Risk Insider: Jeff Driver

Hooba-Dooba! Digital Health Care Reality: Part II

By: | August 15, 2017 • 4 min read
Jeff Driver is the Chief Risk Officer- Stanford University Medical Center and the Chief Executive Officer - The Risk Authority, LLC. He can be reached at [email protected]

As discussed in Part I, digital health care use is on the rise, and while in many ways rewarding, is not without risk. At TRA Stanford, we identified cyber security, misdiagnosis, and informed consent as three pressing issues risk managers will face.

Cyber security: As medical devices are increasingly connected to the internet, hospital systems, and other medical devices, there is a higher risk of hackers collecting sensitive information, or worse, interrupting “life critical systems” that protect human life.

Advertisement




In 2015, the FDA and Department of Homeland Security provided a warning that medical devices could be tampered with by hackers.  Devices, such as IV pumps, could be accessed remotely through a hospital’s network which would allow an unauthorized person to control the device and change the dosage of medication delivered to the patient.  The vulnerability is the same for digital health apps and wearables.

A variety of clinical risks may arise through the use of digital health apps.  One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps.

The risk mitigation strategies between medical devices and the devices used to transmit or receive data through digital health apps and wearables are very similar. Due diligence efforts should ensure that digital health apps are provided through HIPPA compliant platforms and appropriate security measures are in place. Some measures include, for example, a technology backbone and infrastructure to support the function, remote device integration with real-time data sharing, reporting and cross data correlation; interoperability, data analytics and big data management, and privacy and security. A thorough risk analysis of all potential vulnerabilities is indispensable.

Misdiagnosis: While rife with potential for preventative health care, many apps have been developed without being validated for diagnostic accuracy or utility using established research methods. The use of digital health apps and any technology requires an overhaul of existing processes and procedures, as well as a process to evaluate and revise workflows. The following due diligence may help mitigate operational risk related to validity and ethicality:

  1. Research whether the app does what it says its going to do. Developers should be able to provide information about testing and provide disclaimers that their apps are not medical devices and are not approved by the FDA, when applicable.
  2. Prepare the patient, practitioners and organization to utilize the digital health app.
  3. Carry out a mock trial run of a patient encounter utilizing the technology before it is actually incorporated into patient care.

Informed consent: A variety of clinical risks may arise through the use of digital health apps.  One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps.  For example, patients may be given a code to download a specific app.  When the patient downloads the app, does that mean the patient consented to the use of the app?  Of course the clinician should complete the risk and benefit conversation with the patient, but when is consent complete?

Advertisement




Clinicians should follow existing guidelines for informed consent and revise the process as necessary to conform with the unique nature of incorporating technology into patient care.  There are multiple criteria for informed consent that are applicable to this process, such as:

  1. Evaluating and documenting the patient’s competence to understand and to decide.
  2. Voluntary decision-making.  This is important because the patient should not be coerced into using this technology if he/she does not want to.
  3. Disclosure of material information is a key component of the consent process. It should be clear to the patient how the information gathered will be used in their treatment plan.
  4. The patient should expressly, in writing, authorize the plan.  The plan should include when and how the patient should access the digital health app, and a process should be in place to follow-up with the patient to determine whether the patient has accessed the app at the designated time and whether the patient has been able to utilize the app as intended.

Digital health apps will quickly become a regularly used tool to complement existing patient care practices.  There are many upsides to the risk, including more expeditious care through transmitting information in real-time, greater patient satisfaction, greater practitioner satisfaction, chronic disease management, and opportunity for competitive advantage. There are potential risks, too, but these risks can be effectively managed when proactively identified.

More from Risk & Insurance

More from Risk & Insurance

Risk Management

The Profession

This senior risk manager values his role in helping Varian Medical Systems support research and technologies in the fight against cancer.
By: | September 12, 2017 • 5 min read

R&I: What was your first job?

When I was 15 years old I had a summer job working for the city of Plentywood, mowing grass in the parks and ballfields, emptying garbage cans, hauling waste to the dump, painting crosswalk lines.  A great job for a teenager but I thought getting a college degree and working in an air-conditioned office would be a good plan long term.

R&I: How did you come to work in risk management?

