Than Htike Aung

[Than Htike Aung]

PM Lee Hsien Loong (Singapore)
On February 8, 2020, as Singapore raised its risk level (DORSCON) to Orange, Prime Minister Lee Hsien Loong delivered an address designed to be a stabilizing force. His speech was a textbook execution of crisis communication, prioritizing credibility and promoting action.

He understood the urgency of the moment, mastering the CERC principle of Be First. By speaking immediately following the DORSCON upgrade, he preempted the inevitable vacuum of fear and rumor. His message was relentlessly clear, establishing a high degree of credibility. He was transparent about the new local clusters but immediately followed this with a firm, factual assertion that the situation was “under control.” This balance was essential to Be Right offering facts without alarmism.

Crucially, the PM did not talk to the people; he spoke with them as partners. He immediately sought to Express Empathy by acknowledging the public’s anxiety and thanking them for their “social and psychological resilience.” This validation built a foundation of mutual respect. The address culminated in specific calls to Promote Action such as personal hygiene, monitoring one’s health, and avoiding large crowds. There were no grand claims of victory, only a sober, pragmatic appeal to the citizens to shoulder their civic duty.

In conclusion, PM Lee Hsien Loong demonstrated excellent crisis communication. His address was structured, empathetic, and highly effective in fostering national trust and cooperation, setting a clear path for collective action.

President Trump (USA)
Weeks later, as the global threat intensified and the WHO was set to declare a pandemic, President Donald Trump addressed the U.S. nation (likely on March 11, 2020). His nine-minute address was a powerful statement of authority and decisive action, yet it was undermined by inconsistencies in its core public health messaging.
The President successfully fulfilled the CERC principle of Be First by delivering a major prime-time address that detailed an unprecedented policy action such as the immediate suspension of most travel from Europe. He also clearly provided specific instructions to Promote Action, advising the public on essential hygiene, washing hands and staying home if sick.

However, the effectiveness of his message faltered in the key areas of accuracy and emotional connection. The principle of Be Right was weakened by minimization, as he repeatedly characterized the crisis as “a temporary moment of time” and asserted that the risk to Americans was “very, very low.” This conflicted with the gravity of the policy actions he was announcing, leaving the public confused about the true severity of the situation.

This minimization also compromised his Credibility. The speech heavily focused on economic strength and national capacity (“the greatest economy anywhere in the world”), blending political assurance with public health advice. This intermingling of unrelated themes made the health warnings feel secondary. Furthermore, the speech contained little emotional outreach. The principle to Express Empathy was largely absent, with the focus on the government’s decisive actions rather than on the public’s fear, suffering, or loss.

In conclusion, President Trump’s communication was mixed. While he effectively communicated specific actions, the messaging violated key CERC principles by minimizing the threat and lacking empathy. The result was a communication strategy that was decisive but failed to unify the nation behind a clear, trusted, and consistent public health narrative.

[Than Htike Aung]

Here are top 3 themes I think Myanmar still needs improvement in order of importance.
1. Technology (Theme 3)
Myanmar still faces gaps in digital infrastructure and data interoperability. Majority of health facilities still rely on paper-based systems, with limited Electronic Health Record (EHR) adoption. Fragmented data systems between public, private, and community health services lead to slow and incomplete surveillance. Limited use of real-time data analytics and digital decision-support tools hampers quick outbreak response. We need to invest in health information systems and training on digital tools for health workers.

2. Techquity (Theme 4)
The digital divide remains wide, particularly between urban and rural areas. Internet connectivity and access are limited in remote regions. Low digital literacy among health workers and the public, especially in older population limits the use of telemedicine and digital reporting tools. It is required to expand rural connectivity, offer digital skills training, and promote inclusive access to health technologies (e.g., via mobile networks and community health centers).

3. Team (Theme 1)
There is limited integration between government ministries, private sector, and community organizations in pandemic preparedness. Collaboration between Ministry of Health and IT institutions remains underdeveloped. We have to setup multi-sectoral “health data teams” including policymakers, community leaders, and private tech partners to coordinate data sharing and communication during outbreaks.

[Than Htike Aung]

Could you list the disease outbreaks that have been declared as the Public Health Emergency of International Concern (PHEIC)?
1. 2009 Novel influenza A (H1N1) pandemic: Declared on 25 April 2009; the first PHEIC under the International Health Regulations (2005).
2. 2014 polio eradication: Declared on 5 May 2014; remains ongoing due to continued international transmission risks.
3. 2014 Ebola outbreak in West Africa: Declared on 8 August 2014; a large epidemic affecting Guinea, Sierra Leone, and Liberia.
4. 2016 Zika virus outbreak: Declared on 1 February 2016; linked to clusters of microcephaly and neurological disorders, the first mosquito-borne disease declared a PHEIC.
5. 2019 Ebola outbreak in Democratic Republic of Congo (Kivu outbreak): Declared on 17 July 2019; the second Ebola-related PHEIC.
6. 2019 COVID-19 (caused by SARS-CoV-2): Declared on 30 January 2020; became a global pandemic, with the PHEIC status lifted on 5 May 2023.
7. 2022 Mpox (formerly “monkeypox”) multi-country outbreak: Declared on 23 July 2022; PHEIC ended in May 2023.
8. 2024 Mpox (new clade outbreak in Africa): Declared on 14 August 2024; a renewed PHEIC declaration for a newly emerging clade in Africa.

