Why hackers feel the $$ love for healthcare: Brookings study

July 13, 2016 | by

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s the information, silly! A recent study by the Center for Technology Innovation at the Brookings Institution tells us what we already know: healthcare organizations hold high-value information electronically, and because they haven’t invested equally in cybersecurity, it’s all vulnerable. When those nifty EHRs hold names, dates of birth, addresses, Social Security numbers and health histories, they are eminently salable. What’s new here is that the vulnerability increases due to factors not based on security, but on legal and data exchange requirements:

  • Data sharing and accessing
  • Length of storage to comply with regulations
  • The size of the records–the more information they hold, the more vulnerable

Lay on top of this ransomware.

The worst threat is not the hacker in a Bulgarian basement, but what is termed ‘state actors’ who want health information for a variety of reasons. They may be compiling a big database:”…a dossier of individuals that they could use for social engineering for future attacks”–such as sending phishing emails to government employees with specific, accurate information that when opened, infect their computers with malware for another purpose. Some solutions presented are using an outside cloud storage provider; using blockchain, which requires both public and private encryption keys; intrusion-detection systems (IDS) and security information and event management (SIEM) software. CSO, Brookings report (28 pages)

Paper beats the EHR rock, docs in British Columbia conclude

July 13, 2016 | by

“Moving to an electronic system should enhance the care we provide, rather than jeopardize it.” “We do not want a catastrophic event to occur in order to have our concerns heard.” “We do not feel that it is ethical to put patients at risk using a system that makes it difficult to ‘do the right thing’ and much easier to make a significant error.”

Nine weeks into the launch of a C$174 million Cerner EHR in March, emergency room and intensive care unit doctors Nanaimo Regional General Hospital in British Columbia, Canada reverted to paper orders and instructions out of concern for patient safety. Internists and others wanted to do the same. They formed a 250-member Medical Staff Association, which had enough concerns to go on the record with a report that included the above. One example: the lack of confidence in the electronic ordering system module for diagnostic tests, drugs and patient instructions was enough for sixty-one Association members to vote unanimously on a  “no confidence” motion in the system and a return to paper orders. The report also detailed “a multitude of physician-reported major safety issues from every department that deals with acute patient care.”

The B.C. provincial health authority, which in Canada’s system can overrule doctors and parent companies (Island Health), won’t remove the offending module, but is concerned enough to order additional resources and ongoing refinements, based on physician concerns and recommendations from a recent internal investigation. Island Health’s board also asked the health authority to: address fatigue in clinical staff and medical professionals; adjust resources to alleviate workload burden; Improve trust in the electronic health record and associated clinical care processes; work collaboratively with clinicians and medical staff to evaluate improvements in the electronic health record for quality and safe patient care. Times Colonist (BC)

Telemedicine, telehealth and ‘Healthy India’

July 12, 2016 | by

While we in the West and much of Asia/Pacific can parse the differences in wearables, tablets vs. smartphones and debate the accuracy of EHRs, far simpler issues dominate the application of health tech in places like India. Some are familiar–connectivity and preconceived notions of staff acceptance–and others are familiar to those of us who work in developing countries, such as interrupted power and a lack of trained people. Telemedicine and the reading of vital signs in telehealth has been part of the Indian scene for years–16 according to the article–but only in the past three years have remote consults been used more frequently. In the past year, over 100 patients have been saved by telehealth centers at two locations operated by Apollo TeleHealth in Himachal Pradesh, a province where the average patient travels up to 50 km for primary care and 250 km for secondary care. It is state-subsidized in a public-private partnership, but Apollo is already tracking over 15 months 3,000 teleconsults, providing emergency care to at least 200 people and saving Rs 15 lakh ($22,400 or £17,100).

