Friday, April 30, 2010

How to Hack Grandpa's ICD, Reprise ...

Several weeks ago I published an article (How to Hack Grandpa's ICD) discussing another article published in an IEEE journal that described a variety of ways to hack, illicitly manipulate or modify an ICD.  To those in the know, this is a potentially greater concern than I had imagined.  As it turns out, not surprisingly enough, the concerns about hacking are not limited to ICDs. 

One of my readers notified me of a recent article published by the CNN website that discusses concerns regarding the capability to hack ICDs.  Here's the link to the article that was published on 16 April 2010.  I was also republished in the Communications of the ACM (of which I am a member) on 19 April 2010.

Much of the article appears below Before proceeding, I would like to add a little background about myself and a little bit of commentary regarding hacking.  I am a co-founder of data leak security company, Salare Security (  If anyone is interested in what the company does, please do follow the link above.  (As of this point, I am a silent partner in the company.  My partners are currently running the business.)  I mention this because I have some real-world based knowledge regarding system vulnerabilities.  

From experience and research I have found that even vulnerabilities that seem unlikely to be exploited, inevitably are exploited.  If something can be gained from a target and a vulnerability exists, you can be assured that the vulnerability will be exploited.  

For example, specific vulnerabilities that Salare Security addresses months ago were considered unlikely to be exploited because of the lack knowledge and a lack of interest on the part of hackers.  However, the vulnerabilities are of significant interest because if exploited, the damage to a government, a company or other organization could be severe.  Nevertheless, the thinking in the industry has been that exploitation of the vulnerabilities over the near term were remote.

However, recently, we have received information that the system vulnerabilities that Salare Security addresses have been exploited by a government funded group of hackers.  So much for "nothing happening in the near term."  

In the case of the vulnerabilities that Salare Security protects ... the hackers were after information.  (I do not know the details of the attack so I cannot tell you what information they stole.)  But, why might hackers develop systems to exploit medical device vulnerabilities?  

My sense is that the hackers most likely are not out to attack, injure or kill people with medical devices.  In my estimation, these hackers would be engaged in an extortion scheme against a device manufacturer or manufacturers.  This suggestion is based on some of the current trends in criminal activity. (Please see:,289142,sid14_gci1510919,00.html?track=NL-102&ad=763387&asrc=EM_NLN_11442713&uid=6228713)  The article references other possible motives for hacking medical devices.  I would strongly side with any motivation that opens the door for extracting money from a manufacturer.

Here is the article published by CNN

Scientists work to keep hackers out of implanted medical devices
By John D. Sutter, CNN  (4/16/2010)

(CNN) -- Nathanael Paul likes the convenience of the insulin pump that regulates his diabetes. It communicates with other gadgets wirelessly and adjusts his blood sugar levels automatically.
But, a few years ago, the computer scientist started to worry about the security of this setup.
What if someone hacked into that system and sent his blood sugar levels plummeting? Or skyrocketing? Those scenarios could be fatal.  
Researchers say it is possible for hackers to access and remotely control medical devices like insulin pumps, pacemakers and cardiac defibrillators, all of which emit wireless signals.
In 2008, a coalition of researchers from the University of Washington, Harvard Medical School and the University of Massachusetts at Amherst wrote that they remotely accessed a common cardiac defibrillator using easy-to-find radio and computer equipment. In a lab, the researchers used their wireless access to steal personal information from the device and to induce fatal heart rhythms by taking control of the system.
This article references the same IEEE article that I referenced in my blog posting.
"Medical devices have provided important health benefits for many patients, but their increasing number, automation, functionality, connectivity and remote-communication capabilities augment their security vulnerabilities," he wrote.
FDA spokeswoman Karen Riley declined to say whether the FDA is looking into new regulations of wireless medical devices; she added that the responsibility for making the devices secure falls primarily on the manufacturer.

"The FDA shares concerns about the security and privacy of medical devices and emphasizes security as a key element of device design," she said.
Wendy Dougherty, spokeswoman for Medtronic Inc., a large maker of implantable medical devices, said the company is willing to work with the FDA to establish "formal device security guidelines."
The company is aware of potential security risks to implanted medical devices, she said. "Safety is an integral part of our design and quality process. We're constantly evolving and improving our technologies."
In a written statement, Dougherty described the risk of someone hacking into a wireless medical device as "extremely low."
Wireless connections

The security concerns stem from the fact that pacemakers, defibrillators and insulin pumps emit wireless signals, somewhat like computers.
These signals vary in range and openness. Researchers who reported hacking into a defibrillator said some in-the-body devices have a wireless range of about 15 feet.

