Soapbox: Big Genomics and DNA testing–why we need a Genomic Data Bill of Rights

click to enlargeThis week, consumer genomics testing company 23andMe announced that outside app developers would no longer have access to raw genomic data, as they have had since 2012. They will continue to have access to data through reports generated by the company. 23andMe cited privacy concerns–wisely, in this Editor’s opinion, to safeguard this burgeoning area of digital health. Seeking Alpha

TimiHealth is an affected firm that seeks to move customer data, with consent, to an allegedly more secure blockchain platform, TimiDNA, citing 23andMe’s monetization of their data and CMS’ Blue Button initiative, a recent meeting in which 23andMe participated as a developer. Blasting away, TimiHealth stated that “It flies in the face of the mission of CMS, and the MyHealthEData initiative and the goal of putting patients first.” Release

However, the consumer marketing of DNA testers such as 23andMe, Ancestry.com, and smaller competitor Helix, has already led to multiple privacy questions on how the data of millions are being used and sold. 

This Editor would feel safe in assuming that most customers do not know nor particularly care that GlaxoSmithKline (GSK) as of July owns 50 percent of 23andMe via a $300 million investment. Both have announced a four-year partnership to use the 23andMe genetic database for drug research. For instance, the LRRK2 gene has been linked to some forms of Parkinson’s disease. GSK needs about 100 for a trial sample of one, but 23andMe has already provided 250 Parkinson’s patients who have agreed to be re-contacted for GlaxoSmithKline’s clinical trials. Scientific American

While most data is de-identified, you can agree to be contacted for further use in clinical trials, which is fine–but most users do not know how to opt out. It’s a surprisingly tricky process, as outlined in this useful Business Insider article, and you may not be able to withdraw all your data or have your saliva sample destroyed.

Data can be hacked and reprocessed. Three years ago, TTA explored reports on exactly how de-identified genomic data could be made identifiable through the ‘nefarious use’ of genomic data sets available through research networks [TTA 31 Oct 15].

Despite the trite, simplistic, and condescending commercials by Ancestry.com on how someone found they had ethnic or national roots they never dreamed of, or were related to royalty, both giving meaning to their presumably mundane life, genetic info has value beyond the feel-good. It’s long past time for a plain language Genomic Data Bill of Rights.

  • Individuals should know how their personal genomic data is being used and how it is being protected
  • They should be able to opt out of use, identified and de-identified, easily–and not have to jump through hoops
  • Reporting/interpretation should also have integrity, consideration, and respect that it may upset a person or that it may not be interpreted correctly, which is a fundamental problem 
  • A more radical view is that the same individuals should be compensated when their data is used

This Editor will settle for the first two bullets, for now. 

The Theranos Story, ch. 55: ‘Bad Blood’s’ altered reality on ‘Mad Money’; it was all Bad Blitzscaling

click to enlarge

She lied and the lies got bigger and bigger and eventually the lies got so big relative to reality that it became a pretty massive fraud. 

The hyperbolic Jim Cramer of CNBC’s ‘Mad Money’ settled down for a chat with John Carreyrou, the author of ‘Bad Blood’, to dissect what Mr. Cramer touted as ‘the best business book since Phil Knight’s book about starting Nike, ‘Shoe Dog”. Mr. Carreyrou outlines Elizabeth Holmes and Sunny Balwani went ‘live’ with fingerstick tests far too prematurely, burned through money, lied to the board, and (schadenfreude alert!) lied to attack dog David Boies, her attorney. There was also a real lack of ‘due diligence’–real diligence–on the part of companies like Safeway and Walgreens. A reveal coming out of this interview is that Walgreens hired a lab consultant, Kevin Hunter, as early as 2010, who ‘smelled a rat’ even then–and Walgreens executives ignored him, frightened that Ms. Holmes would go to CVS. Wrapping Ms. Inexplicable Me up, Mr. Carreyrou attributes her mindset to ‘noble cause corruption’; she really did believe that her blood testing machine would do good because the outcome would be good for society. Thus every corner cut was justified….which explains a lot, but really excuses nothing. The ten-minute video is over at ValueWalk (the transcript is only partial).

