VA worked around security rules in iPad, iPhone rollout, report says

By: Neil Versel | May 30, 2012        

Tags: | | | | |  |

veteransaffairsipadDepartment of Veterans Affairs CIO Roger Baker may have circumvented around some federal protocols in deploying iPhones and iPads to VA personnel, but he did not violate strict security standards, according to an audit by the department’s Office of Inspector General.

In rolling out mobile devices to physicians and other VA personnel last year, the department knew that neither Apple iOS nor the Android operating system supported Federal Information Processing Standards (FIPS) 140-2 encryption, so Baker employed software work-arounds to assure that any sensitive data met government requirements for security. More than 200 Apple devices were distributed at VA facilities in Washington, D.C., Albany, N.Y., Chillicothe, Ohio, and Battle Creek, Mich., before a tipster reported the issue in confidence to a VA hotline in September 2011.

Sen. Jon Kyl (R-Ariz.) subsequently asked the OIG to investigate the practice and evaluate whether Baker violated any rules.

“Based on our results and in response to Senator Kyl’s additional request, we determined that VA’s approach of allowing only FIPS 140-2 certified applications to access or store sensitive encrypted data on the mobile device met [Federal Information Security Management Act] requirements for data protection,” a new report by Linda A. Halliday, the VA’s assistant inspector general for audits and evaluations, states. Halliday says that the 256-bit hardware encryption resident in Apple mobile devices “further minimized the risk of unauthorized disclosure of sensitive data” while federal officials test the Apple technology for FIPS 140-2 compliance.

However, the report found that the VA did not keep an accurate inventory of mobile devices using the enterprise’s network; two of the three iPads that the IT department supplied to OIG investigators did not have a federally certified security application installed, and the third was not configured properly, according to Halliday.

“We recommended that the Assistant Secretary for Information Technology [Baker] implement minimally acceptable baseline security configuration requirements for VA mobile devices in accordance with FISMA. We also recommended that the Assistant Secretary centrally manage the distribution of VA mobile devices will ensure that they are accurately inventoried and configured in accordance with minimum-security standards,” the report says.

The VA has agreed to have these plans in place by June, Halliday reports.


FCC MBAN plan called ‘step in the right direction’

By: Neil Versel | May 30, 2012        

Tags: | | | | | |  |

Darrell West Brookings InstituteLast week at a Brookings Institute forum examining how mobile technology influences health innovation, Brookings vice president and director of governance studies Darrell M. West repeatedly said that the Federal Communications Commission needed to open up dedicated wireless spectrum for healthcare use.

Two days later, the FCC approved a proposal to open up some of the spectrum—reclaimed when the nation switched from analog to digital television—for medical body area networks (MBANs) and for in-hospital wireless patient monitors. “The timing is really excellent. We really need more spectrum to support all the new technology that’s coming online,” West tells MobiHealthNews this week.

In West’s opinion, established wireless technology like Wi-Fi has its place for transmitting data, as does Bluetooth, but those technologies may not be sufficient for the pending explosion in mobile healthcare adoption. “We need something that is more reliable,” West says. “We need something that is dedicated for remote monitoring.”

According to the FCC: “The MBAN concept would allow medical professionals to place multiple inexpensive wireless sensors at different locations on or around a patient’s body and to aggregate data from the sensors for backhaul to a monitoring station using a variety of communications media. We conclude that an MBAN represents an improvement over traditional medical monitoring devices (both wired and wireless) in several ways, and will reduce the cost, risk and complexity associated with health care.”

GE Healthcare, which formally petitioned the FCC to allocate spectrum for MBANs, likened wireless medical sensor networks to “Facebook for the body.” In an interview with MobiHealthNews, West was pleased but more pragmatic. Keep reading>>

BodyMedia sues Basis over alleged patent infringement

By: Brian Dolan | May 29, 2012        

Tags: | | | | |  |

Brian Dolan, Editor, MobiHealthNewsLast week 13-year-old wearable health tracking device company BodyMedia formally served Basis Science, a startup working to bring its wearable tracking device to market, with a lawsuit that claims Basis’ offering infringes on six patents held by BodyMedia in more than 100 ways. Basis filed its response and counterclaims within days.