Many devices do not have encrypted signals to ward off attack, the researchers say. Encryption is a type of signal scrambling that is, for example, employed on many home Wi-Fi routers to prevent unknown people from accessing the network.

There's some question as to why a person would hack into a pacemaker or insulin pump and how the hacker would know a person uses a medical device.
Maisel listed some possible scenarios in his New England Journal article.
"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," he wrote.
Denning, from the University of Washington, said the current risk of attack is very low, but that someone could hack into a pacemaker without apparent motive.
She referenced a case from 2008 in which a hacker reportedly tried to induce seizures in epilepsy patients by putting rapidly flashing images on an online forum run by the Epilepsy Foundation.
I emphasized Denning's comments because in my experience those are "famous last words." If there is a way to profit from exploiting a vulnerability, be assured, it will be exploited.

Additional Resources


Friday, April 23, 2010

Medical Implant Issues: Part 1, A True Story

When I started this article, I thought I could place it into a single posting.  However, having written just the first section, noted it's length and how much more there was to write.  Thus, I decided to turn this into a serialized publication just as I am doing with HE-75.  Thus, here is Part 1 ...

Part 1: Background Story

Before I dive into the technical details of this issue, I want to tell a true story from my own experience.  It involves a friend of mine.  (I need to be vague regarding the person's identity including gender and how I came to know this person.  As you read this, you'll understand.

My friend was incredibly intelligent (e. g., the best applied statistician I have ever known) and physically attractive, and diagnosed as a paranoid schizophrenic.  In the early 1990's, my friend underwent back surgery.  To my amazement, my friend claimed that the surgeon had placed a "chip," small processor into the person's spinal cord.  My friend said that the chip could be activated by people with controls that looked like garage door openers.  When activated, the chip would cause my friend to have a sudden, overwhelming desire to have sexual relations with the person who had activated the chip.  My friend called this chip a "tutu."

At the time I had been part of the cutting-edge technology community to know that such a chip was absurd.  And I told my friend that this chip did not exist. My information was not well received by my friend who was convinced of the reality of this chip.

I tell this story because at the time my friend informed me of the "tutu," the idea of embedding a chip in a human being and activate it using wireless means was patently absurd.  Embedding programmable chips with wireless communications less than a decade and a half later is no longer considered absurd, but real.  And for some people, frightening with religious overtones.  Consider what the Georgia state legislature just passed and you'll understand what I mean.  Here's a link to that article: Georgia Senate Makes "Mark of the Beast Illegal."

The reaction from the Georgia Senate makes my paranoid-schizophrenic friend's story seem plausible.  Interestingly enough and I did not realize it at the time (but I do now), that was my introduction to wireless, medical remote programming.  As I said, my friend was extremely intelligent and as it turned out more creative and prescient than I realized at the time.  Turns out that today a device embedded in the spinal cord with the ability to trigger sexual experience is real.  And the ability to embed microprocessors and controls in people with the capability of wireless communication and medical management is also real.

I tell you that story not to make light of people's stories and fears, but as a "sideways" introduction to the technical topic of dealing with multiple, embedded medical monitoring and remote programming systems.  And to suggest that people may have real fears and concerns regarding the capabilities that technologists like myself often overlook.  In this series I discuss real and imagined fears as well as the technical problems with multiple, implanted devices.

Part 2: Multiple, Implanted Wireless Communicating Devices

Books sold by Amazon that might be of interest in this series

New Frontiers in Medical Device Technology

MEMS and Nanotechnology-Based Sensors and Devices for Communications, Medical and Aerospace Applications

Remote Monitoring Demonstration System for Diabetes & COPD Available

I want to share the article and it's link to the the demonstration systemHere are a few quotes from the article.

Health Revolution Sciences Inc. has launched a new Website demonstrating its remote health care monitoring capabilities for perspective patients and care givers.
Called ForVida, the software application represents a sea change in health care technology. 
The software allows physicians and patients to watch streaming cardiac telemetry or reference steadily growing actionable patient EKG and heart rate histories.

The system apparently uses a communication model similar to one I have described in an earlier article.  (  I do not know what data integrity and security measures they have taken.
The article can be found at:

Wednesday, April 21, 2010

Remote Monitoring and Preventing Unnecessary ICD Shocks

In 2009 there was an interesting editorial written by Joseph E. Marine from Johns Hopkins University School of Medicine, published in the journal, Europace (European Society of Cardiology).  The title of the editorial was "Remote monitoring for prevention of inappropriate implantable cardioverter
defibrillator shocks: is there no place like home?
The entire article can be found at the following location:
For those of you unfamiliar with ICD's (implantable cardioverter
defibrillator), the ICD delivers a relatively high-voltage shock to the heart when conditions indicate that the heart may be about to go ventricle fibrillation (a rapid irregular heartbeat that will likely lead to death) or that the heart ceases beating.  The latter condition is easily detected, however, determining the former condition is more difficult.  Because the conditions are not always clear, ICD (and a companion system, the CRT-D) too frequently deliver shocks unnecessarily. (I have discussed issues related to detection in other articles in the blog.  Here are the links to those discussions:,  Another reason that an ICD might deliver unnecessary shocks would be because of sensor lead failure or near failure. 

