Like the dot-com bubble, the EHR bubble—nurtured by the government incentives—will not last. As I look at what’s happening in the market, it becomes apparent that at some point in the not-too-distant future, the EHR bubble will pop and many vendors will face financial challenges that will lead to their demise.
Several market factors will come into play, including:
To understand how these factors will affect EHR vendors, it is important to understand how such companies typically raise money and what kind of “hockey-stick” growth projections they made to attract investors.
Missed growth projections; continued expenses for implementation, support, and ongoing upgrades; and diminishing government incentives will leave many companies unable to find investors willing to fund their future growth.
There will be market consolidation, and financially strong companies will acquire distressed companies for pennies on the dollar.
…To read the full story, see HIStalk Readers Write.
HHS has made it official—Stage 2 of meaningful use will be pushed back to 2014. The announcement by HHS Secretary Sebelius came as no surprise, following as it did the recommendation made by the HIT Policy Committee and the endorsement by ONC head Farzad Mostashari. The change only affects providers whose first incentive payment year is 2011, since they are the only providers who would be subject to Stage 2 regulations in 2013 had the delay not been implemented—everyone was already entitled to 2 years of meaningful use at Stage 1.
What I find interesting about all the hoopla that has accompanied the announcement is the spin the government put on the decision. According to the press release from HHS, “To encourage faster adoption, the Secretary announced that HHS intends to allow doctors and hospitals to adopt health IT this year, without meeting the new standards until 2014. Doctors who act quickly can also qualify for incentive payments in 2011 as well as 2012.”
Isn’t it a bit late for a provider to decide to adopt health IT this year? In reality, this announcement is too last-minute to change any adoption-related behavior or to accelerate EHR adoption. The announcement continued, “Perhaps most importantly, we want to provide an added incentive for providers attesting to meaningful use in 2011.” Apparently, the goal is to accelerate attestation rather than adoption—to encourage physicians who were already using certified EHR technology in a “meaningful way” to attest and to collect an incentive payment this year, instead of holding off attesting until 2012. This would create a potential PR benefit for the incentive program, which currently boasts nearly 115,000 registered providers, but reports that only 10,155 (9%), have successfully attested.
The benefit of the schedule delay accrues only to the early adopters, who now can earn 3 years of incentives under the less stringent requirements of Stage 1 (only, however, if they are willing to forego their 2011 Medicare ePrescribing bonuses—not a worthwhile trade-off for high-revenue physicians with large Medicare volumes). In its statement, HHS acknowledged the pushback from providers regarding how challenging even the Stage 1 requirements are. Perhaps, it would truly spur program participation and EHR adoption if all providers—not just the early adopters—were entitled to 3 years of meaningful use under Stage 1 rules. Also, if CMS has so little confidence that physicians will succeed at Stage 2, shouldn’t it reconsider how much it plans to raise the bar?
Last week’s EMR Straight Talk post, “Are EHRs Being Oversold,” hit a nerve, judging by the number of readers and the volume and intensity of comments submitted by physicians. Sadly, for every one of the physicians who took the time to write, there are scores of others enduring similar experiences. The following excerpts from their comments are reflective of their frustrations:
Every one of these stories breaks my heart as a staunch EHR proponent—particularly since the situations could have been easily avoided.
The Root of the Problem
The problem lies in the EHR selection process. When it comes to dispensing medications, for example, no physician prescribes without knowing the success rate for that particular drug for that particular type of patient and problem being addressed. Yet, typically, physicians do not make EHR purchase decisions in the same way that they make clinical decisions—using empirical evidence and data to predict outcomes.
I’d wager that for each of the disillusioned physicians above, the EHR selection process was nearly identical:
Why does such an exhaustive and time-consuming selection process so often lead to failed EHR implementations?
Preventing an EHR Failure in Your Practice
To prevent an EHR failure in your practice, the flawed selection process must be altered. The first thing to understand is that the rosy experience of one or two handpicked vendor references will not guarantee a similar experience for you and your colleagues. If a vendor has sold its EHR to 100 practices and has as few as 5 successful implementations, you will be referred to one of these 5 practices. A visit to 1 or 2 of these 5 successful practices may leave you with a warm and fuzzy feeling and the expectation that, because they were successful, your success is virtually assured. In this case, however, your real probability of success would only be 5%.
