Donna Fedor, Contributing Editor06.11.12
This is the third and final installment in a series of articles that has examined the challenges as well as the possible successes of using consumer devices and platforms within the highly regulated medical device industry (the first part was published as a column in the November/December 2011 issue of Medical Product Outsourcing and the second was a feature in the March issue). The first two articles covered changes in the healthcare ecosystem that are driving the need for consumer platforms and devices, regulatory guidance, current solutions on the market, and concerns of medical device companies with using consumer platforms in mission critical applications. This issue will focus on data security and data management within the “cloud” to support physician and patient remote access and monitoring globally. Panelists also will discuss the future of the medical device, if and when consumer platforms become a mainstream element in the medical device ecosystem. Donna Fedor, director of strategy at Jabil Circuit Inc., St. Petersburg, Fla., assembled three information technology professionals from diverse backgrounds to discuss the convergence of two dissimilar industries into a new ecosystem. Excerpts of the discussion she coordinated and moderated follow.
Panelists include:
Donna Fedor: Since we’ve been focusing our questions mostly on the device, it’s time to talk about the rest of the connected ecosystem: the network, the data, and the cloud. How can patients be confident that they will have privacy and security across the entire ecosystem wherever they are, either in the clinical environment or outside the clinical environment?
Michael Huneycutt: The more data that is stored on the device, the more at risk you are, especially when the device is in patients’ hands. There is more risk of exposure of that data. There is the cloud-based approach where you interact with the data in the cloud or within the data center, which is a definite contrast to data that is resident on the device itself. There needs to be a balance. Unlike a public cloud, a healthcare cloud must have several key features, including administrative, physical and technical controls to meet the rigorous needs for security, privacy, reliability and compliance of healthcare enterprises. You need to secure the borders of your system, which means you have to secure the device. If you’re in an application ecosystem, you have to secure the ecosystem that is providing the apps to the device. Generally speaking, if it’s in the cloud we can secure it. We can put it behind a firewall. We can control it. But the minute it comes out onto a device, there is a lot of work and a lot of security required for device control, which means that you need to have control over the operating system and the apps that go onto the device.
Fedor: Some people reading this might not really understand how cloud computing works, specifically in the clinical environment. Michael, can you give some examples of what we mean by the cloud?
Huneycutt: From a cloud-computing standpoint, there are generally three industry standard types. One is infrastructure as the service, another is platform as the service, and the last one is software as a service. The first—infrastructure as the service—is when you have a device locally but the storage is actually sitting in a data center somewhere. So, when you write a document on your device, it’s actually written and stored onto a specific server in the cloud. But, to the user, it looks like it’s right on the device; just like a drive on your computer.
For the second type—platform as the service—all the computing power is actually sitting in the data center. It’s virtualized and typically charged on a subscription basis. An example would be that there is a laptop sitting at a nurses’ station that a physician can access with some type of authentication to display their desktop. The physician’s desktop is not really on the nurse station laptop. It is resident on a server in the cloud somewhere and already has the apps that they’ve been using ready to go. The physician logs off and starts rounds where they can access the same desktop from the display in the patient’s room or on a mobile tablet. Platform service is that the desktop is available anywhere that they move. It doesn’t really matter what the remote device is, it renders the desktop based on the device.
The other one is software as a service, where you pay a monthly subscription fee or a fee per analysis; and you have complete access to the software such as analytics. If you’ve ever used an Evernote or Facebook, they are similar to a software service model; you don’t really run the software on your device. You might run an app, but you’re really subscribing to a service. This is growing in popularity for healthcare analytics as a service, where data is being aggregated, collected and sliced and diced.
Fedor: Cloud computing seems to bring us full circle back to the client/server computing model before desktops and laptops when you had dumb terminals connected to mainframes. But, now the dumb terminals are any device connected anywhere in the world outside the hospital, which leaves us with intense data security issues in exchanging confidential healthcare information.
