Plugging Into the New Network
Biomed-IT integration requires both human and technological connections
Keith Glassford Derek Brost

Advances in medical technology provide new ways to help patients, save lives and provide clinicians with more information and greater potential for diagnosis and healing. But they can also upend the ways of the traditional biomed department. The continued progress of device connectivity has shifted the focus from a regulatory and infrastructure perspective, and has many biomeds switching out their wrench for a WAN. These advances have blurred the lines between the IT and biomed departments, bringing the two together like never before. But it’s not just the biomed and IT departments that will need to collaborate – IT integration requires new levels of communcation among all hospital departments.

So what is the future of biomed and IT, and how will the dynamics of the two departments change and relate to the rest of the hospital staff? Can you mesh the two cultures in a way that ultimately benefits the patient while preserving the expertise and autonomy of both departments? Can the objectives of both departments, as well as the institution as a whole, be brought into alignment? And what information is crucial to biomeds as a result of this evolution in health care?

“New regulatory compliance needs to be addressed as a big, if not main focus area, for BMET leadership,” says Jeffery L. Kabachinski, MS-T, BS-ETE, MCNE, Director of Technical Development with ARAMARK Healthcare Clinical Technology Services. “This is unprecedented – never before have hospitals and health care providers been seen as medical equipment manufacturers.”

Who’s the Boss?

Some biomed departments have a reporting responsibility that now goes up to the CIO. One area of development in the evolution of IT and biomed departments is the potential for scrutiny of the reporting structure. “There are numerous different reporting structures for CE, many times through facilities management, usually ending up under a COO or possibly even a CFO,” says Derek Brost, CISSP and Chief Security Officer for eProtex.

“The commonality between operational IT and CE are recognized as service management disciplines,” Brost says, “so the possibility exists for integration within a leadership and reporting structure, such as a CTO or a COO. Informatics and IS development resources will likely always fall under a CIO or CMIO, but the possibility exists for unification in the shared service space. There are many aspects of improved service management CE can learn from IT and vice versa.”

“I know many biomed directors that have asked for such an alignment as it gets them closer to the funding line, although facilities management, where a lot of them are aligned currently, are modern and up to date they do not share the interest level for technology of electronics and medical devices,” Kabachinski says.

“I see it as a big opportunity for the industry as a whole. As you start to get the biomedical groups reporting to the CIO, it’s really the ability to take that real time biomedical information and the normal part of care information and combine that together,” says Keith M. Glassford, Ph.D., chair of the HIMSS Data Management Task Force.

“One of the interesting things that HIMSS did this year was start a new clinical business intelligence committee to help drive this area forward in the industry. It really kind of brings that together. How do I take this real time biomedical information and how do I combine that with my normal IT, because most IT CIOs, CMIOs – they’re really focused on meaningful use.”

“How do get that taken care of? At the same time, you have got all of these other initiatives that are coming together,” Glassford says. “The CIO can bring these two areas together in real time and integrate the connectivity of biomedical devices and information systems and take that information and provide it to the nurse at the bedside, to the physician and manage the patient in real time. I see the CIO as a key player to leverage your traditional enterprise data warehouses for clinical information and the new biomedical devices which provide real time information for physicians to manage the health of the population.”

What Can You Do?

As technology marches on, training on networks, security and wireless technologies are skills that are applicable across myriad professions. The biomed shop is not exempt. “For the biomed – my recommendation for the past 15 years or so (yes, this has been going on for at least that long) is for the biomed to stay plugged into what’s going on at the IT side of the business,” Kabachinski says. “Listen for strange acronyms and look them up later as most of them are anticlimactic – and are things you know about under a different name.”

“Create a baseline of IT skills useful in the health care industry. Everything going on in the world under the ‘IT umbrella’ may not apply to health care IT. It you create a foundational knowledge level, you can drill down to the details when needed. Take a look at the NETWORK+ certification – that would provide a well-rounded baseline. Be aware though that not all you’ll learn in N+ (short for NETWORK+) will apply to health care IT.

If that’s not enough, Kabachinski recommends getting the A+ certification. “You don’t need to take the test – but the educational objectives listed for these two CompTIA certs would give you a good list to study,” he says.

