Less haste, more speed: Robust risk-benefit analysis needed

Posted on 12 February 2012 by admin

Rapid response to BMJ letter Doctors taking a pulse using their mobile phone can spread MRSA by our CEO.

The authors of a recent small study on the contamination risk associated with mobile phone usage in a clinical environment[1] should be congratulated for their contribution to the broader topic of appropriate use of mobile devices in healthcare. More studies like this are needed to develop a comprehensive understanding of the use of this technology, the risks involved, the mitigating actions that can be taken, and the costs associated.  This should then be balanced with the benefits that greater adoption of wireless technology can bring to the health system as a whole, with the ultimate goal of developing evidence-based, practical guidelines for its safe and proper use.

Developing such guidelines is no simple task. Bacterial contamination represents just one risk type associated with wireless device use in healthcare[2]. Wireless devices are multifunction devices amongst a plethora of high and low technology alternatives (PCs, pagers, landlines phones, wristwatches, books, paper and pen etc.) and should therefore be considered in this context.

However we agree with recent calls that guidelines should be developed as a matter of urgency. Our 2010 survey showed that over 80% of UK doctors own and use a mobile phone at work[3], and recent research has shown that between 9-25% of mobile communication devices used in hospitals are contaminated with pathogenic bacteria[4]. Further studies have shown variable knowledge and understanding of infection control protocols[5], and that 90% of healthcare professionals have never cleaned their mobile phone[6].

It would therefore seem appropriate for any such guidelines to advise healthcare professionals on how to decontaminate their wireless device, and at what frequency, especially as many devices fulfil a dual role supporting professional use at work and personal use at home. Existing literature suggests the efficacy of alcohol based solution over ultraviolet irradiation[4]. By logical extension, the use of hands free technology may be advantageous as this reduces the number of touches and the proximity of the device to the face. Further, devices that incorporate fewer switches or keys as part of their design (i.e. touchscreen technology) may prove easier to clean, while anti-microbial cases and covers may be prudent accessories.

Finally, for those readers that caught sight of the original article via the byline of “Unhelpful apps”, we recently published a report [7] that serves as a primer for those interested in producing or using health apps and how to mitigate the associated risks.

1. Morris TC, Moore LSP, Shaunak S. Doctors taking a pulse using their mobile phone can spread MRSA. BMJ 2012;344:e412
2. Visvanathan A, Gibb AP, Brady RR. Increasing clinical presence of mobile communication technology: avoiding the pitfalls. Telemed J E Health 2011;17:656-61.
3. Nolan T. A smarter way to practise. BMJ 2011;342:d1124.
4. Brady RR, Verran J, Damani NN, Gibb AP. Review of mobile communication devices as potential reservoirs of nosocomial pathogens. J. Hosp. Infect. 2009; 71:295-300.
5. Brady RR, McDermott C, Cameron F, Graham C, Gibb AP. UK healthcare workers’ knowledge of meticillin-resistant Staphylococcus aureus practice guidelines; a questionnaire study. J. Hosp. Infect. 2009;73:264-70.
6. Ulger F, Esen S, Dilek A, Yanik K, Gunaydin M, Leblebicioglu H. Are we aware how contaminated our mobile phones with nosocomial pathogens? Ann. Clin. Microbiol. Antimicrob. 2009;8:7.
7. d4. The regulation of health apps: a practical guide. http://www.d4.org.uk/research/ January 2012.

Share
Posted in News, Research | Tagged , , , , , , , , , , , , | Leave a comment

Insufficient clinical involvement in health app development

Posted on 9 February 2012 by admin

A new paper accepted for publication in the British Journal of Dermatology calls for greater clinical involvement in the production of health apps.

The authors of the paper, titled “Medical Professional Involvement in Smartphone Apps in Dermatology“, analyse the descriptions given for dermatology apps found in four public app stores, and find that direct references to healthcare professionals’ involvement are lacking in 67% of cases, calling into question the safety and reliability of apps for diagnostic purposes, among other risks.

The paper concludes that simple measures should be introduced to improve the accountability of health apps, including authorship, regulatory approval, quality marks and external review.

The paper is certainly well timed, following the recent publication of the d4 paper “Regulation of health apps: a practical guide“, a new MEDDEV regarding standalone software as a medical device, the appointment of a new Dirctor of Medical Devices at the MHRA and the annoucement that Happtique plans to provide an independent review process and quality mark for health apps.

Share
Posted in Education, Evidence, Research | Tagged , , , , , , , , | Leave a comment

O2 privacy failure: is your mobile number being shared when browsing online?

Posted on 25 January 2012 by admin

An alarming story has emerged over the last 24 hours for mobile phone customers on the O2 network (potentially including MVNOs GiffGaff and Tesco Mobile that piggy back on O2):

Your mobile phone number may be disclosed to internet servers when browsing websites from your phone.

