Apple’s iPhone connector change to drive health devices to Bluetooth Smart

By: Brian Dolan | Sep 13, 2012        

Tags: | | | | | |  |

Apple iPhone 5 Lightning Dock ConnectorAt this week’s iPhone 5 announcement, Apple confirmed something of an open secret among those companies that make health peripherals for iOS devices: The longstanding 30-pin connector dock has been swapped out for a new slimmer, redesigned connector dock that Apple calls Lightning.

Of course, an increasing variety of medical devices have received FDA clearance over the past few years to connect to the iPhone (and other iOS devices) via that 30-pin connector dock. Apple is making an adapter available that will help with the transition so 30-pin connector compatible devices will still be able to connect to the newest iOS devices, but as Apple notes in the product page for its adapter, not all devices will be supported.

This hardware change will strongly encourage health device companies to consider a short range wireless connection instead of adopting a proprietary one that only works for Apple’s iPhones, iPads, and iPods. The big winner here will likely be Bluetooth Smart.

Glooko is one mobile health startup that has based its initial efforts in the market on that 30-pin connector. Glooko created a cable that connected iOS devices with some of the most popular glucose meters already on store shelves. In an interview with MobiHealthNews earlier this summer, Glooko’s Chairman and Co-Founder Yogen Dalal said that the company was looking at alternative ways to connect glucose meters to the iPhone and other smartphones. Future versions of the Meter Sync cable might plug into meters at one end, but instead of plugging into the iPhone’s 30-pin connector, they might use Bluetooth Smart instead. Dalal also said the company is looking at the method that mobile payments company Square uses to connect to smartphones — through the phone’s headphone jack.

“There is still a certain amount of interconnect anxiety going around in the industry with the much rumored changes to the iPhone’s connector,” Dalal said in June. “Apple has been encouraging accessory vendors to come in through a wireless connection unless you have to come in through their new 19-pin connector.”

Apple’s announcement this week means more smartphone medical peripherals will cut the cord.

Are HIPAA rules unclear on texting protected health information?

By: Neil Versel | Sep 13, 2012        

Tags: | | | |  |

An ePHI-less text message.

Are vendors of secure text-messaging technology trying to sell people a bridge in Brooklyn, or is there a loophole in the somewhat outdated HIPAA privacy and security regulations that few have taken advantage of? The answer is unclear.

Dr. Michael Koriwchak, an otolaryngologist in Atlanta, raised the question last week on his Wired EMR Practice blog by calling secure texting both expensive and unnecessary. “How do you get a marginal product to sell? Either have the government make people buy it (Meaningful Use) or use marketing sleight of hand to create the illusion of a legal imperative,” Koriwchak writes.

“My inbox has been inundated with ads: ‘Don’t get caught texting [protected health information]! Buy our secure texting product today!” he notes.

Koriwchak says vendors were making their case by relying on a $100,000 settlement the HHS Office for Civil Rights reached with an Arizona cardiology practice that was lax in securing electronic PHI. “The incident giving rise to OCR’s investigation was a report that the physician practice was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible. On further investigation, OCR found that Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic protected health information (ePHI),” according to an HHS press release.

Information made public about the case said nothing about text messaging, but Koriwchak writes, “many secure texting vendors have cited this settlement as evidence that the Feds are prosecuting providers for texting PHI.”

The HIPAA privacy and security regulations were written during the Clinton administration and finalized in the early days of the George W. Bush presidency. SMS was around then, but was not widely used in the U.S. CTIA, the wireless industry association, reports that Americans sent 258.2 million texts a month in 2001, a figure that ballooned to 18.7 billion in 2006 and 193.1 billion by the end of 2011.

OCR spokeswoman Rachel Seeger tells MobiHealthNews in an e-mail that HIPAA privacy and security rules “do not expressly prohibit” sending electronic PHI by text or over the Internet—meaning by e-mail—but the security standards “require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.”

Another section of the security rule lists standards for transmission security and data encryption. “This means that the covered entity must assess its use of open networks, identify the available and appropriate means to protect e-PHI as it is transmitted, select a solution and document the decision,” Seeger explains. “The security rule allows for e-PHI to be sent over an electronic open network as long as it is adequately protected.”

But it may be difficult to determine if SMS networks are adequately protected. “It is widely accepted that every text has at least 3 copies: the sender phone, the receiver phone and one or more copies on the telecom servers involved in the transmission. The first 2 clearly exist. But has anyone verified current practices among telecom providers regarding server storage of text messages?” Koriwchak wonders. “There is no credible source that clearly documents what those practices are. Many providers and IT folks also intuitively believe that text messages can be easily monitored/intercepted remotely.”

Koriwchak referred to a November 2011 directive from the Joint Commission: “No it is not acceptable for physicians or licensed independent practitioners to text orders for patients to the hospital or other healthcare setting. This method provides no ability to verify the identity of the person sending the text and there is no way to keep the original message as validation of what is entered into the medical record.”

