Thursday, November 15, 2007

Halamka's Health Care CIO Blog: essential reading

John Halamka has just launched a personal blog: Life as a Healthcare CIO. Here's his bio:

John D. Halamka, MD, MS, is Chief Information Officer of the CareGroup Health System, Chief Information Officer and Dean for Technology at Harvard Medical School, Chairman of the New England Health Electronic Data Interchange Network (NEHEN), CEO of MA-SHARE (the Regional Health Information Organization), Chair of the US Healthcare Information Technology Standards Panel (HITSP), and a practicing Emergency Physician.

The "practicing emergency physician" part is where he passes the bounds of reality. (I gave up the practice part years ago.) Just when you think you've met the most hyper-manic person possible, another one comes along.

Now he has a blog. God knows how long it can possibly last. Even he must have some limits, though it is possible he's a visitor from the post-Singular future.

So is the blog any good? Maybe it's just marketing material?

Um, no.

It's not good. It's really, really, good.

I'm going to call out a recent post on email and then reference a few more. Emphases and [inline comments] are mine. Note he uses a BB [1]:

...I receive over 600 email messages each day (with virtually no Spam, so they are all legitimate) and respond to most via Blackberry. How do I triage 600 messages? I use these 10 rules to mentally score each email:

1. E-mail marked with a “high importance” exclamation point must pass the “cry wolf” test. Is the sender a habitual “high importance” e-mailer? Are these e-mails actually important? If not, the sender's emails lose points.
[I use "low importance" markers much more often than "high importance".]

2. I give points to high-priority people: my senior management, my direct reports, my family members and my key customers. [I use an Outlook rule that assigns email a colored flag based on similar criteria]

3. I do the same for high-priority subjects: critical staff issues, health issues and major financial issues.
[Halamka is using a BB, I don't think he emphasizes clear subject lines enough. The subject line should describe the topic, justify the email, and (if applicable) state the action requested.]

4. I rate email based on the contents of the “To,” “cc” and “bcc” fields. If I am the only person in the To field, the e-mail gets points. If I am in the To field with a dozen other people, it’s neutral. If I'm only cc’d, it loses points. A bcc loses a lot of points, since I believe email should always be transparent. E-mail should not be used as a weapon.
[Only BCC yourself. Never BCC anyone else. When you want to BCC use Forward a copy instead. My Outlook flagging rules put any email where I'm not on the To Line into a "read later" bin.]

6. I downgrade email messages longer than five BlackBerry screens. Issues that complex require a phone call.
[Most BB users won't tolerate more than two screens. Halamka is unusual. I aim to keep my emails under 500 vertical pixels in Outlook, and the first two lines are for BB users: they contain the key information. The rest is reference and it's minimal. Longer stuff is a blog post.]

7. Email responses that say only “Thanks,” “OK” or “Have a nice day” are social pleasantries that I appreciate, but move to the bottom of my queue.
[He's being polite.]

8. Email with colorful backgrounds, embedded graphics or mixed font sizes lose points.
[I like to use indentation to structure my email. I need to see how that renders on a BB.]

9. I separate email into three categories - that which is just informational (an FYI), that which requires a short response and that which requires a lengthy, thoughtful response. I leave the lengthy responses to the end of the day.
[I put the words FYI in the title and I set message priority to "low".]

10. More than 3 emails about a topic requires a phone call or meeting. Trying to resolve complex issues via and endless ping pong of emails is inappropriate...
[Definitely.]

Some other essential-reading Halamka topics include:

Wow.

Where do I get a Halamka fan club t-shirt?

[1] There are significant differences between Blackberry (or iPhone for that matter) email and email with a full keyboard and display. My hunch is that five years from now we'll decide that BB-email was a significant step backwards for business communication, but it does enforce brevity.

Wednesday, November 14, 2007

Creating good side-effects of evil actions: reCAPTCHA and more

Recently we read that spammers and other crooks were offering "porn prizes" to people in return for CAPTCHAs interpretation. They're hoping to reduce the cost of their current strategy, which employs humans in low-cost labor zones.

That's the evil side.

