Medical Device Software Patch Problems in Decline
Paul Kelly on the Biomed Listserv pointed out this article in NetworkWorld on medical device software patches.
provide timely patches because the U.S. regulatory body in charge of
medical-device safety, the Food and Drug Administration (FDA), had to
approve the software fixes first in a lengthy inspection process.
But inquiries last year to the FDA division in charge, the Center
for Devices and Radiological Health, revealed that the FDA had no such
rules. This shattered a myth that had been at best a misunderstanding
and at worst a deceit.
Since
then, much of the change in the dialogue among manufacturers and
hospital IT staff can be attributed to FDA guidance. The agency has
made clear it isn't opposed on principle to customers patching medical
devices.
“There is no FDA legal requirement that would prevent the user from
installing patches without prior approval from the device
manufacturer,” says John Murray, the FDA's software and
electronic-records compliance expert.
In
its “Guidance for Industry: Cybersecurity for Networked Medical Devices
Containing Off-the-Shelf Software,” the FDA told manufacturers that
they “bear the responsibility for the continued safe and effective
performance of the medical device, including the performance of the
off-the-shelf software that is part of the device.”
The article also provides links (also found in Important Reference Web Links on this site) to some important medical device security resources:
- The FDA's “Guidance for Industry: Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software“
- The HIMSS web page for the Medical Device Security Workgroup
- The Veteran's Administration “Medical Device Isolation Architecture Guide” (pdf)
- NEMA's “Patching Off-the-Shelf Software Used in Medical Information Systems” (pdf)
VCs Ready to Fund Home Patient Monitoring Business Plan
The Healthcare IT Guy, Shahid Shah, has an interesting post on a story in Business 2.0 magazine.
In this story, the writer interviewed a variety of venture capitalists
about, “business ideas they're dying to bankroll.” The business
idea that caught Shahid's attention was the one on home patient
monitoring network for recuperating hospital patients (for which the VC
is willing to throw in $8 million).
patients, not hospitals, and not insurance companies paying bills that
can exceed $5,000 a day. For the critically ill, there's no way around
lengthy visits. But thousands of other patients could be sent home
early if they could be monitored at home or at a lower-cost facility.
Badawi and Aslin envision a wireless transmitter that would attach to
existing hardware such as portable ECG machines and heart-rate and
blood-pressure monitors. The device would send data through a wireless
router to a cluster of back-office servers. The servers would function
like a call center, routing a patient's vital signs to the right
nursing station or on-call physician. Trimming just two days off the
typical 10-day hospital stay for stroke victims would be a service
worth $2.7 billion.
Any patient that is sucking up $5,000 per day in charges is probably
too acute to be a candidate for early discharge and home monitoring.
Typical high volume and high cost DRGs have a median cost per day
of between $1,000-$1,500. Regardless, shaving as little as a quarter of
a day length of stay (LOS) can significantly impact costs and
productivity. The benefits accrue more directly to hospitals than
payors, but everyone wins.
According to AHRQ's H-CUPnet database (listed on my Important Reference Web Links),
the mean LOS for DRG 14, intracranial hemorrage and stroke with
infarct, is 5.7 days rather than 10 days. The “national bill” for this
DRG is pretty high, running $9,076,618,004
in 2003 (the most current data available). The typical charge for
patients with this DRG is $22,940. Most of these patients are admitted
through the emergency department (79.96%), and 11.34% result in
in-hospital deaths. This is a clinically acute group of patients.
There are already remote monitoring products for low acuity patients (more here),
and the niche these VCs seem to be targeting are more acute patients
that could be discharged earlier if they could receive appropriate
therapy and surveillance remotely. The examples in the VC's scenario above include ECG (this implies
arrhythmia monitoring), heart rate and blood pressure – these are life
threatening alarms.
The very barriers to such a product offering as described above is what
make this an untapped market. The biggest challenge is developing
clinical criteria for qualifying patients for early discharge with
monitoring. If they're too acute, responding to life threatening alarms
from patients at home is too dangerous; if they're not acute enough,
current remote monitoring products will work just find. If this grey
area can be made black and white, and if it results in a sufficiently large
population of patients, we meet our next challenge: the FDA. A product
like this will require a ground breaking regulatory strategy and FDA
buy-in up front. The final big challenge is reimbursement. Usually the
market waits for Medicare to agree to reimburse for a new technology or procedure before everyone stampedes to
market with products. Gaining individual payor buy-in is a less frequently
used strategy.
Technology is not a gating factor in this prospective business plan;
everything needed, from the patient connected device, to client/server
applications and devices for clinicians either exists or can be readily
assembled. The Triage Wireless
non invasive blood pressure sensor pictured at right is a good example
of available technology. Of course, which technologies are selected and
various make
or buy decisions would be critical.
All in all, a very interesting scenario, eh? If anyone wants some help with the business plan, let me know.
Grand Rounds 2:10 is Up!
Graham at Over My Med Body is hosting this weeks Grand Rounds.
The theme of course is Thanksgiving. Be sure to check out this weeks
installment – Graham's blog is exceptionally well designed (or at least
I think so) and worth the look just on that basis.
IntelliDOT Wins Novation Contract for Point of Care System
IntelliDOT Corporation, a meds administration and workflow automation vendor, today announced that the company
has signed a three-year agreement with Novation, the supply company of
VHA Inc. and the University HealthSystem Consortium. Under terms of the
agreement, IntelliDOT will provide discounts on its handheld bedside
scanning technology, the CAREt(TM) System, to the health care alliances'
member hospitals.
Automated meds administration systems are standing at less than 3%
adoption in the US. Hopefully, this Novation contract with help
increase the adoption of technology that research has proven can help
improve patient safety. The IntelliDOT system is based on a unique
wireless handheld device (802.11b radio) that incorporates a 4 line
text display and bar code reader. The system supports meds
administration, view work lists and clinical reminders, send messages
for in-room services and to other nurses, and other applications. It
looks like this system could be integrated with patient flow
optimization software to manage bed turnover by tracking patient and
room status.
Homeless Patient Discharge Planning
The LA Times publishes a story
that Los Angeles area hospitals regularly sends homeless patients by
taxi to skid row when there is nowhere else to discharge them.
West Los Angeles and Martin Luther King Jr./Drew Medical Center said
the practice is necessary because skid row is the only place in
Southern California with a concentration of social services for the
patients, including homeless shelters and drug and alcohol programs.
Los Angeles Police Department officials agreed that the hospitals have
few other options. But they said the practice worsens the already grim
conditions on skid row. They also disputed the hospitals' contention
that the patients taken to skid row are always ready for release.
The hospitals are the first agencies to acknowledge a practice of
routinely delivering their wards to skid row. They did so after being
named in a report by the LAPD that accused the three hospitals and
several suburban law enforcement agencies of leaving homeless people
and criminals in downtown. The suburban police departments have denied
the accusation.
The new disclosures come at a time of heightened public debate
about the practice of “dumping” indigent people in the heart of
downtown Los Angeles. Earlier this week, city and state officials
pledged a new attack on the area's persistent problems, beginning with
a crackdown on rampant drug dealing, which police say generates roughly
one-fifth of the city's drug arrests.
Workers at skid row social service agencies this week said several
other hospitals discharge patients in the area. Those reports could not
be confirmed.
This is a sad problem, with no easy solution (including single payer health care).
[Hat tip FierceHealthcare]