LinkedIn’s hyperbolic co-founder Reid Hoffman, like him or not, does have a way with words, and this article in Fast Company is a decent discussion of a new term that he actually coined, ‘blitzscaling’ which is pursuing rapid growth by prioritizing speed over efficiency in the face of uncertainty. It’s quite a lure he sets out to his classes at Stanford, that the only way to have a successful business in winner-take-all (or most) markets is to do this, and if you do it right you’ll have the next Google, completely ignoring the fact that 99.99 percent of businesses don’t need to change the world, just to get to breakeven, get to profitability, and endure (or get bought out). He springboards off this to where Ms. Holmes and Mr. Balwani Went All Wrong. The answer? Product failure=Mortal Risk–to the patient. They needed to meet a Walgreens deadline thus went out prematurely with their nanotainer testing knowing it did not work. The best quote in the article?

There’s a big difference between being embarrassed and being indicted.

Rounding up August’s end: ‘blended’ mental healthcare, Army’s telehealth innovation, Montefiore’s 300% ROI on social determinants, telehealth needs compliance

click to enlargeOur UK readers have the summer bank holiday in the rearview mirror, and our US readers are looking forward to a break over next Monday’s Labor Day holiday in the US. It’s sadly the end of the traditional summer season, though Summer, The Season lingers on for a few precious more weeks.

Here are some short takes on items of interest over the past month:

Blended care–eHealth and direct clinician care–for mental health. The NHS has been promoting online webcam and instant messaging appointments as an alternative to ease pressure and waiting times for mental health patients, but the evidence that they are effective on their own is scant. Blending digital health with F2F clinical care may be the way to go. This Digital Health News explores how the two could work together and still save time and money.

Army testing telemedicine and remote monitoring for triage. The US Army’s MEDHUB is designed to streamline communication flow between patients, medics and receiving field hospitals.  MEDHUB–Medical Hands-free Unified Broadcast–uses wearable sensors, accelerometers, and other FDA-cleared technology to collect, store, and transmit de-identified patient data from a device to a medical facility, allowing clinicians to better prepare for inbound patients and more promptly deliver appropriate treatment. The 44th Medical Brigade and Womack Army Medical Center at Fort Bragg, North Carolina have already volunteered to test the system. MEDHUB was developed by two subordinate organizations within the US Army Medical Research and Materiel Command. Army release, Mobihealthnews 

Soldier, don’t take your health tracker to the front. Or even the rear. Deployed US Army soldiers have been told to leave at home their wearable trackers or smartphone apps, government issued or otherwise, that have geolocation capability. Turns out they are trackable and heat mappable–in other words, these trackers and apps can tell you where you are. (And don’t use Google either). Mobihealthnews

Social determinants of health part of Montefiore Health System’s approach to reducing emergency room visits and unnecessary hospitalizations.  Montefiore, based in the Bronx and lower Westchester, invested in housing for the homeless through their Housing at Risk Alert System. The system noticed through their analytics that the issue was housing. Many of their ‘frequent flyers’ cycled between shelters and the ER (ED). Oncology patients were at risk for eviction. Montefiore acquired respite housing (160 days) and housing units for up to a year through organizations such as Comunilife. They claim a 300 percent return on investment. Healthcare Finance

Telehealth needs compliance health. A study from Manatt Health, a division of law firm Manatt, Phelps & Phillips, LLP, presents what readers already know–the inconsistent statutes, regulations and guidance various states are implementing around the provision of telehealth services points out the growing need for compliance assistance. Manatt Health Update (blog) 

Rounding up mid-August: PCORI funds 16 projects with $85 million, InTouch’s Rite Aid deal, Suennen leaves GE Ventures, NHS lost 10K patient records last year

click to enlargeRounding up August as we wind down our last weeks of summer holidays. 

