Creating Interoperable Medical Devices that fit into Hospital Enterprise IT Environments By Shahid N. Shah

NETSPECTIVE www.netspective.com 2 Who is Shahid? • 20+ years of software engineering and multi- site healthcare system deployment experience • 12+ years of healthcare IT and medical devices experience (blog at http://healthcareguy.com) • 15+ years of technology management experience (government, non-profit, commercial) • 10+ years as architect, engineer, and implementation manager on various EMR and EHR initiatives (commercial and non-profit) Author of Chapter 13, “You’re the CIO of your Own Office”

NETSPECTIVE www.netspective.com 3 Topics • Things that kill and harm human beings today are very different than just 100 years ago • Health policy and payments are shifting to deal with new realities • Marketplace and industry challenges for device vendors • Why wireless connectivity is good business • Why wireless connectivity is a disruptive innovation Key takeaways • Wireless is a business enabler but there’s a lot to consider. • Hardware, sensors, and software are transient businesses but data lives forever. He who owns, integrates, and uses data wins in the end. • Data from devices is too important and specialized to be left to software vendors, managed service providers, and system integrators. What you’ll learn in this briefing Wireless capable medical devices with significant software and data integration are the future

NETSPECTIVE www.netspective.com 4 Life expectancy is increasing… …but the rate of growth is slowing

NETSPECTIVE www.netspective.com 5 Bacteria used to kill us the most… Per 100k population, Historical Statistics of the United States, Millennial Edition

NETSPECTIVE www.netspective.com 6 We’ve got most infections beat… …except the flu and pneumonia Per 100k population, Historical Statistics of the United States, Millennial Edition

NETSPECTIVE www.netspective.com 7 Top killers today Heart disease Cancer Chronic lower respiratory diseases Top killers in 1900 Pneumonia and influenza TB Diarrhea and enteritis Infectious diseases used to kill us… …but what’s left seem only to be “manageable” not easily “curable” Per 100k population, Historical Statistics of the United States, Millennial Edition

NETSPECTIVE www.netspective.com 8 Death by age group, 1900 Death by age group, Today From cures to management… …young people don’t dye of diseases often now http://siteresources.worldbank.org/INTHSD/Resources/topics/Health-Financing/HFRChap1.pdf

NETSPECTIVE www.netspective.com 9 The new realities of patient populations • Obesity Management • Wellness Management • Assessment – HRA • Stratification • Dietary • Physical Activity • Physician Coordination • Social Network • Behavior Modification • Education • Health Promotions • Healthy Lifestyle Choices • Health Risk Assessment • Diabetes • COPD • CHF • Stratification & Enrollment • Disease Management • Care Coordination • MD Pay-for-Performance • Patient Coaching • Physicians Office • Hospital • Other sites • Pharmacology • Catastrophic Case Management • Utilization Management • Care Coordination • Co-morbidities Prevention Management 26 % of Population 4 % of Medical Costs 35 % of Population 22 % of Medical Costs 35 % of Population 37 % of Medical Costs 4% of Population 36 % of Medical Costs Source: Amir Jafri, PrescribeWell

NETSPECTIVE www.netspective.com 10 Healthcare industry / market trends PPACA “Affordable Care Act” ACO “Accountable Care Org” PCMH “Medical Home” MU “Meaningful Use” Health Home mHealth PCPCC “Patient Centered Care” Major market and regulatory trends that are causing customers and competitors to shift You must learn and be able to talk to customers about all these terms

NETSPECTIVE www.netspective.com 11 Implications of healthcare trends PPACA ACO MU PCMH Health Home mHealth DATA Evidence Based Medicine Comparative Effectiveness Software Regulated IT and Systems Integration Services

NETSPECTIVE www.netspective.com 12 The new world order General Wellness Specific Prevention Self Service Physiologics Self Service Monitoring Self Service Diagnostics Care Team Monitoring Care Team Diagnostics Healthcare Professional Monitoring Healthcare Professional Diagnostics Hospital Monitoring Hospital Diagnostics

