How to Win a Hackathon (also: free beer)

You can spend an entire weekend in San Francisco and not pay for food or drinks once. All you need to do is build a prototype web application in 5 minutes and spend the next 50 hours making it into something never seen before. The hackathon is here.

Hackathon is the local sport. It's an endurance event for programmers and builders, usually an entire weekend where the contestants race from zero to working application, followed by Olympic-style judging (the criteria might be creativity, applicability to the problem set (usually there is always a "theme"), and technical difficulty). It's a team sport, and if you want to win you have to bring something good to your team. There's a few things you can do that will make your team happy and give you a shot at the gold medal.

First, preparation is essential. You build your laptop from scratch to be the ultimate developer machine, with several full development stacks and your code editor customized just the way you like it so anything you might need is at your fingertips. Then you'll spend at least a day or two in last minute preparation and testing; doing some practice exercises could't hurt. The key to a good hackathon is rapid prototyping, and that requires tools and skills already in place and ready to go.

What You Need to Bring

At some point I had to ask myself, what is in my toolbox? What do I install on my laptop and how do I make sure I don't embarrass myself by not having the latest SuperNextGen Build System configured to auto-construct the web site we need and remember everyone's coffee order? Also, I want to win! And to win I need the absolute best tools in the room, configured just so. And so what tools do you bring?

Web services development and hosting

That's right, bring the cloud. More precisely, your access to cloud servers and services. You should be able to whip up a new web service as fast as you can type, and deploy it somewhere the rest of your team can use it. At minimum you need a good REST CRUD for basic object persistence; in reality everyone will be expecting you have the entire data set in a high-throughput BigQuery analysis engine by lunch time. In a pinch, JPA on AppEngine will do.

Whatever platform you use, you're going to want to get a test system up and running first thing, something that you can build your application on. This first program essentially becomes a workbench, something you can test on, adding and removing new features to see how they work. Start with something generic, then specialize it to your problem set.

Oh, and you'll need to be able to share your code and other digital assets. Here, a little setup beforehand goes a long way.

User Interface Experience.

It's not an interface, it's an experience. There's rapid prototyping and then there's interactivity, and you'll never know what kind of interaction works until you try it. You need your code templates and a toolbox of plug-and-play components ready to go, organized so you find the right one quickly. Yes, you can impress everyone with a little copy and paste and some quick JavaScript.

Data Visualization 

Chances are, whatever you build will involve looking at data. With a visualization library like D3, you can design and deploy a number of different charts for whatever is thrown at you the day of the hack. 

Hardware

Nobody hacks in pure software. Not in the age of Raspberry Pi and homebrew sensors. If you show up with a programmable hardware device and it turns out to be actually useful, you will be the rock star.

Algorithms

You should just learn all you can, constantly. Bring what you know.

Monty Python Jokes

You're spending the weekend surrounded by some of the smartest, most energetic, and creative engineers around, and everyone has fantastic dreams of things to come. People like this are easily entertained, so bring your silly walk.

A hackathon is a special time and place where sparks of innovation fill the air and the future is taking shape before your eyes. When those eyes get red and tired, when it's late and everyone is punchy, that's when the fun begins. The geeky insider jokes fly with the airspeed velocity of an of unladen swallow.

And you might just take part in the creation of something new. 

Enjoy!

Words by People

It's not the epiphany, it's what you do after the epiphany.
- Stew, Passing Strange 

Always do what's next. 
- George Carlin

Adventure without risk is Disneyland. 
- Douglas Coupland

Life is short and information endless. Abbreviation... a necessary evil. 
- Aldous Huxley

Rule 1 of the attention economy, pay attention. Rule 2, pay attention to where you pay attention. 
-Howard Rheingold

85% of life is just showing up. 
- Woody Allen

At least some of the remaining 15% is showing up early.

- Me

To achieve great things, two things are needed: a plan and not quite enough time.
- Leonard Bernstein

Time is an illusion. Lunchtime, doubly so.
- Douglas Adams

One person can make a difference, but most of the time you probably shouldn't.
- Marge Simpson

Don't believe everything you think.
- bumper sticker on a VW microbus

Everybody's screwed up in their own special way.
- Joey Ramone

Character Sets in HL7v2

If you work with HL7, you need to understand UTF-8. It's the standard and unless you see another character specified in message segment MSH-18, that's what you use. A typical HL7 message will have an empty MSH-18 segment and by default all visible ASCII characters in UTF-8 (hexidecimal 20-7E) are legal.

That simplifies things but there's still a lot to watch out for, especially at computer boundaries. You may be sending messages from Windows to a Linux server, or you may be editing files in a text editor that's configured to a different character set and feeding those into your message client.

There's excellent material on what every programmer needs to know about

Version 2 Character Sets and Encoding from Health Intersections, a paper by someone who had just finished rewriting his v2 parser.

