Mohammad Al-Ubaydli’s blog

Bar code medication administration

Posted in Medicine, Technology by Dr Mohammad Al-Ubaydli on October 20, 2009

I am a big fan of bar code medication administration. It can save more lives for less money than most other, sexier, health care investments can. Of course, like all technologies, it is not perfect. For example, I have written about BMCA workarounds in the past, i.e. where staff distrust the technology and start bypassing it in their workflow.

But Alan Barrell passed on this video to me and it is a pleasure to watch because the clinicians are so enthusiastic about the patient safety aspect of using technology:

Tagged with:

Genomic electronic health records: opportunities and challenges

Posted in Articles, Medicine, My publications, Society, Technology by Dr Mohammad Al-Ubaydli on July 22, 2009

This article was originally published in Genome Medicine on 23rd July 2009 at http://genomemedicine.com/content/1/7/73/.

Mohammad Al-Ubaydli1 email and Rob Navarro2

1UCL Centre for Health Informatics and Multiprofessional Education, Archway Campus, Highgate Hill, London N19 5LW, UK

2Sapior, 16 Byron Avenue, London E18 2HQ, UK

author email corresponding author email

Genome Med 2009, 1:73doi:10.1186/gm73

The electronic version of this article is the complete one and can be found online at: http://genomemedicine.com/content/1/7/73

Published: 22  July  2009

© 2009 BioMed Central Ltd

Abstract

There is value to patients, clinicians and researchers from having a single electronic health record data standard that allows an integrated view, including genotype and phenotype data. However, it is important that this integrated view of the data is not created through a single database because privacy breaches increase with the number of users, and such breaches are more likely with a single data warehouse. Furthermore, a single user interface should be avoided because each end user requires a different user interface. Finally, data sharing must be controlled by the patient, not the other end users of the data. A preferable alternative is a federated architecture, which allows data to be stored in multiple institutions and shared on a need-to-know basis. The data sharing raises questions of ownership and stewardship that require social and political answers, as well as consideration of the clinical and scientific benefits.

In the May issue of Genome Medicine, Belmont and McGuire [1] make the case for a ‘uniform electronic health record’ (EHR) that includes both genotype and phenotype information. By uniform they mean a single data standard across different EHR databases and user interfaces, rather than a single database or a single user interface (this has been confirmed by personal communication with the authors).

It is certainly true that a clearer picture of a patient’s health is possible when their genotype data are combined with phenotype data. The quantity and quality of these data are improving, along with the analytical tools that allow us to interpret them. Patients, clinicians and researchers can all benefit from a better understanding of these data, and Belmont and McGuire’s article [1] describes efforts in Europe and the USA to unify the datasets.

However, other parties that would benefit from better understanding include public health officials, government bureaucrats, insurance companies and employers. And in some cases, there are conflicts of interest; for example, an insurance company could use genetic information to raise premiums or deny cover, whereas a patient might use the same information to seek increased cover when they learn of the risk for future diseases.

There are ways to solve the conflicts of interest that can arise from the use and availability of patient data. First, as Belmont and McGuire [1] describe, efforts such as the Personal Genome Project [2] allow patients to opt in to fully disclose their genetic information for the benefit of researchers. PatientsLikeMe.com [3] has an openness policy alongside their privacy policy so that participants can agree to share all their data, and tens of thousands of people from around the world have already agreed to do so. The value to researchers is currently limited because the data are self-submitted rather than independently verified, but the proof that patients are willing to share their personal information is there.

The principle must still stand, however, that data sharing begins with and is controlled by the patient. This favors a single personal health record (PHR) as a database rather than a single electronic health record. PHRs are records owned and controlled by the patient [4] , as opposed to EHRs, which are owned and controlled by health care practitioners.

Useful data standards for PHR and EHR communication should be expanded to fit the genomic vision that Belmont and McGuire [1] outline. In particular, the Continuity of Care Record (CCR) data format is the digital equivalent of a referral letter from one clinician to another about a patient [5] . It is supported by PHR providers such as Google Health and Microsoft HealthVault; pharmacies such as Walgreens and CVS; and providers such as MinuteClinic [6] . The Department of Health and Human Services at the National Cancer Institute unveiled a standard earlier this year for family history [7] . However, a single genomic data standard is not yet available or widely adopted.