This, according to the blogger, does not raise the issue of privacy, which is an integral part of the OCR settlement with Phoenix Cardiac Surgery. “The two issues it does raise, identity verification and documentation in the medical record, are not solved by secure text products,” Koriwchak contends.

He further suggests that the Joint Commission policy should apply to telephone conversations because, Koriwchak says, “the voice of a caller cannot be objectively identified, and voice conversations are not preserved for the record either.”

Koriwchak then says that the federal government has never investigated any provider, payer, clearinghouse or other HIPAA covered entity for texting PHI, “although the secure texting vendors would like you to believe otherwise.” He also claims that there have been zero documented breaches of PHI related to texting.

OCR spokeswoman Seeger says the office “may have had a few complaints in this area.” However, the majority of breaches affecting at least 500 individuals have been due to loss or theft of hard drives, laptops, USB drives and other hardware, according to Seeger. All breaches must be included in annual reports, but any breach involving at least 500 people must be reported within 60 days. (Correction: The original story incorrectly stated that only breaches that affected 500 or more individuals had to be reported to HHS.)

“The few cases we have seen involving hacking highlight the importance of backing up information systems,” Seeger says. She recommends firewalls and encryption at the enterprise level to help prevent unauthorized access to PHI.

FCC finalizes MBAN rule, still must appoint coordinator

By: Neil Versel | Sep 13, 2012        

Tags: | | | | | | |  |

FCCThe Federal Communications Commission has finalized its rule on medical body-area networks (MBANs), officially allocating a portion of the wireless spectrum to wearable sensors.

Bloomberg BNA’s Health IT Law & Industry Report says that the action makes the U.S. the first country in the world to open up spectrum to networks of wireless medical sensors, though MBANs will be the secondary user on airwaves already used for flight testing.

Under the rule, which takes effect Oct. 10, MBAN devices may operate in the range of 2360-2400 megahertz. Communication for flight testing overlaps at 2360-2395 MHz.

“The specific MBAN technology that can be deployed under our revised [Medical Device Radiocommunications Service (MedRadio)] rules promises to enhance patient care as well as to achieve efficiencies that can reduce overall health care costs,” according to the FCC.

“The Commission concludes that there are significant public interest benefits associated with the development and deployment of new MBAN technologies. Existing wired technologies inevitably result in reduced patient mobility and increased difficulty and delay in transporting patients. Caregivers, in turn, can spend inordinate amounts of time managing and arranging monitor cables, as well as gathering patient data.”

While wireless telemetry systems have been allowed in hospitals and clinics for years, MBANs allow for monitoring outside of traditional healthcare settings. “The Commission concludes that an MBAN represents an improvement over traditional medical monitoring devices (both wired and wireless) in several ways, and will reduce the cost, risk and complexity associated with health care. The Commission also concludes that these benefits can be achieved with minimal cost,” the rule says.

MBANs will operate on what the FCC calls its “license-by-rule” framework, meaning that healthcare providers will have to register and coordinate the use of certain wireless equipment. However, this cannot happen until the commission appoints a frequency coordinator to manage such operations.

Monday, one day before the final rule appeared in the Federal Register, medical equipment manufacturers Philips Healthcare Systems and GE Healthcare sent joint comments to the FCC urging the commission to have its MBAN coordination system in place by June 2013. “It is important that the coordinator be fully familiar with the hospital environment and technological propagation mitigation tools so that robust technical solutions can be designed where and when required,” the companies say.

Philips and GE, two companies eager to market their own MBAN technologies, previously teamed up on a joint proposal that largely became the basis for the new rule. As MobiHealthNews previously reported, GE Healthcare described MBANs as kind of a “Facebook for the body.”

Seven digital health startups raised $26 million in recent weeks

By: Brian Dolan | Sep 13, 2012        

Tags: | | | | | | | | | |  |
BetterDoctor iPhone App

BetterDoctor's iPhone App

In recent weeks a number of digital health startups have announced rounds of funding totaling some $26 million. MobiHealthNews has previously covered the venture capital Agile Health, iSonea, and Sherpaa raised in recent days. Here’s a quick round-up of a few other digital health investments.

Aberdare Ventures and the West Health Investment Fund announced investments in medication adherence startup RxAnte this week. The first round of funding, which Aberdare led, will help RxAnte “further develop [its] proprietary technologies, commercialize its current offerings, and expand the company’s impact on the quality of medication use,” according to the announcement. The financial details of the investment were undisclosed.

This week San Francisco-based BetterDoctor launched its web and mobile-based physician search service, which so far has $650,000 in seed financing. The company’s early investors include physicians and angels Steve Wolf, Jason Johnson, Dr. Philip Settimi, Dr. Charles Lim, Devon George, Erik Engelson, Dr. Joseph Andresen and Chris Burggraeve, according to TechCrunch. The company, which was founded by two former Nokia execs is in the process of raising its next round. BetterDoctor is a mobile-optimized service that helps users find and book appointments with physicians in their area, but the database of doctors is curated by the company and is invitation-only to ensure high quality, according to BetterDoctor.

