/0691b.asp Sorry, all that laissez-faire, totally free-market, right-wing libertarianism stuff is wasted on me. I unapologetically believe that the state has a role and responsibility to help redistribute wealth from the rich to the poor. It's okay for rich countries to fight amongst themselves for trained health staff, I see. There are different kinds human beings: those born to rich countries and those born to poor countries? That's the unfortunate but undeniable reality of the world today. The key is for governments and individuals to act in ways which reduce those disparities, not increase them. And it is _harmful_ to offer the same opportunities to individuals from poor countries? It is harmful for governments of rich nations to actively recruit and to facilitate the migration of desperately needed, expensively-trained individuals from poor countries. As we all know, major motivation for free software is to increase freedom and lower costs. If vendor lock-in impedes progress and adds to information costs, country-of-birth lock-in carries even higher human and economic costs. Neither Calle or I, or anyone else, have suggested that people be prevented from migration. The argument is against active recruitment and facilitated, preferential immigration programmes for skilled health care personnel from poorer countries to richer countries. It is morally wrong. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Issue of freedom and migration, Re: CPOE time studies.
On Tue, 2004-10-05 at 14:21, Andrew Ho wrote: Needs typically exheed the ability to fill the need; this is called scarcity in economics, please read: http://www.socialstudiesforkids.com/articles/economics/scarcityandchoices1.htm With greater scarcity, each unit of goods/service will command a higher price. In a free market, the higher price will eventually cause increased availability of the goods/services and reduction of scarcity. Yes Andrew, eventually, and in theory, but in the meantime who provides health care for the huge numbers of HIV +ve people in Africa? Neither Calle or I, or anyone else, have suggested that people be prevented from migration. ... ok - as long as you are not advocating discrimination based on country-of-origin. No, we are against active recruitment and facilitated migration of trained health professionals from needy countries to wealthy countries. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
FOSS at MedInfo 2004?
MedInfo 2004 has come and gone, almost unnoticed on this list. Does anyone have any reports of FOSS events, activities or talks at MedInfo 2004? We have ordered the complete set of audio files (in MP3 format on a CD-ROM - great idea) but it will be weeks before it arrives (and months before I have listened to them). A soon-to-be-formed open source working group of HISA (Health Informatics Society of Australia) will be organising one or more events at and/or surrounding MedInfo 2007 in Brisbane, Australia. Any Aussies interested in joining a HISA open source group should contact me. Tim C
Re: California can no longer ignore open-source software
On Sat, 2004-08-14 at 03:33, Andrew Ho wrote: Saw this on Slashdot today: http://it.slashdot.org/it/04/08/13/1317236.shtml?tid=103tid=117tid=185tid=98 The link to the California Performance Review recommendation: http://www.report.cpr.ca.gov/cprrpt/issrec/stops/it/so10.htm The California Performance Review lists over 1200 recommendations that aim to save the state $32 billion over the next 5 years and guide California's government into the 21th century. I think it is highly significant that SO10 (10th recommendation for statewide operations) lists open source. Yes, similar recommendations with respect to FOSS use in public administration are appearing all over the place. Here are two recent news reports about FOSS use in state government of New South Wales, Australia: http://tinyurl.com/7xbvn http://tinyurl.com/66mrb -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Complete country-wide open source medical systems installation in 90 days
On Tue, 2004-07-13 at 21:34, Calle Hedberg wrote: I would not use the term simple about some of the querying, I said that MySQl was noted for its speed with fairly simple queries, not that your system only used simple queries. (and platform independence - one reason for not really considering PostgreSQL up to now because it's not stable/efficient on windows) This fact has led to PostgreSQL being passed over for many, many applications. Let's hope the native Windows version really does eventuate with v7.5 in a few months. Neither of the PostgreSQL ports to Windows which we have stress tested have been stable (they work fine under load for a few hours but then start to lock up), whereas PostgreSQl on linux and unix is bulletproof. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Complete country-wide open source medical systems installation in 90 days
On Wed, 2004-07-14 at 01:37, Adrian Midgley wrote: On Tuesday 13 July 2004 12:34, Calle Hedberg wrote: ... platform independence - one reason for not really considering PostgreSQL up to now because it's not stable/efficient on windows) A local publisher has a large database (their description) running on PostGreSQL on Windws via the CygWin layer. Says its stable... I bet they haven't tested it with a hundred thousand transactions per hour. That's what we did, and it failed after a few hours, repeatably. Maybe we set it up wrongly. PostgreSQL on Linux didn't even raise a sweat and probably would have kept chugging away for months or years. Hopefully the forthcoming native port of PostgreSQL on Windows will be as reliable - I expect it will be by the end of 2004. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Complete country-wide open source medical systems installation in 90 days
