For Healthcare Cybersecurity the Whole is Weaker Than the Sum of the Parts


flying cadeuciiBefore addressing the special attractions and vulnerabilities of healthcare data and software, a little background on cybersecurity of complex systems may be helpful: The single most important lesson from our experiences with conventional networked systems is that all of them can be hacked, and all will eventually be hacked. There’s a simple equation for hackers: their investments are related to the value of the data. Alas, because electronic health records (EHRs) have a relatively high value to criminals, we should expect hackers to make significant efforts to penetrate EHRs. (More on this later.) Our experience also teaches us that erecting protections to mitigate hacking is never by itself an adequate defense. Instead, it is always necessary for health IT leaders to make significant efforts monitoring the EHR system for unanticipated behavior. Equally critical, it’s always necessary to plan how to respond to detected attacks.

Two mistakes: One of the biggest mistakes organizations make is failing to understand the threat; organizations typically are uninformed about the sophistication and resources of attackers, on one hand, and so underestimate their opponents, while on the other, they assume their systems are much less vulnerable than they actually are.

How Mayo Clinic Is Using iPads to Empower Patients


Throughout the world, companies are embracing mobile devices to set customer expectations, enlist them in satisfying their own needs, and get workers to adhere to best practices. An effort under way at the Mayo Clinic shows how such technology can be used to improve outcomes and lower costs in health care.

Defining the care a patient can expect to receive and what the road to recovery will look like is crucial. When care expectations are not well defined or communicated, the process of care may drift, leading to unwarranted variation, reduced predictability, longer hospital stays, higher costs, poorer outcomes, and patient and provider dissatisfaction.

With all this in mind, a group at the Mayo Clinic led by the four of us developed and implemented a standardized practice model over a three-year period (2010-2012) that significantly reduced variation and improved predictability of care in adult cardiac surgery.

One of the developments that germinated in that effort was the interactive Mayo myCare program, which uses an iPad to provide patients with detailed descriptions of their treatment plans and clinical milestones, educational materials, and a daily “To Do” list, and to report their progress and identify problems to their providers.

Research Bites Dog


Screen Shot 2016-04-03 at 10.42.56 AMWe live in a headline/hyperlinked world.  A couple of years back, I learned through happenstance that my most popular blog posts all had catchy titles.  I’m pretty confident that people who read this blog do more than scan the titles, but there is so much information coming at us these days, it’s often difficult to get much beyond the headline.  Another phenomenon of information overload is that we naturally apply heuristics or short cuts in our thinking to avoid dealing with a high degree of complexity.  Let’s face it: it’s work to think!

In this context, I thought it would be worth talking about two recent headlines that seem to be set backs for the inexorable forward march of connected health.  These come in the form of peer reviewed studies, so our instinct is to pay close attention.

In fact, one comes from an undisputed leader in the field, Dr. Eric Topol.  His group recently published a paper where they examined the utility of a series of medical/health tracking devices as tools for health improvement in a cohort of folks with chronic illness.  In our parlance, they put a feedback loop into these patients’ lives.  It’s hard to say for sure from the study description, but it sounds like the intervention was mostly about giving patients insights from their own data.  I don’t see much in the paper about coaching, motivation, etc.

If it is true that the interactivity/coaching/motivation component was light, that may explain the lackluster results.  We find that the feedback loops alone are relatively weak motivators.  It is also possible that, because the sample included a mix of chronic illnesses, it would be harder to see a positive effect.  One principle of clinical trial design is to try to minimize all variables between the comparison groups, except the intervention.  Having a group with varying diseases makes it harder to say for sure that any effects (or lack of effects) were due to the intervention itself.

Dr. Topol is an experienced researcher and academician.  When they designed the study, I am confident they had the right intentions in mind.  My guess is they felt like they were studying the effect of mobile health and wearable technology on health (more on that at the end of the post). But you can see that, in retrospect, the likelihood of teasing out a positive effect was relatively low.

Washington’s New Open Source IT Law Could Change Everything. Let’s Count the Ways …


In these politically polarized times, Americans expect Republicans and Democrats to disagree on every detail right down to what day of the week it is. This is especially true in the posturing hurly-burly of the House, where members can appeal to the few select priorities of a gerrymandered district to win re-election.

So it’s remarkable and unexpected when any legislation exits a House committee with unanimous bipartisan support. It’s even more surprising when the legislation potentially threatens the status quo for established corporate interests—in this case information technology companies.

The Federal Information Technology Acquisition Reform Act (FITAR)—sponsored by California Republican Darrell Issa along with Virginia Democrat Gerry Connolly, and supported by every member of the House Oversight and Government Reform Committee—threatens to put open-source software on par with proprietary by labeling it a “commercial item” in federal procurement policies. The proposal wouldn’t give open source a privileged position, just an equal one.

No Mandate Required


flying cadeuciiA reporter who covers healthcare asked me a thought provoking question recently: Is there a mandate for the adoption of telehealth?  The inquiry makes sense. After all, from hospitals to health plans, employers to private practices, it is expected that the global telemedicine market will expand at an annual rate of 14.3 percent through 2020. Surely the explanation has something to do with the presence of a national requirement.

And it is the case with other health technology. As many in the industry know, the federal government mandated the adoption of electronic medical records (EMRs).The US Department of Health and Human Services spent billions to implement the Health Information Technology for Economic and Clinical Health (HITECH) Act. And providers were incentivized and penalized based not only on their adoption of electronic health records, but on the efficacy of their “meaningful use” of these new tools.