The greatest impediment, according to the joint managing director of Apollo Hospitals Enterprise Limited (and the author), is the resistance to change–a familiar one. Telehealth services: A prescription of technology that saves lives, saves costs (Hindustan Times)

Aarogya Bharat, or Healthy India, is a ‘roadmap’ to enable India’s growth and prosperity by improving health for India’s population. Most Indians pay out of pocket, (more…)

Paper beats the EHR rock when it’s about accuracy: JAMIA study

July 11, 2016 | by

A study published in the Journal of the American Medical Informatics Association (JAMIA) may be one swallow and not the spring, but points to something doctors have been reporting anecdotally for years. Researchers examined initial progress notes of patients admitted to Beaumont Hospital in Royal Oak, Michigan both before and after the Epic Systems EHR implementation (POLITICO Morning eHealth) in 2012. Their sample of 500 notes examined five specific diagnoses with invariable physical findings: permanent atrial fibrillation, aortic stenosis, intubation, lower limb amputation and cerebrovascular accident with hemiparesis. The error rate of EHRs compared to the paper charts was 24.4 percent versus 4.4 percent. Residents were better at EHR-ing than the more experienced attending physicians for inaccuracies (5.3 percent v. 17.3 percent) and omissions (16.8 percent v. 33.9 percent). As this is an older snapshot, it may have narrowed with familiarity and training, but this is in line with prior reporting in multiple countries (here) that customization by real clinicians needs to be part of the implementation (designed by IT people without clinical background), often design doesn’t meet clinical needs, many have glitches and that they take entirely too long to fill out, notoriously in mental health (see JAMIA study from April). And let’s not get into the plagues of hacking, ransomware and health data exchange. HealthcareITNews, JAMIA (abstract only)

Silicon Valley’s mantras don’t work in healthcare: AliveCor’s CEO

July 11, 2016 | by

Betas, ‘moving fast and breaking things’ don’t work in our territory. That is the POV of Vic Gundotra, the CEO of AliveCor, which has successfully introduced and marketed its smartphone snap-on ECG globally. Witness the up vote from the NHS on technology (Daily Mirror), while the American Medical Association (AMA) in the US wants better vetting of both clinical and DTC health tech and refers to much of it as ‘quackery’ (Forbes). According to Mr Gundotra, who was in engineering at Google and Microsoft prior to AliveCor, “Healthcare is not a market that can be hacked.” and “When a product directly relates to human health, following regulatory requirements needs to be a core part of the strategy from day one. What has been seen as a burden needs to be seen as a benefit. It’s time that we stop viewing regulatory bodies as obstacles and start viewing them as valuable partners. This is a mindset that should be adopted across a company’s entire team — from board to CEO to VC to developer.” And the incompatible expectation of Silicon Valley VCs, “18 months tapping our feet, then exit” as well.  Recode

StartUp Health’s midyear report: digital health investment breaks record

July 11, 2016 | by

The StartUp Health accelerator/investment organization continues with its quarterly analyses of health tech funding. (Rock Health may be at ‘last call’: TTA 11 May) Key points:

  • International investment reached $3.9 bn, a record.
  • There are 7,600 global startups in digital health.

But some things remain the same:

  • Most funding deals go to Series A companies, with seed rounds equal in number but not amount (33 and 32 percent, under $100 million and $400 million respectively).
  • Later stage companies still don’t have ‘legs’. Subsequent rounds after Series B (18 percent) continue to be weak (apparent since the beginning of these tracking reports). Series B now accounts for 18 percent of deals, $600 million in funding. Series C through E drop off precipitously from $400 to well below $100 million.
  • Median on rounds haven’t moved much: $3.9 million Series A and seed, $17 million in B/C, $21 million D and after.
    • Given the regulatory environment and the wisdom of going slow in health tech (poster child–Theranos), this also points to a disconnect between the Silicon Valley mentality of ‘make it quick and exit’ and reality.
  • IPOs have been a mixed picture, with most fluctuating in price and market cap, few making it to their IPO price.
  • International deals range from League in Toronto, Early Sense in Tel Aviv and Ping An Good Doctor in Shanghai, the last of which at $500 million beat the $400 million funding of payer Oscar for top funding honors.

And there are new darlings: patient/consumer experience, wellness, personalized health/Quantified Self (!), big data, workflow and clinical decision support.

An interesting addendum to the report is the 50+Market, which includes companies which are relevant to 50+ needs and those which focus on it. Interestingly, half of investment is residing here and skews heavily towards Series B and later stage companies. StartUp Health page (download). The report for viewing only is on Slideshare.