On Wed, 2004-07-14 at 01:35, Calle Hedberg wrote: Wayne, I have seen far too many systems over-specified and operating practices overly elaborate not based on any functional evidence, but based purely on theoretical considerations allowing no compromises to be made. Theoretical considerations, taste, personal experiences, prejudice - far too many IS developers in this world are not very good at CULTIVATING information systems. I'm using the term cultivating as in a sliding scale from building via developing to cultivating, with building being the traditional software engineering approach and cultivating being the long term nurturing and organic growth of health info systems in a real-world jungle of organisational/cultural/political contexts. Agree that the organisational IT milieu (or in many cases, IT miasma) needs to be taken into account... Developers also tend to get attached to their own tools and designs more firmly than many other professions - secretaries don't get emotionally attached to their filing cabinets the same way many developers are attached to a specific DBMS ;-) ...but on the other hand, the DBMS is a critical part of any system, and I have seen many tears before bedtime, amongst the secretaries as well as the developers, and everyone else too, when the DBMS doesn't work as it is supposed and data is lost or corrupted. Much rarer now than in the bad old days of file-based databases (dBase, MS-Access etc), but it still happens. So yes, developers and system cultivators do form close, personal relationships with DBMSes which have stood the test of time. Could be a male bonding thing, of course... I'll take a fast, reliable DBMS running on a big 4-way SMP server with oodles of 15k rpm RAIDed SCSI discs over a red Ferrari any day. Brrrmm, brrmmm. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: [Fwd: [GPCG_TALK] ANNOUNCEMENT: Release of Argus under open source]
On Tue, 2004-07-13 at 00:00, Adrian Midgley wrote: On Monday 12 July 2004 09:01, Tim Churches wrote: This may be of interest to Openhealth list subscribers. ... from the release announcement ... The CVS is at present only 'download enabled' so you can only read and download the source but not upload any of your development work at this time. In the future, it is expected that developers who want to utilise the CVS will apply for a password and 'manage' their work as a project under the CVS with assistance from Foundation or ArgusConnect development staff. ... I can see why they feel a need for this, for accountability reasons that probably apply or need an equivalent solution in any healthcare project that will eventually run into regulatory oversight. Most successful FOSS projects restrict who can check code into the CVS, and then have a review mechanism before that code is merged with the main tree. That's certainly the way Linux kernel development proceeds, as well as development of the Python language. Seems sensible to me. But any community that developes, or perhaps in order to develope a community one would need a means of feedback and sharing of code modifications, which would amount to another parallel CVS... CVS access is not all or nothing - contributing developers can be given access to part of a CVS tree. If they are not happy with that, then they can fork the project and establish their own independent code base. I think it is good news and I'm pleased the project is not lost, but I think there is at least that one general problem to be solved for this and similar projects. Let's see, but given the fairly specialised nature of the code, I don't think there will be any practical problems with regard to collaboration. The biggest problem will probably be lack of collaboration, since fairly high level Java skills are needed to contribute code. However, I think they will gain through having an army of now willing testers, and possibly documentation and training material writers. None of us AFAIK have done any of the work, and the conditions of the GPL appear to have been satisfied, therefore this and I hope any other comment should be seen as comment and on a theoretical point fo general relevance, not as criticism of the decision or release method. It is a good example of a project which was primarily publicly-funded (about 65%), but which, contrary to previous understandings, was under no contractual obligation to open source. But they did anyway, recognising that as a way to distinguish themselves in the local secure health communications market, where they are competing with a somewhat larger and better established company which offers a proprietary message delivery service (which includes their own proprietary software clients). Of course, Argus hope that 99% of their users will opt to pay for the supported version of their product (and most users would be crazy not to do so), but now everyone is much happier about going with the product of a small company, knowing that the product is open sourced. I'll endeavour to provide progress reports on Argus to this list from time-to-time. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Complete country-wide open source medical systems installation in 90 days