The good side strikes back ...

reCAPTCHA | Cosmic Variance

... CAPTCHA, you will not be surprised to hear, is ubiquitous. Luis figured out that the little buggers are filled out about sixty million times per day by someone on the web. So, as the inventer, he first felt a certain amount of pride at having exerted such a palpable influence on modern life. But after a bit of reflection, and multiplying sixty million times by the five seconds it might take to fill in the form, he became depressed at the enormous number of person-hours that were essentially wasted on this task...

...Thus, reCAPTCHA was born. At this point you should be able to guess what it does: takes scanned images from actual books, with which optical character recognition software are struggling, and uses them as the source material for CAPTCHA’s...

Presumably they use a statistical model, since the "right answer" is not known at the start. The first people to decipher the CAPTCHA get a "bye", but as answers converge a "correct" answer emerges and serves as the standard. Once a 95% confidence interval is reached then the reCAPTCHA would be retired.

So even spammers, who will also attack these CAPTCHAs, will end up completing a social good. If they develop software that's exceptionally good at solving reCAPTCHAs, they can then sell their software to OCR companies.

Fascinating.

Another example of a "good" side-effect of evil intent is that SSN cloning (persona cloning) can sometimes promote the credit record of the victim.

We all need to look for other opportunities to create side-effects of evil actions that have good effects.

Here's one. Create a myriad of sites that look interesting to hackers, but actually contain nothing of great value (ideally contain items that have deceptive value). Design the encryption key so that solving it helps with some social-good computation, such as protein modeling. Let well-funded hackers both waste resources and solve interesting problems.

The Centers for Disease Control, for example, receive 1-2 attacks per second from IP addresses based in China (AMIA conference, 2007). It would be nice to get something useful out of those efforts.

Monday, November 12, 2007

NYT Most blogged list

I've used the NYT "most emailed" list as a quick way to browse the paper for years. It's long had a spot on my (currently out of order) news page.

It was only today, however, that I learned the NYT has added a most blogged. The sequence and contents are a bit different.

I'll start comparing the two. It'll be interesting to see which I like better.

Sunday, November 11, 2007

Relativity + QM + symmetry = QED

After a series of posts with only a marginal connection to physics, CV has returned with a nice discussion of the Higgs particle:
Higgs 101 | Cosmic Variance

...Here comes the miracle: if you impose upon our relativistic, complex, quantum-mechanical wavefunctions the requirement that they be invariant under these U(1) transformations, then you get electromagnetism. Conservation of electric charge. A massless photon. QED - quantum electrodynamics, in all its 12-digit precision glory. Electromagnetism is a simple consequence of the U(1) symmetry of any wavefunction....
Symmetry, in this case the U(1) transformation invariance, is given a natural place in this discussion of the Higgs.

Nice summary!

How to be Keynesian monetarist supply sider - econ 101

It's all about the time horizon:
Grasping Reality with Both Hands: Brad DeLong's Semi-Daily Journal

I tell my undergraduates:

At a time horizon of 0-3 years, be a Keynesian: the most important things are the fluctuations in unemployment, in real demand, and in capacity utilization.

At a time horizon of 3-8 years, be a demand-side monetarist: you can assume (provisionally) that fluctuations in employment, real demand, and capacity utilization die out; the most important things are the fluctuations in the composition of real demand (investment vs. consumption vs. government vs. net exports) and in inflation- and deflation-causing nominal demand assuming (provisionally) stable growth of the economy's productive capacity.

At a time horizon of 8 years or greater, be a sane supply-sider: the most important things are the processes of investment in physical, human, and organizational capital that raise the economy's productive capacity.
I love the bloggers I read. Cheapest, quickest sense-rendering interface I've known.

Friday, November 09, 2007

Small wars journal: A crisis of honor

The author, Malcolm Nance, was the "Master Instructor and Chief of Training at the US Navy Survival, Evasion, Resistance and Escape School (SERE) in San Diego, California".
Waterboarding is Torture… Period (Links Updated # 9) (SWJ Blog)

I’d like to digress from my usual analysis of insurgent strategy and tactics to speak out on an issue of grave importance to Small Wars Journal readers. We, as a nation, are having a crisis of honor.

Last week the Attorney General nominee Judge Michael Mukasey refused to define waterboarding terror suspects as torture. On the same day MSNBC television pundit and former Republican Congressman Joe Scarborough quickly spoke out in its favor. On his morning television broadcast, he asserted, without any basis in fact, that the efficacy of the waterboard a viable tool to be used on Al Qaeda suspects....
I'm tired and disappointed that six Democrats joined the entire GOP to fail America.

