Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Medical Device Security – Where Is the Finger Pointing?

Posted on October 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If a picture is worth a thousands words, the above picture is worth about 10,000. I think this picture is best summed up by saying that the medical device industry is a heavily regulated industry. You can see why EHR vendors don’t want to be regulated by the FDA. It would get pretty crazy.

This image also illustrates to me why a company that’s built an FDA or medical device compliance capability has something of real value. Navigating the process is not easy and it helps if you’ve been there and done it before.

As to Dr. Wen’s comment on the tweet. There are a lot of challenges when it comes to medical device security. Definitely no antivirus and many are running on old operating systems that can’t be updated. We’re going to have to put some serious thought into how to solve problems like these in future medical devices.

Confusing HIPAA Compliance With Security

Posted on October 2, 2014 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Most people  who read this publication know that while HIPAA compliance is necessary, it’s not sufficient to protect your data. Too many healthcare leaders, especially in hospitals, seem satisfied with the song and dance their cloud vendor gave them, or the business associate that promises on a stack of Bibles that it’s in compliance.

I was reminded of this just the other day when Reuters came out with some shocking statistics. One particularly discomforting stat it reported was the fact that medical data is now worth 10 times more than your credit card number on the black market (even if John has argued otherwise). Why? Well, among other things, because medical identity theft isn’t tracked well by providers and payers, which means that a stolen identity can last for months or years before it’s closed down.

Healthcare is not only lagging behind other industries in terms of its hardware and software infrastructure, but the extent to which its executives give a care as to how exposed they are to a breach. Security experts note that senior executives in hospitals see security as a tactical, not a strategic problem, and they don’t spend much time or money on it.

But this could be a deadly mistake. As Jeff Horne, vice president at cybersecurity firm Accuvant, noted to Reuters, “healthcare providers and hospitals are just some of the easiest networks to break into. When I’ve looked at hospitals, and when I’ve talked to other people inside of a breach, they are using very old legacy systems – Windows systems that are 10+ years old that have not seen a patch.”

As if that wasn’t enough, it’s been increasingly demonstrated that medical devices — from infusion pumps to MRIs — are also frighteningly vulnerable to cyber attacks. The vulnerabilities might not be found for months, and when they are, the hapless provider has to wait for the vendor to do the patching to stay in FDA compliance.

So far, even the biggest HIPAA breaches — notably the 4.5 million patient records stolen from hospital giant Community Health Systems — don’t seem to have generated much change. But the sad truth is that unless hospitals get their act together, focused senior executive attention on the issue, and spend enough money to fix the many vulnerabilities that exist, we’re likely to be at the forefront of a very ugly time indeed.

How Secure Are Wearables?

Posted on October 1, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

JaneenB asks a really fantastic question in this tweet. Making sure that wearables are secure is going to be a really hot topic. Yesterday, I was talking with Mac McMillan from Cynergistek and he suggested that the FDA was ready to make medical device security a priority. I’ll be interested to see what the FDA does to try and regulate security in medical devices, but you can see why this is an important thing. Mac also commented that while it’s incredibly damaging for someone to hack a pacemaker like the one Vice President Cheney had (has?), the bigger threat is the 300 pumps that are installed in a hospital. If one of them can be hacked, they all can be hacked and the process for updating them is not simple.

Of course, Mac was talking about medical device security from more of an enterprise perspective. Now, let’s think about this across millions of wearable devices that are used by consumers. Plus, many of these consumer wearable devices don’t require FDA clearance and so the FDA won’t be able to impose more security restrictions on them.

I’m not really sure the answer to this problem of wearable security. Although, I think two steps in the right direction could be for health wearable companies to first build a culture of security into their company and their product. This will add a little bit of expense on the front end, but it will more than pay off on the back end when they avoid security issues which could literally leave the company in financial ruins. Second, we could use some organization to take on the effort of reporting on the security (or lack thereof) of these devices. I’m not sure if this is a consumer reports type organization or a media company. However, I think the idea of someone holding organizations accountable is important.

