Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Patient Portal Security Is A Tricky Issue

Posted on April 25, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Much of the discussion around securing health data on computers revolves around enterprise networks, particularly internal devices. But it doesn’t hurt to look elsewhere in assessing your overall vulnerabilities. And unfortunately, that includes gaps that can be exposed by patients, whose security practices you can’t control.

One vulnerability that gets too little attention is the potential for a cyber attack accessing the provider’s patient portal, according to security consultant Keith Fricke of tw-Security in Overland Park, Kan. Fricke, who spoke with Information Management, noted that cyber criminals can access portal data relatively easily.

For example, they can insert malicious code into frequently visited websites, which the patient may inadvertently download. Then, if your patient’s device or computer isn’t secure, you may have big problems. When the patient accesses a hospital or clinic’s patient portal, the attacker can conceivably get access to the health data available there.

Not only does such an attack give the criminal access to the portal, it may also offer the them access to many other patients’ computers, and the opportunity to send malware to those computers. So one patient’s security breach can become a victim of infection for countless patients.

When patients access the portal via mobile device, it raises another set of security issues, as the threat to such devices is growing over time. In a recent survey by Ponemon Institute and CounterTack, 80% of respondents reported that their mobile endpoints have been the target of malware the past year. And there’s little doubt that the attacks via mobile device will more sophisticated over time.

Given how predictable such vulnerabilities are, you’d think that it would be fairly easy to lock the portals down. But the truth is, patient portals have to strike a particularly delicate balance between usability and security. While you can demand almost anything from employees, you don’t want to frustrate patients, who may become discouraged if too much is expected from them when they log in. And if they aren’t going to use it, why build a patient portal at all?

For example, requiring a patient to change your password or login data frequently may simply be too taxing for users to handle. Other barriers include demanding that a patient use only one specific browser to access the portal, or requiring them to use digits rather than an alphanumeric name that they can remember. And insisting that a patient use a long, computer-generated password can be a hassle that patients won’t tolerate.

At this point, it would be great if I could say “here’s the perfect solution to this problem.” But the truth is, as you already know, that there’s no one solution that will work for every provider and every IT department. That being said, in looking at this issue, I do get the sense that providers and IT execs spend too little time on user-testing their portals. There’s lots of room for improvement there.

It seems to me that to strike the right balance between portal security and usability, it makes more sense to bring user feedback into the equation as early in the game as possible. That way, at least, you’ll be making informed choices when you establish your security protocols. Otherwise, you may end up with a white elephant, and nobody wants to see that happen.

The Power of WeChat for Chinese Health Trackers

Posted on March 24, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been meaning to write this post ever since CES at the start of this year. It was one of the most impressive and interesting things I saw at CES. However, it requires a real international perspective to understand the impact of the story. Hopefully I can flesh it out for you.

While at CES I ran into a company called Lifesense (All in Chinese). I almost didn’t stop at their booth because their booth was in Chinese, but I did recognize the pictures they had and the guy at the booth came out and said hi. I try to respectful so I stopped and talked for a minute.

At first appearance I just thought they were one of the hundreds of copy cat companies I’d seen all over the Fitness area of CES. They had a fitness tracker, a scale, a blood pressure cuff, etc. I guess in some ways they were/are a copy cat company since none of those things made them special (at least nothing I could see). However, it turned out that there was more than meets the eye and there was a reason their booth and website were in Chinese.

Turns out that Lifesense was only in China. They had no US presence (although, he thought that one day they might). As someone who’s always curious I wondered how well their health tracking products had done in China. He then recounted to me that they were lucky to be major partners with WeChat and so they’d had tremendous success in the Chinese market.

This is where I got most interested. For those not familiar with WeChat, it’s the go to IM/SMS/Facebook Messenger/SnapChat/Kik/Whatsapp/etc app for China. Everyone in China is pretty much on WeChat. Plus, unlike the companies that I just listed WeChat also has a built in commerce platform and engine for running third party apps. It’s amazing to think that an IM platform could be so powerful, but WeChat has shown that it can be. You literally can order Pizza or an Uber from within WeChat.

