Weekend reading: 1/3 of global healthcare orgs ransomwared, 50%+ mobile privacy problems–BMJ study, med device insecurity

Weekend reading to make you feel insecure, indeed. Healthcare continues to be one of the most vulnerable sectors to hacking, breaches, ransomware. (It likely was one of the top 5 on the list handed to Mr. Putin in Geneva a week ago.) It doesn’t help that many organizations from providers to payers, legacy devices to apps, figuratively have a ‘Welcome Hackers’ neon sign on their doors, virtual and otherwise.

Three articles from the always interesting Healthcare Dive, two by Rebecca Pifer and the third by veteran Greg Slobodkin, will give our Readers a quick and unsettling overview:

  • According to cybersecurity company Sophos in their 16-page report, 2020 was an annus horribilis for healthcare organizations and ransomware, with 34 percent suffering a ransomware attack, 65 percent confirming the attacks encrypted their data, but only 69 percent reported that the encrypted data was restored after the ransom was paid. Costs were upward of $1 million. Their conclusion: assume you will be hit, and at least three backups. Dive 24 June
  • The BMJ found that lax or no privacy policies were a key problem with over half of mobile health apps. 23 percent of user data transmissions occurred on insecure communication protocols and 28.1 percent of apps provided no privacy policies. There’s a lot to unpack in the BMJ study by the Macquarie University (Sydney) team. Our long-time Readers will recall our articles about insecure smartphone apps dating back to 2013 with Charles Lowe’s article here as an example. Dive 16 June
  • Old medical devices, continuing vulnerability that can’t be fixed. Yes, fully functioning and legacy medical devices, often costing beaucoup bucks, are shockingly running on Windows 98 (!), Windows XP, outdated software, and manufacturers’ passwords. It’s hard to believe that Dive is writing about this as it’s been an issue this Editor’s written about since (drumroll) 2013 when TTA picked up on BBC and other reports of ‘murderous defibrillators and pacemakers’. If too far back, try 2015 with Kevin Fu’s and Ponemon’s warnings then to ‘wash their hands’ of these systems even if they’re still working. Chris Gates quoted in the article: “You can’t always bolt-on security after the fact, especially with a legacy piece of equipment — I’ve literally handed checks back to clients and told them there’s no fixing this.” Dive 23 June

What to do?

  • If you are a healthcare organization, think security first. Other organizations in finance and BPO do, locking down to excruciating points. And yes, you’ll have to pay a premium for the best IT security people, up your budgets, and lower your bureaucracy to attract them. Payers are extremely vulnerable with their wealth of PHI and PII, yet tend to skimp here.
  • Consider bringing in all your IT teams to your home country and not offshoring. Much of the hacking occurs overseas where it’s tougher to secure servers and the cloud reliably and fully.
  • Pay for regular and full probes and audits done by outside experts.
  • If you supply a mobile app–design with security and privacy first, from the phone or device to the cloud or server, including data sharing. There are companies that can assist you with this. One example is Blue Cedar, but there are others.
  • If you supply hardware and software for medical devices, think updates, patches, and tracking every bit you sell to make sure your customers do what they need to do. Even if your customer is a past one.

(Side message to NHS Digital–don’t rush your GPDPR upload to the summer holidays. Make it fourth quarter. Your GPs will thank you.)

Suggestions from our Readers wanted! While your Editor has been covering security issues since early days here, she is not an expert, programmer, or developer, nor has stayed at a Holiday Inn Express lately.

Digital health is not here. Or it is. Or it’s still “the future” and we’re waiting for the ship to come in.

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2016/06/long-windy-road.jpg” thumb_width=”150″ /]Another bit of convergence this week and last is the appearance of several articles, closely together, about digital health a/k/a health tech or ‘Dr. Robot’. It seems like that for every pundit, writer, and guru who believes “We’ve Arrived”, there’s some discouraging study or contra-news saying “We’re Nowhere Near The New Jerusalem”. This Editor’s been on the train since 2006 (making her a Pioneer but not as Grizzled as some), and wonders if we will ever Get There. 