On Tue, 2004-07-13 at 02:06, Karsten Hilbert wrote: Calle Hedberg wrote: The Health (Management) Information Systems Programme I'm working with now covers wholly or partially countries/states with around 200 mill people. We are moving towards DBMS independence for our solutions, but MySQL at the moment seems to be the logical FOSS option (many states/provinces are already using ORACLE, MS SQL or DB2, so it obviously makes sense for them to host health data in the same DBMS). I am completely baffled as to why this makes MySQL the logical FOSS option ?!? Somewhere on the MySQL web site there is a history of their product, which reveals that they originally built it purely for decision support purposes (i.e. reporting and analysis). Indeed the design and feature set of MySQL up to v3.x reflects this type of work, in which data is usually collected by other systems, and then bulk-loaded or otherwise assembled in batches into the decision support database. The emphasis is on the speed of fairly simple queries. My understanding of the Health (Management) Information Systems Programme with which Calle is involved is that it is a system which collects and aggregates summarised and unit record data collected by clinics, community health centres, hospitals and other health care facilities into a local or regional decision support database. Is that correct, Calle? If so, then MySQL is a good choice. For systems, such as GnuMed, which are designed to be primary data collections, then a database with much better and well-proven transaction processing capabilities, such as PostgreSQL, is a better choice. MySQL is adding such facilities in V4.x and v5.x, but PostgreSQL has had them for over a decade, so for now, I know which one I would prefer to use for the collection of primary, transactional data. But for secondary data, MySQL is fast and reliable. BTW, MySQL seems to have become popular for the first generation of Web sites because data-driven Web sites are typically very read-intensive, and MySQL reads data very quickly. The few updates required in first generation data-driven Web sites also tended to be fairly simple. But now people want to do much more complex (primary) data collection through the Web, such as building EMR/EHRs, which is why MySQL is under pressure to add transactional processing capabilities. I dare say that it's transactional capabilities will mature quite quickly, given the size of its user base. Then we'll have at least two mature transaction-capable FOSS databases. And there is also Firebird (previously Interbase) and SAPdb (or is that part of MySQL now). And last time we checked, the query speed of PostgreSQL was not far behind MySQL on typical decision support queries - the limiting factor there tends to be disc access speed, not the database, anyway. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: documentation gap, was Re: medical systems framework
On Tue, 2004-06-15 at 18:52, Aidan M McGuire wrote: It's a good job the Linux community didn't adopt that strategy ;-) And just about every other successful open source project... Seriously, the code-to-documentation and code-to-test ratios tell you a lot about a project. On Mon, 2004-06-14 at 17:57, Andrew Ho wrote: On Mon, 14 Jun 2004, Aidan M McGuire wrote: ... Documentation is a weak point regarding Zope (although it more to do with the information being hard to find than the information not being there). It's a weak point and there's no excuse for that. Aidan, There are many reasons why the documentation gap exists. Simply put, it is the distance between available software and available documentation. Any mismatch in rate of software change and documentation change lead to a change in the gap. One general solution is to hold back software release until documentation is ready. Another is to write documentation before implementation. Either solution is inferior to the status-quo, IMHO. Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: documentation gap, was Re: medical systems framework
On Wed, 2004-06-16 at 01:50, Andrew Ho wrote: On Tue, 16 Jun 2004, Tim Churches wrote: On Tue, 2004-06-15 at 18:52, Aidan M McGuire wrote: It's a good job the Linux community didn't adopt that strategy ;-) And just about every other successful open source project... Seriously, the code-to-documentation and code-to-test ratios tell you a lot about a project. Tim, That sounds interesting. We are seriously behind on writing documentation for the OIO software. :-) I am curious what that tells you about the OIO project, for example. Um, that you are busy with other things and that writing documentation is a lower priority for you and the other OIO developers than writing code? It is probably more enlightening to survey OIO users with regard to this question. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Security of Patient Data
