[kalleth]

I apologise for this comment, you've done some great coding, but this scares the shit out of me.

There's a reason medical certifications are so hard to get, and medical software is so expensive.

You're storing patient information in postgres. What certifications do you have to assert that the patient data is stored securely, in line with your government guidelines on patient/medical data? There's a damn good reason this is the "holy grail" of information security certifications.

You've got critical alerting built into the browser window using JavaScript.

This "alerting" is the kind of critical thing that sometimes needs *immediate" intervention, or someone could die. What happens if your browser experiences a JavaScript error blocking processing? And your alerts don't fire?

What happens if they fire too often and you get "alert fatigue" because they're not tuned correctly or in line with the other alerts available at the bedside/nursing station?

How much testing have you done to correctly assert that you're interpreting the HL7 or other specs correctly? And aren't misinterpreting data for some conditions or types of individual?

The "throw things together quickly" startup mentality might (I stress might!) Be okay where it's the difference between nothing at all and something that can save lives, in a country like Sri Lanka, during a global pandemic, fine.

But afterwards, this is so much junk without serious thought and time put into certifying it.

Medical, Aerospace -- really, any safety critical industry where your code working or not could mean someone is seriously injured or dies as a result -- is an industry that needs disruption, but that disruption should happen slowly, carefully, and safely.

[harikb]

> We created this software on a request from healthcare staff

If this is some small town hospital in Srilanka, the choice is between an unaffordable certified solution and not having any monitoring. If Medical software didn’t bleed them dry, they wouldn’t go this route.

> disruption should happen slowly, carefully, and safely

Disruption always happens this way - same way Uber broke existing laws. Yes, few people will die. But this isn’t surprising when the alternative is even worse.

[kalleth]

> the choice is between an unaffordable certified solution and not having any monitoring.

No, this isn't _necessarily_ the choice. Without a "false sense of security" that an imperfect monitoring system might instil, you have nurses and doctors actually doing rounds and checking their patients.

> Disruption always happens this way - same way Uber broke existing laws. Yes, few people will die. But this isn’t new when the alternative is even worse.

This is an absolutely horrible viewpoint to have. People dying because of "disruption" so a few companies can make a few more dollars is _never_ acceptable.

[hinkley]

It's funny-sad watching my fellow tech people debate civics and public policy and talk about how often "Something must be done, this is 'something', so we will do it" exhibits itself. Everyone nods or cheers as if we have some leg to stand on.

When it comes to solving technical problems? We are ever so happy to do exactly the same thing.

Any solution is better than no solution. Except when no solution causes people to stop trying to delegate an important responsibility. Which is quite frequently.

A crap solution crowds the problem space. If a better solution is possible, it now has to defend itself against the incumbent. Explain why it is more expensive, why people should be bothered to switch.

If you can't do something well, then for pity's sake let someone else try. Log away every cost of not doing it at all and then when you can justify doing it well, build your pitch.

[derangedHorse]

I think we can only ascertain whether this is a good or bad thing if there was data on the amount of valid abnormalities caught by this system vs having nurses and doctors having to do rounds. We also have to take into consideration the fact that they may run out of money for disposable protective gear, or even have the amount of protective gear available for purchase drastically reduced. From his disclaimer in the post it also seems like they're using this on top of their typical monitoring so that the staff can have insight in between visits

[formercoder]

Indeed. It’s like rubber gloves during this pandemic. People think once they’re on they’re protected - you only gain increased protection if you know what you’re doing.

[hinkley]

I die a little every time a store employee wearing gloves gives me change from the register. This is not better.

[harikb]

You are the one who brought up “disruption”. In this particular case, someone created a free/affordable solution for the hospital. I am not sure how you can read “make a few more dollars”

[matz1]

Yes in the worst case people could die, that is distruption, that's the reality. The sooner you accept that the better, or you going to have a hard time.

[olieidel]

I had the same thought. But I think it's more complex than that.

Always consider the alternative. This could be a hospital in a remote part of a third-world country. Maybe they're understaffed. How are they currently handling the task of gathering information from monitoring devices and reacting to alarms?

Maybe, their nursing staff has to run from bed to bed to check patient's vital signs and device alarms. Emergencies would frequently be missed because they are understaffed and checking is irregular. Now, you could introduce software which provides centralized monitoring. If it's introduced on top of the existing activities (i.e., running from bed to bed), it leads to a net benefit - you catch emergencies earlier and consequences of malfunctions are less severe. But if it's introduced to replace the existing activities, it may lead to patient harm.

Sure, it's self-coded, browser-based and buggy - but you always need to weigh risks with benefits, and those depend on usage context.

Of course, in most western countries, this would be completely illegal. But these are also the countries in which medical software looks like it's from the 90s, with catastrophic usability and missing features.

We need to ask ourselves: Right now, we heavily prioritize patient safety over innovation - but have we got that balance right? What are patients missing out on if we could just bring a few more of the latest advances in technology to their bedside?

You know, not machine learning, the blockchain or the internet of things. Rather things like browser-based applications which "just work" and have great usability.

Note: I'm a physician, software developer and consultant for medical software certification :)

[DanBC]

> Maybe, their nursing staff has to run from bed to bed to check patient's vital signs and device alarms.

It feels to me like the management has misunderstood the cost of the software vs not having the software. It feels like they're saying "this software is expensive, and doing nothing is free" when they should be saying "having all these healthcare professionals spending time putting on and taking off PPE the check patients is costing us this much per year".

As you probably know, an ICU will go through 30 sets of PPE per patient per day. That's a lot of time putting stuff on and taking it off.

