Archive | Uncategorized RSS feed for this section

Why NPfIT failed

30 Oct

Good article

Woland's cat

(from Campion-Awwad, Hayton, Smith and Vuaran, 2014)

Below is my list of reasons why I think NPfIT failed. NPfIT was the NHS National Programme for IT in health, starting in 2002, with Richard Grainger appointed as NHS IT director. A timeline is published here. NPfIT is generally conceded to have spent £10.7bn by the government in 2013, when it was definitively shutdown. Claims have been made that slightly more than this was delivered in value. Realistic analyses such as the one linked to from the image at the top of this post show that the realised benefits are miniscule. Right now, the benefits for ‘Choose and Book’ can probably also be written off, as it is no longer generally used. I would guess the only benefits that those in the industry would agree were actually realised are N3, the secure NHS network and possibly NHS mail. The Spine supplies…

View original post 572 more words

Advertisements

Broen på Kolsås

7 Oct

I Heggelikroken på Kolsås, der turstien begynner, der gartneriet i sin tid stod, går en bro over bekken.

bridge

Vi ser den og undres over hva en slik vakker bro gjør akkurat her? Den leder fra en gruslagt plass inn på en velholdt plen i en privat hage, og er bygget med gamle jernbanesviller og et vakkert smijernsrekkverk. Broen er svært dekorativ, javel, men inviterer til en trafikk som det verken er grunnlag for eller ønske om! Den er en slags bro til ingensteds – har jeg tenkt.

I dag snakket jeg med broens opphavsmann. Da hans datter var liten, for mer enn 40 år siden, bygget han den første broen for at hun lettere skulle kunne være sammen med gartnerens hjertesyke datter. Den opprinnelige broen var noe enklere, men fylte sin rolle. Den hjertesyke jenta døde på operasjonsbordet da hun var omlag 12 år gammel.

En ny bro ble bygget noe senere; kanskje et flott smijernsrekkverk dukket opp hos en skraphandler og sådde frøet til nyskapningen.

For den som kjenner dens historie står den der som et minnesmerke over gammelt vennskap .

Trip to Stockholm with ABUK 2018

4 Oct

Potato holiday in Norway – off to Stockholm with ABUK, the “Asker and Bærum Youth Winds” – with the odd musician from Oslo, and even Italy. ABUK offers young adults aged 13-18 the possibility to play at a more advanced level than that afforded by the school bands that are their main affiliation. (cont below photos)

 

We travelled by train and stayed at the Zinkensdamm. This is a hostel of sorts located in a quiet part of Södermalm. No frills, no thrills, but well run and cheap. Perfect for us, and the nearest McFlurry was less than ten minutes away!

I really enjoyed Skansen and the ABBA museum, for similar reasons: nostalgia, and down to earth Swedishness. ABBA has been part of my life since I was about 8 or 9, when “Mamma Mia” came out. “Knowing me Knowing you” was the soundtrack to my visits to Tromsø and the Kroken downhill slope with its lift that was forever breaking down and its poorly maintained “pistes”. The interviews with Annifrid and Agneta stood out. One self-possessed and sure of herself, the other much less so. I went back and looked at the photos. You can see it all the way. “Arrival”, “The Album” – I bought them myself, and “Fernando” on 45rpm, played it to bits. Last night I hooked the Mac to my old hifi and turned up the volume on Knowing me – knowing you from Spotify. Listen to the bass line – and not just on this one.

Stockholm. Clean, tranquil, uncrowded, polite, cool, efficient, expensive. Imposing buildings, boulevards and squares. Not so cozy; not like Copenhagen, no, not at all. Here it made sense to hum “Baker Street” by Gerry Rafferty.

The kids. They´re musicians. They don´t have fancy handbags and fancy clothes. And they are probably not the coolest kids in school. But they act like most kids – except as a group they are incredibly easy to manage. And then they have an ace up their sleeve. They unpack their instruments, a particular, focused light comes on in their eyes, and they become an orchestra. Gets me every time.

 

Loppemarked 2018

24 Sep

Så var det loppis igjen. Sist jeg skrev om det var i 2013 (les!)

Man kan virkelig si MYE om et loppemarked. La meg begynne med et sitat fra en middelaldrende svartkledd kvinne: “Vi er veldig glad i loppemarked. Jeg kommer hit hver gang, og bruker 2-3 tusen. Jeg får ikke så mye for de pengene på Storsenteret, og jeg har seks barn”.