With that in mind, building a health tracking platform on WeChat solves so many of the challenges that US based fitness tracking applications have going against them. Take for example the experience with Fitbit. You can connect with your friends and “compete” against them to see who takes the most steps. However, it can be a pain to get all of your friends on the Fitbit platform so you can compete. Plus, this doesn’t even take into account that your friend has to have a Fitbit device.

Turns out that since Lifesense has built their Fitness tracking on WeChat, they can already connect you to all your other friends that are tracking their fitness with no work on your part. That feature literally just comes built in with WeChat. That’s so incredibly powerful since the social element to health is so important.

The problem in the US is that we don’t have a WeChat. There are a lot of platforms that are trying to do what WeChat’s done in China in the US, but they still have a long ways to go. Plus, it’s hard to imagine them ever becoming the dominant force that WeChat is in China.

As usual, I think there’s lots that we can learn from other countries. I think that’s the case with simple integrations like WeChat that open up all sorts of easy doors to improving health.

Here are some screenshots of the LifeSense app in WeChat for those that are interested to see how the app looks on top of WeChat:

Accessing Near-Real Time Patient Data In & Out of the Hospital with Alan Portela

Posted on March 15, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: If you missed the live video of this chat with Alan Portela, you can watch the recorded version below:

Accessing Near-Real Time Patient Data In and Out of the Hospital

On Thursday, March 17, 2016 at 3 PM ET (Noon PT) join us for a live video interview with Alan Portela, CEO of AirStrip. Alan is one of the most insightful people I’ve ever met in healthcare. He has a great mix of experience and vision for what’s happening in healthcare IT and where it needs to go in the future. Not to mention he understands some of the reasons it hasn’t gotten there yet. I always learn something when I talk with Alan and so I’m excited to share this live interview with the Healthcare Scene community.

The great part is that you can join my live conversation with Alan and even add your own comments to the discussion or ask him questions. All you need to do to watch live is visit this blog post on Thursday, March 17, 2016 at 3 PM ET (Noon PT) and watch the video embed at the bottom of the post or you can subscribe to the blab directly. We’ll be doing a more formal interview for the first 30 minutes and then open up the Blab to others who want to add to the conversation or ask us questions. The conversation will be recorded as well and available on this post after the interview.

We hope you’ll join us live or enjoy the recorded version of our conversation. You won’t be disappointed by Alan Portela’s insights into the world of near real-time streaming of health data to mobile devices. AirStrip has done some really amazing things in this regard and Alan has a deep knowledge of this industry.

If you’d like to see the archives of Healthcare Scene’s past interviews, you can find and subscribe to all of Healthcare Scene’s interviews on YouTube.

Access to Encrypted iPhones – The Apple Encryption Debate

Posted on February 19, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The tech world is in a frenzy over the letter Apple’s CEO Tim Cook sent to the FBI in response to a request for Apple to create essentially a backdoor to be able to access the San Bernardino terrorists iPhone. It’s a messy and a complex situation which puts government against industry and privacy advocates against security advocates. Tim Cook in his letter is right that “this moment calls for public discussion.”

My favorite venture capitalist blogger, Fred Wilson, summed it up best for me when he said this in response to Tim Cook’s assertion that the contents of your iPhone are none of Apple’s business:

That is not an open and shut case to me.

Of course I’d like the contents of my iPhone to be out of reach of everyone other than me. But if that means the contents of the iPhones of child pornographers, sex slaverunners, narco gangsters, terrorists, and a host of other bad people are “none of our business” then that gives me pause.

I don’t think we can have it both ways. We have to choose one way or the other.

I think this is also complicated by the fact that Apple had unlocked phones previously. Albert Wenger expresses my fears around this subject:

We cannot and should not be living in digital fortresses any more than we are living in physical fortresses at home. Our homes are safe from thieves and from government not because they couldn’t get in if they wanted to but because the law and its enforcement prevents them from doing so. All we have to do is minimal physical security (lock the doors when you are out).

Please repeat after me: Surveillance is a political and legal problem, not a technical problem.

This quote is particularly interesting to me since this weekend when my family and I were away on a trip for President’s Day weekend, someone broke into our house (Side Note: We’re all fine and they realized once they got in that we didn’t have anything valuable to take. We mostly just had to deal with a broken door).

I feel similar to my favorite VC who said “I am struggling with this issue this morning, and I imagine many others are too.”

