Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Lumeon Offers a Step Toward Usable Device Data in Health Care

Posted on August 8, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The health care field floats on oceans of patient data, but like the real oceans on our planet, patient data is polluted. Trying to ground evidence-based medicine on billing data is an exercise in frustration. Clinical data is hard to get access to, and has its own limitations. For instance, it is collected only when a patient visits the clinic or hospital. The FDA recently put 100 million dollars in its budget to get patient data from electronic health records (which the commissioner called “real-world experience”).

One of the paths toward better data for research and treatment lies in the data from medical devices: it’s plentiful, detailed, and accurate. But device data has mountains to climb before researchers and clinicians can use it: getting this data in the first place, normalizing and standardizing it, and integrating it with the systems used for analysis and treatment. That’s what excites me about a recent new direction taken by Lumeon, a platform for workflow management and treatment coordination in health care.

I covered Lumeon’s platform a few months ago. The company already lays out an enticing display of tools for clinicians, along with EHR integration. What’s new is the addition of medical devices, an enhancement that required nine months of working with medical device manufacturers. Recently I had another chance to talk to Rick Halton, Vice President of Marketing and Product for Lumeon.

Along with the measurements provided by devices, Lumeon has tools for patient engagement and the measurement of outcomes. These outcomes go beyond simple quantitative scores such as limb rotation. Lumeon creates for each patient a patient-specific functional score (PSFS). For one patient, it may be whether he can play outside with his kids. For another, it’s whether she can they go back to work, and for another, how far she can walk.

Lumeon asks, how can a device be used in a patient journey? It uses the routine information to help provide consistent care throughout this journey pathway, and measures outcomes throughout to generate feedback that promotes better long-term outcomes.

Device data is currently stored in a Lumeon platform that may be on the clinician’s site or in the cloud. Using an API, Lumeon’s output can be embedded within an EHR (they currently do this with Epic) so that the output can be displayed as part of the EHR display, and the clinician doesn’t even have to know that the results are being generated outside the EHR. In the future, the data may be integrated directly into the EHR. However, Lumeon’s direct customers are the providers, not the EHR vendors.

Data from devices was popular among providers at first for discharge planning and other narrow applications. Lumeon’s device integration is now getting more attention from providers who are experiencing a squeeze on reimbursements, a growing alertness among payers for outcomes, and a slow move in the industry toward fee-for-value. One leading device manufacturer is already using Lumeon for better treatment of cardiovascular care, bariatric surgery, and diabetes. Other applications include chronic disease, perioperative care (readiness for the OR and enhanced recovery), the digital patient experience on the web or in an app, and the patient centered medical home.

If Lumeon can turn device data into better treatment, other clinical institutions and health care platforms should be able to do so as well. It’s time for health care to enter the 21st century and use the Internet of Things (or Internet of Healthy Things, as termed by Dr. Joseph Kvedar) for the benefit of patients.

No Duh, FTP Servers Pose PHI Security Risk

Posted on April 12, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The File Transfer Protocol is so old – it was published in April 1971 – that it once ran on NCP, the predecessor of TCP/IP. And surprise, surprise, it’s not terribly secure, and was never designed to be so either.

Security researchers have pointed out that FTP servers are susceptible to a range of problems, including brute force attacks, FTP bounce attacks, packet capture, port stealing, spoofing attacks and username enumeration.

Also, like many IP specifications designed prior before standard encryption approaches like SSL were available, FTP servers don’t encrypt traffic, with all transmissions in clear text and usernames, passwords, commands and data readable by anyone sniffing the network.

So why am I bothering to remind you of all of this? I’m doing so because according to the FBI, cybercriminals have begun targeting FTP servers and in doing so, accessing personal health information. The agency reports that these criminals are attacking anonymous FTP servers associated with medical and dental facilities. Plus, don’t even know they have these servers running.

Getting into these servers is a breeze, the report notes. With anonymous FTP servers, attackers can authenticate to the FTP server using meaningless credentials like “anonymous” or “ftp,” or use a generic password or email address to log in. Once they gain access to PHI, and personally identifiable information (PII), they’re using it to “intimidate, harass, and blackmail business owners,” the FBI report says.

As readers may know, once these cybercriminals get to an anonymous FTP server, they can not only attack it, but also gain write access to the server and upload malicious apps.

Given these concerns, the FBI is recommending that medical and dental entities ask their IT staff to check their networks for anonymous FTP servers. And if they find any, the organization should at least be sure that PHI or PII aren’t stored on those servers.