Check out this page to test this for yourself (make sure you turn off WiFi so that you’re definitely connected via your provider’s network).  It’s not believed to impact Vodafone, Orange, T-mobile or 3 customers, and may be dependent on which APN you use for your data connection (e.g. pre-pay vs. contract customers).

Expect more news on the story from Charles Arthur at the Guardian and via Lewis Peckover’s Twitter feed.

[Update at 3pm UK time: story now covered by BBC, Guardian, Wired etc. - you heard it here first!]

[Update 2 at 7pm UK time: O2 apology and FAQ via their blog and Information Commissioner's Office pursuing alleged data breach]

Share
Posted in News | Tagged , , , | Leave a comment

Tech frustrations of a NHS surgeon – guest blog

Posted on 19 January 2012 by admin

[This week's blog is from a surgeon working in the NHS who has kindly agreed to share (vent?) his technology frustrations.]

A little bit of back ground first. I am a 32 year old, born in the era before the internet, very much before Twitter and Facebook, when a modem was analogue and for hacking in to the Pentagon in movies! My first piece of proper computer technology was an old Compaq 386 desktop with a VGA monitor that could display 256 colours. How everything has changed! We take it all for granted: I am typing this on a tablet with a Bluetooth keyboard.

I am a self confessed technology lover, the more complex it is and the more I can tinker, the more I want it. My current obsessions are (even if I don’t understand them!) Android everything, XBOX Kinect, arduino and 3D printing. Now you probably think I’m some IT geek or something like that, but alas no… I am a doctor.

Medicine and the NHS are a bit like an old National Trust house: something to be proud of, with people who love it and work hard to keep it going. Unfortunately just like an old house, it often costs us more to keep it up to date than we can afford.

This is where the juxtaposition of cutting edge technology and the NHS collide. I am an orthopaedic surgeon, and as far as medical specialties go, we love our gadgets. It’s all power tools and mechano sets! A great place for innovation and new technology. But this is where I get frustrated. Like any huge expansive organisation with too many people ‘in charge’, red tape is everywhere. Let me give you a recent example.

I had an idea after much internet trawling and research to take a Microsoft XBOX Kinect and use it to control our computer in theatre to manipulate digital X-rays hands-free whilst sterile. I bought all the bits myself and trialed it at home to make sure I could do what I wanted to do. Bingo! It worked. All in it only cost me £100. The next day I stepped in to the operating theatre and proceeded to plug in the Kinect to the rather ancient looking Dell Pentium D desktop with a 17inch LCD monitor (bear in mind this is a brand new hospital open just 6 months). Security policies reject the USB connection to the Kinect. My USB memory stick is not encrypted and therefore rejected.

First hurdle and I’m on my face! Next I get a word in my ear that even if it had worked I would not physically be allowed to plug in the Kinect power-supply in to the wall socket. A commercial product made by one of the biggest companies in the world and I need to get it safety tested first. It’s a wonder I have not burnt my own house down thus far without getting every product I own safety tested!

Not wanting to give up I went ahead and attempted to jump through the hoops put before me. First stop IT. To my shock they were very helpful and found a fellow geek who agreed to set everything up and circumvent the security policies and install my drivers.

[Ridiculously, he also highlighted that security in the hospital network was 'perceived security': pointless barriers to those who are the least computer savvy. Anyone really wanting to do bad things to the network with an ounce of tech knowledge could have the run of the system, as he highlighted by plugging his own Macbook in to an ethernet port in the wall. Completely unrestricted, unproxied, non MAC filtered internet from an NHS connection. You didn’t need to even get at technical as that. Simply un-clicking the “Use proxy” in Internet Explorer settings turns off the filtering!]

Back to my story. Drivers now installed and USB ports unblocked, I still had to make sure the Kinect would not somehow short circuit the hospital and tried to get it safety tested. Easy? NO. The hospital had no obligation to safety test as it was not a device owned by the hospital. So the fact I had not asked for funds from the NHS to buy this device for research, actually hindered me using it. Eventually I convinced someone to look at it: this involved the case going in front of a group of managers to decide if it needed to be safety tested. After this meeting, I was given the all clear and the device was then adorned with a little green sticker with TESTED on it! Whoop!