The Patient-Centered Outcomes Research Institute (PCORI) announced earlier this week that they are funding 16 studies which compare two or more approaches to improve care and outcomes for a range of conditions. Included in the $85 million funding are studies incorporating technology. One is a $13.3 million grant for a West Virginia University study utilizing telehealth to monitor patients with major depressive disorders comparing medication, cognitive behavior therapy (CBT), and medication plus remote CBT. PCORI Release

InTouch Health, an enterprise telehealth provider which most recently partnered with RPM developer Vivify Health [TTA 19 Dec] to move into in-home and post-acute settings, is now moving into retail with Rite Aid. The letter of intent is to help Rite Aid build up the technology in their existing health kiosks in pharmacies and ‘alternative care sites’. Rite Aid has had a long standing interest in kiosks, including as one of the last customers of HealthSpot. With their Albertsons merger scuttled, Rite Aid is seeking other business and interest. One of InTouch’s executives is EVP of Marketing and Consumer Solutions Steve Cashman, who founded and headed HealthSpot. InTouch is also participating in the World Telehealth Initiative, a nonprofit organization which seeks to bring telehealth expertise into worldwide communities in need. InTouch will donate devices, access to its virtual network, and access to doctors donating their time. Mobihealthnews.

Lisa Suennen, a fixture at many health tech conferences and one of the few women with both presence and clout in the funding sphere, has departed GE Ventures, GE’s VC arm. She was senior managing director focusing on healthcare companies, successfully exiting several in her portfolio to UnitedHealth and Aetna. No reason was given for her exit after a stint of under two years, other than the anodyne “find a new adventure.” GE is planning to spin off its healthcare businesses as part of its restructuring. CNBC

And the week would not be complete without a report about NHS losing nearly 10,000 patient records–paper and electronic–last year, according to information released under UK freedom of information laws. Without this information, doctors have trouble finding patient history sources and prior diagnostic records. There is also abundant opportunity for fraud, as Everything Winds Up Somewhere, and that somewhere could be criminal. Last year, Members of Parliament said the NHS had “badly failed patients” after a scandal in which at least 708,000 pieces of correspondence–including blood tests, cancer screening appointments, medication changes, and child protection notes–piled up in storerooms. Sunday Times. If paywalled, see the attached PDF.

Yet another NHS cyber-vulnerability: fax machines

click to enlargeNow fax machines are hackable, say the white hats at Check Point Research. Your GP or doctor thinks they are safe, but their protocols haven’t been updated since the Big ’80s. Check Point found that all a hacker needs is the fax number to hack into one. 

The ‘how to’ is in the article. New ‘all in one’ printers which are connected to phone lines and wirelessly to networks can receive a malicious fax as an entry point into the network. Data is then exfiltrated through another fax as illustrated above left. Check Point’s study cited the HP OfficeJet Pro All-in-One fax printer but others would be vulnerable as well. Online electronic fax numbers may also have problems.

NHS’ census, released via a FOIA request, indicates it uses 9,000 fax machines. NHS has minimized the risk they present. HP has since issued security updates for its fax printers. Also Digital Health. 

Despite recruiting, Babylon Health’s GP at hand still on hold in Birmingham (UK); CEO steps down at rival Push Doctor

GP at hand, Babylon Health’s NHS app and service for scheduling patients with local GPs, was expected to roll out in Birmingham, but the Hammersmith and Fulham CCG, from which Babylon operates, continues to halt its the expansion since the beginning of this month on patient safety concerns.

The app, which schedules patients with GPs and requires registration that effectively changes what we in the US call ‘attribution’, was set to add GP surgeries in Birmingham starting this month and was setting up an HQ at Badger House, an out-of-hours GP services provider based in Birmingham’s inner city. GP recruitment had started, according to Pulse, in late July. Patients would register in Babylon’s host practice Dr. Jefferies and Partner in southwest London through NHS’ out-of-area registration scheme.

