On most Friday’s we try to share something as part of our Fun Friday series of blog posts. This week we’re finally getting the chance to share the genius work of ZDoggMD. If you’ve read the site for a while, you certainly are familiar with the slightly funnier than placebo rappin’ doctor. In this video he takes on a parody of Eminem’s “Lose Yourself”. He’s screaming through the lyrics in this one and it’s chalk full of interesting one liners about our current healthcare system. Lots to chew on in this video as we enter the weekend.
Much of the time, when we discuss the Internet of Things, we’re looking at issues from an end-user perspective. We talk about the potential for IoT options like mobile medical applications and wearable devices, and ponder how to connect smart devices to other nodes like the above to offer next-generation care. Though we’re only just beginning to explore such networking models, the possibilities seem nearly infinite.
That being said, most of the responsibility for enabling and securing these devices still lies with the manufacturers, as healthcare networks typically don’t integrate fully with IoT devices as of yet.
So I was intrigued to find a recent article in Dark Reading which lays out some security considerations manufacturers of IoT devices should keep in mind. Not only do the suggestions give you an idea of how vendors should be thinking about vulnerabilities, they also offer some useful insights for healthcare organizations.
Security research Lysa Myers offers IoT device-makers several recommendations to consider, including the following:
- Notify users of any changes to device features. In fact, it may make sense to remind them repeatedly of significant changes, or they may simply ignore them out of habit.
- Put a protocol in place for handling vulnerability reports, and display your vulnerability disclosure policy prominently on your website. Ideally, Myers notes, makers of IoT medical devices should send vulnerability reports to the FDA.
- When determining how to handle a vulnerability issue, let the most qualified person decide what should happen. In the case of automated medical diagnosis, for example, the right person would probably be a doctor.
- Make it quick and easy to update IoT device software when you find an error. Also, make it simple for customers to spot fraudulent updates.
- Create an audit log for all devices, even those that might seem too mundane to interest criminals, as even the least important of devices can assist criminals in launching a DDoS attack or spamming.
- See to it that users can tell when the changes made to an IoT device’s software are made by the authorized user or a designated representative rather than a cybercriminal or other inappropriate person.
- Given that many IoT devices require cloud-based services to operate, it’s important to see that end users aren’t dropped abruptly with no cloud alternative. Manufacturers should give users time to transition their service if discontinuing a device, going out of business or otherwise ending support for their own cloud-based option.
If we take a high-level look at these recommendations, there’s a few common themes to be considered:
Awareness: Particularly in the case of IoT devices, it’s critical to raise awareness among both technical staffers and users of changes, both in features and security configurations.
Protection: It’s becoming more important every day to protect IoT devices from attacks, and see to it that they are configured properly to avoid security and continuity failures. Also, see to that these devices are protected from outages caused by vendor issues.
Monitoring: Health IT leaders should find ways to integrate IoT devices into their monitoring routine, tracking their behavior, the state of security updates to their software and any suspicious user activity.
As the article suggests, IoT device-makers probably need to play a large role in helping healthcare organizations secure these devices. But clearly, healthcare organizations need to do their part if they hope to maintain these devices successfully as health IT models change.
Though it’s not without competitors, I’d argue that Apple’s HealthKit has stood out since its inception, in part because it was relatively early to the game (mining patient-centered data) and partly because Apple products have a sexy reputation. That being said, it hasn’t exactly transformed the health IT industry either.
Now, though, with the acquisition of Gliimpse, a startup which pulls data from disparate EMRs into a central database, it’s become clearer what Apple’s big-picture goals are for the healthcare market – and if its business model works out they could indeed change health data industry.
According to a nifty analysis by Bloomberg’s Alex Webb, which quotes an Apple Health engineer, the technology giant hopes to see the health data business evolve along the lines of Apple’s music business, in which Apple started with a data management tool (the iPod) then built a big-bucks music platform on the device. And that sounds like an approach that could steal a move from many a competitor indeed.