Joseph Marine examined the value of remote monitoring to the prevention of unnecessary shocks.  He concluded that remote monitoring was particularly suited to providing early detection of failing sensor leads.  However, ...
[f]inally, most inappropriate ICD shocks are not caused by
lead failure, but rather by supraventricular arrhythmias, and this
study does not provide any evidence that home monitoring
reduces risk of inappropriate shocks from this cause.
In other words, remote monitoring could not aid with improving the false positive rate - the delivery of unnecessary shocks.

To those who have not been involved with ICDs, it may seem that the delivery of an unnecessary may not be so bad given the alternative, that a failure to deliver a shock will likely lead to the patient's death.  And there are many cardiologists who will argue the case for a "hair-trigger" system - acceptance of false positives, but no acceptance of false negative: that is a failure to deliver a shock when conditions warrant.

However, unnecessary shocks will do damage over time.  Furthermore, those patients who have received a shock describe it as feeling like "... a mule kicked" them in the chest.  I know of situations where patients who a received shocks eventually have the ICD removed

So, I want to make the case to the medical device industry that remote monitoring may be the key to solving the false positive problem.  In that the data that remote monitoring systems collect and transmit may lead to better detection and discrimination.  In addition with reference to my article on prediction, remote monitoring may enable physicians to tune ICDs based on specific predecessor events that could enable remotely adjusting the parameters on the ICD to allow better targeting.

I'm not an expert in this area.  However, I know enough about indicator conditions in other areas that can be used to adjust systems and improve their accuracy.

HE-75: Collecting Data and Modeling Tasks and Environment

This article expounds on my earlier article related to AAMI HE-75: Know what thy user does and where they do it. 

Collect and Represent the Data

Ideally the first steps in the design process should occur before a design is ever considered.  Unfortunately, in virtually every case I have encountered, a design for the user interface has already been in the works before the steps for collecting user and task related data have been performed.

Nevertheless, if you are one of the people performing the research, do as much as you can to push the design out of your mind and focus on objectively collecting and evaluating the data.  And, in your data analysis, following the data and not your or the preconceived notions of someone else.

There are a variety of means for collecting data and representing it.  The means for collecting the data will generally involve:
  • Observation - collecting the step-by-step activities as a person under observation performs their tasks.
  • Inquiry - collecting data about the a person's cognitive processes.
Once the data has been connected, it requires analysis and representation in a manner that is useful for later steps in the design process.  Data representations can include:
  • Task models - summary process models (with variants and edge cases) of how users perform each task.  This is different from workflow models in that in task models no references to specific tools or systems should be included in the task model.  A task model should be abstracted and represented at a level without reference to actions taking place on a particular device or system.
  • Workflows - summary process models (with variants and edge cases) similar to the task flows with reference to a particular device or system.  For example, if the user interface consists of a particular web page, there should be a reference to that webpage and the action(s) that took place.
  • Cognitive models - a representation of the cognitive activities and processes that take place as the person performs a task.
  • Breadth analysis - I have noted that this is often overlooked.  Breadth analysis organizes the tasks by frequency of use and if appropriate, order of execution.  This is also the place to represent the tasks that users perform in their work environment but were not directly part of the data collection process.
Detailed Instructions

I cannot hope to provide detailed instructions in this blog.  However, I can provide a few pointers. There published works on how to collect, analyze and model the data by leaders in the field.

Here are three books that can recommend and several can be found in my library:

User and Task Analysis for Interface Design by  J. Hackos & J. Redish

I highly recommend this book.  I use it frequently.  For those of us experienced in the profession and with task and user analysis, what they discuss will seem familiar - as well it should.  However, what they do are provide clear paths and methods for collecting data from users.  The book is well-structured and extremely useful for practitioners.  I had been using task and user analysis for a decade before this book came out.  I found that by owning this book, I could throw all my notes away related to task and user analysis, and use this book as my reference.

