It's the little things in life...
According to the CDC in a 2011 study, "about 75,000 patients" died with from a healthcare-associated infection. The good news is that this is down from 98,987 in 2002 which is a 25% reduction! The bad news is that people are dying fromcomplications introduced by the very institutions that are helping them. To address this problem head on, the Joint Commission (an accreditation institution for hospitals) created the National Patient Safety goals for 2015:
- Goal 7: "Reduce the risk of health care-associated infections.”
- NPSG.07.03.01: "Implement evidence based practices to prevent health care associated infections due to multi drug-resistant organisms in acute care hospitals."
When I read this, I envisioned an Advanced Real Time Location System to track caregivers, patients and equipment throughout the hospital. A User Interface that colored potentially infected areas where communicable diseases have traveled, similar to the "My Cabbage" episode of the TV Show Scrubs.
I wish I would have seen the lower hanging fruit others found in the Safety goals:
- NPSG.07.01.01: "Comply with either the current Centers for Disease Control and Prevention (CDC) hand hygiene guidelines or the current World Health Organization (WHO) hand hygiene guidelines."
A few years ago, there were a number of whitepapers and studies published on how important hand washing is for clinicians. There were also a at least five start-ups focused on this issue including big names like MIT and IDEO.
This made me think of a book I read a while ago: All I Really Need to Know I Learned in Kindergarten. Number eight is "Wash your hands..."
What Healthcare Can Learn From Tesla...
In recent media coverage, hackers have been able to remotely control a SUV. This is just one of four targeted car hacks! I couldn’t help but think of the car chase scene in Tomorrow Never Dies! What’s the next target, Airplane engines?
I think the Healthcare and Automotive industry are in a similar place in the Cybersecurity space. It is not a happy place. I have been writing medical grade software for GE for over 10 years. Before that, fresh out of college, I worked for GM. I still remember the CANBUS training they sent me to over 20 years ago, which is now the focus of many of these hacks. I see a lot of parallels in both the industries:
- Highly Regulated
- Long Development Cycles
- Cybersecurity targets
Because of the potential for safety issues, both industries are highly regulated. Both the FDA and NHTSA have no lack of standards and guidance documents! They both have the power to enforce recalls and even injunctions that can scare any corporation straight into ultra-conservatism.
Long Development Cycles
High regulation leads to long development cycles. Most corporations have procedures, but those in a highly regulated environment have layers upon layers of process ... more layers than an onion. The result is multi-year development cycles of cars and medical devices. So much time is spent on making sure the product is safe and correct that the expectations of the current App-Savvy generation of users are not met. Connectivity such as medical devices talking to each other and integration of car entertainment systems with smart devices suffer. I can't believe that the auto industry is still using CANBUS, but I guess Healthcare can't be too critical because we are still using HL7.
Long development cycles lead to cybersecurity issues. Long cycles give security researchers a target rich environment combined with the fact that safety products get much more press coverage when compromised put a big target on these systems. As a side bar, to maintain their integrity, researchers absolutely must publicly publish their findings and may not be doing it just for the "fifteen minutes of fame."
Ever since STUXNET, the first virus to cause physical damage, Cybersecurity researchers have started hacking the real-world. The result has been automotive recalls by Jeep, Chrysler and Dodge as well as Toyota, Ford, Audi and Nissan. In Healthcare, insulin pumps, infusion pumps and narcotics dispensers have all been hacked. Just image if a MRI machine was compromised! SANS (a security, research and information institute) and the FBI have both issued warnings to the Healthcare industry.
Cybersecurity progress comes via innovation not regulation
Regulation is necessary because there has to be a minimum standard for Cybersecurity in safety systems. But regulation is not enough when technology is moving faster every day. True innovation is always a challenge, but it is especially so in large corporations in established industries that are heavily regulated. I know because I have tried for many years. The challenge always seems to be in the organization’s cultural resistance to change.
None of these obstacles have deterred Elon Musk and Tesla Motors. Tesla supports over the air (OTA) updates to the software that runs their cars. Is that scary for a safety device? I would propose that it is scary safety issue to not build in a software update mechanism! If Telsa can do this, why can't others in a regulated industry do this as well?