NETSPECTIVE www.netspective.com 13 Wireless BAN Ecosystem Source: Qualcomm

NETSPECTIVE www.netspective.com 14 Don’t give up data to others without a fight Software vendors, systems integrators, and others don’t have your best interest in mind Cloud Services Management Dashboards Data Transformation (ESB, HL7) BaaS Gateway (DDS, XMPP , ESB) Enterprise Data RCM, Financials, EHRs Device Inventory Cross Device App Workflows Alarm Notifications Patient Context Monitoring Device Teaming Device Management Report Generation HIT Integration Remote Surveillance Device Data SSL VPN Patient Self-Management Platforms Device Utilization Device reimbursement Device profitability

NETSPECTIVE www.netspective.com 15 Data is getting more sophisticated Proteomics Emerging •Must be continuously collected •Difficult today, easier tomorrow •Super-personalized •Prospective •Predictive Genomics Since 2000s, started at $100k per patient, <$1k soon •Can be collected infrequently •Personalized •Prospective •Potentially predictive •Digital •Family history is easy Phenotypics Since 1980s, pennies per patient •Must be continuously collected •Mostly Retrospective •Useful for population health •Part digital, mostly analog •Family History is hard Admin Since 1970, pennies per patient •Business focused data •Retrospective •Built on fee for service models •Inward looking and not focused on clinical benefits Biosensors Social Interactions

NETSPECTIVE www.netspective.com 16 The business needs • Quality and performance metrics • Patient stratification • Care coordination • Population management • Surveys and other direct-from- patient data collection • Evidence-based surveillance The technology strategy • Aggregated patient registries • Data warehouse / repository • Rules engines • Expert systems • Reporting tools • Dashboarding engines • Remote monitoring • Social engagement portal for patient/family Data is key for move from FFS to ACOs Integrated and aggregated data is the only way to get to ACOs and PCMHs

NETSPECTIVE www.netspective.com 17 Customers trapped by their EHR vendors are begging for a way out Device vendors aren’t benefiting from industry trends but can if they’re smart about it Customer base has shifted from clinical to clinical + IT + system integration Clinical customer goals have shifted from basic automation to advanced process optimizations Device manufacturer’s access to regulated IT and system integration skills is growing You can use OSS to disrupt existing health IT

NETSPECTIVE www.netspective.com 18 Needed: diagnostic quality mHealth

NETSPECTIVE www.netspective.com 19 Needed: predictive analytics

NETSPECTIVE www.netspective.com 20 Needed: care team involvement HEALTHCAR E PROVIDER PATIENT/ CONSUMER HOSPITAL FAMILY CAREGIVER ALTERNATE SITE OF CARE Care Team CALL CENTERS AND REMOTE SUPPORT

NETSPECTIVE www.netspective.com 21 Needed: automated diagnostics

How data changes science and what that means to medical device designs

NETSPECTIVE www.netspective.com 23 Data changes the questions we ask Simple visual facts Complex visual facts Complex computable facts

NETSPECTIVE www.netspective.com 24 Data can change medical science The old way Identify problem Ask questions Collect data Answer questions The new way Identify data Generate questions Mine data Answer questions

NETSPECTIVE www.netspective.com 25 Unstructured patient data sources Patient Health Professional Labs & Diagnostics Medical Devices Biomarkers / Genetics Source Self reported by patient Observations by HCP Computed from specimens Computed real- time from patient Computed from specimens Errors High Medium Low Time Slow Slow Medium Reliability Low Medium High Data size Megabytes Megabytes Megabytes Data type PDFs, images PDFs, images PDFs, images Availability Common Common Common Uncommon Uncommon

NETSPECTIVE www.netspective.com 26 Structured patient data sources Patient Health Professional Labs & Diagnostics Medical Devices Biomarkers / Genetics Source Self reported by patient Observations by HCP Specimens Real-time from patient Specimens Errors High Medium Low Low Low Time Slow Slow Medium Fast Slow Reliability Low Medium High High High Discrete size Kilobytes Kilobytes Kilobytes Megabytes Gigabytes Streaming size Gigabytes Gigabytes Availability Uncommon Common Somewhat Common Uncommon Uncommon