Why do these outbreaks raise such concerns?
Outbreaks are declared as Public Health Emergencies of International Concern (PHEIC) when they pose a serious, sudden, unusual, or unexpected threat that may spread internationally and require a coordinated global response.

Here are the key reasons why such outbreaks raise international concern:
1. Risk of International Spread
Diseases like COVID-19, H1N1, and Ebola can easily cross borders through travel and trade. This makes containment at the national level alone ineffective.

2. High Morbidity and Mortality
Many PHEIC diseases cause severe illness and death in large numbers (e.g., Ebola’s ~50% fatality rate, COVID-19’s global death toll in millions). High fatality rates increase urgency for international action.

3. Lack of Immunity, Vaccines, or Treatments
When diseases are novel (like COVID-19 or Zika), populations have little to no immunity and limited medical countermeasures. Rapid research and global coordination become crucial.

4. Severe Socio-Economic Impact
Outbreaks disrupt economies, education, and healthcare systems. COVID-19, for example, caused massive economic losses and supply chain collapse.

5. Potential for Rapid Transmission
Some pathogens (like influenza or COVID-19) spread through air or contact, allowing exponential growth of cases. Even a small outbreak can quickly become global.

6. Weak Health Systems in Affected Areas
If outbreaks start in regions with limited health infrastructure, they can overwhelm hospitals and delay detection. This raises the risk of uncontrolled spread.

7. Social and Political Consequences
Misinformation, fear, and stigma often accompany outbreaks (e.g., Zika and birth defects, Ebola and burial customs). These complicate response efforts and require international support.

In your opinion, is there a disease or condition that may potentially lead to PHEIC in the future? Why?
Yes, there are diseases and conditions that experts believe could in the future reach the threshold for a World Health Organization (WHO) Public Health Emergency of International Concern (PHEIC). Influenza virus is an example for such condition.

Influenza viruses mutate frequently, and they are well known for their pandemic potential. Some avian flu strains (H5, H7 subtypes) have infected humans, and the concern is if they adapt for more efficient human-to-human transmission. Influenza spreads easily via respiratory route, making control harder. Even though we have vaccines and treatments for seasonal flu, a novel strain could render them much less effective or leave large immunity gaps. Because of the inherent risk of aerosol spread + global travel, an influenza event ticks many PHEIC-criteria.

[Than Htike Aung]

1.) Which single design limitation most threatens valid estimates of sensitivity and representativeness? How would you address it within six weeks?
The most significant design limitation that threatens valid estimates of both sensitivity and representativeness in the AEFI surveillance system is the exclusion of private health facilities and some general hospitals from the reporting network. Although surveillance system deploys in Routine Immunization (RI) place, AEFI can be happened anytime after vaccination and omitting some facilities leads to systematic under-reporting and biased estimates. This results in missed AEFI cases, especially from underserved or rural areas, ultimately compromising the system’s ability to detect all true cases (sensitivity) and to reflect the true distribution of AEFI occurrences in the population (representativeness).
To address this limitation within six weeks, the surveillance team could rapidly expand the inclusion of private and all public healthcare facilities into the AEFI reporting network. Short virtual or on-site training sessions could be organized for these facilities to orient staff on AEFI case definitions, data tools, and reporting timelines. A simplified one-page weekly reporting form or a mobile entry system through DHIS2 could be introduced to make reporting easier. In addition, surveillance officers should conduct active follow-up to ensure that each facility submits at least one report within the first month.
By implementing these targeted actions within a six-week period, the surveillance system would achieve broader coverage, reduce under-reporting, and significantly improve both sensitivity and representativeness, leading to more reliable and valid estimates of AEFI occurrence.

2.) Using the CDC surveillance attributes, propose one low-cost intervention to increase sensitivity. State the expected trade-offs, and list 2–3 indicators to detect impact from the intervention.
A low-cost intervention to increase the sensitivity of the AEFI surveillance system, using the CDC surveillance attributes, would be to implement a monthly SMS reminder and feedback system for frontline health workers. This system would send simple text prompts reminding vaccinators to report any observed AEFI cases, including “zero reports” when no cases occur. In return, the system would provide short feedback messages acknowledging receipt of reports and sharing quick data summaries or recognition for timely submissions.

This intervention directly targets the sensitivity attribute by increasing case detection and reporting completeness through frequent engagement and accountability. It reinforces awareness of AEFI case definitions and ensures that even minor or delayed cases are not overlooked due to forgetfulness or competing work priorities.

The expected trade-offs include a potential increase in false-positive or minor AEFI reports, as more health workers may report mild or unrelated events. This may temporarily increase data volume and workload for data validators at the LGA or state level. However, these trade-offs are acceptable because higher sensitivity strengthens early warning capacity and public health responsiveness.