Turning to the healthcare perspective, privacy and security of health information is so important. It’s literally the intimate details of your life. I’ve heard some argue that Apple creating a way for the FBI to access this one phone would mean that all of our health information on iPhones would be at great risk of being compromised. I think that’s an exaggeration of what’s happening, but I understand the slippery slope argument.

What’s interesting is that none of us want our healthcare data to be compromised. However, if we were in a coma and the life saving information was on our iPhone, we’d love for someone to have a way to access that information. I’ve seen startup companies who’ve built that ability into the iPhone home screen for just this purpose.

I guess I’m torn on the issue. Privacy is important, but so is security. This weekend I’m going to be chewing on “We cannot and should not be living in digital fortresses any more than we are living in physical fortresses at home.” The problem with this concept is that fortresses are something we can plan and build. The other solutions are much more complex.

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

Security Concerns Threaten Mobile Health App Deployment

Posted on January 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare organizations won’t get much out of deploying mobile apps if consumers won’t use them. And if consumers are afraid that their personal data will be stolen, they’ve got a reason not to use your apps. So the fact that both consumers and HIT execs are having what I’d deem a crisis of confidence over mHealth app security isn’t a good sign for the current crop of mobile health initiatives.

According to a new study by security vendor Arxan, which polled 815 consumers and 268 IT decision-makers, more than half of consumer respondents who use mobile health apps expect their health apps to be hacked in the next six months.

These concerns could have serious implications for healthcare organizations, as 76% of health app users surveyed said they would change providers if they became aware that the provider’s apps weren’t secure. And perhaps even more significantly, 80% of consumer health app users told Arxan that they’d switch to other providers if they found out that the apps that alternate provider offered were better secured. In other words, consumer perceptions of a provider’s health app security aren’t just abstract fears — they’re actually starting to impact patients’ health decision making.

Perhaps you’re telling yourself that your own apps aren’t terribly exposed. But don’t be so sure. When Arxan tested a batch of 71 popular mobile health apps for security vulnerabilities, 86% were shown to have a minimum of two OWASP Mobile Top 10 Risks. The researchers found that vulnerable apps could be tampered with and reverse-engineered, as well as compromised to provide sensitive health information. Easily-done hacks could also force critical health apps to malfunction, Arxan researchers concluded.

The following data also concerned me. Of the apps tested, 19 had been approved by the FDA and 15 by the UK National Health Service. And at least where the FDA is concerned, my assumption would be that FDA-tested apps were more secure than non-approved ones. But Arxan’s research team found that both FDA and National Health Service-blessed apps were among the most vulnerable of all the apps studied.

In truth, I’m not incredibly surprised that health IT leaders have some work to do in securing mobile health apps. After all, mobile health app security is evolving, as the form and function of mHealth apps evolve. In particular, as I’ve noted elsewhere, mobile health apps are becoming more tightly integrated with enterprise infrastructure, which takes the need for thoughtful security precautions to a new level.

But guidelines for mobile health security are emerging. For example, in the summer of last year, the National Institute of Standards and Technology released a draft of its mobile health cybersecurity guidance, “Securing Electronic Records on Mobile Devices” — complete with detailed architecture. Also, I’d wager that more mHealth standards should emerge this year too.

In the mean time, it’s worth remembering that patients are paying close attention to health apps security, and that they’re unlikely to give your organization a pass if they’re hacked. While security has always been a high-stakes issue, the stakes have gotten even higher.

Mobile Health Security Issues To Ponder In 2016

Posted on January 11, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In some ways, mobile health security safeguards haven’t changed much for quite some time. Making sure that tablets and phones are protected against becoming easy network intrusion points is a given. Also seeing to it that such devices use strong passwords and encrypted data exchange whenever possible is a must.

But increasingly, as mobile apps become more tightly knit with enterprise infrastructure, there’s more security issues to consider. After all, we’re increasingly talking about mission-critical apps which rely on ongoing access to sensitive enterprise networks. Now more than ever, enterprises must come up with strategies which control how data flows into the enterprise network. In other words, we’re not just talking about locking down the end points, but also seeing to it that powerful edge devices are treated like the vulnerable hackable gateways they are.