The objections to Babylon’s expansion came initially from Paul Jennings, the chief executive of Birmingham and Solihull CCG. According to Digital Health, “he wrote to Hammersmith and Fulham to lodge a formal objection to the expansion. He argued the digital service was “not yet robust or tested for a national service to be delivered from a single practice outside of Birmingham”. Hammersmith and Fulham then stated that “further information is required to provide assurance on the safety of patients” before the Birmingham roll-out could be approved. 

This is despite the release of a equality impact assessment by Verve Communications on behalf of Hammersmith and Fulham finding mainly positive results, such as GP at hand “more likely to address most barriers than traditional GP services” in 10 out of 11 protected groups” and that “carers may benefit from [the] use of GP at Hand as this will allow them to consult a primary care practitioner whilst continuing with their care responsibilities.” The new Health Secretary Matt Hancock, a major advocate of technology in care, is himself registered with Babylon. Mobihealthnews

(If you are in the UK, you can hear it straight from Babylon’s CEO Ali Parsa, interviewed by Roy Lilley of nhsmanagers.net, on 10 September at the RSM.)

Rival telemedicine service Push Doctor is also undergoing changes with CEO and co-founder Eren Ozagir’s departure. It appears that he and the board had a difference around company direction, with the board recommending a cut of 40 jobs (Sunday Times). Their COO, Wais Shaifta, became acting CEO in July. In June 2017, a report by the Care Quality Commission (CQC) found the service to be delivering unsafe care via antidepressant and blood thinner prescriptions being given without requisite blood tests and monitoring. Digital Health

France officially enters the telemedicine world

By ministerial decree for the 2018 social security financing law, France starts deploying telemedicine both for doctor-patient consults (teleconsultation) and ‘telexpertise’ (between health professionals) starting on 15 September. The latter will be defined in stages by 2020.  For instance, from 2019 it will be deployed for long-term conditions (ALD), rare disease patients in sub-dense areas or in long-term care homes or inmates. “In this context, they agree to define the scope of these acts and their rates as well as their methods of implementation and billing.”

The rest of the teleprofessional deployment calendar will be defined before the year 2020. The full bill is printed here (in French, of course) Agir-Telemedecine.org

Embedding microchips in workers–does this have potential in healthcare?

It’s not just for pets anymore. Embedding microchips for various purposes subcutaneously in people is a bit of technology that appears to be gaining traction. The employees of Three Square Market, a company that provides self-service mini-markets in commercial settings such as hotels or company breakrooms (what in this Editor’s airline days we dubbed ‘the iron kitchen’ or Ick) are happily planting chips in their skin to ID themselves into the office, onto their computers, and buy lunch in the company café. About the size of long-grain rice, they have no power source other than that supplied by an external RFID reader. About 80 employees of Three Square Market now have it, having started with 30 a year ago. It also seems to have caught on in Sweden.

In the glowing MIT Technology Review article, there seems to be little concern that the chip might have a long-term health effect even as minor as a cyst or fibroma, being that it is a foreign object. Chips could also be ‘pinged’ to detect location or download information.

Of interest in the healthcare area are the following:

  • Three Square’s president, Patrick McMullan, stores some health information on his chip
  • Three Square is also investigating the hot area of hand hygiene in hospitals. During this month into September, they are testing RFID bracelets at two hospitals in Fort Wayne, Indiana and Hudson, Wisconsin that verifies when doctors and nurses wash their hands using the proxy of turning on a sink through the sink’s RFID reader. 
  • Embedding chips in hospital and LTC staffs could increase areas such as hand hygiene, enforce security in restricted areas, and provide data for task or time/motion studies.

Rutgers develops wristband wearable that uses biosensors to count blood cells, bacteria, and air particles

click to enlargeResearchers at Rutgers University-New Brunswick (NJ) have developed a wristband with a biosensor that can count particles, including blood cells, bacteria and organic or inorganic particles in the air. The cuff-sized wristband has a circuit to process electrical signals, a micro-controller for digitizing data and a Bluetooth module to transmit data wirelessly to a smartphone app for further analysis. The blood count has to be done through pinpricks that funnel the cells through a channel thinner than a human hair to the biosensor.

