AAMI – Day Three, Continued
Last but not least was Brian Fitzgerald's presentation, “Operating System Updates and Fixes for Computerized Medical Monitoring.” Brian is Deputy Director of the Division of Electrical and Software Engineering at the FDA. He talked about issues revolving around patching software in medical devices, especially patching off the shelf operating system software in response to malicious software. I've written on this topics numerous times before and thought that this issue was mostly behind us, but judging from the comments of some of the attendees of this session, some vendors are still behind the curve on this issue.
Standalone embedded devices are not the problem; networked medical devices are vulnerable to malicious code from the Internet, email, or outside computers that are connected to the hospital's network. Combine network connectivity with a device built on a widely available general purpose computing operating system (i.e., Microsoft) and medical devices can be rendered useless by software viruses and worms.
Device vendors new to the unique requirements of connected medical devices don't have special maintenance procedures defined in their Quality System to deal with networked medical devices. This results in either unreasonably long periods required to release patched software, or an outright refusal to update software until a scheduled software release. In these situations, company representatives sometimes say their inability to provide timely responses are the fault of the FDA.
When a medical device's software is changed that is considered a “design change” per the law and FDA regulations. If a hospital changes the software (by applying a Windows patch, for example) that hospital becomes a medical device remanufacturer, and falls under FDA regulatory oversight. Consequently, hospitals are at the mercy of their vendors for patching software vulnerabilities.
There were lots of questions from the audience about “rights” customers might have to force vendors to fix their virus infected products. The only exposure vendors might have in this situation is the threat of a recall. If a vendor becomes aware of anything that could impact the patient safety, they are obligated to recall that product to ensure that no patients are inadvertently injured. Recalls are expensive, and a customer could do certain things that might force a vendor into a recall.
According to Brian, the best and most practical solution for hospitals is to address all of these issues at the purchase of the device. Once you own it, well, its yours. Buyers cannot force vendors to disclose other complaints they've received, or commit to certain levels of performance – questions about medical device security and device updates have to be asked before the sale.
This problem area also highlights the continued co-mingling of IT and biomed responsibilities. Many hospitals have rules of thumb that say if anything computer-like is FDA regulated it's the responsibility of Biomed, and if not it falls under IT. Brian's point was that these are not yours or mine issues, and must be addressed as partners.
If you'd like more information on this topic go to Important Reference Web Links, under the Resources tab above and scroll down to Medical Device Security. You can also use the Google search box on the left hand column (be sure to click the “This site” button) to find more.
AAMI – Day Three
By now the conference was losing a bit of momentum. I slept in rather than attending the last keynote and scoring a free breakfast. I started the day with “Mobility Architecture: Designing a Mobility Infrastructure” presented by connectologist Dave Hoglund (Johnson Controls) and Milind Parandare (Patni Computer Systems). Their story was, “Guess what? Everything's going wireless, and it's okay.” Dave presented a comprehensive (if scary) overview of wireless technologies that are either coming to hospitals, or already in them. The key to survival will be proper needs assessment, planning, system design, and management – and will have a huge impact on both biomeds and especially IT.
The proliferation of both wireless systems and sources of RF interference require that any wireless system be properly designed, installed, and validated to ensure proper operation. This is regardless of whether the frequency used is “protected” (from intentional sources of interference) or uses an unlicensed band like ISM. Wireless medical devices have been deployed for years on unlicensed bands and proven to be as safe and drop-out free as systems using licensed bands. One of the first vendors to deploy on unlicensed bands was Welch Allyn; GE, Philips and most of the rest of the rest of the industry followed suit. The latest example is Draeger's OneNet, where real time monitoring data and alarms runs on wireless and wired networks with other hospital data (i.e., no “private” network).
Next up was “An Effective Decision Making Process for Selecting and Installing Wireless Technology,” presented by Mark Kotfila and Paul Coss of Philips, and the ubiquitous Rick Hampton of Partners. As a vendor selling proprietary radio technology for their patient monitors and telemetry, I thought Philips did an admirable job of presenting a pretty unbiased view of the problem. They were also up front about Philip's position that medical devices and IT should be on “separate networks.” Given that there are so many considerations in purchasing wireless medical devices beyond the wireless technology, and that all the technologies considered work, I'm not sure that the considered analysis that was presented will be a big factor in purchase decisions. Some interesting things did come out of the discussion.