More reflections on, significance of the Theranos quagmire (updated)

July 10, 2016 | by | 1 Comment
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2016/04/Yak_52__G-CBSS_FLAT_SPIN.jpg” thumb_width=”150″ /]Theranos’ spin towards the Auger In continues. Truth or Consequences are apparent. So are setbacks.

Wired has put together a timeline of the key events in The 9 Events That Have Pretty Much Doomed Theranos, most of which our Readers in following our coverage (index here from 2013) are already familiar with. One interesting point is #7, which touches on another gift to the legal profession–the class action lawsuit. Eight lawsuits are already in process, and at least one names former partner Walgreens Boots.

SEC and DOJ’s interest. The SEC, limited in its action because Theranos got big without going public (see below for more), is likely seeking misrepresentation of technology to investors–as in, ‘it really didn’t work’. Penalties may include repayment or settlements to investors and barring principals from ever leading a public company. The DOJ will likely focus on consumer impact. Knowing that your blood tests are inaccurate but continuing to sell them violates all sorts of Federal health regulations, and can earn the principals orange mock turtlenecks and a long stay in a place with iron bars, pesky regulations and no choice of wardrobe. Sadly, Theranos’ legal counsel and board member David Boies won’t have a chance to unleash one of his favorite intimidation weapons, the libel lawsuit. Instead, he’ll be uncomfortably playing defense (but for how long?) Give the man a crying towel, and remind him to bill in advance. Wired (from April)

*Updated: Here’s the CMS letter, courtesy of the WSJ. (If John Carreyrou doesn’t receive a Pulitzer Prize, the fix is in!–Ed.)

The market demonstrated inefficiency in allowing companies like Theranos to get big without going public. You cannot short or sell the stock (a negative ‘opinion’) which demonstrates that investor-backed Unicorns represent ‘incomplete markets,’ according to Robert Shiller’s Efficient Markets Hypothesis. Of course, before going public, the SEC would have demanded disclosure–another reason why Theranos (and possibly other Unicorns) aren’t. Forbes.

‘Theranos has probably set back the tremendously promising field of microfluidics by a decade.’ An investor who was rooting for Theranos (but didn’t invest) recounts the dodgy behavior of entrepreneurs from eToys.com to Tesla. ‘Hype is what entrepreneurs do best’; fabbed-up PowerPoint decks are par for the course. “Sadly, the journey from charisma to coercion to lying is quick and often complete.” Ms Holmes, you have a lot of company. When Startups Put The Fab in Fabricate. (WSJ; if paywalled, PDF attached)

Where do we go from here? We’ll close with advice to startups in biotech and medical innovation: pace thyself, know thyself. What’s needed: an internal culture amenable to science–and external regulation–and knowing when to apply the brakes to prevent slamming into The Wall Marked Failure. (Mentioned is a useful tool called a pre-mortem) Wired

A ‘next generation’ house call from the patient’s perspective

July 10, 2016 | by

Guest editor Sarianne Gruber (@subtleimpact) attended May’s d.health Summit on Aging in NYC. She reflects on moderator Christina Farr’s (immediately prior) direct experience with a virtual visit (convenience, proactive care–and utter frustration with her payer) and what the telemedicine ‘next gen’ provider panelists see as their advantages in fixing a fractured healthcare system.

Christina Farr had a “Next Generation” house call for the first time. The on-demand doctor’s visit provided her care and resolved the possibility of a trip to the emergency room, and best of all she felt great. Ms. Farr, an award-winning health and technology journalist, happen to have had her encounter just days prior to the d.Health Summit. Coincidentally, she was to be the moderator for a panel of prominent telehealth business leaders on this very topic. Curious after having had this experience, she wanted to know whether most cases were like hers wondering if they should go to ER, or were the visits more for routine things like coughs and colds, or did people just want a prescription. The d.Health panelists included Damian Gilbert, Founder & CEO of TouchCare (@touchcarehealth), Oscar Salazar, Chief Product Officer and Co- Founder of Pager (@getpager), Dr. Ian Tong, Chief Medical Officer of Doctor on Demand (@drondemand), and Dr. Roy Schoenberg, Co-Founder, and CEO of American Well (@americanwell).  (more…)