From the articles, it appears the technology would be an add-on extending the capabilities of other sensor-based wearables. For instance, blood count monitoring could add another diagnostic parameter to traditional devices for chronic conditions and be used in diagnostic tools in remote or battlefield settings. Environmental analysis of air particles could be used for allergens or potentially toxic environments. Bacterial analysis could be used in potentially infectious settings or diagnosis. Rutgers Today,  Microsystems & Nanoengineering, Mobihealthnews

What Best Buy’s $800 million cash purchase of GreatCall connected health/PERS really means

Have health and connectedness services for older people finally made it out of the pumpkin and to the ball? GreatCall’s market doesn’t make for great cocktail party buzz or TEDMED talks. It’s emergency response with Jeopardy’s Alex Trebek presenting 5 Star emergency service bundled in a Jitterbug flip or smartphone (made by others). It’s made intelligent acquisitions. taking some of the tech developed by Lively to develop wearables that are quite presentable and by Healthsense for the senior living market. It’s been a leader in how to make both traditional direct marketing (DRTV, print) and digital work for an older market. Somehow, it’s managed to accumulate over 900,000 paying customers, which proved to be very attractive to first PE firm GTCR and now Minneapolis-based Best Buy, which with GreatCall has made its Biggest Buy.

GreatCall will remain a separate division with the same CEO (David Inns, with them since their 2006 founding) and remain HQ’d in San Diego. The transaction is expected to close by end of the third quarter of Best Buy’s fiscal 2019, subject to regulatory approvals.

Best Buy in the US has remained the #1 electronics ‘big box’ store that, like most retail, has stumbled about and come back from the brink. Their purchase of GreatCall, a partner for many years, reinforces a strategy they’ve worked on for a while in featuring health and wellness-related products to what CNBC calls ‘an aging population’ as part of ‘solving technology problems and addressing key human needs across a range of areas.’ GreatCall, as noted above, has a superb track record in direct marketing to that group. (In this context, the former Healthsense B2B play is limited–some of the feedback that this Editor’s received is that GreatCall stumbled out of the gate with Healthsense customers with a lack of understanding of the LTC/senior housing market dynamics. Long term, it seems out of phase with Best Buy’s direction in a way that consumer-oriented Lively is not.)

Will that talent spill over to and influence the rest of Best Buy’s business? Will Best Buy successfully carve out a niche which is relatively resistant to the predations of Amazon (which also sells a lot of health tech) and other online retailers? Is this niche big enough to support this Big Box Retailer? Seeking Alpha, press release, Mobihealthnews

OpenEMR’s security flaws threaten millions of patient records; McAfee successfully alters vital signs reporting into monitoring systems

The OpenEMR system, which is an open-source patient record system used in UK hospitals and others worldwide, has dozens of security flaws in its software, according to Project Insecurity, a London-based “tight-knit computer research organization which focuses primarily on educating the masses on the topics of information security” according to their corporate description on LinkedIn. According to their report, Project Insecurity found vulnerabilities including: “a portal authentication bypass, multiple instances of SQL injection, multiple instances of remote code execution, unauthenticated information disclosure, unrestricted file upload, CSRFs including a CSRF to RCE proof of concept, and unauthenticated administrative actions.”  OpenEMR has stated that they have now supplied patches to fix the vulnerabilities listed in the report. However, these multiple flaws put potentially millions of patient records at risk for some time.

OpenEMR’s decentralized model has some drawbacks when it comes to security. According to OpenEMR, they do not know how many organizations are affected as the open-source software has voluntary registration. Patches and security fixes are announced to the registration list, the OpenEMR’s online forum and social accounts, the open-emr.org community, and OpenEMR vendors. While no data has been publicly exposed, the Project Insecurity report revealed this system’s risk to the healthcare organizations which use it. Also DigitalHealth and Project Insecurity on Twitter.