Separating the Wheat from the Chaff
So how do you quickly eliminate vendors with lackluster success records before you and your staff waste hours watching slick sales demonstrations of sexy software with “must-have” features? Separating the wheat from the chaff is simple—just ask all your initial set of EHR vendors for lots of references. If a vendor cannot produce at least 2 references for each year they have been in business, run the other way. Do not accept any excuses for being unable to provide you with the number of references that you seek. (A common excuse is that the vendor wishes to protect the privacy of its clients.) If they had lots of references, they would give them to you in a heartbeat—happy customers are always willing to show their successes to others.
Many of the initial vendors chosen will not be able to produce a satisfactory number of references. This should narrow down the number left for you to consider, and it will save a tremendous amount of valuable physician and staff time.
Statistically Significant Reference Checking
At this point, your list of vendors will likely include just the one or two that have provided you with a meaningful reference list. You may have to accept the bias created by the fact that the references are carefully handpicked by the vendor(s), but it is imperative that you do not limit your inquiries to the specific physicians identified by the vendor. Typically, these are the practice administrator and one or two physicians who had spearheaded the EHR purchase for the practice; as a matter of pride, they are more likely to paint a rosy picture of the EHR than to acknowledge its shortcomings. The only way to avoid this trap is to speak with other physicians at the reference practices. This is easy to do. When you get the reference list from an EHR vendor, ask them to include the practice websites, then randomly choose physicians to call from the physicians’ bio pages. These physician-to-physician calls should be short (only 10 minutes each) and you should ask specific questions about cost, efficiency, and number of patients seen. The American Society of Cataract and Refractive Surgery (ASCRS) has an excellent set of questions on page 5 of their EMR selection guide .
How much of your time should this type of random reference checking take? Not much! Ten 10-minute calls (less than 2 hours of time) to randomly chosen physicians will yield more valuable data on your chances of success than having a slew of vendors demo their products to your doctors and staff for hours on end. Only after having conducted the due diligence described above will you be able to derive real value from spending your time seeing demos—because you will only be seeing demos of the one or two EHRs that you now know are likely to deliver success.
I am a firm believer in the tremendous value that the right EHR can deliver to physicians, so the historic dissatisfaction with the EHR industry—as reported in studies and anecdotal conversations—has long disturbed me. The alarming intensity of this dissatisfaction was brought home by visitors to my company’s booth during the recent AAO (American Academy of Ophthalmology) meeting.
I was truly appalled by the abject frustration and anger expressed by numerous physicians about their EHRs. One visitor described his experience by saying, “It has taken the joy out of practicing medicine.” Another said that he felt like he should put a picture of his face on the back of his head so that his patients could see him—because he was forced to focus on the computer and enter data while the patient provided information. Physicians universally complained about the “productivity-killing” impact.
Why is this so? I know there are good EHR products in the market that physicians enjoy using and that enhance, rather than reduce, their productivity. Why are physicians not more successful in finding these?
The answer is that EHRs are being oversold. There are many EHRs that are marvels of software, capable of doing incredible things, but the selection process that physicians typically employ is flawed, and the sales process capitalizes on this shortcoming. The salesperson dazzles them with a demo, or they take prospective purchasers to see a physician—typically just one or two—who adeptly uses the software. This creates a false sense of ease-of-use, and the physician prospect leaves the site visit expecting that he or she will be able to use the EHR just as successfully. But not all physicians are alike—they may all be very intelligent and have tremendous medical expertise, but they are not all equal in technological inclination or skills. Their success—or lack thereof—with a particular EHR will vary significantly.
This brings us back to the importance of doing due diligence—something I have talked about before. Call and/or visit a variety of physicians who represent a wide spectrum of proficiency. Go to the reference practice’s website and select physicians on your own—don’t rely on the vendor’s selection. Ask the kind of questions listed in the last EMR Straight Talk. This is the only way to increase the odds of a successful EHR experience, and to avoid making a painful and costly mistake.