To measure the impact of the intervention, the following indicators could be tracked:

1. Percentage increase in reported AEFI cases per month after implementation (compared with baseline).
2. Proportion of health facilities submitting any AEFI report (including zero reports) each month.
3. Timeliness of AEFI report submission with proportion of reports received within the expected reporting timeframe.
Overall, this low-cost, communication-based strategy would enhance the system’s sensitivity by improving active participation, reducing under-reporting, and fostering a culture of consistent AEFI surveillance among health workers.

3.) For a newly introduced vaccine, should the AEFI case definition be temporarily broadened to maximize early signal detection?
– If yes, what trigger would you use to revert to the prior definition?
– If no, why should this change not be implemented?

Yes. For a newly introduced vaccine, it is appropriate to temporarily broaden the AEFI case definition to maximize early signal detection. During the initial rollout, there is limited real-world data on the vaccine’s safety profile, so widening the case definition increases the sensitivity of the surveillance system, helping to capture even rare or unexpected adverse events that might otherwise be missed. This proactive approach ensures that potential safety concerns are identified and investigated early, building public trust and allowing timely corrective actions if needed.

However, a broadened definition should be time-limited to prevent unnecessary over-reporting and data burden. The system should revert to the standard, more specific definition once certain triggers are met.By applying this temporary, sensitive approach early and returning to the routine definition once sufficient safety data are available, the surveillance system balances vigilance with efficiency, ensuring both early signal detection and long-term sustainability.

[Than Htike Aung]

Verification and preparation
1. Establish the existence of an outbreak: IT systems like automated surveillance and real-time dashboards help detect unusual increases in cases and trigger early alerts.

2. Verify the diagnosis: Laboratory Information Management Systems (LIMS) and teleconsultation tools enable accurate and rapid confirmation of the disease.

3. Prepare for field work: Mobile apps, GIS mapping, and digital data collection tools assist in planning logistics and organizing field investigation teams.

Describe the outbreak
4. Construct a working case definition: Shared online documents and digital collaboration platforms ensure consistent and updated case definitions across all investigators.

5. Find cases systematically & record information: Digital data collection tools and EMR integration allow efficient case finding, data entry, and tracking with minimal errors.

6. Perform descriptive epidemiology: Data analysis and visualization software (e.g., R, Power BI) produce epidemic curves, maps, and summary tables instantly.

Hypothesis and testing
7. Develop hypothesis: Data mining and statistical software (e.g., R, Python) help identify potential exposure patterns and formulate preliminary hypotheses.

8. Analytical studies to test hypotheses: Advanced analytics programs (e.g., R, Python, SPSS) are used to compare data between groups and test associations statistically.

9. Special studies (e.g., environmental, laboratory): Internet of Things (IoT) sensors and bioinformatics tools link environmental and genetic data to understand sources and transmission pathways.

Response and action
10. Implementation of control measures and follow-up: IT supports communication of interventions via alerts and tracks the effectiveness of control measures through dashboards.

11. Communication – including outbreak report: Digital reporting platforms and dashboards enable timely sharing of findings and outbreak updates with stakeholders and the public.

[Than Htike Aung]

One of the digital technologies highlighted in Budd et al. (2020) that I find particularly significant is the use of Bluetooth-enabled COVID-19 contact-tracing applications. While the article discusses a variety of approaches, I will focus on the joint Google–Apple framework, which was rolled out in April and May 2020.

COVID-19 spreads primarily through close contact over a sustained period. To detect such interactions without compromising individual privacy, Bluetooth Low Energy (BLE) technology was applied. The system works as follows: when two smartphones come within close range (approximately one to two meters), they exchange anonymous identification keys. These keys act like digital “tokens” of interaction, containing no personal details or location data, thereby preserving user privacy.

If an individual later tests positive for COVID-19, their device holds a record of the anonymized keys from previous close contacts. With the user’s consent, these keys can be uploaded, enabling Apple and Google’s system to notify the corresponding contacts that they may have been exposed and should consider testing or self-isolation. Importantly, the keys are randomly generated and cannot be traced back to a specific person or device. You can read details here

This technology was crucial because it enabled rapid, large-scale, and automated contact tracing, minimizing reliance on traditional manual methods, which are often slow and dependent on human memory. In densely populated or highly mobile settings, the framework offered a powerful tool to break transmission chains and support public health teams. Although its effectiveness depended on widespread adoption and public trust, Bluetooth-based contact tracing marked an important advancement in the application of digital technologies for pandemic response.

[Than Htike Aung]

There is DHIS2 implementation for Malaria in DOPH. But compared to other two diseases, they use case-based record instead of aggregated data. DHIS2 was not originally designed to handle individual data. Although it later develops tracker module for individual recording, it still needs to redesign its database architecture to handle large scale individual data.

[Than Htike Aung]

Should you give the data out?

No. Sharing identifiable data without consent will violate confidentiality and could cause misuse or harm to patients.