On Wed, 2004-06-16 at 06:55, Tim Cook wrote: In a report about continuity of care records and electronic medical summary records I found a statement that intrigued me. In Denmark over 90% of GPs offices (and 75% in New Zealand) use their computer systems to electronically send and receive clinical messages such as laboratory results, radiology results, prescriptions, discharge letters, and referrals. If this is truewhat method(s) are the GP's using to prevent exposing private patient data to modification and/or interception by third parties? The following explanation was recently posted on the Australian GPCG (general practice computer group) mailing list by Tom Bowden, CEO of Healthlink, a New Zealand secure electronic messaging service provision company which apparently carries the lion's share of health message in NZ. Tom was answering a previous post which asked for confirmation of how Healthlink operated. I have added some explanation of abbreviations in square brackets, but the quote is otherwise verbatim. All opinions contained in the quote are those of Tom Bowden, not mine. See also my further comments on the issue below the quote from Tom.: --- start quote from Tom Bowden Following is further detail on PKI implementation and related questions from our technical team The comments expressed in your email relating to the security of HealthLink are incorrect. 1. HealthLink does not use PGP. We use a more commercially suitable certificate standard, X509. 2. HealthLink supports the use of digital certificates from a number of trusted certification authorities, including those keys issued by HESA. [HESA is a publicly-owned company operated by the Health Insurance Commission (HIC) of Australia - which provides universal health insurance for all Australians. HeSA's role is to enable secure communications between health providers and HIC by operating a PKI and issuing hardware dongles to service providers to manage their private keys/certificates.] 3. Sending a message using HealthLink a. The message is encrypted using the public key of the intended recipient and signed using the private key of the sender b. The message is sent over a secure, authenticated tunnel to the HealthLink Server Farm c. HealthLink cannot decrypt the message because HealthLink does not hold the private key of the intended recipient (after HealthLink is installed it generates a new private key). Message routing information is included in a clear text message header so that the message can be delivered and tracked - the message payload is encrypted. d. The recipient receives the message, verifies the senders signature using the senders public key and decrypts the message using their private key. 4. Graphic files can be exchanged using HealthLink but cannot be included in a structured message unless the message specification allows for the inclusion of graphics (eg the proposed HL7 radiology standard). We are happy to field further questions. Kind regards Tom Bowden CEO HealthLink Ltd Tel +64 9 638 0670 Mobile +64 21 874 154 - end of quote from Tom Bowden -- My understanding is that Healthlink issues users of its service with proprietary client software which packages information as HL7 and/or XML and/or other formats, encrypts the message payload as Tom describes above, and then uses SOAP and related protocols to send the message via its own servers to the recipient, who must also be a Healthlink client. The Healthlink client software can apparently interface directly with some, but not all clinical information systems/EMRs in common use in NZ and Australia. There is considerable debate at the moment in Australia (or at least on the GPCG mailing list) about the pros and cons of such an approach to the problem of secure, reliable health messaging, versus the approach adopted by a product called ArgusConnect, which also uses the HeSA PKI to encrypt and decrypt message payloads in HL7 or other formats, but which uses SMTP and MIME attachments to transmit the messages to recipients (who may or may not be ArgusConnect users). Typically the Argus software is deployed as an edge server at the interface of local networks and the Internet, where it acts as a proxy mail server, looking after all the encryption and decryption details. Like Healthlink, it can also interface directly with some clinical software applications, so that some HL7 messages (lab results, say) can be deposited directly into a patient's record, rather than merely turning up in the doctor's email inbox amongst all the spam. I should add that Argus was developed using a govt-provided grant which allegedly specified that the Argus code be open sourced, and we are all waiting anxiously for news from the Argus copyright holders for news in this respect. My understanding from the Argus developers is that extension of Argus to accommodate other X.509 PKIs and/or GPG/PGP would not be too
Haystack (was RE: medical systems framework)
On Wed, 2004-06-09 at 03:40, Flewelling, Tim (DHW/SME) wrote: Hi, How about a non-health care specific open source project? Ad and link below. the universal information client Haystack is a tool designed to let every individual manage all of their information in the way that makes the most sense to them. By removing the arbitrary barriers created by applications only handling certain information types, and recording only a fixed set of relationships defined by the developer, we aim to let users define whichever arrangements of, connections between, and views of information they find most effective. Such personalization of information management will dramatically improve each individual's ability to find what they need when they need it. http://haystack.lcs.mit.edu/ Looks very interesting, and I have come across the work of the team who is implementing it previously (they wrote a very good paper on some model adjustments for text classification). However, they note that the software is only at the early alpha stage, and large parts of doesn't operate on Linux or Mac OS X yet. Perhaps you could remind us about it on this list from time to time? Worth keeping an eye on, as the semantic web stuff moves forward. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: More US patent madness
