Medical Devices

According to the CBSi B2B Cybersecurity Study, Asia Pacific 2018, one of the biggest challenges faced by an organisation’s cybersecurity framework is aligning cybersecurity with business priorities. Jega Ponnudurai, Industry General Manager, Healthcare & Life Sciences, Asia, DXC Technology, recommended that healthcare organisations tackle this challenge by linking the costs and benefits of cybersecurity to the value of regulatory compliance.  This is especially critical for certain segments which are more linked to patient safety and patient data confidentiality and calls for more investment on security frameworks within application parameters. These segments include clinical documentation, pharmacy and medication management, tests and investigations and critical care support systems. Ponnudurai, who has more than 25 years of experience in the telecommunication and healthcare industries, shares his insights on the cybersecurity threat and risk landscape in Asia Pacific.  Most common cybersecurity threats/risks to healthcare organisations in APAC Specific to healthcare organisations, issues like Electronic Medical Record (EMR) data leakage, especially sensitive operational (like billing disputes, patient dissatisfaction) and clinical (like sensitive diseases HIV/STD etc.) data with the purpose to malign private/public health settings or get hold of VIP patient data are some of the cybersecurity threats/risks these organisations face. However, Ponnudurai explained that they had not come across cases where a security threat on data leakage has ended in ransom demand but it could happen.  Network and workplace-related security threats are no different from those of other industries – these include ransomware, endpoint attacks, phishing and many others. Key lessons from a series of healthcare-related data breaches/leaks in Singapore Some of the key lessons learnt are the importance of having security, not only from the outside but also from within an organisation. There is also a need for independent cybersecurity auditors to be put in place and such audits to be carried out more frequently.  “Internet separation models and the design of data security zones is becoming more and more pertinent in terms of de-risking data in rest,” said Ponnudurai. There also needs to be a diligent scoping of cloud data assets and for cross-application landscapes, data security/accessibility should be governed/designed by information area at a corporate level, not at an individual application level.  From within an organisation, human (contractor or internal employee) inflicted local threats needs to be closely controlled and monitored. Blind spots in the management of cybersecurity threats/risks One of the areas/aspects that is usually overlooked by healthcare organisations in the management of cybersecurity threats/risks is application security in clinical applications. Most large healthcare organisations have a mesh of clinical and operational systems – Patient Administrative System (PAS), EMR, Finance, Billing, Ancillary systems for pharmacies/laboratories, Radiology Information System (RIS)/ Picture Archive and Communication System (PACS) etc. Often these systems need to exchange information – and security breaches are potent in a) data in motion, such as interfaces and message queues and more importantly b) context switching, such as accessing an application logic/data/screen from another application.  “A robust Development, Security and Operations (DevSecOps) Strategy should be imbibed early in the life-cycle for health application design,” Ponnudurai added. Managing increased cybersecurity threats with reduced budgets and lack of trained experts Chief Information Security Officers (CISOs) or Chief Information Officers (CIOs) are constrained by reduced budgets and lack of trained professionals to deal with the ever-increasing cybersecurity threats and incidents and Ponnudurai’s suggestion to tackle the issue is to study the impact of cybersecurity breaches, both from a financial and personal trauma (for the impacted parties) perspective. The concern of most healthcare providers about cybersecurity has resulted in their hesitation to venture into cloud-based services. This, in turn has a direct cost impact in the running of a healthcare service provider. Increasingly, cloud adoption should be backed up by cyber defense and orchestration strategies including intelligent security operations and continuous threat monitoring using a leveraged Security Operations Centre (SOC) model which reduces upfront capital expenditure (CapEx). This provides best-of-class protection at a spread out cash-flow, he concluded. For more information on DXC's security services and solutions, visit their website here.

Tristan van Doormaal, a neurosurgeon at UMC Utrecht in the Netherlands, details how augmented reality and virtual reality can help patients understand their condition better and train residents in different approaches to surgery.

Julio Vivero, business partner at GMV, says medical devices and data privacy are two huge cybersecurity issues the healthcare industry is facing, and a one-size-fits-all approach is not the solution.

Norway Health Tech CEO Kathrine Myhre, winner of the HIMSS Europe Future50 award, says lessons from oil and gas industry successes along with Norway's pioneering culture help fuel the drive to maximize the healthcare system's potential.