Motion and Time Study: Improving Work Methods and Management 
by F. Meyer
Motion and Time Study for Lean Manufacturing (3rd Edition) by F. Meyer & J. R. Stewart

Time and motion study is a core part of industrial engineering as the means to improve the manufacturing process.  Historically, time and motion studies go back to Fredrick Taylor ( who pioneered this work in the later part of the 19th and in early part of the 20th Century.  I have used time and motion studies as a means for uncovering problematic designs.  Time and motion studies can be particularly useful when users are engaged in repetitive activities and as a means for improving efficiency and even as a means for reducing repeated stress injuries.  The first book I have in my library however it is a bit old (but very inexpensive) so I include the second book by Meyers (and Stewart) that more recent.  I can say that the methods of time and motion can be considered timeless, thus adding a book published in 1992 can still be valuable.

Time and motion studies can produce significant detail regarding the activities that those under observation perform.  However, these studies are time-consuming and as such, expensive.  Nevertheless, they can provide extremely valuable data that can uncover problems and improve efficiency.

Contextual Design: Defining Customer-Centered Systems (Interactive Technologies) by H. Beyer & K. Holtzblatt &

Rapid Contextual Design: A How-to Guide to Key Techniques for User-Centered Design (Interactive Technologies) by K. Holtzblatt, J. B. Wendell & S. Wood

The first book I have in my library, but not the second.  I have used many of the methods described in Contextual Design before the book was published.  The contextual design process is one of the currently "hot" methods collecting user and task data, and as such, every practitioner should own a copy of this book - at least as a reference.

I believe what's particularly useful about this contextual inquiry is that it collects data about activities not directly observered.  It's able but that affect the users and the tasks that they perform.  For example, clinicians engaged in the remote monitoring of patients often have other duties, many of them patient related.  Collecting data exclusively targeting remote monitoring activities (or the activities specific to a targeted device or company) can miss significant activities that impact remote monitoring and vice versa

Additional Resources

As a graduate student, I had the privilege of having my education supported by Xerox's Palo Alto Research Center.  I was able to work with luminaries of the profession, Tom Moran and Allen Newell on a couple of projects.  In addition I was able to learn the GOMS model.  I have found this model useful in that it nicely blends objectively observed activities with cognitive processes.  However, the modeling process can be arduous, and as such, expensive.  

Allen Newell and Herbert Simon are particularly well known for their research on chess masters and problem solving.  They were well-known for their research method, protocol analysis. Protocol analysis is a method that has the person under observation verbally express their thoughts while engaged a particular activity.  This enables the observer to collect data about the subject's thoughts, strategies and goals.  This methodology has been adopted by the authors of contextual inquiry and one that I have often used in my research.

The problem with protocol analysis is that it cannot capture cognitive processes that occur beyond the level of consciousness, such as the perception.  For example, subjects are unable to express how they perceive and identify words, or express how they are able to read sentences.  These processes are largely automatic and thus not available to conscious processes.  (I shall discuss methods that will enable one to collect data that involves automatic processes when I discuss usability testing in a later article.)  However, protocol analysis can provide valuable data regarding a subject's thoughts particularly when that person reaches a point where confusion sets-in or where the person attempts to correct an error condition.

Here's a link from Wikipedia:

Another book that I have in my library by a former Bell Labs human factors researcher, Thomas K. (TK) Landauer, is The Trouble with Computers: Usefulness, Usability, and Productivity.

This is fun book.  I think it's much more instructive to the professional than Don Norman's book, The Psychology Of Everyday Things.  (Nevertheless, I place the link to Amazon just the same.  This is a good book for professional in the field to give to family members who ask "what do you do for a living?")  

Tom rails against the many of the pressures and processes that push products, systems and services into the commercial space before they're ready from a human engineering standpoint.  Although the book is relatively old, many of the points he makes are more relevant today than when the book was first published.  The impluse to design user interfaces without reference or regard for users has been clearly noted by the FDA, hence the need for HE-75.

Monday, April 19, 2010

Market Research Report Available: Remote & Wireless Patient Monitoring Markets

A new market research report has just been made available that discusses the market and investment potential of remote and wireless monitoring of patients.  I do not endorse this study or suggest it's purchase.  I am making it's existence known.

Here's a list of some of disorders covered by the study:
  • Asthma
  • COPD
  • CHF
  • CHD 
  • Diabetes 
Here are a few quotes from the press release:

Patient monitoring systems are emerging in response to increased healthcare needs of an aging population, new wireless technologies, better video and monitoring technologies, decreasing healthcare resources, an emphasis on reducing hospital days, and proven cost-effectiveness.
Of these new high-tech patient monitoring systems, nearly all focus on some form of wireless or remote patient monitoring. ...
...  the following companies are profiled in detail in this report:
  • Abbott Laboratories, Inc
  • Aerotel Medical Systems
  • GE Healthcare
  • Honeywell HomMed LLC
  • Intel Corporation
  • Philips Medical Systems
  • Roche Diagnostics Corporation

Here's the link to the press release and links to purchasing this study:


Saturday, April 17, 2010

Article: Investments in Real Time Medical Monitoring

This is an article targeted to the investment community regarding investment in real time medical monitoring.  I do not endorse anything in this article.  However I do find it interesting.  I do not know the track record of this publication.  Nevertheless, here a link to the article:

Article: Initiation of a Telemonitoring Study of Heart Failure, COPD and Diabetes Patients

A study will be performed by researchers from Case Western Reserve University and Cleveland State University with patients suffering from heart failure, diabetes and COPD.  The objective of the study will be to determine how effective remote monitoring is with maintaining the health of these patients and with keeping them out of the hospital.

