Early warnings will result from connecting patient devices to EHR. Connecting to iOT products is MediMizer's first step into this arena. This permits the automatic gathering of data from iOT platforms (such as xxx). It is important to bring these product into inventory, and evaluate how patient data will be protected while allowing appropriate access to devices patient data. It is also important to evaluate how vulnerable a device is to tampering while connected to the internet.
https://www.24x7mag.com/standards/safety/cybersecurity/three-ways-boost-iot-security/?campaign_type=newsletter&_hsenc=p2ANqtz-9X0HO_2h2LSpow5cg-O-krQ8jHECZMcFSNZrMgHAehha6d83k5h0p7kuiUNlzbRoO6ZvmBJp6c7KFrlPxHSO-yrLL3KQ&_hsmi=78977003
https://www.nfmt.com/online/education/details.aspx?id=5224&&utm_source=NFMTInsiderMemberWeekly&utm_medium=email&utm_campaign=9/18/2019%2012:00:00%20AM&email=mark@medimizer.com#
https://medigate.pathfactory.com/c/cisos-and-the-transf?x=BEAKhD
https://medigate.pathfactory.com/c/medigate-honored-by-?x=BEAKhD
https://medigate.pathfactory.com/c/phi-access-avoidance?x=5meOeD
https://finance.yahoo.com/news/palo-alto-networks-completes-acquisition-201500324.html
https://medigate.pathfactory.com/medigate-newsletter-sep-2019/medigate-wins-iot-aw
https://medigate.pathfactory.com/medigate-newsletter-sep-2019/nchica-annual-confer-1
https://medigate.pathfactory.com/medigate-newsletter-sep-2019/medical-device-security-requires-clinical-expertise
Inventory of medical devices.
Predictive Maintenance?
Patient data in EHR
There are four typical events that drive the need for an inventory:
a) Implementation of new CMMS Application: the new CMMS system is only as good as its data.
b) Implementation and RFID/RTLS tags: The RFID firm will not tag every device, so have an Inventory Professional tag the equipment and perform an inventory audit simultaneously.
c) Outsourcing of Clinical Engineering Management: The CE firm needs to know the organization of equipment to assign the proper technicians
d) There is a discrepancy between the asset list and equipment on-hand: An organization has too many “Could Not Locate” and needs a refresh of their data.
The process you need to learn:
- Define Scope: Pre-planning is critical; accurately define included assets, excluded assets, and data to capture.
- Inform the organization that an inventory will be performed. Schedule sensitive/time-critical locations such as ORs and Cardiac-Cath for after-hours.
- It's best to use small teams for inventory. Floor plans are used to perform a top-to-bottom sweep of the facility, marking off every inventoried room until complete.
- Field Tech enters each room, identifies equipment in scope, scans each item’s property tag, and validates or updates descriptive data (facility, department, room, asset description, model number, model name, serial number, PM due date).
- To capture as many mobile pieces as possible, field techs visit Central Stores multiple times each day. They will also ask staff if they have any assets tucked away, and they will perform multiple sweeps of the facility.
Who Should perform the inventory?
1) Individuals that are familiar with and can identify equipment. These do not need to be Biomed Techs or Clinical Engineers; they just need to be trained in equipment identification.
2) Teams need to be consistent; you can’t have rotating personnel performing the inventory or the data will be inconsistent and inaccurate.
3) Small teams that do not overwhelm an area should perform the inventory. (3-4 max in a team).
They should be familiar with how hospitals operate.
5)The benefit of outsourcing an inventory is that someone guides the team in performing the inventory and efficiently completing the process. It also allows for the data to be consistent. The inventory would not be completed on time if personnel from the healthcare facility have other responsibilities. Hospital personnel typically get called away to perform their normal duties and find it difficult to return to inventory duties.
Lessons learned through thirty years of performing healthcare equipment inventories:
- Pre-planning is critical
- Communication is extremely important
- Scheduling sensitive/time-critical areas for after-hours works best
- Use floor plans to chart completed areas and areas that need to be returned to (access issues or quarantine)
- A good bedside manner is extremely important
- Nurses may be the world’s best hoarders
Need an extra hand?
