Sunday, May 16, 2010

The Case for Remote Medical Device Programming

With the recent reports of hacking ICD's, especially when a skilled set of engineers stand within six inches of the device, we can see the next Tom Clancy story line:
"A famous head of state, lounging in the comfort of his home, suddenly is afflicted with a series of shocks from his defibrillator, then collapses to the floor. His aides, uncertain what just happen, attempt to revive him, to no avail. Meanwhile, in a country far, far away, the terrorists are exchanging high fives..."
These threats, as we can clearly see, are a Clear and Present Danger. (I know, not very original, but you get the drift.)

Not that security isn't important, it is. But should it be a show-stopper to innovation as we attempt to deliver care to our burgeoning patient population in the years ahead?

The reality on the ground is that doctors should have the ability to make adjustments to certain ICD programmed features remotely. The reality on the ground is that already we have non-medical personnel programming devices - even turning them off.

These devices need continuous follow-up, and a lot of it. For every device implanted, I would estimate that there are four times the number of patient visits made for these devices to a doctor's office that for patients without devices. Is this on-site follow-up burden sustainable? Currently, entire clinics are manned full-time by device nurses to manage the volume. Even with these clinics, devices must to reprogrammed at other times, like just before and after surgery, or de-activated when people reach the end of their life. With cost constraints limiting the number of personnel available for device management, we simply not have the number of individuals at all the geographic sites necessary to reprogram devices in person. So we've turned to industry representatives who hold no medical degree to make changes to programmed parameters on our behalf, many of which go undocumented. Physicians "oversee" these adjustments, of course (someone has to be legally responsible, right?), but the reality is is that people with medical degrees are not always the ones out there pushing the buttons.

This issue will only grow more dire as the baby boomers age and the number of devices continues to grow as we push to keep patients out of the hospital. For these reasons, and reasons of legal accountability, I foresee that the need for remote programming of devices will be all but inevitable.

And this isn't just for cardiac devices. Insulin pumps, neural stimulators, and a whole host of new innovative implantable devices will also need follow-up after their implantations.

Certainly, secure interlocks can be developed to assure safe remote reprogrammings - maybe even patient-and-physician hand-shake protocols, for instance. But in this era of increasingly wired health care delivery there should be no reason the FDA, in a brief moment of clarity, should discourage the development of carefully-developed protocols to modify device settings remotely.

What the heck are we waiting for?



Nuclear Fire said...

It's the start of the book Rain Fall by Bruce Eisler. The assassin reprograms the pacemaker to slow the heart until the guy dies.

Medical Quack said...

Dr. Wes, you make some very good points here and I have said on a couple occasions that "devices that report data" are somewhat the missing link with "meaningful use" too, in other words the human input is not always the case but there is the area of responsibility to fall back to the physicians, many of which have no clue on what is emerging out there, and again right on the money with expanding beyond cardiology too.

I recently did a post on the number of devices as an example from Medtronic using their Care Link network, devices that report data to a portal for analysis, and the number is growing.

Software is key here with getting it right with accurate reporting and the physicians need the ability to remotely monitor and not have this left up to a 3rd party somewhere making the decision as the patient only has one life, so it's not like pulling a back up into place like the rest of the data world does. I think sometimes people get very confused here as we are so distracted today just simple due to the nature of the beast with technology in healthcare throwing us a new left curve every day.

Certainly the FDA involvement can't wait much longer and their interactions and collaborations with other departments in government are important, use the DOD as an example who may have some expertise with some of what they are developing. The FDA just recently lost one of their top device experts to Microsoft in the last month or so too.

More devices are coming into the era of the personal health record too, and right now this is limited to scales and other simple devices to send the data, but it will grow beyond these borders too. I look at where Medtronic is right now and they are not the only game in town either as there are tons of other device companies working with their proprietary software programs too, so ultimately we need a common area to bring all of this together before doctors go nuts with using many different protocols and portals.

You can certainly use tech individuals to check on and ensure reporting and software is functioning correctly, but does this edge over to allowing a decision making process too as you stated? You brought up some very good points here and I think we are just on the tip of the iceberg here as we move along, and it's going to be complicated to say the least, in my opinion.

Lisa said...

Thank you. You just confirmed my reasoning to put off getting the ICD as long as possible.

DrWes said...

Medical Quack-

Certainly the FDA involvement can't wait much longer and their interactions and collaborations with other departments in government are important, use the DOD as an example who may have some expertise with some of what they are developing.

Although the DOD certainly has had its own troubles with hackers, if we can kill militants from thousands of miles away, I would suggest it's high time we use similar tachnology for more pressing humanitarian needs at home.

Complicated? Of course. Possible? Absolutely.

Jay said...


I actually met the guys from Medtronic that worked on the security for Dick Cheney's ICD.

I could tell you more, but then I'd have to kill you.


P.S. Stay tuned -- remote programming is coming. Can't tell you more, or I'd have to kill you again.

Anonymous said...

Dr. Wes - good points.

The well publicized examples of devices being "Hacked" were in reality someone having a programer, reverse engineering the programmer through an interative process, and duplicating its communication. If we were really concerned about this scenario, it would be a lot easier to steal a programmer from a hospital and use it maliciously than build your own after having access to one in a lab. Also the media is no help here, failing to mention the proximity required to enact the programming. And let's not get started talking about some of the physicians seeking celebrity status for their "work". Sensational headlines work better than the reality which is not that exciting.

Anonymous said...

I want to be able to see and even (!) talk with the person interrogating and re-programming my ICD. And I'm not the only one (hey! sounds like John Lennon). As for letting someone remote program me . . . gotta just say no. Even if the clinic burdens of follow-up limit the number of patients you implant, is that entirely bad? personally, I think that both clinicians AND patients should give the question of whether to implant more thought. Thanks.

Anonymous said...

As a recent recipient of one of these horrible devices, given two days to decide minimal explanation a cardiologist who seems to know less than I now know about the thing, nurse interrogators and adjustors who forgot to put rate response on and had to get permission from the invisible cardiologist to put up the upper limit and seem to have no understanding or interest in how the bloody thing feels you think remote programming is a good idea. Actually i think they remote program when you are next to them. I wish I could take the bloody machine out and leave it with them, because thats all they care about.

Anonymous said...

Precisely what BIOTRONIK's vision was when they were the 1st to not only bring home monitoring to the industry but free mobile cellular home monitoring as well. Still the only company to offer it. Doesnt sound like much, but ask any ICD patient what they would rather have and you will find that they prefer 24/7 coverage.