Second, de-identification algorithms that work for genotype data are needed. De-identification is a better term than anonymization because the latter implies a binary process, which is misleading, while the former accurately conveys a spectrum. We know that de-identification algorithms are already in use when the public interest demands phenotype sharing but patient consent is not possible or practicable. Examples include notifiable disease surveillance, public health planning and large-scale research. In these cases, looking after the patient’s privacy requires measures that ensure they cannot be identified through illicit use of those data. But de-identification algorithms for genotype data are not mature enough.

Re-identification becomes more likely as the number of users increases. Illicit patient re-identification has three sources of risk: the research team, all other people who have access to these data and finally the inherent readability of the data itself [8] . Building a single system to be accessed by hundreds or thousands of researchers across tens or hundreds of projects is simply inconsistent with minimizing these three sources of risk. Such systems can therefore never be adequately private.

What might work, when public interest demands but consent is not possible, are schemes that separately copy just the minimum of phenotype and genotype data from various health management systems for a specific group of vetted researchers working within a highly protective legal context. Any change in project purpose would necessitate a re-assessment of the prevailing risks. A system in which highly vetted organizations were permitted to collect and link minimal data from all its various sources would be ideal.

In addition, the architecture for a single EHR or PHR is not a simple one. It is desirable and correct to view all the relevant data at the time of making a clinical decision or coming to a research conclusion. However, that does not mean all the data should be viewable.

For the person viewing the data, their storage in a single place does mean faster access and allows data normalization. But for the people whose data are viewed, such a data warehouse is ripe for abuse. Citizens have expressed their distrust of such systems on many occasions [9] , and security experts have repeatedly pointed out the risks of data warehouses [10] . Federated architectures, where data are spread across multiple sites and queried as needed, have been deployed [11] and are made easier by new approaches, such as service-oriented architecture. And knowing how much protection to put in place is made easier by couching privacy concerns in terms of the risk of illicit patient re-identification.

Conclusions

All of the above discussion is not to say that a single EHR is a bad idea. Belmont and McGuire [1] make a good case for the need to unify data in the service of laudable aims, including providing good patient care and advancing medical research. However, just because something can be done does not mean that it should be done, and in health care it is patients who should decide what should be done. They will be the most affected by privacy breaches, so they must be the ones who decide which of the benefits to take advantage of. The danger is when professionals confuse their convenience with the benefit of patients. The good news is that mature technologies exist that do put patients in control. As professionals we need to earn their trust by using these technologies when we ask for data sharing that makes our jobs easier.

Abbreviations

EHR: electronic health record; PHR: personal health record.

Competing interests

MA is the CEO of Patients Know Best, a company that makes and sells personal health record software. RN is the CEO of Sapior, a company that makes and sells de-identification software for the private sharing of health data.

Authors’ contributions

MA wrote the sections on personal health records and RN wrote those on de-identification.

References

  1. Belmont J, McGuire A The futility of genomic counseling: essential role of electronic health records.

    Genome Med 2009, 1:48. PubMed Abstract | BioMed Central Full Text | PubMed Central Full Text OpenURL

    // Return to text

  2. Personal Genome Project [http://www.personalgenomes.org/]

    OpenURL

    // Return to text

  3. PatientsLikeMe [http://www.patientslikeme.com/]

    OpenURL

    // Return to text

  4. Markle Foundation: Connecting for Health [http://www.connectingforhealth.org/resources/final_phwg_report1.pdf]

    OpenURL

    // Return to text

  5. Continuity of Care Record Standard [http://www.ccrstandard.com]

    OpenURL

    // Return to text

  6. Medpedia: Continuity of Care Record (CCR) Standard [http://wiki.medpedia.com/Continuity_of_Care_Record_(CCR)_ Standard]

    OpenURL

    // Return to text

  7. Cancer Biomedical Informatics Grid [https://gforge.nci.nih.gov/projects/fhh]

    OpenURL

    // Return to text

  8. Navarro R An ethical framework for sharing patient data without consent.

    Inform Prim Care 2008, 16:257-262. PubMed Abstract | Publisher Full Text OpenURL

    // Return to text

  9. McKie Robin Icelandic DNA project hit by privacy storm. [http://observer.guardian.co.uk/international/story/0,6903,1217842,00.html]