NETSPECTIVE www.netspective.com 27 Application focus is biggest mistake Application-focused IT instead of Data-focused IT is causing business problems. Healthcare Provider Systems Clinical Apps Patient Apps Billing Apps Lab Apps Other Apps Partner Systems Silos of information exist across groups (duplication, little sharing) Poor data integration across application bases

NETSPECTIVE www.netspective.com 28 NCI App NEI App NHLBI App Healthcare Provider Systems Clinical Apps Patient Apps Billing Apps Lab Apps Other Apps Master Data Management, Entity Resolution, and Data Integration Partner Systems Improved integration by services that can communicate between applications The Strategy: Modernize Integration Need to get existing applications to share data through modern integration techniques

NETSPECTIVE www.netspective.com 29 Predictions for Hardware Thick Devices Thin Devices Virtual Devices Sensors Only with Built-in Wireless Consumerization of Devices Sensors on mobile phones, platforms

NETSPECTIVE www.netspective.com 30 Predictions for Software Software for algorithms Software for functionality Software for connectivity Software only Consumerization of Apps

NETSPECTIVE www.netspective.com 31 Predictions for Connectivity Stand-alone and monolithic Connectivity within own organization Multi-vendor connectivity System of Systems (SoS) Consumerization of IT

NETSPECTIVE www.netspective.com 32 Predictions for Integration Single-purpose devices standalone Multi-purpose standalone Multi-purpose with documentation connectivity Multi-purpose with cooperating connectivity Multi-purpose with analytical connectivity Changes in Practice Models

NETSPECTIVE www.netspective.com 33 Implications Get your software house in order (IEC 62304, DO 178B/C, etc.) Move from hardware to software focus Move to algorithms and data Understand system of systems (SoS) Plan for integration and coordination Start building simulators

NETSPECTIVE www.netspective.com 34 Key regulatory questions Will the FDA accept networked safety- critical systems? Are connected devices safe enough for medical devices? Yes Yes but you must prove it The best regulatory strategy is to abstract design specifications to minimize sustaining engineering: • Intended use • Predicate device(s) • Design approach and how OTS • components are used • Design input specifications • Risk and hazard analysis Abstract Specifications: • Remove dynamic characteristics • Manufacturer, model, version • Performance specifications • Clock speed • Memory • Storage • Industry standards • Third party certifications Source: Tim Gee, MedicalConnectivity.com

NETSPECTIVE www.netspective.com 35 Regulatory Strategy 510(k) PMA, Class 3, Class 2, etc. Unregulated EHR or others 510(k) Class 2 “Data Bridges” “Everything else” Customer registry Patient registry Patient profile Study Management Billing “The Device” Class 1 MDDS

NETSPECTIVE www.netspective.com 36 Key design questions Regulatory approach? Wait for standards? Hardware Design? Software Design? IT Infrastructure Design? Component based separation and task-based approach No, use what’s available and make yours the standard Follow mobile phone designs Buy or build a BaaS, M2M, or IOT Solution Interface-based flexibility over defined certainty

NETSPECTIVE www.netspective.com 37 Key marketing & product management questions Can your sales team sell it? Can customer manage the technology? Does customer have the existing infrastructure? Can you deliver after you build it? Can your solutions team customize it? Yes, if they’re incentivized and trained They need a good IT and test environment to ensure reliability They need reliable power, broadband coverage, and good WiFi You need installation, provisioning, testing, and remote support infrastructure Yes, if you build for customization

NETSPECTIVE www.netspective.com 38 Key human capital questions Do we have strategy expertise? Do we have development expertise? Do we have unit and internal testing expertise? Do we have systems and customer environment testing expertise? Do we have regulatory expertise? Do we have certification expertise? You can’t go it alone, get help now

Connectivity strategy The most important aspect of a data bridge is its connectivity

NETSPECTIVE www.netspective.com 40 Connectivity Decisions Required Physical •Wired, wireless (WiFi, cellular, etc.) Logical •Device  Concentrator  Gateway  Enterprise IT  Cloud Structural •Security, Numbers, Units of Measure, etc. Semantic •Presence, Vitals, Glucose, Heartbeats, etc.