I’ve written frequently about the unique needs of specialists and how these have been overlooked by the government and by EHR vendors. Since many ophthalmologists are heading off this week to the AAO (American Academy of Ophthalmology) Annual Meeting in Orlando, I thought it appropriate to comment on the proactive advocacy and advisory role that this particular professional society has adopted on behalf of its members, and to encourage other academies to step up their efforts similarly.
AAO has been quite active on the meaningful use front. This week’s HIT Policy Committee’s Meaningful Use Workgroup meeting focused on how make meaningful use more meaningful for specialists in Stage 3. AAO was one of only two specialty societies represented in the public comments at the end of the meeting—the Academy’s representative pleaded that measures irrelevant to ophthalmology be replaced with those that would add value for these specialists, and offered the Academy’s assistance to accomplish this.
In addition to providing its members with otherwise unavailable, ophthalmology-specific direction on how to meet meaningful use, AAO has also offered much-needed guidance regarding the selection of an appropriate EHR for ophthalmologists—meaningful use aside. Recognizing that their unique specialty-specific workflow and data needs are not effectively addressed by most EHRs—because of the typical primary-care focus—AAO charged its Medical Information Technology Committee with the identification of a set of ophthalmology-relevant EHR specifications. A group of authors led by Michael Chiang, M.D., identified a set of features and attributes that ophthalmologists would find particularly valuable, and published their recommendations in an article titled “Special Requirements for Electronic Health Record Systems in Ophthalmology.”
While features and functionality are important, feedback from colleagues who actually use the EHRs is even more critical. The advice that AAO has given its members on how to make the most out of site visits will serve all physicians well, regardless of their specialty, and I am therefore sharing it with you below. It is reprinted from the publication “Electronic Medical Records: A Guide to EMR Selection, Implementation, and Incentives.”
ASK COLLEAGUES THE RIGHT QUESTIONS:
EHRs are here to stay, and will play an increasingly important role in medical practices. A major investment, EHRs can dramatically impact practice operations and productivity—positively or negatively. It is my hope that, like AAO, the medical academies will use their clout and speak out more aggressively to protect the interests of their members.
I received several items in my email regarding different organizations’ proclamations for 2012. Most of them predict that 2012 will be the year for mHealth to ‘break-out.’ Here are 5 examples:
One might ask, what is mHealth? It has many different definitions and from a product offering perspective could range from texting information on a mobile phone to a provider and/or specifying a provider geographical location to a patient to bi-directional interaction with a medical device to/from an electronic medical record application via mobile phone or telecommunications frequencies (or the medical device could be embedded with the mobile telecommunication appliance). As with the traditional Healthcare industry, as one progresses up the interaction functionality chain, the design and interoperability gets more complex. Most of the latest news items I read about successful mHealth applications describe the ‘easier’ applications: texting, scheduling, location, etc. There is still growth and development in the marketplace for interactive medical-device integrated/connected products. Additionally, from a market perspective, most of the current product offerings are proprietary in nature and vertically integrated.
Mobile telecommunication vendors are keenly interested in providing for the healthcare market. They are closely watching as well as working to influence the regulatory environment. From a provider perspective, this means adding another large player to the mix. You may already provide some internal mobile telecommunications support, but providing healthcare monitoring over that infrastructure changes the rules of the game. In addition, the mobile telecommunications market plays to the consumer market, which has faster turnaround times, and higher customer expectations. The consumer market expects the ability to smoothly transition service when changing a ‘product provider.’ In addition, with social media, the pressures are higher; witness the recent policy and product turnaround of Verizon to a charge for customers using a specific billing mechanism. The healthcare provider is not used to this type of oversight or pressure yet.