How do you not violate any of the General Principles of Informatics Ethics

Principle of Information Privacy and Disposition: Individuals have the right to control their own health information and cannot be shared without patient consent.
Principle of Legitimate Infringement: Data can be shared only if there is clear justification (e.g., public health emergencies) and if approved by ethics board.
Principle of the Least Intrusive Alternative: Provided data must be anonymized without exposing individuals instead of raw personal data.
Principle of Accountability: Data use agreement and ethics approval must define roles, responsibilities and consequences of misuse.

If you want to provide the data to them, what and how will you do it?

If we want to provide the data to them, we have to do the following steps.
1. Seeking approval from ethical board or relevant authority.
2. Anonymization of data by removing identifiable information such as names, address, contact details and limiting the necessary data elements only.
3. Signing a formal data use agreement for how the data will be used and findings must be shared with national health authorities.
4. Sharing data transfer via secure and encrypted channels to make sure that only the relevant parties can access those data.

[Than Htike Aung]

1. How can surveillance help to detect and control the disease?

Surveillance can identify unusual increases in dengue-like illnesses, track seasonality, hotspots and high-risk populations for early detection of outbreak.
So that, it can trigger timely vector control interventions (such as fogging, larvicide application and community clean-up), resource allocation and monitoring.

2. Should we conduct active or passive surveillance or both for the disease, why?

We should conduct both types of surveillance for the disease. Because passive surveillance is cost effective, sustainable, wide coverage and good for long term monitoring. Its limitations are covered by active surveillance such as early detection of outbreaks and capture missed cases.

3. Which method should be best to identify cases, why?

a. Cases in medical facilities VS community
Cases in medical facilities are the best to identify because dengue, especially severe dengue, often requires medical attention, making healthcare facilities the most practical and effective source for case identification.

b. Sentinel VS population-based surveillance
Sentinel surveillance is the best because it is cost-efficient and provide high quality detailed data.

c. Case-based VS aggregated surveillance
Case -based surveillance is the best way to identify due to outbreak nature of disease for contact tracing and hotspots mapping.

d. Syndromic VS laboratory-confirmed surveillance
Syndromic is the best to identify the case because it is fast, best for early outbreak detection and most of the cases are diagnosed clinically. Laboratory confirmed surveillance is only required for definitive, accurate diagnosis and disease classification.

4. What dissemination tools will you choose to disseminate monkeypox surveillance information? Why do you choose this/these tools?

Public Health Authority Website/Dashboards: It provides a single, authoritative source for the public and media. Interactive dashboards (showing case counts, geographic distribution, trends) promote transparency and allow for real-time updates.

Epidemiological Reports: These are the primary tools for public health professionals and policymakers. They provide detailed analysis, risk assessments, and recommendations for action, which is necessary for informed decision-making and resource planning.

Press Releases and Social Media Updates: To ensure accurate information reaches the broader public through traditional media channels, broad-reach public communication, especially to target vulnerable or high-risk groups. Social media allows for the quick sharing of simple, graphic-based messages about symptoms, prevention (vaccination, risk reduction), and addressing misinformation and stigma in real-time.

Health Information Exchange Systems (e.g., SMS alerts, closed electronic systems): Crucial for rapid notification to healthcare providers (hospitals, clinics, laboratories) about case definitions, testing protocols, treatment guidelines, and high-priority alerts regarding new clusters. This ensures frontline staff are prepared and follow correct procedures.

[Than Htike Aung]

As a health information professional, we must act as professionals and consider all cases professionally regardless of whether there is a personal connection or not. In this case, we must consider as a person we don’t know even, she is my friend or she is a celebrity.

What should you do? Can you tell your friend?
I should do nothing. And also cannot disclose this information my friend.

Can you interfere with other people or family issue?
No, I cannot. But there is (at least in Myanmar) protocol for HIV disclosure and family member notification but its responsibility lies with visiting doctors and counselors.

Should your friend not know about this because she might be at risk?
Yes, she might be at risk but as health information professional, we cannot disclose this information. The most I can do is referral to the responsible healthcare provider for counseling for disclosure and partner testing but it solely depends upon the patient.

Fundamental principles
Self-determination: We must respect the patient’s right to control who knows about their medical condition.
Doing good: We can do good by ensuring that the patient is counseled appropriately and follow protocols for notifications through official channels.
Do no harm: Disclosing to my friend without the consent could harm the patient and also harm the trust of health system.

Our obligation is to protect patient confidentiality and the right to hold the information lies within the patient. But we have to sure that the case is handled according to public health protocols.

[Than Htike Aung]

I would like to discuss the same project posted in previous topic discussion.
ADKAR Model

Awareness
Stakeholders were clearly informed of the need to move from paper-based systems to an electronic record platform. For every expansion, we also advocate management level and explain to operational level staffs why we need to change.

Desire
Program manager, regional officers, clinicians, nurses and data assistants were motivated to adopt the system because it directly solved their operational pain points (duplication, slow reporting, difficult to track down missing patients. Moreover, able to customize to their requirements is also a motivation factor, as they can also involve in the development process by providing their feedback.

Knowledge
Training sessions were provided for different levels of users, from data assistants to program managers. Although initial training was basic, ongoing refresher sessions helped users gain confidence and adapt to new workflows.