NETSPECTIVE www.netspective.com 41 Legacy Physical Connectivity Device USB Converter Data Concentrator (IEEE 11073?) Hospital Network Gateway (Data Mediator) Corporate Cloud Hospital Systems Serial Converter 11073 assumes desire for multi-vendor connectivity

NETSPECTIVE www.netspective.com 42 Next Gen Physical Connectors Minimal • Serial • USB 2.0 • RJ-45 • 802.11a/b/g Recommended • Serial • USB 3.0 • RJ-45 • Power over Ethernet (PoE) • 802.11n • Bluetooth Advanced • Thunderbolt • USB 3.0 + eSata • RJ-45 • Power over Ethernet (PoE) • 802.11n/I • Bluetooth • Ant+ • Zigbee • Cellular • Zwave

NETSPECTIVE www.netspective.com 43 Next Gen Physical Connectivity Device Hospital Network Gateway Corporate Cloud Hospital Systems Option 1 (hospital IT integration required or no cellular access) Device Corporate Cloud Option 2 (cellular access and no hospital IT integration required) Could be a Home Network, too Wired Wireless Bluetooth, WiFi, Zibee, etc. Wireless, Cellular

NETSPECTIVE www.netspective.com 44 Legacy Protocols Best Practices Device Serial Converter USB Converter Data Concentrator Hospital Network Corporate Gateway Corporate Cloud Hospital Systems DDS REST DDS Ethernet Serial HL7 X.12 If multi-vendor connectivity is required, add data translator and homogenization capability MPEG-21

NETSPECTIVE www.netspective.com 45 Next Gen Protocols Best Practices Device Hospital Network Corporate Gateway External Cloud Hospital Systems Option 1 (no cellular access or hospital IT integration required) Device External Cloud Option 2 (cellular access and no hospital IT integration required) DDS REST HL7 X.12 DDS REST MPEG-21 MPEG-21 Could be a Home Network, too Wired Wireless Bluetooth, WiFi, Zibee, etc. Wireless, Cellular

Device, Gateway, and Ecosystem Architectures Legacy device architecture and how next generations must be better

NETSPECTIVE www.netspective.com 47 Healthcare Enterprise Typical Legacy Device Architecture Device OS (Custom, QNX, etc.) Connectivity (USB, Serial) Serial Sensors Storage Display User Interface Device Logic Not much happens with device data Serial Concentrator Serial to Ethernet Converter  Greatly oversimplified

NETSPECTIVE www.netspective.com 48 External Cloud Management Dashboards Data Transformation (ESB, HL7) Device Gateway (DDS, ESB) Healthcare Enterprise Enterprise Data Next Generation Device Architecture Inventory Workflow Notifications Patient Context Device Components 3rd Party Plugins App #1 App #2 Security / Logging / Persistence Layer Device OS (Linux, QNX, Windows) Sensors Storage Display Plugins Web Server, IM Client Connectivity Layer (DDS, HTTP, XMPP, SIP) • HTTP/REST UI • DDS RT Messaging • XMPP Non-RT • SNMP Plugin Container / Safety-controls Manager Event Architecture Location Aware 1 2 3 4 5 6 7 8 9 TCP/IP  Shahid’s “Ultimate Medical Device Architecture” RJ-45 Cellular 802.11n/i Bluetooth Zigbee USB 3.0 PoE