“Biomeds need to understand the increasing role of medical devices on the network, which requires network technology experience as well as new troubleshooting skills,” Brost explains. “Furthermore, medical devices on the network will increasingly become more integrated with emerging EHR initiatives in charting and patient data interchange, so biomeds will need to understand what role the devices and they themselves will play in further integration requests.”
Brost says biomeds should also be informed about the switch to ICD-10 coding standards. “Biomeds should understand what this means for the systems that integrate ICD-10 coding by way of DICOM / HL7 protocols. Any issues which may arise, particularly on legacy systems should be identified by informatics staff and biomeds should attempt to be kept in the loop.”
Brost emphasizes the importance for biomeds to understand every element of networking and communication, including hardware, software and the protocols required for proper connectivity.

“As medical devices become increasingly attached to enterprise HIT networks, biomeds will be best served by having this thorough, end-to-end knowledge themselves rather than differing to the vendor, IT or leaving it blowing in the wind. This skill set will also enhance their value to the service organization if or when CE/IT department integration occurs.”

Certification programs can help IT professionals and biomeds prepare for changes ahead. The AHIMA Health Information Technology Professional certification and the HIMSS CPHIMS (Certified Professional in Healthcare Information and Management Systems) certification are two good examples.

The evolution in health care technology doesn’t just require clinical engineers to be more familiar with networks and security – it requires the IT department to understand the biomed’s domain. “When they do a security risk assessment, they have to include medical devices that are on their network and understand what they are, understand the implications of doing any kind of testing on the network when you have devices connected to it,” says Lisa A. Gallagher, BSEE, CISM, CPHIMS/Senior Director, Privacy and Security, HIMSS.

Security’s Myriad Meanings

Security will continue to have a very different meaning in a hospital besides who walks through the doors. Network connected devices and electronic patient records are major game changers.
“Network security, or should I say – security, security, followed by security, from all angles. Once we get to real 4G levels (1G per second in ‘pedestrian mode’ not moving around very much) there will suddenly be millions and millions of new people logging on the Internet,” Kabachinski says. “This serves to the hackers and malware advertisers in terms of new people to steal identity from, and to hide behind. So if you have your head in the game in terms of IT security, shore up the castle walls and create a bigger moat – you’ll be avoiding trouble instead of inviting it.”

As the line blurs between IT and biomed, there are some general guidelines to remember. “This is occurring in a extremely ad hoc manner. There are no recipes to follow,” Kabachinski says. “A best practice for one organization may not apply or work for another. There are, however, plenty of resources for what to do in a merger – some of that kind of commodity type stuff would apply here as well. While some orgs are having “turf wars” defining the line of service ownership, others with a due diligence in planning and a focus on the end customer (patient) are finding that it is indeed possible to merge in a well-thought-out plan. It may not sway at the technician level – but at least you have a stake in the sand.”

Regulations Are the Impetus

Regulatory requirements are a major driver of biomed-IT integration. The security of networked medical devices will be under a microscope. Kabachinski suggests reviewing the International Organization for Standardization’s IEC 80001-1:2010 Application of risk management for IT-networks incorporating medical devices — Part 1: Roles, responsibilities and activities.
“This lists what is being regulated, and what you have to do about changes to the product (in this case your network). For any changes in the product, you need to assess the risk that change might bring when implemented. I foresee biomeds getting pulled into risk assessment teams – therefore, I’d advise staff to at least read the standard. If needed, look for specific training on what you’d be doing on a risk assessment team.”

Brost says another major regulatory concern is adherence to the Health Insurance Portability and Accountability Act (HIPAA). It’s important for biomeds to understand “how it may affect their process and procedures in handling medical devices which transmit, receive, store, and process protected patient information. At minimum, biomeds need to understand what devices in their inventory contain ePHI and what the proper handling methods for those devices are once identified.”

“Effectively following HIPAA regulations will require full cooperation and communication with IT, risk management, device owners, clinicians and more. CE cannot operate in a vacuum and cannot necessarily rely on the manufacturer to effectively enumerate or remediate the compliance risks present in medical devices and the health care provider environments.

And we mustn’t forget the regulatory giant. He advises that biomeds always get written permission from the manufacturer before making software or other modifications, and says that while many modern medical devices have interfaces similar to our home computers, they should never be treated as such. “In addition to proper handling under HIPAA, there needs to be an understanding of the proper handling of medical devices within the FDA framework. Many times a cavalier attitude can be adopted by CE and IT regarding the modification of software on a regulated device,” But in this particular scenario, Brost says it’s best to tread lightly.

K. Richard Douglas 1 Comment