Down in the healthcare provider trenches, testing remote monitoring and the use of mobile telecommunications offerings continues. Here in Europe there are two larger projects that are interested in demonstrating the efficacy of remote monitoring. One, the Whole System Demonstrator based in England and their National Health System (NHS), has just published its preliminary results. Another, Renewing Health, is based on a nine European country pilot for remote monitoring of chronic diseases. In the case of the Whole System Demonstrator, initial results have been very positive for the clinical outcomes regarding the use of remote monitoring models for chronic disease management with a “15% reduction in A&E visits, a 20% reduction in emergency admissions, a 14% reduction in elective admissions, a 14% reduction in bed days and an 8% reduction in tariff costs” along with a “45% reduction in mortality rates.”
Renewing Health is still in its trial period, however, the initial technical results have been published. A basic summary of the technical aspects of the nine solutions follows:
This project will be ongoing until 2013 and at the end the results are hoped to strengthen the hypothesis that well designed remote monitoring programs for chronic disease management is as or more effective than care delivered in the traditional manner. There should also be some interesting results from a technical perspective. The market is slowly moving towards providing more standards-based products, however, for the purposes of this project, timing did not allow more adoption of those types of products.
So, with all of the activity described above what should healthcare providers do? I suggest the following:
So is 2012 the year of mHealth? Perhaps. If anything, it will be another exciting year for mobile technology and the convergence of the consumer and healthcare industries. It will be bumpy, but in the end, it should be better for the consumer who usually also happens to be the patient.
A recent Class I recall (not pictured) of a medical monitor with a hospital network connected central station stimulates some generalities about software, “fixes”, and connectivity. (Class I recalls are defined by the FDA as a situation in which there is a reasonable probability that the use of, or exposure to, a violative product will cause serious adverse health consequences or death.)
The use of the product in question was given as:
Curiously only one customer was identified as having received the product, or at least this particular version of the product. While the manufacturer and product in question is a matter of public record, and available at the link, I chose not to include it here because my objective is not to repeat the recall information, but to suggest the reasons for the recall, an associated labeling issue, and offer some general lessons.
The reason given for the recall had two seemingly separate parts. The first is that “The weight-based drug dosage calculation may indicate incorrect recommended values, including a drug dosage up to ten times the indicated dosage”. This sounds like a software problem yet the fix was not to “upgrade” the software but to suggest a workaround. (I love the term upgrade to when applied to fixing something that doesn’t actually work!) According to the FDA the firm’s letter stated that “users should enter the patient’s weight by way of the admin/demographics screen to ensure the drug dosage is calculated as intended.” (I did not find the firm’s letter on its website, but it might be one of those hidden page situations since I did find, with a struggle, two other recalls, though using the search term “recall” produced no results). Again speculating, the workaround sounds like a user dependent way to do something that was supposed to happen automatically. At least part of the value of automation is largely diminished, and opportunities for use error increased, when such additional demands are placed on the user.
The second reason given for the recall was that there may be a 5-10 second delay between the electrocardiogram and blood pressure curves (waveforms) at the central station. This is an interesting technical issue that may be related to software and/or communication protocols. In either case it illustrates that multiple data streams may only be useful if they are properly timed stamped, and then properly aligned at the receiver. Out-of-sync data when subsequently processed either by eye, or automatically, can give erroneous and misleading results that might appear to be correct, i.e. the results could be in the category of erroneous but believable.
For one or both reasons the FDA found that, “This product may cause serious adverse health consequences, including death.” Yet it should be noted that this was a voluntary recall, as most recalls are, despite the fact that people who surely know better reported this as “FDA recalls…”
The FDA announcement goes on to say that the company pointed out that the instructions for use state that: ”For primary monitoring and diagnosis of bedside patients, use the bedside monitor. Use the…Central Station only for remote assessment of a patient’s status.” This sentence seems to be illustrative of the fundamental problem of remote information receivers and integrators that carry a disclaimer that in sum says that you shouldn’t rely on them. But isn’t the ability to rely on it exactly why you bought it? Moreover, promotional materials available on the web do not appear to echo this disclaimer. For example it is stated that ”Applications…enhance patient care management by providing rapid assessment, decision support and clinical reporting.” Does that sound like it isn’t for primary diagnosis? Or does “Data accessible from the…Central Station includes real-time waveforms” sound like those waveforms shouldn’t be used for primary monitoring? For one more example it is said that “arrhythmia events are detected with an unprecedented degree of accuracy.” Accuracy is certainly a good thing, but detecting arrhythmias at the central station when only the beside monitor is to be used for “primary monitoring and diagnosis” appears to be less than highly useful.