The obvious question here is why healthcare organizations would host an anonymous FTP server in the first place, given its known vulnerabilities and the wide variety of available alternatives. If nothing else, why not use Secure FTP, which adds encryption for passwords and data transmission while retaining the same interface as basic FTP? Or what about using the HTTP or HTTPS protocol to share files with the world? After all, your existing infrastructure probably includes firewalls, intrusion detection/protection solutions and other technologies already tuned to work with web servers.

Of course, healthcare organizations face a myriad of emerging data security threats. For example, the FDA is so worried about the possibility of medical device attacks that it issued agency guidance on the subject. The agency is asking both device manufacturers and healthcare facilities to protect medical devices from cybersecurity threats. It’s also asking hospitals and healthcare facilities to see that they have adequate network defenses in place.

But when it comes to hosting anonymous FTP servers on your network, I’ve got to say “really?” This has to be a thing that the FBI tracks and warns providers to avoid? One would think that most health IT pros, if not all, would know better than to expose their networks this way. But I suppose there will always be laggards who make life harder for the rest of us!

Medical Device Security At A Crossroads

Posted on April 28, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As anyone reading this knows, connected medical devices are vulnerable to attacks from outside malware. Security researchers have been warning healthcare IT leaders for years that network-connected medical devices had poor security in place, ranging from image repository backups with no passwords to CT scanners with easily-changed configuration files, but far too many problems haven’t been addressed.

So why haven’t providers addressed the security problems? It may be because neither medical device manufacturers nor hospitals are set up to address these issues. “The reality is both sides — providers and manufacturers — do not understand how much the other side does not know,” said John Gomez, CEO of cybersecurity firm Sensato. “When I talk with manufacturers, they understand the need to do something, but they have never had to deal with cyber security before. It’s not a part of their DNA. And on the hospital side, they’re realizing that they’ve never had to lock these things down. In fact, medical devices have not even been part of the IT group and hospitals.

Gomez, who spoke with Healthcare IT News, runs one of two companies backing a new initiative dedicated to securing medical devices and health organizations. (The other coordinating company is healthcare security firm Divurgent.)

Together, the two have launched the Medical Device Cybersecurity Task Force, which brings together a grab bag of industry players including hospitals, hospital technologists, medical device manufacturers, cyber security researchers and IT leaders. “We continually get asked by clients with the best practices for securing medical devices,” Gomez told Healthcare IT News. “There is little guidance and a lot of misinformation.“

The task force includes 15 health systems and hospitals, including Children’s Hospital of Atlanta, Lehigh Valley Health Network, Beebe Healthcare and Intermountain, along with tech vendors Renovo Solutions, VMware Inc. and AirWatch.

I mention this initiative not because I think it’s huge news, but rather, as a reminder that the time to act on medical device vulnerabilities is more than nigh. There’s a reason why the Federal Trade Commission, and the HHS Office of Inspector General, along with the IEEE, have launched their own initiatives to help medical device manufacturers boost cybersecurity. I believe we’re at a crossroads; on one side lies renewed faith in medical devices, and on the other nothing less than patient privacy violations, harm and even death.

It’s good to hear that the Task Force plans to create a set of best practices for both healthcare providers and medical device makers which will help get their cybersecurity practices up to snuff. Another interesting effort they have underway in the creation of an app which will help healthcare providers evaluate medical devices, while feeding a database that members can access to studying the market.

But reading about their efforts also hammered home to me how much ground we have to cover in securing medical devices. Well-intentioned, even relatively effective, grassroots efforts are good, but they’re only a drop in the bucket. What we need is nothing less than a continuous knowledge feed between medical device makers, hospitals, clinics and clinicians.

And why not start by taking the obvious step of integrating the medical device and IT departments to some degree? That seems like a no-brainer. But unfortunately, the rest of the work to be done will take a lot of thought.

Consumer Health Devices versus Medical Devices

Posted on January 20, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think there’s a major confusion in the current health app and device marketplace right now. The problem stems from consumers who draw conclusions even though claims aren’t really being made. I’ll use an example from my Healthcare Scene blog network.

I get asked all the time what I do for a job (like I’m sure most of you). I usually say that I’m a blogger and people then ask me what I blog about. I usually answer that I blog about healthcare IT. While people’s minds are blown by the fact that I’m a professional blogger, I can see in their eyes and often hear in their response that they didn’t really understand what it meant to blog about healthcare IT.