    The Observer 2004. OpenURL

    // Return to text

  10. Anderson R, Brown I, Dowty T, Inglesant P, Heath W, Sasse A: [http://www.cl.cam.ac.uk/~rja14/Papers/database-state.pdf]

    Database State.York: Joseph Rowntree Reform Trust; 2009. OpenURL

    // Return to text

  11. Gruman G Massachusetts takes a spoonful of SOA. [http://www.infoworld.com/d/architecture/massachusetts-takes-spoonful-soa-904]

    InfoWorld 2005. OpenURL

Tagged with:

Why patients are worried by national electronic medical records

Posted in Medicine, Technology by Dr Mohammad Al-Ubaydli on February 4, 2009

I just spent a wonderful day at Leeds University’s Masterclass in Designing Future eHealth System. There were some very impressive participants, and everyone was generous with their knowledge and expertise.

As I arrived back at Leeds train station though I saw this poster below:

systemoneI took a photo with my phone as I just found the phrasing so striking. It falls into The annals of (what) were they thinking?

The poster, about TTP‘s systemone, says:

8.5 million patient records, twenty thousand users
the future of patient care

I am sure that TTP is proud that their tools store the records of 8.5 million patients, and that 20,000 clinicians use these tools. But there seems to be no worry about the possibility of reading that poster as: there are 20,000 users, each of whom can read the records of 8.5 million patients.

This lack of worry worries many patients as they consider national medical records databases.

Tagged with:

Bahrain Medical Bulletin is Bahrain’s first open access journal

Posted in Arabs and Arabic, Medicine, Society by Dr Mohammad Al-Ubaydli on December 23, 2008

Here is a press release we sent out recently to journalists in Bahrain. I hope to announce more good news soon.

PRESS RELEASE
Issued: 23 December 2008

For Immediate Release
With support from Ministry of Health and Kuwait Finance House.

TITLE Bahrain Medical Bulletin is Bahrain’s first open access journal

Today, the Bahrain Medical Bulletin (BMB www.bahrainmedicalbulletin.com) became an open access journal. What this means is that the journal is now free to read online, and is published under a progressive copyright that allows readers to reuse the articles provided they cite them correctly.

Dr. Jaffar Al-Bareeq, Chief Editor of the BMB, said “This change is part of BMB‘s belief that medical research is an international public resource and should be provided with a copyright license that supports sharing of scientific knowledge.” Dr. Al-Bareeq founded the journal in 1979 to provide a forum for medical research in the region.

Starting with the December 2008 issue, all BMB articles are freely available online and deposited in a public archive immediately upon publication. Anyone is free to copy, distribute, and reuse BMB content as long as he or she credits the original author and source.

Dr. Mohammad Al-Ubaydli, a Senior Editor at the BMB, said “Open access publishing brings the same revolution to the publishing of scientific information that open source software brought to the creation of software”. Dr. Al-Ubaydli led the conversion of BMB to an open access journal. He is author of the book Free Software for Busy People (www.freedomsoftware.info) which discusses the use of open source software in health care.

This conversion is funded by grants from the Kuwait Finance House and the Ministry of Health. H.E. Dr. Faisal Al Hamar, Minister of Health, said “We supported this work because of its importance to medical research in the region”. Mr A. Al Khayat, from Kuwait Finance House, said “As an Islamic Bank we are delighted to provide funding for work that will ultimately improve patient care”.

Although some journals in the region already allow readers free access to their journal website, BMB is the first to allow readers to reuse the content in other ways through the open access license.

Such reuse has many powerful applications.  For example, anyone will be free to distribute any article in BMB, make translations, put the articles into course packs in universities, and make derivative educational works.  If a minister of health reads an important study in BMB, they are now free to send a copy to every health professional in the country.

This commitment to access to knowledge by a Bahraini journal complements Bahrain’s existing medical infrastructure. For example, the only Cochrane Center in the Middle East is in Bahrain. Cochrane is the international collaboration between medical scientists around the world to evaluate and identify clinical treatments for patient care.