Furthermore the statement that the central station is only for remote assessment seems both definitional and contradictory. It is obviously for remote assessment–because it is a central station and thus remote! But then what does “assessment of the patient’s status” mean if not monitoring and diagnosis?
The disclaimer game has been addressed in these pages before. Here it seems to involve a product that is being marketed, sold and bought for exactly the reasons that the manufacturer is saying it shouldn’t be used. I didn’t spot the disclaimer language in any of the promotional materials, but maybe it is there somewhere.
So, we have here an apparent example of software driven miscalculations, network transported data that is not time synchornized, and a reminder not to use the central station for primary assessment. Important examples to remember as we charge ahead with software driven networked solutions.
[The products in the photo with this post above are not associated with the recall discussed, and are for illustrative purposes only.]
The issue of the EHR relative to safety and effectiveness has again made the news with the November 7, 2011 pre-publication (and downloadable) release of an Institute of Medicine report on EHR safety, commissioned by the U.S. Department of Health and Human Services (HHS). This report expands the discussion beyond the EHR (used henceforth for both EHR and EMR) to include other related electronic information tools collectively called health IT.
The potential for health IT to improve both the quality and efficiency of medical care has been much noted to include more complete and timely records, ready exchange of information between providers, clinical decision support, and in turn a reduction in errors associated with the quality and availability of patient information. Efficiencies may arise from electronic capture of data which would eliminate manual entry, and time savings in accessing and reviewing patient information, and perhaps in passing information to third party payers. Additional public health value might accrue from the enhanced searchability of electronic records with respects to trends, treatments and outcomes. These benefits assume well designed, user friendly, compatible systems not withstanding that the U.S. model is to allow for numerous independent products that may or may not be able to exchange information nor display it in a consistent manner. Not surprisingly the report notes that the IT imperative will likely not be fruitful without associated attention to the people and the clinical system they work in.
However there is also the potential for health IT to add to, rather then reduce complexity; misplace, lose or garble patient information, and to provide clinical decision support that is incorrect or unreliable. Thus health IT itself has risks that the IOM found have not yet been adequately addressed or monitored. The IOM also cites the lack of an effective health IT problem reporting system compounded by contractual language that may actually impede such reporting. In addition some vendors include disclaimers as to their responsibilities even for software defects and errors. The latter suggests the all purpose liability disclaimer language: “Notice-this product may be badly designed and therefore not suitable for its intended purpose.” Alternatively one could try: “Due to software defects the information in this EHR may or may not be complete and/or may not pertain to the patient of interest. Do not use this information for medical treatment”. The value of such disclaimers will no doubt be tested.
Of course it is not only coding defects that can make heath IT less than effective. The well established issue of usability, or user friendliness, lives on, as does interoperability, training and workflow design. In this regard it might be noted that user friendly features such as pull down menus also facilitate quick but erroneous entries. Thus while an IT product might be theoretically capable of being used properly and effectively, whether it will achieve that goal in the real environment of use, when used by real people, is a separate matter. In this regard when faced with use issues and adverse events vendors will want to say that their product could have provided the correct functionality if only it had been used correctly–and don’t forget our disclaimer. The counter argument is that it was badly designed to the degree that “correct” use was predictably not likely to consistently occur. There are many anecdotes in this regard. A favorite of mine was an order entry system to which was added a physical sticky note on the monitor that read “Do not press Enter to Enter”.
Actual health IT hazards are at least in part separate from the questions of privacy, hacking and other mischief.