I was enrolled in the University of Montana as a general business student, and I wanted to declare a more specialized major during my sophomore year. I was working for my dad at his insurance agency over the summer, and taking new agent training coursework on property/casualty risks in my spare time, so I had an appreciation for insurance. My dad suggested I research risk management for a career, and I transferred sight unseen to the University of Georgia to enroll in their risk management program. I did an internship as a senior with the risk management department at Sulzer Medica, and they offered me a full time job.

R&I: What could the risk management community be doing a better job of?

Advertisement




We need to do a better job of saying yes. We tend to want to say no to many risks, but there are upside benefits to some risks. If we initiate a collaborative exercise with the risk owners — people who may have unique knowledge about that particular risk — and include a cross section of people from other corporate functions, you can do an effective job of taking the risk apart to analyze it, figure out a way to manage that exposure, and then reap the upside benefits while reducing the downside exposure. That can be done with new products and new service offerings, when there isn’t coverage available for a risk. It’s asking, is there anything we can do to reduce the risk without transferring it?

R&I: What emerging commercial risk most concerns you?

Cyber liability. There’s so much at stake and the bad guys are getting more resourceful every day. At Varian, our first approach is to try to make our systems and products more resilient, so we’re trying to direct resources to preventing it from happening in the first place. It’s a huge reputation risk if one of our products or systems were compromised, so we want to avoid that at all costs.

We need to do a better job of saying yes. We tend to want to say no to many risks, but there are upside benefits to some risks.

R&I: What insurance carrier do you have the highest opinion of?

I’ve worked with a number of great ones over the years. We’ve enjoyed a great property insurance relationship with Zurich. Their loss control services are very valuable to us. On the umbrella liability side, it’s been great partnering with companies like Swiss Re and Berkley Life Sciences because they’ve put in the time and effort to understand our unique risk exposures.

R&I: How much business do you do direct versus going through a broker?

One hundred percent through a broker. I view our broker as an extension of our risk management team. We benefit from each team member’s respective area of expertise and experience.

R&I: Is the contingent commission controversy overblown?

Advertisement




I think so. The brokers were kind of villainized by Spitzer. I think it’s fair for brokers and insurers to make a reasonable profit, and if a portion of their profit came from contingent commissions, I’m fine with that. But I do appreciate the transparency and disclosure that came out as a result of the fiasco.

R&I: Are you optimistic about the US economy or pessimistic and why?

David Collins, Senior Manager, Risk Management, Varian Medical Systems Inc.

While we might be doing fine here in the U.S. from an economic perspective, the Middle East is a mess, and we’re living with nuclear threat from North Korea. But hope springs eternal, so I’m cautiously optimistic. I’m hoping saner minds prevail and our leaders throughout the world work together to make things better.

R&I: Who is your mentor and why?

My Dad got me started down the insurance and risk path. I’ve also been fortunate to work for or with a number of University of Georgia alumni who’ve been mentors for me. I’ve worked side by side with Karen Epermanis, Michael Rousseau, and Elisha Finney. And I’ve worked with Daniel Dean in his capacity as a broker.

R&I: What have you accomplished that you are proudest of?

Advertisement




Raising my kids. I have a 15-year-old and 12-year-old, and they’re making mom and dad proud of the people they’re turning into.

On a professional level, a recent one would be the creation and implementation of our global travel risk program, which was a combined effort between security, travel and risk functions.

We have a huge team of service personnel around the world, traveling to customer sites to do maintenance and repair. We needed a way to track, monitor and communicate with them. We may need to make security arrangements or vet their lodging in some circumstances.

R&I: What do your friends and family think you do?

My 12-year-old son thought my job responsibilities could be summed up as a “professional worrier.” And that’s not too far off.

R&I: What about this work do you find the most fulfilling or rewarding?

Varian’s mission is to focus energy on saving lives. Proper administration of the risk function puts the company in a better position to financially support research that improves products and capabilities, helps to educate health care providers and support cancer care in general. It means more lives saved from a terrible disease. I’m proud to contribute toward that.

When you meet someone whose cancer has been successfully treated with one of our products, it’s a powerful reward.




Katie Siegel is an associate editor at Risk & Insurance®. She can be reached at [email protected]