Latest News

A New Generation Of Tools For Open Source Vulnerability Management

Product security incident response teams (PSIRTs) are teams of security professionals that work diligently behind the scenes to protect software products and services of companies. A PSIRT is a different breed than a computer security incident response team (CSIRT), those that tend to be called Information Security. The difference is simple but stark: a CSIRT focuses on responding to incidents that affect a company's infrastructure, data or users. A PSIRT focuses on responding to incidents that affect products a company builds, the most common being the discovery of a vulnerability or security defect, and subsequent actions to manage or remediate. Read More »

The New Rules of Healthcare Platforms (Part 2): Pipe Scale vs. Platform Scale

Platform businesses scale differently than traditional businesses. Platforms scale through network effects. In the previous post, we introduced and described a widely used metaphor: pipes vs. platforms. Traditional businesses are pipes. Their value chains are linear. Value is added at sequential stages before a final product or service is delivered to consumers at the end of the pipeline. Platforms do not produce goods or services themselves—they make connections among stakeholders and facilitate value exchange among those stakeholders. Value is created outside the platform. Both pipeline businesses and platform businesses strive to achieve scale—but the type of scale they strive for is vastly different. In this post, we’ll explain how pipeline businesses strive for economies of scale (on the supply side) and how platform businesses scale through network effects (on the demand side).

ONC HITAC Public Health Data Systems Task Force Releases Recommendations

On November 10, 2022 the Office of the National Coordinator for Health Information Technology’s (ONC) Health Information Technology Advisory Committee (HITAC) accepted and approved the recommendations of its ad hoc Public Health Data Systems Task Force. As discussed in an earlier post, the Task Force has been meeting since August 2022 and was charged with examining how improvements might be made in ONC certification rules for criteria related to public health data submission. In addition, and perhaps for the first time, the task force was also charged with developing recommendations related to the public health side of the equation: how public health data systems and/or standards might improve to ensure a smoother flow of information with clinical care. Read More »

How Open Source Powers Innovation

Where do people come together to make cutting-edge invention and innovation happen?....What of open source software? Certainly, major projects are highly collaborative. Open source software also supports the kind of knowledge diffusion that, throughout history, has enabled the spread of at least incremental advances in everything from viticulture to blast furnace design in 19th-century England. That said, open source software, historically, had a reputation primarily for being good enough and cheaper than proprietary software. That's changed significantly, especially in areas like working with large volumes of data and the whole cloud-native ecosystem. This development probably represents how collaboration has trumped a tendency towards incrementalism in many cases. IP concerns are primarily handled in open source software—occasional patent and license incompatibility issues notwithstanding.

The New Rules of Healthcare Platforms (Part 1): Value Creation Shifts from Pipes to Platforms

Value for customers is created differently on platforms than by traditional product/service business models. Today we’ll present and discuss the metaphor of how traditional businesses can be thought of as “pipelines” and how these pipes differ from digital platforms. This post is the first in a new series: “The New Rules of Healthcare Platforms.” We’ll be writing about platform thinking, new mental models, and the new economics of platform business models and strategy. We’ll have at least seven posts to explain these new rules. You’ll have some unlearning to do. We’ll illustrate how platform business models are fundamentally different than traditional product/service business models. To understand platforms, we need to change more than just our thinking—we need to learn new rules about how the digital world works and how platforms fit in.

Draft TEFCA Facilitated FHIR Implementation Guide: A Public Health Perspective

On October 7, 2022, the Trusted Exchange Framework and Common Agreement (TEFCA) project released a Draft TEFCA Facilitated FHIR Implementation Guide. As described in an earlier post, the project released a specific plan for integrating HL7 Fast Health Information Resources (FHIR) into the architecture that was defined explicitly in a new Roadmap for later implementation. This draft implementation guide (IG) provides the initial proposed details for this functionality. TEFCA only poses technical requirements on its direct participants, the Qualified Health Information Networks, or QHINs, but they are not the actual sources nor destinations of the data. The actual “FHIR details” are sketchy in this IG; maybe that is by design. It seems to specify just what the QHIN needs to know to do patient discovery and move the query and response around rather than any specifics on where a query originates nor where the response goes, let alone what data is contained.

Read More »

The Missing Ingredient in Today's Patient Portals: Network Effects (Part 4)

As described in the first three posts in this series, today’s patient portals are inherently flawed and doomed to mediocrity. The result is that today’s patient portals cannot achieve a critical mass of adoption and utilization, and therefore portals can’t achieve network effects. In this post, we will: Summarize key points from the first three posts in this series; Explain how today’s patient portals miss out on three types of network effects; Explain the implications: why tomorrow’s portals must be reconfigured to achieve network effects

Read More »

2022 HL7 Working Group Meeting Continues to Advance a Public Health Agenda

The HLN Consulting team attended the HL7 36th Annual Plenary & Working Group Meeting (WGM) held in Baltimore, MD, September 17 – 23, 2022. More than 500 attendees, representing all aspects of the industry, were a part of the WGM in-person meeting after 2 years of virtual meetings. The seven day event started on Saturday with a weekend connectathon. This meeting offered an opportunity for attendees to come together and collaborate. It was a valuable meeting especially for people involved in standards development around healthcare. Read More »

Build An Open Source Project Using This Essential Advice

Open source is a flourishing and beneficial ecosystem that publicly solves problems in communities and industries using software developed through a decentralized model and community contributions. Over the years, this ecosystem has grown in number and strength among hobbyists and professionals alike. It's mainstream now—even proprietary companies use open source to build software. With the ecosystem booming, many developers want to get in and build new open source projects. The question is: How do you achieve that successfully? This article will demystify the lifecycle and structure of open source projects. I want to give you an overview of what goes on inside an open source project and show you how to build a successful and sustainable project based on my personal experience.

Read More »

OpenSSF: On A Mission To Improve Security Of Open Source Software

Open source software (OSS), once a niche segment of the development landscape, is now ubiquitous. This growth is fantastic for the open source community. However, as the usage of OSS increases, so do concerns about security. Especially in mission-critical applications— think medical devices, automobiles, space flight, and nuclear facilities—securing open source technology is of the utmost priority. No individual entity, whether developers, organizations, or governments, can single-handedly solve this problem. The best outcome is possible when all of them come together to collaborate. The Open Source Security Foundation (OpenSSF) formed to facilitate this collaboration.

Read More »