It must also be remembered that quantitative data (e.g. lab results and other medical device data), or reasonably well standardized data (e.g. images) are potentially much easier to capture, transmit and display than narrative information. The selection and arrangement of information on a display can also be a significant challenge with respect to density, utility and how many pages the clinician has to look at to get all the information needed–and you can’t spread those pages out. There is also a significant issue with the lack of standardization of “look and feel” factors. In this regard it must be remembered that clinicians of various types, working in multiple environments, might see multiple systems during even a single day. This is analogous to the reality of nurse use of infusion pumps. Ask the nurse if they know how to use an infusion pump and they will most likely say yes (and be insulted). But then ask them if they know how to use a particular infusion pump and they might say, no, I’ve never seen one of those before. In this regard a health IT application may be plug-and play, but that isn’t the same as plug-and-effectively-use.
The report has several specific recommendations:
Readers familiar with the FDA regulation of medical devices will recognize many of these items as standard fare. These include registration and listing, quality systems, and problem reporting. However since the FDA has not asserted that EHRs are medical devices, and the IOM elected not to make that specific recommendation.
Record-type health IT products remain in a regulatory vacuum–except with respect to acquisition funding subject to the meaningful use requirements. In this regard the report includes a dissenting statement from Richard Cook, MD (director of the Cognitive Technologies Laboratory at the University of Chicago) who asserts that health IT products should not only be declared to be medical devices, but that they should be Class III, the most stringently regulated device classification. In this regard he includes the following quote: “Medical and diagnostic devices have produced a therapeutic revolution, but in doing so they have also become more complex and less easily understood by those who use them. When well designed, well made, and properly used they support and lengthen life. If poorly designed, poorly made, and improperly used they can threaten and impair it.” While this quote could appear in nearly any one of the posts here, it actually dates to 1976 as part of President Gerald Ford’s signing statement for the Medical Device Amendments that ushered in the modern era of medical device regulation. While these amendments are often thought of as the beginning of FDA medical device regulation, such regulation actually stems from the 1930′s. What did start in 1976 was before-marketing restraints as opposed to the FDA’s prior post market authority. (And no, 1976 is not ancient history. Some of us actually remember it.)
Health IT is caught in the corn maze of promise vs usability and hazards. With quality design and thoughtful implementation the exit may be found before nightfall. Without it someone is going to have to call 911.
A recent NY Times article reported that hotel Wi-Fi capacity was again being challenged, this time by iPads and other tablets, or more specifically, tablet users. The Times notes that these users may have a smart phone and laptop going at the same time they are sucking up streaming video. The high bandwidth demand of these devices, or more specifically, their uses, is said to be reducing download speeds back to the good old days of dial-up connections. A likely solution will be a tiered charge structure, similar to the newest cellular data plans, with the result that you can waste bandwidth if you don’t care what it costs. A more general report on current and future wireless demand versus capacity has been produced by the Global Information Industry Center at the University of California San Diego. A less foreboding report on medical uses of Wi-Fi has been produced by the Wi-Fi alliance.
Smart phones have a prior history of overwhelming cell phone networks, such that in dense environments someone can’t make a phone call because too many other people are watching reality show reruns and bad movies. Now some cellular devices have been looking at switching to Wi-Fi when it is available, as explained here. This leads to the conflict ridden situation of cellular wanting to use Wi-Fi to solve its capacity problems at the same time that Wi-Fi is being over loaded by other devices. Cellular resistant building structures, which are increasing, also can create a desire to shift to Wi-Fi.
Now think about hospitals. Tablets are surely making inroads here as well, along with smart phones and in house wireless VoIP. Medical devices are also increasingly wireless as has been noted in these pages before here and here. There is also the smart phone wireless app arena (which may or may not be regulated medical devices) as discussed here and here.
Certainly the public access side of a hospital’s wireless network can be limited and segregated. However prioritizing between multiple medical applications is far more challenging both clinically and technically. It must also be remembered of course that lost medical data or lack of clinical telephony can be life threatening, as opposed to merely annoying.
In this demanding arena few wireless medical systems are at least initially tested in a fully functioning environment. Yet there is a vast difference between whether the wireless capability (as well as the wired) is able to function when tested alone, and whether it is capable of functioning around the clock and throughout the year in an actual hospital when static and when roaming. In the latter case when roaming across access points, drop-outs may result in data loss and may not respond well when access is restored. While the link may recover critical information such as which patient is involved may not be available.
