USB Drive Security Tools
I noted the other day that fellow blogger Shahid Shah, The Healthcare IT Guy, had a post on a free scanner for detecting the use of USB drives on your network. The tool he mentions is called Endpoint Scan, and has some very powerful features – be sure to read his post (you can see a sample report here).
Today I came across some additional info on USB drive security, a white paper and webinar here.
A potential problem with medical devices is they probably won't be on either your enterprise network or a private network – otherwise, why would you need to sneaker-net a USB drive around? Without a network to “deliver” the scanning tool, you have no means to monitor USB usage. The security tools above are more interested in the unauthorized slurping of data off the corporate network. But, as I've mentioned before, there is also the risk of USB drives introducing malicious code into poorly locked down medical devices or PCs.
I wonder what The Healthcare Guy would suggest for this? Pictured right is the teddy bear USB drive.
New Hospital Has Variable Acuity Patient Rooms
Reader Geoff T. sent this link to a story in Healthcare Design magazine on a new heart hospital at Ohio State University Medical Center. While I have mixed feelings about specialised hospitals, I was encouraged by the broad adoption of variable acuity units. For this crew, building a new hospital just like the old hospital was not an option.
Simply building a new facility would not be enough, the team realized—a change in care processes would have to accompany the changes in building structure and unit/facility design. In line with this, the traditional multiple-transfer setting—where patients were transported to different units based on the severity of their illnesses—was eliminated in favor of the acuity-adaptable/universal bed healthcare delivery concept. In this model, the required level of care is brought to patients while they remain in one room throughout their entire hospitalization.
The jargon related to this care delivery model is varied and not well defined. Terms include “flexible monitoring,” “acuity adaptable,” “variable acuity,” and (my least favorite) “universal beds.” Unlike the other terms, “universal beds” implies the ability to scale patient acuity all the way up to a full fledged ICU room. The cost to supply power, gases, suction and other infrastructure to a room for the small slice of time it will support ICU level care is considerable – and of course creating rooms like this is only practical with new construction. The rooms described in this story are in fact universal beds that can flex to provide ICU level care.
The rationale for choosing this care delivery model over conventional nursing units divided along patient acuity levels is described below:
As noted, a key attribute of the UB [universal bed] care delivery model is the elimination of multiple patient transfers to various levels of care. An acuity-adaptable room significantly reduces such inefficiencies; it also enhances patient safety, since the level of care changes rather than the patient’s location. In the typical setting, a patient transfer from an intensive care setting to a telemetry floor generally involves seven to nine staff members from various clinical and ancillary areas; it costs about $500 and takes an average of almost four hours. With this large number of staff involved, the potential for miscommunication is high and can result in medical errors. Reducing or eliminating transfers significantly decreases the potential for medication errors, lost belongings, and patient confusion or unease.In addition, the RHH [Ross Heart Hospital] was designed to minimize time spent on transfers from procedural areas to patient rooms. The procedural areas are located on the same floor as the corresponding patient care area, creating mostly horizontal connections rather than elevator transports, thus saving time and reducing the costs associated with procedure-to-recovery transfers (figure 4).
The universal rooms were also strategically designed to minimize transfers required for diagnostic tests. Rooms are large and private, and room-darkening window shades allow the performance of portable tests on the patient floors. A large number of echocardiograms and chest x-rays are now being done at bedside with the goal of increasing the portability of noninvasive testing modalities.
An overlooked cost of patient transfers is the resulting addition of one day to the patient’s length of stay. Reduced transfers can translate into a significant reduction in a hospitals average length of stay (ALOS), free up capacity and minimizing the need to fill open RN staff positions.
The good news about variable acuity units is that you don’t have to build a new hospital to implement and benefit from this care delivery model. Implementing variable acuity support that includes patient monitoring and ventilators – and provides a level of care just short of the ICU – requires the right medical devices, a wireless infrastructure to support those devices, new policies and procedures in each unit to accommodate higher acuity care (like titrating drugs), and training for your nursing staff. The costs are much lower as soon as you forgo flexing all the way up to ICU levels, but implementation issues are the same:
Using the UB care-delivery model does not mean that any nurse can care for any cardiac patient. Nurses, like physicians, tend to practice in a specialty they enjoy. Nursing staff specializing in a certain clinical area are generally able to provide more efficient, higher-quality care and are able to troubleshoot more rapidly because of their expert knowledge in that specialty.At RHH, like patients are aggregated on each of the three 30-bed patient care floors. One floor supports medical cardiology and vascular patients, another cares for cardiac surgery patients, and the third provides care for cardiac cath lab/electrophysiology patients. Recovering outpatient cardiac cath lab patients are intermingled with the inpatient population because their recover processes are clinically similar. Thus, instead of recovering in a busy, hectic, and crowded bay within a procedural recovery area, cardiac cath lab patients are able to enjoy the comforts of a universal room—a private room that can accommodate family members while offerin a quiet, healing environment.