We’re definitely heading towards a world of many connected devices. I don’t think we have a clear picture of what this means from a security perspective.

Has the Google Glass Hype Passed?

Posted on September 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It seems to me that the hype over Google Glass is done. Enough people started using them and many couldn’t see the apparent value. In fact, some are wondering if Google will continue to invest in it. They’ve gone radio silent on Google Glass from what I’ve seen. We’ll see if they’re planning to abandon the project or if they’re just reloading.

While the future of Google Glass seems unsure to me, I think the idea of always on, connected computing is still alive and well. Whether it’s eyeware, a watch or dome other wearable doesn’t matter to me. Always on, connected computing is a powerful concept.

I’m also interested in the telemedicine and second screen approaches that have been started using Google Glass in Healthcare. Both of these concepts will be an important part of the fabric of health care going forward.

I still remember the wow factor that occurred when I first used Google Glass. It still amazes me today. I just wish it were a little more functional and didn’t hurt my eyes when I used it for long periods.

What do you think of Google Glass and the category of always on computing?  Do you see something I’m missing?

Is The Future of Smart Clothing Modular or Integrated?

Posted on September 4, 2014 I Written By

Kyle is Founder and CEO of Pristine, a company in Austin, TX that develops telehealth communication tools optimized for Google Glass in healthcare environments. Prior to founding Pristine, Kyle spent years developing, selling, and implementing electronic medical records (EMRs) into hospitals. He also writes for EMR and HIPAA, TechZulu, and Svbtle about the intersections of healthcare, technology, and business. All of his writing is reproduced at kylesamani.com

OMSignal recently raised $10M to build sensors into smart clothes. Sensoria recently raised $5M in pursuit of the same mission, albeit using different tactics. Meanwhile, Apple hired the former CEO of Burberry, Angela Ahrendts, to lead its retail efforts.

And Google is pushing Android Wear in a major way, with significant adoption and uptake by OEMs.

There’re two distinct approaches that are evolving in the smart clothing space. OMSignal, Sensoria, and Apple are taking a full-stack, vertical approach. OMSignal and Sensoria are building sensors into clothing and selling their own clothes directly to consumers. Although Apple hasn’t announced anything to compete with OMSignal or Sensoria, it’s clear they’re heading into the smart clothing space in traditional Apple fashion with the launch of Health, the impending launch of the iWatch, and the hiring of Angela Ahrendts.

Google, on the other hand, is licensing Android Wear to OEM vendors in traditional Google fashion: by providing the operating system and relevant Google Services to OEMs who can customize and configure and compete on retail and marketing. Although Google is yet to announce partnerships with any more traditional clothing vendors, it’s inevitable that they’ll license Android Wear to more traditional fashion brands that want to produce smart, sensor-laden clothing.

Apple’s vertically-integrated model is powerful because it allows Apple to pioneer new markets that require novel implementations utilizing intertwined software and hardware. Pioneering a new factor is especially difficult when dealing with separate hardware and software vendors and all of the associated challenges: disparate P&Ls, different visions, and unaligned managerial mandates. However, once the new form factor is understood, modular hardware and software companies can quickly optimize each component to drive down costs and create new choices for consumers. This approached has been successfully played out in the PC, smartphone, and tablet form factors.

Apple’s model is not well-suited to being the market leader in terms of raw volume. Indeed, Apple optimizes towards the high end, not the masses and this strategy has served them well. But it will be interesting to see how they, along with other vertically integrated smart-clothing vendors, approach the clothing market. Fashion is already an established industry that is predicated on variety, choice, and personalization; these traits are the antithesis of the Apple model. There’s no way that 20% or even 10% of the population will wear t- shirts, polos, tank tops, dresses, business clothes, etc., (which I’ll collectively call the “t-shirt market”) made by a single company. No one company can so single-handedly dominate the t-shirt market. People simply desire too many choices for that to happen.

