Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

NIST Goes After Infusion Pump Security Vulnerabilities

Posted on January 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As useful as networked medical devices are, it’s become increasingly apparent that they pose major security risks.  Not only could intruders manipulate networked devices in ways that could harm patients, they could use them as a gateway to sensitive patient health information and financial data.

To make a start at taming this issue, the National Institute of Standards and Technology has kicked off a project focused on boosting the security of wireless infusion pumps (Side Note: I wonder if this is in response to Blackberry’s live hack of an infusion pump). In an effort to be sure researchers understand the hospital environment and how the pumps are deployed, NIST’s National Cybersecurity Center of Excellence (NCCoE) plans to work with vendors in this space. The NCCoE will also collaborate on the effort with the Technological Leadership Institute at the University of Minnesota.

NCCoE researchers will examine the full lifecycle of wireless infusion pumps in hospitals, including purchase, onboarding of the asset, training for use, configuration, use, maintenance, decontamination and decommissioning of the pumps. This makes a great deal of sense. After all, points of network connection are becoming so decentralized that every touchpoint is suspect.

The team will also look at what types of infrastructure interconnect with the pumps, including the pump server, alarm manager, electronic medication administration record system, point of care medication, pharmacy system, CPOE system, drug library, wireless networks and even the hospital’s biomedical engineering department. (It’s sobering to consider the length of this list, but necessary. After all, more or less any of them could conceivably be vulnerable if a pump is compromised.)

Wisely, the researchers also plan to look at the way a wide range of people engage with the pumps, including patients, healthcare professionals, pharmacists, pump vendor engineers, biomedical engineers, IT network risk managers, IT security engineers, IT network engineers, central supply workers and patient visitors — as well as hackers. This data should provide useful workflow information that can be used even beyond cybersecurity fixes.

While the NCCoE and University of Minnesota teams may expand the list of security challenges as they go forward, they’re starting with looking at access codes, wireless access point/wireless network configuration, alarms, asset management and monitoring, authentication and credentialing, maintenance and updates, pump variability, use and emergency use.

Over time, NIST and the U of M will work with vendors to create a lab environment where collaborators can identify, evaluate and test security tools and controls for the pumps. Ultimately, the project’s goal is to create a multi-part practice guide which will help providers evaluate how secure their own wireless infusion pumps are. The guide should be available late this year.

In the mean time, if you want to take a broader look at how secure your facility’s networked medical devices are, you might want to take a look at the FDA’s guidance on the subject, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software.” The guidance doc, which was issued last summer, is aimed at device vendors, but the agency also offers a companion document offering information on the topic for healthcare organizations.

If this topic interests you, you may also want to watch this video interview talking about medical device security with Tony Giandomenico, a security expert at Fortinet.

BlackBerry’s “Hail Mary” Pass for mHealth

Posted on February 2, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

With the release of the Microsoft Surface, which might be the ideal tablet for hospitals, doctors have plenty of options when it comes to mobile devices. While it seemed like the former doctor choice, the Blackberry, was becoming obsolete among healthcare professionals, it looks like the company is trying to make a comeback.

The company recently released the BlackBerry 10 OS, a touchscreen Blackberry Z10, and the BlackBerry Q10. Since the company has been struggling, it looks like this might be its saving grace. However, are doctors going to switch back to BlackBerry, especially if they’ve already started getting accustomed to the Android or Apple product they’ve been using?

According to the Mobi Health News article, there are some features that BlackBerry hopes will attract people. These include:

  • A physical keyboard, which most Android and all Apple products lack (unless you purchase a detachable one.)
  • An opt-in predictive text
  • BlackBerry Balance – the data storage allows the user to have work-related material put in a special section that is more secured, and it can be easily deleted if the employee leaves the company.
  • BlackBerry Protect – this is a built-in security feature, that, if the device is lost, can remotely delete all the information. This is usually a feature that has to be downloaded on most mobile apps, but just comes with the new devices.
  • Blackberry Remember – an “organizational aid” that can be used to take notes and keep track of events. There is plans for it to be able to sync with Evernote.

The CEO of BlackBerry, Thorsten Heins, has also indicated that the new OS will eventually expand to other devices, especially ones for medical professions.

