I’m in New York City this week for the second Mobile Health Expo, which wrapped up Thursday afternoon. You may have seen the story I wrote for InformationWeek based on one session related to the security of networked medical devices.

Since I just do news and not commentary for InformationWeek, I figured EMR and HIPAA—specifically, the HIPAA part— was the perfect forum to discuss a small controversy that I may have stirred up with that story.

The two presenters from Indianapolis-based security firm eProtex talked about how connected medical devices have recently been popping up all over the place. “As little as two years ago, we checked some hospitals and found that there was less than one networked clinical device per bed,” eProtex Executive Director Earl Reber said.

With network connection and exposure to the Internet came heightened threats from viruses and malware, both internal and external, Reber and eProtex Chief Security Officer Derek Brost said. Sometimes it’s because devices are so old that they still run DOS and simply weren’t built for the HIPAA era. Other times, the greater reliance on various versions of Windows makes medical devices vulnerable to attacks.

Often, Brost said, hospitals are trying to protecting the wrong assets. “It’s not the actual medical device in most cases [that is at risk]. It’s the individual patient’s health information,” he said.

All this makes a lot of sense, though it is important to note that the warnings are coming from a security vendor with a real interest in selling products and services to prevent and combat insidious threats to medical equipment and other connected devices such as smartphones and tablets.

This was not lost on at least one person, “ZigZagZeke.” In a comment titled “Ignorance,” this poster said in no uncertain terms:

The speaker is using scare tactics to try to make sales of his protection software. Makers of such software are desperately trying to convince people that their Apple products need protection, because as more and more users switch to Apple, sales of anti-virus software are declining. This use of scare tactics is know by an acronym: FUD, which stands for “fear, uncertainty, and doubt.” It is the speaker’s only hope.

I suspect some of the criticism was directed at me for not differentiating between malware and viruses or between Linux/Unix/Macintosh and Windows.

Did I screw up here by not pressing the speakers on these differences, or are Apple devices and operating systems becoming just as vulnerable to data corruption as Windows? Windows became a prime target not just because of security holes, but because of its ubiquity. Now, the iPad and iPhone seem to rule at least the physician market. Wouldn’t that critical mass put Apple iOS in the crosshairs of a growing number of hackers and malware spreaders?

So what’s the real story here? As devices get connected to EMRs and hospital networks and produce more protected health information (PHI), should healthcare providers be concerned about greater HIPAA liability? If so, where should they focus prevention efforts?

EMR and EHR has been getting a ton of traffic related to my posts on the iPad EMR. It’s a really interesting discussion that I think people that love technology and EMR will enjoy. I have no doubt that the interface that the iPad is helping to promote and develop is going to have a major impact on healthcare. Not that everyone will have an iPad in healthcare, but that the technology behind it will be copied and we’ll see lots of interesting documentation methods for EMR software.

Dr. Larry Nathanson, MD from BIDMC seems to disagree with me in his writeup about his experience using the iPad in an Emergency Room. However, what I found most interesting about his writeup is his comments about the challenges of the iPad.

The first was how well it will hold up in a clinical environment. The iPad doesn’t seem to be the most rugged device and clinics like to abuse devices (from my experience). The second was the challenge that plagues all tablets: difficulty entering strong passwords. between the numbers, symbols and mixed case, it’s harder to enter these passwords on a device like the iPad. Is biometrics the solution to that?

What do you all think about the iPad and EMR? Will we see an iPad only EMR develop into a real power player in the industry?

In a recent comment, Steven suggested that an EMR and HIT in general might be necessary because the volume of medical knowledge is so large and complex that it’s too complex for the human mind. Here’s a short section of his comment:

Another set of reasons to adopt EMR, and sooner rather than later, are the reasons that are beyond the horizon. With the rate of change continuing to accelerate in the health care industry, along with our body of medical knowledge, I see a day where a person’s care plan is simply going to be too complex for a human brain alone to work out all the contributing factors. Sometimes I think we’ve already reached that point and haven’t quite realized it yet.

I absolutely love this concept of the body of medical knowledge being “too complex” for us to work it all out on our own. The idea that we need good clinical decision support systems, EMR and other technology we might not have even developed is really intriguing to me. Reminds me of my previous post about not knowing the true benefits of EMR.

The basic concept being that we won’t know the real benefits of EHR adoption until we have a platform for smart people to be really creative. Think about the Apple iPhone. If you look at the creativity that’s come out of the iPhone platform, it’s amazing. However, we would have never seen all this creativity until the platform was adopted in a broad way.

I believe that being able to managing and delivering all the medical knowledge out there is going to be one of those long term benefits we can’t realize until we have broad EMR adoption.