2222222222

Risk Insider: Jeff Driver

Hooba-Dooba! Digital Health Care Reality: Part II

By: | August 15, 2017 • 4 min read
Jeff Driver is the Chief Risk Officer- Stanford University Medical Center and the Chief Executive Officer - The Risk Authority, LLC. He can be reached at [email protected]

As discussed in Part I, digital health care use is on the rise, and while in many ways rewarding, is not without risk. At TRA Stanford, we identified cyber security, misdiagnosis, and informed consent as three pressing issues risk managers will face.

Cyber security: As medical devices are increasingly connected to the internet, hospital systems, and other medical devices, there is a higher risk of hackers collecting sensitive information, or worse, interrupting “life critical systems” that protect human life.

Advertisement




In 2015, the FDA and Department of Homeland Security provided a warning that medical devices could be tampered with by hackers.  Devices, such as IV pumps, could be accessed remotely through a hospital’s network which would allow an unauthorized person to control the device and change the dosage of medication delivered to the patient.  The vulnerability is the same for digital health apps and wearables.

A variety of clinical risks may arise through the use of digital health apps.  One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps.

The risk mitigation strategies between medical devices and the devices used to transmit or receive data through digital health apps and wearables are very similar. Due diligence efforts should ensure that digital health apps are provided through HIPPA compliant platforms and appropriate security measures are in place. Some measures include, for example, a technology backbone and infrastructure to support the function, remote device integration with real-time data sharing, reporting and cross data correlation; interoperability, data analytics and big data management, and privacy and security. A thorough risk analysis of all potential vulnerabilities is indispensable.

Misdiagnosis: While rife with potential for preventative health care, many apps have been developed without being validated for diagnostic accuracy or utility using established research methods. The use of digital health apps and any technology requires an overhaul of existing processes and procedures, as well as a process to evaluate and revise workflows. The following due diligence may help mitigate operational risk related to validity and ethicality:

  1. Research whether the app does what it says its going to do. Developers should be able to provide information about testing and provide disclaimers that their apps are not medical devices and are not approved by the FDA, when applicable.
  2. Prepare the patient, practitioners and organization to utilize the digital health app.
  3. Carry out a mock trial run of a patient encounter utilizing the technology before it is actually incorporated into patient care.

Informed consent: A variety of clinical risks may arise through the use of digital health apps.  One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps.  For example, patients may be given a code to download a specific app.  When the patient downloads the app, does that mean the patient consented to the use of the app?  Of course the clinician should complete the risk and benefit conversation with the patient, but when is consent complete?

Advertisement




Clinicians should follow existing guidelines for informed consent and revise the process as necessary to conform with the unique nature of incorporating technology into patient care.  There are multiple criteria for informed consent that are applicable to this process, such as:

  1. Evaluating and documenting the patient’s competence to understand and to decide.
  2. Voluntary decision-making.  This is important because the patient should not be coerced into using this technology if he/she does not want to.
  3. Disclosure of material information is a key component of the consent process. It should be clear to the patient how the information gathered will be used in their treatment plan.
  4. The patient should expressly, in writing, authorize the plan.  The plan should include when and how the patient should access the digital health app, and a process should be in place to follow-up with the patient to determine whether the patient has accessed the app at the designated time and whether the patient has been able to utilize the app as intended.

Digital health apps will quickly become a regularly used tool to complement existing patient care practices.  There are many upsides to the risk, including more expeditious care through transmitting information in real-time, greater patient satisfaction, greater practitioner satisfaction, chronic disease management, and opportunity for competitive advantage. There are potential risks, too, but these risks can be effectively managed when proactively identified.

More from Risk & Insurance

More from Risk & Insurance

Risk Management

The Profession: Curt Gross

This director of risk management sees cyber, IP and reputation risks as evolving threats, but more formal education may make emerging risk professionals better prepared.
By: | June 1, 2018 • 4 min read

R&I: What was your first job?

My first non-professional job was working at Burger King in high school. I learned some valuable life lessons there.

R&I: How did you come to work in risk management?