Apple’s HealthKit splash
Apple made a big splash with the summer 2014 launch of HealthKit, a healthcare data integration platform whose features include connecting patient generated health data with traditional systems like the Epic EMR. It also attracted prominent partners like Cedars-Sinai Medical Center and Ochsner Health System within a year or so of its kickoff.
Still, the tech giant has been relatively quiet about its big-picture vision for healthcare, leaving observers like yours truly wondering what was up. After all, many of Apple’s health data moves have been incremental. For example, a few months ago I noted that Apple had begun allowing users to store their EMR data directly in its Health app, using the HL7 CCD standard. While interesting, this isn’t exactly an earth-shattering advance.
But in his analysis — which makes a great deal of sense to me – Bloomberg’s Webb argues that Apple’s next act is to take the data it’s been exchanging with wearables and put it to better use. Apple’s long-awaited big idea is to turn Apple’s HealthKit into a system that can improve diagnoses, sources told Bloomberg.
Also, Apple intends to integrate health records as closely with its proprietary devices as possible, offering not only data collection but suggestions for better health in a manner that can’t be easily duplicated on Android platforms. As Webb rightly points out, such a move could undermine Google’s larger healthcare plans, by locking consumers into Apple technology and discouraging a switch to the Google Fit health tracking software.
Big vision, big questions
As we know, even a company with the reputation, cash and proprietary user base enjoyed by Apple is far from a shoo-in for consumer health data dominance. (Consider the fate of Microsoft HealthVault and Google Health.) Its previous successes have come, as noted, by creating a channel then dominating that channel, but there’s no guarantee it can pull off such a trick this time.
For one thing, the wearables market is highly fragmented, and Apple is far from being the leader. (According to one set of stats, Fitbit had 25.4% of the global wearables market as of Q2 ’16, Xiaomi 14%, and Apple just 7%.) That doesn’t bode well for starting a health tracker-based revolution.
On the other hand, though, Apple did manage to create and dominate a channel in the music business, which is also quite resistant to change and dominated by extremely entrenched powers that be. If any upstart healthcare player could make this happen, it’s probably Apple. It will be interesting to see whether Apple can work its magic once again.
Validic has been integrating medical device data with electronic health records, patient portals, remote patient monitoring platforms, wellness challenges, and other health databases for years. On Monday, they highlighted a particularly crucial and interesting segment of their clientele by releasing a short report based on a survey of clinical researchers. And this report, although it doesn’t go into depth about how pharmaceutical companies and other researchers are using devices, reveals great promise in their use. It also opens up discussions of whether researchers could achieve even more by sharing this data.
The survey broadly shows two trends toward the productive use of device data:
Devices can report changes in a subject’s condition more quickly and accurately than conventional subject reports (which involve marking observations down by hand or coming into the researcher’s office). Of course, this practice raises questions about the device’s own accuracy. Researchers will probably splurge for professional or “clinical-grade” devices that are more reliable than consumer health wearables.
Devices can keep the subject connected to the research for months or even years after the end of the clinical trial. This connection can turn up long-range side effects or other impacts from the treatment.
Together these advances address two of the most vexing problems of clinical trials: their cost (and length) and their tendency to miss subtle effects. The cost and length of trials form the backbone of the current publicity campaign by pharma companies to justify price hikes that have recently brought them public embarrassment and opprobrium. Regardless of the relationship between the cost of trials and the cost of the resulting drugs, everyone would benefit if trials could demonstrate results more quickly. Meanwhile, longitudinal research with massive amounts of data can reveal the kinds of problems that led to the Vioxx scandal–but also new off-label uses for established medications.
So I’m excited to hear that two-thirds of the respondents are using “digital health technologies” (which covers mobile apps, clinical-grade devices, and wearables) in their trials, and that nearly all respondents plan to do so over the next five years. Big data benefits are not the only ones they envision. Some of the benefits have more to do with communication and convenience–and these are certainly commendable as well. For instance, if a subject can transmit data from her home instead of having to come to the office for a test, the subject will be much more likely to participate and provide accurate data.
Another trend hinted at by the survey was a closer connection between researchers and patient communities. Validic announced the report in a press release that is quite informative in its own right.