The Unicode FAQ from Unicode.org

What Every Programmer Should Know About Unicode (no excuses!)

From this, we have the need for an HL7 message that can test how a system handles the complete set of visible UTF-8 characters. Start with the UTF-8 Test File from W3C, take any simple HL7 message and add a note segment for every legal character, like this:

NTE|2||0020   SPACE
NTE|2||0021 ! EXCLAMATION MARK
NTE|2||0022 " QUOTATION MARK
NTE|2||0023 # NUMBER SIGN
NTE|2||0024 $ DOLLAR SIGN
NTE|2||0025 % PERCENT SIGN
NTE|2||0026 & AMPERSAND
NTE|2||0027 ' APOSTROPHE
NTE|2||0028 ( LEFT PARENTHESIS
NTE|2||0029 ) RIGHT PARENTHESIS
NTE|2||002A * ASTERISK
NTE|2||002B + PLUS SIGN
NTE|2||002C , COMMA
NTE|2||002D - HYPHEN-MINUS
NTE|2||002E . FULL STOP
NTE|2||002F / SOLIDUS
NTE|2||0030 0 DIGIT ZERO
NTE|2||0031 1 DIGIT ONE
NTE|2||0032 2 DIGIT TWO
NTE|2||0033 3 DIGIT THREE

...and so on.

You can download a simple lab result test message here or create your own with other character sets and neat tricks like embedding escape sequences and changing encoding mid-stream (but for the sake of the rest of us who might have to read your data please don't). Then feed that into an HL7 client program, such as the free and open source HAPI Test Panel, and run it end to end through the system. If it comes out the other side the same way it went in, you're golden. Happy encoding!

Adventures In Health Insurance Part 3: Getting Covered

(Part 3 in a series, a continuation of Part 1 and Part 2)

To be honest, when I said I want to keep my doctor it was just an experiment.

I've never been able to keep my doctor. Continuity of care seems like a great concept but it's something I've never experienced. I've seen my current doctor a total of 3 times in the 3 years he's been my doctor. I got this doctor l like I got all my doctors: my health coverage changed when my employment situation changed. Optum, the Health IT company and United Healthcare subsidiary, bought Axolotl, the HIE company where I worked. They gave me this new high deductible HSA PPO they believe is the wave of the future and will ultimately bring down the cost of health care by putting the first few thousand dollars of cost on me, motivating me to spend more wisely. That's the theory anyway, as I saw it pitched by Tommy Thompson (HHS Secretary under President Bush) and UHC executives.

I left in July to join a small consulting firm. I'm still working in the HIE field but now I'm buying my own insurance. My intention was to pay for COBRA until the end of the year, then buy either an exchange plan or a private one, depending.

United Health is not on the exchange and is in fact pulling out of California's individual market altogether. They were never big here anyway and the number of individual subscribers probably didn't justify the administrative expense.

I checked out the exchange plans, and I have my choice there. It's not everything I want but it's darn close, a bit cheaper, and feels safer. If I ever feel slighted or wronged by the exchange in any way, I know I'll have an army of Angry Republicans marching to my defense as they have been wont to do of late.

Now it's time to explore the individual private market, that vast free market jungle out there. I feel like I should be wearing a pith helmet.

As with many things, it started with Google, which showed me a paid ad for eHealthInsurance.com

It asked me basically the same questions through the same procedure - the doctor search worked - and it sent me to the Blue Shield of California web site, where I saw the same plans for the same price. The UI is more polished, and you can see how the cheaper plan may be great if you're healthy and nothing happens, but paying 40% of an emergency room visit instead of a simple $250 copay, that could hit pretty hard I imagine, and could lead to some interesting negotiations on the operating table ("What's that machine, doc? It looks expensive").

The cheapest plan on the exchange was $263 and the cheapest plan on eHealthInsurance.com was $294. I could get an HSA for around three hundred bucks, and with that I would have a $4500 deductible and a 40% copay beyond that, up to my yearly maximum of $6250. With the HSA I could contribute to $3300 a year tax free. The idea with an HSA is to start young so when your health fails and you start paying out that yearly maximum, you have enough to cover it. Rich people love it because you can contribute pre-tax dollars and invest it in the stock market, like a 401k. Unlike a 401k, you also withdraw it tax-free as long as you spend it on medical expenses. Like the individual mandate, the high-deductible HSA plan was another conservative idea embraced by insurance companies and incorporated into the ACA. 

The non-HSA plans have a $2000 deductible. Between that and the lower copays, it seems like a less risky choice. I'll pay a bit more per month but a lot less if something happens.

Also, the exchange site is more responsive than it was last time. It's 7:21pm and I'm navigating through as fast as I can click. It wasn't like that the first week.

