Friday, March 20, 2015

Remote Medicine: Virtual Doctor Visits and Virtual Doctors

I had a chance to review the page-hits I received over the life of this blog and it turned out that my short posting regarding an article in the Washington Post that discussed virtual doctor visits was the one most requested. Frankly, I found this flabbergasting, because this blog was founded on the belief that remotely practiced medicine can be good medicine ... as good or potentially better than the medicine practiced in offices, clinics and hospitals. And I'm going to take it a step further with the idea that virtual doctors may be just for those who live in rural areas or even in difficult circumstances inner cities, virtual doctor visits may be the wave of the future ... and you'll be better for it.

Let's explore ...

Virtual Doctor Visits


Title: Five Reasons Virtual Doctor Visits Might be Better than In-Person Ones by Jonah Comstock (8 May 2013).

The five reasons listed all make sense. They are:
  1. The visits are convenient for both the doctor and the patient. 
  2. The virtual waiting room is better than the doctor's office, clinic or hospital. 
  3. Enables greater patient engagement through screen sharing
  4. Automatic and more convenient record keeping
  5. Patients have the sense that doctors are paying better attention to them during a virtual visit
Virtual doctor visits seem to be in the upswing in Canada as well as this article explains. Link: http://www.ctvnews.ca/health/doctors-increasingly-making-virtual-house-calls-1.1907050

And another in depth article with a video from a Virginia news outlet, The Daily Press published in July 2014: http://www.dailypress.com/health/dp-nws-telemedicine-diagnosis-20140727,0,1252177.story

Personally, I would prefer a virtual visit over the need go to the doctor's office, clinic or hospital.

Virtual Doctors

While virtual doctor visits certainly seem to be on the upswing with increasing acceptance, the idea that a computerized physician could be your primary physician would seem to most like science fiction. And at this point in time, it is. However, computerized medicine doing the things that only physicians once performed has been the works for decades. In later posts, I'll explore this in greater detail.


Much of my writing on these topics will be in conjunction with my further explorations of the Apple Watch and its emerging capabilities.

Stay posted. 


Apple Watch: An Emergent Medical Monitoring Device?

Apple has been grappling with the design and capabilities of a smart watch for years. Apple CEO Tim Cook announced that Apple would produce a smart watch in September 2014. The initial rollout is scheduled for 25 April 2015.

Tim Cook has suggested that the Apple Watch would do more than provide its owner with the time and as a wearable means to communicate with your iPhone ... something that you would rather leave in your pocket or purse. He suggested that this device could also serve as a means to assist people with monitoring their health and fitness. But can this device that is strapped to your wrist really do that?

Research on Smart Watches and Their Owners


Before doing the deep dive into the Apple Watch, I want briefly discuss some of my experience with researching smart watches. I can't divulge all the details of that research because some of that work that I was part of a research team is proprietary. I can say a few things about smart watches, the variety of their capabilities and some of the opinions about them that people who have used them have provided.

The smart watches that we used in our research had capabilities that fell into two categories. The first were capabilities that allowed the owner to communicate with and control their smartphone. For example, a smart watch would allow an owner to control music or podcasts being played or allow the owner to make and receive calls through the smart watch. Communication between the two devices was over Bluetooth (IEEE 802.15.1) The second were independent capabilities this can include GPS map capabilities, collecting and displaying running or cycling distances and routes. And providing the date and time.

We found that owners of smart watches were initially excited and enthusiastic about owning a smart watch. However, over time that excitement and interest disappeared ... and disappeared to the point where most owners were considering ways to rid themselves of their smart watches. Based on our research, smart watches seemed like a good idea. But once initially-enthusiastic owners tried to incorporate smart watches into their lives, their response to them became negative.

Apple Watch


The Apple Watch is almost upon us with great fanfare. Based on photographs and my read of the hardware and descriptions of the Apple Watch, it appears to be stylish that its predecessors ... an important quality. It appears that it will have many of the same capabilities as it's predecessors as well ... the ability to communicate with and control the owners iPhones (5 or later) - the smart watch will have Near Field Communication (NFC), Bluetooth (4.0), a speaker, microphone and a touch screen to enable communication and control - and a number of independent capabilities based on the following embedded sensors: accelerometer, gyroscope, heart rate sensor and barometer.