In addition it may be possible to add one wireless application today that works in the current environment, but which may not work when the next one or ten or 100 other wireless applications are added later, and perhaps not much later. In this regard vendor assurance, if ever fully believable, cannot be accepted outside the context of the wireless system and devices currently deployed. (By way of bad analogy, such an assurance are like a car salesperson telling you that with this car you won’t have to worry about highway traffic.)
In this regard the effective hospital application has been summarized as requiring ”assurance” which includes coverage, signal strength, capacity, and certainty. The “utility” analogy is often used here, i.e. the wireless service should operate in the background and be something I don’t ever have to think about, just give me more and more wireless devices and they will all play nicely together. (Those who have been through electrical blackouts and brownouts may have a different perspective than others on the reassurance provided by the utility analogy.)
It is clear that wireless and wired capacity have to both be actively controlled and monitored. Besides being totally logical, this is consistent with IEC 80001 (discussed here) which addresses hospital network risk management. This active control requires a centralized coordinator who has the authority, knowledge and system resources to not allow any new wireless application to be deployed without specific consent based on appropriately rigorous tests. There must also be complete inventory of all approved wireless users so there is a record of who is using the system. New systems or upgrade designs must also take capacity seriously (see here for example).
Certainly wireless, using Wi-Fi or otherwise, offers advantages in health care, although perhaps not, wireless will need to be limited to those applications that really need it. In any case, capacity is a challenge that is likely to get worse before it gets better.
Pictured above are Philips’ Intelliview Cableless Measurements wireless SpO2 sensors that use the same ISM band frequencies as Wi-Fi. This photo was taken at the Philips booth at HIMSS 2010 with their permission.
Today I was contacted by a social media marketing firm working for a major MDDS vendor with an offer to contribute content that’s on topic for this site (that last part is important). I’m interested, and I imagine a lot of this blog’s readers will be too. As I will likely take them up on their offer, I want everyone to understand that there’s not any favoritism that plays into who gets to post on this site. So, the following describes the ground rules, the benefits of contributing, and issues an open invitation to contribute posts.
We’ve been fortunate to have a number of terrific contributing authors over the years, and some of them have written posts that continue to be popular to this day. On the About This Site page is a long standing open invitation to anyone who wants to climb up on the soap box and
spout off contribute to the conversation about medical device connectivity. I’ve also made contributing author offers personally to many folks on both the provider and vendor sides of the table. There are so many people who have incredible knowledge and experience to share. And most of these people don’t have the time or inclination to create their own blog. Now you have an outlet.
Increasingly companies are adopting social media policies that establish ground rules for employees posting to blogs, Twitter, Facebook, etc. Besides benefiting your employer, contributing posts also benefits the writer personally with increased awareness and respect among your peers. Contributors also get an author’s bio like this one for current contributor, William Hyman:
Writers that want to remain anonymous can do so, to a degree. You can be anonymous like the blogger Tim at HIStalk. He doesn’t disclose his identity on his site, but he is not legally anonymous. This means that you can chose to not disclose who you are (or your employer), but if I’m legally compelled to disclose your identity I will. Some employers will appreciate this kind of anonymity because there’s little chance the writer’s opinions will be associated with the employer. Of course many employers, especially the smart ones, will want that employee-employer association to be known so that all the insight and intelligence the contributor demonstrates in their posts will rub off on them!
In the connectivity segment of the market, there are a lot of new entrants and many established companies flying under the radar of broad market awareness. Contributing blog posts about your experience or perspective (nothing too commercial please) is a great way to establish credibility and get the word out. The most effective use of blogging is engaging in a long term conversation with your readers. Most of my consulting business comes from this blog, in addition to the usual word of mouth and repeat projects. You put your content out in the blog, and readers come back with questions and requests for help with problems, advice, referrals to fill new positions, you name it. And I can’t tell you how rewarding it is to meet people at customer sites or events who are readers of this blog.
Unlike a magazine article, press release or white paper, contributing to a blog is typically not a one shot deal. A series of blog posts that address a body of topics or frames an issue gets read when it’s published – and after that – via search engine queries (that’s why it’s important to identify and use the right key words in your blog posts). Ideally, potential contributors will look at this as an extended conversation, or at least a series of posts that will span several months, if not indefinitely. Individual contributions are welcome, but they will have to be particularly thought provoking, entertaining and/or informative.