Rick noted that the status of 1.4 GHz used by wireless utility meter reading systems and WMTS regarding primary, co-primary or secondary user status of the frequency is unclear. The FCC is struggling to clear the ambiguity, but until then, managing and registering your frequencies and evaluating the 1.4 GHz band and its local utilization is up to users. It was noted that licensing of 1.4 GHz for wireless meter reading is growing over time.
Rick noted that almost half of the 608 MHz band at MGH is used up by allowable “side lobe interference” from channel 38.
A great question came from the audience asking about 2.4 GHz usage, and how much is too much; the answer is no one knows. With proper planning, design, and installation combined with advances in technology we may never reach a saturation point in the 2.4 GHz band. As a related benchmark, Cisco recommends no more than 12 devices per access point for networks supporting wireless VoIP phones. Capacity of wireless devices in a given area is a parameter that most hospitals are not considering sufficiently (if at all) in current WLAN installations. One way to increase support of more devices in a given area is to increase your access point density.
After the session there was some discussion of Guidant's use of 900 MHz for their wireless ICD and programer and the known interference with Spectralink phones and Plantronics headsets – Rick emphasized this was not a “probelm” with anyone's product, but simply an RF management issue not unlike other RF management issues that frequently arise. Yor can read more about this here.
The real takeaway from all these RF discussions is that there is no one best wireless band or technology. Everthing depends on the application, environment and what you're trying to accomplish – and this holds true whether you're a hospital or vendor.
AAMI – Day Two, Continued
Well, NIST is behind me and I'm enjoying a middle seat between to guys, neither of whom is a taking up more than their fair share of space. And with only 3 hours to go, it's time to pick up the AAMI conference where we left off.
The last session of the day was “RF Wireless in Healthcare (Part II),” presented by Eric Anderson and Dara McLain both with Philips. If you subscribe to the Biomed Listserv, you should recognize Dara's name from her significant listserv contributions about RF interference. (I got some snaps of her here and here.) It wasn't exactly clear, but I think that Eric and Dara are the RF interference tag team at Philips, with Eric working mostly in the lab and Dara playing Sherlock Holmes at customer sites solving crimes against medical RF applications. Given all the concern expressed in the previous session about interference in the 608 band of WMTS (not to mention the standing room only crowd) I was disappointed to see the sparse attendance for a session that talked about managing RF interference in hospitals.
Eric and Dara impressed the crowd with examples of past interference mysteries using RF spectrum tracings and sample photos. They also shared with the group their favored techniques for sussing out RF interference, and Dara demonstrated her preferred investigative tool, the Amritsu spectrum analyzer (photo here). The greatest source of radiated RF energy comes from known radiators, you know, transmitters and things like that. But, buy far the greatest source of RF interference that causes problems comes from unintentional sources – paper shredders (Rick Hampton's nemesis), hair dryers, florescent light ballasts, and numerous HVAC components.
In particular they talked about the importance of IEC60601-1-2 Ed.2.1 which is an EMC standard. The standard describes a prototypical RF interference scenario and then all the equipment that conforms to the standard has to measure the RF performance relative to the test. The test results allow you to compare the relative performance across different products. They recommended (strongly) that you ask for these results when your hospital buys anything that uses electricity.
While most radiated RF energy comes from intentional sources like transmitters and radios; the greatest source of interference that causes problems comes from unintentional radiators, like defective motors, switches and florescent light ballasts. Best practices include actively managing all the frequencies in use in your hospital, properly maintain all the electrical equipment in use, know and understand device or system susceptibility to interference (by using the IEC standard above), and perform RF site surveys – often. Surveys should be done annually, or when problems ocurr. They also recommend comparing surveys over time for potential problems. Eric closed the session with the sobering observation that, “everything we've seen could have been prevented.”
In the following Q&A, the issue of cell phone interference was raised. (This seems to be a perennial issue on the Biomed Listserv.) Dara and Eric noted that they have found cell phones to be sources of interference in very rare occasions, and then only when the cell phone is placed close to the device. The bottom line was that cell phones are intentional RF radiators that need to be managed like anything else – banning them is a little extreme and not popular with either physicians or visitors.