Ok, now force yourself to follow the link and read the article. The next time some khmer wannabe tells you that torture is not torture, or torture is a good and manly thing, just give 'em Malcom Nance's URL.

WW I: How many survivors are there?

Zero is not the right answer. As of today, there are at least five men alive who fought for the UK. I suppose the total number across the EU might be 20-30 men.

The men could pass for 10-30 years younger than their current age. That's not too surprising -- to live this long they must have very unusual genes. Their aging rates are probably in the slowest 0.0000001 %ile.

Yellowstone - the bomb next door

1700 years BCE, the island of Santorini was home to a bronze age civilization with beautiful murals and architecture.

Then Santorini blew.

I was reminded of that today, as newspapers tells us that the Yellowstone caldera is rising. I liked the Ars Technica summary:
Yellowstone recharges

It's important to emphasize that, even though this activity is clearly significant, it's not a sign that you should stop saving for retirement. "Although the geodetic observations and models do not imply an impending volcanic eruption or hydrothermal explosion, they are important evidence of ongoing processes of a large caldera that was produced by a supervolcano eruption." For now, it appears that Yellowstone is just reminding us that it's worth paying attention to.
If Yellowstone were to erupt there are a lot of things Americans could stop worrying about.

Happily, there's no sign of that happening anytime soon:
...The team is quick to reassure that no eruption looms; there are no seismic harbingers. Instead, earthquake activity in the valley has dropped by half to fewer than 1000 tremors a year. Somehow, faster uplift and fewer earthquakes are related to what's going on some 80 kilometers below Yellowstone, where a plume of magma fuels the area's famous geothermal activity...
Basically we're seeing the giant inhale. Eventually he'll gently exhale.

Just as long as doesn't sneeze.

Pogue touches Windows Mobile. Recoils

Palm died years ago. Several times since, often as I curse my desolate Tungsten | E2, I've thought about trying a Windows Mobile device. How bad could they be? Wouldn't it at least be able to sync reliably with Outlook?

Problem is, nobody I knew would admit to having one. I couldn't find anyone who did Outlook sync with it. I'd see some phones running Windows Mobile, but the owners seemed furtive and embarrassed. They didn't proselytize.

The silence has been deafening.

Still, I thought, Microsoft has put billions into WM. Surely by now it must be tolerable. If only someone I trusted would review it ...

Pogue has.
Reaching for Apple, Falling Short - David Pogue - New York Times

...Windows Mobile 6 is a mess. Common features require an infinitude of taps and clicks, and the ones you need most are buried in menus. Apparently the Windows Mobile 6 team learned absolutely nothing from Windows Mobile 1, 2, 3, 4 and 5
He proceeds to ream Windows Mobile. Brutal, but efficient.

Wow.

T-Mobile thought they could challenge the iPhone by using this as the heart of their most strategic phone?

Double wow.

This reminds me of my RAZR. A pretty facade over a reptilian soul. This should give Apple another share price boost.

Google's phone number and SSN based persona cloning

[An early version of this post was created accidentally -- I think the release version of Windows Live Writer has a brand new 'Save Draft' bug.]

This morning I wrote about persona cloning at the heart of social network fraud. I didn't, of course, know that Cringely had just published a fascinating example of persona cloning that, in a bizarre way, may have benefits for the victim. I've a few excerpts here, but this is one of Cringely's best. Read the whole thing ...

I, Cringely . The Pulpit . Getting to Know You | PBS

While politicians and the U.S. Census Bureau may disagree on how many illegal aliens are living in the United States, the big credit reporting agencies have a pretty solid handle on the number and it is 17 million. That's 17 million adults of unproved nationality who have ongoing financial relationships with businesses or — believe it or not — governments...

... it isn't in any way close to the total number of U.S residents who have financial identities not tied to a Social Security number. That would be 37 million, meaning there are 20 million participants in the U.S. gray economy who aren't illegal, who are legitimate citizens. This means about 10 percent of U.S. residents are financially invisible, or think they are.