So over the next few years we may enter the age that health IT reformers have envisioned for some time: a merger of big data and clinical trials in a way to reap the benefits of both. Now we must ask the researchers to multiply the value of the data by a whole new dimension by sharing it. This can be done in two ways: de-identifying results and uploading them to public or industry-maintained databases, or providing identifying information along with the data to organizations approved by the subject who is identified. Although researchers are legally permitted to share de-identified information without subjects’ consent (depending on the agreements they signed when they began the trials), I would urge patient consent for all releases.
Pharma companies are already under intense pressure for hiding the results of trials–but even the new regulations cover only results, not the data that led to those results. Organizations such as Sage Bionetworks, which I have covered many times, are working closely with pharmaceutical companies and researchers to promote both the software tools and the organizational agreements that foster data sharing. Such efforts allow people in different research facilities and even on different continents to work on different aspects of a target and quickly share results. Even better, someone launching a new project can compare her data to a project run five years before by another company. Researchers will have millions of data points to work with instead of hundreds.
One disappointment in the Validic survey was a minority of respondents saw a return on investment in their use of devices. With responsible data sharing, the next Validic survey may raise this response rate considerably.
This post is sponsored by Samsung Business. All thoughts and opinions are my own.
We’ve all seen the explosive growth that’s occurred in the wearables market. The most extraordinary part of the wearables explosion is that the majority of wearables growth has been in the healthcare space. The problem we now see in healthcare is that most people don’t look at wearables as a disease management tool as much as they see them as lifestyle tools. This was described really well by Megan Williams on the Samsung Insights blog:
Perhaps the most challenging part of meeting that desire [Physician Access to Patients’ Lives and Health] is the fact that patients mostly view wearables as an aid in lifestyle improvement instead of disease management. The task of helping patients understand that wearables are about much more than weight loss will fall squarely on the shoulders of providers.
Patients have traditionally shown a preference for lifestyle apps including fitness, nutrition and heart rate aids, and have been much slower to adopt disease management tools, even as chronic disease remains a burden on healthcare as a whole. Encouraging the use of a broader range of wearables, digital tools and apps will be a challenge for any provider.
Changing habits and perceptions is always a challenge. However, it’s also a great opportunity.
No one would argue that today’s wearables are more than novelty items that may have some impact on your lifestyle (fitness, nutrition, etc). That’s largely because the initial wearables were designed around those retail areas of the market. It’s much easier to create a retail wearable device than to create a disease management focused healthcare device.
As the healthcare wearables market matures so will patients expectations around the benefits they can receive from those wearables. I think there are two main keys to development of wearables as true healthcare devices: Depth of Tracking and Connection to Providers.
Depth of Tracking
I’ve argued for a while now that all the various fitness trackers were not clinically relevant. I still believe that today, but I also believe that wearables like the various fitness trackers will start tracking us in ways that are clinically relevant. That just takes a lot longer to develop.
Whether it’s new trackers that screen for sleep apnea or ECGs that monitor our heart, we’re seeing more and more wearable devices monitoring data that’s more clinically relevant than the number of steps you’ve taken. This trend will continue. As wearables more deeply track various parts of the human body, the opportunities to understand your health and improve your health will follow along with it. This will provide doctors the impetus to request access to your wearable data.
The deep data these wearables will provide will challenge the tried and true beliefs healthcare holds so dearly today. That can be scary for some, but is also very exciting.
Connection to Providers
While wearables will provide the data, we’ll still want to consult a healthcare provider to understand the data and to create a plan of action based on that data. At least in the foreseeable future, our health will depend on collaboration with healthcare providers as opposed to a replacement of healthcare providers. This will be particularly true as the type of data our wearables collect gets more complicated. Understanding your step chart is quite different than understanding your ECG.
In order to facilitate this collaboration, our wearables will have to be connected to our care providers. Note that I said care providers and not doctors. In some cases it might be our doctor, but in other cases it could be a nurse, care manager, social worker, or some other care provider. I’m hopeful that we eventually reach the point of a true care team that collaborates on our health. That’s a far cry from where most of our healthcare is today, but that is the hope.