Why contribute posts to this site? Well, the site gets about 300 unique visits per day (less on weekends) and has hundreds of subscribers to the RSS feed (the funny orange square icon on the right). Readership is evenly split between providers and manufacturers. As a contributor you will get access to the sites statistics where you can see how many times your post is accessed and by who (or at least their IP address or domain name).
So, if you’re interested in contributing, let me know. And if you’re a reader, here’s your chance to leave some feedback – what would you like to read more or less of on this site?
As an aside, if you’re interested in the blogs and news sites that I read, keep an eye on the Connectologist’s Shared Items box in the right hand bar. This is a list of shared items from my Google Reader. If you’ve got a blog or news site to suggest to me or your fellow readers, leave it in a comment to this post.
[Flickr photo of Selma by Netzanette]
The fact that connectivity, and perhaps wireless connectivity in particular, allows for hacking for mischief, theft, politics, social protest and other forms and varying degrees of evil should surely come as no surprise. In turn, that a wireless medical device might be hackable should be somewhere on the mind of developers, users, and regulators. Thus the report from the recent Black Hat conference that someone hacked an insulin infusion pump, and in so doing was then able to alter its settings, should also not be particularly shocking, but should serve as yet another reminder, that security associated with connectivity has been and continues to be an issue, as was addressed by Tim back in 2006.
The report in this instance came from Jay Radcliffe who hacked his own insulin delivery equipment. In this instance the hacking avenue was the wireless remote that was part of the device. Perhaps the idea that a wireless remote could be emulated is even at the ultra low end of surprise. More generally, the multiple discussions of this report (e.g. here and here) have suggested that the technology being used by at least some medical device manufacturers does not offer an adequate array of security safeguards. Or the manufacturers haven’t fully utilized what is available in terms of alternate hardware, or they havn’t fully utilized the security features that were available even in the hardware that they were using.
Not surprisingly medical device manufacturers have downplayed the risks of hacking. The manufacturer of the pump in question, Medtronic, responded through a diabetes oriented web site, but apparently not through an actual press release of its own. The responses included that Medtronic does take device security seriously (would you expect them to say otherwise?), and that no real-life events have ever reported. Of course a problem with the later is that stealth hacking, as opposed to announced hacking, could cause harm while going unreported. This is to not say they have, but only to note that “reported” is a limiting case.
Medtronic is quoted further as saying “Our job is to incorporate information security measures into our designs, vigilantly monitor potential threats and to always be proactively finding ways to make our devices more secure for you. That is what we have done and what we will continue to do.”
A curious post in response to this expected response from Medtronic was “Security violations are caused by sloppy implementation. The systems themselves are very secure.” I’m not sure how much better that is supposed to make us feel. Equally curious was that this response referenced RSA as a security authority, with other posters then pointing out that RSA was itself hacked.
Hypothetically (that means I made up the following) assorted glitches and could-not-duplicate service events could be the result of hacking, i.e. if the hacker hacked, and then stopped hacking, whatever the effect of the hacking was could well stop also, and therefore be un-findable. Which reminds me of a hospital wireless interference anecdote I heard about bursts of interference, almost always during the night, and almost always for one or two minutes. The culprit was an old leaky microwave being used in quick mode. And why only at night? Because the cafeteria was closed then and therefore the microwave was a primary food resource.
The bottom line is that security is an ongoing issue that must be rigorously addressed by manufacturers, and in turn by the FDA who has to at least ask the what-have-you-done-about-connectivity-security, and insist on a firm answer. Further, I will ask the question that I asked about the challenges of hospital networking at an AAMI session last June in San Antonio. My question was, “Is the problem getting easier or harder?” The answer was a laugh.
[Thumbnail photo above (used with permission) shows the various sites used to inject insulin over a period of time - one month if I recall correctly. In the lower right corner is the Medtronic insulin pump dangling from a tube. - Ed.]