Tim Michener is VP of Sales and Marketing at Asset Services, Inc. He can be reached at tim.michener@assetservices.com or via their website, https://assetservices.com/
Today cyber attacks are more common than we think and system hijacking or ransomware is a sensitive issue that institutions, companies, and especially hospitals have put on the table to take urgent cybersecurity measures.
It has been shown that the issue of cybersecurity is growing stronger and that it is now easier to protect personal use devices connected to the internet in order to protect our sensitive personal data. For health institutions, the real issue of cybersecurity focuses on patient information and the protection of the medical equipment network, cyber attackers always look for the vulnerability of the equipment to access the network, block access to their use and all the information that is stored in the equipment to then ask for a reward in exchange for the release, this delicate information is the key to keeping the patient safe and, without that information, patients are at risk.
According to Security Boulevard, at least one in five Americans was a victim of cyberattacks in their health care last year and are worried that ransomware make the movement again and affect their care, also a third of the persons who were interviewed are thinking to switch providers.
If you want to protect your medical equipment network from ransomware, the first step to take is to have a good management system with an extended inventory of the pieces of equipment that includes equipment digital persona, data security fields (Bluetooth, USB interfaces and ePHI) and, a model control profile. By having a centralized management system, you will be able to monitor the technology that are vulnerable to this type of situation, identify the constant failures, administrate the maintenance cycle, and which equipments are affected before, during, and after a cyber attack.
Call the manufacturer: medical equipment needs patches every certain time and unlike a computer, they do not automatically download and install, so you need to ask your provider for the patches available for your equipment, this is a really hard task for the Clinical Engineering department since in a hospital there can be thousands of equipments and not all will be of the same brand or manufacturer but with the last update of “right to repair” law, clinical engineers will be able soon to get the patches from the manufacturers and install them themselves with a faster response time, the only little obstacle will be the OEM since all installations, patches, and other endpoint security solutions for medical technology need to have validation by they first.
TI department and CE department need to make a good team evaluating constantly all the medical technology and prevent every vulnerability they will found on medical equipment, update all the patches available and management maintenance cycles, protect leaks of ePHI data and always keep an eye on the alerts and in this way hackers will have no opportunity to attack the network or at least it will not be easy.
Our CMMS MediMizer has integration with ASIMILY, a smart solution for the IoMT risk management where you can correlate the data based on several parameters to enrich inventory, initiate automatic remediation of vulnerabilities detected, and plan activities.
The results of 3D printers have been impressive for years, but printing human tissue is the next step for NASA. The two finalist teams from the Wake Forest Institute for Regenerative Medicine, aimed to create human organ tissue in a lab, this had to be similar enough, strong and durable for at least 30 days, and they achieved it, an advance for the study of artificial organs and bioengineering.
The teams had to take two different approaches and methods to replicate a functional tissue that fulfilled all the functions of a human tissue, in the end they both agreed to print it in three dimensions. A study of this magnitude allows us to take the next step towards the creation of functional organs for transplantation.
Laura Niklason, a professor of anesthesia and biomedical engineering at Yale University, stated, “The biological effects of low gravity are becoming more and more important, especially as the world is considering private and commercial space travel, and this is a great tool to help us understand it.”
NASA has a breakthrough in studies of the creation of organic tissue under microgravity and with this collaboration, they are one step away from solving the long waiting times that patients have to receive an organ, as well as more alternatives to regenerative and tissue medicine.
The winning team of the challenge will have the opportunity to continue their research on the International Space Station (ISS) as well as a bonus of $300,000. They certainly have an exciting and difficult task for the future of artificial organs.
MediMizer is an independent biomedical and facilities software company that developed the leading CMMS or “computerized maintenance management software” used for clinical engineering, biomedical engineering, facilities, environmental departments in hospitals as well as the biomedical service organizations that service hospitals.
PartsSource is the world’s largest provider of medical replacement products and services, with over 4 million parts and services that extend across more than 3,000 suppliers in the industry. PartsSource partners with leading healthcare organizations to maximize medical equipment uptime and utilization through the only comprehensive managed service designed to empower clinical engineering leaders with the people, processes and technology to achieve high-performance HTM.