OMSignal and Sensoria don’t need to worry about this problem as much as Apple since they’re targeting niche use cases in fitness and health. However, as they scale and set their sites on the mass consumer market, they will need to figure out a strategy to drive massive personalization. Apple, given its scale and brand, will need to address the personalization problem in the t- shirt market before they enter it.

The t-shirt market is going to be exciting to watch over the coming decades. There are enormous opportunities to be had. Let the best companies win!

Feel free to a drop a comment with how you think the market will play out. Will the startups open up their sensors to 3rd party clothing companies? Will Apple? How will Google counteract?

Vendor Creates EMR For Google Glass

Posted on June 20, 2014 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Well, here’s an interesting development. An EMR company has created an app allowing doctors using Google Glass to store patient data on a cloud-based storage and collaboration site.

The vendor, California-based Drchrono, is claiming that the application is the first “wearable health record.”  Whether or not that’s the case, this is clearly a step forward in the development of Google Glass as a practical tool for doctors.

According to a Reuters report, Drchrono worked closely with cloud-based storage and collaboration service Box along with Google Glass to create the app.

The new Google Glass at allows doctors — with the patient’s permission — to use Google Glass to record a consultation or surgery. Once the work is done, physician can store the video, as well as photographs and notes, and the patient’s EMR or in Box. The app also allows the data to  be shared with the patient.

The app is still in its infancy — so far, just 300 of the 60,000 doctors using Drchrono’s EMR platform have opted to use the Google Glass app, which is currently available at no cost to users.

But Google Glass apps and options are clearly on the rise, and not just among providers. A recent study by Accenture found that consumers are are very interested in wearable technology; they’re particularly interested in wearable smart glasses like Google Glass as well as smart watches.

As things stand, devices like Google Glass are in the very early adoption stage, so it’s not surprising that few of Drchrono’s physician users have opted to try out the new app. But things are likely to change over the next year or two.

I believe Google Glass will follow the same trajectory the iPad did in medicine. First it was a toy for the well-financed, curious and tech savvy, then an option for early adopters in medicine, then eventually a tool that made sense for nearly every provider.

For the next year or two, most Google Glass announcements will be like this one, reports of experiments whose only uptake will come from leading-edge experimenters in medical technology. But within the next two years or so, Google Glass uses will proliferate, as will the apps that make them a worthwhile investment.

This level of success isn’t inevitable, but it is likely. I’d bet good money that two years from now, you may be reading this blog on a Google Glass app and managing your EMR through one as well.  It’s just a matter of time.

Can Healthcare IT Abolish a Disease?

Posted on March 7, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A week after the craziness that is HIMSS (there’s a reason the #HIMSSanity hashtag has done so well), I’m kicking around an idea that came to my mind on my flight home from HIMSS. Overwhelmed by the 5 days of in depth discussions, I closed out my HIMSS talking about healthcare IT with the lovely lady sitting next to me. It just so happened that she was a HIE coordinator at a hospital in California and was heading home from HIMSS as well.

We had a far reaching discussion on the 5 or so hour flight home from Orlando. At one point we started the discussion of personalized medicine. I think I freaked her out a little bit when I mentioned the concept of every organ having an IP address.

Our discussion prompted to me to consider this really interesting an important question:

Can we abolish a disease because we’re so good at predicting that disease that we prevent it from ever happening?

When I considered this idea, it reminded me of Bill Gates (and many others) efforts to literally eradicate Polio from off the face of the earth. They’re doing so using vaccines and I can’t remember the exact timeline, but they’re only a few years out from this goal. It’s so empowering to think about eradicating a disease. Could health IT have a similar impact?