Beyond the heart rate sensor, what else might make the Apple Watch a wearable system to assist people with their health and fitness? I'm not sure, but what I found interesting about the Apple Watch, what makes it potential game changer in the realm of health and fitness is this: WiFi (802.11 b/g/n).

From all that I can tell, the inclusion of WiFi could be something that might make the Apple Watch something significant with respect to means for medical monitoring. WiFi is different from Bluetooth in that Bluetooth creates a dedicated one to one communications channel. A WiFi access point (AP) can support multiple, simultaneous connections. Is Apple working with other companies to create new body sensors that can communicate with the Apple Watch using WiFi? It's plausible and well worth watching. 

Monitor this blog ... more on this to come.


Sunday, July 27, 2014

RIP: Death by Medical Error, 400,000 year in the US

In 2013 there were over 35,000 traffic deaths in the US. That's over 10 fatalities per 100,000. (Scotland appears the safest at just over 3 per 100,000, Germany by contrast has a rate less than 5 per 100,000, Argentina has over 12 per 100,000 and South Africa the "winner" per over 27 per 100,000.)

Contrast that with an estimated 400,000 deaths by medical errors ... that's around 130 deaths per 100,000. I don't know about you, but for me that raises real concerns. When I got into the field of human engineering for medical devices in 2009, I saw reports of around 100,000 per year in the US. I found that shocking. Now it's being reported that medical errors are killing 4 times more people than we originally believed? Takes your breath away.

The article that reports this finding is:

James, John T. (2013) A new evidence-based estimate of patient harms associated with hospital care. Journal of Patient Safety, Lippincott Williams & Wilkins.

Here a link to the article that report this with a portion of the abstract. The article is free and worth reading.

Link: http://journals.lww.com/journalpatientsafety/Fulltext/2013/09000/A_New,_Evidence_based_Estimate_of_Patient_Harms.2.aspx

Abstract (Redacted)

Based on 1984 data developed from reviews of medical records of patients treated in New York hospitals, the Institute of Medicine estimated that up to 98,000 Americans die each year from medical errors. The basis of this estimate is nearly 3 decades old; herein, an updated estimate is developed from modern studies published from 2008 to 2011.
[T]he true number of premature deaths associated with preventable harm to patients was estimated at more than 400,000 per year. Serious harm seems to be 10- to 20-fold more common than lethal harm.

Another article that suggests that death by medical error may still be underreported

Here's a recent article in Baltimore's THE SUN that describes how Maryland hospitals are underreporting their medical errors. This is likely just the tip of the iceberg nationally on this story. 


This article cites the James article above.

Saturday, July 26, 2014

How This Blog Got Going: MRI Safe and Conditional Pacemakers, Reprise

I have decided to return to the thing that I was working on when I started this blog ... an MRI conditional pacemaker. Specifically, an MRI conditional pacemaker for St. Jude Medical. At the time I was Lead Human Engineering Clinical Systems Engineer on this project. Before I go any further I would like to distinguish between MRI conditional and MRI safe devices. It is important to distinguish between the two.

MRI Conditional v. MRI Safe

Having an MRI safe implanted cardiac device is the ideal situation. If the cardiac device is MRI safe, it means that a device patient can be "popped" into an MRI without any changes to the device. For the patient it's just like the person does not have an implanted device. The only difference is that the resulting imagery from the MRI around the device may not be as good if the person did not have an implanted device. 

An MRI conditional device presents some significant procedural challenges to all those involved. If a person has an MRI conditional device, certain conditions must be met before the device patient is allowed to enter the MRI. When I was working at St. Jude Medical, changes in the settings that operate the device are required before the patient enters the MRI. Once scanning is complete, the settings need to be changed back to their normal, operational settings.

As of publication of this article, only one medical device company has a commercially available MRI safe pacemaker, Biotronik. St. Jude Medical and Medtronic have commercially available MRI conditional devices. 

When I was work at St. Jude, the only cardiac device being engineered to permit patients to have MRI scans were pacemakers. At the time ICDs and CRTs were not considered for MRI compatibility. However, apparently, Biotronik has developed an MRI conditional ICD that is commercially available ... at least in Europe.

There are other issues regarding MRI compatibility such as whether there are limits on the area that can be scanned a cardiac device patient ... something other than a full body scan. The allowable limits on how much can be scanned are continually in flux. But this particularly issue does not have anything to with the story I want to tell.