Ability
Users were able to apply their training in real clinical settings since the system was designed to match existing ART workflows. Dedicated IT support team was available to troubleshoot early issues, ensuring continuity of service.

Reinforcement
Continuous support, periodic system updates, and monitoring visits helped reinforce usage. Because the system became the official platform for national HIV reporting, users were motivated to consistently use it.

[Than Htike Aung]

The National AIDS Program (NAP) of Myanmar has successfully implemented a customized version of OpenMRS as the national platform for recording and managing all HIV patients receiving antiretroviral therapy (ART).

Key Success Factors

Data
Previous efforts to digitize ART patient management failed primarily because of difficulties in converting paper-based records into digital form. This implementation succeeded by introducing an efficient approach to digitize existing paper records, overcoming the largest barrier to digital transformation.

Cost
OpenMRS, being open-source, does not require licensing fees for deployment. This significantly reduced costs, making large-scale expansion and nationwide usage financially sustainable.

Operation and Design
The system was designed to address operational bottlenecks and improve the efficiency of daily clinic activities. While the user interface may not have a modern look, it was tailored to reflect existing clinic workflows, which made it intuitive for users and reduced the learning curve.

People
Stakeholders at all levels — from program managers to clinicians, nurses and data assistants were actively engaged in system design and implementation. This strong involvement led to high ownership, smoother transition from paper records, and consistent system adoption.

[Than Htike Aung]

In the implementation of OpenMRS for HIV care, we integrated a programmatic, guideline-based decision support system to assist clinicians in adhering to national treatment protocols. This feature ensures that 99.9% of treatments are aligned with national program guidelines, with the remaining less than 0.1% representing rare special cases that are also addressed within the guidelines.

The primary motivation for incorporating this functionality is the high turnover of clinical staff in hospitals. Since HIV patients are managed as outpatients, the clinicians providing antiretroviral therapy (ART) often rotate, and it is common for new doctors to be assigned to HIV clinics on a daily basis. Even in facilities where doctors and nurses are designated to HIV care, staff transfers eventually occur, creating continuity challenges. The decision support system within OpenMRS mitigates these issues by ensuring consistent, guideline-based treatment for all patients. Additionally, a knowledge-based information tool is embedded in the system, enabling users to access guidance whenever they are uncertain about the appropriate clinical steps.

[Than Htike Aung]

If hospitals do not use the ICD standard, disease classification would become inconsistent, making it difficult to share and compare data across facilities, compile national health statistics, or ensure interoperability. This would lead to ineffective data analysis, wrong diagnoses, and poor treatment or disease management. It would also hinder public health surveillance, disease reporting, international research, and monitoring of morbidity and mortality by health authorities. Additionally, insurance claims and reimbursement systems that rely on standardized codes would face challenges, while clinicians, administrators, and policymakers would struggle with fragmented records, ultimately weakening healthcare delivery and policy decision-making.

[Than Htike Aung]

I think this finding of “EMR is one of top leading causes of physician burnout” is country specific and I want to refer as first world’s problem. Because there are thousands of other reasons which cause physician burnout rather than EMR in developing countries.

I have heard many concerns from healthcare personnel—ranging from community health workers to senior administrators and clinicians—regarding the use of EMRs. To prevent such issues, the primary purpose of implementing an EMR should be to address existing problems rather than create new ones. Every workflow has its own pain points, and the EMR must provide solutions to these challenges in order to encourage adoption. I refer to this as a “working incentive” for using EMRs. When healthcare professionals recognize that the system alleviates their major difficulties, they are more likely to view it as a tool that reduces their workload rather than as an added burden.

As highlighted in the paper, poorly designed EMRs place a significant strain on users. This challenge is not unique to EMRs but applies broadly to all software systems. There are, however, many ways to improve user experience. For example, clinicians primarily want to focus on treating patients, but to do so effectively, they require comprehensive and well-organized patient information. EMRs have clear advantages over paper-based systems in this regard, offering features such as patient dashboards, integration of 2D and 3D imaging, chronological record-keeping, and mapping of relationships.

An EMR should go beyond serving as a mere data-recording tool. It must harness the full potential of digital technology to truly support clinical practice and improve healthcare delivery.

[Than Htike Aung]

Thank you for sharing. As RxBox is built from off the shelf commodities, it will save a lot of money as compared to buying similar equipment from medical device companies. As the technology is better over the time, it will become cheaper in coming years. As patient is receiving ICU level monitoring at home, customer satisfaction will be the highest and it will also improve the health outcomes of patients.

[Than Htike Aung]

Thank you for sharing this project. This kind of projects opens new opportunities for massive screening of general population without heavy resources. This will greatly improve the health outcomes related to TB especially in our country like Myanmar. Without labour intensive screening work and rapid processing time will not only reduce the cost but also improve customer satisfaction.

[Than Htike Aung]

eHealth is the use of information and technologies (digital tools, platforms and devices) to improve both healthcare outcomes and to promote disease prevention with increased efficiency and quality.

In my opinion, it should be short & clear like that.