I had a chance to discuss the suit with the CEO of BodyMedia, Christine Robins and the CEO of Basis Science, Jef Holove in phone interviews last week. Basis believes the timing of the lawsuit was curious and an attempt to hinder its product’s launch, that the patents BodyMedia claims it infringes will not hold up in court, and that while it believes its device does not infringe on those patents it doesn’t believe BodyMedia can know that anyway since its product has not yet launched.

In the lawsuit BodyMedia explains that it bases much of its understanding of Basis forthcoming Basis Band device on press interviews and an on-site demo that Basis employees did for BodyMedia representatives at the CES (Consumer Electronics Show) event in Las Vegas earlier this year.

“From our perspective we had a really good CES with good momentum and buzz,” Holove told MobiHealthNews in an interview. “They were just down the aisle from us at CES. They announced the suit involving six different patents. Our original take was it seems curious that they would announce a suit like this before we even launched a product. They don’t have any firsthand knowledge of our product, what we are doing, or even the inner workings of our system. Felt to us that the basis of the suit was largely assumptions. On top of that, because we are still in development, our product continues to evolve. So it’s pretty hard to understand the foundation of their assumptions. Because of that, and the timing of it, it felt to us like this is really aimed at trying to hinder us from launching into the marketplace. For us, that is really the most disappointing aspect of this.”

BodyMedia’s Chris Robins says there was nothing unusual about the timing of the lawsuit.

“The [lawsuit] was formally filed on February 2nd. They were aware of it on February 2nd. The court allows a certain amount of time until we have to to formally serve them papers. It has been in the court docket and the public domain since then. It is their responsibility to contact us if they would like to discuss it. This was just a formality. There is a period of time from when you file to when you serve them. We were with within the confines of the law in terms of timing,” Robins said.

The most striking thing about my conversations with both CEOs was the common claim that the other should have contacted them before things got to this point. Keep reading>>

@WLSA: FDA is heading in right direction now

By: Brian Dolan | May 29, 2012        

Tags: | | | | | | | | |  |
Photo Credit: Paul Savage Photography

Photo Credit: Paul Savage Photography

By Padma Nagappan

One of the panels at the recently concluded WLSA Convergence Summit in San Diego focused on how things have changed within the last five years and whether the guidelines the FDA issued last year for devices helps provide clarity in navigating the choppy waters of clearance.

The panel featured two companies that have received 510(k) clearances, Sotera Wireless and DexCom, as well as Beth Seidenberg from Kleiner Perkins Caufield & Byer and Dane Stout, executive director of connected health and biomedical practice at the Anson Group.

Moderator Frank Rahmani, a partner at Cooley LLP, asked panelists for their perspective as innovators and investors about regulatory changes, strategy to handle the approval process and priorities in choosing investment areas.

Sotera Wireless recently announced it had approval for its ViSi Monitoring System from the FDA and the CE Mark in Europe. ViSi is a vital signs monitor that can be worn on the wrist and allows patients to remain ambulatory instead of being tethered to a hospital bed. An upcoming version will be able to transmit the vital signs to care givers wirelessly.

CEO Tom Watlington said the guidelines issued by the FDA last fall help provide clarity and remove confusion, and they helped the company on its path to its first approval. Having been in healthcare for 30 years, he thinks things have changed substantially in the last few years.

“We did have to calibrate to new changes, but now there’s emphasis on the human factor.  Fortunately we had invested time and effort in preparing for it. The other thing, there’s small gaps in filing and we found they were parsing a lot of the filing to internal consultants — so the questions are more numerous, more specific, more detailed, but fortunately we were on point,” Watlington said. “Things are clearing up. None of these are obstacles. Going forward will be easier for us, but the first FDA approval was a new experience.”

DexCom, the developer of the Seven Plus continuous glucose monitoring system with an under skin implantable sensor, transmitter and receiver, has navigated FDA approval successfully in the past, for different versions of its products. CTO Jorge Valdes said last year’s guidelines make it clear what’s covered and what’s not and it kept the smartphone out of the regulatory environment, which is good.

“I spent 20 years in a regulated environment, first in telecom and now in healthcare. It is different now. I would say we have a good relationship with the FDA. The secret to that is to communicate and do it often,” Valdes said. “Today devices are very much integrated, so the FDA recognizes the advantage of integrating with smartphones. They want to see your risk analysis, your clinical protocols and where you want to do the trial. When I first started, there wasn’t even a human factor filing. With smartphone apps ramping up, this human factor filing will become very important.”