Here's a link to a report on this study: 

Additional Resources


 The Complete Guide to Understanding and Living with COPD: From A COPDer's Perspective 

COPD For Dummies 


Diabetes For Dummies (For Dummies (Health & Fitness)) 

Tell Me What to Eat If I Have Diabetes: Nutrition You Can Live With 

The Official Pocket Guide to Diabetic Exchanges 

Heart Failure

The Cleveland Clinic Guide to Heart Failure (Cleveland Clinic Guides)

Manual of Heart Failure Management

Friday, April 16, 2010

Medtronic Remote Monitoring Study: CONNECT

At the American College of Cardiology 59th annual conference George H. Crossley, MD presented evidence that cardiac patient from remote monitoring (one scheduled in-office visit per year with remote monitoring) verses standard in-office care (four in-office visits per year) cuts the time between the time a cardiac or device related event occurs and when a treatment decision is made.

The title of the study: "The clinical evaluation of the remote notification to reduce time to clinical decision (CONNECT) Trial: The value of remote monitoring."

I present a summary of the method and the results of the study gleaned from the slides presented by Dr. Crossley at the conference.


Tested hypothesis: Remote monitoring with automatic clinician notifications reduces the time from a cardiac or device event to a clinical decision.

Additionally investigated were rates utilization of the health care system including hospitalization and between treatment groups.


Study participants:  1997 newly implanted CRT-D and DR-ICD patients from 136 US centers were randomly assigned to one of two groups. The first group had 1014 patients assigned to the remotely monitored group and the second had 983 patients assigned to the standard in-office care group. The patients were reasonably well matched for age and gender characteristics.  (A procedure similar to the Biotronik TRUST studies.)

The patients were followed for 12 months.  (On first reading, I found the the time relatively short in that I would not expect enough differentiating events would occur during that time.  However, on further reading, I believe my first impression was incorrect.)


Time from Event to Clinical Decision

The median time (used nonparametric inferential statistics for the analysis) from the cardiac or device event to clinical decision was 4.6 days in the remote group and 22 days in the in office group. This difference was significant.  The remote group involved 172 patient while the in-office group involved 145 patients.

The cardiac/device events included:
  • Atrial Tachycardia/Fibrillation (AT/AF) for 12 hours or more
  • Fast Ventricular rate. Of at least 120 beats per minute during at least a 6 hour AT/AFT event
  • At least two shocks delivered in an episode
  • Lead impedance out of range
  • All therapies in a specific zone were exhausted for an episode
  • Ventricular Fibrillation detection/therapy off
  • Low battery
Total number of events Remote group: 575 and In-office group: 391.  The slides show the breakdowns.

Office Visits

The number of office visits per patient reported are shown below.
                        Scheduled     Unscheduled      All office
Remote group:     1.68              2.24              3.92
In-office group:    4.33              1.94              6.27

The TRUST studies showed a slight increase of more unscheduled visits for the remote group. However, given the nature of the study and that remotely monitored patients would receive only one in-office visit per year, it's remarkable how similar the numbers between the two groups are.

Utilization of the Health Care System

Number of incidents where patients used the health care system show virtually no difference, hospitalization or emergency room. 

However, a remarkable difference was the significant difference in length of stay when there was a hospitalization. The remote group had a mean hospital stay of 3.3 days while the in-office group was 4.0 days with an estimated savings per hospitalization of $1659.


The CONNECT and (Biotronik) TRUST studies show clear benefits from a number of standpoints for remote monitoring.  In addition, the CONNECT study showed clear cost and hospital resource utilization benefits from remote monitoring in that hospitalized patients had shorter stays indicating that they were in better shape than patients in the in-office group when admitted to the hospital.  Quick responses seem to lead to better outcomes as well as cost reductions.

Reader Article: Controlling Glucose Level to Prevent Diabetes

 Here's something I have been wishing for ... a guest article authored by one of my readers.  If you have something that you would want me to publish in this blog, by all means, please send it and if I think it has technical merit and seems appropriate, I shall publish it.  