My Experience with the MRI Conditional Project

The St. Jude Medical MRI conditional pacemaker was engineered to enable patients to undergo an MRI scan. To insure that pacemaker patients would not be harmed by the scan required that the operating settings on the pacemaker be adjusted. (To make a long story short ... a change in the setting needed to make sure that the sensing lead to heart be turned off. The pacemaker could be changed to constant pace or turned off entirely if the patient is not pacemaker dependent ... as most pacemaker patients are.)

So the major problem in this entire issue was in regards to how to change the settings on the device? Who would do it, how would it be done, what would the settings be? Essentially three basic approaches were considered:
  1. Have the patient's cardiac physician or cardiac nurse go to the MRI center, lugging their device programmer with them, change the settings on the patient's device to those that are MRI compatible, wait for the scan to complete, reset the settings to normal and examine the patient to insure that the patient is OK.
  2. Have the settings changed remotely. The patient is at the MRI center, the cardiac professional is in the office, at the hospital or at home. This is known as "remote programming."  At the time this was something that the FDA did not allow. Using remote programming, the patient's device communicates wireless to a pacemaker communicator located at the MRI center. The cardiac professional sees a 30 second rhythm strip before setting the patient's device to the MRI settings and sees another 30 second rhythm strip after the changes have been made. (Just like an onsite cardiac professional would do.) The patient undergoes the scan. During that time, the professional can perform other tasks. Once the scan is complete, the cardiac profession changes the pacemaker settings back to normal and sees the before and after rhythm strips. 
  3. The pacemaker is programmed with two settings by the cardiac professional using the programmer. The first set of settings define the normal operation of the pacemaker. The second set are the MRI settings: that is, the settings of the pacemaker when the patient undergoes an MRI scan.  When the pacemaker patient goes to the MRI center, the MRI tech takes a wand (that's best way I can describe it.) and changes the settings from normal to MRI. Once the patient completes the MRI scan, the MRI tech uses the wand to change the patient's setting back to normal. 
I became quickly apparent that cardiac professionals had no interest in option 1. As it turned out St. Jude Medical chose the third approach. 

When the third approach was described, I had numerous objections ... mostly related to the device that would change the setting on the pacemaker. Thankfully, there have been substantial changes and upgrades made to the wand. However, I wanted to purse option 2, remote programming. And the desire to purse option 2 inspired me to start this blog ... hence the title Medical Monitoring & Remote Programming.

Wherefore Remote Programming?

Most physicians showed some hesitancy when it came to adopting remote programming. They saw it as unproven ... and they were right, it was (and so far as I know still is) unproven and still not acceptable to the FDA. However, many if not most were intrigued by the idea and thought that the technology should be pursued. Many clearly saw the potential value of the technology, the value of being able to monitor patients remotely with the potential ability to change cardiac device settings without the patient being in the office could be a revolution in patient care ... not only for people with chronic conditions like heart problems, diabetes or neurological problems that involve implanted devices, but potentially everyone. And it need not involve the need for implanted or wearable devices. We'll explore this in later postings.



Friday, July 25, 2014

Restarting the Blog

To all,

I'm restarting the blog after a three year layoff. I happened to look at whether this dated blog was still getting hits. And as it turns out, it still is.

During my layoff, there have been significant developments ... including some articles about hacking medical devices. This blog discussed that at least two years before that discussion was raised in the commercial, mainstream media.

So, time for a new start.

Friday, July 1, 2011

Some Articles of Interest Before the 4th

I came across two long investigative articles that I thought could be of interest those in the medical products field. One article is from the National Journal and the other from Pro Publica. Here are the links to the articles with short clips.


Medical journals have long had to wrestle with the possibility that financial bias influences the work they publish, but if the growing controversy over Medtronic's Infuse spinal product is any indication, they may not be doing enough.

Comment: This is an area that should concern everyone in the field of medical devices and device research. I am very aware that companies fund a lot of empirical and academic research much of which is published in peer-reviewed and respected medical journals. On the face of it, nothing wrong with that. When I was a graduate student, some of my research was funded the research and development division of a well-known (non-medical) company. The funding had absolutely no bearing of the design of the research program, the data collected or interpretation of the data. The concern expressed in this article is whether data maybe suppressed or not reported in an unbiased fashion particularly when it comes to reporting data related to the risks. You be the judge.