[Than Htike Aung]

I think treatment data of HIV patients who take Anti-Retroviral Therapy (ART) can also be considered as big data as it also fits the characteristic of 7Vs as follows:

1. Volume: Over one hundred thousand of patients in national ART programs with decades of clinical records, viral load tests, CD4 counts, ART drugs histories and clinic visits due to lifelong nature of treatment.

2. Velocity: Rapid reporting of HIV related commodities consumption across nationwide can help supply chain management.

3. Variety: There are structured data such as drug prescriptions and lab results and also have unstructured data like counseling transcripts and clinical notes.

4. Veracity: Errors in manual data entry, self-reported adherence bias and incomplete demographic details.

5. Value: Helps to predict treatment failure and prevent drug resistance and improve retention in care, reduces mortality, and improve supply chain management.

6. Variability: Patients have different viral load suppression (VL) patterns (some achieve suppression in 6 months, others take longer) and VL machines have different levels of undetectable viral load count depending on manufacturer. Moreover, intervals of follow-up visits vary depending on the clinical status of the patient.

7. Visualization: Dashboards showing demographic and risk factors of new patients to take preventive measures, early warning indicator for pharmacovigilance monitoring, attrition rate for quality of care and drug consumption for supply chain management.

[Than Htike Aung]

In my organization, I led the implementation of OpenMRS HIV for Antiretroviral Therapy (ART) patients. The purpose of the project was digitalization of ART patient management including monitoring adherence and supporting national HIV program reporting.

This project improved current practices in several important ways in diseases like HIV as the whole cohort history is beneficial for the treatment. Clinicians could quickly view a patient’s treatment history and laboratory trends (such as CD4 and viral load results), which supported better clinical decision-making. The system also made it much easier to track patients who were lost to follow-up, allowing outreach teams to bring them back into care. By supporting adherence monitoring, OpenMRS helped reduce the risk of treatment interruptions and contributed to lowering drug resistance in the population. For program managers, the system generated timely reports and dashboards that strengthened monitoring of ART coverage, retention in care, and treatment outcomes. Patients benefitted from reduced waiting times and more coordinated care.

The project faced several challenges from the beginning. There is large volume of legacy paper-based treatment history to digitalize first to kick off the first deployment. That process is very resource-intensive and error-prone. Infrastructure limitations such as unreliable electricity and internet connectivity sometimes disrupted system use. Staff turnover created gaps in trained personnel, requiring repeated rounds of training. In addition, ensuring the security and confidentiality of HIV-related information remained a major concern. Sustaining the system also required ongoing technical support and funding, which was sometimes difficult in low-resource settings.
Despite these challenges, the implementation of OpenMRS for ART showed clear value in improving quality of care, supporting national HIV program goals, and ultimately contributing to better health outcomes for patients.

[Than Htike Aung]

The generic method to prevent any kind of unauthorized access attack is to limit for only whitelisted IP addresses via Firewall and use VPN or office network for any kind of access. Although, it cannot prevent for physically compromised cases such as laptop stolen, it can prevent from most software vulnerabilities.

[Than Htike Aung]

Although first step of phishing attack is generally reduced by cybersecurity awareness training, the main problem is lack of proper access control policy. Because of it, when the attacker got inside the company circle, it can access other resource regardless of its account’s role. Proper access control policies and strictly follow “Trust No One” rule for all security measures can prevent or reduce the damage of attack if it happened.

[Than Htike Aung]

This kind of mistake usually happen all the time especially when migrate to a new environment or staff changes in IT department. One of the methods to prevent that kind of scenario is to use infrastructure-as-code (IaC) such as ansible. it makes the cloud environments are reproducible and consistent. Moreover, it keeps all configurations under version control (Git) with proper branching and defines clear naming conventions and templates for services, databases, and secrets to align with good practice of server maintenance. In simple terms, it keeps the user under the security practice of best industry standards with minimal efforts.

[Than Htike Aung]

The basic attack is non-technical methods such as social engineering (manipulating individuals into giving away confidential information), shoulder surfing (observing someone’s screen or keyboard to steal login credentials) and physical observation (collecting credentials written on a sticky note or paper or physical media).

The next one is using ready-made tools such as phishing emails, phishing websites, key loggers, brute force attack, malware and ransomware infection. This one requires some level of technical knowledge although the attacker doesn’t need to create one.

The advanced methods use technical knowledge and expertise to attack. Examples include SQL injections, exploiting software bugs and zero-days exploits.

The most dangerous method is targeted attack where a single entity (person or company) is specifically targeted for the attack. The attack is mostly advanced and specially designed to that entity. The famous 2014 celebgate is a typical example of that kind of attack.

[Than Htike Aung]

Why would you choose cloud server, rather than physical server?
I will choose cloud server because there is no big initial investment to buy a physical server, and it operates on pay per use model which allows a lower entry barrier. Moreover, we do not need to buy a huge physical server to handle maximum workload because cloud server can scale up and down easily with fluctuating workload. As the cloud service provider manages all hardware, security and maintenance of servers, our IT officer can focus on his/her essential tasks, rather than server upkeep. In summary, using a cloud server reduces upfront costs, maintenance, and IT workload while providing scalability and reliability.