Clinical Engineers and Technicians can spend significant amount of time during their day shopping for parts. To streamline the part sourcing and purchasing, MediMizer and PartsSource have created a Lite integration between the MediMizer CMMS and PartsSource.com. This integration provides your biomed technicians with a simple, single-click access to easily find and source parts and equipment they need to repair and improve equipment uptime.
The Lite integration provides clinical engineers with easy access to the parts and services from within MediMizer’s work-order or inventory features. By providing integration from MediMizer to PartsSource.com, your biomed department can:
The Lite integration provides a simple search capability between systems without any IT or connectivity challenges. Customers using the Lite Integration will get an immediate pathway into the search experience in PartsSource.com. The standard integration is a much more robust integration designed for enterprise customers that would like to connect the CMMS more extensively and PartsSource products. The standard integration supports SSO (Single Sign-On) and can share additional data sets including part cost and purchasing data between systems for advanced reporting but requires additional IT resources to implement.
To help ensure that you get the best possible pricing for the parts you are purchasing, MediMizer has created reports that you can send to your PartsSource rep and obtain their help negotiating the price. You can access these reports and next steps information by going to the “Parts” section and clicking on the “PartsSource” submenu.
Technicians can search the PartsSource.com catalog for products without registering. However, to purchase products, technicians will need to register. Registering with PartsSource is fast and easy. Technicians can register with us once you click on the quick link in MediMizer or by going to the PartsSource website here: https://www.partssource.com/register. You simply insert your basic contact information and you are all set.
No, it is completely free to register with PartsSource.
PartSource’s Customer Care team members are dedicated to providing support to our customers across a variety of help topics. You can speak to a customer care representative with questions about registering and/or our suite of products and services, by calling: 877-497-6412.
MediMizer’s Support department is available to answer any questions you have about this new feature. You can reach them via phone, by calling: 760-642-2008 or by emailing: Support@MediMizer.com
TJC The Joint Commission Covid Masks Ventilators regulations
TJC Joint Commission, minimize spread of Covid-19 into healthcare facilities
ECRI Free resources to Medical Facilities for Covid 19 response
AAMI Covid resources for Healthcare (list)
Plasma Donations during Pandemic
FDA Covid site - Masks, Emergency use regulations
WHO Covid main page Covid Timeline
National US Coronavirus information
John Hopkins Hospital Covid information Coronavirus MAP
Cleveland Clinic Covid information
Mayo Clinic Covid Coronavirus Information for Patients (Example Site)
State of New Jersey Covid Coronavirus website
State of Massachusetts Coronavirus Covid information
State of Pennsylvania Coronavirus information
State of California Covid Coronavirus website
State of Illinois Covid Coronavirus website
State of Florida Coronavirus Covid website
State of Louisiana Coronavirus public health
State of Texas Coronavirus response
The FDA has not seen any evidence of any cyberattack on an in-use medical device but knows they might be "impacted". Laboratory testing has shown the ability to hack medical devices. According to United Press International, the FDA has issued five product-specific safety communications since 2015 on cybersecurity vulnerabilities. The problems were found in Abbott's implantable cardiac devices and implantable cardiac pacemakers, Merlin's home transmitter of implanted cardiac devices, and Hospira's and Symbiq's infusion systems.
Commissioner Scott Gottlieb, M.D. announced the release of a cybersecurity “playbook” to assist health care delivery organizations, as well as the signing of two memoranda of understanding to promote information sharing, preparedness, and response around cybersecurity risks. The book was prepared by MITRE Corporation for the FDA. The full title is “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook.” The MOUs cover plans for the sharing and distribution of information about threats. The Department of Homeland Security is one agency that shares information with the FDA and performs simulations and post-event reviews that assist the FDA.
Part of the playbook presents exercises to help staff recognize a cyberattack in an emergency. Learning what actions to take during the cyberattack is the goal after recognition.
