Technology & Information Systems

3D printing continues to transform the medical field. Recently, doctors in Spain produced the world’s first 3D-printed rib cage and sternum, which is made entirely of titanium. The doctors surgically implanted the metal rib cage and sternum in a cancer patient. Last month, the FDA approved the first 3D-printed drug. The drug, which Aprecia Pharmaceuticals has named Spritam, is for treating patients with epilepsy. Aprecia Pharmaceuticals’ ZipDose® Technology utilizes 3D printing that overlays multiple layers of powdered medication on top of one another until the correct dosage is reached. This type of technology can lead to easier-to-take medication that is individualized in nature with precise dosages based on a patient’s needs.

In an Aug. 27, 2015, decision, a majority of the Board found that the Purple Communications standard, with respect to an employer’s email system, would apply without exception to healthcare providers and, in particular, for acute care hospitals. Contrary to the cogent arguments put forth by member Johnson in his dissent, the majority found there should be no exception to the presumption set forth under Purple Communications that employees have a statutory right to use an employer’s email system for Section 7 related communications during non-working time. The majority also found that the hospital failed to show “special circumstances” to rebut this presumption, notwithstanding the fact that evidence was submitted of studies finding a correlation between employee distractions and patients’ safety and identifying computers and other electronic communication devices as sources of such distraction.

The Texas Medical Board (TMB) Telemedicine Committee met on Thursday, August 27, 2015. During the meeting they discussed potential changes to the on-call services telemedicine rule (174.11). At the end of the meeting, they instructed board staff to draft proposed revisions to the rule to allow for changes to the rule.

Although the direction to staff was verbal, they focused on several items: expanding the scope of on-call physician specialties a physician can choose from for their on-call services; a diminishing of the current requirement that the on-call physician provide reciprocal services to the original physician; and there also appeared to be consensus that the rule should include a provision which requires the original physician to have responsibility for the on-call care.

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, employees and its CEO, Joseph R. Swedish. The haul is reported to have included names, birthdates, social security numbers, medical identification numbers, street and email addresses and employee income data. Fortunately, there’s no indication at this point that credit-card numbers, claims information, test results or diagnostic codes were compromised as part of the crime. That said, to minimize the potential harm, Anthem has called in the FBI and is notifying affected individuals and offering free credit and identity-theft monitoring.

Seemingly picking up where we left off in our recent white paper and Advisory Board article, the Obama administration released a 166-page draft plan January 30th intended to drive providers and patients toward a common set of electronic clinical information and a commitment to more fully connected EHR systems by the end of 2017.

After a protracted legal battle resolved in the favor of Teladoc, Inc. (Teladoc) on Dec. 31, 2014, (see Teladoc, Inc. v. Texas Medical Board, No. 03-13-00211-CV, Tex. App. 3rd, Austin) and clarifying that Teladoc physicians could prescribe dangerous drugs based on a telephonic evaluation, the Texas Medical Board (TMB) wasted no time in issuing an emergency rule Jan. 16, 2015, that significantly limits the use of telephones in the practice of medicine.

By now you have probably heard about the ongoing FIN4 cyber attacks on publicly traded entities in the healthcare and pharmaceutical industries. If not, here’s a brief recap.

On Sunday, Nov. 30, security consulting firm FireEye published a report on the current hacking efforts of a group dubbed FIN4. FIN4 has targeted more than 100 organizations, 68 percent of them publicly traded healthcare and pharmaceutical companies, stealing non-public information for illicit trading advantage. Additional targets include law firm partners and M&A consultants privy to proprietary information on imminent merger and acquisition transactions or other non-public, market-moving developments.

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks.

Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues.

A new White Paper, Driving the Golden Spike:

The Food and Drug Administration (FDA) released a new Draft Guidance June 20, 2014, that would make significant changes to the way mobile medical devices are regulated, despite only being claimed by the FDA in September 2013. In that original Guidance, the FDA defined a new industry that it intended to regulate: the creators and providers of mobile medical apps. Such apps originally included many different kinds of apps, from blood glucose monitors to apps that displayed MRI or ECG visual data.