Information provided by Health Train Express and Digital Health Space is informational only. We do not endorse specific solutions. Inclusions are provided as reference only. Readers should consult with their own consultants for further details.

Saturday, June 29, 2019

Study: Most mental health apps give Facebook, Google access to personal info without users' knowledge

 Study: Most mental health apps give Facebook, Google access to personal info without users' knowledge

A new study published in JAMA Network Open found that a majority of mental health and wellness apps surveyed distribute users' personal data to commercial third parties like Facebook and Google without explicitly informing users.
Researchers from the University of New South Wales Sydney, the Sydney-based Black Dog Institute, and the Beth Israel Deaconess Medical Center's Department of Psychiatry in Boston examined 36 apps for depression and smoking cessation that was highest ranked in the iOS and Android app stores in early 2018. Results show that 33 of the programs transmitted user data to Facebook, Google or other entities for advertising or analytical purposes, but only 12 fully disclosed this practice to users.
Just 23 of the surveyed apps incorporated privacy policies mentioning that data would be transmitted to a third party, and many of those fail to explicitly describe how the data will be used, and by which third parties.
According to the study's authors, despite the mental health benefits of these and similar apps, the lack of disclosure "may limit their ability to offer effective guidance to consumers and health care professionals," who would likely prefer to know whether and how their personal health information is accessed by advertising and analytical firms.
Persons with mental health issues are extremely vulnerable to lack of privacy issues. While there are HIPAA protections as to de-identifying data the marketing of pharmaceutical information or devices to this group of vulnerable individuals deserves scrutiny. 
The non-disclosure of the use of data is highly irresponsible and deserves universal condemnation.
There are apps for depression, anxiety, meditation, and mindfulness, as well as cognitive behavioral therapy Virtual Reality applications, are being promoted and used by behavioral therapists. Most reviews are testimonials by persons using the smartphone app and not a professional evaluation.  Significant time has not elapsed for good peer-reviewed analysis.
Furthermore, self-diagnosis can be dangerous for some mental health disorders. A little knowledge can be a dangerous thing.  Prior to using any of the apps, one should consult with an experienced mental health provider who has experience using apps and/or virtual reality.
Several sources are referenced below:
The use of Virtual Reality for treatment of a mental disorder.  Much of these treatments could lead to worsening of some conditions such as hallucinations, and schizophrenia. The VR experience can be depersonalizing which could exacerbate other conditions. The outcome of a combination of psychotropics and VR is unknown.
Both practitioners and patients must be informed about these dangers. Manufacturers of the hardware devices and software should be required to provide this information to users.

The buyer should remember caveat emptor.

Friday, May 10, 2019

FDA To End Program That Hid Millions Of Reports On Faulty Medical Devices |

Medical Device Fail

All of us have read about safety and reliability issues of medical devices ranging from implantable mesh for pelvic support, pacemaker defects, and breast implants,

Silicone Breast Implant

Intravaginal Pelvic support Meshwork

In the wake of the KHN investigation, the agency will no longer let device makers file reports of harm outside a widely used public database.

Frequently these device failures do not become publicly known until a number of occurrences, which is brought to the attention of the FDA by users (surgeons, or medical professionals.) It often takes a number of providers to connect the dots.  In some cases such as academic institutions, or very large integrated health systems which have their own internal checks by surgical committees detects the device failure.

Investigation of metal deposition in organs after joint replacement

Some patients experienced serious neurologic problems, including memory loss, tremors, and even dementia. Patients with MOM hip replacements had Cobalt levels elevated in blood and urine. During replacement of the metal on a metal hip prosthesis, severe tissue damage was found, with Cobalt ions leached into the tissue causing necrosis and entering the circulatory system.  The question arises, is Cobalt poisoning be the next Mercury poisoning?

Failing metal hip implants could be releasing genotoxic material

In any case, the FDA has its own reporting mechanism FDA WATCH.  There is no online reporting form. Form FDA3500 (pdf)(form fill) can be downloaded by providers and consumers to report individual incidents

The KHN report exposes a redundant, confusing and largely unknown file of device incidents. The situation was so confusing that even a former FDA Commissioner was unaware of the database.

The FDA has built and expanded a vast and hidden repository of reports on device-related injuries and malfunctions, a Kaiser Health News investigation shows. Since 2016, at least 1.1 million incidents have flowed into the internal “alternative summary reporting” repository, instead of being described individually in the widely scrutinized public database known as MAUDE, which medical experts trust to identify problems that could put patients in jeopardy.
Deaths must still be reported in MAUDE. But the hidden database has included serious injury and malfunction reports for about 100 medical devices, according to the FDA, many implanted in patients or used in countless surgeries. They have included surgical staplers, balloon pumps snaked into vessels to improve circulation and mechanical breathing machines.
An FDA official said that the program is for issues that are “well-known and well-documented with the FDA” and that it was reformed in 2017 as a new voluntary summary reporting program was put in place for up to 5,600 devices.
Yet the program, in all its iterations, has been so obscure that it is unknown to many of the doctors and engineers dedicated to improving device safety. Even a former FDA commissioner said he knew nothing of the program.
Agency records provided to KHN show that more than 480,000 injuries or malfunctions were reported through the alternative summary reporting program in 2017 alone. The FDA alternative summary reporting program was established in 2000, perhaps as a method to reduce reporting administration by the overworked FDA. The devil in the details is described at the link above.