These new developments for BlackBerry are being called their Hail Mary pass, and it seems like they are making a worth effort. I think if they want to compete, they will need to release some type of tablet, as well as get health app creators to make more BlackBerry compatible apps. It’s obvious that many companies are seeing the value in appealing to the healthcare field, and it will be interesting to see if BlackBerry can get their name back in the game.

Kaiser’s Mobile Health Approach

Posted on July 10, 2012 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As I mentioned in my previous post about laptops and iPads in healthcare, I had the chance to meet with Kaiser at the Health 2.0 conference in Boston. I had a chat with Brian Gardner, head of the Mobile Center of Excellence at Kaiser Permanente and learned a bunch of interesting things about how Kaiser looks at mobile healthcare.

The first most interesting thing to note was that Kaiser currently does not support any sort of BYOD (Bring Your Own Device) at this time. Although, they said that they’ve certainly heard the requests from their doctors to find a way for the doctor to use their own mobile device. Since this means that all the mobile devices in use at Kaiser are issued by them, I was also a little surprised to find that the majority of their users are currently still using Blackberry devices.

Brian did say that the iPhone is now an approved Kaiser device. It will be interesting to check in with Brian and Kaiser a year from now to see how many Blackberry devices have been replaced with iPhones. I’m pretty sure we know exactly what’s going to happen, but I’ll have to follow up to find out. What is worth noting though is the time delay for an enterprise organization like Kaiser to be able to replace their initial investment in Blackberry devices with something like an iPhone or Android device. While I’m sure that many of those doctors have their own personal iPhones, that doesn’t mean they can use it for work.

I also asked Brian about the various ways that he sees the Kaiser physicians using their mobile devices. His first response was that a large part of them were using it as an email device. This would make some sense in the context of most of their devices being Blackberry phones which were designed for email.

He did say that Kaiser had done some video pilots on their mobile devices. I’ll be interested to hear the results of these pilot tests. It’s only a matter of time before we can do a video chat session with a doctor from our mobile device and what better place to start this than at Kaiser?

Of course, the other most popular type of mobile apps used at Kaiser were related to education apps. I wonder how many Epocrates downloads are used by Kaiser doctors every day. I imagine it gets a whole lot of use.

What I found even more intriguing was the way that Kaiser used to discover and implement apps. Brian described that many of their best apps have come from students or doctors who had an idea for an app. They then take that idea and make it a reality with that student or doctor working on the app. It sounded like many of these students or doctors saw a need and created an app. Then, after seeing its success Kaiser would spread it through the rest of the organization.

This final point illustrates so well how powerful mobile health can be now that the costs to developing a mobile health innovation is so low. Once you lower the cost of innovation the way mobile health has done, you open up the doors to a whole group of entrepreneurs to create amazing value.

5 Must-Have Medical Apps for Medical Students

Posted on July 6, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

I think it’s safe to say that the next generation of doctors won’t be shying away from using mHealth. However, before having the opportunity to use all the health technology out there in their own practices, there are a few hurdles medical students need to come, the most important being graduation. There are many apps that have been developed to help med students on that journey, and even after graduation. After reading countless reviews, websites, and seeing what apps Harvard Med Students found the most helpful, here is a list of the top five apps for medical students:

1. Epocrates: This app topped many lists that I viewed and for good reason. According to its iTunes page, Epocrates is the number one mobile drug reference used by U.S. physicians, and apparently, 50 percent of physicians rely on it (how accurate that statement is, I have no clue). Before I get ahead of myself, the Epocrates is a company that has a variety of mobile apps available, ranging from anatomy, to first aid, to flash cards for different specialities. Most of them require a hefty fee, but the one I am talking about right now is free. The free version, which allows the user to “get quick access to reliable drug, disease, and diagnostic information at the point of care” has the following features:

  • Clinical information on thousands of prescription, generic, and OTC drugs
  • In-depth formulary information
  • Pill ID
  • Check for adverse reactions between up to 30 drugs at a time
  • Dozens of calculations, such as BMI and GFR
  • Current medical news, research, and information
The app is available for the iPhone, Android, Windows, and the Blackberry.

If you are willing to pay the price, the med students at Harvard recommend Epocrates Essentials, which costs $159 a year, but is far more comprehensive and can be purchased here.