Another wrinkle in supporting variable acuity units is the need for surveillance and alarm notification. Conventional central stations, war rooms, remote annunciators, hallway lights, and message panels are problematic. The big issues are cost versus alarm fatigue, and the various ways safe and cost effective care can be provided. Another issue is the physical layout of the unit. The Ross Heart Hospital adopted another innovation, decentralized nursing units.
RHH elected to place nursing documentation stations—with access to electronic patient information, supplies, and medications—in the patient rooms themselves (figure 5). Surveys maintain that nurses often work from memory when patient records are not easily available, thus increasing the chance for medical error. The decentralized stationsensure that staff use the patients’ records with every care activity and eliminate the chaos and noise associated with a central nursing station.This practice has been proven to reduce patient stress levels and facilitate healing. RHH patients state that although the unit is quite large, it is reasonably free of noise. Moreover, OSUMC believes that decentralized nursing documentation
Decentralized nursing units have many advantages, but one of the problems is that current patient monitoring systems are ill suited for this type of layout. Placing multiple central stations at each decentralized unit takes up a lot of space and is prohibitively expensive. There is one vendor who has announced a solution to the problem, but in general, hospitals will have to demand new products that better fit this rapidly growing approach to nursing units.
Here’s a thought experiment for you. Look at your ADT data and figure out your average transfers per admission. Cut those transfers by 80% and apply a one day LOS per reduced transfer. Would the “change pain” of implementing variable acuity units impact your hospital? Perhaps off-load all those inappropriate admissions in your critical care areas and telemetry? Reduce the time spend in diversion? Do you have (or can you generate) demand for those new patient days? How much would that increase your revenue?
If you’d like some help with answering these questions, and perhaps taking the variable acuity plunge, let me know. Pictured right is the high acuity configuration of the new Ross Heart Hospital’s acuity adaptable rooms.
Are Discharge Systems the Next Patient Flow Application
Doing a good job of getting patients discharged is key to good patient flow. There are many reasons why patients may not get discharged as soon as they could. Attending physicians at many hospitals don’t seem to get around to writing discharge orders until late afternoon or early evening of the day of discharge. Patients sometimes have a hard time getting a ride home. For patients who can’t be discharged to home, finding a SNF (skilled nursing facility) or nursing home that can take the patient can delay discharge.
The need to automate discharge workflows is self evident, with vendors and academics focusing on this area. The key is to replace phone tag and a flurry of faxing with an application that spans multiple health care enterprises.
“Before we actually looked at a variety of systems, we were making our referrals to skilled-care facilities and nursing homes by phone,” said Dee Mann Aust, director of care coordination for Swedish Medical Center in Seattle, which operates three acute-care hospitals and a free-standing emergency-care facility.”It was not efficient,” Aust said. “The facility or agency couldn’t see a lot clinically about the patient and it was not standard in any way.
We get a lot of patients from Alaska who come here for specialty surgery. They may not have a lot of needs; they just want a local place for their care.”
Under the old paper-based system, “Let’s say a family picked a geographical area; we’d have to call three nursing homes in the area and give them the (patient) information and see if they could handle the patient,” Aust said. “You’d spend five or 10 minutes on the phone for each one. That was just the initial referral.”
To address the problem, Aust said Swedish implemented in March 2006 a discharge planning system from ECIN, a developer of a suite of Web-based applications to assist hospitals in discharge planning and care management. Formerly Extended Care Information Network, the company claims installations at more than 300 hospitals and, as subscribers to its Web-based communications service, about 4,200 nursing homes, home health agencies and other long-term-care facilities, according to Charlie Jolie, an ECIN spokesman. In addition, the company maintains an online database of more than 80,000 providers of extended-care services.