Another end of session tidbit was the recommended source for keeping up with all these standards that should be part of your vendor selection and system maintenance processes. Eric's suggestion: Complaiance Magazine – sounds like scintillating reading.
AAMI – Day Two
Day two started bright and early with a breakfast talk sponsored by GE Healthcare. The topic that got me out of bed early was the relationship between IT and biomeds. Some time ago I wrote a post about the efforts GE was offering IT training for biomeds – which is pretty cool. The session this morning was about Yadin David's experience holding a number of training sessions at St Lukes in Houston. Actually Yadin has done a lot more than the training to foster a productive working relationship with IT, and ensure that his department was positioned to be able to discharge their responsibilities as new technologies stream into their hospital. A classic contrast of biomeds and IT was presented: biomeds like to be on-site (among clinicians and patients), while IT likes to be on-line (doing everything via computer from their desk). A number of techniques were discussed, along with this GE training session that both biomeds and IT participated in together.
As an aside, after another session, Brian Fitzgerald of the FDA was telling me about a recent regulatory/standards meeting in Frankfurt, Germany. After the meeting they received a VIP tour of the brand new high tech University of Heidelberg Hospital. The entire hospital was designed and built from the ground up for the extensive use of wireless everything. Many of the medical devices are wireless, along with wireless VoIP, handheld computers, anything else you can imagine. As any biomed can imagine, designing and implementing this wireless capability along with building the hospital was an extensive, painstaking process. The hospital's original CIO couldn't take it and left to work outside of health care. In fact, IT was so resistant to the efforts required to assuring patient safety, that they had to move the IT department under clinical engineering. They now have one department called Medical Physics and Information Technology – of course in German it's one word 30 letters long. Draeger supplied the patient monitors, running on OneNet.
I was writing my “AAMI day one” post and unfortunately missed Eric Rosow's presentation on dashboards (nice new website). But I managed to catch “Disseminating Successfully Integrated Data: Who Needs It and How Do They Get It?” The short answer of course is not many, and not easily – but the situation's improving. Johnathan Gaev talked about the schizophrenic nature of medical device connectivity projects, being part biomedical and part IT (there's that theme again). He rightly noted how hard it is to change workflow, especially across organizational silos in hospitals. He also noted that workflow evaluations are more meaningful to clinicians than explanations of features and functionality. Jennifer Jackson presented three examples of connectivity projects at Brigham & Women's – successful but not easy projects. Finally, Todd Cooper talked about the IHE PCD and the work he's leading to bring about improved connectivity between devices and information systems. Salil Balar from Beaumont Services talked about something or other they've done. It sounded very interesting (and I'd like to learn more about it) but he had no presentation, and didn't have much time.
Next it was off to the day's keynote (and free lunch). The speaker was Donna-Bea Tillman, Director, Office of Device Evaluation, Center for Devices and Radiological Health, FDA, who talked about the “Myth of the “Premarket.” Her point was that with the increasing rate of scientific knowledge and technological change, and the resulting product improvements, even released products are in some phase of “premarket” development and approval. She also talked about one of my favorite topics, combination products, and how everyone's still adjusting and learning the most efficient ways to deal with these types of products. She also presented some data: premarket applications have been running between 8,000 and 9,000 per year for the past several years; MDRs and product recalls are both trending up.