... Ah, but they do have Social Security numbers, just not their own. You need a Social Security number to sign up for utility services, for example. No Social Security number, no electricity, gas, phone, or satellite TV. So what's a poor alien to do? They go down to some local hangout and BUY a Social Security number to give to the utility. This has to be a legitimate number or it won't fly with utility computer systems, but does it have to be the customer's own number? ...

...there is a tacit agreement between the parties that a Social Security number must be provided because that's the rule, but if it happens to be someone else's Social Security number, well that's okay.

The funny thing about this is the impact it has to have on the person who was originally assigned that Social Security number by the U.S. government. Rather than hurt their credit it actually helps because there is so much evidence that they are good at paying their bills.

... some individual Social Security numbers are in use right now by UP TO 3,000 PEOPLE and it isn't at all unusual for a borrowed number to be used by 200-1,000 people at the same time. Remember that most of these folks AREN'T illegal aliens...

... Think for a moment of the impact a free mobile phone service will have on the mobile phone market. Why would I continue with Verizon or AT&T or Sprint or T-Mobile or Alltel or whomever if I could get the same or better service for free? Yeah, but the way to make the service free is by running ads on it and those ads would be contextually linked somehow to where or who you were calling and isn't that creepy, especially for business customers...

Which brings us back to the credit bureau. It would be very much in Google's interest to own one of the big three credit reporting agencies, because your mobile phone number is the most practical supplement for the Social Security number as a financial identifier.

Take all the web usage and YouTube video data Google has been acquiring about us all, glue it to our data down at the credit bureau, tie it to our mobile phone number and our mobile activity, then use the resulting product as both an information service and a database for targeting ads and you have Super Google — the most valuable company on Earth and entirely based on metadata...

It's a very fine piece of work, particularly the reporting on SSN overuse. That's rather relevant to those of us in the healthcare business -- we use the SSN as part of our statistical approach to establishing unique identities. We may have overestimated its value by an order of magnitude. Small detail.

Really, Cringely covers a lot of ground. Things are unlikely to work out so neatly, but the feel of it is right. The only thing I can add is that Cringely forgot about Google's GrandCentral. I just checked and my GC account still works [1]. Really, I'd forgotten about this digital identify of mine -- just one of many.

GrandCentral is your "personal phone number for life" with integrated message routing. It's a logical center piece of Google's identity strategy.

We're definitely getting close to the day when we're chipped at birth [2] and that number is our phone number for life ...

[1] If you put a GC number on your corporate business card you retain the number when you leave work. So you don't need to worry about losing your "identity" number when you lose your corporate cell phone.

[2] Hmm. Wonder if we could use the umbilical cord stump for chip insertion .... Just joking.

Fraud technologies use persona cloning to attack social networks

Successful frauds have always exploited social connections. New age fraud now leverages social networks to the same end (emphases mine) ...

E-Mail Scammers Ask Your Friends for Money - Bits - Technology - New York Times Blog

... The scammer somehow breaks into a victim’s Web-based e-mail account. He then impersonates the victim and sends an emergency plea for help to everyone in the account’s address book, asking them to wire money to Nigeria. The e-mail includes some variation on a story about getting mugged or losing a wallet while on a trip to Nigeria.

This happened recently to Drew Biondo of Port Jefferson, N.Y. He said he was at home early one morning when his wife alerted him to an e-mail she had received from his Yahoo address about his Nigerian money troubles. He scrambled to try to regain control over his account, but trying to find a phone number for an actual human at Yahoo was “ridiculously difficult,” he said.

Mr. Biondo, a public relations executive, used the Yahoo account for work e-mail and had about 600 people in his contact list, many of them journalists. He said he soon experienced “an influx of phone calls from every reporter I’ve ever spoken to,” including some he had not heard from in years. “I credit this Nigerian scammer with one thing: he made me feel good inside because these people cared enough to drop me a phone call.”

Yahoo asked Mr. Biondo for various proofs of his identity, including the long-forgotten answer to a security question he had set up ten years earlier. Two and a half days after it all began, he successfully logged into his account and sent out a mass mailing: “The long Nigerian nightmare is over.”

The NYT blog post has many other examples. This method is pretty primitive of course, the next generation will leverage Google OpenSocial APIs or Facebook APIs to further leverage social network technologies.