Critics of last year’s health care law pounced on what seemed like a damning new survey, but the details were a lot murkier than the headlines.

Comment: This is an interesting article well worth your time to read.


Finally, here's a short article that just came across indicating how rural health may well be the driver behind telemedicine. Here's the link to the article:


Rural Healthcare to Drive the Global Telemedicine Industry

...[C]ountries face various problems in the provision of medical services and health care, including funds, expertise, and resources. To meet this challenge, the governments and private health care providers are making use of existing resources and the benefits of modern technology. Besides, with limited medical expertise and resources, telecommunication services have the potential to provide a solution to some of these problems. As telemedicine has the potential to improve both the quality and the access to health care regardless of the geography; the rural market is driving the incessant growth of the telemedicine market.

Thursday, June 30, 2011

Are Electronic Prescription Systems Failing to Trap Errors?

A Brief Introduction

Before I jump into the topic of electronic prescription systems, I want to make known how I came across the article I am about to post. I am creating a website that includes a substantial portion of the human factors related work I have produced over the years. That website also includes posting articles on the home page related specifically to human factors - and that includes article related to medical errors: a topic of interest to me.

The new human factors website is not yet ready for viewing. I have just created a usable home page. The bulk of the work is to come. I'll post the address when it's reached a usable state.


What's Going on with Electronic Prescription Systems?


Bloomberg news recently reported the results of a study that indicated that prescription errors are as frequent whether handwritten or written through an electronic prescription system. Here is the address of the Bloomberg article:
http://www.bloomberg.com/news/2011-06-29/errors-occur-in-12-of-electronic-drug-prescriptions-matching-handwritten.html

I have not yet had the opportunity to read the study. However, I shall and I'll continue to update this blog on this topic based on what I find. 


With respect to the Bloomberg article, this quote caught my eye:


"The most common error was the omission of key information, such as the dose of medicine and how long or how many times a day it should be taken, the researchers said. Other issues included improper abbreviations, conflicting information about how or when to take the drug and clinical errors in the choice or use of the treatment, the researchers said."


I have been a human factors professional for a long time and as I read the quote above my jaw dropped. The errors described in the quote are some of the most fundamental and easily trappable and correctable errors. It seems beyond belief that an electronic prescription system would allow a user to make such errors. In the environments where I have worked, I have designed and installed subsystems to insure that users do not make the kinds of errors as described in the Bloomberg article. When I have a chance to read the report, I'll cover specific errors, their detection and correction. And means to insure that patients are not harmed.


Here's a link to another publication that reported on the same study:


http://www.eurekalert.org/pub_releases/2011-06/bmj-oep062811.php











































Tuesday, June 28, 2011

Hacking Grandpa's ICD: Why do it?

Background

I am part of another professional discussion group with an interest in Medical Data, System and Device security.  One of the topics was whether medical devices are a likely target for cyber-attacks.  I made a contribution to the discussion and stated that I believed that although unlikely, I thought that medical devices will eventually be targets of cyber-attacks.  But putting data security measures into medical devices is at odds with the directions that the medical device industry wants to take its product lines.  The trends are for smaller and less power-hungry devices.  Adding data security measures could increase power demands, increase battery sizes and thus increase device size.  Nevertheless, I believe that starting the process of putting data security measures into the medical devices has merit.

I received a well-reasoned response that hacking medical devices was highly unlikely and research funding on security measures for medical devices would be money best spent elsewhere.  That response started a thought process to develop a threat scenario to address his points.

I reviewed my earlier article on "hacking medical devices," http://medicalremoteprogramming.blogspot.com/2010/04/how-to-hack-grandpas-icd-reprise.html.  I revisited the paragraph in my regarding the motivation for hacking a medical device, an extortion scheme. 

When I wrote that article, I did not have any particular scheme in mind.  It was speculation based more on current trends.  Furthermore, I did not other motivations as particularly viable - data theft, not much money or value in stealing someone's implant data or killing a specific person, there are easier ways to do this although it might make a good murder mystery.

I did come up with a scenario, and when I did, it was chilling.





The Threat Scenario

First, as I had previously suggested, the motivation for hacking medical devices would be extortion.  The target of the extortion would be the medical device companies.  Before getting into the specifics of the extortion scenario requires that you understand some of the technologies and devices involved.