If we can solve these two wearable challenges: Deeper Data and Connected Providers, then we’ll be well on our way to changing how patients view wearables. This shift won’t happen over night, but I believe it will happen a lot quicker than most people imagine.
A new study has concluded that while mobile health app developers are developing better privacy practices, these developers vary widely in how they share those policies with consumers. The research, part of a program launched in 2011 by the Future of Privacy Forum, concludes that while mHealth app makers have improved their practices, too many are still not as clear as they could be with users as to how they handle private health information.
This disquieting lack of thorough privacy protections extended even to apps collecting some of the most intimate data, the FPF report pointed out. In particular, a subset of mHealth developers aren’t doing anything much to make their policies accessible.
Underlying this analysis is the unfortunate truth that there’s still no gold standard for mHealth privacy policies. This may be due more to the complexity of the still-maturing mobile health ecosystem than resistance to creating robust policies, certainly. But either way, this issue won’t go away on its own, so mHealth app developers will need to give their privacy strategy more thought.
Maybe I’m misreading things, but it seems to me that few health IT pros really believe we can get patients to leverage their own health data successfully. And I understand why. After all, we don’t even have clear evidence that patient portals improve outcomes, and portals are probably the most successful engagement tool the industry has come up with to date.
And not to be a jerk about it, but I bet you’d be hard-pressed to find HIT gurus who believed the state of Louisiana would lead the way, as the achingly poor southern state isn’t exactly known for being a healthcare thought leader. As it so happens, though, the state has actually succeeded where highfalutin’ health systems have failed.
Over one year, the state has managed to generate a 23% increase in health IT use among at-risk patients, and also, a 10.2% decrease in non-emergent use of emergency departments by Medicaid managed care organization members, thank you very much.
So how did Louisiana’s top healthcare brass accomplish this feat? Among other things, they launched a HIE-enabled ED data registry, along with a direct-to-consumer patient engagement campaign. These efforts were done in partnership with the Louisiana Health Care Quality Forum, which developed statewide marketing plans for the effort (See John’s interview with the Louisiana Health Care Quality Forum for more details).
They must have created some snazzy marketing copy. As Healthcare IT News noted, between August 2015 and May 2016, patient portal use shot up 31%, consumer EHR awareness rose 23% and opt-in to the state’s HIE grew by 3%, Quality Forum marketer Jamie Martin told HIN.
Not only that, the number of patients asking for access to or copies of electronic health data increased by 12%, and the number of patients with current copies of their health information grew by 9%, Martin said.
This is great news for those who want to see patients buy in to the digital health paradigm. Though it’s hard to tell whether the state will be able to maintain the benefits it gained in its initial effort, it clearly succeeded in getting a substantial number of patients to rethink how they manage their care.
But (and I’m sorry to be a bit of a Debbie Downer), I was a bit disappointed when I saw none of the gains cited related to changing health behaviors, such as, say, an increase in diabetics getting retinal exams.
I know that I should probably be focused on the project’s commendable successes, and believe it or not, I do find them to be exciting. I’m just not sure that these kinds of metrics can be used as proxies for health improvement measures, and let’s face it, that’s what we need, right?
In a precedent-setting move, Apple has released new guidelines for its iOS App Store which impose new limitations on health and medical app developers. iMedicalApps contributor Iltifat Husain, M.D., who wrote a piece about the changed standards, said they contain “the most stringent language I have ever seen Apple used for the health and medical category of apps.”
According to Husain, highlights from Apple’s new developer guidelines include:
- A warning that if an app could possibly cause physical harm, Apple could reject it
- A warning that apps which provide inaccurate data or information that could be used to diagnose or treat patients will get increased scrutiny
- A reminder that apps which calculate drug dosage must come from the drug manufacturer, a hospital, university, health insurance company or other approved entity. In other words, independent developers cannot post a medical app for drug dosages themselves.
- A ban on marijuana-related apps
- A ban on apps that encourage people to place their iPhones under a mattress or pillow while charging (such as some sleep monitors)
Historically, Apple has been relatively lax about hosting potentially dangerous health apps, Husain says. For example, he notes that apps purporting to measure a consumer’s blood pressure by using the iPhone’s camera and microphone tend to be quite inaccurate in their measurements, but that Apple had not screened them out. Now things have changed for the better, Husain writes. “Apps [like these] would not get through the screening review process under Apple’s new guidelines.”