Alison Hunt, another FDA spokeswoman, said the majority of device makers’ “exemptions” were revoked that year as a program took shape that requires a summary report to be filed publicly.
More than a million reports of malfunctions or harm spanning about 15 years remain in a database accessible only to the FDA. But with the agency’s new transparency push, the public may find a public report and submit a Freedom of Information Act request to get information about incidents. A response can take up to two years.  The long-standing exemption program “has allowed the FDA to more efficiently review adverse events … and take action when warranted without sacrificing the quality of our review or the information we receive,” Hunt said in an email.
The KHN investigation had to perform a careful dissection of FDA databases, exceptions and who had access to the relatively unknown information.  There was certainly a lack of transparency even within the FDA.

To those outside the agency, though, the exceptions to the reporting rules are troubling. They strike Madris Tomes, a former FDA manager, as the agency surrendering some of the strongest oversight and transparency powers it wields.  “The FDA is basically giving away its authority over device manufacturers,” said Tomes, who now runs Device Events, a website that makes FDA device data user-friendly. “If they’ve given that up, they’ve handed over their ability to oversee the safety and effectiveness of these devices.”

The FDA issued the same kind of exemption to the makers of da Vinci surgical robots months after Johns Hopkins University School of Medicine researchers pointed out that the company was filing a notably small number of injury reports in the public database.

"The FDA is basically giving away its authority over device manufacturers. If they’ve given that up, they’ve handed over their ability to oversee the safety and effectiveness of these devices. " 

 Madris Tomes, former FDA manager

Doctors, like Kwazneski, who have turned to the public data to gauge the risks of surgical staplers have seen little. He wrote about the “unacknowledged” problem of stapler malfunctions in a 2013 article in the journal Surgical Endoscopy. In 2016, while reports of 84 stapler injuries or malfunctions were openly submitted, nearly 10,000 malfunction reports were included in the hidden database, according to the FDA.
Device maker Medtronic, which owns stapler maker Covidien, has been described as the market leader in surgical staplers. A company spokesman said that the firm has used reporting exemptions to file stapler-related reports through July 2017. Ethicon, the other major stapler maker, said it has not. The public database shows that Medtronic has reported more than 250 deaths related to staplers or staples since 2001.
"I don’t want to sound overdramatic here, but it seemed like a cover-up." 
Dr. Douglas Kwazneski, surgeon

FDA To End Program That Hid Millions Of Reports On Faulty Medical Devices | California Healthline:

Friday, May 3, 2019

Is The Day of the Password going Away ?

Although Microsoft is one of the most-attacked companies globally, the company allows 90 percent of its employees to log on to the corporate network without a password, according to CNBC.

Microsoft is not the only company looking to leave passwords in 2019. Google is testing alternatives to passwords along with Cisco.

Microsoft's Chief Security Officer Bret Arsenault called this a reflection on the "password less future" the company has been talking about for years. To eliminate the need for passwords, Microsoft has developed products to remove the need to memorize a string of confusing terms and phrases.

Rather, the technology company has employees choose between different options, including Windows Hello and the Authenticator app, which provides alternatives for logging into a computer network, such as facial recognition and fingerprints, CNBC reports.  Windows Hello addresses the following problems with passwords:

Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites.
Server breaches can expose symmetric network credentials (passwords).
Passwords are subject to replay attacks.
Users can inadvertently expose their passwords due to phishing attacks.

In a survey some time ago the amount of time revealed primary care doctors spending 6 hours daily on EHR data entry. The study determined providers spend over half the workday on EHR data entry.

The advantage of SSO (single sign-on) is easily calculated.

Single sign-on (SSO) is a technology intended to facilitate easier and faster use of EHRs and other clinical information technology applications.

Single sign-on utilizes authentication to increase information security, but quantitative evaluation of its financial value to health care institutions has not been reported.

This study of SSO implementation in 6 general hospitals found meaningful time savings of 1461.2 hours per facility per annum for physicians, nurses and ancillary end users of clinical information technology.

These time savings translate into a substantial recurrent financial return from SSO implementation, estimated at $92,146 per facility per year, and $1,658,745 per annum in our first phase implementation of 18 hospitals.

Migration to a thin client as part of SSO implementation also yielded a substantial financial return on investment.

Implementation of computer workstation single sign-on (SSO) in 2015. SSO technology utilizes a badge reader placed at each workstation where clinicians swipe or “tap” their identification badges.