This article is written by Kristina Ridley who writes for the diabetes blood glucose  blog. ( is her personal hobby-blog that focuses on healthy eating and tips to measure blood glucose levels at home to help people understand early diabetes symptoms.  

This article may have bearing on remote monitoring technology for diabetes in the what people consume has likely impact on glucose and insulin levels.  I know that heart failure patients (whom I understand are often diabetic) can remotely report to caregivers their weight, blood pressures, etc.  I would seem reasonable that diabetics could report their food and fluids intake for remote monitoring by their caregivers. 

I am particularly interested in Kristina's last section, "Too Much Control."  My experience in cardiac rhythm management suggest close monitoring and control are strong positives.  I hope that Kristina or someone else could write a rejoinder to this section.

Here is Kristina's unedited article:

Here’s a Quick Way to Control Glucose Level to Prevent Diabetes

Our pancreas is affected by diabetes – specifically, Type 2.Our body contains glucose found in the blood stream, which it gets from the sugar in food. Our body uses the glucose, but only when it goes into our blood cells and the insulin released by our pancreas converts it. Insulin production and utilization is difficult for someone who lives with Type 2 diabetes. There is a lot of glucose in the body, but your cells cannot locate them.

The American Diabetes Association has become very important when it comes to gathering critical information about this medical condition. With approximately 23.6 million citizens living with diabetes, America is an extremely unhealthy country. Over 90% of all patients with diabetes have Type 2.Most diabetics tend to be overweight and have relatives with the same condition. Too much glucose can cause serious, irreparable damage to internal organs and to the overall nervous system.

Diabetes and Your Life

If you have Type 2 diabetes, you need to live in a healthy manner. Living healthy and engaging in healthy practices will affect you tremendously. Two common examples of healthy routines include exercising and consuming healthy foods. Making sure that your glucose levels stay in the recommended range translates into being able to avoid complications in your health. A finger prick test is a common and reliable way to monitor your body’s blood glucose levels. 
This test, according to physicians, is sufficient enough for glucose monitoring like the HbA1c test. The amount of glycated hemoglobin in your blood is determined by this HbA1c test, aside from it alerting you if you reach a high glucose level. Results of these A1c tests show that people with diabetes are at a seven percent level. The CDC reports that if one maintains their a1c levels at seven percent, they could reduce the possibility of risks as high up as forty percent.

Too Much Control 

Recently, there have been medical studies that seem to indicate that maintaining A1c levels below 7% may be a bad idea after all. One of these studies, conducted at the Lancet and Swedish Medical Center in Seattle, has found that people who have median levels may be at a far greater risk of death, especially for those taking insulin. However, other tests have indicated that A1c levels of 7 percent is still perfectly healthy. Matt Davies, An accredited Endocrinologist, has stated that maintaining a 7% A1c level is healthy according to recent studies, but that physicians should always take the individual patient's history into account prior to planning treatment.

Kristina provides diabetic recipes in here blog.  In addition, I have provided a link to Amazon that will initiate a search for diabetic cookbooks.
Search for diabetic cookbook

Why the Moniker "RemoteProgrammerGuru?"

For those who have wondered ... there is a story behind why I use the moniker, "RemoteProgrammerGuru."  Any identity that has as part of the name, "guru" could be considered more than a little ostentations.  Here's the definition as provided by Wikipedia:

The definition describes someone with "supreme knowledge."  Fortunately for me, the term in India is synomous with "teacher."  For me, the "term" teacher was more appropriate and the role of a teacher came as a surprise.

I was part of a project where remote programming was the technical centerpiece of a proposed solution.  Frankly, I was new to remote programming for medical devices ... as are most.  However, I have a rich telecommunications background including expertise in wireless communications.  (I was the principal investigator on two federally funded telecommunications research grants.)  I know the technologies and I know how things work. 

As it turned out, I knew more about telecommunications than my colleagues who had been working in remote programming for longer than I ... much more.  And I started teaching them, about communications and about remote programming and necessary processes to insure communication integrity.  In effect, I became a "guru," a teacher.

Finally, since remote programming when designed and implimented correctly, involves sophisticated monitoring, I decided to incorporate the term "remote programmer" to represent someone who informs people about remote monitoring and programming.  Thus the moniker, "RemoteProgrammerGuru" was created.

Friday, April 9, 2010

Announcement: Biotronik has MRI Conditional Pacemaker Approved in Europe

Announcement that Biotronik has gained European approval for an MRI conditional pacemaker and leads.  Here's a link to the announcement from Business Wire:

I have worked on the usability issues related to providing MRI conditional pacemakers and leads.  Without disclosing too much, my work related to MRI conditional pacemakers and leads got me interested in remote monitoring and remote programming.  So, for me there's a link between MRI conditional pacemakers and leads, and remote monitoring and programming.

