Lutheran Medical Center (LMC) is part of Brooklyn, N.Y.-based Lutheran HealthCare, an organization which also includes the Lutheran Family Health Centers network and Lutheran Augustana Center for Extended Care & Rehabilitation. LMC is a 476-bed Level I Trauma Center providing ambulatory surgery, cardiac care, neuroscience services, obstetrics/gynecology, spinal surgery, perinatology (maternal/fetal medicine) and oncology (cancer diagnosis and treatment). Recently, HCI Editor-in-Chief Anthony Guerra had a chance to talk with CIO Steve Art about his facility’s plans to implement the VA’s VistA open-source software supported by MedSphere.
AG: And that knocked your socks off?
SA: That knocked my socks off. I and two other guys started downloading the Veterans software because there was no charge, and there’s a Web site where anybody can download it. I started downloading, but the software is so big that you would download for two hours, and the connection would break and you had to start over again. I can't tell you how big these files were – they're just huge, huge files. So I was doing it at home and I was doing it on weekends and there are three of us – literally around the clock. I would have three downloads going on all at the same time but we never could do it. It was an absolute nightmare.
Then I read that there was a place you can send a check, and I believe the check was $47.16 to get the software on disks. I sent my personal check because – and this is a good one – I couldn’t get the hospital to write me a check to the government for that much money. It was just too much paperwork here to get that done. I wrote my own personal check, which I got reimbursed for, sent it off to an office of the government (which I can give you the address if you need it), and they sent me the six or eight CDs, DVDs, whatever they were that had all the software on it. I said, ‘Oh my God, I've got it all.’
My head tech guy and I sat down and we loaded the software up and, sure enough, we got it working. It was perfect. It was gorgeous. It had everything in it. Think about it – the VA spent, over the course of 16 years or something between $6 and $8 billion building the system for all of the VAs. That was the basis for the Freedom of Information release, taxpayer money had paid for it, so therefore, we should get it for free, and that’s what a guy won on (in court).
This thing had everything in it because they had a lot of money to spend and they spent it wisely. They actually built and bought a good system. And way it was built was, in the early days, every VA had to have the basic product, but anybody in any VA could develop a new product to tack on and have it used only locally, or they could take that add‑on product and send it to some central place where they would then send it out to everybody and make it part of the main product. It was almost like an open-source sharing arrangement in VA. That’s how they built the product. And when people come up with a new template or a new whatever, they would send it in, get it part of the product and the product grew and grew and, of course, from then had vendors working on it at the same time. So this thing was gorgeous. I can’t say anything bad about it. It is just a gorgeous product, and it looks as good as, or better than, any product we saw on the marketplace and it’s free.
The problem was we didn’t know how to use it. How do you get data into it, how do you get patients into it, how do you hook it up to your ADT system, how do you hook it to your billing system, how do you do this, how do you do that. It created more questions than we had answers for. So we said to ourselves, ‘Who is going to help us put this in?’ One option was to find an ex-VA guy who knows the whole system, but there aren’t any because the VA guys knew the piece that they worked on and they knew how to use it, but not how to install it. That’s because it got installed over so many years, it wasn’t a single group that installed it. It came in pieces over time and you just added to it.
So we looked around and found a couple of companies that were in this space that would help implement it and eventually Medsphere (Carlsbad, Calif.) came through to me as the one that was going to help, and that was history. We struck a deal with them that they would make the changes I needed to the system and, of course, some of the changes were fundamental. For example, the VA uses social security numbers to track patients. We, in the commercial space, use medical record numbers and account numbers. What we call a nursing system, the VA calls a ward, so some of that terminology had to change. And then I needed a bunch of interfaces to work with the systems I was still keeping. My dictation system and my PACS system and my lab system and then those things had to get done and integrated with the system.
So they signed up for all that stuff. We came up with a price and they’ve been helping me implement and literally building all that stuff for me now. They’re also loading some of the back data that we need to go in, and we’re getting closer and closer to it. We’ve built all of our templates and all of our screens and we’re pretty much ready to go now as soon as I get all of those other interfaces they’ve done. At that point, we’ll do our testing, and then training and go live.
AG: What’s your timeline coming up?
SA: We’re expecting them to give me the last of the pieces they are doing beginning in June. And if they make that date – which I’m hopeful they will, we are looking at going live toward the end of the year. We have to do a lot of testing of stuff first, but I’m assuming that testing goes okay and training goes okay.
AG: Okay, so we all know we’re in the ‘meaningful-use’ environment, waiting for the clarification.
SA: Yes we are.
AG: I know CCHIT has made some overtures regarding the certification of open-source software, but what would happen if they are deemed the one and only source of certification and open source doesn’t qualify?
SA: You’ve made a correct description of the situation. I hope CCHIT does not become the body that does the certification. Because heretofore, their certification has been around doctor’s office EMRs/small practice EMRs. And they were formed because it was thought that doctors are too busy to figure out what they should have in the EMRs, so somebody would just say, ‘Okay, this is a good EMR and this is a bad EMR.’ It was built as a service to the small practitioner – one-man, two-man, or three-man shops. It has taken on a different life. It then became a political process where the big vendors were paying CCHIT lots of money to further certifications each year and because it’s an annual certification, CCHIT is making money off this stuff, so they’re happy to be doing it every year, and the criteria has been more and more restrictive to exclude vendors from the market as opposed to making it more inclusive.
I’ll give you an example. At the HIMSS conference, a lady from WorldVistA got up – I don’t remember her name now – and said to them, ‘Why do you have a requirement that is so restrictive that you require passwords to be in both upper and lower case?’ And I said to myself, ‘Oh my God,’ because in the VA software, every password has to have a special character, a number, and a letter, at least one of each. So for passwords, a lot of times, people have numbers and letters which may be inconvenient, but the numbers and letters and a special character is totally over the top, but even more secure. So by CCHIT’s criteria, a password scheme that OpenVista has, which is more rigid, more than what they’re asking for, would not pass because there’s not an upper and lower case.
To my view, that is restricting this vendor, not helping me – not helping the consumer. And, from my point of view, when you talk about a system that’s going to be sold to a hospital, it’s different than talking to a physician running his own practice. I understand when you’re in doctors’ offices, somebody needs to worry they have security and all the other issues that CCHIT is concerned about. But when you sell to me, I’m a big enough consumer that I know what I need. I know how to evaluate a system. I know whether or not the security is valid or not valid. I mean, having three different kinds of characters is valid enough for me on two levels – username and password – and that’s fine for me, because you have to get on my network to start with, you have to log into the network and then log on to the application. So I've got multiple levels of authentication here.