This model incorporates the CAC reader into the keyboard itself (right upper left)

There are a variety of other iterations: The CAC (computer access card) may also contain other identifying features, such as photo and/or fingerprint. The SSO card can be multifunction with designated zone controls, such as ED, O.R. I.C.U.  The card can also be used as a time stamp identifying time logged in or location control.

To assess the impact of SSO implementation in reducing clinician time logging in to various clinical software programs, and in financial savings from migrating to a thin client that enabled replacement of traditional hard drive computer workstations.

Following the implementation of SSO, a total of 65,202 logins were sampled systematically during a 7 day period among 2256 active clinical end users for time saved in 6 facilities when compared to pre-implementation. Dollar values were assigned to the time saved by 3 groups of clinical end users: physicians, nurses and ancillary service providers.

The reduction of total clinician log in time over the 7 day period showed a net gain of 168.3 h per week of clinician time – 28.1 h (2.3 shifts) per facility per week. Annualized, 1461.2 h of mixed physician and nursing time is liberated per facility per annum (121.8 shifts of 12 h per year). The annual dollar cost savings of this reduction of time expended logging in is $92,146 per hospital per annum and $1,658,745 per annum in the first phase implementation of 18 hospitals. Computer hardware equipment savings due to desktop virtualization increases annual savings to $2,333,745. Qualitative value contributions to clinician satisfaction, reduction in staff turnover, facilitation of adoption of EHR applications, and other benefits of SSO are discussed.


The studies document series cost impact of wasted time for logins. It eliminates the overuse of the same password for different programs.

Military and VA hospitals and the DOD AMEDD system have used this method for many years. It would be an easy and cost-effective solution to eliminate wasted times. The SSO can also require an additional step for 2 step authentication and/or an additional password for added security

Why Microsoft is saying goodbye to passwords:

Thursday, May 2, 2019

Central Illinois HIE Shuts Down

Central Illinois HIE Shuts Down

Members tell CIHIE that services were becoming ‘duplicative’ of what their health IT vendors offer
 APRIL 29, 2019

What is the forecast for the half-life of Health Information Exchanges?  The playing field has changed substantially since the onset of the electronic health record.  What does the future for HIEs portend?  Will they disappear? The intent of the ONCIT to force EHR vendors to build systems that were interoperable appears to have worked.  HIEs are no longer necessary for disparate electronic health records to communicate with each other.

Some public health information exchanges continue to struggle with sustainability. The Communities of Illinois Health Information Exchange (CIHIE) stopped providing services in February, saying that health system members told the HIE that their investment in CIHIE was becoming “duplicative.”
Originally established in 2009 as a nonprofit collaborative and formerly called the Central Illinois Health Information Exchange, the CIHIE grew to include 73 hospitals, more than 375 primary care and specialty clinics, an emergency transport provider, as well as more than 70 long-term care facilities, home health agencies and other ancillary healthcare settings. Authorized healthcare providers had secure access to more than 5.5 million patient records in 20 counties in the Peoria, Bloomington, Champaign and Decatur areas.
The organization did not return a message seeking comment, but in an explanation on its website, CIHIE said it still believes that timely access to patient records minimizes wait time for treatment, reduces costly duplication of services and supports safer care. “However, healthcare looks different today than it did when we began in 2009. There are now viable alternatives to exchanging data that did not exist when CIHIE was formed.”
CIHIE said that in 2009, as it was conceptualized around a conference room table, even hospitals located in the same community weren’t sharing records across organizational boundaries. There were many different vendors in the market and not enough uniformity to make electronic exchange possible. Fax, mail, and hand-delivery were required to get records from one place to another and many physician practices were still on paper.
CIHIE said these limiting factors are no longer true. “Federal investments in policymaking, vendor certifications, and incentive funding have shifted the market. Software vendors now recognize the importance of making data more portable and less proprietary.”
As CIHIE’s participating organizations have assessed the capabilities that now exist with their own vendors, they told the HIE that their investment in CIHIE was becoming duplicative. “Our board has listened to these concerns and believes the responsible action is to cease services so that there is no longer a financial requirement being placed on organizations to support an independent exchange.” Perhaps the health system members are all using the same EHR vendor and so are sharing patient data that way. 
CIHIE said it has provided participants with information about other ways to connect with healthcare exchange services, noting that there may be resources available through their own software vendor, through the state, or through national exchanges.

The closure of the CHIE and perhaps other Health Information Exchanges may impact other non-providers such as health plans, pharmacies, worker compensation plans. They are often granted access to EHR data through a Health Information Exchange. There are also legal issues since anyone using an HIE have business associate agreements with the HIE. Will direct EHR-EHR interoperability require legal business associate agreements?

Even though regional health information exchanges exist many providers chose to not use them for a variety of reasons.  Lack of interest may also have contributed to closure of an HIE.

Are EHRs truly ready for the changes ?

Inevitably each regional HIE disbandment will require specific instructions to maintain EHR connectivity for provider-hospital-provider medical records.