The most common interpretation is that I blog about health and wellness. I guess in some ways I tangentially blog about health and wellness, but no doubt in these people’s minds they’re picturing me writing about nutritional supplements, diet, fitness, and other health and wellness topics that they read in their magazines or favorite blogs online.

I never told them that I blogged about health and wellness, but they often interpret it that way since they don’t know the term healthcare IT to know what I really mean. When I try to clarify it for them, I often say that I write about how doctors use technology. That usually gets them closer.

I’ve found the same thing is happening with many consumer health devices. When you say that something is a consumer health devices they immediately draw their own conclusion that it must be a medical device that can be used by consumers. Unfortunately, the reality today is that consumer health devices are very different from medical devices.

As I’ve thought about the differences, I’ve come to realize that there’s one major difference that causes a lot of problems for those that misinterpret what they’re using. A medical device produces clinically relevant data that would be accepted and trusted by a medical professional. A consumer health device might or might not. We don’t know and therefore many medical professionals won’t use that data.

I don’t think it’s a problem that these consumer health devices don’t put out clinically relevant data. There seems to be a great business model for consumers to take a peak at their health data (regardless of how accurate it is). Plus, there are plenty of anecdotal stories about how this has helped individuals. That’s great.

The problem however comes in when we try to say that a consumer health device is something that it’s not. I think we’ll see this come into sharp focus over the next few years. Consumers will finally start to understand that not all devices are created equal. They’ll realize that some devices are clinically relevant (ie. their doctor will want and care about the data) and other devices are more for fun and intrigue than they are actually improving their health. Unfortunately, it’s just going to take us a while to get there.

Medical Device Security and Vulnerabilities with Tony Giandomenico from Fortinet

Posted on December 17, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This is one of the most interesting and scary interviews we’ve ever done. Tony Giandomenico is a security expert at Fortinet. In this interview we cover a lot of ground with Tony around healthcare IT security and medical device security. We talk about the impact of breaches, places where healthcare organizations are vulnerable, and offer some ideas on how hospitals and healthcare organizations can be more secure.

In what we’re officially calling our Q&A after party we talk about things like the national patient identifier and its impact on security. We discuss block chain and its potential in healthcare and the security of block chain. We also have a patient advocate join us to put a great patient perspective on the need for security.

Medical Device Security – Where Is the Finger Pointing?

Posted on October 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If a picture is worth a thousands words, the above picture is worth about 10,000. I think this picture is best summed up by saying that the medical device industry is a heavily regulated industry. You can see why EHR vendors don’t want to be regulated by the FDA. It would get pretty crazy.

This image also illustrates to me why a company that’s built an FDA or medical device compliance capability has something of real value. Navigating the process is not easy and it helps if you’ve been there and done it before.

As to Dr. Wen’s comment on the tweet. There are a lot of challenges when it comes to medical device security. Definitely no antivirus and many are running on old operating systems that can’t be updated. We’re going to have to put some serious thought into how to solve problems like these in future medical devices.

Stay Hydrated With The Jomi Band

Posted on May 8, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Drinking water can be the solution to a lot of health problems — it aids in weight loss, it helps the major organs of the body function better, and well, it’s just not good to be dehydrated! But many people, myself included, don’t drink enough water on a regular basis! I know for me personally, I just get so distracted throughout the day, it doesn’t even dawn on me that I didn’t drink water until 6 PM hits, and I’m totally out of it. At that point, my husband asks if I drank anything, and as I think about it…I realize I didn’t! Sometimes I think it would be nice to have a reminder.

If you follow CNN on Facebook, you may have recently read this article. It talks about an Estonian start-up called Jomi Interactive. Several of their prototypes were released last week, and one of the most interesting is the Jomi Band and Sleeve. It’s basically a device that you can attach to your water bottle, and it tracks how much you drink. If it feels that you haven’t had enough fluids, it will let you know with flashing LED lights. The device will be created to link up to a mobile device, if that’s appealing to you for some reason. 

There’s another product already on the market called Hydracoach. It’s a water bottle that has the tracking device built in. So the only main difference I can find is that the Jomi Band can be used on multiple water bottles.

It seems like an interesting idea, especially for anyone who isn’t particularly good at keeping track of how much (or little) they drink. It may seem like an easy thing to do, but when sometimes…life gets busy. This could be very helpful for anyone that needs, or even just wants, to make sure they are drinking enough water. Granted, if the bottle is filled with something other than water, it may not be as helpful.

The Jomi Band is only in the developmental stages, but if you want to be informed of it making it’s big debut, go sign up over here. If it’s not too expensive, I might just get one myself.

