Thursday, March 28, 2013

Health IT Week in Congress

Several hearings on Health IT took place in the U.S. House last week. These discussions relate to medical device security because security is a property inextricable from other system properties such as safety. So that you don't have to dig thru hours of exciting YouTube videos more exciting than midnight CSPAN, here are a few interesting interactions I observed.

Health IT: Harnessing Wireless Innovation

Energy & Commerce Committee majority website.  Democrats website.

Where do we draw the line on regulating mobile medical device apps? Bradley Merrill Thompson of the mHealth Regulatory Coalition offered a concise summary of his coalition's position, which is especially interesting because his organization represents a bag of diverse and potentially competing views (medical device manufactures, telecomm, mobile app developers, etc.). The consensus across all the witnesses appears to be: yes, regulation is necessary for things that meet the definition of a medical device. Some witnesses sought clarity on low-risk devices on to what degree they would be regulated.

My understanding: Devices are regulated based on intended use. So if a device is marketed as performing medical diagnosis, it's almost certainly a medical device in the legal sense. And the witnesses agreed that medical devices ought to have regulatory review. For instance, diagnosis of melanoma with an iPhone would be hard to argue as not a medical device subject to review.

Health Information Technologies: Administration Perspectives on Innovation and Regulation

Energy & Commerce Committee website.  Democrats website.

The hearing included witnesses from two groups within HHS. From a computer science and medical device interoperability perspective, the most interesting exchange was perhaps some baiting over getting hospital systems to have more interoperability between devices and clinical information systems. To paraphrase, the Chairman asked "can't you just fix that?" when quizzing officials the issue of interoperability. Readers can chime in on why it's so challenging to "just fix that" from both an engineering and procurement perspective. To the arm chair engineer, it may seem easy. Upon more careful inspection, one finds the problem turns out to be quite hard.

Culture Clash of the Titans

Innovation is important, but I sense a culture clash brewing between my discipline of computer science and that of safe medical device manufacturing. In computer science, we expect exponential increases in everything. Hockey stick economics!  In my humble but correct opinion, we're not arrogant; we're right. Sure. Problem with the software? The users are our beta testers.  Code, compile, regression test, ship, done. In medical device manufacturing of safety-critical devices, the culture is more reserved, measured, and safety focused. Hazard analysis, requirements engineering, validation, oh my! The culture of medical device manufacturing is more cautious for good historical reasons. I wonder what the persons killed or harmed by these past innovations would have said:
  • Thalidomide (innovative drug for morning sickness!  Unfortunately, the drug caused birth defects and missing limbs.)
  • Shoe fitting fluoroscopes (quite innovative!  But there were some post facto iss-shoes with safety and bone cancer.)

Wednesday, March 13, 2013

And Then There's MAUDE

Students in the first graduate course in the nation on Medical Device Security would like to share their solutions to recent homework assignments. Feel free to augment with your own solutions or use in your own classes, but please do credit the students in Michigan's Medical Device Security course. Enjoy!