What kind of cloud computing service model would be most appropriate (SaaS, PaaS, IaaS)? Why?
For our hospital, a SaaS solution is the most appropriate solution. Because it has no big upfront cost, rapid deployment to the end users (patients) and minimum maintenance similar to cloud servers. We will choose PaaS and develop a custom web-based application, only if we already had the blueprint of hospital’s enterprise architecture and there is no SaaS that can fit into that architecture design. Otherwise, it will contradict the points we provide for the executive board.

[Than Htike Aung]

During the COVID-19 pandemic, we saw the full extent of technology usage in health management. Although it is pandemic, it started as small outbreaks in my country especially, we called them first and second waves of COVID-19. At the beginning, positive case detection is very critical. At the onset, timely detection of positive cases was crucial. Laboratory confirmations were typically available by early evening, reported to the central disease control unit shortly thereafter, and followed by immediate quarantine measures by local authorities. Such rapid outbreak detection and response were enabled by digital reporting platforms and real-time information dissemination systems.

Vaccination is the most effective control method in COVID-19. In Myanmar, first batch of vaccination was conducted to healthcare workers as they are the front line personnels during the pandemic. The certification and validation of massive vaccination in short period can be only possible by modern technologies. In Myanmar, unique identifier (Master Patient Index – MPI) was planned to roll out with the nationwide vaccination campaign. Digital vaccination card, anonymous contact tracing features released by Apple and Google for their iOS and android platforms and event or location check-in using QR code were considered for more effective and efficient contact tracing. Although those plans were shattered by the country’s political instability, it evidently showed that technology became a vital tool for outbreak management of any communicable diseases.

Moreover, telemedicine and robotic delivery proved to be very useful in monitoring and treatment of complicated patients during COVID-19 pandemic. It evolves into a new culture of virtual training and virtual meetings. Those are quick and effective ways of outbreak detection, response and control as compared to conventional training and meetings.

[Than Htike Aung]

With a background in both medicine and computer science, I already possess strong foundations in clinical knowledge and technical expertise, which are essential for health informatics. However, to further improve as a professional in public health or health informatics, I need to strengthen my understanding of public health statistics, public health system design and organizational development to effectively contribute to building resilient health systems. This includes learning how to design sustainable health programs, improve workflows, and align digital health solutions with organizational goals.

Additionally, I need advanced knowledge in epidemiology and population health to interpret disease trends and support evidence-based decision-making. Beyond technical skills, I must gain knowledge of health policies, governance, and regulatory frameworks to ensure ethical and secure use of health data.

Equally important are communication and leadership skills, which are critical for stakeholder engagement and effective collaboration between technical and clinical teams. By integrating expertise in technology, public health systems, organizational development, and communication, I will enable to design and implement innovative solutions that strengthen public health systems and improve public health outcomes.

[Than Htike Aung]

If I were a director or executive of a hospital, I would plan to gradually migrate the hospital’s information system to cloud computing, but with a carefully phased and secure approach. The decision would be driven by the growing need for efficiency, and modern healthcare delivery, while carefully addressing privacy, security, and operational continuity.

Data privacy and security are major concerns in cloud migration. The plan must compliance with regulations like local healthcare data protection policies. Sensitive patient information must be encrypted both in transit and at rest, with strict access controls and audit trails. I would plan to select cloud providers with a proven track record in healthcare, excellent security certifications, and clear contractual obligations regarding data ownership and breach notification.

In terms of economics, cloud computing offers significant advantages in scalability and cost-efficiency. Cloud platforms allow IT resources to be scaled up or down on demand, avoiding the need for heavy upfront investment in physical servers. This reduces both capital expenditure and ongoing maintenance costs, while allowing the IT team to focus more on strategic initiatives rather than server upkeep.

Finally, business continuity and disaster recovery are major advantages of cloud computing. Cloud platforms typically offer automated backups, redundant storage, and geographically distributed data centers. In the event of hardware failure, natural disasters, or cyberattacks, hospital operations can continue with minimal downtime, protecting both patient safety and institutional reputation.

If the hospital is under the chain of many hospitals, cloud computing will enable integration with other hospitals and enhance collaboration and coordination for resource planning.

In conclusion, I would pursue cloud adoption as a strategic initiative to modernize the hospital’s IT infrastructure, improve accessibility, and reduce costs, while carefully mitigating risks related to privacy, security, and workflow disruption. A phased approach with strong vendor partnerships and compliance measures would ensure a successful transition that benefits both patients and hospital staff.

[Than Htike Aung]

Has your computer or a computer in your workplace ever been attacked by a cyber threat? How did it happen?
One day, one of officers from another team informed me that their development server is really slow and cannot access properly. After the investigation, we found out that ransomware is running and encrypting all the files on the server causing it to slow down. It was Monday, we did have daily backup and luckily Saturday back up is unaffected. We quickly shutdown the server and restored the unaffected backup. This server is used only on weekdays; therefore no daily operation is affected.