MediMizer Software helps the HTM community by offering full IT/HIPAA/Cybersecurity documentation for the patient equipment.
"The hospital has a library of information regarding inspection, testing, and
maintenance of its equipment and systems.
Note: This library includes manuals, procedures provided by manufacturers,
technical bulletins, and other information."
10.5.3 Servicing and Maintenance of Equipment
10.5.3.1 The manufacturer of the appliance shall furnish documents containing at least a technical description, instructions for use, and a means of contacting the manufacturer.
10.5.3.2 The documents specified in 10.5.3.1 shall include the following, where applicable:
10.5.6 Record keeping – Patient Care Appliances
10.5.6.1 Instruction Manuals
10.5.6.1.1 Instruction and maintenance manuals shall be accessible to the group responsible for the maintenance of the appliance
10.5.6.1.2 Instruction and user maintenance manuals shall be accessible to the user
10.5.6.1.3 Any safety labels and condensed operating instructions on an appliance shall be maintained in legible condition.
10.5.6.2* Documentation
10.5.6.2.1 A record shall be maintained of the tests required by this chapter and associated repairs or modifications.
10.5.6.2.2 At a minimum, the record shall contain all of the following:
10.5.6.3 Records Retention. The records shall be maintained and kept for a period of time in accordance with a health care facility’s record retention policy.
The FDA is charged with improving the safety of reused devices.
According to the FDA, "Reusable medical devices are devices that health care providers can reuse to diagnose and treat multiple patients. Examples of reusable medical devices include surgical forceps, endoscopes and stethoscopes." and "Reducing the risk of exposure to improperly reprocessed medical devices is a shared responsibility among various stakeholders. This includes the FDA; manufacturers responsible for providing adequate reprocessing instructions that are user-friendly and proven to work; health care facilities responsible for cleaning, sterilizing or disinfecting the devices; and other organizations"
FDA list of higher risk reusable devices 510 k submissions for these devices have to be very detailed in outlining their plans for safety.
AAMI has held joint conferences with the FDA and has publications to assist the industry. "AAMI TIR12:2010, Technical Information Report. Designing, testing, and labeling reusable medical devices for reprocessing in health care facilities: A guide for medical
device manufacturers" has a title long enough to describe its contents.
AAMI website
This single matrix is now used to evaluate risk instead of various criteria that varied by EP. It is a simple 3 level risk evaluation relative to a 3 level scope. The new evaluation has no effect on events that are an immediate threat to life and therefore this is shown above the matrix.
Placement on the matrix is based on surveyor experience, definitions, context and team discussion. "Anchors" are specific examples which have been compared to a pain scale indicating the examples have various levels of severity. We read one report that a "library of anchors" will be produced by TJC over time. (Compass Clinical Consulting, Feb 20, 2017)
If there is an ITL (Immediate Threat to Life), the organization has 72 hours to eliminate the ITL. If it can not be eliminated in that time, an emergency plan that can take up to 23 days (including the 72 hours) to complete.
In all other cases, there are 60 days to show evidence of compliance, including Who, What, When and How.
For non-compliance in the red or dark orange regions, the evidence much also include leadership involvement and preventive analysis. Also these will be consider for special consideration in future surveys through the next full survey.
Leadership involvements looks first at the sustainability of changes and support from the top levels of leadership. Examples give of support are providing resources, speaking out on behalf of the change and establishing plans for period measurement of and reporting on the changes.
Preventive analysis assures that the corrective action is global and not only a solution for the specific case. The analysis reviews underlying reasons. The focus is in preventing future incidents.
The SAFER matrix applies to the entire organization and results will be included in the report as the EC (Environment of Care) rules cited displayed on the matrix. If examples or one EP fit into more than one risk group, it will appear in the most severe group.
Initial evaluation (June 2016) roughly estimated about a fifth of findings were in the widespread and about 2/5ths were limited. The JC Extranet site further defines Likely as harm that can happen at any time without any contributing factors. Moderate likelihood may require other contributing factors or conditions.
(Key Sources: Presentations by George Mills and Caroline Heskett of The Joint Commission 2016-2017)
