eugenesergeev - Fotolia
With medical devices mushrooming in hospitals and becoming increasingly connected to the data network, providers are employing medical device integration to cut down on medical alarm management confusion and to draw meaningful insights for clinical decision-making.
That means using data governance and predictive analytics, according to Janet Dillione, CEO of Cardiopulmonary Corp., developer of the Bernoulli medical device integration (MDI) platform. The company recently merged with Nuvon Inc., a medical device connectivity and informatics vendor.
In the second part of a Q&A, Dillione, a former executive vice president and general manager of Nuance Communications Inc.'s healthcare division and president and CEO of Siemens AG's health services division, elaborated on medical alarm management.
Dillione also took on cybersecurity and cost issues associated with MDI.
You've thought a lot about the rapid shift to value-based care and reimbursement. So what kind of data governance do providers have to have in place and how do these high-end MDI systems help them negotiate that shift?
Janet Dillione: We're running into data governance a lot in the world of [medical] alarm management, because ... every device comes with a manufacturer default setting for alarms and those settings probably reflect 80% of the healthy population and not necessarily what you want to have represented at the patient bedside. I think in this early wave of dealing with alarm management, we're beginning to see which area of the clinical structure deals with things like real-time data and settings limits and setting alarms and saying, 'Well, wait a minute. I don't need to enunciate every alarm. I just need to enunciate the alarms that are indicating a significant patient safety issue.'
Some customers have that governance structure in place. I think there's a wave coming where there's going to be a lot of activity around helping build up the governance structures around things like alarms. If you think about it, if you can abstract up a layer, an alarm just happens to be a data type of real-time data.
Dillione: In the virtual ICUs, what we see most typically, I'd say the first wave is definitely the academics. What we're seeing is a fallout, a secondary cause, from the provider consolidation wave. So a hub … one of the strong provider systems, begins to accumulate other providers in the region, almost like a hub-and-spokes kind of environment. I'm going to broaden my provider network. And when they potentially wake up at the end of [a] year or so of accumulating providers, they realize, 'Oh my gosh. I've got ICU beds in a much broader geographical distribution than I ever had before, but I don't have any more intensivists. There is growing shortage of intensivists. And … these are not the patients I want to move.' Sometimes you'd say, 'That's simple. Just move the patients around.' But you don't want to move around ICU patients.
That's the wave we're seeing right now, a lot of geographical expansion. I've got ICU beds out from my clinical hub facility. I want my intensive expertise from my hub facility made available to those other ICUs, and they're looking at tele-ICU to do that.
There's been a lot of talk about connected medical devices being insecure, leading to security vulnerabilities. Because even if they're from a super reputable vendor, you could get firmware updates that have security holes in them. As the providers put in these sophisticated MDI systems, aren't they going to also have to think about securing them? Also, please talk about patient safety and the reliability of using remote devices to provide clinical decision-making or accurate clinical surveillance.
Dillione: There's no doubt that security has always been an issue in healthcare, right? There's HIPAA, there's PHI [protected health information]. I think what's happened in the last 18 months or so is this whole realization of cybersecurity. Are we vulnerable to hacking? How tight is my security? Am I inside a firewall? Am I outside a firewall? We are a Class 2-cleared device, so we are very, very conscious of end-to-end verification and validation with any device to which we are attached. We take that very seriously. Typically for us, and I'm sure this is true of many folks, our implementations around tele-ICU and MDI were typically on-premises inside of a firewall, so the customer would be providing a lot of that security structure. And obviously, we write to all the current standards around encryption, SSL [secure sockets layer], and those types of things. We are constantly watching security, as you could imagine. We work with our customers heavily in terms of what we provide there. We encrypt the data as we need to around networks and around what we do.
This whole idea of cybersecurity is going to be a growing one. But right now we match the standards, we test our solutions end-to-end because of our Class 2 FDA clearance.
In terms of patient safety ... Is it a medical device or is it a consumer device when the patient is at home? I don't know that that question's been answered. I've asked this question a lot, especially when I'm with CMOs [chief medical officers] and CMIOs [chief medical informatics officers]. The question typically comes back as, 'If I am going to use it for diagnostics, it is a medical device and I want to know that it is manufactured and managed as a medical device.' That's kind of the line that I see getting set out there. If it's a patient and they're doing self-monitoring [at home] or it's not coming into my patient record or I'm not using it for diagnostics, I don't care as much. But again, if I'm going to use it for diagnostics, now you've crossed the line and now I want to know what kind of clearances and FDA types of environments that device has been manufactured in.
In terms of patient safety, I don't know that the script has been written. I think folks are waiting for some further clarity from the FDA around wearables. We are watching that heavily. We are waiting for and watching for greater clarity around just alarms. Is it a primary alarm? Is it a secondary alarm? Who has to be conscious if I take an alarm from middleware? Does that mean I have to verify and validate from that middleware? Do I have to go all the back to the originating device that sent the alarm?
How do you integrate devices from different vendors, each with their own proprietary standards? Is that difficult? If it's a big, sprawling hospital system, how do you connect all those devices?
Dillione: There are software drivers. What happens is, there's a device, it could be an IV pump, it could be anything. It's a device from a manufacturer. That device speaks a certain language and has a certain communication protocol that the manufacturer documents. They then hand that over to those of us who say, 'We will integrate those devices into some type of middleware,' and then we write drivers. And there's actually, in the market, a little bit of a competition, so to speak, 'I have more drivers than you do.' But yeah, there's a driver, it takes us probably four to six weeks to write a new driver. The world would love to see all devices speak a common language. There [are] actually people trying to work on that, but I think it's a very long time in the future.
Can smaller providers afford the investment in medical device integration? There might be a good ROI from it down the line, but how can a small rural hospital, community hospital or midsize physician pursue an MDI strategy?
Dillione: There are vendors that address different types of markets. I think that the solution scale ... in some of the different environments that you speak of -- whether it's a physician's office or an ambulatory care setting -- the good news is they probably have a very different population of devices. Typically, they're going to need maybe one or two drivers to talk to middleware, as opposed to those academic IDNs [integrated delivery networks] where there's dozens and dozens of device types across dozens of manufacturers. That takes care of some of the affordability in and of itself.
FDA issues guidance on medical device security
Telemedicine security has providers' attention
Patient referral software works with mobile health devices