In the March 1971 issue of Good Housekeeping, Ralph Nader wrote an article about the risk of electrical shock caused by medical equipment in hospitals. Our industry responded by testing medical equipment for leakage current by the biomedical equipment engineers and the clinical engineers at their hospitals. It also created an industry of medical equipment test instrumentation. The medical industry responded by creating better designed equipment with low leakage current.
Initially, our industry was required to test medical equipment for leakage current twice a year per the Joint Commission (TJC) and the Centers for Medicare and Medicaid Services (CMS). As medical equipment manufacturers designed better equipment to minimize the risk of electrical shock, TJC and CMS relaxed their testing requirements, first to one a year and then finally to a risk-based system.
Frank Painter recently mentioned in an Alternative Equipment Maintenance (AEM) seminar that the now-adopted 2012 National Fire Protection Association safety codes allow you to no longer routinely test for electrical safety except during incoming inspections or after major repairs. We have come full cycle on the concern over electrical safety. The medical equipment industry responded.
But now we are seeing a new issue that has replaced the old electrical safety concern of the past several decades—cybersecurity. This is a relatively new concern, since most medical equipment was not designed to be placed on a hospital enterprise network. Some medical equipment over the past 20 years was designed to work on a network, but that network was segmented and did not communicate over the hospital enterprise network. Now we are seeing more and more equipment attached to the hospital enterprise network, where it is vulnerable to cybersecurity threats.
Remember the classes we took when you were preparing for the healthcare technology management (HTM) field? One of those classes was anatomy and physiology. We took this class to understand how medical equipment interfaces and works with patients. We also took the class to help us speak the language of the doctors and nurses we would work with.
Today, to speak the “anatomy and physiology” of information technology (IT), we need to be taught a new language. We need to understand how the medical equipment interfaces with the IT infrastructure just like we did when we learned how it interfaced with patients. We need to understand the risk to our patients just as we did with electrical safety.
This new concern has created new opportunities for the HTM industry. The cybersecurity industry has responded by expanding its knowledge into the medical equipment field. Scores of new companies have been formed to help with this issue. I’m sure you’ve have seen them at an AAMI or MDExpo conference recently. Medical equipment manufacturers are starting to respond by designing their new medical equipment with cybersecurity in mind.
The HTM industry also needs to respond by learning the language of IT and understanding how to protect our patients against cybersecurity risks.
Ironically, the goal of our industry has not changed. Our industry was designed to protect the patient against risk. First it was electrical shock and now it is cybersecurity. What are you and your hospital doing to be prepared for this?
David Braeutigam, MBA, CHTM, CBET, is president of Braeutigam Enterprises LLC in Arlington, TX, and a member of AAMI’s Technology Management Council.