Our Connected World and 21st Century Medicine

Can your insurance company figure out when to send a nurse to your aging parents living far away? Can a pathologist remotely access their lab results for a second opinion? Should you be worried someone might hack into their medication delivery pump? How is big data being used to develop that medication?

IIT AGNE conducted a fascinating panel discussion on the world of connected devices and big data; the differences they are making in the healthcare community, as well as the new security challenges that arise.

The event which was held on May 21, 2016 at the Cambridge Innovation Center included Moji Kashef, Senior Manager - Software Development / R & D, BD Medical; Yogesh Shinde, Vice President, Technology Engineering, OptumInsight / UnitedHealth Group and Shekhar Wadekar, Managing Member, coSlide LLC.

Moji Kashef started off with a description of the new security challenges that arise when medical devices and software are combined together in novel ways that open up vulnerabilities not seen before. Devices such as insulin pumps and pacemakers are implanted in millions of patients and are accessible to hackers in ways that are unforeseen. Commonly used medical equipment, such as intravenous pumps, is now network enabled to track location and for control.

These devices include firmware embedded with a processor and flash memory, which contains information on the development organization and process. They may be communicating with healthcare providers via smartphones or other intermediate devices using NFC techniques. It is possible to pull them apart and access the firmware to reveal vulnerabilities that can be used to either damage patient health or the organizations that develop them. In addition, it is possible to use “man in the middle attacks” to interpose between the device and the network. For example, it might be possible for hackers to make thousands of pacemakers malfunction and effectively overwhelm the healthcare system; and to increase medicine dosages to dangerous levels for individuals.

Hence the product development of medical devices has to recognize these security challenges and deal with them in a comprehensive framework to prevent nefarious attacks that exploit these vulnerabilities. The measures that being undertaken include development of cybersecurity standards that identify the risk factors and set standards for software validation that must be met for device certification, which take into account the usage and patient environment for each device that lead to “profitable” hacking scenarios; and the systematic use of gap analysis to identify vulnerabilities and mitigate risk factors via development and testing.

Shekhar Wadekar drew attention to the impending shrinking supply of pathologists. The pathology field has not seen substantial innovations compared to other medical fields in recent decades. As a result, the interest among new medical students to enter pathology has been dwindling. Given a large number of pathologists in their 50’s, the shortage will hurt patient access to laboratory as these pathologists start retiring. This will cause a scale and distribution problem in healthcare where doctors and nurses are located in some places and spread thinly in others; and the number of healthcare providers will not be adequate to serve a growing world population. For example, there may be thousands of pathologists and radiologists in a large city like Boston or Mumbai, but very few just 50 miles outside the city. The number of providers for the population may be very low and they may not have the access to specialized or current information to provide for all the patients under their care.

Technology is going to play a critical role in the solving these problems that will grow in the 21 st century as the world population increases, especially in India and China. For example, a specialist sitting in a large hospital center can be called on to review the scans from a patient living in a remote area or a doctor in a remote area can look up data on patients similar to his patient to find out how they have fared and compare treatments. New systems like IBM’s Watson can be used to look for patterns in diseases and treatment outcomes across millions of patients, look into the literature for possible treatments. Educators can use these systems to better prepare their students for a world where healthcare resources are going to be increasingly scarce to provide for a large population.

Yogesh Shinde described the new role of big data in healthcare, where insurance companies and providers have access to detailed information on millions of patient “lives” and can run analytics on them. For example, Optum has access to tens of millions of patient lives and can look for patterns that help them identify patients at higher risk of health problems. In particular, it is found that a small fraction of patients accounts for most expensive healthcare treatments.

This can lead to new forms of medical interventions, such as home visits, to stave off lengthy and expensive hospital stays, especially for chronic diseases such as diabetes and heart conditions.

Yogesh also talked about the challenges that arise from collecting data on a large scale from patients, which are only going to grow as hospital systems implement electronic health records and collect information from medical devices at a fine grain level. Data security is a critical concern, since patient information is extremely valuable and is specific to the person, hence stolen healthcare data is worth 40 times stolen credit data information.

In addition, large scale data requires manual steps to prepare it for analysis, such as anonymization and error detection.

Different analytics models then need to be run to detect patterns and identify anomalies, which again need to be reviewed. There is a need for automation and the use of machine learning to prepare data, run data analytics and identify patterns. Optum has a division called Optum Labs in Cambridge that is working on methods and techniques in this area.

The follow on discussion revolved around security concerns and how they can be effectively mitigated by different measures as well as how the new methods under development can be applied in the Indian context.