Husain argues that the new guidelines are more important than the FDA’s recently-updated guidelines on health apps: “There is no way the FDA can regulate the hundreds of thousands of health and medical apps and the updates made to them,” Husain writes. “The screening process is what has to change.” And given Apple’s market footprint and influencer status it’s hard to disagree with him.
At this point the question is whether Google will follow suit. After all, while the Apple app store hosted 2 million apps as of June, Google Play offered 2.2 million apps, according to one study, and as of February there were three Android users for every iPhone user. So If Google doesn’t put more stringent health app requirements in place as well, creators of dodgy health apps can still develop for Android and find a wide audience.
That being said, neither Google nor Apple are required to impose new restrictions on health apps, and are likely to be governed by commercial pressure more than medical appropriateness. Also, both parties are free to set any rules they choose, and uses might not be aware of important differences between the two sets of policies. In other words, if the goal is to protect consumers, relying on guidelines generated by app store hosts probably won’t fly over the long-term.
I’m not necessarily suggesting that the FDA or other regulatory body should come down on the app stores like a ton of bricks. That would be overkill, and as Husain notes, is probably beyond their capabilities.
But doctors in the know about apps might want to warn patients about their potential limitations, and offer some criteria as to what they can expect from health apps. After all, most consumers have experimented with one health app of the other, so even if the doctor doesn’t prescribe them, patients need to be educated about their options. So if you’re a mobile health savvy clinician reading this, consider increasing patients on these issues.
Back in the day, say a decade ago or so, when e-prescribing itself was a new and big deal, the feds – especially the DEA – didn’t think much of the e-prescribing of controlled drugs like opiates. But a few years later the agency eventually came around. In June of 2010, it released a rule which allowed providers to issue such prescriptions nd pharmacies to receive, dispense and archive these scripts electronically nationwide.
Since then, electronic prescribing of controlled substances (EPCS) has taken off, according to a story in Search HealthIT. In fact, EPCS has been growing rapidly, particularly during 2015, according to national pharmacy IT network Surescripts.
Specifically, the number of ECPS transactions shot up 600% last year, from 1.67 million to 12.8 million scripts issued, according to Surescripts’ 2015 National Progress Report. Part of the reason for this surge is that providers are getting on board at a brisk pace. The number of providers enabled to use EPCS grew 359% last year.
Among the interesting stats to be culled from the Surescripts report is that 32% of drugs prescribed were opioids. This statistic should draw a lot of interest from public officials and enforcement agencies trying to stem the tide of opioid overdoses which killed more than 28,000 Americans in 2014. That’s four times as many who died of this cause in 2010, according to Surescripts’ sources.
A Drop in the Bucket
It’s worth noting that the number of EPCS transactions still pales in contrast to the number of transactions hosted on the Surescripts network that year. The network handled 9.7 billion transactions in 2015, up 40% from the previous year, the company reported. That means the EPCS is still a drop in the bucket overall.
Also, levels of EPCS-enabled pharmacies and physicians vary across the U.S. For example, 91% of pharmacies are EPCS-enabled in New York, the top state for such pharmacies. (A New York State rule requiring every practitioner in the state to e-prescribe all medications went into effect in March.) Other top-ranked states for pharmacy penetration included Massachusetts, California and Texas. On the other hand, only 73% of pharmacies were EPCS-enabled in Georgia and Florida.
Still, with adoption levels seemingly evening out between states – and the gap small enough to close over the next few years – it seems like EPCS is becoming an established practice. Surescripts contends that this is for the best, and argues that EPCS reduces fraud and improper prescribing by making it easier to track such medications. And with states like New York mandating e-prescribing for all providers, the growth in EPCS is likely to stay healthy.
However, for every action there’s a reaction, and the other shoe may not have dropped where EPCS risks are concerned. It may take a few years to find out whether the confidence some have in this approach was merited.