The Rise of the Chief Cognitive Officer


Cogito potestas est (Thinking & learning is power)

Screen Shot 2016-05-12 at 1.06.57 PM

In a recent blog post titled ‘A computer that allows the doctor to be more human’ Toby Cosgrove, the CEO of the Cleveland Clinic stated “It may sound odd, but technology like Watson will make healthcare less robotic and more human.” The reasoning behind putting an AI through a version of medical school is that human physicians can’t possibly read and process the exponentially growing volumes of clinical trials, medical journals, and individual cases available in the digital domain. A computer that digests them can transform them into useful support options for care of a patient. Furthermore humans can’t be a part of every case and learn from every physician. But by combining a human with the capacity of a computer as a physician’s assistant, physicians can focus on the many things that they are uniquely able to do in the complex domain of medicine. This includes the critical conversations with patients and their families.

Three Ways Doctors Can Use Patient Data to Get Better Results


John Haughom MD whitePhysicians have always been in the information business. We have kept records of patient data regarding the vital signs, allergies, illnesses, injuries, medications, and treatments for the patients we serve. We seek knowledge from other physicians, whether that knowledge comes from the conclusions of experts from research published in a medical journal or the specialist down the hall. However, a physician will always benefit from additional good information such as the analysis of pooled data from our peers treating similar patients or from the patients themselves.

Over the next few years, vast new pools of data regarding the physiologic status, behaviors, environment, and genomes of patients will create amazing new possibilities for both patients and care providers. Data will change our understanding of health and disease and provide a rich new resource to improve clinical care and maximize patient health and well-being.

Patient Data Used by the Patient

Instead of a periodic handful of test results and a smattering of annual measurements in a paper chart, healthdata will increasingly be something that is generated passively, day by day, as a byproduct of living our lives and providing care. Much of the data will be generated, shared, and used outside of the health system. It will belong to patients who will use it to manage their lives and help them select physicians and other healthcare professionals to guide them in their quest for a long and healthy life.

Based on a patient’s preferences and needs, the data will flow to those who can best assist them in maintaining their health. It will reveal important and illuminating patterns that were not previously apparent, and with the right system in place, it will trigger awareness and alerts for patients and other providers that will guide behaviors and decisions.

Could Mobile Health Become Addictive?


The hype over mobile health is deafening on most days and downright annoying on some.  So it is with some reluctance that I admit that mobile has the potential to be a game-changer in health.  I’ve professed enthusiasm before, but that was largely around the use of wireless sensors to measure physiologic signals and SMS text as a way to deliver messages to patients and consumers.  For several years, the industry has been awash with smartphone apps (by a recent count more than 40,000).  At the Center for Connected Health, we started looking at mobile health as far back as 2008 and could not justify the excitement around smart phones and apps at that time, mostly because our patient population did not demonstrate significant enough adoption of smartphones to justify development in this area.

I felt very unpopular at all of the major conferences.  I talked about our success with text messaging as a tool for engaging pregnant teens in their prenatal care and helping patients battling addiction to stick with their care plan, while others were touting the virtues of their various apps.

It’s worth noting that our primary focus at the Center for Connected Health has been patients with chronic illness.  As such, we are every bit as concerned about the 85 year old with congestive heart failure as we are about the young professional with hypertension.  However, across the population of people with chronic disease, smartphone adoption has lagged.  I felt like our strategy was vindicated when my friend Susannah Fox published research showing that folks with two or more chronic illnesses (independent of other variables such as age and socioeconomic status) use technology in the context of their health less than others.

The world of patient care appears to be catching up to the rest of mobile.  Not that I would ever endorse the irrational exuberance shown for mobile health apps in general, but some recent data points that changed my thinking are worth noting.

Why Isn’t There a App?


A THCB reader who asked that we not identify him because his company does unrelated contracting work with the government writes in to ask:

“Why isn’t there a app? If the problem is that the system is failing because the poorly designed web site is being crashed by monster waves of traffic, wouldn’t putting out an app help?

I mean, ‘cmon guys. It’s 2013. Millions of Americans have iPhones, iPads, Androids and god knows what other mobile devices. In theory a freestanding app — even a simple one — that allowed browsing and “print my application” capabilities would help the traffic problem by giving people an alternative way to access the features available at the government web site.

If the problem is in fact the web site and not the data hub, wouldn’t that go a long way to solving the problem? How hard could it possibly be to put something together quickly and get it out there? Why isn’t this being done?

Knowing how this game works, I’m pretty sure the plan was to originally include something like this. Then the vendors and contractors involved quoted an astronomically high price tag that nobody was willing to go for. Then somebody else said something ominous about privacy and an awkward silence broke out at the table. The app was put in the “nice to have” – “we’ll get around to it when we can” – “bells and whistles” camp.”

Have a brilliant idea that could help save Somebody has got to do something.  Drop us a note. We’ll publish the good ideas.

Open Data Advocate Joins Patient Privacy Rights Group as Chief Technology Officer


The small news is that I formally joined Patient Privacy Rights as chief technology officer. I have been an extreme advocate for open data for years. For example, I’m  a card-carrying member of the Personal Genome Project where I volunteer to post both my genome and most of my medical record. PPR, on the other hand, is well known for publicizing the harms of personal data releases. These two seemingly contradictory perspectives represent the matter-antimatter pair that can power the long march to health reform.

The value of personal medical data is what drives the world of healthcare and the key to health reform. The World Economic Forum says: “Personal data is becoming a new economic “asset class”, a valuable resource for the 21st century that will touch all aspects of society.” This “asset” is sought and cherished by institutions of all sorts. Massive health care organizations, research universities, pharmaceutical companies, and both state and federal regulators are eager to accumulate as much personal medical data as they can get and to invest their asset for maximum financial return. Are patient privacy rights just sand in the gears of progress?