Software Marks Advances at the Connected Health Conference (Part 1 of 2)

Posted on October 29, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The precepts of connected health were laid out years ago, and merely get updated with nuances and technological advances at each year’s Connected Health conference. The ideal of connected health combines matching the insights of analytics with the real-life concerns of patients; monitoring people in everyday settings through devices that communicate back to clinicians and other caregivers; and using automation to free up doctors to better carry out human contact. Pilots and deployments are being carried out successfully in scattered places, while in others connected health languishes while waiting for the slow adoption of value-based payments.

Because I have written at length about the Connected Health conference in 2015, 2016, and 2017, I will focus this article on recent trends I ran into at this year’s conference. Key themes include precertification at the FDA, the state of interoperability (which is poor), and patient engagement.

Exhibition floor at Connected Health conference

Exhibition floor at Connected Health conference

Precertification: the status of streamlining approval for medical software

One of the ongoing challenges in the progress of patient involvement and connected health is the approval of software for diagnosis and treatment. Traditionally, the FDA regulated software and hardware together in all devices used in medicine, requiring rigorous demonstrations of safety and efficacy in a manner similar to drugs. This was reasonable until recently, because anything that the doctor gives to the patient needs to be carefully checked. Otherwise, insurers can waste a lot of money on treatments that don’t work, and patients can even be harmed.

But more and more software is offered on generic computers or mobile devices, not specialized medical equipment. And the techniques used to develop the software inherit the “move fast and break things” mentality notoriously popular in Silicon Valley. (The phrase was supposedly a Facebook company motto.) Software can be updated several times a day. Although A/B testing (an interesting parallel to randomized controlled trials) might be employed to see what is popular with users, quality control is done in completely different ways. Modern software tends to rely for safety and quality on unit tests (which make sure individual features work as expected), regression tests (which look for things that no longer work they way they should), continuous integration (which forces testing to run each time a change is submitted to the central repository), and a battery of other techniques that bear such names as static testing, dynamic testing, and fuzz testing. Security testing is yet another source of reliability, using techniques such as penetration testing that may be automated or manual. (Medical devices, which are notoriously insecure, might benefit from an updated development model.

The FDA has realized that reliable software can be developed within the Silicon Valley model, so long as rigor and integrity are respected. Thus, it has started a Pre-Cert Pilot Program that works with nine brave vendors to find guidelines the FDA can apply in the future to other software developers.

Representatives of four vendors reported at the Connected Health conference that the pilot is going quite well, with none of the contentious and adversarial atmosphere that characterizes the interactions between the FDA with most device manufacturers. Every step of the software process is available for discussion and checking, and the inquiries go quite deep. All participants are acutely aware of the risk–cited by critics of the program–that it will end up giving vendors too much leeway and leaving the public open to risks. The participants are committed to closing loopholes and making sure everyone can trust the resulting guidelines.

The critical importance of open source software became clear in the report of the single open source vendor who is participating in the pilot: Tidepool. Because it is open source, according to CEO Howard Look, Tidepool was willing to show its code as well as its software development practices to independent experts using multiple evaluation assessment methods, including a “peer appraisal” by fellow precert participants Verily and Pear Therapeutics. One other test appraisal (CMMI, using external auditors) was done by both Tidepool and Johnson & Johnson; no other participants did a test appraisal. Thus, if the FDA comes out with new guidelines that stimulate a tremendous development of new software for medical use, we can thank open source.

Making devices first-class players in health care

Several exhibitors at the conference were consulting firms who provide specific services to start-ups and other vendors trying to bring products to market. I asked a couple of these consultants what they saw as the major problems their clients face. Marcus Fontaine, president of Impresiv Health, said their biggest problem is the availability of data, particularly because of a lack of interoperable data exchange. I wanted to exclaim, “Still?”

Joseph Kvedar, MD, who chairs the Connected Health conference, spoke of a new mobile app developed by his organization, Partners Connected Health, to bring device data into their EHR. This greatly improves the collection of data and guarantees accuracy, because patients no longer have to manually enter vital signs or other information. In addition to serving Partners in improving patient care, the data can be used for research and public health. In developing this app, Partners depended heavily for interoperable data exchange on work by Validic, the most prominent company in the device interoperability space, and one that I have profiled and whose evolution I have followed.

Ideally, each device could communicate directly with the EHR. Why would Partners Connected Health invest heavily in creating a special app as an intermediary? Kvedar cited several reasons. First, each device currently offers its own app as a user interface, and users with multiple devices get confused and annoyed by the proliferation of apps. Second, many devices are not designed to communicate cleanly with EHRs. Finally, the way networks are set up, communicating would require a separate cellular connection and SIM card for each device, raising costs.

A similar effort is pursued by Indie Health, trying to solve the problem of data access by making it easy to create Bluetooth connections between devices and mobile phones using a variety of Bluetooth, IEEE, Continua, and other standards.

The CEO of Validic, Drew Schiller, spoke on another panel about maximizing the value of patient-generated data. He pointed out that Validic, as an intermediary for a huge number of devices and health care providers, possesses a correspondingly huge data set on how patients are using the devices, and in particular when they stop using the devices. I assume that Validic does not preserve the data generated by the devices, such as blood pressure or steps taken–at least, Schiller did not say they have that data, and it would be intrusive to collect it. However, the metadata they do collect can be very useful in designing interactions with patients. He also talked about the value of what he dubs “invisible health care,” where behavior change and other constructive uses of data can flow easily from the data.

Barry Reinhold, president and CTO of Lamprey Networks, was manning the Continua booth when I came by. Continua defines standard for devices used in the home, in nursing faciliies, and in other places outside the hospital. This effort should be open source, supported by fees by all affected stakeholders (hospitals, device manufacturers, etc.). But open source is spurned by the health care field, so Continua does the work as a private company. Reinhold told me that device manufacturers rarely contract with Continua, which I treat as a sign that device manufacturers value data silos as a business model. Instead, Continua contracts come from the institutions that desperately need access to the data, such as nursing facilities. Continua does the best it can to exploit existing standards, including the “continuing data” profile from FHIR.

Other speakers at the conference, including Andrew Hayek, CEO of OptumHealth, confirmed Reinhold’s observation that interoperability still lags among devices and EHRs. And Schiller of Validic admitted that in order to get data from some devices into a health system, the patient has to take a photo of the device’s screen. Validic not only developed an app to process the photo, but patented it–a somewhat odd indication that they consider it a major contribution to health care.

Tasha van Es and Claire Huber of Redox, a company focused on healthcare interoperability and data integration, said that they are eager to work with FHIR, and that it’s a major part of their platform, but they think it has to develop more before being ready for widespread use. This made me worry about recent calls by health IT specialists for the ONC, CMS, and FDA to make FHIR a requirement.

It was a pleasure to reconnect at the conference with goinvo, which creates open source health care software on a contract basis, but offers much of it under a free license.

A non-profit named Xcertia also works on standards in health care. Backed by the American Medical Association, American Heart Association, DHX Group, and HIMSS, they focus on security, privacy, and usability. Although they don’t take on certification, they design their written standards so that other organizations can offer certification, and a law considered in California would mandate the use of their standards. The guidelines have just been released for public comment.

The second section of this article covers patient engagement and other topics of interest that turned up at the conference.