What Consumer Medical Device is The Best Form Factor?

Posted on March 27, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been thinking a lot about the various form factors that are being used by consumer medical device companies lately. I think this interest was sparked when I heard a couple of the following statements:

“We’re about to enter a real battle for the wrist.”

“One of the keys to broad adoption is to build a product on top of an existing habit.”

The first statement really highlights the number of wrist based monitoring devices that are on the market. I agree that there’s going to be a real battle for the wrist. Interestingly enough, the second statement highlights why there’s going to be a real battle for the wrist. Many people are use to having a watch on their wrist. So, a product that is on the wrist is building on people’s habit of wearing a wrist watch.

What are your thoughts on the various form factors that are being used for medical devices:
-Wrist Bands
-Chest Straps
-Pant Clips
-Shoe Clips
-Arm Straps
-Head Straps
-Hand Held
-Pocket Stored
-Full Shirt
-Full Shorts

Are there any other form factors I’m missing? I’d love to start a real deep discussion on the various form factors and the pros and cons of each.

FilmArray Delivers Test Results in An Hour

Posted on February 18, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

Maybe it’s because I live in Utah, so it’s easier for me to recognize the technology being created here, but it seems as if lately, I’ve been noticing a lot of medical devices created here. Last night I was reading KSL.com about a device that was recently designed that can apparently detect certain diseases — and, most impressively, in under an hour.

Waiting for lab results can be excruciating. Although I have access to the patient portal for Intermountain Healthcare, and can see results as soon as they are done (which is, most of the time, much faster than waiting for the doctor to call), it still takes longer than I would like. FilmArray is a test that can detect around 20 diseases in less than an hour.

The diseases that can be detected can be viral or bacterial, and are related to upper respiratory infections. This could be pretty helpful, especially when you or your child goes to the doctor, and they can’t really tell what’s wrong just by looking at them or listening to their lungs. It can help to get treatment started quicker, and hopefully shorten the length of the symptoms.

FilmArray also eliminates the need for someone to spend a ton of time in the lab working the results, as it takes less than about five minutes of a tech’s time. It’s a machine that is easy to learn how to use, so staff can be trained fairly easily, without much disruption in the regular schedule.

This graphic from the FilmArray website shows how easily it works, from start to finish:

filmarray_setup

The device has been available since 2011, though I don’t get the impression that it’s very mainstream yet. I think this could be a great thing for doctor’s offices and hospitals to invest it, because of it’s quickly produced results, and the ease of use involved. Even with an initial investment, it seems as if the time saved will pay it off in the end.

25 Percent of Americans Trust Apps as Much as Doctors

Posted on January 4, 2013 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

A survey done by Royal Philips Electronics revealed that about one-quarter of Americans trust mHealth apps as much as they would trust their doctor. 

This survey also showed that about 27 percent of those surveyed use mobile apps instead of going to the doctor. Even more interesting, is that 1 in 10 of those surveyed felt that “if it were not for web-based health information, ‘they might already be dead or severely incapacitated.”

I thought this was a very interesting study. The sample size was 1,003 people, with 503 men and 500 men over the age of 18, so I feel like it’s pretty legitimate. At first, I thought it was kind of strange that people trust mHealth apps as much as their doctors, but then I realized…I’m probably in that 25 percent as well. To be honest, I think I sometimes trust the Internet and mHealth apps more than our doctors.

Concerning the study, Dr. Eric Silfen, the Chief Medical Officers of Philips Healthcare, had some interesting thoughts:

We are in the early stages of the web-enabled, mHealth, mobile app world of healthcare delivery. Near-future apps will focus on tying together health information technologies, connecting with doctors, nurses, healthcare professionals and patients, all within a social context that facilitates shared medical decision-making. This evolution will harken the new vital signs of the clinical times with technologies that help prevent medical errors, lower the financial and social cost of care, sustain a higher quality of medical practice and support an evidence-based standard for medicine in general. Ultimately, the technological undercurrents of the post-PC world – the power of many, designer gadgets, cloud ecosystems, and mobile app computing -will hasten the personalization and partnerships that will transform sustainable medical care to the highest quality.

I think in the future, even more people will be trusting their mHealth apps just as much (or even more!) than their doctors. There are so many apps and technologies that are coming out, on what seems like a daily basis, and they are only going to get better. Sometimes, a doctor appointment can be rushed and a patient can leave feeling discouraged about the information they got — having access to so much health information, as well as gadgets that can diagnose illness, might become more popular. Definitely an interesting study though, and encouraging for mHealth app creators.