What was the cause? How was your computer or data affected?
After the incident, we did the investigation. Initial entry point of attack came from a java war file on tomcat server running on that server. Normally it didn’t open all the time. But this time one developer left it running without changing the default admin password of tomcat Manager GUI. The attacker used the default password to install and run their war file on that server. Using that war file, they managed to install a trojan as a backup plan and install worms and ransomware. They also tried to penetrate other computers in the network, but our firewall prevented it. I think that they initially plan to build botnets if they can affect other computers in the network, but they choose to use ransomware after they fail. Luckily, no real data is affected.

What can you do to prevent it from happening again in the future?
After the incident, we added two instructions to SOP to use the server.
1. Nothing left open and closed properly after the testing or development.
2. Never leave the default password as it is after a new system is deployed.

I hope that my experience will help the others to prevent similar mistakes in the future.
Thanks

[Than Htike Aung]

If I were to build a medical app for patients and doctors, I would build a mobile app for chronic patient self-care. Chronic diseases like diabetes, hypertension and heart disease require continuous disease data collection. Those data can be collected via smart watches, smart glucometers, smart pressure cuffs and smart weight scale or patient can manually record if there are no smart devices for automation. The patient can use the app to record own health data locally on the app without sharing it with anyone. When the patient visits the hospital for follow up, he/she can share these data with the hospital system via Health Information Exchange (HIE) as described in last week’s discussion. These data will be very useful for chronic disease management and will greatly improve health outcomes of individual patients.

The app will be a mobile app with cross-platform native technology (Flutter) to reduce the development cost for both iOS and android platforms and better integration with platform health data management. As the data is stored locally on the devices, there is no maintenance cost for server and also reduce the risk for data privacy. The app will use HL7 FHIR standard to share, so the patient data will not be locked into one system and can share any system via the standard protocols if the data owner allows.

Please feel free to add comments on my idea.
Thank you.

[Than Htike Aung]

Hello everyone. I am Than Htike Aung from Myanmar and you can call me Aung. My got my Bachelor degree in Medicine and Surgery, got Master degree in Computer Science. I hope this program will help me to bridge these two different disciplines together. I am currently working as a manager in an INGO and manages digital health related projects. Therefore, this program will help me a lot to improve my knowledge in implementation of my work.
Moreover, I hope to learn invaluable experiences from all the teachers and other students as well. Looking forward to learning with all of you together.

[Than Htike Aung]

I would like to contribute about Health Information Exchange (HIE) as one example for this discussion.
Patients visit multiple clinics, hospitals, and labs throughout their life. Each facility keeps its own records, often in different formats and separate systems. This causes:

[Than Htike Aung]

Thanks for asking. ART treatment data is predictable easily. Moreover, they follow ART management guideline. Therefore, 90% of patients have similar treatment history. Based on this, expected treatment history (visit date, drug regimen, etc) are predicted by the computer using machine learning and human only needs to verify using physical paper records. It saves most the manual data entry process and need to edit if prediction was wrong. But they do need to type manually for outliner patients which is around 5-10% of total. That is how it is done.

[Than Htike Aung]

I agree with you that failure to comply with standard will have many consequences in the future.

[Than Htike Aung]

I agree with you that without standard, there is no interoperability and affects the patient care.

[Than Htike Aung]

I agree with you to encourage balance and limit after-hours will help to reduce burnout. Offline option should be compulsory feature in low resource settings.

[Than Htike Aung]

I strongly agree with you for dedicated time for documentation within working hours instead of after hours will help to reduce burnout in MM.

[Than Htike Aung]

Thanks for asking. Yes, it is used in about 40-50% of all ART sites in MM.

[Than Htike Aung]

Thanks for asking. It is currently a national platform for National AIDS Program.

[Than Htike Aung]

Hi Jenny, this is really good for your country having integrated system like ITIS for TB program. I just want to know does it also covers MDR-TB and XDR-TB cases. If it covers, is it also includes lab result reporting as it is critical for those cases. I think, if we have a study paper about ITIS, we can all learn, and other countries will also benefit from your country’s experience.
Thanks

[Than Htike Aung]

I agree with you that hybrid approach is the most suitable option for Myanmar currently. It can get best of both worlds from cloud and local although backend implementation would be a little harder as compared to pure cloud implementation.

[Than Htike Aung]

I think this is a really interesting topic as Apple is known for good security measures although some major leaks from apple devices due to targeted attack. Did you find out the root cause and how they able to access Apple Pay to withdraw your money? And when did that happen as Apple usually upgrade their security over the time?
Thanks

[Than Htike Aung]

I think that this is excellent idea. It will also be beneficial to medical persons and also to HR. As most of the payroll is based upon these duty shifts, it can be calculated efficiently. Moreover, as it can be expanded to OPD duty, referrals and linkage with other specialities will be quick and easy. It will also be beneficial to the patients too.

[Than Htike Aung]

I would like to give some information about No.2. There is a software called mSupply is used to manage all commodities under public health department and also used by some NGOs in Myanmar. You can download it from here for free and try. It only needs to pay if you want to use multiple machines. They have user manual but learning curve is a little steep. You are totally right about the other points, and I all agree with you.

[Author]

Posts