The research has gone on to be a success and works well. It was just a very convoluted and overly complicated process to have to navigate through. I understand the NHS, when dealing with patient information, has to be very careful, but I don’t believe it really is. It looks like it is, but as my example of the network restrictions above shows, it’s all a bit superficial, blocking things that don’t need to blocked and not those that do.  Here are a few more examples:

  1. No USB sticks that are unencrypted can be plugged in to a computer in the NHS. I think this is a pretty standard circumstance across most of the country – it stops data being taken off the network and lost or left on trains. I would be happy to comply with this if I really thought it made things secure.  BUT, guess what?  This preventative technology doesn’t work on NHS Pentium Ds running Windows XP…
  2. Cloud storage anyone? You can happily upload on to Dropbox, Google Docs etc. – IT know you can, but as long as it seems secure, it’s ok…
  3. It’s not permitted to make digital copies of clinical images and send these to another hospital over the NHS network.  But you can put a printed photo in the post instead! Where did I put my carrier pigeon…

It has now got to the point with security in the NHS that there is an assumption that we are all evil doers just lurking to send patient information out of the system! It’s ironic that I am trusted to cut someone open and listen to all their most intimate problems, but not allowed to put a USB stick in to a computer just in case I feel the need to upload the X-ray archive to Facebook. The world is moving on: smartphones are everywhere and we need to embrace this technology and use it.

The rest of the world is as I observed at the eHealth Live show in 2011. To be able to have a tablet on a ward round with access to the patients GP records, their medications, X-rays and blood results would be such an advantage. Why don’t we? Because of money.

I think an “integrate your own technology at work” scheme should be born. Now with open web standards, platform independent applications and VNC we should be allowed to utilize our own technology for the patients benefit. Almost every orthopaedic surgeon I know has an iPhone or Android phone. We have more technology in our pockets every day than that dusty Dell PC in the corner.

Now where’s that National Trust sticker, I might just put it on the entrance to the hospital…

Share
Posted in Education, Evidence, Use Cases | Tagged , , , , , | Leave a comment

App regulation one week on: MHRA, MDD and NHS in the spotlight

Posted on 18 January 2012 by admin

So it’s been a week since we published our document Regulation of health apps: a practical guide alongside the news that the Mersey Burns app has been released – the first app manufactured and CE marked as a Class I Medical Device in the UK.

And what a week it’s been.  On the whole our report garnered some positive press and the report has been downloaded over 500 times already – thanks to some great coverage on TechCrunch, MobiHealthNews, GPonline, PharmaPhorum and PMlive to name just a few.

But what we didn’t anticipate two separate but somewhat related stories occurring immediately afterwards.

What is the role of the MHRA, and does the MDD go far enough?

The PIP breast implant scandal, which has been rumbling some time now, has turned to focus on the role of the MHRA under the EU Medical Devices Directive.  For more see the Lancet (A serious regulatory failure, with urgent implications and The scandal of device regulation in the UK), the Telegraph (Breast implant scandal ‘inevitable’ due to MHRA failings: Lancet) or listen to yesterday’s Today program on BBC Radio 4 (Medical device rules ‘not fit for purpose’).

The avenues for discontent with the current state of affairs can be summarised as follows:

  1. The UK’s Medical Devices Agency (a pre-cursor to the MHRA) should never have been disbanded in the first place
  2. The delegation of certifying Class II and above medical devices from a Competent Authority to Notified Bodies has proven unsatisfactory
  3. The Medical Device Directive results in regulation that is too reactive in approach (i.e. intervene only when problems with medical devices are reported), rather than proactive (i.e. intervene when potential problems with medical devices are identified).  The FDA certainly wields power in the latter form – the Mobile MIM app is a good case in point.

It will be very interesting to see how the MHRA and the Department of Health respond given the power of the PIP story – watch this space for a knee-jerk reaction.

Data security and information governance

Our mission at d4 is to improve patient care by placing modern technology in the hands of doctors, nurses and health professionals.  We recognise that data security and information governance are critical topics in IT – placing this in the context of healthcare and mobile raises the importance further.  One of the aspects of this is therefore how organisations manage risk – our latest report looks at the risks presented by apps in particular and provides ways to mitigate these.

Therefore you can understand why last week’s headline in the Guardian (NHS warns staff over tablet security risks) caught our eye.  According to the article, NHS Connecting for Health have advised staff that “these devices are inherently less secure than more traditional technology.” The ‘Good Practice Guidance’ lays out various considerations according to the article – we’re asked the CfH for a copy so that we can understand the guidance in full, but are yet to receive a reply.

All very well, until you recognise that in the very same week Brighton and Sussex University Hospitals Trust are fined £375,000 by the the Information Commissioner’s Office for failing to destroy hard drives containing sensitive patient data.  It’s hard to take the NHS seriously on preaching information governance standards for personal devices when it can’t even get the basics right.

Updated guidance on standalone software under the MDD

We referenced in our report that new formal guidelines (a MEDDEV) are expected soon.  The BSi have now confirmed this, but the document itself is yet to be formally named, numbered and published.  We’ll keep you posted. [Hat tip to Erik Vollebregt at the medicaldeviceslegal blog.]

 

Share
Posted in News | Tagged , , , , , , , , | Leave a comment