Patientco, which offers patients a free web portal for paying, managing, and tracking health care expenses, has raised $3.75 million from BlueCross BlueShield Venture Partners and Sandbox Industries. Patientco also works with healthcare providers to offer users incentives to pay their bills earlier — 10 percent off for paying the bill within a month of their appointment, for example. The company plans to use the money for product development and marketing to expand its user base. According to Atlanta Business Chronicle, the company is profitable, too.

Doximity, an online network for doctors that enables — among other things — secure messaging and collaboration between them, raked in $17 million in funding this month led by Morgenthaler Ventures. Doximity, which was founded by one of the founders of Epocrates, says about one in seven doctors in the US is now on the platform. The company previously raised about $10.8 million, which brings its total funding to date to close to $28 million.

Earlier in the week, MobiHealthNews reported on Agile Health’s $2 million in funding. The company, which was founded by ex-Caremark executives, is working to repurpose its smoking cessation application for diabetes management. Last week iSonea announced $1.05 million in funding to help transform its medical devices for people with asthma into smartphone peripherals. Finally, Hello Health co-founder Dr. Jay Parkinson’s startup, called Sherpaa, raised $1.85 million, to help other startups better navigate health insurance and provide health care for their employees.

Are digital health patents beginning to shape the market?

By: Brian Dolan | Sep 11, 2012        

Tags: | | | | |  |

Brian Dolan, Editor, MobiHealthNewsWith the latest news this week that another major player in mobile health has won what appears to be an important patent, it seemed like a good time as any to review and follow-up on recent patent happenings.

Perhaps the biggest IP story that we’ve been following over the course of the year has been Robert Bosch Healthcare’s patent infringement lawsuit against three other home health monitoring companies: ExpressMD, MedApps, and Waldo Health. In late July Bosch filed an additional and apparently similar lawsuit against Cardiocom, based on its Health Buddy patent portfolio.

In February when it filed the first three lawsuits, a spokesperson for Bosch explained to MobiHealthNews:

“We feel it is important to demonstrate that IP is important, and not just to our company. Bosch Healthcare Systems, like most high-tech companies, values its intellectual property as an essential asset of its business… Bosch is open to working with those companies that are interested in securing this technology through a licensing agreement, and we are in discussion with numerous companies in this regard.”

Within two months Waldo Health settled with Bosch and became one of the first companies to license its technologies. Since then — late April 2012 — Waldo Health has been quiet.

In early summer MobiHealthNews exclusively reported that Alere had acquired MedApps, which is now a business unit called Alere Connect. Alere has a longstanding IP agreement with Bosch based on a settlement the two companies came to years ago. A recent filing in the Bosch-MedApps suit notes that “Alere has a license for each of the patents-in-suit.” As a part of Alere, MedApps issues with Bosch’s IP may be over, but the lawsuit has not yet settled. Following news of Alere’s acquisition of MedApps, the two companies filed a motion to go to mediation by mid-October.

MobiHealthNews reported last week that Authentidate, the parent company of ExpressMD, was forced to reverse-split of its stock last week to avoid delisting from the Nasdaq Capital Market. Authentidate provides remote monitoring technology to several major provider organizations, including the Premier hospital alliance and the U.S. Department of Veterans Affairs. It is unclear, of course, what role, if any, the Bosch lawsuit played a role in the company’s recent financial woes.

The other big lawsuit that dropped earlier this year was BodyMedia’s suit against Basis Science, but since Basis sent in its official response to the suit, no new court filings have appeared. In May longtime wearable fitness device company BodyMedia formally served Basis Science, a startup working to bring its wearable tracking device to market, with a lawsuit that claims Basis’ offering infringes on six patents held by BodyMedia in more than 100 ways. Within days Basis filed its response and counterclaims, as we reported in May: Basis believed the timing of the lawsuit was curious and an attempt to hinder its product’s launch, that the patents BodyMedia claims it infringes will not hold up in court, and that while it believes its device does not infringe on those patents it doesn’t believe BodyMedia can know that anyway since its product has not yet launched.

It is now almost four months later and Basis still hasn’t launched its health and fitness tracking device. The case hasn’t made any apparent progress yet either.

As the review above makes clear, some of the oldest companies working in digital health are bringing about suits to defend their patents. What follows from AirStrip’s announcement this week that it has secured a patent for its technology which “mobilizes physiologic data to smartphones, tablets and other devices” remains to be seen, of course. Still, no one can argue that patent litigation in digital health is ramping up, and it’s not in any one segment. These three companies also represent three of the biggest digital health markets today: Home-based care and monitoring, in-patient care and monitoring, and fitness and wellbeing.