بيان إخباري، 23 ديسمبر 2008

[بدعم وزارة الصحة والتمويل الكويتي]

مجلة البحرين الطبية: أول مجلة علمية مفتوحة في البحرين
أصبحت مجلة البحرين الطبية ومنذ اليوم (Bahrain Medical Bulletin (BMB), www.bahrainmedicalbulletin.com) أول دورية علمية مفتوحة، وبهذا باتت متاحة للقراءة على الإنترنت بلا كلفة، وتنشر حسب شروط حقوق نشر متقدمة بحيث أصبح ممكنا للقراء إعادة استعمال المقالات بشرط الإشارة الصحيحة للمصدر والكاتب.

ويقول الدكتور جعفر الإبريق رئيس تحرير المجلة: “ينطلق هذا التغيير من الاقتناع بأن البحث الطبي هو مصدر عالمي عام ويجب أن تترافق طبيعته مع الترخيص باستخدام حقوق النشر الداعمة للتشارك في المعرفة العلمية.” وكان الدكتور الإبريق قد أسس المجلة عام 1979 لإيجاد ملتقى للبحث العلمي بالمنطقة.

وبدءاً من عدد ديسمبر 2008، فإن كل مقالات مجلة البحرين الطبية ستكون منشورة للاستخدام المجاني عبر الإنترنت وستُخزّن فوراً في أرشيف عام وقت النشر. وسيحق لأي مستخدم أن ينقل أو يوزع أو يعيد استخدام محتويات المجلة طالما قام الشخص بالتوثيق للمؤلف الأساس وللمصدر.

وقال الدكتور محمد العبيدلي أحد كبار المحررين بمجلة البحرين الطبية إن “النشر المفتوح يحقق بعالم نشر المعلومات العلمية نفس الثورة التي أدخلها برامج المصدر المفتوح لعالم إبداع برامج الحاسوب.” وكان الدكتور العبيدلي قد قاد عملية تحويل المجلة إلى نشرة مفتوحة. وهو مؤلف لكتاب “البرامج المجانية للأناس المشغولين” (www.freedomsoftware.info) والذي يناقش استخدام برامج المصدر المفتوح في العناية الطبية.

ولقد موّلت عملية التحويل بمنح قدمها بيت التمويل الكويتي ووزارة الصحة. وقال الدكتور فيصل الحمر، وزير الصحة: “موّلنا هذا البحث لأهميته للبحث الطبي في المنطقة.” وقال السيد عبدالحكيم الخياط من بنك التمويل الكويتي بأنه وبالنظر: “لكون البنك مصرفاً إسلامياً فإننا سعداء لتوفير تمويل لعمل سيحسن بالنهاية العناية بالمريض.”

وعلى رغم من أن بعض المجلات الطبية بالمنطقة قد بدأت بالسماح للقراء بالاطلاع الحر على مواقعها، فإن مجلة البحرين الطبية هي الأولى في منح حق استخدام المحتويات وبأية طرائق أخرى عبر منح ترخيص الاستخدام المفتوح.

ويمكن لهذا الحق أن يمكّن من تطبيقات قوية متعددة. مثلاً، يمكن لأي شخص أن يوزع  أي مقال بالدورية أو يقوم بترجمته، أو يضمن مقالة ما بأي مقررات للتدريس بالجامعات، وأن يحقق أية أعمال مشتقة من تلك المقالات. ويحق بذلك لأي وزير صحة اليوم وحينما يقرأ دراسة مهمة بالمجلة أن يرسل نسخة منها لأي محترف للعناية الصحية بالبلد.

ويكمل الالتزام بحق استخدام المعرفة الذي تمنحه مجلة بحرينية، البنية التحتية الطبية البحرينية القائمة. وعلى سبيل المثال فإن فالبحرين تضم مركز كوكرين الوحيد بالشرق الأوسط. وكوكرين هو تعاون دولي بين العلماء الطبيين حول العالم لتقييم وتحديد العلاجات السريرية للعناية بالمريض.

Tagged with:

Bahrain should Adopt Open Source Electronic Medical Records

Posted in Medicine, My publications, Peer-reviewed papers, Technology by Dr Mohammad Al-Ubaydli on December 1, 2008

This paper was published as an editorial in the December 2008 issue of Bahrain Medical Bulletin.

Mohammad Al-Ubaydli, MB, BChir, MA, Cantab. Honorary Senior Research Associate, University College London, UK. E-mail me@mo.md.