To date, however, there’s still not a lot of well-accepted guidance out there spelling out what steps health organizations should take to ramp up their mobile security. For example, NIST has issued its “Securing Electronic Health Records On Mobile Devices” guideline, but it’s only a few months old and remains in draft form to date.

The truth is, the healthcare industry isn’t as aware of, or prepared for, the need for mobile healthcare data security as it should be. While healthcare organizations are gradually deploying, testing and rolling out new mobile platforms, securing them isn’t being given enough attention. What’s more, clinicians aren’t being given enough training to protect their mobile devices from hacks, which leaves some extremely valuable data open to the world.

Nonetheless, there are a few core approaches which can be torqued up help protect mobile health data this year:

  • Encryption: Encrypting data in transit wasn’t invented yesterday, but it’s still worth a check in to make sure your organization is doing so. Gregory Cave notes that data should be encrypted when communicated between the (mobile) application and the server. And he recommends that Web traffic be transmitted through a secure connection using only strong security protocols like Secure Sockets Layer or Transport Layer Security. This also should include encrypting data at rest.
  • Application hardening:  Before your organization rolls out mobile applications, it’s best to see to it that security defects are detected before and addressed before deployment. Application hardening tools — which protect code from hackers — can help protect mobile deployments, an especially important step for software placed on machines and locations your organization doesn’t control. They employ techniques such as obfuscation, which hides code structure and flow within an application, making it hard for intruders to reverse engineer or tamper with the source code.
  • Training staff: Regardless of how sophisticated your security systems are, they’re not going to do much good if your staff leaves the proverbial barn door open. As one security expert points out,  healthcare organizations need to make staffers responsible for understanding what activities lead to breaches, or security hackers will still find a toehold.”It’s like installing the most sophisticated security system in the world for your house, but not teaching the family how to use it,” said Grant Elliott, founder and CEO of risk management and compliance firm Ostendio.

In addition to these efforts, I’d argue that staffers need to really get it as to what happens when security goes awry. Knowing that mistakes will upset some IT guy they’ve never met is one thing; understanding that a breach could cost millions and expose the whole organization to disrepute is a bit more memorable. Don’t just teach the security protocols, teach the costs of violating them. A little drama — such as the little old lady who lost her home due to PHI theft — speaks far more powerfully than facts and figures, don’t you agree?

Talking Digital Health at CES on MedHeads

Posted on January 8, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was invited by the good people at MedCity News to join their weekly MedHeads video chat to talk about Digital Health at CES. It was a great chat about some of the things myself and Stephanie Baum found at CES. Plus, Chris Seper and Neil Versel talked about what they saw watching from home. Check it out in the video embedded below.

Of course, the challenge was we only had 30 minutes to talk about the 2.5 million square feet of of exhibit space and ~20,000 new products that were unveiled at the show. Chew on those numbers a little bit.

Plus, while what’s happening on the show floor is great, there’s also hundreds of thousands of meetings that happen over dinners and drinks and that’s where the most exciting stuff happens. For example, Philips put on an incredible dinner Wednesday night of CES that had a whose who in the Digital Health space. I had a similar experience at the Digital Health Summit Speaker dinner last night. The bringing together of these like minded businesses is a really powerful thing.

You’ll never guess the theme of both dinner events: Collaboration! There was a real sense by those in attendance that we can’t accomplish what we need to alone. We need each other to be successful. The first step to making that happen is meeting each other and learn about what each of us is doing. CES presented an amazing opportunity for doing just that.

Amazingly, there are still 2 more days left of CES. Today and tomorrow I’m looking to hit more of the startup area (Eureka Park) and the main show floor at the Las Vegas convention center. Much more to come!

Are We In a Digital Health Bubble?

Posted on January 7, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As I walked through the exhibit hall at CES, I must admit that I was extremely overwhelmed by the number of digital health options that were on display. Certainly the size and grandeur of the booths was off the charts. Take a quick look at part of the iFit booth:
Digital Health at CES
Yes, that is 4 girls walking on treadmills on a vaulted stage. Of course, this was maybe 1/3 of their booth. Behind me they had a massive closed room and another girl walking on a different treadmill. Plus, upon closer inspection you might also notice that they have a bed on the vaulted stage and cloth coming down from the ceiling. I think they officially call that cloth “silks.” While I didn’t see it, you can tell that they’re going to have a Cirque du Soleil performer working the silks to attract attention to their booth. For those keeping track at home, there is a great sleep sensor from EarlySense on the bed.