Nearing Arrival is the POV of Naomi Fried’s article in Mobihealthnews giving her readers the keys to unlock digital health. “Digital health will be the dominant form of non-acute care.” It has value in chopping through the thicket of the low clinical impact technologies that dominate the current scene (Research2Guidance counted only 325,000 health apps and 3.6bn downloads in 2017). Where the value lies:

  1. Diagnosis and evaluation–devices that generate analyzable data
  2. Virtual patient care–telehealth and remote patient monitoring
  3. Digiceuticals–digital therapeutics delivered via apps
  4. Medication compliance–apps, sensors, games, ingestibles (e.g. Proteus) 

At the Arrival Platform and changing the timetable is machine learning. Already algorithms have grown into artificial neural networks that mimic animal learning behavior. Though the descriptions seem like trial and error, they are fast cycling through cheap, fast cloud computing. Machine learning already can accurately diagnose skin cancer, lung cancer, seizure risk, and in-hospital events like mortality [TTA 14 Feb]. It’s being debated on how to regulate them which according to Editor Charles Lowe will be quite difficult [TTA 25 Oct 17]. Returning to machine learning, its effect on diagnosis, prognosis, and prediction may be seismic. Grab a coffee for The Training Of Dr. Robot: Data Wave Hits Medical Care (Kaiser Health News). Hat tip to EIC Emeritus Steve Hards.

The (necessary?) bucket of Cold Water comes from KQED Science which looked at two studies and more, and deduced that the Future Wasn’t Here. Yet.:

  1. NPJ Digital Medicine’s 15 Jan meta-analysis of 16 remote patient monitoring (RPM) studies using biosensors (from an initial scan of 777) and found little evidence that RPM improves outcomes. The researchers found that many patients are not yet interested in or willing to share RPM data with their physicians. The fact that only 16 randomized controlled trials (RCTs) made the cut is indicative of the lack of maturity (or priority on research) for RPM. 
  2. In JMIR 18 Jan, a systematic review of 23 systematic reviews of 371 studies found that efficacy of mobile health interventions was limited, but there was moderate quality evidence of improvement in asthma patients, attendance rates, and increased smoking abstinence rates. 

Even a cute tabletop socially assistive robot given to COPD patients that increases inhaler medication adherence by 20 points doesn’t seem to cut hospital readmissions. The iRobot Yujin Robot helping patients manage their condition through medication and exercise adherence lets patients admit that they are feeling unwell so that a clinician could check on them either through text or phone and if needed to see their regular doctor. The University of Auckland researchers recommended improvements to the robot, integration to the healthcare system, and comparisons to other remote monitoring technology. JMIR (18 Feb), Mobihealthnews.

As Dr. Robert Wachter of UCSF put it to the KQED reporter, we’re somewhere on the Gartner Hype Cycle past the Peak of Inflated Expectations. But this uneven picture may actually be progress. Perhaps we are moving somewhere between the Slough (ok, Trough) of Disillusionment and the Slope of Enlightment, which is why it’s so confusing?

Get happier, lose weight, be fitter–the efficacy of apps debated in studies present and future pilots

Do they really work to change behavior? Studies for the past seven or so years have debated efficacy; a quick search online will show you a wealth of articles with findings on both sides. We know healthcare-related (consumer behavior and professional apps) are growing like weeds after rain– over 320,000 mobile, wearable, and IoT health apps were available for use in 2017, with 200 added daily (Research2Guidance, IQVIA estimates). But qualitatively, the jury is out.

Three studies published in the last two months come somewhere in the middle.