I haven’t thought through all the diseases and all the technology that could benefit from this concept, but I’m quite certain this is the real future of healthcare IT. How wonderful would it be to work on a project that determined the cause of diabetes early enough that we no longer had diabetics? What if we no longer had coughs and colds because we could identify the warning signs early enough that we could stop them from ever happening? We just need to get past the beauracracy and regulation and on to solving these major problems. No doubt this will take an enormous effort and resources and people beyond the traditional health IT.

This is a lofty concept indeed. However, I don’t think these ideas are that far away. What do you think? Could healthcare IT be used to abolish a disease?

Connecting Smart Mobile Devices to the EHR

Posted on January 9, 2014 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

My colleague, John Lynn, posted a hilarious CES marketing video advertising a new product it calls the iOximeter.  The iOximeter, which operates on both the iOS and Android platforms, is an independent device which attaches to smart phones, turning the phone into a pulse oximeter.

I strongly suspect that an i-glucose meter, i-scale and i-blood pressure cuff designed for the mass consumer market are starting to make major headway.

Not to be Scrooge at the Christmas party — I think such devices are a very positive development — but I’m left wondering what the purpose of getting the data onto the phone really is.  After all, unless the data gets to a physician conveniently, and ideally comes to live in their EMR, just how much good does it do?

On the consumer side, it does little but add bells and whistles to products consumers are increasingly used to using anyway, given that the price point for these devices is low enough that they’re sold in consumer pharmacies.

On the provider side meanwhile, you’re left with data that, while it might be arranged in pretty charts, doesn’t integrate itself easily into clinicians’ work flow.  And with EMRs already dumping huge volumes of data into their laps, some physicians are actively resisting integrating such data into the records.

No, the existing arrangement simply doesn’t do anything for clinicians, it seems.  Yes, consumers who are into the whole Quantified Self movement might find collecting such data to be satisfying, but the truth is that at this point many doctors just don’t want a ton of consumer-driven data added to the mix.

To make such phone-based devices useful to clinicians, someone will probably have to create a form of middleware, more or less, which accepts, parses, and organizes the data coming in from mobile health app/device combos like these.  When such a middleware layer goes into wide use, then you’ll see hospitals and doctors actively promote the use of these apps and devices.  Until then, devices like the iOximeter aren’t exactly toys, but they’re not going to change healthcare either.

Parents Using PHRs More Likely To Get In All Well-Child Visits

Posted on October 18, 2013 I Written By

Katherine Rourke is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Parents using an integrated PHR were more likely to take their young children to all recommended well-child visits, according to a Kaiser Permanente study reported in iHealthBeat.

More than 4.3 million members are registered to use Kaiser’s PHR, My Health Manager, on kp.org. During the first half of this year, patients have viewed 17.5 million lab test results, sent 7.4 million secure e-mails to their care providers, refilled 7.1 million prescriptions and scheduled 1.8 million appointments, reports News-Medical.

The study, which was published in The Journal of Pediatrics, analyzed data on more than 7,000 children ages zero to two living in the Northwest U.S. and Hawaii.  The children were enrolled in KP health plans between January 2007 and July 2011.  To determine the appropriate number of well-child visits, researchers  used performance measures listed in the 2010 Healthcare Effectiveness Data and Information Set that state that children aged 0 to 15 months should attend at least six well-care visits, News-Medical says.

The study found that in the Northwest region, children whose parents used the Kaiser PHR during the study period were 2.5 times more likely to bring their child to the recommended number of well-child visits. These children were also 1.2 times more likely to get all of their immunizations.

In Hawaii, meanwhile, children in this group were two times more likely to get all well-child visits, but results related to immunizations were statistically insignficant, iHealthBeat notes.

While it may be too soon to call it a trend, this is one of a growing number of projects which use the PHR concept to help patients engage and take responsibility for their health behaviors.

For example, this summer Howard University Hospital rolled out a mobile PHR for pre-diabetic young adults designed to help them take control of their health.  Howard has given the young adults in the program — aged 18 to 24 and diagnosed with pre-diabetes — access to a mobile version of the NoMoreClipboard PHR for their smartphones.