Alan Portela: If you talk to all the healthcare administrators, it’s a challenge that everybody is trying to tackle; if healthcare information is exchanged, how do we move data that is beyond the four walls of the hospital. Today, healthcare information exchange is done on a document-oriented approach. It’s actually going to shift to just raw data because physicians don’t want the data doctored. The physician is getting paid on their interpretation of data. They want to view all of the data so they are able to make their interpretation. With this, security becomes a larger issue. The security standards that exist today are not enough. The reality is that for all of us, our industry has to be visionary and organized enough to be able to figure out what the right standards will be, get ready for those, and then start working with the FCC (Federal Communications Commission) the same way we work with the FDA (U.S. Food and Drug Administration) to try to educate and drive on the process that is needed for healthcare. We can learn from what is already out there. An example is the U.S. Department of Defense’s Defense Information Assurance Certification Accreditation Process, which is an information assurance protocol that was developed to comply with the Federal Information Security Management Act. It looks like encryption—encryption on the transmission, on the server side, on the client side.
Fedor: Much work still has to be done on data security for these new connected care models both inside and outside the clinical environment. Let’s talk about data management. With remote monitoring, there will be massive amounts of data collected that need to be effectively managed. What are the up and coming solutions for data management and what are some of the changes that are happening with the use of that data?
Huneycutt: Right now the challenge is 10 percent of all data is structured and the other 90 percent is unstructured. In the next five years, data is supposed to grow by 600 percent. Trying to aggregate that data and use it in a meaningful way is critical. One of the biggest areas right now for Dell is analytics. We have to go beyond the 10 percent structured data that is driven by billing. The unstructured data is where things are going to become much higher value. The whole management and life cycle of the data is going to have to change. It’s really about data flowing back and forth from the cloud, the data center and providing access from anywhere—in the hospital, outside of the hospital. Mobility is our primary goal.
But, some of the data is so large such as genomics or images that we’ve had to find new mechanisms for transmitting that data in the health exchange. Data management will also consist of how do you move people to where the data is, because there’s so much data that you can’t move the data where you need it to be. Rather than actually move the images from one place to another, the images stay where they are and the user’s device will render the images. Instead of a physician having to wait for the X-ray to come to them, the system has the intelligence to route them to where the X-ray is and the device will display the X-ray. Of course, the data flow has to be encrypted and secure as we’ve been discussing.
Portela: Everybody talks about the concept of clinical decision support. It has three self-components: access, understanding/trending and knowledge-based prompting.
Access to clinical data is also modeling which data is clinically right. If you have a data warehouse with all the data that is on a cloud, you need to create a subset of which data is relevant. Second, getting the raw data from lab results, diagnostics or monitoring in a graphical trended interface will allow for easier understanding and interpretation of the data. A physician should be able to see more easily that the patient’s potassium levels, which have been at a normal level, have recently dropped at a significant rate, which has increased probability of a heart attack in the next two hours. Finally, knowledge-based prompting is basically using analytics on top of the data to be able to start generating alerts to potential events proactively.
So with cloud computing, data management is changing and the device is agnostic. To be able to run the applications, it really doesn’t matter what device you are using. It could be a laptop, a tablet or a mobile phone. Everything is being processed in a different location.
Fedor: In the last article, we spoke a lot about the patient’s comfort with device technology and the push to more mobile health solutions at a patient’s home. What about their comfort with their own healthcare data?
Simon Karger: The social driver here is a really interesting phenomenon. As our medical data is going into the cloud, patients are starting to want access to that data. For the first time clinical data is being used by people other than clinicians. A great example is a retinal specialist who I was working with said that their patients will come in, have retinal imaging done and ask to download the image onto their iPad because it’s cool and they want to be able to take it home. Five years ago, that would never have happened. With data coming into the cloud, the data becomes more accessible and you’re suddenly seeing patients wanting to get access to that data and use it in different ways, and that’s another kind of change to the way that we’re using healthcare data.
Portela: And, with the shift from document entry to raw data, we’re going to start seeing a big change. Healthcare organizations didn’t want to share their records with patients in the past because, on the document, there was data included that is above and beyond information strictly about the patient’s condition. With raw data, the physicians can have their own interpretation of that data separately from the patient data. Now the patients can take all their clinical data and can carry it to any doctor throughout the system but the doctor’s interpretation of that data might not be included.