Obesity and weight loss: A telemedicine-based 12 week study from California State University found that the combination of a secure mobile phone-based platform for data tracking and video conferencing with the research team, plus meeting with the medical doctor once per month, and weekly with a registered dietitian worked to clinical standards, ≥5% of initial body weight loss over six months, for 69 percent of the telemedicine participants (n=13) versus 8 percent in the control group (n=12). Note the substantial hands-on human support each of the 13 participants received. Journal of Telemedicine and Telecare, Clinical Innovation & Technology

Activity monitoring not effective unless users set goals: A 400-person study performed by researchers from the Oregon Health & Science University (OHSU) School of Medicine and their Knight Cardiovascular Institute found that when people used such monitors and apps without a specific goal in mind, their physical activity declined and their heart health did not improve, even if 57 percent thought it did. The subjects, primarily office workers at one site, wore a Basis Peak band for about five months. To gauge heart health, the researchers also tracked multiple indicators of cardiac risk: body mass index, cholesterol, blood pressure and HbA1C. Cardiac risk factors did not change. However, the corresponding author, Luke Burchill MD PhD, told EurekAlert (AAAS) that when paired with specific goals, the trackers could be powerful tools for increasing physical activity. The original study published in the British Journal of Sports Medicine doesn’t go quite that far. 

But it’s great for your morale, especially if you pay for it: A Brigham Young University study published in JMIR MHealth and UHealth (August) confirmed that physical activity app usage in the past 6 months resulted in a change in respondents attitudes, beliefs, perceptions, and motivation. This study’s purpose was to track engagement factors such as likeability, ease of engagement, push prompts, and surprisingly, price–that higher-priced apps had greater potential for behavior change. Possible reasons were that the apps provide additional features or have higher quality programming and functionality. (And user investment?)

One growing area for apps is mental health, where the metrics are solidly behavioral and the condition is chronic. The UK’s National Institute for Health and Care Excellence (NICE) has moved forward in favor of piloting them with NHS England. The latest is one from Germany, Deprexis, that uses texts, emails, questionnaires, and cognitive behavioral therapy to give feedback to users. It also has tools to relax users through audio and visual programs. NICE recommends therapist guidance for the trial. According to Digital Health News, NICE is recommending it should be trialed for up to two years in at least two of the specialist services that were set up to improve access to psychological therapies. Again, cost is a factor in rolling out but others are access to care and freeing up therapist time. The organization also plans to review up to 14 digital programs to treat anxiety and depression over the next three years.

Hat tip to Toni Bunting for much of the above

For further reference: The 2017 R2G mHealth App Developer Economics 2017 study has been released and is available for free download here. The 2017 study surveyed 2,400 mHealth developers and practitioners. (Disclosure: TTA was a media sponsor for the study.)

Want to know effectiveness of telehealth, interoperability? NQF reports take their measure.

There’s been an increase in doubt about the efficacy of telemedicine (virtual visits) and telehealth (vital signs monitoring) as a result of the publication of two recent long-term studies, one conducted by the University of Wisconsin and the other by CCHSC for Telemonitoring NI [TTA 13 Sep]. These follow studies that were directionally positive, and in a few cases like the VA studies conducted by Adam Darkins, very much so, but mostly flawed or incomplete (low N, short term, differing metrics). What’s missing is a framework for assessing the results of both. In an exceptionally well-timed announcement, the National Quality Forum (NQF) announced their development of a framework for assessing the quality and impact of telehealth services. 

In a wonder of clarity, the NQF defines telehealth’s scope as telemedicine (live patient-provider video), store-and-forward (e.g. radiology), remote patient monitoring (telehealth), and mobile health (smartphone apps). Measurement covers four categories: patients’ access to care, financial impact to patients and their care team, patient and clinician experience, and effectiveness of clinical and operational systems. Within these categories, NQF identified six areas as having the highest priority for measurement: travel, timeliness of care, actionable information, added value of telehealth to provide evidence-based practices, patient empowerment, and care coordination. Finally, the developing committee identified 16 measures that can be used to measure telehealth quality.