Bahrain should Adopt Open Source Electronic Medical Records

As Bahrain begins the switch to electronic medical records the use of open source software becomes increasingly important. Without it, the country’s public health data is at the mercy of private companies, local young innovators are unable to contribute solutions, and the citizens’ fears about how data is used will lead to patients withholding information from their doctors.

However, with open source software, the country gains the accountability from its vendors, locally-led solutions to our health problems can emerge, and all of us as patients can trust the health care system with the safety of our records.

Open source software is software for which the source code is openly available for inspection and reuse. Inspection of the source code in software development is equivalent to peer review in medicine and science. It is the best way to critique software, ensure honesty and improve quality.

The reusability of the software also decreases costs. This is not just because the software is available free of charge but rather because the creators of closed source software keep on reinventing the wheel. They keep on spending money to write parts of their new software that have already been written by other programmers around the world. In addition, they pass on those costs to the end customer.

Perhaps the best illustration for why Bahrain should adopt open source software is Britain’s experience with closed source software in the National Health Service. The government’s aim was to bring the benefits of electronic medical records to all UK citizens.

Starting in 2002 the UK government began what was arguably the most complex and best-funded IT project in the world. Companies from all over the world were keen on winning the contracts because of their size and prestige. Richard Granger was recruited and became the most highly paid civil servant, earning £100,000 more than Prime Minister Tony Blair does. The government did this because it wanted the best possible controls over the delivery of the software by the private contractors.

Moreover, the government remains at the mercy of the contractors. Initially only iSoft won three of the five regions in England, and General Electric (GE) won two. Soon, problems with GE’s deployment meant that it had to give up one of its regions and Cerner took over that contract. Of course each company brings its own proprietary closed source software and reusing existing software is not possible. Meanwhile problems and delays continue. The government is unlikely to get other companies to fix future problems because the pool of companies is so small and the problems have been so large. How would the Bahraini government be able to avoid these problems?

It is noteworthy that most of the contracts have been won by American companies. Microsoft, Cerner, Accenture, GE, CSC are but few, and British companies like BT and iSoft are in the minority, until iSoft itself was bought by an Australian company. It is right for the government to demand the best software from the best companies around the world but the insistence on large contracts of closed source software has locked out much of Britain’s previously vibrant health care IT industry. Companies like EMIS publicly expressed their frustration at their inability to participate even though they had the largest market share of software for General Practitioners.

Meanwhile many start-ups in the UK had to refocus their efforts on selling outside the UK as they are barred from integrating their software to the closed source of the winners of the large contracts. How would the Bahraini government be able to support local innovators?

Finally, the transparency in the governance of medical records is crucial. In the UK original plans were to allow medical records to travel from any doctor’s medical record’s system to the central database, and then to any NHS doctor. Patients felt that they had lost control over the data, and letters to newspapers expressed citizens’ distrust of the security controls. After all there was no way of inspecting the source code of the software that transferred the data to ensure that it does so securely, much less give the patient control over the transfer of the data. Some patients began refusing to tell their doctors about some of their illnesses because they feared the loss of control. A key part of patient-doctor confidentiality had been broken. How would the Bahraini government reassure its citizens?

Open source software offers a simple and cost-effective solution. Open source electronic medical records software tools are available free of charge. For example, VistA (the Veterans Health Information Systems and Technology Architecture) was created by the U.S. Department of Veterans Affairs (VA) as far back as 1982 to support the care of U.S. veterans and is the world’s most widely deployed and carefully tested Electronic Health Record systems (EHR)1. Versions of this system are in active use in the U.S. Department of Defense Military Health System, the U.S.

Department of Health and Human Services Indian Health Service, and internationally as well, e.g., Mexico – Instituto Mexicano del Seguro Social, Berlin Heart Institute of Germany, and National Cancer Institute of Cairo University in Egypt.

Using the software would transform Bahrain’s efforts. Contractors could bid for how well they deploy and support the software. If there are problems, as there were with closed source software contractors in the UK, it would be easy to replace them by others who would provide better services. Local innovators would also be encouraged. First, Bahraini programmers could learn from the best in the world because they could study the source code free of charge. Second, they would be able to build solutions on top of VistA without needing the permission of contractors. A suite of localized solutions could emerge, and Islamic-friendly software could be exported to other Muslim countries that have the same aspects to the delivery of medical care. Finally, the problem of transparency would be solved. When a government minister in the UK says that NHS software is safe, there is no way to confirm the accuracy of his or her statements. Nevertheless, open source software could be inspected and tested for these claims. Not every citizen has to be a programmer for this to be the case, but the programmers in our midst could carry out the tests for their fellow citizens.