Huneycutt: Another problem is if a patient needs to send an image to another physician, they’d have to get a copy from the first physician on a storage media like a CD, physically pick it up and take it to the second physician. Now, we’re working on program where the patient can input their physician’s email address to receive encrypted access to the full fidelity images.
Fedor: It will be interesting to see what types of guidance our regulatory agencies will give to give warn patients who have access to their healthcare data against the tendency for some individuals to self diagnose. We’ve covered many topics in this three-part series, and it’s time to wrap it up. The question that we’ve been driving to is: What will be the future of the medical device? The medical ecosystem used to be a device, a patient and a physician but that is changing dramatically with electronic health records, consumer platforms and cloud computing entering the medical ecosystem in a significant way. As consumer platforms and mobile displays become more prevalent in the ecosystem as a secondary display and as cloud computing starts to develop into cloud diagnostics, we will start to gather data and evidence that might allow consumer devices to potentially become the primary display and compute engines for the medical device ecosystem. If we accept that premise, what potential impact will we see on medical devices? Are we going to see mobile devices with built in healthcare features specific to an illness? Are we going to see hospitals pushing medical device OEMs to remove the redundant costly features of a traditional patient bedside device such as the user interface and display? What do you see as some of the things that are happening or could happen?
Karger: First, I think there’s a question of the mobile device as a primary display and then there’s a question of the mobile device as a primary interface. They are fundamentally different things. Can I see a mobile device being a primary display? Possibly. I think the really exciting stuff comes when you start thinking about mobile devices as a primary interface (i.e., allowing some control of the device versus just presenting or displaying the data it generates). I think we’re a long way from that. If we can get to the point where a consumer tablet or smart phone is able to truly interact with a medical device and is able to form the common node between the information flows to/from both the unified EMR (electronic medical record) and the devices around us and link the patient and the clinical stakeholder—that will be really exciting and will get us much closer to delivering on the promise of mobile health.
But there is so much that needs to happen for us to get there. Medical device companies really need to understand and need to work out how to best integrate fundamental consumer technology into their products and the consumer platform providers need to work out how close to the FDA line they’re going to get.
You asked if we will ever see consumer mobile devices with built-in healthcare features (i.e., fully integrated services and even hardware, rather than add software apps from third parties). I think that comes down to another question. Will we ever see consumer device companies willing to take on medical liability? Some would argue that they’ve actually backed further away from the specialist, professional market and they’ve positioned themselves more squarely as consumer product companies.
Are we going to see medical device manufacturers start to change and start to think and act more like consumer companies? Well, in my experience, I am starting to see some of that now. I am starting to see medical device manufacturers ask questions such as, “How do I market to the consumer rather than to the patient/clinician?” and “How do I take account of the fact that wellness trends demand that patients to take control of their own healthcare?” I am seeing medical device companies starting to move there. Are they going to go all the way and start becoming consumer device development companies? I don’t see that.
And so there’s a question: Who sits in the middle (connecting consumer and medical devices), and who really enables it?
Portela: That’s a very good point. We already are seeing the collaboration. AirStrip is a mobile device for all EKG (electrocardiogram) monitors on EKGs in the hospital. We already have a relationship the EKG providers. We are their solution. We are the ones that mobilize their data. GE also collaborated with Intel on a new joint venture called Care Innovations to look at home monitors. There are already data communications companies partnering with them. Partners are also starting to look at working with the implantable device companies so they could put a chip inside the implantable to enable data directly into the cloud for monitoring.
Honeycutt: I agree. The issue is who is going to drive it? We don’t know yet. But the reality is that you are starting to see levels of collaboration that you never saw before.
Karger: That’s what it’s going to take. As an industry, we need to pick a point of focus, we need to pick the best example and model it, demonstrate how this is really going to work. We use that example to drive the collaboration, to work out how the regulatory environment needs to adapt, to work out how the reimbursement environment needs to work, and follow that one focus to let us as an industry prove that there is real outcome and benefit from the new technologies. There is a value proposition for everybody here; the patient wins, the system wins and ultimately the companies win. If we can do that in one instance, that gives us a start to form a model.
