We are living in an age where we are connecting everything we do to the Internet—TVs, security systems, lights, thermostats, parking meters. Even the lowly refrigerator can tell you when you are running out of eggs. While some of these uses merely burn bright in the media afterglow of the latest Consumer Electronics Show, others become ingrained in how we live, and we can’t imagine how life was before; the Internet connected smartphone has become ubiquitous.
Healthcare has been no stranger to these forces. As healthcare delivery organizations (HDOs) wrestle with managing costs, and serving more patients without additional staff, connecting medical devices to the hospital’s information technology (IT) networks seems to offer opportunities for efficiencies. A 2013 study released by West Health Institute estimated that connectivity could save more than $30 billion annually in U.S. healthcare costs due to improved patient care and safety. The institute looked at many facets, such as safety coming from integrated alarm systems, and efficiencies due to shared test results and elimination of manual data entry.
But if you talk to a clinician working in the trenches, many of the early attempts to interconnect medical devices and health IT systems have been problematic. There have been cases of semantic data incompatibility, as well as confusion over user login credentials for a mix of equipment that is similar, but does not really behave the same. Even the issue of tubing misconnections and small-bore connectors is a basic problem with interoperability, albeit at a different abstraction level.
Why is it so difficult to get all of this right?
The medical devices, networks, and servers; the patients and clinician users; and the applications and data that glue everything together form a complex “cyber-physical” system. Cyber-physical systems (referred to as CPSs by those who work closely with them) are computing systems that interact with the physical world. Since medical devices can monitor and provide therapy to patients, connecting them to the hospital computing network forms a CPS. Other classic examples include the power grid, control systems for a chemical plant, or the computing systems on a modern commercial airliner.
Cyber-physical systems usually require important properties, such as safety, reliability, usability, and security. They often have to respond within time limits; a ventilator that delivers air too late may be both unreliable and unsafe. A significant challenge that hospitals face is how they can assemble a collection of medical devices and health IT software applications into an overall system that has these important properties. The approval process by the U.S. Food and Drug Administration (FDA) seeks to ensure that individual devices are “safe and effective.” As the FDA has increased scrutiny of usability issues and with the recent guidance on cybersecurity, hospitals can be increasingly confident that new devices will have these properties as well—at least at the level of each individual device.
Unfortunately, there are many examples of unsafe/ unsecure/ unreliable/ unusable systems assembled from a set of safe/ secure/ reliable/ usable subsystems. The converse is also true. A safe system can be assembled from subsystems that are not safe independently (for example, through the use of redundancy). That is because safety, security, reliability, and usability are “emergent” properties of a system as a whole. Whether an interoperable set of devices and health IT software applications have these properties depends on the interaction of these subcomponents, as well as the actions and interactions with the human users of the system. Doing this well requires collaboration and “systems thinking” between the device manufacturers, health IT software vendors, and the hospital personnel responsible for the integration and maintenance of the hospital system.
Ken Hoyme is a distinguished scientist at Adventium Labs in Minneapolis, MN. He is active in several AAMI initiatives, including the Systems Advisory Group and the Medical Device Security Working Group.