At North Suburban Cardiology Associates in Stoneham, Massachusetts, there were several gaps in the group’s ambulatory ECG monitoring capability. Holter monitors, event monitors and mobile cardiac telemetry were on different platforms. Using different systems meant some operational friction during ordering and patient set-up as well as different platforms for analysis and reporting. Operational friction “Our Holter monitors would be downloaded in the office, then the raw data would be analyzed by a technician who worked remotely, and finally the interpreting physician would log in to that system, generate and finalize the report, and then move it into our EHR,” said Dr. Michael Mazzini, a partner at North Suburban Cardiology Associates and an assistant professor of medicine at Tufts University School of Medicine. Event monitors and mobile cardiac telemetry would be hooked up in the office, with all data management handled externally. Paper reports then were faxed to the office, reviewed and finalized by one of the group’s physicians, and again moved into the EHR. “Another issue was having immediate access to all the data with mobile cardiac telemetry rather than just getting daily summary reports,” Mazzini said. “I always wanted to have something closer to the full disclosure data that one would get with telemetry in hospital.” To help solve the problems it was facing, North Suburban Cardiology Associates turned to the MoMe Kardia wearable cardiac monitor from InfoBionic in Lowell, Massachusetts. InfoBionic offers the ability to use Holter, event monitoring and mobile cardiac telemetry all within the same device. A big step forward in efficiency “This means a uniform set-up process for all patients as well as the same analysis and reporting workflow – that alone was a big step forward in efficiency,” Mazzini explained. “Moreover, you can switch between modalities on the fly. If a Holter is non-diagnostic, for example, we can switch to event or MCT without having to bring the patient back and hook them up to a different device.” In terms of data analysis, the group now is able to efficiently manage all the data within its office. For Holter monitors, that allowed cost savings. For both event monitoring and mobile cardiac telemetry, it meant that the group had access to the data as soon as it wanted it. "Once the patient is being monitored, the ordering physician is then able to handle the rest of the monitoring process through the web-based user interface." Dr. Michael Mazzini, North Suburban Cardiology Associates “And for MCT, we now had access to near-real-time full disclosure of data – this is not a feature of other MCT platforms,” Mazzini said. “The user interface is also very intuitive in terms of both set-up and analysis. We have been able to very quickly onboard all the physicians as well as staff, and everyone is pretty facile with the system.” Setting patients up When a physician determines that a patient requires ambulatory ECG monitoring, one of the group’s medical assistants registers the patient with the device and goes through showing that patient how to use the device. “Once the patient is being monitored, the ordering physician is then able to handle the rest of the monitoring process through the web-based user interface,” Mazzini explained. “For MCT, that means that if needed, we can log in at any time to see how the patient is doing, or allow the system itself to alert us to any arrhythmias that we would be interested in.” At the end of the monitoring period, a standardized report is generated. “What is really nice is that we can use the full disclosure feature for MCT to scroll through all the data – even segments that we might not otherwise have access to in other systems, like onset and offset of supraventricular tachycardia,” Mazzini said. “As an electrophysiologist, I find this feature to be especially helpful.” Multiple, non-integrated ambulatory ECG systems Mazzini offers some advice for other cardiac caregivers considering this technology. “The technology is highly scalable – we run a small but busy office with six cardiologists and a nurse practitioner,” he said. “This platform is one that could be used efficiently in a solo practice as well as a large integrated or academic practice. “My advice would be to take a minute to assess one’s own ambulatory ECG platforms,” he added. “if they are using multiple, non-integrated ambulatory ECG systems, they definitely have an opportunity for improvement.” Twitter: @SiwickiHealthIT Email the writer: bill.siwicki@himssmedia.com

A Frost & Sullivan report predicts that as many as 45% of ORs will be integrated with intelligent technologies within the next four years to improve the precision and predictability of surgical services.

The agency warns that older MiniMed devices – which have been recalled by Medtronic – could be hacked and remotely controlled, adding to the list of cyber concerns for IoT devices.

Three medical device technology experts from GE Healthcare, BioSig Technologies and Advantech offer comprehensive advice on best practices for healthcare organizations launching new medical devices.

With remote patient monitoring a hot topic among healthcare providers, a new survey indicates patients would be open to outfitting themselves with wearable devices if it resulted in fewer trips to visit the doctor. WHY IT MATTERS The study of 100 participants ages 40 and over, conducted by connected healthcare solutions provider VivaLNK, found nearly two-thirds (64 percent) would put on a wearable health monitoring device if it meant it reducing the number of trips made to visit a doctor or hospital. Overall interest in wearables like a Fitbit or the Apple Watch for remote patient monitoring purposes was high, with more than half (55 percent) of respondents noting they would use such a device at home. THE LARGER TREND Healthcare organizations see the potential of RMS in combination with telehealth for convenience and cost savings, and many are currently exploring how to adopt it. In one case, use of an inhaler-connected sensor helped push the average number of COPD-related hospital trips down to an average of 2.2, compared to the year prior to study enrollment (when the average was 3.4), a recent study from the Cleveland Clinic medical center and Propeller Health found. For another example, ClearSky Medical Diagnostics currently employs Shimmer Research wearables for clinical trials, a partnership that uses Shimmer’s Verisense platform to improve analysis of sensor data for central nervous system diseases. And among the new products unveiled at HIMSS19 this past February was VitalConnect’s Vista Solution 2.0, which added a weight scale, blood pressure and pulse oximetry and core temperature reader to the existing eight vital sign measurements monitored by the company’s VitalPatch biosensor. However, there is evidence to suggest the potential benefits of RMS – not to mention the accuracy of certain devices or the security with which sensitive information is stored or transmitted – has not been fully studied.  "Remote patient monitoring … will be increasingly important," Beth Israel Deaconess Medical Center CIO Dr. John Halamka wrote on his blog earlier this year. But while "many thought leaders are convinced that remote patient monitoring improves patient care," he said, "surveys suggest that health-care professionals are still not convinced." ON THE RECORD "Remote patient monitoring and the wearable devices that make it possible are not new concepts, but there's more progress that can be made by understanding patient motivations," Jiang Li, CEO of VivaLNK, said in a statement. "While the appointment can't always be avoided, RPM is the key to reducing the time, energy and money it takes to physically visit a doctor's office." As Li noted and the survey also indicated, costs of the appointment, distance, and disliking healthcare facilities were all top reasons survey respondents gave for wanting to reduce physical visits to the doctor. "Patients have always disliked visiting the doctor's office, and now there's a way to mitigate that,” Li continued. “This survey highlights what really fuels and drives consumer behavior from a healthcare perspective." Nathan Eddy is a healthcare and technology freelancer based in Berlin. Email the writer: nathaneddy@gmail.com Twitter: @dropdeaded209

Kotona At Home is a remote delivery care treatment center whose goal is to give people the means to live at home longer.