2. iRadiology: Another free app, iRadiology is a “compendium of over 500 unique images demonstrating the classic radiological findings of a multitude  of abnormalities.” The information is pulled from the teachings of Dr. Gillian Lieberman, Director of Harvard Medical Student Education. The resources are available without an Internet connection and would be perfect for studying on the go. The app has over 500 unique cases which have detailed descriptions and a discussion about the findings, quizzes that require the user to find abnormalities, real-life pictures, and a comprehensive keyword search.

The app is available for the iPhone.

3. Dynamed: This app has over 3,100 “evidence-based clinical summaries updated daily and intended for use primarily at the point-of-care.” The database is very comprehensive and organized alphabetically. Conditions, treatments, and more can be easily searched for and reviewed. This is a subscription based app and an access code is required in order to use the app. Many medical institutions have subscriptions and can give their access code to students. However, if your school doesn’t offer a subscription, contact for an access code. The app covers more than 850 subjects and features a comprehensive drug guide, medical alerts, and calculators.

The app is available for the iPhone, Android, Blackberry, and Windows.

4. Medscape Mobile:
With a nearly 5 star rating in the iTunes app store, 1.4 million healthcare professional users, and the #1 most downloaded free medical app in 2010, this is a must for all students and people working in the medical field. It is a very comprehensive go-to app with a little bit of everything. There is up-to-date meidcal news, clinical references for drugs and diseases, and its newest feature, medical calculators. The calculators have 129 medical formulas, scales, and classifications, and supports both US and SI systems. There is information on over 8,000 drugs, features more than 600 step-by-step procedure videos, and sections on different specialties. If you only download one app during medical school, consider this one.

This app is available for the iPhoneAndroidBlackberry, and Kindle Fire

5. Eponyms (for students): With the amount of eponyms that should be learned, this app helps make that process a little easier. Featuring over 1,700 “common and obscure” eponyms, 28 categories, and learn mode. Learn mode randomly displays different eponyms from a particular category that has been viewed recently, making it easy to review eponymns and get them committed to memory. The app uses a data base of eponyms created by Andrew J. Yee, which can be found here. Note that the free student version is only intended for students.

This app is available for the iPhone and Android.

Are Smartphones Killing PC’s?

Posted on June 6, 2011 I Written By

[blackbirdpie url=”!/connected_care/status/77459117161185280″]

This isn’t directed totally at healthcare, but does address some things that I have talked about in the past.  It does make some interesting points about the power of smartphones compared to computers of the past.  I don’t think PC’s are as much on the way out as the author of the article, but I definitely think smartphones are just at the beginning of their growth.  They mention in the article that PC sells are still increasing though at a slow rate.  There are just too many things that are more convenient on a PC that they will be around for a long long time.  I would like to see more interface between the two but even what exists already is pretty convenient.

3M Unveils Advanced Mobile Healthcare App

Posted on May 9, 2011 I Written By

The software helps physicians keep track of patients’ whereabouts, manages dictation, and captures charges.

By Nicole Lewis InformationWeek
may 06, 2011 11:43 AM
3M has unveiled a health application that it says will enable physicians to better coordinate and manage their daily schedules, review patient information, dictate progress notes, and log accurate charges on their mobile devices.Announced Tuesday, company officials say the 3M Mobile Physician Solution was designed with features and functionality that address many aspects of a physician’s daily tasks, and will work with many devices including the iPad, iPhone, Android, Blackberry, and Windows Mobile devices.

Recent research has shown that users of health apps want more information, and are looking for features that will help them manage and keep track of patient data.

The 3M Mobile Physician Solution offers four main modules:

— 3M Mobile Patient Lists allows physicians to sort through patient information to identify their room number, access scheduled appointments, or locate information that shows when the patient will be seen by other doctors.

— 3M Mobile Rounds enables physicians to access patient medications, allergies, vitals, and lab test results.

— 3M Mobile Dictation allows physicians to record and transmit dictated progress notes to the facility’s dictation and speech recognition systems. Physician voice files are automatically linked to the correct patient, eliminating the need to enter patient identifier numbers, and reducing errors and promoting faster transcription turnaround time.

— 3M Mobile Charge Capture enables physicians to capture professional fee charges for any patient encounter by selecting and pairing the correct billing codes with the appropriate diagnosis or procedure.