Theranos denouement: CMS closes lab, fine, 2-year ban on Holmes (breaking)

July 8, 2016 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2016/04/Yak_52__G-CBSS_FLAT_SPIN.jpg” thumb_width=”150″ /]Breaking News. Theranos has been slapped very soundly by the Centers for Medicare & Medicaid Services (CMS) for violations arising from operations at their Newark, California laboratory. The fine is not disclosed. CMS has revoked the lab’s certificate and also prohibits the owners and operators of the lab from operating a lab for at least two years. That means that Elizabeth Holmes, the CEO, her management and anyone immediately involved with the Newark lab is effectively out of a job.

As the Theranos press release was issued well after hours Thursday night US Eastern Time, there’s no mention of the board actually removing her, but that is another shoe that this Editor expects to drop sooner, not later. COO Sunny Balwani was removed in May [TTA 19 May] Who is not tainted who can actually run the company? Is there a capable person in the industry who wants to touch it? As has been revealed, Ms Holmes still controls the company [TTA 27 Apr].

The revocation will be in effect in 60 days, according to the Wall Street Journal*, but the Newark lab has been closed. There is no mention of the Palo Alto lab which was also under scrutiny [TTA 20 Apr].

The details appear to be lifted or nearly lifted from the CMS order, and are quoted directly from the Theranos release: (more…)

AHRQ ‘evidence map’ pinpoints chronic condition telehealth, telemental health (US)

July 6, 2016 | by

The US Government’s Agency for Healthcare Research and Quality (AHRQ) released a final and fairly positive report analyzing telehealth effectiveness. It was a meta-review of 58 systematic research reviews on telehealth. Criteria were that the studies could examine real time or asynchronous telehealth, onsite or at distance, and that the patient interacted with healthcare providers for the purposes of treatment, management, or prevention of disease.

The abstract’s conclusions are positive for remote patient monitoring (RPM) for chronic conditions and for telemental health:

  • Positive outcomes came from the use of telehealth for several chronic conditions and for psychotherapy as part of behavioral health
  • The most consistent benefits were when telehealth was used for communication and counseling, plus remote monitoring in chronic conditions such as cardiovascular and respiratory disease
  • The improvements were in outcomes such as mortality, quality of life and reductions in hospital admissions

POLITICO’s Morning eHealth has additional and most interesting background. The AHRQ was tasked by two Senators, John Thune (R-SD) and Bill Nelson (D-FL) to analyze telehealth for effectiveness through a literature review and “to give a government’s view – not an industry-funded study or a poorly-conducted academic study – on what the technology could do if, for instance, Medicare paid for more of it.” The December draft seemed to be ambiguous on telehealth studies to date, citing uneven quality and the poor definition of telehealth. (more…)

Detecting a serious car crash, summoning help via smartphone (SA)

July 6, 2016 | by

An intriguing application of accelerometry was featured by BBC News this week. South Africa’s CrashDetech claims to be the first in detecting a serious car crash by using the accelerometer sensors in your phone that measure the g-force of an impact. The app automatically then locates the driver and dispatches the nearest ambulance with paramedics who already know the user’s medical history. Of course CrashDetech needs to access your records, but you are one of those with a PHR, right? It’s being deployed first in South Africa, which according to their website is one of the most dangerous countries in which to drive. Even worse than the NY metro area? Which sets our mind once again on wondering whatever happened to smartphone fall detection… Hat tip again to Mike Clark via Twitter.