Portela: We recently wrote a case benefit analysis with one of our partner hospitals that we just submitted to the White House. They responded saying, “We love it; we’re going to include this as part of the next report.” We basically showed how you can improve healthcare with mobile technologies and create savings, develop new revenue models and improve quality of care.
Panelists include:
- Michael Huneycutt, chief technology advisor for the Federal, Commercial, and Healthcare business units of information technology company Dell Inc.;
- Simon Karger, associate director, Surgical, at Cambridge Consultants Ltd., a company that develops products, creates and licenses intellectual property, and provides technology consulting services in the areas of medical technology, industrial and consumer products, transport, energy, cleantech and wireless communications; and
- Alan Portela, CEO of AirStrip Technologies Inc., a San Antonio, Texas, software company that is developing tools to send patient information directly from hospital monitoring systems, bedside devices and electronic health records to a clinician’s mobile device such as an iPhone or BlackBerry.
Donna Fedor: Since we’ve been focusing our questions mostly on the device, it’s time to talk about the rest of the connected ecosystem: the network, the data, and the cloud. How can patients be confident that they will have privacy and security across the entire ecosystem wherever they are, either in the clinical environment or outside the clinical environment?
Michael Huneycutt: The more data that is stored on the device, the more at risk you are, especially when the device is in patients’ hands. There is more risk of exposure of that data. There is the cloud-based approach where you interact with the data in the cloud or within the data center, which is a definite contrast to data that is resident on the device itself. There needs to be a balance. Unlike a public cloud, a healthcare cloud must have several key features, including administrative, physical and technical controls to meet the rigorous needs for security, privacy, reliability and compliance of healthcare enterprises. You need to secure the borders of your system, which means you have to secure the device. If you’re in an application ecosystem, you have to secure the ecosystem that is providing the apps to the device. Generally speaking, if it’s in the cloud we can secure it. We can put it behind a firewall. We can control it. But the minute it comes out onto a device, there is a lot of work and a lot of security required for device control, which means that you need to have control over the operating system and the apps that go onto the device.
Fedor: Some people reading this might not really understand how cloud computing works, specifically in the clinical environment. Michael, can you give some examples of what we mean by the cloud?
Huneycutt: From a cloud-computing standpoint, there are generally three industry standard types. One is infrastructure as the service, another is platform as the service, and the last one is software as a service. The first—infrastructure as the service—is when you have a device locally but the storage is actually sitting in a data center somewhere. So, when you write a document on your device, it’s actually written and stored onto a specific server in the cloud. But, to the user, it looks like it’s right on the device; just like a drive on your computer.
For the second type—platform as the service—all the computing power is actually sitting in the data center. It’s virtualized and typically charged on a subscription basis. An example would be that there is a laptop sitting at a nurses’ station that a physician can access with some type of authentication to display their desktop. The physician’s desktop is not really on the nurse station laptop. It is resident on a server in the cloud somewhere and already has the apps that they’ve been using ready to go. The physician logs off and starts rounds where they can access the same desktop from the display in the patient’s room or on a mobile tablet. Platform service is that the desktop is available anywhere that they move. It doesn’t really matter what the remote device is, it renders the desktop based on the device.
The other one is software as a service, where you pay a monthly subscription fee or a fee per analysis; and you have complete access to the software such as analytics. If you’ve ever used an Evernote or Facebook, they are similar to a software service model; you don’t really run the software on your device. You might run an app, but you’re really subscribing to a service. This is growing in popularity for healthcare analytics as a service, where data is being aggregated, collected and sliced and diced.
Fedor: Cloud computing seems to bring us full circle back to the client/server computing model before desktops and laptops when you had dumb terminals connected to mainframes. But, now the dumb terminals are any device connected anywhere in the world outside the hospital, which leaves us with intense data security issues in exchanging confidential healthcare information.