The NQF also issued a similar framework for interoperability, a bête noire that has led many a clinician and developer to the consumption of adult beverages. Again there are four categories: the exchange of electronic health information, its usability, its application, and its impact—on patient safety, costs, productivity, care coordination, processes and outcomes, and patients’ and caregivers’ experience and engagement. And it kept the committee very busy indeed with, from the release, “53 ideas for measures that would be useful in the short term (0-3 years), in the mid-term (3-5 years) and in the long-term (5+ years). It also identified 36 existing measures that serve as representative examples of these measure ideas (sic) and how they could be affected by interoperability.”

Both reports were commissioned and funded a year ago by the US Health & Human Services Department (HHS). We will see if these frameworks are extensively used by researchers.

NQF release, Creating a Framework-Telehealth (download link), Creating a Framework-Interoperability (download link), Mobihealthnews 

eTELEMED/MATH 2017: call for contributions deadline extended

19-23 March 2017,  Nice, France

eTELEMED, the Ninth International Conference on eHealth, Telemedicine, and Social Medicine, and the co-located MATH (Mobile and Assistive Technology for Healthcare), are both calling for submissions of original scientific results. These contributions and presentations can take any one of these forms:

Contributions:
– regular papers [in the proceedings, digital library] – short papers (work in progress) [in the proceedings, digital library] – ideas: two pages [in the proceedings, digital library] – extended abstracts: two pages [in the proceedings, digital library] – posters: two pages [in the proceedings, digital library] – posters: slide only [slide-deck posted at www.iaria.org] – presentations: slide only [slide-deck posted at www.iaria.org] – demos: two pages [posted at www.iaria.org] – doctoral forum submissions: [in the proceedings, digital library]

Proposals for:
– mini symposia: see http://www.iaria.org/symposium.html
– workshops: see http://www.iaria.org/workshop.html
– tutorials: [slide-deck posed on www.iaria.org] – panels: [slide-deck posed on www.iaria.org]

Submission deadline is 19 November. The general information pages have more information on the conference tracks and topics. Links:  eTELEMED: General information, submission page; MATH: General information, submission page

Does current digital health meet baby boomers needs and wants?

The answer, according to health tech industry analyst Laurie Orlov (Aging in Place Tech Watch, Boomer Health Tech Watch) is…not really. Despite its massive size (76 million in the US), spending power (by 2017, 70 percent of US disposable income), breadth (1946-64) and need (despite living longer, by 2030 37 million will be managing more than one chronic condition), most health apps, especially fitness apps, don’t resonate with boomers despite over 50 percent having smartphones. The reasons are many–they’re complicated, often hard to follow, view, and abandonment across all ages is still high. Even among Fitbit purchasers, abandonment is fully one-half. As income decreases, smartphone access also becomes a cuttable budget item. Much more in this paper published by the California Healthcare Foundation.

No future for mHealth as m-health

There is, but not what was envisioned five to six years ago. If you still think of mHealth as a subset of ‘health’ and defined by its devices as a separate strategy or ‘revolution’, it’s time to check your glasses’ prescription. Thus an article like this published in HIMSS Media’s mHealthNews that focuses on mobile devices starts off feeling antique (as in 2008-9) in its emphasis on video and direct to consumer apps and problems thereof–then fast forwards to This Modern World: the Graettinger-esque dissonance of data insecurity, the entry into the City of Glass of integration–multiple platforms, data sets and apps/tools into personalized, proactive care and clinical decision support.

At MedCity News, the snark prevails in coverage of a World Congress Boston mHealth + Telehealth World conference where participants seemed to treat mHealth as m-health–chattering on about smartphones and tablets as devices not delivery vehicles, (more…)

An important intervention on mHealth from the EU Data Protection Supervisor

At the end of last week, the EU Data Protection Supervisor (EDPS) published an excellent document entitled Mobile Health – Reconciling technological innovation with data protection. To quote the press release:

Failure to deploy data protection safeguards will result in a critical loss of individual trust, leading to fewer opportunities for public authorities and businesses, hampering the development of the health market. To foster confidence, future policies need to encourage more accountability of service providers and their associates; place respect for the choices of individuals at their core; end the indiscriminate collection of personal information and any possible discriminatory profiling; encourage privacy by design and privacy settings by default; and enhance the security of the technologies used.