Article: Updates to the Development of Medical Body Area Networks (MBANS)

Mobihealth News has published an article indicating that Philips is interested in a 10MHz spectrum dedicated to MBANS.  Here's the link to the article:

Mobihealth suggests that Philips is taking a different approach to MBANs than GE who wants 40Mhz of spectrum dedicated to MBANs.  The GE is interested in MBANs that would be used in hospitals.  Philips is interested in the deployment of MBANs to the field, and that Philips would produce consumer and not medical grade products.  I am not sure how this could work in the US.  However, this development is worth continuing attention.

Article: Wireless Remote Monitoring Prevents Complications of Chronic Diseases

An interesting article about the benefits of remote monitoring in the care of patients with chronic diseases from the Press of Atlantic City, 8 March 2010.  Here's the link to the article:

Quotes from the article:
Improving management
By early 2012, Americans will use about 15 million wireless health-monitoring devices, according to a forecast from ABI Research, which tracks mobile-technology trends. The mobile health market is projected to more than triple to $9.6 billion in 2012 from $2.7 billion in 2007, according to study from Kalorama Information Inc
[T]he first pilot project in the nation to assess whether the use of remote digital devices with data sent over the Internet to a doctor's office improved management of multiple chronic diseases - diabetes, heart disease and high blood pressure, also known as hypertension. 
Diabetics and hypertensive patients increased the number of days between appointments by 71 percent and 26 percent respectively ...
"One of the great promises of wireless (health) is making it a part of the patient's daily life, not an interruption to what they're doing every day," ...
From personal experience I believe the last sentence I quoted is among the most important in the article.  The entire process should be so smooth, so automated, so uncomplicated and unintrusive that the patient's life is uninterrupted and that the data is seamlessly collected and sent to the patient's caregiver.

Two other items to note.  The first is a brief discussion of the sensors connected to the patient's body.  They mention band-aid size electrodes.  I am not sure if these are the "digital plaster" that I've discussed in an earlier article.
Or something else.  I do not know, but it would be interesting to find out.  If I have any informational, I'll post it.  If you have any information, please enlighten us with a comment.

The second issue of note is the discussion in the article regarding payment, and who will do it.  Given the convoluted nature of our system of payments, this will be the most difficult issue to resolve, I believe.  It's ironic considering that remote monitoring saves money.   I think the technical issues will be minor in comparison.  I hope I am proved wrong.

Remote Monitoring/Programming and Diabetes Management

Diabetes management is a personal area of concern for me.  No, I'm not diabetic.  However, my late mother-in-law was.  She had Type II diabetes; however, she was not overweight.  She died of a sudden cardiac arrest that was a direct result of her diabetes.  Although she did a great deal to manage her diabetes, her insulin would swing widely.  Those wide swings damaged her heart muscles leading to a cardiac arrest.  I can't help but believe if remote monitoring had been available to her, that she should would be alive today.

In the past my primary topical area has been cardiac rhythm management.  I plan to broaden my focus. Diabetes management using remote monitoring and even remote programming will be a topical area of increasing focus in this blog.  In later weeks I plan to branch out into COPD.

For those of you who have domain expertise in diabetes management and COPD, I would appreciate your comments.  You can make your comments in the comment area of this blog or email them to me.  Whatever way you feel the most comfortable.

To get things started, I have three links that I would like share.  The first link is a blog article titled, "Finding patterns in diabetes treatment may be key for telemedicine."  The article is a brief discussion about a presentation by Dr. David Klonoff of Mills-Peninsula Health Center and UC San Francisco.  His focus was on Type I diabetics, however, I believe what he discussed has significant implications for Type II diabetics as well.  Dr. Klonoff's interest is technology "...for automatic measurement of blood glucose, automatic dose calculation, and automatic insulin delivery."  From the article ...
For this ideal scenario to develop, five technologies need to be solved, and Klonoff sees printed electronics being used in every one:
  • Self-monitoring of blood glucose
  • Continuous (and ultimately non-invasive) monitoring of blood glucose
  • Alternate routes for delivering insulin rather than needles, such as micro-needles. (Klonoff referred to work being done at UC Berkeley; I saw some demonstrated at the University College Cork/Ireland (PDF poster here) although using traditional semiconductors, not printed electronics.)
  • Artificial pancreas
  • Telemedicine
 In the quotation above, there are several links.  The one of greatest interest to me and to this forum, is the "non-invasive" link.  This will link you to an article titled, "The Search for Noninvasive Glucose Technology That Works: Where It Stands Now".

