[mentalhealth]

“Many hospitals are unaware of the high risk associated with these devices,”

I assure you that while this is the hospital's official stance, many people within the hospital are well aware of the shoddy software on their medical devices and the risks they pose. There are so many opportunities for disruption of every aspect of the healthcare system (from the equipment itself, that this article addresses, to the electronic medical records systems, to more structural aspects of the healthcare system as a whole), but literally none of the incentives for practitioners and hospital administrators are properly aligned to make it possible. I'd love to work with a company trying to break into these markets if they had a plausible route to entry.

[baldfat]

TL&DR Regulations need to require interoperability and cross-platform with medical records and images.

As a "Cancer Dad" the electronic medical records and images that are closed and inaccessible between my local hospital where we got our chemotherapy and the Children's Hospital where we did our major surgeries was mind blowingly crazy.

I had to drive my bone cancer child 2.5 hours to use their equipment because there was an issue with the image file format. So I had to give my child enough pain killers to knock out a grown adult just so we could get the same pictures we could get 5 miles down the road.

[commandar]

As somebody working in healthcare integration, this may be small consolation, but it that's getting better.

The HITECH act[1] (which was part of the stimulus package in 2009) has gone a long way in getting the industry moving. One of the core deadlines we're scrambling to meet at the moment at my hospital is actually data interchange between facilities, including a portal that allows patients to access their records for themselves.

I realize that doesn't help your situation now, but with Medicare penalties looming for not getting that sort of exchange in place, things are starting to happen quickly in an industry that tends to move at a snail's pace.

http://en.wikipedia.org/wiki/HITECH_Act#Electronic_Health_Re...

[HillRat]

Out of curiosity, which HL7 CDAs (and which levels) do you support, and how much lift is it to set up import/export for a new provider or institution?

I'm pessimistic that we'll be able to achieve true level 3 interoperability, even though the basic ontologies (e.g., SNOMED, LOINC, etc) are in place. I'd love to hear that you're having a good experience, though.

[commandar]

Honestly, that end of things is kind of out of my element; I'm mostly involved in the message plumbing side of things.

Our actual HIE integration has been contracted out to Relay Health/McKesson. They're promising the world, but we're not far enough along for me to say whether they'll actually deliver at this point.

[daveslash]

I agree with you - I'm sure there are people within the healthcare system who are aware of the situation but are probably not in a position to do anything about it. I'd also guess that this is one of those things where nothing will be done until there's a high-profile "incident". Security will probably end up being reactionary at first.

[bane]

I almost wonder what a completely reimagined vertically integrated health care system would look and cost like.

[Ntrails]

Can you explain what you mean by "vertically integrated" in this context?

[bane]

I mean from every check-in to every release/death, all patient data is collected, tracked. All tests automatically end up in the patient file and every device a patient is hooked up to is part of the same "system". Spend time on an EKG? Every heart beat becomes part of this package. Every shot, every weigh-in, every blood pressure test. This should also tie in to inventory systems etc.

Got the sniffles? The system shows you get them every year at this time, and that it's atypical of any other tracked infectious outbreak, but correlates to three cyclical natural events including a yearly mold growth that it turns out you're allergic to.

End up incapacitates in the ER? System automatically notes your allergies and past medical history, allowing the ER folks to give you one pain medicine instead of the other one that will kill you. While you're there, all the respirators, etc. all get logged. Take 5 units of blood from 3 donors? All their histories are tracked and fed into your treatment in-case some blood-born illness they suffer from but passed screening shows up in your case.

Blood test shows an abnormality? You get automatic trendlines showing either a progression of this abnormal result (blood sugar continues to get lower) or a weird spike, this way your doctor isn't just working off of one data point like usual.

Every x-ray, cat scan etc. all get stored for later reference. The first cat scan your oncologist takes might not be the first cat scan she can refer to if you have one in your file?

Right now, at least in the U.S., and with different insurances every year (meaning my doctor might change every year), I have to really go out of my way just to make sure my shot records follow me. Within one provider they do an okay job of tracking my medical history and getting x-rays from the x-ray machine to the wall mounted display in the evaluation room, but the moment I need to go to a hospital I'm pretty much filling out my history again by hand and from memory.

Vertically integrated means dumping your medical history into Watson to see if some emergent patterns point to some underlying chronic illness you aren't even aware of and don't have notable symptoms yet.

[HeyLaughingBoy]

I agree. I led a team that added network connectivity to one of our high-value medical instruments and one of the highest hurdles to cross wasn't technical: it was getting the hospitals' IT departments to buy in. They are rightfully paranoid about anything connected to their network. Both for the security of the device itself (it stores thousands of patient test records) and the possibility of it being hostile to the rest of the network.

tl;dr: Buyers may not care, but hospital IT certainly does.

[davidw]

There's a market for disruption with some things, but it's mostly about doing more/better for less money. Security isn't really what most people are interested in paying for in many cases.

[fixermark]

In the medical space (at least in the U.S.), there's much less room for disruption relative to other markets. The market is significantly regulated / restricted; the law is structured so that even if the vendor and their potential patients both consent to a given transaction or procedure, the government can still step in and deny it.

In essence, the laws are structured under the (not necessarily wrong) assumption that the consumer is too stupid to identify snake-oil. All an incumbent has to do to block a newcomer to the market is make a hard-to-deny snake-oil accusation.