Surely we all deserve these benefits as we embrace the future with open source arms.

Note

1. VistA (http://worldvista.org/AboutVistA) is open source medical software made by the U.S. Department of Veterans Affairs (VA), as opposed to Windows Vista the closed source operating system software made by Microsoft.

Tagged with:

Bahrain tops Cochrane league table in the middle east

Posted in Arabs and Arabic, Medicine, People / organisations by Dr Mohammad Al-Ubaydli on November 29, 2008

By October 2008 Bahrain’s Cochrane center had published 10 evidence-based medicine reviews, topping the output of Egypt (8), Pakistan (8), Iran (6) and Saudi Arabia (4). In fact, in the Middle East, only Israel has produced more reviews, with 24 published to date. But Cochrane Bahrain only started publishing in 2004 and with 4 reviews published this year to Israel’s 2 I have high hopes for the future.

Why is this important? Cochrane reviews themselves are important because they represent the medical profession’s consensus evaluation of what treatments work and what other treatments to avoid. Its authors look at all existing research for each disease and treatment. The output of this international body of clinical scientists improves patient care every day.

Bahrain’s performance is important because of what it says about the country’s integration with rigorous international scientific work. But its relative performance to that of its wealthier and larger neighbours is what impresses me the most. If you take reviews per capita, Bahrain manages to top even the output of Israel.

I hope that the Bahraini government increases its funding of Cochrane Bahrain, the only such center in the Arab world and one which is becoming a model for other centers around the world.

Tagged with:

Using Ajax for Cleaner Software

Posted in Articles, Medicine, My publications, Technology by Dr Mohammad Al-Ubaydli on November 22, 2008

Published in UK Health Informatics Today Autumn 2008 edition.
Mohammad Al-Ubaydli, MB BChir Cantab
Founder, Patients Know Best – www.patientsknowbest.com

Ajax is a new web programming technology that solves an old conflict between CIOs and clinicians and eases the use of innovative devices in large organizations.

For IT staff, managing a single server with web browser-based clients is much easier than installing client software on every single computer that clinicians use. But for clinicians, web browser client software is too slow and simple: only clients installed locally on a Windows machine provide the responsive and rich user interface needed for consultations with patients.

Traditionally, this conflict was settled in favour of the clinician. Staff from the IT department had the Sisyphean task of installing software onto every computer, and no sooner had they completed one round before the next one began with a newer version of the software. Furthermore, local software stored data locally, requiring strong security protocols on each computer.

Ajax can end this cycle. It allows web browser-based clients that are fast and powerful in their response to server software, which the IT department may now focus on managing. Ajax is an acronym for Asynchronous JavaScript and XML. XML is the data that is exchanged between client and server, and JavaScript is the browser-based programming language that is powerful enough to support complex user interfaces.

Asynchronous is the clever and recent innovation; it allows the browser to only update the part of the screen that is relevant to the user’s most recent interaction. In other words, rather than redrawing the entire page in response to a user’s click, the web browser can redraw only the relevant part in an Ajax-driven page. The rest of the page can continue to function asynchronously as the XML arrives for the part that the JavaScript is changing.

The release of Google Maps in 2005 was a watershed event in showing the world what Ajax could do. The technology had been in place since 1999 when Microsoft introduced the XMLHttpRequest programming object for asynchronous communication in Internet Explorer, and soon afterwards Mozilla and Opera followed suit with support in their own web browsers. However, few sites made use of the technology and few users understood its significance. But with Ajax, maps on Google’s website loaded quickly and scrolled even more quickly. By contrast, existing map sites had to reload the entire page with each click by the user.

Slowly, mainstream healthcare software developers are integrating this approach into their products. Naturally, it is startups that are first to do so, companies like Tolven Health and Net.Orange. From my conversations with the executives of larger, more entrenched companies, they too are making the switch.

Just as significantly, it is easier to deploy innovative devices because most of them support Ajax in their web browser. Apple’s iPhone, for example, was notorious among developers because the first version only accepted Ajax software. The web browsers of most new smartphones also support Ajax.