35,35,316,330.631348Det er interessant å se hvor godt en gjeng rutinerte – og hyggelige – korpsforeldre kan jobbe sammen med et minimum av instrukser fra sentralt hold. Det er som en maurtue. Hvert enkelt individ internaliserer sin vesle del av det store hele, og utfører de handlinger som skal til for å nå det felles målet. Subtile signaler fra dronningen styrer det hele på et ubevisst nivå. Og i helgen nådde vi et nytt maksimum av maurtue-het.

Har det hele forandret seg på 10 år? Nei, ikke egentlig. Det var en jevnere etnisk fordeling denne gangen, og litt mindre pruting jevnt over. Det er litt færre platinablondiner som henger på armen til muskuløse menn med kort hår, litt lenger mellom de som virkelig MÅ på loppemarked. Og de samme gjengangerne og de som har loppis som en del av livsstilen, og som kanskje ikke har det så enkelt på alle vis.

Prisnivået har steget svært lite på ti år, og fortjenesten er omtrent som den gangen. Vi har ikke blitt så rike at loppis er irrelevant, men senger og madrasser, som gikk før, de blir liggende.

Vi ses snart.

Ulgueira and view over the Atlantic

6 Jul

Summer holiday 2018 – fly to Lisboa and rent a house in Ulgueira. Here´s a brief report and some suggestions.

 

 

We´re about an hour west of Lisboa, in the countryside in the tiniest of villages. The village is very very quiet, and immaculate. Many of the houses are summer residences, and the village seems almost deserted now in early July. The whole area is very quiet, even the beaches, with the exception of the tourist attractions: Lisboa, Sintra, even Cabo de Roca, the westernmost point on the European continent. It´s walking distance from our house, so we walked there. In the photo above, it´s dusk and quite cold, but all the more scenic.

The house is fabulous. Spacious, well kitted out, and made of beautiful materials. Just look at the tiled floor.

We try out the different beaches. Praia das Macas has a large pool, seawater and all. We were about the only guests on this particular day!

Praia do Guincho is “the best” and also wildest, and must be very crowded at peak season. When we were there, it was very roomy indeed.

Sintra is very fascinating. It´s good to read up on it before going – we didn´t. It´s good to avoid walking up to the palaces, since there is a lot of traffic on the one-way lane. We walked up … a Tuk-Tuk might be a good choice. Also try the railway from Praia das Macas; it´s a museum piece, but it works.

It´s worth taking a trip to the Santuário do Peninha, a few kms away from Ulgueira. The view from up there is excellent.

Food. In Malveira there is a well-stocked Spar supermarket, it has all you need, and a pharmacy across the road. As for restaurants, we tried Tamariz in Estoril – very erratic service, but lovely spot, and very stylish. At the opposite end of the scale, Sisudo in Almocageme. Highly recommended. Same goes for Adega do Coelho. Very authentic.

Do walk towards the beach and clifftops. Just go straight ahead and you can´t really miss it. The scenery is magnificent, and the sheer drops vertigo-inducing. Small kids – best held by the hand. We saw a fisherman fishing directly from the cliff-top into the sea 100 metres below.

Lisboa – fascinating and still unspoilt, but mass tourism is changing it fast. Lots of traffic…

And finally, the Portuguese. Very very friendly and excellent English. Hats off.

en ubehagelig sannhet

6 Apr

Kader krysser hele byen fra øst til vest på banen. Utenfor står trærne mai-grønne.

På Bekkestua går han av. Sender SMS-en, og noen minutter senere stopper Audien rett bortenfor. Kader hopper inn, og de ruller mykt avsted. “har du med deg”? Selvsagt. De kjører noen minutter. Russebussen står på en gårdsplass. Bassen dunker, pappaguttene henger, sitter og ligger. Kader går rett inn i bussen, og rett etter går han ut igjen. I lommelykten fra Clahs Olsson som han har gitt fra seg er det kokain for 5 lapper. Han er lettet. Nå er det i orden, gutta har ikke mer på ham nå.

To dager senere er pistolen hans. Med de siste 5 har han nok til å handle. Albaneren som kjenner noen som kjenner noen har gjemt den på avtalt sted, og han pakker den ut med en lett skjelving. Browning 9mm, 20 skudd. Den er tung, pakket inn i oljet stoff, lukter våpenolje. Kader øver seg på å lade magasinet, sette det i, ta ladegrep. Hver gang legger han sluttstykket mykt tilbake, intet skudd er løsnet.

Ismail møter ham som avtalt. Tror vel at han er boss fortsatt. Det er lyse kvelder, de finner et halvmørkt sted bortenfor blokkene. Kader trekker Browningen og peker den mot magen til Ismail. Du bløffer – ikke kødd med meg, sier Ismail. Du ligger unna meg fra nå av, svarer Kader. Ismail går et skritt mot ham; han trykker instinktivt på avtrekkeren der fingeren ligger klar. Sikringen er av.