Alan Portela: If you talk to all the healthcare administrators, it’s a challenge that everybody is trying to tackle; if healthcare information is exchanged, how do we move data that is beyond the four walls of the hospital. Today, healthcare information exchange is done on a document-oriented approach. It’s actually going to shift to just raw data because physicians don’t want the data doctored. The physician is getting paid on their interpretation of data. They want to view all of the data so they are able to make their interpretation. With this, security becomes a larger issue. The security standards that exist today are not enough. The reality is that for all of us, our industry has to be visionary and organized enough to be able to figure out what the right standards will be, get ready for those, and then start working with the FCC (Federal Communications Commission) the same way we work with the FDA (U.S. Food and Drug Administration) to try to educate and drive on the process that is needed for healthcare. We can learn from what is already out there. An example is the U.S. Department of Defense’s Defense Information Assurance Certification Accreditation Process, which is an information assurance protocol that was developed to comply with the Federal Information Security Management Act. It looks like encryption—encryption on the transmission, on the server side, on the client side.
Fedor: Much work still has to be done on data security for these new connected care models both inside and outside the clinical environment. Let’s talk about data management. With remote monitoring, there will be massive amounts of data collected that need to be effectively managed. What are the up and coming solutions for data management and what are some of the changes that are happening with the use of that data?
Huneycutt: Right now the challenge is 10 percent of all data is structured and the other 90 percent is unstructured. In the next five years, data is supposed to grow by 600 percent. Trying to aggregate that data and use it in a meaningful way is critical. One of the biggest areas right now for Dell is analytics. We have to go beyond the 10 percent structured data that is driven by billing. The unstructured data is where things are going to become much higher value. The whole management and life cycle of the data is going to have to change. It’s really about data flowing back and forth from the cloud, the data center and providing access from anywhere—in the hospital, outside of the hospital. Mobility is our primary goal.
But, some of the data is so large such as genomics or images that we’ve had to find new mechanisms for transmitting that data in the health exchange. Data management will also consist of how do you move people to where the data is, because there’s so much data that you can’t move the data where you need it to be. Rather than actually move the images from one place to another, the images stay where they are and the user’s device will render the images. Instead of a physician having to wait for the X-ray to come to them, the system has the intelligence to route them to where the X-ray is and the device will display the X-ray. Of course, the data flow has to be encrypted and secure as we’ve been discussing.
Portela: Everybody talks about the concept of clinical decision support. It has three self-components: access, understanding/trending and knowledge-based prompting.
Access to clinical data is also modeling which data is clinically right. If you have a data warehouse with all the data that is on a cloud, you need to create a subset of which data is relevant. Second, getting the raw data from lab results, diagnostics or monitoring in a graphical trended interface will allow for easier understanding and interpretation of the data. A physician should be able to see more easily that the patient’s potassium levels, which have been at a normal level, have recently dropped at a significant rate, which has increased probability of a heart attack in the next two hours. Finally, knowledge-based prompting is basically using analytics on top of the data to be able to start generating alerts to potential events proactively.
So with cloud computing, data management is changing and the device is agnostic. To be able to run the applications, it really doesn’t matter what device you are using. It could be a laptop, a tablet or a mobile phone. Everything is being processed in a different location.
Fedor: In the last article, we spoke a lot about the patient’s comfort with device technology and the push to more mobile health solutions at a patient’s home. What about their comfort with their own healthcare data?
Simon Karger: The social driver here is a really interesting phenomenon. As our medical data is going into the cloud, patients are starting to want access to that data. For the first time clinical data is being used by people other than clinicians. A great example is a retinal specialist who I was working with said that their patients will come in, have retinal imaging done and ask to download the image onto their iPad because it’s cool and they want to be able to take it home. Five years ago, that would never have happened. With data coming into the cloud, the data becomes more accessible and you’re suddenly seeing patients wanting to get access to that data and use it in different ways, and that’s another kind of change to the way that we’re using healthcare data.
Portela: And, with the shift from document entry to raw data, we’re going to start seeing a big change. Healthcare organizations didn’t want to share their records with patients in the past because, on the document, there was data included that is above and beyond information strictly about the patient’s condition. With raw data, the physicians can have their own interpretation of that data separately from the patient data. Now the patients can take all their clinical data and can carry it to any doctor throughout the system but the doctor’s interpretation of that data might not be included.
Huneycutt: Another problem is if a patient needs to send an image to another physician, they’d have to get a copy from the first physician on a storage media like a CD, physically pick it up and take it to the second physician. Now, we’re working on program where the patient can input their physician’s email address to receive encrypted access to the full fidelity images.