IoT and the inevitable, looming Big Data Breach

July 6, 2016 | by

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2013/02/gimlet-eye.jpg” thumb_width=”150″ /]The Gimlet Eye returns to once again cast a baleful gaze on All Those Connected Things, or the Plastic Fantastic Inevitable. Those 6.4 million Wi-Fi-connected tea kettles, smart fridge, remotely adjusted pacemakers (and other medical devices) plus home security two way video systems that accost the dodgy door ringer sound just peachy–but how good is their security? Not very, according to the experts quoted in this ZDNet article. It’s those nasty security flaws in IoT which were patched out 10 years ago on PCs that make them incredibly risky to have, as they can vector all sorts of Bad Things into both personal and enterprise networks. Their prediction is that a Connected Device with a big flaw will become molto popular and provide a Target a Hacker Can’t Refuse within two years. Or that some really clever hacker will write ransomware that will shut down millions of Connected Cars’ CPUs or disable the steering and brakes if 40 bitcoins aren’t placed in a brown paper bag and left on the third stool of the pizzeria at 83rd and Third.

Not much has changed since Eye wrote about those darn Internet Thingys last year [TTA 22 Sept 15]. The mystery is of course why these antique flaws are even part of the design. Designers being cheapskates? No consideration of security? (more…)

A weekend potpourri of health tech news: mergers, cyber-ransom, Obama as VC?

July 1, 2016 | by

As we approach what we in these less-than-United States think of as the quarter-mile of the summer (our Independence Day holiday), and while vacations and picnics are top of mind, there’s a lot of news from all over which this Editor will touch on, gently (well, maybe not so gently). Grab that hot dog and soda, and read on….

Split decision probable for US insurer mergers. The Aetna-Humana and Anthem-Cigna mergers will reduce the Big 5 to the Big 3, leading to much controversy on both the Federal and state levels. While state department of insurance opposition cannot scupper the deals, smaller states such as Missouri and the recent split decision from California on Aetna-Humana (the insurance commissioner said no, the managed care department said OK) plus the no on the smaller Anthem-Cigna merger are influential. There’s an already reluctant Department of Justice anti-trust division and a US Senate antitrust subcommittee heavily influenced by a liberal think tank’s (Center for American Progress) report back in March. Divestment may not solve all their problems. Doctors don’t like it. Anthem-Cigna have also had public disagreements concerning their merged future management and governance, but the betting line indicates they will be the sacrificial lamb anyway. Healthcare Dive today,  Healthcare Dive, CT Mirror, WSJ (may be paywalled) Editor’s prediction: an even tougher reimbursement road for most of RPM and other health tech as four companies will be in Musical Chairs-ville for years.

‘thedarkoverlord’ allegedly holding 9.3 million insurance records for cyber-ransom. 750 bitcoins, or about $485,000 is the reputed price in the DeepDotWeb report. Allegedly the names, DOBs and SSNs were lifted from a major insurance company in plain text. This appears to be in addition to 655,000 patient records from healthcare organizations in Georgia and the Midwest for sale for 151 – 607 bitcoins or $100,000 – $395,000. The hacker promises ‘we’re just getting started’ and recommends that these organizations ‘take the offer’. Leave the gun, take the cannoli.  HealthcareITNews  It makes the 4,300 record breach at Massachusetts General via the typical unauthorized access at a third party, once something noteworthy, look like small potatoes in comparison. HealthcareITNews  Further reading on hardening systems by focusing on removing admin rights, whitelisting and endpoint security. HealthcareDataManagement

Should VistA stay or go? It looks like this granddaddy of all EHRs used by the US Veterans Health Administration will be sunsetted around 2018, but even their undersecretary for health and their CIO seem to be ambivalent in last week’s Congressional hearings. According to POLITICO’s Morning eHealth newsletter, “The agency will be sticking with its homegrown software through 2018, at which point the VA will start creating a cloud-based platform that may include VistA elements at its core, an agency spokesman explained.” Supposedly even VA insiders are puzzled as to what that means, and some key Senators are losing patience. VistA covers 365 data centers, 130 separate VistA systems, and 834 custom installations, and is also the core of many foreign government systems and the private Medsphere OpenVista. 6/23 and 6/24

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/01/Overrun-by-Robots1-183×108.jpg” thumb_width=”150″ /]Dr Eric Topol grooves on ‘The Fourth Industrial Revolution’ of robotics and AI. (more…)