On Fri, 2004-06-04 at 23:14, will ross wrote: you ridicule my book, ignore my suggestions, and restate your original points more strongly. gee, tim, you do a great impression of an ugly american who, having discovered that his english isn't understood, raises his voice and adds a bad spanish accent to the same words in hopes of being better understood the second time around. I'm learning that more than a few Americans have thin skins, react as if mortally wounded when others disagree with them, and are offended easily by any sarcasm or attempt at irony. i heard you the first time. OK, I'll shut up now. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: Re: More US patent madness
will ross [EMAIL PROTECTED] wrote: does this mean the patentistas will give up without a fight? no. do i care? yes, outrageous abuses abound. but rather than gnash my teeth i quietly tend my code garden because at a fundamental level i am voting by my actions for the freedom to think for myself. and i am not alone in this struggle. Sure there is little hope for patent reform in the US and thus US citizens might as well roll over and read a good book, but many of us live in countries in which the patent system is still a little bit fairer than the totally reprobate US system, and thus it is important that we do make a fuss and publicly gnash our teeth in an atempt to prevent the US system being shoved down our and everyone else's throats. The real loser, as Monbiot points out, are people in teh Two-Thirds World, where in exchange for some loans from the IMF, they are signing up to totally inequitable intellectual property regimes. Tim C
Re: The evils of software and algorithm patents (again)
On Thu, 2004-06-03 at 22:36, Wayne Wilson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim Churches wrote: | See http://www.infoworld.com/article/04/06/01/HNnaantispam_1.html | | | Some of the claims mentioned for this particular patent are doubly | absurd, particularly the use of Bayes rule for email classification, | because such use is obvious from the literature | I initially thouht the same as you Tim. But re-reading the article (I have not read the patent, which we should do to verify the reportage) they claim not to have patented Bayes techniques, but to have patented combining several techniques, including Bayes, together to detect Spam. Thus, the IP history of Bayes techniques is only relevant to the degree that someone else revealed this combination in combating Spam that they use! Yes, but what patent attorneys routinely do, when drafting patent applications, is include claims which they know have clear prior art (but which they conveniently ignore), but which are the foundations of the novel claims (sometimes truly so, mostly not) which ought to form the real basis of the patent. The goal is to scare away others, including researchers, from working in those very broad areas. It is intellectually dishonest and has a major stifling effect on innovation - which is precisely the aim of the corporate patent attorneys - slower innovation means a longer run of potential advantage and profit for their client. The entire system works to inhibit what it was designed to promote. There are even broader claims at the Patent level, by Postini, for example, for the general idea automatically detecting and processing mail in a way to remove Spam. I suspect that such broad claims fall into the above category: ones which the patent attorneys know are indefensible on the basis of prior art or obviousness, but which are set up as a moat around more defensible claims. If you examine the industry and see the deals being done and the consolidation underway (Brightmail is used by at least two other vendors and was just purchased themselves by Symantec), you might see that these Patents have something to do with corporate valuation.. So, I would suspect that it's more then the Patent system, per se, at fault here. Sure, but don't get me started on the evils of unrestrained Capitalism... -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
Re: More US patent madness