Fedor: It will be interesting to see what types of guidance our regulatory agencies will give to give warn patients who have access to their healthcare data against the tendency for some individuals to self diagnose. We’ve covered many topics in this three-part series, and it’s time to wrap it up. The question that we’ve been driving to is: What will be the future of the medical device? The medical ecosystem used to be a device, a patient and a physician but that is changing dramatically with electronic health records, consumer platforms and cloud computing entering the medical ecosystem in a significant way. As consumer platforms and mobile displays become more prevalent in the ecosystem as a secondary display and as cloud computing starts to develop into cloud diagnostics, we will start to gather data and evidence that might allow consumer devices to potentially become the primary display and compute engines for the medical device ecosystem. If we accept that premise, what potential impact will we see on medical devices? Are we going to see mobile devices with built in healthcare features specific to an illness? Are we going to see hospitals pushing medical device OEMs to remove the redundant costly features of a traditional patient bedside device such as the user interface and display? What do you see as some of the things that are happening or could happen?
Karger: First, I think there’s a question of the mobile device as a primary display and then there’s a question of the mobile device as a primary interface. They are fundamentally different things. Can I see a mobile device being a primary display? Possibly. I think the really exciting stuff comes when you start thinking about mobile devices as a primary interface (i.e., allowing some control of the device versus just presenting or displaying the data it generates). I think we’re a long way from that. If we can get to the point where a consumer tablet or smart phone is able to truly interact with a medical device and is able to form the common node between the information flows to/from both the unified EMR (electronic medical record) and the devices around us and link the patient and the clinical stakeholder—that will be really exciting and will get us much closer to delivering on the promise of mobile health.
But there is so much that needs to happen for us to get there. Medical device companies really need to understand and need to work out how to best integrate fundamental consumer technology into their products and the consumer platform providers need to work out how close to the FDA line they’re going to get.
You asked if we will ever see consumer mobile devices with built-in healthcare features (i.e., fully integrated services and even hardware, rather than add software apps from third parties). I think that comes down to another question. Will we ever see consumer device companies willing to take on medical liability? Some would argue that they’ve actually backed further away from the specialist, professional market and they’ve positioned themselves more squarely as consumer product companies.
Are we going to see medical device manufacturers start to change and start to think and act more like consumer companies? Well, in my experience, I am starting to see some of that now. I am starting to see medical device manufacturers ask questions such as, “How do I market to the consumer rather than to the patient/clinician?” and “How do I take account of the fact that wellness trends demand that patients to take control of their own healthcare?” I am seeing medical device companies starting to move there. Are they going to go all the way and start becoming consumer device development companies? I don’t see that.
And so there’s a question: Who sits in the middle (connecting consumer and medical devices), and who really enables it?
Portela: That’s a very good point. We already are seeing the collaboration. AirStrip is a mobile device for all EKG (electrocardiogram) monitors on EKGs in the hospital. We already have a relationship the EKG providers. We are their solution. We are the ones that mobilize their data. GE also collaborated with Intel on a new joint venture called Care Innovations to look at home monitors. There are already data communications companies partnering with them. Partners are also starting to look at working with the implantable device companies so they could put a chip inside the implantable to enable data directly into the cloud for monitoring.
Honeycutt: I agree. The issue is who is going to drive it? We don’t know yet. But the reality is that you are starting to see levels of collaboration that you never saw before.
Karger: That’s what it’s going to take. As an industry, we need to pick a point of focus, we need to pick the best example and model it, demonstrate how this is really going to work. We use that example to drive the collaboration, to work out how the regulatory environment needs to adapt, to work out how the reimbursement environment needs to work, and follow that one focus to let us as an industry prove that there is real outcome and benefit from the new technologies. There is a value proposition for everybody here; the patient wins, the system wins and ultimately the companies win. If we can do that in one instance, that gives us a start to form a model.
Portela: We recently wrote a case benefit analysis with one of our partner hospitals that we just submitted to the White House. They responded saying, “We love it; we’re going to include this as part of the next report.” We basically showed how you can improve healthcare with mobile technologies and create savings, develop new revenue models and improve quality of care.