Sonde Health using voice as a biomarker for diagnosis

June 30, 2016 | by

Back in 2013, we profiled Max Little of the UK-based Parkinson’s Voice Initiative, who was in the fairly early stages of voice testing and analysis to aid early diagnosis of this disease. By 2015, he had over 17,000 voice samples, was partnering with the Michael J Fox Foundation, and was seeking to develop a non-invasive, quick, accurate test based on acoustic markers. Dr Little is an Oxford University PhD, currently a Wellcome Trust/MIT fellow at the MIT Media Lab. The Voice Initiative has additional support from PatientsLikeMe, Twilio and Aculabcloud.  But also developed at MIT, by Thomas Quatieri’s team at MIT’s Lincoln Laboratory, is a broader platform for voice diagnosis. This has been applied to mental health conditions such as depression, respiratory and cardiovascular conditions, and in pilots for TBI, cognitive impairment and…Parkinson’s. This has been licensed to Sonde Health, which hasn’t much on their website but is out of the Boston-based PureTech R&D/venture firm. The acoustic markers they cite are ‘dynamic changes in pitch and harmonics, articulation timing and hoarseness or breathiness that indicate and requires no analysis of words’. MedCityNews, MedTechBoston

Medtronic’s moves in post-acute cardiac care management, monitoring

June 30, 2016 | by

Medical device giant (and inverted to Dublin) Medtronic announced today the launch of their Beacon Heart Failure Management Service in the US. It combines their implantable cardioverter defibrillator (ICD) or cardiac resynchronization therapy (CRT) devices with post-acute patient monitoring from Medtronic Care Management Services (MCMS). The patients are checked both through their recorded cardiac device diagnostics and what they called ‘branching logic’ questions which collect daily qualitative, biometric and symptom information, plus provide patient education. Care managers then review the data along what they term ‘established clinical pathways’ check for growing risk factors and alert providers if needed.

What is interesting is that the in-home delivery and collection platform or hub is not specified. Medtronic happens to own one of the telehealth pioneers, a company which used to be called Cardiocom–which is now part of Medtronic Care Management Services in their Cardiac and Vascular Group (CVG).

No launch clients/partners are mentioned, save a quote from a cardiologist at The Stern Cardiovascular Foundation in the Memphis TN area. ReleaseFierceMedicalDevices

In other Medtronic news, earlier this week they announced the acquisition of cardiac device company HeartWare for $1.1 billion. HeartWare has developed small implantable (more…)

Tracking ER ‘frequent flyers’ community-wide to coordinate care, reduce readmissions

June 29, 2016 | by

“There are folks who have a life of going from emergency department to emergency department, and that’s how their day is spent,” said Sorrell, an emergency physician and administrator at Sutter Health. “It’s sad and tragic, but that’s what happens.”

Alameda County,  just south of San Francisco, spans both wealth (Berkeley)- and poverty-stricken (Oakland) – parts of California. What it has a lot of as well are ER (ED) ‘frequent flyers’ a/k/a ‘super-users’. Some can’t manage their chronic conditions, while others are looking for a meal, a warm bed, safety or human contact. What is also true is that 1) this is an expensive and largely unnecessary form of medicine and social care, 2) there’s a lot of duplicated resources being utilized which are needed elsewhere and 3) the patients aren’t receiving the right sort of care for a better quality of life.

Since a data sharing program, PreManageED, was implemented on 31 March in four Sutter Health hospitals and two Alameda Health System hospitals, two hospitals found that they shared more than 2,000 patients, with over one-third having 6+ visits to the ER in the past year. But this is more than duplicate procedures, multiple EMS calls and badly coordinated care resulting in Medicare or Medicaid penalties. The Alameda hospitals are also integrating local community clinics and social services organizations into PreManageED so they receive alerts from the hospitals when their patients/clients arrive in the ER. It turns out that many patients are receiving social services from multiple agencies–also duplicated and uncoordinated. There is an example here of a mentally ill patient who visited ERs over 900 times in three years. Over 24 separate people had provided her with medical, emergency and social services–and none of them knew what the other was doing. The Alameda County program is a step to bring these ‘frequent flyers’ down to earth and improve their outcomes. Kaiser Health News