Implementation best practices: Giving medical devices, IoT special attention

Three medical device technology experts from GE Healthcare, BioSig Technologies and Advantech offer comprehensive advice on best practices for healthcare organizations launching new medical devices.
By Bill Siwicki
03:32 PM
Implementation best practices: Giving medical devices, IoT special attention

Medical devices are key pieces of the health IT puzzle, technology that helps deliver patient care at one of the most critical junctures.

There are many types of medical devices. And the number is increasing as the Internet of Things proliferates, adding more and more connected devices to a provider organization’s IT infrastructure.

Especially because of that explosion of IoT devices, implementing medical device technology at hospitals and health systems has become a delicate and important process that must be done correctly. Here, three medical device technology experts offer advice and tips on how to best implement medical devices at a healthcare provider organization.

Look beyond medical devices

When implementing new connected technology, it is important that healthcare CIOs not look at the medical device or software alone, said Ehren Powell, CIO at GE Healthcare, a vendor of medical device, imaging and other health technology.

“The CIOs need to think beyond the technology and consider the larger outcomes they are responsible for driving – including patient outcomes, workflow goals of the clinical staff, as well as quality measures and cybersecurity needs of other hospital staff,” he said. “Any new device or technology must enable these outcomes, and CIOs should build their strategies based on these goals. It comes back to people, process and technology.”

CIOs should take a system view – not a “box by box” or single-device approach, Powell advised. For example, CIOs need to lead a “one team” approach of IT and biomedical engineering to optimize outcomes, cost, patient safety and security, he said.

“As connectivity has increased, the traditional approach of considering perimeter security as adequate to mitigate clinical environment security has changed significantly,” he explained. “With this in mind, a more holistic approach is needed to design for security with tight integration between traditional IT and biomedical engineering to provide enterprise-level security, while also addressing the nuances specific to clinical assets or environments.”

Keep focused on evolving needs, especially security

On another note, it is important to pick trustworthy vendors that are focused on digital evolution but are also significant industry players with a commitment to security, Powell added.

“Ensure your vendor has a robust cybersecurity program around developing new products, and continues to modernize connectivity infrastructure,” he said. “Look toward the future; find a trusted partner with products that provide traditional capabilities – but also leverages next-gen AI capabilities to improve clinical and operational workflows that you don’t currently use.”

Powell added that GE Healthcare sees a range in capabilities and sophistication across its healthcare clients globally – from clients with limited dedicated IT resources to those with significant teams, including specialist staff focused solely on the clinical network and assets.

“A large health system in Europe, for example, has a unified technology approach that enables integrated view of assets, as well as KPIs, at both the hospital and asset level that combine patient safety and efficiency in its strategy,” said Powell.

“In the U.S., a health system CIO we work with has wired and wireless network specialists that stay current on the latest technologies and are responsible for technology implementations. The team also works with the clinical staff to meet workflow outcomes, technical outcomes and cost goals.”

Other factors: reimbursement, capital allocation and more

Ken Londoner, CEO of BioSig Technologies, a medical device company developing a proprietary biomedical signal-processing platform, said that medical device technology implementation is one that his company has been researching from the early days of its technology development.

"A more holistic approach is needed to design for security with tight integration between traditional IT and biomedical engineering to provide enterprise-level security, while also addressing the nuances specific to clinical assets or environments."

Ehren Powell, GE Healthcare

“Our observations have shown that the industry is often fragmented, and is driven by a number of critical factors, such as reimbursement policies and hospital-specific capital allocation processes,” said Londoner. “Therefore, it can be challenging for both technology vendors and hospital systems to keep alignment.”

As capital allocation decisions are largely made at the individual hospital levels, it is important to gain early insight into their practices, he said. Get to know the physicians who fit the profile of early technology adopters; equipment budget allocation rules; and any specific regional preferences, Londoner said. On the other hand, hospital leaders need to ensure that they have appropriate planning processes to evaluate new technologies, he added.

Learn more by analyzing data from external sources

“We feel that a lack of detailed, neutral information about new technologies and proposed benefits can be a real barrier to effective adoption,” said Londoner. “It is advisable for the hospital leaders to analyze manuscripts or clinical data published by external sources.

“It is also important to learn more about the vendors,” he said. “Their overall development path, the expertise of their management and clinical teams, diversity of their clinical partners, long-term goals and objectives, and financial security all will play an important part in assessing the sustainability of the business.”

Many technology purchases also are driven by physicians’ preferences, especially those who are responsible for substantial volumes of admissions, he added. Understanding the basis for any such physician preferences can be highly valuable, he said.

“And I would add that any purchasing decisions should be integrated into the long-term strategy of the hospital in question, be it driving patient volumes, shortening procedure times, or reducing the costs of procedures,” Londoner said. “Staying focused on these goals should help the decision makers source the most important information about the vendors’ technologies and ultimately make the right purchasing decision for their centers.”

Sound cybersecurity processes are essential

CIOs and IT departments have not traditionally been involved in decisions involving medical devices such as surgical instrumentation or anesthesia machines. However, with the dawn of the Internet of Things, most medical devices now feature network connectivity, which brings forward a host of security and compatibility concerns for CIOs.

"We feel that a lack of detailed, neutral information about new technologies and proposed benefits can be a real barrier to effective adoption."

Ken Londoner, BioSig Technologies

“Unsecured, or poorly secured medical devices put patients and healthcare providers at risk if those devices are hacked, posing a threat to PHI,” said Tim Mitchell, vertical sales manager, iHealthcare, at Advantech, a digital healthcare technology company. “The average hospital potentially has thousands of connected medical devices that could pose a significant risk.”

Mitchell offers two best practices to implement when adopting new medical devices. First, security risk audits performed by IT should be a standard part of the evaluation process for any new medical device or equipment, he said.

“The software these devices run needs to be documented to understand what is needed to mitigate any security risks such as ransomware,” he advised. “What is the software update process and timeline? What is the lifecycle of the software, and how long can the manufacturer support software updates versus how long the healthcare provider plans to utilize the device?”

For instance, will IT have access to perform updates and security patches themselves, or is only the manufacturer able to perform updates? These are examples of questions that need to be part of the audit, he said.

And a second best practice: CIOs should demand specific security provisions and language in any connected medical device contract, Mitchell said. “Furthermore, the contract should address any concerns from the security audit,” he concluded.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com

Health IT implementation best practices

This 20-feature series examines in-depth what it takes to deploy today's most necessary technology and tools.