In all cases the fundamental ploy is identity assumption and then exploitation of entities that "trust" the identity. A Yahoo email account is a form of identity, just like your Google/Gmail persona, LinkedIn account, Facebook and Amazon profiles, checking account, credit card accounts, Federal social security account, drivers license, passport and biometric account holder. Not to mention various overt standards for identity management.

Identity theft is a misleading term. It implies the identity is gone completely, and it implies a singular identity. Perhaps persona cloning is a better term.

We all have dozens of identities (personas) with varying degrees of power, authority, attachment, control and manageability. Each identity has a set of transaction-specific reputations.

Loss of control of any of these identities will expose one's reputation circle to exploits - as well as one's own life.

It would be nice if we would start thinking a bit about this topic.

Nice, but unlikely.

PS. I really, really, don't like "security questions". Dumbest idea ever. Note how well it worked here.

Thursday, November 08, 2007

Race and dating preferences

I think this is mildly surprising, and even a bit encouraging ...
An economist solves the mysteries of dating. - By Ray Fisman - Slate Magazine

...Another clear gender divide, this one less expected, emerged in our findings on racial preferences, reported in a forthcoming article in the Review of Economic Studies. Women of all the races we studied revealed a strong preference for men of their own race: White women were more likely to choose white men; black women preferred black men; East Asian women preferred East Asian men [jf: note the next paragraph contradicts this statement!]; Hispanic women preferred Hispanic men. But men don't seem to discriminate based on race when it comes to dating. A woman's race had no effect on the men's choices.

Two wrinkles on this: We found no evidence of the stereotype of a white male preference for East Asian women. However, we also found that East Asian women did not discriminate against white men (only against black and Hispanic men). As a result, the white man-Asian woman pairing was the most common form of interracial dating—but because of the women's neutrality, not the men's pronounced preference. We also found that regional differences mattered. Daters of both sexes from south of the Mason-Dixon Line revealed much stronger same-race preferences than Northern daters.
So it's the women who decide how much inter-group mating occurs ... at least among Northern American daters.

It's odd that the editor didn't notice that the paragraphs were contradictory. White, black, and Hispanic women were group specific, east asian women were ok with east asian or white men.

Dershowitz makes the case

The GOP voted unanimously for another Torturer General. Six democrats join the parade of shame. Meanwhile, Tom Tomorrow has the best reply to Dershowitz...
This Modern World: If the Nazis could make it work, why not us?:

... "You know, I was on the fence there about torture, until Dershowitz pointed out it really worked well for the Nazis! Color me convinced!"

Employment benefit complexity: we are sheep

Baaaaaaa said the sheep, on the way to be ... sheared.

My wife and I have just selected our family's employment benefits for 2008. There were 4 basic health plans, two indemnity and two "health savings accounts" (they used some other name this year). In addition, one could create another 11 variants of one of the four plans.

The plans had wildly different pre-tax monthly paycheck deductions (so the true cost varies depending on one's tax bracket). They also have different providers, different deductibles, different out-of-pocket maximums (but are they really maximums?), different networks, and a complex mix of co-pays and percent uncovered for each transaction. Not to mention x-rays and labs.

Some costs that might be post-tax dollars can be covered by a pre-tax flexible spending account -- but you must be sure to spend all of it. Then there's a Dependent Care account, but be sure your spouse earns at least as much as what one claims -- or that's lost too.

If I had a team of lawyers, statisticians, and software developers, I could create simulations based on our known risk factors and run them against the plans. I would use Monte Carlo methods to create random variations around means, and then produce a probability distribution of likely costs.

Oh, wait a minute. It's the insurance companies that have that team. We just have ... a coin toss.

I feel like I've just signed a contract with Satan -- or, worse, Sprint Minnesota. I had to sign the contract, but I know it's hopeless. My immortal soul will be stuck in Hell

Do the French put up with this kind of stupidity? I like to imagine not.

Americans are sheep.


Complexity + Tight Coupling = Catastrophe

Years ago I was keen on the strategic advantages of loosely coupled software solutions and an associated ecosystem.

I'd forgotten that until recently, when both "ecosystem" and "coupling" became fashionable terms.

Good, they're important concepts.

I agree with this, for example: Complexity + Tight Coupling = Catastrophe.

The genetic engine is very loosely coupled. Not a bad idea really.