After taking some accounting classes in high school, I originally thought I wanted to be an accountant. After working on a few Widgets Inc. projects in college, I figured out that wasn’t what I really wanted to do. Risk management found me. The rest is history. Looking back, I am pleased with how things worked out.

R&I: What is the risk management community doing right?

Advertisement




I think we do a nice job on post graduate education. I think the ARM and CPCU designations give credibility to the profession. Plus, formal college risk management degrees are becoming more popular these days. I know The University of Akron just launched a new risk management bachelor’s program in the fall of 2017 within the business school.

R&I: What could the risk management community be doing a better job of?

I think we could do a better job with streamlining certificates of insurance or, better yet, evaluating if they are even necessary. It just seems to me that there is a significant amount of time and expense around generating certificates. There has to be a more efficient way.

R&I: What was the best location and year for the RIMS conference and why?

Selfishly, I prefer a destination with a direct flight when possible. RIMS does a nice job of selecting various locations throughout the country. It is a big job to successfully pull off a conference of that size.

Curt Gross, Director of Risk Management, Parker Hannifin Corp.

R&I: What’s been the biggest change in the risk management and insurance industry since you’ve been in it?

Definitely the change in nontraditional property & casualty exposures such as intellectual property and reputational risk. Those exposures existed way back when but in different ways. As computer networks become more and more connected and news travels at a more rapid pace, it just amplifies these types of exposures. Sometimes we have to think like the perpetrator, which can be difficult to do.

R&I: What emerging commercial risk most concerns you?

I hate to sound cliché — it’s quite the buzz these days — but I would have to say cyber. It’s such a complex risk involving nontraditional players and motives. Definitely a challenging exposure to get your arms around. Unfortunately, I don’t think we’ll really know the true exposure until there is more claim development.

R&I: What insurance carrier do you have the highest opinion of?

Advertisement




Our captive insurance company. I’ve been fortunate to work for several companies with a captive, each one with a different operating objective. I view a captive as an essential tool for a successful risk management program.

R&I: Who is your mentor and why?

I can’t point to just one. I have and continue to be lucky to work for really good managers throughout my career. Each one has taken the time and interest to develop me as a professional. I certainly haven’t arrived yet and welcome feedback to continue to try to be the best I can be every day.

R&I: What have you accomplished that you are proudest of?

I would like to think I have and continue to bring meaningful value to my company. However, I would have to say my family is my proudest accomplishment.

R&I: What is your favorite book or movie?

Favorite movie is definitely “Good Will Hunting.”

R&I: What’s the best restaurant you’ve ever eaten at?

Tough question to narrow down. If my wife ran a restaurant, it would be hers. We try to have dinner as a family as much as possible. If I had to pick one restaurant though, I would say Fire Food & Drink in Cleveland, Ohio. Chef Katz is a culinary genius.

R&I: What is the most unusual/interesting place you have ever visited?

The Grand Canyon. It is just so vast. A close second is Stonehenge.

R&I: What is the riskiest activity you ever engaged in?

Advertisement




A few, actually. Up until a few years ago, I owned a sport bike (motorcycle). Of course, I wore the proper gear, took a safety course and read a motorcycle safety book. Also, I have taken a few laps in a NASCAR [race car] around Daytona International Speedway at 180 mph. Most recently, trying to ride my daughter’s skateboard.

R&I: If the world has a modern hero, who is it and why?

The Dalai Lama. A world full of compassion, tolerance and patience and free of discrimination, racism and violence, while perhaps idealistic, sounds like a wonderful place to me.

R&I: What about this work do you find the most fulfilling or rewarding?

I really enjoy the company I work for and my role, because I get the opportunity to work with various functions. For example, while mostly finance, I get to interact with legal, human resources, employee health and safety, to name a few.

R&I: What do your friends and family think you do?

I asked my son. He said, “Risk management and insurance.” (He’s had the benefit of bring-your-kid-to-work day.)

Katie Dwyer is an associate editor at Risk & Insurance®. She can be reached at [email protected]