On Fri, 2004-06-04 at 03:01, will ross wrote: On 3 Jun 2004, at 12:36 AM, Tim Churches wrote: Sure there is little hope for patent reform in the US and thus US citizens might as well roll over and read a good book... cute, but irrelevant. if you want to follow the patent reform debate, then go hang out on the eff website. my point, second attempt: [1] the foss process in and of itself disintermediates the patent system as it is perceived by (and abused by) the patentistas Not so. FOSS is a) heavily dependent on existing intellectual property protection regimes - specifically, copyright. b) FOSS products are just as liable to the threat of or actual legal action over patent infringements as commercial software c) you can't depend on copyright law but then say patent law doesn't matter. Consistent approaches are to i) obrogate Western style intellectual property protection regimes altogether - a desirable and possibly viable option for developing countries, as George Monbiot points out or ii) try to reform the existing system. Of course i) can only be done at a national level - it is fruitless and ill-advised for individuals or small groups to act illegally and flout existing laws. [2] increasing the success of open source solutions reduces the relevance of outrageous patents How? What is teh logic behind this assertion? [3] patent reform in any country is not immediately relevant [a] because patent abuse shenanigans are a sign of creative failure (and of foss success) Creative impoverishment never stopped any corporation from trampling others. [b] because in the long cycle strengthening the foss portfolio builds an unassailable commons Are are saying that the popularity and thus political sway of FOSS will protect it against legal challenges under patent law? FOSS will need to be a LOT more popular than it is now for that to be true. [c] see #1 will we ever disabuse the patentistas from their fundamental desire to sue their way to the top? no, their tactics remain valid on a microeconomic level, it's their strategic dependence upon private knowledge portfolios we are shredding with an asymmetric foss assault at a macroeconomic level. FOSS as a force at a macroeconomic level? Now or in the near future? Really? am i outraged by the disneyfication of global culture? not really, i have trouble prioritising rage as an appropriate response. am i amused by patent madness among the globalisation elite? yes, i am amused by it. microsoft patents the double click? let them, they must be more desperate than i thought. can i stop masses of people who are unable to think for themselves from behaving like idiots? no, but i can contribute towards a long term solution by banding together with reasonable people who actually think for a change, about a change, and who build the change. if at the end of the day fools remain in hot pursuit of absurd power monopolies, tell me how this is different from any other day in the past, say, few thousand years? Those are valid individualist responses to the situation. Forgive some of us if our natural responses are more political. meanwhile, weber's book is excellent. here's a couple of decent quotes: Property in open source is configured around the right to distribute, not the right to exclude. ... Is it possible to build a working economic system around the core notion of property rights as distribution? The open source process has generalizable characteristics, it is a generic production process, and it can and will spread to other kinds of production. There is no state of nature on the Internet. Knowledge does not want to be 'free' (or for that matter, 'owned') more than it wants to be anything else. Yes, good quotes, but orthogonal to the issue of the slow strangulation of innovation, including FOSS, by software and algorithmic patents. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
RE: More US patent madness
On Fri, 2004-06-04 at 07:30, Tomlinson, Steven B wrote: I like the U.S. Patent, Trademark, and Copyright system. It is part of the foundation of my country and was written into our Constitution from the beginning. Some organizations may find ways to unfairly exploit the system, however, in the end, common sense tends to prevail and the exploitation is undone and the process and intent of the IP system becomes more clearly defined along the way. For example, in 1993 Compton's was awarded a patent for the search and retrieval of text, pictures, audio, and animated data, clearly ridiculous to those of us in the industry at the time. By March of 1994 upon challenge and review the patent was rescinded. What proportion of US patents are reviewed and rescinded? A tiny proportion. The remainder continue to exert their dampening effects on innovation and the deployment of knowledge. Article 1, Section 8 of the U.S. Constitution reads: To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries; Sounds like a great idea to me. Let's encourage people to do useful things and allow them to be rewarded for it! This system has worked quite well for the last 200+ years in providing many of the modern conveniences I enjoy every day. Read George Monbiot's article - as he points out, countries like teh US industrialised because they conveniently ignored patents granted in other countries. I can accept your arguments IF patents were restricted to a single country - what you Americans do in your own country is (mostly) your own business. However, beginning with the Berne Treaty, but made much worse by bilateral trade agreements and treaties, all these incredibly dubious US software and algorithmic patents are now being forced on other countries. Thus, what may or may not be good for US citizens leads to the impoverishment of others. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
The evils of software and algorithm patents (again)