Buying insurance isn't as scary as I imagined. There is comfort in knowing whatever I buy will have a minimum level of coverage and no lifetime limits. The horrendous industry practice of rescission (actuaries actively looking for reasons to drop sick and expensive patients from their plans) is a thing of the past. I can buy any plan available without fear of hidden "gotchas" that might hurt me later when I need serious health care.

So starting January 1st, I'm off COBRA and on my new plan with the same doctor, the same benefits, and the same costs. I went back to CoveredCA.org to do the actual enrollment, and with another login and a few more clicks, I am signed up! My new coverage starts January 1st.

Adventures in Health Insurance, Part 2: CoveredCA Here I Come

So let's see if I got this right. The original contractor blows a high profile rollout, everyone - and I mean everyone - is screaming mad about the lousy software, management panics, and an elite tiger team swoops in to save the day. In the world of health IT, we call that Tuesday.

As I mentioned before, I am actually shopping for insurance right now. I'm in good health and could probably buy insurance on the private market for a bit less than what I've been paying COBRA for the past several months, but I thought I'd wait to see what the exchanges had to offer. This is the story of my adventure on CoveredCA.

I signed up early, was able to compare prices somewhat and already had a login before the October 1st rollout. I finally found the time and motivation to do some for real shopping. It's 7:17pm and I'm logging in.

It's showing the strain of prime time load, the poor thing.

Waiting ten seconds and clicking didn't seem to help, but the APPLY button did take me somewhere useful. The login worked. I was in.

 My first impression is that of a nice, clean layout. I can see right away I've already filled in all the forms (there aren't that many), but then none of the things I want to click are hyperlinked. I'm a very nonlinear user and I like to click on everything. I suspect there's a NEXT button hiding in the corner somewhere, and there is.

It turns out to be a very linear navigation, and by "very" I mean "exclusively." It's next-next-next until you see at least three text regions overlapping each other, like an HTML panel editor threw up in the corner. 

It looks terrible but I just need to click Select Health / Dental Plan so I move on.

I get to my selection of 26 plans, of which I can view exactly three at a time. There's too much real estate at the top being used by navigation links I don't care about right now, leaving precious little room at the bottom for a ridiculously constrained scrolling region containing all the information I really want. In this picture you can see two rows of that.

And here's a collapsed list of all the information you can scroll through down there. If you count you'll see there's a lot. It's all useful and I wish I could view it more easily.

Here's a tip for all you twelve year old kids who want to build web applications like this one: The ideal number of scroll bars on a given page is zero. One is marginally acceptable but if you have two or more they interfere with each other and that's bad. Very bad.

Let's get to the part where I search for my doctor. He's not there. I hope he hasn't left town but when I search by name this is what I get.

And this is what I get when I search for "S"

I point this out not because it's broken, in fact it works perfectly fine. However, that NextLast bugs me. It makes me want to open a text editor and fix it, but I can't, so it's just annoying.

Let me show you a brilliant health care web site.

This is Palo Alto Medical Foundation. They've been pioneers in health web applications from the very beginning so when I say it's a brilliant site I mean it. It's been polished by years of heavy use, tweaks, and overhauls. Notice the clean layout containing lots of information. Everything you think you should click on, you can. From here you can do any number of things, whether logging in or checking urgent care wait times. And what's that at the top of Special Notices? A list of ACA plans. Just what I need!

However, on the CoveredCA site, I can't search by plan name, or much of anything really. I can browse and find the plans easily enough. It browses side to side with lots of stuff to read, here's an example of some of the mouse overs.

Oops, that's no mouse-over. I'm guessing some of the javascript events aren't being picked up by the timeout mechanism. In any case, I have most of what I need so I can call it a day. I know what plan I want and it's a bit cheaper than what I'm paying now. I would like to make double sure all my providers are in network along with a few other minor questions, as is true with any health insurance plan. However it didn't crash, annoyances were constant but didn't stop me, and I'll probably have to talk to someone in person before making a purchase anyway.

In other words, it's working just as well as your average brand new health IT system.

UPDATE:

The automatic timeout works, and it is nothing if not secure.

Adventures in Health Insurance Exchange Part I: Doctor, Doctor

The insurance exchanges are online and I need insurance.

A little background on me: I was a software architect at Optum (the IT arm of United Healthcare) building Health Information Exchange (HIE) systems until recently. I left to join a very small consulting company (there's 3 of us) and lot of exciting stuff is happening in health care: HIEs, ACOs, NwHIN, FHIR, Blue Button, all these amazing things coming into existence right now.

I'm not without coverage. I have a UNH plan, high deductible with HSA, which is fine. I like my doctors. I'm on COBRA which is $500 a month but I get $100 off for being in good health (rockin' all the vital signs - oatmeal and half marathons yo). Not a bad deal, in relative terms. The individual private plan is about the same but I've been waiting for the insurance exchange to come online and now I get to put it to the test.