The article is a discussion of a need for a means for non-invasive monitoring of glucose levels.  The capability of having a non-invasive means of monitoring glucose levels would go a long ways towards supporting automatic, remote monitoring of glucose levels.  This could be an extension of the body area networks work (BANs).  So if anyone has any ideas in this area, apparently this is a wide open area for invention.

Finally, I want to provide a link to a brief report by the Whittier Institute of Diabetes.  The report is undated, but a brief review of the document's properties indicated that it was created in 2004.  It's not as recent as I would like, however, I believe that it's findings are relevant.  In summary, it showed that even relatively crude means for monitoring diabetes could lead to some positive outcomes at relatively low cost. 


Thursday, April 8, 2010

More on Knowing Thy Target User Population

Before moving forward into product development, I want to elaborate on the issues in my first two articles. This article elaborates on the importance of knowing the target population and ways to gather that information.  

The next article will discuss  I have had some recent experiences that reinforced that importance of defining and clearing understanding the targeted user population. And the importance of fully understanding and documenting what those members of the user population do and the environment(s) wherein they live and work.

Before proceeding any further, please review my previous article on understanding your target population. The link to the article is below:

HE75 clearly emphasizes the importance of understanding your target population.   The standard instructs that companies who develop medical devices should:
  1. Know their targeted user population
  2. Involve users early and often
  3. Accommodate user characteristics and capabilities. And in order to do this, one must first know what they are.

The information gathered about a target population should enable one to clearly define the qualities and characteristics of that population.  This can be particularly important when designing medical devices, particularly when those devices are targeted to patients. 

I have seen organizations a company, organizations that include program management, marketing and engineering assume that they know the characteristics of the targeted population.  Once the product is deployed, the company comes to a rude awakening and learns that their assumptions were often times false.  Neither the company nor the targeted user population(s) benefit from such a failure.

Methods for Gathering Target Population Data

The target population data is the most elemental data in the product development process.  All the descriptions about the targeted user population, their characteristics, culture and capabilities originate from this step in the research and development process.

So, how is this crucial data gathered? First, a confession ... the amount of work I have performed at this stage of the process has been limited.  My training is in cognitive psychology and computer science.  Most often I have been the recipient of such information about the targeted user population.  I have used the results of this first step as a means for recruiting subjects in my usability experiments and evaluations.  The training that is most suited to gathering this kind of data is anthropology and sociology.  The process of collecting target user population data draws on ethnographic and participant observation research methodologies.  The research can be observational.  It can be based on questionnaires administered orally or in writing.  It can be structured interview.  It can participant observation where the observer becomes participates in the activities of the target population.  It can be a combination of a variety of methods and include methods not listed above.  

The objective is the development well-grounded description that captures the important, defining characteristics of the target population.  The description can be provided in variety of ways, verbal or graphic.  The description should use the clearest and most appropriate methods available to covey that information to the members of the product development organizations.

Interestingly enough, I have used the data gathering methods I listed above.  However, I used those methods to collect data for the second step, Knowing what the user does and where they do it.  In other words, to gather task and environmental data.

Potential Costs for Failure to Correctly Define the Target User Population

Consider the following scenario ... that I collect task and environmental data about the wrong population, about a population that is not the target population.  What is the value of the results of my research?  And what could be the cost to the company for this failure?  What could be the cost to the target user population, to have a device with a user interface unsuited to their needs?

In reality, the cost could be high, but the product may not be a dismal failure.  Given the fact that we are all human, we share a wide variety of characteristics.  However, in the more stringent regulatory environment that is anticipated, it could mean delay, additional research, engineering and product development costs.  If the product is intended to provide a new capability to providers and/or patients, a delay could mean that a competitor could be first to the market the product.  Thus company could miss the competitive advantage to being first.

I have recent experience with two products targeted to patients. In one case the target population was well understood and well defined, and members of that population were used in usability testing.  In another case, there was a limited understanding of the target population by the research and development organization. And no member of the target population involved at any stage of the research and development process or in the development of the user interface.   In the first case where the target population was well understood and well defined, the user interface research and development process was clear and logical.  On the other hand, the research and development process that did not have a clear understand of the target population is struggling, it is learning as it goes.  Each time it learns something new about its target population, the user interface has to be updated.  It has been a costly process with constant reworks of the user interface.  So many reworks that the integrity of the original design has been lost.  It appears deconstructed.  At some point the entire user interface will have to be redesigned and that will likely come at the behest of the FDA enforcing HE75.

A Final Thought

HE75 instructs that medical product user interfaces should accommodate a diverse groups of users and should be maximally accessible. I see this as design objective of any user interface in that vernacular should be limited as much as possible and that limiting qualities should not be designed in or should be removed when detected. However, all products may not be accessible to all users but should be clearly accessible to the target population.  And I believe that the FDA will insist on this.