“3M Mobile Physician Solution is the first software we’ve released that integrates 3M’s coding logic and brings 3M’s coding expertise to the physician in real-time and at the point of care,” said Steve Retz, business manager, document creation products at 3M health information systems.

By integrating coding logic into the physician equation, doctors can access codes on their mobile devices instead of referring to the codes listed in a book. These codes provide information on professional fees for visits and consultations, as well as billing codes with the appropriate diagnosis or procedure.

Additionally, these codes can act as a guide to show when a charge isn’t appropriate given the patient’s demographics, for example, if a charge is coded for an adult procedure on a pediatric patient. Retz said the software also helps prevent lost or missing charges, so physicians receive the full reimbursement to which they are entitled. He also pointed out that the technology will assist with ICD-10 coding.

“We feel 3M Mobile Charge Capture with physician advice will ease the migration to the new ICD-10 coding standard, which will be disruptive to the current charge-capture process because physicians will have to record charges with much more coding specificity,” Retz said.

The 3M Mobile Physician Solution integrates with electronic health records and physician practice management systems using standard healthcare data exchange technology (HL7). The company declined to say how much the new system costs, but did say the software is being offered at a special introductory pricing through September 30 of this year.

Survey: 61 Percent of Physicians to use iPhones

Posted on April 28, 2011 I Written By

MONTREAL–According to a recent survey of U.S. physicians, 61% intend to own an iPhone by the end of 2011. This is up from 39% at the beginning of the year and compares with the iPhone’s 24.7% adoption among general U.S. smartphone users.“HCPs have signalled a clear preference for their smartphones”

Aptilon Corporation, (TSX-V: APZ), a leader in online access to and interaction with HCPs on behalf of pharmaceutical sales and marketing programs, used its ReachNet Physician Access Channel to recruit HCP participation in a survey on mobile technology and convenience options for HCPs. ReachNet provides access to over 450,000 HCPs through multiple channels, including the Internet, email and through mobile and tablet devices. Between February 7 and February 16, 2011, 341 HCPs from throughout the U.S. participated in the survey.

The research found that by the end of 2011, 84% of U.S. physicians will be using a smartphone; corresponding with Manhattan Research’s forecast of 82% smartphone adoption during this same time period. Segmenting smartphone users by major platform, the Aptilon survey data revealed that 61% of healthcare professionals (HCPs) will be using an iPhone, 16% a regular cell phone, 9% Google’s Android platform and 9% RIM’s BlackBerry platform.

“HCPs have signalled a clear preference for their smartphones,” remarks Mark Benthin, Aptilon COO, “Professionals are taking advantage of the latest advancements to connect with information, tools and live resources when, where and how it suits them.”

Aptilon provides HCP access across multiple channels, including multiple different smartphone and tablet devices. As a result, the Aptilon Mobile platform enables access to and consumption of sales and marketing activities across various different mobile devices.

It is no surprise to anyone that iPhones continue to dominate the smartphone market.  Especially with the addition of Verizon as a wireless provider, more people than ever are carrying iPhones.  Doctors appear to be right there with everyone else in their love of Apple’s smartphone leader.  It is to be expected that they would go with iPhones as they tend to have the most apps, as well as the fact that the public tends to use them which should make it easier to interface with patients.

Blackberry Playbook for Hospitals and Mobile Medical Apps

Posted on February 15, 2011 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

iMedicalApps has an interesting article they posted recently talking about the possibility that the Blackberry Playbook could be the small form tablet of choice in hospitals and healthcare as opposed to the iPad.

Here’s their description of what one enterprise healthcare application company is doing with the Blackberry Playbook:

QNX, a large software company, recently showed off a medical reference design that allows the Blackberry Playbook to connect to medical peripheral devices via Bluetooth. The medical reference design is built on the QNX Neutrino RTOS, a platform that has a history of being FDA approved in regards to medical usage.

QNX states their software allows the Blackberry Playbook to connect to certain Continua Certified medical devices, such as blood pressure monitors, weight scales, and pulse ox devices.

It is very interesting that this company has chosen to go with the Blackberry Playbook and not the iPad. The blog mentions Apple’s approach to enterprise software being less than stellar, but I’ve also read that many think that the iPad might just break that mold. Plus, who’s to say that the Blackberry Playbook is going to be that much better. The market for the BB Playbook in enterprises is much smaller than say the Blackberry phone was in the enterprise. So, I’ll be surprised if Blackberry tries to make the Playbook any less consumer oriented than the iPad is today.