See http://www.infoworld.com/article/04/06/01/HNnaantispam_1.html for a report on the absurdity of the US patent system - a system which the US is trying to ram down the throat of the rest of the world (eg the European patent law reforms, and the mooted changes to Australian patent law under the proposed US-Australia Free Trade Agreement). Some of the claims mentioned for this particular patent are doubly absurd, particularly the use of Bayes rule for email classification, because such use is obvious from the literature - there are papers which discuss the use of Bayesian methods to classify email and Usenet messages going back many, many years, although they don't mention spam because the word meant processed ham when the papers were written, not unsolicited email. Furthermore, Paul Graham posted an influential and very widely read paper discussing the use of Bayesian techniques for spam filtering in August 2002 (see http://www.paulgraham.com/spam.html ), several months before the application for the patent in question was filed. In all likelihood this patent can be invalidated, but it now means that time and effort has to be invested in doing so, and in the meantime, researchers and implementors will be wary of using Bayesian techniques in spam filters. Thus useful progress is yet again seriously impeded by software and algorithmic patents - in part due to sheer stupidity by (and perhaps deliberate underfunding of) the US patent office (and US patent laws) and greediness on the part of the of the patent claimant, who must have known that there was prior art for their claims, but who filed them nonetheless. 'Twas ever the way of the world, I suppose. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
More US patent madness
See http://www.smh.com.au/articles/2004/06/02/1086058889577.html In the 19th and 20th Centuries the struggle was over the ownership of capital means of production. In the 21st Century it is increasingly clear that the struggle will be over the right to use ideas. George Monbiot has written some thought provoking articles on this - see for example http://www.guardian.co.uk/globalisation/story/0,7369,665969,00.html Tim C
Re: Secure Filesystems
On Fri, 2004-04-30 at 12:15, [EMAIL PROTECTED] wrote: Research on filesystems, mostly Unix and Linux, indicates a possibility that a secure filesystem can be created that can resist attempts to access it by applications and 'users' that are not properly authenticated. Furthermore, there is a possibility that 'levels of access' could be an integral component. Suggest that you examine SELinux, which is now included in Fedora Core 2. Combine the MAC (mandatory access controls) of SELinux with encrypted filesystems and you have the infrastructure you need for what you envisage. Exactly HOW to combine them requires more work, but there's your opportunity. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 signature.asc Description: This is a digitally signed message part
Re: [Fwd: Speex 1.1.5 Unstable - A voice compression format (codec).]
On Sun, 2004-04-25 at 19:23, J. Antas wrote: Speex 1.1.5 Unstable by Jean-Marc Valin (http://freshmeat.net/~jmvalin/) Wednesday, April 21st 2004 20:40 About: Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP (VoIP), Internet audio streaming, audio books, and archiving of speech data (e.g. voice mail). We have used this to record seminars on a laptop (using a sensitive, battery-powered electret omnidirectional microphone so thatr questions from teh audience can be picked up). It works well, and the degree of compression is amazing: we got about 12MB (hard to believe but true) for a 60 minute seminar, everything crystal-clear. The only draw-back is that the speex codecs are needed to listen to the file, and people hate the hassle of having to install these. Low bandwidth mono MP3 format is much less efficient than speex, but end users of the files usually can play them immediately without extra software. But is that is not a problem, speex is great. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 signature.asc Description: This is a digitally signed message part
Re: hxp, was Re: domain-expert modifiable systems, was RE: Typed untyped languages
On Tue, 2004-04-27 at 23:15, Adrian Midgley wrote: I think the thing I would most like to change about HL7 is the policy on release of its documentation, where a modest sum is required of anyone who wants a copy of it, and therefore instead of a standard which the owners would like everyone to adopt, and show it, it beocmes a standard the details of which are locked up, whose administration must support copyright restriction, accounting and distribution of the instructions, and where serendipity is hampered. If you go to http://www.hl7.org/, and click on 'HL7 Standards under 'resources, some, but not all or the extant and draft standards are freely downloadable. Like you, I don't understand why are all aren't freely available. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 signature.asc Description: This is a digitally signed message part
Re: Re: Australian Health Connect
David Forslund [EMAIL PROTECTED] wrote: What do folks down under know about this work? I would appreciate comments. There was a note about this on this list over a year ago, but I'm interested in people's assessment. Any particular aspects, Dave? It is a fairly large, multi-headed hydra. One part of the preparatory work which is worth a look is the consideration of e-consent - see http://www.health.gov.au/healthconnect/pdf_docs/cons_dp.pdf and particularly the various reports here: http://www.health.gov.au/hsdd/primcare/it/econsent.htm Tim C