While many might consider much of this absurd. The show and staging doesn’t really bother me too much. Since I organize the Healthcare IT Marketing and PR Conference, I understand how hard it is to stand out at a conference. No doubt this booth left an impression. iFit even got exposure in this blog post because of it. We could argue if it was a good investment or not, but that’s a different story.

All I could think about as I walked through the incredible number of digital health solutions at CES was “Not all of these can survive.

Of course, many in the startup world would say that 90% of startups fail and so it shouldn’t be a surprise that so many of the companies exhibiting at CES will disappear. That’s true, but I never felt like this in past years. In past years at CES it felt like a number of players with some overlap and some competitive pressures, but that there was plenty of pie for everyone. This year has me wondering if that’s still the case.

As I mentioned, I’m hoping to publish a list of all the various health tracking devices. I realized that this going to take a lot of work. I’m still planning to work on it, but it’s going to take some time to do it right. One person I talked to said that there are about 700 health tracking devices out there. Of course, the real challenge is that 500 of them still don’t actually deliver (ie. they haven’t gone to market with a product or they can’t deliver the results they say they can deliver). Even 200 legitimate companies makes for a really competitive environment where people still talk about Fitbit and the Apple Watch and don’t know many of the others.

Let me be clear though. I think there’s a ton of tremendous innovation happening in the digital health space. From a consumer perspective all of this competition (bubble if you will) is great! Competition will push vendors to take what they’re doing to a new level. We’ll have a ton of amazing discoveries that will ripple through all of these companies. This is all great and will work out well for consumers and healthcare.

Plus, on the fringes you find some people doing unique things. The problem is that many of those companies have a hard time being heard with all of the other companies making so much noise. Sometimes I’m talking literal noise. I think it was the Under Armour booth that felt like they were a Las Vegas night club. It made it a lot of fun to visit and certainly attracted attention. I just wouldn’t want to be exhibiting at the booth next to them.

Measuring Patient Discomfort Using Brainwave Activity

Posted on December 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Digital health opportunities are popping up everywhere and in every part of the nation. The IoT Journal (Internet of Things) recently profiled a hospital down the street from me who is exploring IoT’s potential to bring drug free relief to patients. Here’s a short excerpt from the article:

Until recently, when health-care providers wanted to gauge the level of discomfort a patient was enduring, they typically had to ask that individual to rate his or her pain—for example, on a scale of 1 to 10—and then use that information to plan treatment accordingly. If they wanted to ease the patient’s pain, they needed to administer medication.

Several months ago AccendoWave released an alternative solution that does not require medication and is personalized to each patient. The system was released in June 2015, says Martha Lawrence, AccendoWave’s founder and CEO, and has since been tested at several facilities. The company has spent seven years researching its solution for assessing patient discomfort levels, and is now using a headband that measures electroencephalography (EEG) activity and prompts a tablet PC to provide content aimed at reducing that discomfort.

The AccendoWave headband, which has seven EEG sensor leads built into it, transmits its brain-wave measurements to the tablet via a Bluetooth connection. The tablet, a Samsung Tab 4, uses its built-in AccendoWave software to process patient brain-wave data and then display diversionary content, including games, music, video clips and full-length movies. If, as a patient views a specific piece of content, the brain waves change to indicate increasing comfort, that content remains on the screen. If the content does not appear to have a positive effect on the brain waves, the software continues to select other content until it displays something appealing to the patient.

Pretty interesting approach. The article does note that they don’t use the brainwave data to determine how much medication to administer. They just use it as a way to assess the system’s effectiveness. They also do patient surveys to assess the impact of the device on a patient’s comfort. The article says that since the hospital implemented the system in the hospital, “1,600 patients have used the device to date, and more than 450 have completed surveys…More than 90 percent of responders reported viewing the system in a positive light.”

I’ve seen these EEG sensors for a while and they’re pretty neat. However, I always wondered how they’d actually be implemented and how they could be used to benefit patient care. No doubt it’s still early in their efforts to use and assess brainwaves, but it’s a pretty interesting solution to tie brain wave activity to soothing images. I’ll be watching to see how this evolves.