Technology

ECRI's top 10 C-suite watch list emphasizes tech and its risks

The organization also gives recommended steps health care organizations can take to reduce cybersecurity threats
|

From new medical devices to cybersecurity to medical procedures, ECRI Institute, Plymouth Meeting, Pa., has released its 2016 Top 10 Hospital C-suite Watch List that the organization believes hospital executives need to keep on their radar this year.

Because hospital C-suite leaders need to focus on creating higher value and excellent outcomes for lower costs, ECRI believes the wide-ranging list merits close monitoring.  

The list ranges from medical devices and technology, such as mobile stroke units and wireless pacemakers and sensors, to making capital equipment decisions and the cost of pharmaceuticals.

What they have in common are their potential to affect workflow, clinical processes, patient outcomes, staffing models and capital funding needs, according to ECRI.

Cybersecurity involving medical devices has emerged as a Top 10 issue to watch, ECRI says. While many information technology (IT) leaders have network infrastructure and the electronic health record (EHR) largely under control, such medical devices as a vital signs monitor or an infusion pump have not been subjected to the same risk-mitigation scrutiny.

While the information on the medical device may not be useful to a hacker, the medical device can be used as a conduit for accessing patient information in the EHR, like home address and social security number, which can be used to perpetrate identity theft or real theft in a patient’s home while he or she is hospitalized, ECRI says.

Potential threats in medical devices include the physiologic monitor that runs on an outdated operating system, the ventilator with a USB port, and user names and passwords for the vendor’s field service engineers and in-house technicians that are hard-coded.

Steps ECRI recommends to take include:

  • Ensuring that clinical engineering, IT and risk management staff work together when creating cybersecurity policies and procedures.
  • Assessing medical device cybersecurity risks.
  • Keeping up with the latest updates and patches for operating systems and anti-malware.
  • Limiting network access to medical devices through the use of a firewall or virtual local area network.
  • Auditing the login process to all medical devices to ensure that an access-control method is being followed.

To address the issue, the Food and Drug Administration (FDA) is hosting a public workshop Jan. 20 and 21 called “Moving Forward: Collaborative Approaches to Medical Device Cybersecurity.”

The FDA, in collaboration with the National Health Information Sharing Analysis Center, Health & Human Services, and the Department of Homeland Security will discuss challenges in medical device cybersecurity that affect the medical device ecosystem. The FDA will webcast the workshop for those who can’t attend.

Wearable sensors hold promise for both outpatient and inpatient monitoring as they continuously monitor health status less obtrusively, capture and provide more data to clinicians, and possibly enable patients to leave the hospital sooner and prevent readmissions, ECRI states in its report.

Smart wearable sensors are wireless miniature sensing and data collection devices available in several forms, depending on their purpose and maker. Some are integrated into clothing, worn as accessories or adhere to the skin.

Sensors communicate wirelessly to a centralized data collection system used for analysis, alerting and reporting to patients, caregivers and health care professionals. No matter the sensor form, the ultimate goal is to be unobtrusive, passive and to continuously monitor patients in their environment.

While the devices have potential, ECRI recommends that health care systems carefully assess whether sensors can help to generate the level of positive outcomes they want and to make on-site visits to witness their use in action before making a major capital investment. It also advises hospitals to undertake small-scale pilot studies before committing to their use.

Another newcomer to the technology front includes blue-violet, light-emitting diode (LED) light fixtures that may help to prevent health care-acquired infections. The new light fixture uses continuous environmental disinfection technology to kill harmful bacteria linked to healthcare-acquired infections.

In June 2015, Kenall Manufacturing, Kenosha, Wis., introduced Indigo-Clean, an LED light fixture intended to replace standard overhead LED light fixtures in health care settings.

Evidence from a published report of three studies conducted at the Glasgow (Scotland) Royal Infirmary suggests that Indigo-Clean use reduces bacterial contamination levels in some settings beyond that achieved by standard cleaning and infection control measures.

Access the complete free report to learn more about all the technologies and clinical issues that made ECRI’s list.

 

Related Articles