McAfee has confirmed another vulnerability–that vital signs reporting into a central monitoring station can be altered in real time. They tested a circa 2004 bedside monitor/central monitoring system reportedly still in use. The system monitored heartbeat, oxygen level, and blood pressure, used both wired and wireless networking over TCP/IP, and appeared to store patient information. The central monitoring station ran Windows XP Embedded, which presented one set of flaws, but far more accessible to a breach was the communication from the devices to the central monitoring system. In short, “the attacker simply has to send replacement data to the central station while appearing as the patient monitor.” The article proves vital signs can be altered by the time they reach the central monitoring station to create a bad diagnosis, unnecessary testing, and unneeded medication. The McAfee article lays out How to Mess With Vital Signs, Believably.

Late summer and early autumn event updates: Save 20% on Connected Health Summit, SEHTA Health + Space, Lilley’s talk with Ali Parsa, PATH Summit, Connected Health Conference, HealthIMPACT

It’s always a little sad to realize that summer is winding down. Some (like your Editor) stretch the summer past Labor Day (the DMZ in the US) into early autumn, taking the philosophy that woolies are way too warm till November. Here are eight substantial events on your calendar to look forward to:

Connected Health Summit, 28-30 August next week, San Diego–Readers Save 20%!

Parks Associates have offered our readers 20% off registration at ‘Connected Health, Independent Living and Engaging Consumers’, the fifth Connected Health Summit organized by Parks Associates. The conference will analyze the roles of connected health technologies and innovations in driving changes in consumer behaviors and business models. Lead speakers are from IBM Watson Health, Alarm.com, Uber Health, and Qualcomm Life. More information and registration here. As a preview, download their latest white papers:  Market Snapshot – Consumer Health Attitudes and IoT Home Living Features and Sleep Tech and IoT. #CONNHealth18

Healthcare and Space Funding Call Brief, 4 September, Cocoon Networks, 4 Christopher Street, London, EC2A 2BS, 10:00 – 13:00

Sponsored by SEHTA, The Knowledge Transfer Network, and MedCity, this will cover funding opportunities for converting innovation from the space sector, from exploration to satellite communications, to new solutions for the health sector and medical applications that improve NHS treatment and care. At this event attendees will hear about them plus have the opportunity to network with organizations from both the health and space sectors. This event is part of the MedTech London programme supported by the GLA. For further information, contact Clare Ansett, Head of Communications, SEHTA

Health Chat with Ali Parsa of Babylon Health, 10 September, RSM, 1 Wimpole Street, London (new venue!)

This Health Chat conducted by Roy Lilley of nhsmanagers.net promises to be eventful. “Has the tide turned in primary care? What effect might Babylon produce? Who are the beneficiaries? What is the future for the traditional primary care GP model?” Tickets are a modest £19.95 – £39.95 and are going quickly. Sponsored by UK HealthGateway, the publishers of nhsmanagers.net. Register here.

PATH Summit, 30 September – 2 October, Omni Shoreham Hotel, Washington DC

Those of us who wondered what long-time CEO Jonathan Linkous of the American Telemedicine Association has moved on to now have their answer: CEO of PATH, the Partnership for Artificial Intelligence and Automation in Healthcare. Their first Summit will attempt to answer questions like: “Is artificial intelligence, automation, robotics and sensors the future of healthcare or a passing fad?” It will cover AI innovations, best practices, and barriers to beware (boo!) Find out more and register here, but this Editor’s advice (not that it will be taken) is to drop the silly home page quote from the buffoonish and irrelevant Mark Cuban. 

Connected Health Conference, 17-19 October, Boston

The second year of the combined PCHAlliance Connected Health Conference and the Partners Connected Health Symposium at the impressive Seaport World Trade Center kicks off with co-located conferences followed by two full days of events and expo. Preview it and register here

HealthIMPACT has three events from September into December:

HealthIMPACT Midwest – Rev1 Ventures, Columbus, OH, September 27

NODE.Health Evidence in Digital Medicine Roundtable – Microsoft Technology Center Boston – October 16

NODE.Health Digital Medicine Conference – Microsoft Technology Center, New York, NY – December 5-7

Who’s available? A young graduate in telemedicine/eHealth studies seeks opportunity

Maceline (Mimi) Kadurira is finishing up her MSc in eHealth & Tele-Medicine at Rome (Italy) Business School. She is seeking a position where she will gain additional exposure to various aspects of telemedicine, eHealth, and social sciences where she has an honors degree from Africa University in Harare, Zimbabwe.