The program sends a variety of text messages to the young adults targeted by this intervention, which include reminders to interact with the PHR. The program participants are also given a FitBit Zip wireless activity tracker which keeps track of steps taken, distance covered and calories burned per user.

Projects like these, which help patients make the PHR the fulcrum point for better health, are a smart way of using the technology. I expect to see a great deal more of this “PHR=patient engagement=better health” model going forward.

Is the ‘Internet of Things’ Health IT’s Next Big Thing?

Posted on October 17, 2013 I Written By

James Ritchie is a freelance writer with a focus on health care. His experience includes eight years as a staff writer with the Cincinnati Business Courier, part of the American City Business Journals network. Twitter @HCwriterJames.

Gartner Inc. has come out with a bullish report on the “internet of things,” which it predicts will add nearly $2 trillion in value to the economy by 2020 and transform the way all businesses operate.

As many as 30 billion devices with unique IP addresses will be connected, the majority of them being products, according to Gartner. That’s compared with a 2009 figure of 2.5 billion, 80 percent of them being devices such as laptops and phones.

One of the most often quoted descriptions of the internet of things comes from Helen Duce, director of the RFID Technology Auto-ID European Centre at the University of Cambridge: “We have a clear vision: to create a world where every object — from jumbo jets to sewing needles — is linked to the Internet.”

Health care would, of course, be part of the vision, which Gartner, a Stamford, Conn.-based IT research and advisory firm, calls the Digital Industrial Economy. The sector receives prominent billing, along with retail and transportation, in Garner’s latest news release on the topic.

The thinking is that physical objects — “from roadways to pacemakers,” as McKinsey & Co. put it in one report — will produce constant data streams that can be analyzed and acted on. The possibilities for systems such as inventory control are obvious enough, as the inventory would report on itself.

In health care, a major application could be in patient monitoring. Marketplace has quoted Dr. Anthony Jones of Philips Healthcare on the possibilities: “If I now have a continuous monitor, and I have that data going up into a central repository, I can write algorithms and put some intelligence into that repository that allows me to look for trends. So part of what the Internet of things will allow is much more sophisticated, much more continuous monitoring.” Sounds a bit like what John described in his post “Every Organ Will Have an IP Address.”

It sounds promising. But it also sounds much more incremental than it’s being portrayed by Gartner and other consultants.

Consider how Peter Sondergaard, senior vice president at Gartner, explained the future in a recent talk covered by ZDNet:

“The Digital Industrial Economy will be built on the foundations of the Nexus of Forces (which includes a confluence and integration of cloud, social collaboration, mobile and information) and the Internet of Everything by combining the physical world and the virtual.”

The predictions — Sondergaard said every object costing more than $100 will be smart by 2020 — look optimistic. Or pessimistic, depending on how you look at it: Gartner also estimates that one in three knowledge workers will be displaced by the new technologies.

About 60 percent of respondents to Gartner’s own recent CEO survey said the idea that the internet of things would replace millions of workers over the next decade-and-a-half was a “futurist fantasy,” according to SiliconANGLE. In health care, it’s hard to imagine that CIOs have much attention to devote to the internet of things amid the Meaningful Use and ICD-10 requirements they’re up against, although, as Jennifer Dennard wrote, health IT nowadays is much more than that.

The internet of things will get here. But it will probably develop in a piecemeal fashion, not in the dramatic way that Gartner envisions. Lots of “things” will get connected as companies see business reasons to put sensors in and bring them online. It will arise ad hoc from existing projects, with some industries joining the trend earlier than others.

When it does get here, there’s a good chance it won’t even be called the internet of things. In 2005, after all, Gartner was calling it the “real-world web.”

It was also predicting: “By 2015, wirelessly networked sensors in everything we own will form a new Web.”