NETSPECTIVE www.netspective.com 49 Next Gen Gateway Architecture Web Application Stack On-Premise Appliance or Cloud Deployment Data Integration Stack Content Management System Data Services and Persistence Stack Relational Database Taxonomy Full Text Search Biz Intel Secure, HIPAA-Compliant, Web Server Reporting Dashboards Alerting Enterprise Service Bus Analytics Data Mining OLAP Notifications Process Mgmt Integration ETL Gateway EII Metadata Rules Engine Secure, MU- and HIPAA-Compliant, Clinical Data Repository (CDR) and Master Patient Index (MPI) HL7 X.12 IM / E-mail Themes App Store Forms Documents EHR Modules Security & Auditing CCR Patient Manager Secure Messagi ng Social Network s HCP Directorie s Target multiple devices like PC, SmartPhone, Tablet, Voice HIE/NHIN Integratio n EHR Integratio n NLP & Patterns Med Device Integratio n Single sign on (LDAP, SAML) Mobility Stack Med Device Tethering HIPAA Encryption & RBAC Provisioning & Auditing Legacy App Connectivity Graph DB (RDF) Content Repository LDAP  As defined by Netspective Medigy Platform DDS

NETSPECTIVE www.netspective.com 50 Ensure transport flexibility Embeddable Integration Backbone Service DB Management Services Security Firewall HTTPS, REST, SOAP SFTP, SCP, MLLP SMTP, XMPP, TCP TCP, HTTPS, SOAP, REST HTTP, SFTP, SCP, MLLP SMTP, XMPP Vendors & Partners Apps MQs Services Apps Services Hospital or Cloud Development App DB Central DB Registry Remote Center VPN

NETSPECTIVE www.netspective.com 51 Make data available early ? Responsiveness Proactive Reactive Time Elapsed Minutes 1 Month 1 Day/Week CPOE Operations Financial Labs Meds HIS / EHR Automated Analysis Scheduled Reports Alerts Response Manual Analysis Source: Informatica Corporation

NETSPECTIVE www.netspective.com 52 Don’t limit the format types HL7 HL7 RIM CDISC Excel, CSV Access, SQL SEND CCD CCR RDF, RDFa ATOM Pub X.12

NETSPECTIVE www.netspective.com 53 Choose tools that can do it all Connect Collect & Cleanse Exchange Standardize (Map & Link) Federate Store Analyze Report Secure Audit Guarantee HIPAA Compliance

NETSPECTIVE www.netspective.com 54 Structured Data Format Suggestions Item Standard In general Follow requirements stipulated by NIST in MU guidance Patient Summary Record HL7 CDA Release 2 CCD or ASTM CCR Electronic Prescribing NCPDP SCRIPT Version 8.1 or 10.6 Electronic Submission of Lab Results to Public Agencies HL7 2.3.1 or HL7 2.5.1 Electronic submission to immunization registries HL7 2.3.1 or HL7 2.5.1 Quality Reporting The CMS Physician Quality Reporting Initiative (PQRI) 2009 Registry XML Specification

NETSPECTIVE www.netspective.com 55 Coded Vocabulary Suggestions Item Standard In general Follow requirements stipulated by NIST in MU guidance Problem List ICD9-CM / ICD10 or SNOMED CT 2009 Procedures CPT-4 / CPT-5 Laboratory test results LOINC 2.27+ Medications Any source vocabulary that is included in RxNorm Immunizations HL7 Standard Code Set CVX - Vaccines Administered, July 30, 2009 version Race and Ethnicity OMB Statistical Policy Directive No. 15

NETSPECTIVE www.netspective.com 56 Privacy and Security Standards Item Standard In general Follow NIST 800-53 and related standards Encryption and decryption of electronic health information SSL/TLS Certificates, NIST FIPS 140-2 Record actions related to electronic health information The date, time, patient identification, and user identification must be recorded when electronic health information is created, modified, accessed, or deleted; and an indication of which action(s) occurred and by whom must also be recorded Verification that electronic health information has not been altered in transit SHA-1 or higher (NIST FIPS PUB 180-3) Record treatment, payment, and health care operations disclosures The date, time, patient identification, user identification, and a description of the disclosure must be recorded for disclosures for treatment, payment, and health care operations, as these terms are defined at 45 CFR 164.501

Thank You Visit http://www.netspective.com http://www.healthcareguy.com E-mail [email protected] Follow @ShahidNShah Call 202-713-5409