The document itself contains much of interest. To this editor, who has heard many people poo-poo the importance of wellbeing data, it was good to see:

Lifestyle and well-being data will, in general, be considered health data, when they are processed in a medical context (e.g. the app is used upon advice of a patient’s doctor) or where information regarding an individual’s health may reasonably be inferred from the data (in itself, or combined with other information), especially when the purpose of the application is to monitor the health or well-being of the individual (whether in a medical context or otherwise). (Page 5)

As someone who gets concerned at turning people off sharing their health data, it was nice to see the recognition that: (more…)

Global HIT, digital health VC funding falls 35% in 1st Q 2015: Mercom Capital

Mercom Capital Group, a research and communications group, tracks global VC funding, mergers and acquisitions in the digital health area and notes a distinct slowing of activity, except for mobile health. They tracked $784 million in 142 deals in Q1 2015 compared to $1.2 billion in 134 deals in Q4 2014. Leading are consumer health companies with $437 million in 98 deals, then healthcare practice-centric companies, with $347 million in 44 deals–both dropping over $200 million each versus the previous quarter. Mobile health companies had $282 million in 56 deals; app companies accounted for $220 million. In transactions, mobile health led with $578 million, with UnderArmour’s acquisitions of MyFitnessPal and Endomondo. Since 2010, digital health companies have raised almost $10 billion. Mercom Capital release (the full study will run about $300-500). mHealthIntelligence notes that M&A activity is steadily rising in the healthcare sector. Also iHealthBeat.

Moving past the hype on mobile, wearables for consumer health

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2012/12/crystal-ball.jpg” thumb_width=”150″ /]Directionally positive, but still quite developmental in reality. The gold rush not quite begun.

In the past week or two, this Editor has been working her way through a stack of surveys and journal-published research, all heavily promoting the greater interest in and usage of consumer mobile health. Here we have Monique Levy of the well-regarded Manhattan Research finding in their surveys (via Mobihealthnews):

  • 86 percent of the general population is online for health
    • Half of those use mobile
    • Two-thirds use social media to seek health information
    • One-third communicate digitally with doctors
    • Three-quarters interact with online pharma resources
    • About 20 percent of patients say that mobile is essential for managing their care–increasing to 32 percent of people with diabetes, 39 percent for people with MS

Before the D3H (Digital Health Hypester Horde) crowd vaults over the moon, however, Ms Levy states that “What people mostly do on their smartphone is look for information.” She recommends optimizing websites (in this context, primarily pharma) for mobile search, and apps should address “real customer pain points or niche needs”, not just a cool tracking app.

Yes, but the D3H point out the fifth annual ‘Pulse of Online Health’ by Makovsky Health (healthcare PR agency) and Kelton (research), a survey of over 1,000 adults, headlining that almost two-thirds (66 percent)of Americans would use a mobile app to manage health-related issues, (more…)

Concise analysis of mHealth regulatory environment (US)

If you–like most rational people–have some confusion in deciphering the current FDA state of affairs as it applies to mHealth, this summary from major law firm Foley & Lardner will be helpful. Written by special counsel for healthcare/mobile health Monica R. Chmielewski, it defines in few words FDA’s classifications, which mHealth technologies are, and which are not, subject to FDA oversight. In particular, MDDS (medical device data systems) were recently downgraded from Class III (the greatest oversight with pre-market approval) to Class I. FDA has also recently finalized recommendations in a guidance document for medical device manufactures for managing cybersecurity risks. mHealth Technology – Development in an Uncertain Regulatory Climate (Health Care Law Today)