Every year at AAMI for the past few years there has been an impassioned debate of the merits of ISM versus WMTS for telemetry. (Here's a post on last year's dust up.) This year broke the trend. However the session after lunch was standing room only and “RF Wireless in Healthcare (Part I)” was the most exciting session of the conference. This was a high powered panel presentaiton emceed by Don Witters (FDA) and including Julius Knapp (FCC), David Whitlinger (Continua Health Alliance), Rick Hampton (Partners), and Jan Wittenberg (Philips). Don mentioned that the FDA's going to be releasing a guidance document this fall on the wireless enablement of medical devices. His cautious statements about wireless medical devices brought Jim Welch out of his chair to note that properly designed, deployed, and managed, wireless can be virtually as reliable as wired connections. Julius Knapp reminded the audience that when the new WMTS bands were designated it was with the understanding that many locales would only be able to use one or two of the three bands (that why they designated three bands). He noted that most vendors implemented 608-614 MHz, and that there are only 5 products approved for use in 1.4 MHz. There was also a great overview of MICS, the band designated for implantable devices. Dave Whitlinger introduced the audience to Continua Health Alliance, a non-profit industry group dedicated to fostering medical device and IT interoperability. Currently, they're targeting unregulated devices and regulated devices for home health – don't be surprised if success in home health quickly migrates into the hospital. Rick Hampton talked about how they've gotten IT and biomeds working together at Partners, and delved into the mysteries of the “hidden node” problem. Rick also shared all his secrets to managing wireless at Partners. Perhaps I can convice him to share some of his secrets here, for the the broader good. Finally Don Witters had his say, noting that EMI has lead to patient death and serious injury in the past. (He also pointed out the FDA man for primary and secondary alarms, whom I'll be bugging mercilessly in the near future.)
When the session wrapped up, the floor was opened for questions. Right out of the chute, someone asked if vendors were going to abandon the 608 band, leaving hospitals with millions recently invested from converting 460 MHz telemetry systems to WMTS. The problem driving this speculation is side lobe interference from digital TV stations 36 and 38. With no adjacent channel interference, the 608 band should support around 240 telemetry channels. If you add a digital TV station on either side, your capacity for telemetry units drops considerably. The sad truth is that most TV markets with have both channels 36 and 38 occupied before analog TV goes away in 2009. This will be a problem.
Well, the next session, “RF Wireless in Healthcare: Part II” will have to wait. I've got another half day of IHE PCD tomorrow and falling asleep in front of your peers is embarrassing…
Pictured right is Draeger's new TeleSmart (not approved by the FDA – not for sale).
IHE PCD Meeting at NIST
Today was the first day of a 4 day meeting of the IHE PCD planning and technical committees. It's been a productive meeting, with lots of work done in preparation of the Connectathon at next year's HIMSS in New Orleans. I can't really say too much about the actual meeting as there is a process for publicizing work product, gathering public comment, and publishing final work. But I do have a couple observations.
Where is everyone? There are major medical device interoperability efforts going on in a number areas, and none of those folks are participating. True, standards don't currently play a significant role in health care clinical information and medical device connectivity. But, standards are coming to health care, and once standards are defined and the industry begins adoption, those who've pursued their own paths will be faced with two options. Option one will be to continue proprietary (or “de facto” alternate standards, if you're lucky) at a cost disadvantage. The other option will be to retool products to bring them into compliance with the standard. The cost disadvantage comes with any proprietary solution – i.e., a non-standard solution.
The following organizations were represented at the meeting: Partners HealthCare, Kaiser Permanente, FDA, Welch Allyn, Philips, Draeger, HIMSS, WHO and AdvaMed. Nary an HIT vendor in sight, nor quite a few medical device vendors. Maybe there were lots of weather delays into Washington D.C.
Unlike much of the previous IHE work in radiology and cardiology, the PCD introduces new complexities. Both radiology and cardiology use cases deal with the diagnostic testing process. The Patient Care Domain contains surveillance and alarm notification, diagnostic activities like arrhythmia event review, and therapy delivery where caregivers or techs must manage the patient and/or a therapeutic device like infusion pumps, vents and dialysis. Whew. Each category has different types of data with different use cases, actors and performance requirements. Another challenge will be to craft profiles that support existing products, but don't lock out potential product innovations like multi-vendor multi-device central station.
Finally, an appeal to provide some input. The PCD has a survey for collecting prioritization data, so let your voice be heard. Responses to the survey will be taken until the end of July.
UPDATE: I should probably mention that NIST stands for the National Institute of Standards and Technology, a part of the Technology Administration in the Department of Commerce. Over 70% of NIST employees are PhDs who run a nuclear reactor, build and burn down buildings, and test all sorts of other things. The plan is for NIST to provide some test fixtures for vendors to use to validate conformance to specs developed by the IHE PCD domain. Sadly, I couldn't finagle a tour while we were there.
