The US Department of Veterans Affairs (VA) is exploring the creation
of a "custodial agent" to govern the development of VistA,
its popular open source electronic health record (EHR) platform. VistA
exists as open source code because it is in the public domain, and a
successful ecosystem of VistA-based projects and companies has grown up around it offering EHR services, but without the governance and infrastructure of a "real" open source project.
High-angle view on VistA
VistA was developed slowly by the VA, beginning around 1977. In its
current form, it consists of more than 100 individual applications handling
discrete EHR tasks, including prescriptions, medication dispensing,
clinical orders, doctors notes, tracking test results, and many more. It
is used by the VA's network of more than 1000 hospitals, clinics, and
medical facilities, and is regarded as one of the key factors behind the
Veterans Health Administration's top
ratings on patient satisfaction and quality of care — regularly beating out Medicare, Medicaid, and private health care services.
In addition to its use by the VA, VistA was adopted as the core of the US Department of Defense's Composite Health Care System (CHCS), the Indian Health System's Resource and Patient Management System (RPMS), Finland's MUSTI Consortium, and a number of non-governmental institutions. Several open source projects packaging VistA for deployment have developed over the years as well, most designed as commercial products created by system integrators that offer support services and add-ons, such as OpenVistA by Medsphere and vxVistA by DSS. The WorldVistA non-profit organization was established in 2002, and packages its own version, called WorldVistA EHR, in addition to providing discussion forums, documentation, and resources for adopters.
In spite of its popularity, VistA deployment is not simple. Modules are
written in the healthcare-tailored language MUMPS, which offers its own
database functionality that is not compatible with general-purpose
relational databases. This is not a relic inherited from VistA's age,
either: as VistA architect Tom Munnecke explains,
relational databases' row-and-column table requirements simply are not compatible with the large structures needed by EHR, starting with the fact that EHR records are extremely sparse (consider, for example, that the non-null entries in a single patient record constitute only a tiny fraction of the set of all possible medical diagnoses).
In addition, the VistA code is in the public domain because it is
taxpayer-funded — available courtesy of the Freedom of Information
Act (FOIA) — but this is a long way from a truly open source project: APIs and ABIs are not formally specified, the documentation is slim and infrequently updated, and there is no mechanism for downstream VistA users to request enhancements. While the WorldVistA group helps fill in some of these gaps, the VistA community has long lobbied for a more formal solution.
In recent years voices within the VA itself began to voice frustration at
the slowing pace of VistA development. VA CIO Roger Baker told
the FierceGovernmentIT blog that the EHR marketplace had changed
considerably since VistA's early days, and that private sector players are
creating features that the VA would like to incorporate into its own system
— and producing them far more rapidly than the VA.
Baker's proposed solution was to transform VistA into a publicly-run
open source project in the traditional sense, incorporating non-VA VistA
users into the design and development process. "One of the things
that has slowed down innovation is that about 10 years ago, the VA
centralized development of the VistA applications in a software development
group," he said. In August of 2010, the VA issued a formal request for information (RFI) to solicit input from the public in "evaluating the viability of including Open Source (OS) software as a component of IT development within the VistA Electronic Health Record (EHR) Architecture."
The initial results of that RFI were released
in February, outlining a plan to move forward with VistA as an open source
project. This second document is also an RFI, since it solicits feedback
from the community on the plan. The primary headline is that the VA would create an open source "Custodial Agent" (CA) to manage the VistA source code repository, certify proprietary applications for compliance, and accept patches and code contributions. The CA would be governed by a board that would set bylaws, define membership and intellectual property guidelines, and determine the appropriate license for the VistA codebase.
Regarding the license selection question, the RFI says it "expects
that the CA will use an Open Source Initiative (OSI) Approved license but
is open to alternative frameworks that may accomplish its
objectives." The objectives listed include royalty-free source
code, open access to all code in the repositories, non-discriminatory access, the right to make and distribute derivative works, and the right to package, redistribute, and support without requiring attribution.
The RFI also lays out a plan for modernizing the VistA codebase, refactoring the project, publishing the refactoring design, and committing the work in the open — including all architecture documentation and API specifications. On the other hand, it does not get into many specifics, such as the size, election, and makeup of the CA board, nor does it attempt to spell out any of the technical decisions (which it says will be among the board's first tasks).
The full document is 21 pages long, although the last four or so are devoted to a detailed questionnaire asking for feedback and demographics about personal or organizational experience and background. Each section of the RFI ends with a bullet list of specific feedback questions, such as "What methods of generating, sharing, and maintaining documentation provide the most value to the open source community?" and "How important is a common development environment to the developer community?"
The response from the open source VistA community has been mixed, but
generally positive. Open source healthcare "hacktivist" Fred Trotter said
the VistA community viewed the RFI "with both hope and a little
fear. We have been waiting for something like this for years, but a lot
could go wrong here." Postings on WorldVistA's Hardhats mailing
that reaction — several emphasized the importance of the API and
architecture documentation, while expressing hesitance to embrace the plan
outright. In that thread, Gregory Woodhouse said "it's high time we stop complaining and get about the business of developing a set of open standards people can rely upon."
Trotter had called
for a VistA "council" similar to the proposed CA as far back as 2008.
His proposal hinges on giving stewardship of the VistA code to an
organization not controlled by the VA, but also not beholden to the commercial VistA integrators. The latter requirement depended on electing a fixed number of council representatives from VistA-using hospitals, rather than allowing all seats to be selected by the development community.
Some of what Trotter describes dips into the details that the RFI defers to the eventual CA board. What is more interesting in the long run is the closing thought, "anyone should see that the council that I am proposing has parallels with WorldVistA." WorldVistA is currently the closest thing to the proposed CA, because it provides a voice for non-commercial VistA users and developers, but it also lacks a definite governance structure, functioning as a free-form entity instead.
If the VA adopts the CA model described in the RFI, then the need for
WorldVistA may eventually fade, or else the group might simply evolve into
a different role. For the foreseeable future, however, it serves as the
central meeting place and voice for VistA users, so its support for the VA
open source strategy is essential. There is clearly trepidation among
WorldVistA members about whether the VA will deliver on the principles and promises outlined in the RFI.
I have only an outsider's perspective on VistA, but it appears that this
trepidation stems from years of dealing with a VA that threw the code over
the FOIA-wall and did little to directly address outside users' needs. In
light of that history, trepidation seems normal. But the plan outlined in
the RFI sounds solid, and hits the right notes: it does not simply describe
an open source foundation, but it details the reasons why it must function
independently of the VA to succeed, and addresses the concerns of
developers in a way that indicates that the VA understands why open source actually works.
The VA says it will complete its evaluation of submitted responses by
March 25, and presumably will issue at least a summary of them several
weeks after that. Still it may be many months before the first concrete
steps of the plan begin — so far, not even a rough timeline has been
discussed. For his part, Trotter is cautiously optimistic because
of the slow pace the VA is taking. Putting out an RFI on the plan, he said, shows balance, and will allow the agency to gather input and avoid the big pitfalls. So it may be quite a while before we see VistA complete any transformation into a real, vibrant open source project, but if the success story of the VistA ecosystem is anything to judge by, it will be a huge win for open source — and for health care — when it finally arrives.
to post comments)