Australia’s med device ‘Fast Track’ changes–webinar

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/11/Australia-flag.jpg” thumb_width=”150″ /]For over a decade, the Australian Therapeutic Goods Administration (TGA) has had a ‘fast track’ expedited review program in place for medical device importers–including mobile health–with existing CE Marks. Now this program, after a long campaign, will be extended to Australian manufacturers–and there are other changes. Arthur Brandwood, who spearheaded this effort, will be conducting a free webinar on Tuesday 18 November, noon Eastern Time (US). It will cover Australia’s aggressive deregulatory agenda, their tax incentive (43.5 percent for R&D expenditure), the simple process for regulation of clinical trials and TGA’s web based submission process for device approvals. (more…)

Life expectancy up, but so is death from falls (US)

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2013/02/gimlet-eye.jpg” thumb_width=”175″ /]The Gimlet Eye falls outside the box, and is writing this from recovery. Our companion in curmudgeonliness, Laurie Orlov, whacks us upside the head with first the good news then the bad. US life expectancy is up: if you are 65 today, on average you will live to 83 (men) and 86 (women), even with the rise in chronic conditions that affect quality of life, such as diabetes and heart disease. But the bad is that death from falls is also up. This is despite all the systems and gizmos the Digital Health Industry has concocted to detect falls beyond 1970s PERS technology. Once upon a rose-colored Telecare Time we thought we could infer falls purely by sensors detecting lack of activity (the basis of QuietCare, GrandCare, Healthsense, the late WellAWARE). Then with accelerometers, fall detection would be automatic, (more…)

Tons of app health data, bound for…third parties?

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2013/04/obey_1984.jpg” thumb_width=”150″ /] The law of unintended consequences also applies to Quantified Selfers. Health apps seem to be reaching beyond the QS early adopters and becoming a commonplace, whether on your wrist or built into your smartphone. Apple, Google, IBM and Samsung are all in.The DH3 set (Digital Health Hypester Horde) could not be more pleased. But where is that data going? According to the US Federal Trade Commission (FTC), it’s ending up where your online data goes–profitably sold by developers large and small to your friendly data broker and onward to marketers. You may think it’s private, but it isn’t. There is the famous case of an Target (store) app used to determine whether female customers were pregnant (purchases such as pregnancy tests) and then market related and baby products to them. Commissioner Julie Brill doesn’t like the possibility that health data could be part of the Spooky Monster Mash that is Big Data. “We don’t know where that information ultimately goes,” Brill told a recent Association for Competitive Technology panel. “It makes consumers uncomfortable.” (Ahem!) From the consumer protection standpoint, the FTC would like to do something about it, and they happen to be very good at that type of regulation. Compliance will not only be an added cost of doing business, it will cut into that ol’ business plan. And you thought that the only problem around apps and the Feds was gauging risk to users. Do you have that creepy ‘Big Brother is Watching You’ feeling?  Health IT Outcomes, FierceMobileHealthcare, VentureBeat.

The King’s Fund: International Digital Health and Care Congress

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/07/Q75-digital-health-dot-mailer-banner-e1405212554733.jpg” thumb_width=”450″ /]

10–12 September 2014 at The King’s Fund, London W1G 0AN

 

This three-day event at The King’s Fund, now in its fourth year, is a truly international Congress in attendance and speakers. It will showcase new ideas, new research and new innovations in digital health, mobile health, telehealth and telecare around these five topics.

  • Sustaining independence as people age
  • Preventing and managing chronic illness effectively
  • Supporting people with mental health issues
  • Digitally enabling service transformation
  • Innovations in technology

Wednesday’s pre-Congress session begins with lunch, a full day on Thursday concluding with an (optional) dinner and a full Friday. Our own Editor Charles Lowe will be presenting on medical apps during the 11:30 breakout session (the T2F section) at 11:30am Thursday. See here for detailed information on the Congress sessions. PDF summary including keynote speakers.

As TTA is a media sponsor of the Congress, we are pleased to offer our readers a 10 percent discount off pricing for all their registration types, including the Thursday dinner. Click here to automatically obtain the discount.