Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Apple’s Healthcare Data Plans Become Clearer

Posted on October 3, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Though it’s not without competitors, I’d argue that Apple’s HealthKit has stood out since its inception, in part because it was relatively early to the game (mining patient-centered data) and partly because Apple products have a sexy reputation. That being said, it hasn’t exactly transformed the health IT industry either.

Now, though, with the acquisition of Gliimpse, a startup which pulls data from disparate EMRs into a central database, it’s become clearer what Apple’s big-picture goals are for the healthcare market – and if its business model works out they could indeed change health data industry.

According to a nifty analysis by Bloomberg’s Alex Webb, which quotes an Apple Health engineer, the technology giant hopes to see the health data business evolve along the lines of Apple’s music business, in which Apple started with a data management tool (the iPod) then built a big-bucks music platform on the device. And that sounds like an approach that could steal a move from many a competitor indeed.

Apple’s HealthKit splash
Apple made a big splash with the summer 2014 launch of HealthKit, a healthcare data integration platform whose features include connecting patient generated health data with traditional systems like the Epic EMR. It also attracted prominent partners like Cedars-Sinai Medical Center and Ochsner Health System within a year or so of its kickoff.

Still, the tech giant has been relatively quiet about its big-picture vision for healthcare, leaving observers like yours truly wondering what was up. After all, many of Apple’s health data moves have been incremental. For example, a few months ago I noted that Apple had begun allowing users to store their EMR data directly in its Health app, using the HL7 CCD standard. While interesting, this isn’t exactly an earth-shattering advance.

But in his analysis — which makes a great deal of sense to me – Bloomberg’s Webb argues that Apple’s next act is to take the data it’s been exchanging with wearables and put it to better use. Apple’s long-awaited big idea is to turn Apple’s HealthKit into a system that can improve diagnoses, sources told Bloomberg.

Also, Apple intends to integrate health records as closely with its proprietary devices as possible, offering not only data collection but suggestions for better health in a manner that can’t be easily duplicated on Android platforms. As Webb rightly points out, such a move could undermine Google’s larger healthcare plans, by locking consumers into Apple technology and discouraging a switch to the Google Fit health tracking software.

Big vision, big questions
As we know, even a company with the reputation, cash and proprietary user base enjoyed by Apple is far from a shoo-in for consumer health data dominance. (Consider the fate of Microsoft HealthVault and Google Health.) Its previous successes have come, as noted, by creating a channel then dominating that channel, but there’s no guarantee it can pull off such a trick this time.

For one thing, the wearables market is highly fragmented, and Apple is far from being the leader. (According to one set of stats, Fitbit had 25.4% of the global wearables market as of Q2 ’16, Xiaomi 14%, and Apple just 7%.) That doesn’t bode well for starting a health tracker-based revolution.

On the other hand, though, Apple did manage to create and dominate a channel in the music business, which is also quite resistant to change and dominated by extremely entrenched powers that be. If any upstart healthcare player could make this happen, it’s probably Apple. It will be interesting to see whether Apple can work its magic once again.

Securing IoT Devices Calls For New Ways Of Doing Business

Posted on June 8, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

While new Internet-connected devices can expose healthcare organizations to security threats in much the same way as a desktop PC or laptop, they aren’t always procured, monitored or maintained the same way. This can lead to potentially major ePHI breaches, as one renowned health system recently found out.

According a piece in SearchHealtlhIT, executives at Intermountain Healthcare recently went through something of a panic when connected audiology device went missing. According to Intermountain CISO Karl West, the device had come into the hospital via a different channel than most of the system’s other devices. For that reason, West told the site, his team couldn’t verify what operating system the audiology device had, how it had come into the hospital and what its lifecycle management status was.

Not only did Intermountain lack some key configuration and operating system data on the device, they didn’t know how to prevent the exposure of stored patient information the device had on board. And because the data was persistent over time, the audiology device had information on multiple patients — in fact, every patient that had used the device. When the device was eventually located, was discovered that it held two-and-a-half years worth of stored patient data.

After this incident, West realized that Intermountain needed to improve on how it managed Internet of Things devices. Specifically, the team decided that simply taking inventory of all devices and applications was far from sufficient to protect the security of IoT medical devices.

To prevent such problems from occurring again, West and his team created a data dictionary, designed to let them know where data originates, how it moves and where it resides. The group is also documenting what each IoT device’s transmission capabilities are, West told SearchHealthIT.

A huge vulnerability

Unfortunately, Intermountain isn’t the first and won’t be the last health system to face problems in managing IoT device security. Such devices can be a huge vulnerability, as they are seldom documented and maintained in the same way that traditional network devices are. In fact, this lack of oversight is almost a given when you consider where they come from.

Sure, some connected devices arrive via traditional medical device channels — such as, for example, connected infusion pumps — but a growing number of network-connected devices are coming through consumer channels. For example, though the problem is well understood these days, healthcare organizations continue to grapple with security issues created by staff-owned smart phones and tablets.

The next wave of smart, connected devices may pose even bigger problems. While operating systems running mobile devices are well understood, and can be maintained and secured using enterprise-level processes,  new connected devices are throwing the entire healthcare industry a curveball.  After all, the smart watch a patient brings into your facility doesn’t turn up on your procurement schedule, may use nonstandard software and its operating system and applications may not be patched. And that’s just one example.

Redesigning processes

While there’s no single solution to this rapidly-growing problem, one thing seems to be clear. As the Intermountain example demonstrates, healthcare organizations must redefine their processes for tracking and securing devices in the face of the IoT security threat.

First and foremost, medical device teams and the IT department must come together to create a comprehensive connected device strategy. Both teams need to know what devices are using the network, how and why. And whatever policy is set for managing IoT devices has to embrace everyone. This is no time for a turf war — it’s time to hunker down and manage this serious threat.

Efforts like Intermountain’s may not work for every organization, but the key is to take a step forward. As the number of IoT network nodes grow to a nearly infinite level, healthcare organizations will have to re-think their entire philosophy on how and why networked devices should interact. Otherwise, a catastrophic breach is nearly guaranteed.