Being a Silicon Valley kind of guy, I went to CoveredCA.com - I actually signed up months ago and the "window shopping" part of the site has been up for quite some time so I know my rates are going to be similar. Turns out that's just what they cost.

I have a few requirements for my next health insurance plan:

1. I want to keep my doctors - all of them. PCP, eye doctor, dentist, everyone because I want to live as long as humanly possible and that involves watching the progression of my health very carefully as I age. I stand on the principle that continuity makes better care.
2. I kind of like my health savings account (HSA), I'd like a plan with an HSA. You pour money in tax free and when it's time to pay that high deductible it doesn't feel nearly as painful as pulling that same amount of money out of a savings account. I also figure when I'm old and feeble I'll be paying the yearly max every year, so there's that.
3. If they have high tech wellness tools, like a really killer mobile app, that's a plus.

At first, I didn't know if I could keep my doctor. A tool to search for providers was added October 7th, and with it I was able to find my care organization - Palo Alto Medical Foundation - but not my doctor. I had to go to PAMF's web site to see what plans they accept. PAMF was an early pioneer in this technology and their tools are very, very good. I not only saw what plans I could pick from the exchange, I saw this:

How about that. If I don't switch plans, there's a chance I won't be able to keep my doctor.

Partisan pundits have asked, "Will I get to keep my doctor under ObamaCare?" I think the real answer to that question is, "Were you ever able to keep your doctor?" I had to switch doctors every time I changed jobs, and sometimes just because my insurance company decided to change its "network" for no reason I ever knew. If I move to another city I'll find a new doctor, but as long as I live here, walking distance from PAMF, I'm not switching. I shouldn't have to.

With an ACA plan I can keep my doctor. In fact, I need to sign up now if I want to keep my doctor.

In a later post I'll describe my experience navigating the web site, along with a few others, and actually buying insurance. Spoiler alert: I'm a big, big fan of health IT systems and I'm inclined to like it, but I did run into one or two problems.

Provider Directories at Direct Boot Camp 2.0

The ONC State HIE Program hosted a two-day workshop on NHIN Direct, the health information exchange protocol built on secure email (SMTP/S-MIME). There was quite a good turnout. I'm still fairly new to Direct, so readers will have to forgive (or correct) any innacuracies or misinterpretations on my part, as this is based on notes and conversations I had over the two days. The main areas of focus were scalable trust, security and interoperability, and provider directories. So without further ado, here's a brain dump of my two day dive into Direct.

The Big Question

The workshop opened with a question and crowdsourcing exercise. Everyone was given index cards upon which to write an answer. The cards were distributed and voted on, and the top five read aloud. The top answers were centered on education, outreach, and provider directories.

Provider Directories

This was the hot topic. There's a lot of interest in healthcare provider directories (HPD), trust, and bridging trust authorities. How does a HISP know which HPD to query for authoritative information, and whether the information returned is accurate, up to date, and trustworthy? Since the HPD is used primarily within Direct to look up addresses and certificates, this is a big issue.

At the HPD roundtable discussion a number of different views were brought together. A Federal Bridge was discussed, which using x.500 and x.509 to certify Certificate Authorities (CAs) and provide trust bundle functionality. This would be a distributed system of authoritative directories with the "source of truth" being at the edge of the directory tree, as close to the provider as possible, being that an organization with a direct relationship with the provider would be more trusted. However, how would x.500 deal with system which only use organization-level certificates, and not person-level certificates? What engagement model will motivate physicians to keep their information up to date?

A question was raised about the need for a standard response model supported across the country. It would be nice if states and the DEA supported certificates to verify doctor identities. Provider directories have strong verification and credentialing use cases. For example, in a federated model of authoritative sources, is there a potential for fraud or gaming the system? If a provider license is revoked in one state, what happens when the provider moves to a different state?

Another concern expressed was what information should be exposed publicly. There is a widespread perception that publicly available provider directories might open the door to spam, but the Direct protocol is very difficult to spam. HPD maintainers have a more legitimate concern: if they expose everything via web services, what's to stop a competitor from downloading the entire directory? This is the motivation for mutual authentication, to control who can access what. There needs to be agreement on what information to divulge and what to withhold. Western States Consortium has been studying this problem and is in the process of documenting their findings.

Mod Spec HPD

Direct20: Modular Specifications - Provider Directories from Brian Ahier

Mod Spec (MSPD) is trying to "future proof" the HPD specification and make it more modular. MSPD extended HPD for error handling, federation, and extensibility. The LDAP model is the same, but the WSDL and error handling have been updated. They are looking for pilot projects (contact Farrah Darbouze or Matthew Rahn for details).

ModularSpecs Home Page