The wireless communications of interest occurs between a "base station" and a wirelessly enabled implanted device as shown in the figure below.

The base station need not be at a permanent location, but could be a mobile device (such as with the Biotronik Home Monitoring system).  The base station in turn communicates with a large enterprise server system operated by the medical device company.


The two systems communicate use wireless or radio communication.  For example, St. Jude Medical uses the MICS band - a band designed by the FCC for medical devices in the range of 400Mhz.  To insure that battery usage for communications is minimal, the maximum effective range between is stated as 3 meters.  (However, I have seen a clear connection established at greater 3 meters.)  


In general, the implant sends telemetry data collected it has collected to the base station.  The base station sends operating parameters to the implant.  Changing the operating parameters of the medical device is know as reprogramming the device and define how the implant operates and the way the implant exerts control over the organ to which it is connected.


Device Dialogue of Interest to Hackers

As you probably have guessed, the dialogue of interest to those with criminal intent is the one between the base station and the device.  The "trick" is to build a device that looks like a legitimate base station to the medical device.  This means that the bogus device will have to authenticate itself with the medical device, transmit and receive signals that the device can interpret.  In an earlier article (http://medicalremoteprogramming.blogspot.com/2010/03/how-to-hack-grandpas-icd.html), I discussed an IEEE article (http://uwnews.org/relatedcontent/2008/March/rc_parentID40358_thisID40398.pdf**) where the authors had constructed a device that performed a successful spoofing attack on a wireless Medtronic ICD. So, based on the article, we know it can be done.  However, based on the IEEE article, we know that it was done at distance of 5 cm.  This was aptly pointed out in a comment on my "How to Hack Grandpa's ICD" article.


Could a Spoofing/Reprogramming Attack be Successful from Greater than 5 cm or Greater than 3 meters?


I believe the answer to the question posed above is "yes."  Consider the following lines of reasoning ...
  1. As I had mentioned earlier, I know that base stations and medical devices communicate at distances of 3 meters and can communicates greater distances.  The limitation is power.  Another limitation is the quality of the antenna in the base station.  The communication distance could be increased with improvements in the antenna and received signal amplification. 
  2. The spoofing/reprogramming attack device could be constructed to transmit at significantly greater power levels than current base station.  (Remember, this is something built by a criminal enterprise.  They need not abide by rules set by the FCC.)  Furthermore, a limited number, maybe as few as one or two, of these systems need be constructed.  I shall explain why later.
  3. A base station can be reverse-engineered.  Base stations can be easily obtained by a variety of means.  Medical devices can be stolen from hospitals.  Documentation about the communication between the medical device and the base station can be obtained.
Thus, I believe the possibility exists that a device that emulates a base station and could successfully perform a spoof/reprogramming attack from a significant distance from the target is possible.  The question is, what is to be gained from such an attack?


Attack Motivations


Extortion: Earlier I mentioned that in an other article, I suggested that the motivation would be extortion: money, and lots of it.  I think the demands would likely be in the millions of US dollars.

In this scenario, the criminal organization would contact the medical device companies and threaten to attack their medical device patients.  The criminal organization might send device designs to substantiate their claims of the ability to injure or kill device patients and/or send the targeted company with news reports sudden unexplained changes in medical devices that have caused injuries or deaths in device patients.


Market Manipulation: Another strategy would be as a means to manipulate the stock prices of medical device companies - through short-selling the stock.  In this scenario the criminal organization will create a few base station spoofing/reprogramming systems. Market manipulation such as placing the value of the stock at risk could be a part of the extortion scheme.




Book of Interest: Hacking Wall Street: Attacks And Countermeasures (Volume 2)


In another article I'll discuss how someone might undertake an attack.




** Halperin, D, Heydt-Benjamin, T., Ransford, B., Clark, S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, IEEE Symposium on Security and Privacy, 2008, pp 1-14.

How to Hack Grandpa's ICD: New Develoments

A little over a year ago I published a couple of articles in this blog regarding "Hacking Grandpa's ICD." Here are the links: 



I receive a bit of flack from some people regarding the unlikelihood of such a thing occurring. I even wrote another article that I never published because I had convinced myself that ICD hacking scenario would be so unlikely. 

Well, it suffices to say that I have changed my mind. It seems that McAfee has take this seriously. Here are two articles for your consideration.

After this, I'm publishing the article that I had originally decided not to publish.