Some points she would like to highlight re her suitability for a new opportunity:

  • Volunteer involvement. I have volunteered with Inspire Tutors as Communications and marketing Organiser helping with writing and maintaining company blog and spearheading campaigns and marketing awareness programmes and providing one-on-one coaching children and youths with developmental disabilities, including counseling. I also implemented individualized learning plans for students with intellectual disabilities. Shadowing case managers and attending mental health meetings was an incredibly beneficial experience during my volunteering time.
  • Professional experience. As a student (Intern) a full year as Human Resources Assistant, compiling time sheets, risk management, helping in the recruitment process, filing, data entry and general confidential information handling/maintenance.
  • E-Health and Telemedicine Management. Courses include Electronic Medical Records, Chronic Disease Management, Best Practice, Clinical Decision Support Systems, ESA activities in Telemedicine (space technology for downstream eHealth applications) Protection of personal data in eHealth, Standards and Interoperability.

Can your growing organization use Mimi? Contact Details: macelkaduri@yahoo.co.uk  Her CV is here

More good news for telehealth, RPM in FCC approval of $100M Connected Care Pilot Program

The Federal Communications Commission (FCC) moved relatively quickly to approve the Connected Care Pilot Program, approving broadband-enabled telehealth and remote patient monitoring services in underserved rural and remote areas. Funding for the program has been pegged at $100 million. The approval was unanimous on the program proposed by FCC commissioner Brendan Carr and Mississippi Sen. Roger Wicker.

CCPP will provide $100 million for subsidies to hospitals or wireless providers running post-discharge remote monitoring programs for low-income and rural Americans. An example is those run by the University of Mississippi Medical Center. The goal is to lower same-cause readmissions and improve patient outcomes. [TTA 13 July] Hearings late last month also were structured to support the program and start to fill out the details for a 2019 start [TTA 1 Aug].

Public comments are now open for a 2019 start to the program (see FCC website–look under Connect2Health which is the umbrella site for this and similar programs). Commissioner Carr had to look no further than the VA to see how Home Telehealth and other remote monitoring programs worked to drive down cost and improve patient outcomes. VA Health’s remote monitoring program cost $1,600 per patient compared to $13,000 for traditional care in one study. The trick is now translating this into an open system.

This is a nice boost to both real-time video and asynchronous remote patient monitoring in market development (and getting paid) in areas of great need. It’s also another Federal signal (so to speak) for 2019, following the proposed Medicare Physician Fee Schedule’s increased payments and broader applicability for both.  mHealthIntelligence, Mobihealthnews, FCC Release Hat tip to reader Paul Costello of Medopad.

Coffee break reading: a ‘thumbs down’ on IBM Watson Health from IEEE Spectrum and ‘Der Spiegel’

In a few short years (2012 to now), IBM Watson Health has gone from being a 9,000 lb Harbinger of the Future to a Flopping Flounder. It was first MD Anderson Cancer Center at the University of Texas last year [TTA 22 Feb 17] kicking Watson to the curb after spending $62 million, then all these machine learning, blockchain, and AI upstarts doing most of what Watson was going to do, but cheaper and faster, which this Editor observed early on [TTA 3 Feb 17]. At the end of May, IBM laid off hundreds of workers primarily at three recently acquired data analytics companies. All came on board as market leaders with significant books of business: Phytel, Explorys, and Truven. Clients have evaporated; Phytel, before the acquisition ranked #1 by KLAS in analytics for its patient communication system, reportedly went from 150 to 80 clients. IBM denies the layoffs were anything but much-needed post-acquisition restructuring and refocusing on high-value segments of the IT market.