Kulen kutter Ismails bukaorta tvers av, og han forblør på to-tre minutter.

A patient-centric health record

29 Dec

It´s not too late, even if Google has discontinued its offering and the status of MS Healthvault is a bit hazy, especially in Norway.

It´s not too early, either. Patience is running out.

The health record (pasientjournal) is a document which serves the needs of the health care professional (HCP). That´s how it came to be, and that´s how it is described in law. When you provide health care, you have to keep a record. It serves both to document your actions and deliberations, and to communicate with the next HCP. It is to a far lesser degree intended for the eyes of the patient. Let´s fast forward to today. While you´re sitting in the waiting room you´re googling the latest info, and most of the time, you are up to speed on the disease and your outlook. The world has changed.

But the health record (including lab results, images etc) are still kept and controlled by the health service. In Norway, where the public purse pays for most, but not all health care, the public sector creates solutions that serve to move records between HCPs, without involving the patient. The newish “kjernejournal” does little to change this. If a major piece of information is missing, you cannot add it without involving your GP.

What´s more, or worse, if you get treated by a private HCP, or abroad, you cannot add information. If you then observe, as most will, that the right hand (AHUS) has no idea what the left hand (OUS) is doing, you have to bridge the gap yourself by acting as a kind of paper-based records service: you carry with you a bunch of print-outs to make sure the different actors are coordinated. You are your own best doctor, patient-coordinator, etc etc. If you have kids: repeat.

The solution is to create a personal health record which is controlled by the patient. Sounds like MS Healthvault, really, and I must find out what the snag is with that.

More likely than not, the rub lies with the law:  you cannot collect information about a person´s health just like that. You need a legal grounding; for instance that you are offering health services as an authorised HCP; in short, you´re a doctor.

So how can someone who´s not offering health services (not-a-doctor) collect health information legally? I do not know yet, but I suspect the key lies with encrypting the data at rest. I will argue that a collection of random 1s and 0s are not health information.
Let´s put the burden of proof on our opponents: give them a few megabytes of encrypted data and make them prove that it is health data. If they can´t, how can they argue that is IS health data?

So here´s the proposal. The architecture comprises three parts:

  • Client
  • Security Provider
  • Health Record Provider

The Client is any application, web or “app” or otherwise. The Security Provider controls who and what gets access to information; this in turn is determined by the user, who may delegate access to others. Further, the Security Provider manages encryption keys. These are used to unlock the information stored by the Health Record Provider. The latter entity is legally separate from the Security Provider, and stores encrypted data that happen to be about a person´s health. The Health Record Provider does not have access to the encryption keys until these are provided by the Security Provider. The Health Record Provider has logic to store incoming information and to transform information for display and export. This means that any information being treated must be decrypted on-the-fly, and exist in-memory in clear-text. As soon as the session ends, the memory is purged and no personal information is available to the Health Record Provider or any of its staff. A sine-qua-non requirement in this context is the requirement that the Health Record Provider never persists the keys it receives from the Security Provider. The key will most likely be symmetric. We could envisage using a number of keys, of course.

Another sticky detail is the fine-grained authorisation of access. This function entails storing information about information, which is in itself information. In order to solve this, the metadata about a given role´s access must in itself be encrypted. One way to solve this would be to associate a given role with a specific key. The couple (role, key)  must be managed by the security provider and stored by it. When a given role is authenticated and routed to the Health Record Provider, the key will unlock metadata such as “Physio record”, and this will in turn be used to filter the information that is stored. In order to avoid having to decrypt the entire record, an index will be stored as part of the metadata, pointing to the relevant parts of the record. An important detail to solve is how to update the index when new information is added to the record, since this might require access to the “Physio”-key and all other keys.

In order to avoid “tapping” of data from the Health Record Provider, the code that this entity runs must be audited and signed, and only the signed code must be possible to run. The auditing must be carried out by a trusted third party, like DNV-GL or similar.

On might argue that this introduces a fourth element in the architecture, namely the software provider. The role of this entity is to provide software that is guaranteed to be “leak-proof”. Beyond this, it must be possible to guard against scanning of the memory of the application.

A lot of tech is required. At the end of the day, the importance of this system lies in its ability to treat information of many kinds, index it (one patient at a time; index must be encrypted also) and make it available in a very granular form to clients. As an example I may want to share my data about my foot with my physio, but not the rest of my record, and to allow the physio to upload relevant information about the treatment. I may also decide that I want to store some biological parameters in the solution and make these, but only these, available to researchers or to a commercial party.

Why go to all this trouble? Chiefly because today´s health service can only scale if we make the patient autonomous, and replace service by self-service, like the banks have done.