[im_down_w_otp]

Sure, but there are plenty of technologies that are applicable to safety-critical systems or are safety-critical adjacent which are freely available. There are MCUs, application boards, RTOSs, programming languages, compiler toolchains, network stacks, parsers, etc. available which are the same-a or close-to those which would be commonly sourced and deployed in a safety-critical context.

So, why not use those to build the "something is better than nothing" solution?

[p_l]

Availability.

Just availability.

This was a quick and dirty hack to improve access to patient data done with what was on-hand, for a constrained deployment using specific known devices. They didn't have anyone with knowledge on using any of the tech you mentioned, some of which requires spending months setting up unless you have practical experience in delivering on the platforms. Just getting a more safety-minded setup for a MCU using free software can be a harrowing experience.

And they don't have the money to just contract it out or pay for the commercial grade stuff.

They did what they could with what they had, with explicit mention that it's not good on safety and security - but it brings some benefit now.

Here in Poland, a few weeks into lockdown, nobody asked for certifications on volunteer made PPE parts anymore. Because a shoddy PPE with no certification was still better than none.

[PaulRobinson]

You’re right. There is no way this would be deployed in a UK hospital as it stands. It might be some of the most dangerous ideas encapsulated in code I’ve ever seen. I disagree with standards like DCB0129, but they’re there for a reason. This would not pass.

[p_l]

UK also has a lot more resources to work, even with conservative government trying to break NHS financing for the last decade.

[mfashby]

This is the comment that was in my thoughts and I failed to write it.

I really hope they 1. Open source it 2. continue to work on this throughout the crisis and get it to a state where its actually suitable for critical care, and then 3. Work on achieving the relevant certification.

It sounds (just guessing) like the device vendor sells their own software separately, and is unwilling to budge on price during this time, forcing an already stretched hospital to look for new solutions.

[pstuart]

The perfect is the enemy of the good.

This could likely be "good enough" for those that have no other options if open sourced.

[prostheticvamp]

That’s one of the dumbest platitudes ever deployed to deflect criticism, and I wish people would use it correctly.

“This thing has absolutely no evidence of reliability or safety in a critical environment” is not criticizing it for being less-than-perfect. It’s criticizing it for being possibly inferior to the status quo.

Here’s one simple example:

Staff gowning up for routine rounds are much more careful, and safe, than staff rushing into an emergency code. If this thing throws up even the occasional false alarm, its cost to staff (in exposure) could easily outweigh, massively, and reduced rounding requirements.

That’s not “oh, well that’s not perfect.” That’s “oh, that might be worse, masquerading as better.”

“Perfect is the enemy of the good” is a wildly irrelevant comment.

[pstuart]

FTA:

> The deadly virus can infect you with a very small mistake. As healthcare workers, our frontline has to wander around the isolation wards to check vital signs of a patient from time to time. This task involves disposing of the protective gear after a visit. All just to check some reading on a device.

> A request from health authorities reached us to develop a remote monitoring system for isolation wards. There are expensive softwares to remotely monitor them. But Sri Lanka might not be that rich to spend such amount of money.

I think you're wrong in this case.

edit: formatting

[aastronaut]

I think you're misunderstanding the critique of the parent... In the software world we often tend to interpret "The perfect is the enemy of the good." as "If it's the only software solution it most certainly must be a good one.". But sometimes there are non-software solutions that are even better suited to solve the problem - engineering wise that MUST(!) also be taken into account.

What makes you think the team covered enough edge-cases to be "good enough" software? Do you think the presentation in a single blog post is enough information about a system to determine its quality and reliability?

[pstuart]

> If it's the only software solution it most certainly must be a good one.

We have different interpretations. For me, TPITEOTG means:

Choose one: a solution that works well but is clearly not perfect, or no solution at all.

> Do you think the presentation in a single blog post is enough information about a system to determine its quality and reliability?

Epilogue FTA:

> We created this software on a request from healthcare staffs. It is not a commercial application. Even with this system, we strongly suggest doctors to visit their patients, take real measurements.

> As this software was developed fast due to prevailing pandemic situation, we released it with the most urgent feature monitoring. We tested this for long run, with multiple devices as well. So far it worked out well.

> It does not indicate this is perfect, we are working on improvements and fixing bugs until its very stable.

> Thus we have adviced doctors to use this with CAUTION

Many of the complaints in the OP were specious for the situation in play:

> You're storing patient information in postgres. What certifications do you have to assert that the patient data is stored securely, in line with your government guidelines on patient/medical data? There's a damn good reason this is the "holy grail" of information security certifications.

This is monitoring data from dying patients in a third world country. Do you really think that they should have spent a couple months making sure hackers couldn’t access patients’ vitals before putting into use?

> You've got critical alerting built into the browser window using JavaScript.

Yes, because that is the language of the UI toolkit they are using.

> This "alerting" is the kind of critical thing that sometimes needs immediate" intervention, or someone could die. What happens if your browser experiences a JavaScript error blocking processing? And your alerts don't fire?

The alternative appeared to be that those alerts might not be noticed anyway because they might not have the staff to gown up and go into each room frequently enough.

> What happens if they fire too often and you get "alert fatigue" because they're not tuned correctly or in line with the other alerts available at the bedside/nursing station?

What happens if the device in the room fires too often?

> How much testing have you done to correctly assert that you're interpreting the HL7 or other specs correctly? And aren't misinterpreting data for some conditions or types of individual?

They seemed to find that it was accurate enough for the crisis* at hand.

> The "throw things together quickly" startup mentality might (I stress might!) Be okay where it's the difference between nothing at all and something that can save lives, in a country like Sri Lanka, during a global pandemic, fine.

Whelp, here comes a “not perfect but good enough to use part

> <further hand wringing on future concerns irrelevant to the situation under discussion>

[matz1]

You gotta start from something. That is progress. You made improvement overtime. Sure, in the worse case people can die, that something you have to accept.