IEEE Spectrum rated the causes as corporate mismanagement (mashing Phytel and Explorys; IBM’s ‘bluewashing’ acquired companies; the inept ‘offering management’ product development process; the crushed innovation) plus inroads made by competition (those upstarts again!). What’s unusual is the sourcing from former engineers–IEEE is the trade group for tech and engineering professionals. The former IBM-ers were willing to talk in detail and depth, albeit anonymously. 

Der Spiegel takes the German and clinical perspective of what IBM Watson Health has gone wrong, starting with the well-documented failures of Watson at hospitals in Marburg and Giessen. The CEO of Rhön-Klinikum AG, which owns the university hospital at Marburg, reviewed it in action in February. “The performance was unacceptable — the medical understanding at IBM just wasn’t there.” It stumbled over and past diagnoses even a first-year resident would have considered. The test at Marburg ended before a single patient was treated.

The article also outlines several reasons why, including that Watson, after all this time, still has trouble crunching real doctor and physical data. It does not comprehend physician shorthand and negation language, which this Editor imagines is multiplied in languages other than American English. “Some are even questioning whether Watson is more of a marketing bluff by IBM than a crowning achievement in the world of artificial intelligence.” More scathingly, the Rhön-Klinikum AG CEO: “IBM acted as if it had reinvented medicine from scratch. In reality, they were all gloss and didn’t have a plan. Our experts had to take them by the hand.”

Hardly The Blue Wave of the Future. Perhaps the analogy is Dr. Watson as The Great Oz.

More and more into the (data) breach: 3X more patient records in Q2, UnityPoint’s breach balloons to 1.3M

click to enlargeAnd we thought Healthcare Hackermania was following the Hulkster into retirement. After a quiet Q1, data breaches and hack attacks blew up both in Q2 and now in this quarter.

Data compliance analytics firm Protenus’ Breach Barometer (with DataBreaches.net) has been tracking healthcare data breaches for years. It was quiet last quarter with 1.13 million patient records affected in 110 separate health data breaches. But last quarter was a true triple threat with patient records up three times to 3.14 million, 142 separate breaches–which means more per breach on average. What is also distressing is that 29.71 percent are repeat offenses among employees, up from 21 percent in the previous quarter.

  • 36.6 percent of breaches were due to external hacking, nearly double that of Q1.
  • 30.99 percent were due to insiders, either through deliberate wrongdoing (theft) or insider error. Insider wrongdoing was led by family members snooping on other family members’ records. Not Russians, Chinese, NoKos, or Bulgarians bashing about. 
  • In contrast to Q1, where the biggest data breach was a network hack of an Oklahoma-based health network (reportedly the Oklahoma State University Center for Health Sciences), compromising nearly 280,000 records, Q2’s Big Breach was a physical burglary of the California Department of Developmental Services in Sacramento affecting over 581,000 records. After the usual ransacking and theft, the burglars started a fire before they left and the sprinklers did the rest.

It routinely takes nearly forever from when a breach occurs to when it is discovered: in Q1 244 days, in Q2 204 days. In Q2 the longest discovery time was over five years –2013 to 2018. This indicates that insiders may be good at covering their tracks, and/or IT staff don’t get around to detecting and policing breaches.

Protenus and DataBreaches.net compile incidents disclosed to HHS and reported in the media, and are now adding their own proprietary, non-public data on the status of health data breaches nationwide, including a review of tens of trillions of individual
accesses to EHRs which Protenus audits as part of their healthcare systems services. More detail in Protenus Q2 and Q1 full reports, HealthITSecurity (Q1)

Certain to lead their Q3 report is the 1.4 million patient record breach at UnityPoint Health, an Iowa-based health system. In May, a small phishing breach compromised 16,000 records. This cyberattack also started with email phishing and spread through employee networks. “The phishing campaign tricked employees into providing confidential login information, which hackers used to infiltrate email accounts and access data contained within.” Were the hackers after patient data? According to UnityPoint, “The phishing attack on UnityPoint Health was more likely focused on diverting business funds from our organization.” Healthcare Analytics News

You may not want a cyberattack, but cyberattacks and hacking want you….