Stout with the Anson Group said the FDA did act quickly in issuing the new guidelines and its goal is to focus on intended usage rather than the actual technology.

Rahmani asked Seidenberg if she agreed with them that the new guidelines are helpful. Keep reading>>

@WLSA: Lessons from the San Diego Beacon Community

By: Brian Dolan | May 29, 2012        

Tags: | | | | | |  |

Photo Credit: Paul Savage Photography

By Padma Nagappan

Getting care providers to communicate with each other and share patient data with a network of care givers can go a long way towards helping reduce costs and improve patient care and healthcare, Dr. Theodore Chan, who is working on the San Diego Beacon Community project, stated during his remarks at WLSA last week.

The Beacon Community initiative is a partnership between health care providers, hospitals, clinics, emergency medical services and health care organizations that taps IT to share information in real time, giving physicians timely access to data when patients visit multiple care facilities, among other benefits.

The pilot program is the only one in the state of California, and along with 17 other projects around the country, has funding of about $250 million in ARRA funds. The projects will help foster health information exchanges (HIEs), EHR expansion and adoption, telemedicine and e-care, among other innovations.

The San Diego Beacon will focus on outcomes for cardiovascular and cerebrovascular disease targets, childhood immunization rates and hospital readmissions. It is the only Beacon project headed by emergency room physicians and will focus specifically on EMS and emergency medicine.

Chan is the medical director of the emergency department at the University of California, San Diego Health System. He said emergency physicians need access to a patient’s medical history and medication lists which are critical but often not available to acute management. Health IT and HIEs have the potential to address this problem and improve patient care in emergency rooms.

The conundrum with health IT, Chan said, is that it simultaneously offers too little information and too much information. He explained the contradiction with an example. A recent patient he saw came to his ER and mentioned she’d just had a baby two days before. When asked why she’d come to the ER instead of going back to the maternity department, she responded that she thought she’d just check her condition out at the ER. Keep reading>>

Reebok taps MC10 for wearable device to launch this year

By: Brian Dolan | May 29, 2012        

Tags: | | | | | | |  |

Icke presenting at WLSA

By Padma Nagappan

Cambridge, Mass.-based MC10 co-develops products in wearable sensing for sports, fitness and wireless health, working closely with partners. Its first commercial products will debut later this year in partnership with Reebok, while others that use the company’s Biostamp smart sensing sticker will be available next year.

MC10 is capitalizing on the fact that conventional integrated circuits are rigid and brittle while current flexible circuits are not up to par in terms of performance and reliability. Its technology will be able to stretch, twist, expand and deploy with the caliber of integrated circuits, throwing open opportunities for breakthrough applications.

With electronics that interface with humans, rigid boards don’t interface well with the soft tissues of the body, CEO David Icke pointed out during his remarks at the WLSA event last week. MC10 is working freeing up the constraints of rigidity, “so you can do amazing things with interfacing.”

“If you think about how data is collected from the body, it’s by using clunky straps and boxy equipment. MC10 is focused on advancing that so it’s seamless, thin, invisible to the user and scalable for large scale manufacturing,” Icke said.

The specifics of the Reebok product are not public yet he said when asked for details, but “what I can say is that Reebok recognizes that thin, conformal electronics are valuable for athlete performance optimization and injury prevention, integrated with apparel, footwear and equipment.”

MC10 designs, develops and sources the microelectronics module behind the Reebok product. The Biostamp sensing sticker that will be out next year has a variety of applications and Icke gave Mobihealthnews some examples.

  • Parents can track a child’s activity level or even location.
  • First responders can use a “person-down” triage patch that quickly determines vital signs and the need for timely help.
  • For diabetics, a tattoo-like sticker to help detect hypoglycemia before it gets severe.
  • For some one with congestive heart failure, a non-invasive way to sense how the heart contracts and get him back on his meds.
  • For a veteran amputee, a powerful but comfortable human-computer interface for prosthetics.

Aside from this, MC10 has received significant interest in deploying smart sensors for minimally invasive interventional procedures, Icke said.  It has worked on balloon catheters with Massachusetts General Hospital and is also collaborating with large medical device companies.