What is interesting is that I’ve heard very good things about the Blackberry Playbook and it being far better than all the Android tablets (although they suggested that will likely change over time because of Android’s openness) and even competes well with the iPad. I’ll be interested to try out a Blackberry Playbook myself.

If I can get my hands on one, I’ll provide a full review.

Guest Post: Will Your New Smartphone Ruin Your Practice?

Posted on April 29, 2010 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Guest Post: Hayden Hartland works at Spearstone, makers of Spearstone’s DiskAgent offering which provides a multi-platform approach to smartphone security by allowing lock, data-wipe, and GPS-tracking from any web-browser along with online backup for your business.

Breathtaking advances in smartphone capabilities are changing the ways we work and live. In their latest forms, phones such as the iPhone, Android, Blackberry, Windows Phone, Symbian, and Palm are beginning to rival, and in several areas (think GPS, camera and video) exceed the capabilities of laptops and desktops.

Increasingly, we email, keep contacts, track tasks and appointments, browse the internet, capture family moments, connect with friends, shop, and even run powerful business apps from our hand-held do-it-alls. No wonder then that surveys show some people giving up computers altogether for smartphones. Trends indicate smartphone sales and usage will exceed that of laptops in the next five years. Analysts describe a future where Smartphones that dock to keyboards and monitors obsolesce the laptop altogether.

The problem is that while smartphones are leapfrogging laptops and desktops in utility and connectivity, they have introduced security risks that too few take seriously. Unlike desktops and laptops where some of the biggest risks lie in viruses, and the eventual failure of spinning hard drives, the biggest risk with a smartphone is the loss and exposure of the information you store on it.

More than 5,000 smartphones are lost or stolen each day. Most smartphones hold thousands of confidential records – patient lists, emails, documents, medical records, patient payment records, and so on – yet there is little or no ability to prevent their compromise if your phone is lost or stolen. Many were carried by healthcare professionals (doctors, nurses, dentists, office managers, billing providers, support staff, and so on) whose information represents real risk to their practices and patients if compromised.

Next time you notice a staff member, equipment rep, supply rep  or any BAA using a smartphone, consider asking, “Are our emails accessible on that phone?” and “If you lose it, can anyone access them on the phone?” If you are a medical professional carrying a smartphone you need protection because odds are that eventually you will lose your phone. Furthermore, HIPAA, the FTC and state consumer organizations require notification of all patients of a data breach (not exactly good for any practice or healthcare business).

Current phones and typical user practices do a poor job of safeguarding your confidential information. While many smartphones can require a password or PIN number to use them, few of us can tolerate the hassle of actually using one. We simply use our phones too frequently to put up with it. Yet without one, we’re completely exposed. And while a phone password may protect your information in the case of loss, it can’t stop someone with phone hacking skills who wants to access your information.

Here are some practical tips you can employ to reduce your risks:

  1. Create a passcode for your phone. If you (like me) hate being pestered by it, set it to be required after 4 or 8 hours, so that you only need to enter it once or twice a day. If your phone is stolen and locked the thief will either need to hack your phone or reset the phone to factory settings thereby removing all the data in the process.
  2. Create a splash screen when your phone is locked displaying a contact phone number or email address and reward value. Consider etching your name and contact information somewhere on the phone.
  3. Remove sensitive information from your phone as soon as possible.
  4. Write down your IMEI (International Mobile Equipment Identity) number. If your phone is stolen, call your carrier immediately and ask them to deactivate the IMEI number and the phone will be rendered inoperable for calling on all networks. This ensures the phone is unusable although it doesn’t protect any unencrypted information on your phone.

Fortunately, a few larger clinics and hospitals are beginning to address these concerns. If yours is a larger practice with a Blackberry Enterprise server and or Exchange Mail Server and your users exclusively use the corresponding phones (Blackberries, and Windows Mobile devices), you can remotely remove emails and some other sensitive information in the event of a loss or theft. Other alternatives are to deploy encryption software or use the expensive MobileMe services provided by Apple. For other organizations, Spearstone’s DiskAgent offering provides a multi-platform approach to smartphone security by allowing lock, data-wipe, and GPS-tracking from any web-browser.