OSEHRA in transition

OSEHRA Open Source Summit 2019, Day 1 of 2

OSEHRA registration sign. Bright and early.

OSEHRA was established by the US Department of Veterans Affairs (VA) circa 2011, to support public and private-sector contributions to the VistA (Veterans Health Information Systems and Technology Architecture) electronic information service. VistA is composed of hundreds of tightly coupled applications [1], a roughly 60/40 split between electronic health record (EHR) and back office (timekeeping, finance, supply chain, etc.). In 2017, the VA signed a $10 billion no-bid contract with Cerner, the largest US EHR vendor by revenue, that has expanded to $16 billion in 2018 [2].

From the audience of ~100 gathered in Rockville, Maryland — a short metro ride to the halls of power — arose the comment (paraphrased), “We should call this conference OSEHRA in transition.”

VistA’s largest users, VA and the Department of Defense,¹ seem committed to “rip and replace.” The future of OSEHRA is uncertain.


Several visions of OSEHRA’s future emerged over the course of the day. They were, however, united in the recognition of Cerner’s EHR Modernisation (EHRM) as a fait accompli [3].

The Carpathia argument (paraphrased):
EHRM will be successful in the way the Titantic was successful. Some will make it across, in smaller boats.

The pivot opportunity argument (paraphrased):
The reduction of VA involvement will force OHSERA to expand scope beyond VistA or die. This moment is an opportunity to pivot towards open source— which we haven’t done very well with VistA, especially when it comes to getting community contributions into production at VA hospitals.

The contingency argument (paraphrased):
EHRM will take a decade. Continuity of veteran care demands OSEHRA for the transition and as a contingency “just in case.”


From this of crucible of (sometimes resigned) recognition, we have a lens to view the sessions.

Link to conference agenda

Non-EHR is 40% of VistA. Financial Management Business Transformation (FMBT) and Enterprise Supply Chain management are the second and third largest modernization efforts within the VA.

Tech risk
Architecture diagrams of intermediate state architectures — for both EHRM and non-EHRM modernisation do not exist, at all but the most curory granularity.

Quotable (paraphrase)
We have to know something about the data to shutdown a sub-system, but we are starting with hard-coded business processes, spread across hundreds of coupled sub-systems, without data models, without data flow diagrams.

Interoperability has a few key requirements, among these:

  • Trust (e.g. access control)
  • Semantics (i.e. data retains context before and after exchange)
  • Shared workflows (e.g. workflows cross organisational boundaries as a matter of routine, not exception )
  • Cloud (e.g. *aaS models enable organisations to outsource much of the work of scaling, reliability, etc. required to build modern applications, thereby enabling more focus on the core problem)

That must be balanced against the mercurial forces of Policy and known-unknown advancements in technology and medical knowledge.

Tech risk
VA is trading extraordinary “vendor-lock” with VistA for extraordinary vendor lock with Cerner.

Quotable (paraphrase)
If OSEHRA continues to focus on VistA, it will fail — rather we will fail. But there is opportunity, for example in the enormous need for tooling.

VistA modules are used at-scale outside of VA/DoD. The dissuption caused by VA “rip and replacement” impacts agencies such as the Indian Health Service (IHS),² specifically their Resource and Patient Management System (RPMS). IHS conducted an assessment, finding RPMS inadequate is most areas. Their recommendation is to resource IHS to create more modern interfaces for RPMS. These interfaces allow numerous technical options, including upgrading RPMS in place, replacing some modules but not others, or a “rip and replace” with lower technical risk.

Tech risk
Lack of literature on Health IT moderisation, specifically the drivers of success and failure.

Did you know?
The Affordable Care Act (ACA) includes permanent reauthorization of the Indian Health Care Improvement Act [4].

Some agencies have been engaged in open source for decades (NSA), others have made substantative investment (GSA, specifically 18F and USDS), others have not. The differences in meaningful open-source adoption vs “lip-service” dervice primarily in the attitudes of “upper management,” as reflected in their budget allocations.

Office of Management and Budget (OMB) M-16–21, the Federal Source Code Policy, requires covered agency to:

  • Draft an open source policy ( GSA is the de facto template )
  • Create an inventory of custom development from Aug 2016 onward
  • Make available to the public, at least 20% of custom development

Tech risk
What happens after open-sourcing. Agencies struggle with open-source, especially for existing code bases. They struggle harder with documentation, on-going support, building transparent governance models and ultimately building a sustaining community.

Did you know
Apache NiFi was open-sourced by the NSA in 2014.

Consumer” demand alone is insufficient to drive interoperability, in the way consumer-demand has catalyzed interoperability in other sectors. The diffuse interests of patients cannot overcome the concentrated financial interest of vendors, clinicians and hospital systems in maintaining their “corrals.”³ The various standards organisations “pass the buck” on why seemingly simple asks are not open, which hinders community attempts at interoperablity.⁴

Quotable (paraphrase)
Audience: I am disappointed in this panel. You are blaming everyone. Blaming data. Blaming literacy. Blaming patients. You’ve talked about everything but standards. Standards and the resources required to support them.
Panelist: Standards working together is always a challenge. HL7 gives away the standard. ISO sells their standard, including a PDF of HL7. Further, there is territorialism between patient care, pop health, research, etc.

A plug for Perspecta HealthConcourse [5].⁵ Vendors in an interoperable ecosystem will require different business models. The promise is that vendors will no longer need to do everything for a corral (a vendor-locked population of buyers); rather, vendors can focus on doing a limited set of things well, and composing applications to complete a solution.

Did you know?
It’s possible to encode sensitivity rules at the field level within FHIR resource metadata. A sensitivity rule is a type of fine-grained access control. For example, Lexapro is an anti-depressent, and could be tagged under the “mental health” sensitivity rule.

“As long as nobody dies”

A quip by a panelist when discussing the EHRM transition in the context of the future of OSEHRA. Delivered off the cuff and without pretense, the audience chuckled.

In changing a complex a system, there will be unintended consequences. There will be unintended consequences under “rip and replace.” There would have been unintended consequences with an “upgrade VistA” approach.

The literature is sparse on the excess mortality during and after EHR migrations. For one example, see: Han et al, “Unexpected Increased Mortality After Implementation of a Commercially Sold Computerized Physician Order Entry System.” PediatricsDecember 2005, VOLUME 116 / ISSUE 6.


Ryan’s thoughts/comments are his own. He writes software for an open-source health data interoperability consultancy.


¹ Cerner has positioned itself as the cornerstone of EHR modernisation at VA, DoD and the Coast Guard [source].

² The IHS serves ~2.6 million Americans in 37 states with birth-to-grave care, with a focus on rural primary care.

³ The targets of the corrals differ. EHR vendors corral private practices and hospital systems. Clinicians corral patients directly (paaphrase: “non-interoperable records help with patient stickiness, it’s just too much of a hassel to change physicians” and indirectly by the AMA’s regulatory capture and status as a cartel [source].

⁴ As a concrete example, an audience member asked why CPT (Current Procedural Terminology) and SNOMED codes/mappings were not freely available to the community (LOINC is available). HL7 stated its standards were available. CPT, which is produced by the American Medical Association (AMA), “must be” sold so physicians can finance maintaining control of the medical termonology.

⁵ Perspecta is the conference sponsor.

Software for life-sciences and health IT. Basic Income. Solidarity Investment.