The ECIN communication service provides a two-way link between the hospitals and subscribing care facilities. Hospitals typically recruit their local nursing homes to join them on the ECIN network, Jolie said.
The system works well facilitating routine placements and shines when it comes to hard-to-place patients with multiple conditions.
“We know we have some patients who are tough to place, and certainly it’s very efficient to create one referral and to send it out to
multiple facilities,” Aust said. “We have one patient this week we sent out (referral requests) to 35 nursing homes, and three said they want to look into more information for that patient. So you can do searches within ECIN and their provider database to search if someone has an Alzheimer’s unit. That’s a big time-saver. You’re not depending on what was in last year’s entry in a guide. It’s more up to date.”
In addition to the solution from ECIN, this E-Health Insider story describes what they’re doing in the UK. And here’s a paper from last year about automating communications between inpatient and outpatient physicians.
Samsung UbiCell Provides Indoor Coverage
Samsung has a new product called the UbiCell that connects to 10/100 Ethernet and broadcasts WCDMA/HSDPA. It seems that Samsung also has a CDMA version. You connect from your cell phone to your carrier via the UbiCell and an Internet connection. Samsung is negotiated with carriers to offer their service over Samsugn's device. It is not surprising to see products like this in response to new cell phones that roam on WiFi networks when cellular in-building coverage is poor or nonexistent.
USB Drives Pose Security Threat
The Universal Serial Bus (USB) as rapidly replacing RS-232 connections on medical devices. As more device vendors adopt general purpose operating systems like Windows CE, it becomes very easy to leverage USB for connectivity.
When faced with complex connectivity requirements, it is very tempting to just push those requirements off on the user by providing a USB port and thumb drive. Besides the fact that reading and writing data to a USB drive only just barely qualifies as “connectivity” (resulting in manual error-prone workflows),USB drives pose a substantial security threat. Standard USB drives have no built in security.
Anyone can bring a widely available USB drive to a device and download or upload data. Also there is no way to tell if the USB has executable code that will push a Trojan horse or other malicious code onto the target device. This is especially worrisome if your device is running a general purpose operating system like Windows – but even Linux would not be immune to this.
All of this came to mind after reading this brief paper by Adam Wright and Dean Sittig, both of OHSU, in the current issue of Annals of Internal Medicine. Their paper describes the security threats posed by USB drive based personal health records. If you don't have a subscription, you can read the PDF file here.
We modified the programs on the devices so that, when connected to a computer, they gave the appearance of normal operation but surreptitiously searched for and copied data from the computer to a hidden location on the USB device.
USB drives have become so ubiquitous that there are now many novelty drives such as the shuumai (a steamed wasabi pork dumpling) pictured right.
Philips Shows Wireless 802.11a/g IntelliVue Infrastructure
Reader Kyle slipped me this URL today, proclaiming 802.11a/g support for Philips patient monitors. Telemetry is not included – you'll still have to buy proprietary WMTS access points that only work with their telemetry monitors. The radios are packaged as “adapters” that fit in the patient monitor enclosures and, “operate wirelessly on the Philips IntelliVue 802.11 a/g infrastructure.”
Determining exactly what an “IntelliVue 802.11 a/g infrstructure” is will be one of my goals of HIMSS07. Further explanation is offered lower on the page:
The IntelliVue
802.11 Infrastructure is part of the IntelliVue Clinical Network which
is designed specifically to manage the flow of time-critical patient
monitoring data. Physical or logical isolation protects the entire
wired/wireless clinical network from many of the day-today hazards of
business networks, including viruses and transmission delays.
At the same time, the IntelliVue Clinical Network can maintain a
controlled connection with the hospital LAN so that valuable patient
information, such as lab results or PACS still images, can be delivered
to the bedside monitor or central station without disrupting the flow
of physiologic data or alarms.
That sounds like a private network with a dedicated infrastructure – geez, you might as well run everything on WMTS (which you'll have to for telemetry) for all those caveats. From their reference to “time-critical patient monitoring data” they must be running some non-TCP/IP time determinant variation of Ethernet/802.11, but I'll bet they're not.
The infrastructure supports IntelliVue monitors down to the M20 (pictured right). This leaves lower acuity monitors (you know, the one's that move around the most) like the M5, VM series, and new VS3 vital signs monitor out of luck. I'm sure there's more to this story…