This means that clinicians can use operating systems other than Microsoft Windows, something that has so far held back deployments in the NHS.

The switch to Ajax does have security implications. On the one hand, Ajax-powered thin client software is more secure than locally installed thick-client software because the data is only stored on one central server for which security can be maximized. But the ubiquity of the web means developers must abandon previously tolerated but inherently insecure practices.

Most significantly, state data must only be stored on the server, not the clients. Examples of state data include the fact that the end user is a doctor or the identification number of the patient they are looking; these must be maintained centrally even if they are temporarily displayed on a local web browser. Programs that do not have this architecture leave themselves open to manipulation at the local computer level. For example, a malicious end user may easily identify and manipulate their state data by editing the local cache file to identify him- or herself as a doctor.

Such vulnerabilities were always possible with old, thick-client computing models. Security through obscurity made this tolerable because each program had its own security model and fragmented market share. By contrast, the web is much more transparent and information about vulnerabilities is shared
quickly and comprehensively.

If you are working with an experienced programmer who is new to Ajax, the risk is that such a programmer would assume that programming in the web environment is the same as working with Windows. A simple explanation of this vulnerability is typically enough to enable a change in programming habits.

Such changes in habits are well worth the effort. The end results are software that is cleaner to deploy and manage as well as increases in the productivity of IT staff –things from which we can all benefit.

Tagged with:

HealthCamp UK 2008

Posted in Medicine, People / organisations, Technology by Dr Mohammad Al-Ubaydli on November 18, 2008

Want to know what happens to this balloon at HealthCamp UK 2008?

paul-brannigan

Read all about it on the Patients Know Best blog page.

Tagged with:

BabelMeSH and PICO Linguist in Arabic

Posted in Arabs and Arabic, Medicine, My publications, Peer-reviewed papers, Technology by Dr Mohammad Al-Ubaydli on November 10, 2008

For AMIA 2008, Dr. Paul Fontelo and colleagues presented this poster.

BabelMeSH is a multilanguage search for MEDLINE/PubMed. We created a database of Arabic translations of MeSH terms and other medical terms using MySQL and developed a Web interface for searching MEDLINE/PubMed in Arabic. We evaluated the accuracy of BabelMeSH using a list of medical terms from BMJ Clinical Evidence.  The accuracy was 58% (machine scoring) and 65% human review.) The result obtained may be explained by variations in expressing medical terms in Arabic.

My name is down as one of the authors but my contribution is minor relative to those of the others, especially Paul’s, as he has created and championed BabelMeSH for some time now. At any rate, I highly recommend the Arabic language BabelMeSH.

Tagged with:

Third annual Ali Abdulla Al-Ubaydli scholarships for mobile medical computing

Posted in Medicine, Technology by Dr Mohammad Al-Ubaydli on October 28, 2008

It’s that time of year again folks, the annual Ali Abdulla Al-Ubaydli scholarships for mobile medical computing. The first round is for US citizens and non-US citizens living in the USA. Know who someone who would qualify? Ask them to apply for a Scholarship. (The second round is coming within the next couple of weeks and will be open to others around the world.)

Dr. Mohammad Al-Ubaydli and Epocrates are pleased to provide annual Ali Abdulla Al-Ubaydli scholarships for mobile medical computing. Every year we award $5000 of Ali Abdulla Al-Ubaydli™ Scholarships for Mobile Medical Computing™ to select and train the next generation of mobile medical computing researchers.

The challenge

At the end of 2008 there are over 1000 citations in PubMed™ that dealt with handheld computers. Many lessons have accumulated in the clinical literature but we need to understand and assimilate these lessons.

The challenge is to provide these lessons as peer-reviewed and unbiased summaries based on scientific fact, not marketing hype.

The Scholarships

Each year we select two scholars in the USA and offer other awards to applicants from around the world to review selected literature and make summary reports that will be published in the Mobile Medical Computing Reviews journal. The award winners will be mentored and trained by Dr. Mohammad Al-Ubaydli, author of six books, including “Handheld Computers for Doctors“.

The results

Once complete, the reviews will be published and freely available through the website of the new journal Mobile Medical Computing Reviews. Each scholar will be able to quote their own reviews in their list of publications.

Apply for a Scholarship

Tagged with: