Newsletters
Risk Central
Digital Edition
Risk Insider: Jeff Driver
Hooba-Dooba! Digital Health Care Reality: Part II
Jeff Driver is the Chief Risk Officer- Stanford University Medical Center and the Chief Executive Officer - The Risk Authority, LLC. He can be reached at [email protected].
As discussed in Part I, digital health care use is on the rise, and while in many ways rewarding, is not without risk. At TRA Stanford, we identified cyber security, misdiagnosis, and informed consent as three pressing issues risk managers will face.
Cyber security: As medical devices are increasingly connected to the internet, hospital systems, and other medical devices, there is a higher risk of hackers collecting sensitive information, or worse, interrupting “life critical systems” that protect human life.
In 2015, the FDA and Department of Homeland Security provided a warning that medical devices could be tampered with by hackers. Devices, such as IV pumps, could be accessed remotely through a hospital’s network which would allow an unauthorized person to control the device and change the dosage of medication delivered to the patient. The vulnerability is the same for digital health apps and wearables.
A variety of clinical risks may arise through the use of digital health apps. One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps.
The risk mitigation strategies between medical devices and the devices used to transmit or receive data through digital health apps and wearables are very similar. Due diligence efforts should ensure that digital health apps are provided through HIPPA compliant platforms and appropriate security measures are in place. Some measures include, for example, a technology backbone and infrastructure to support the function, remote device integration with real-time data sharing, reporting and cross data correlation; interoperability, data analytics and big data management, and privacy and security. A thorough risk analysis of all potential vulnerabilities is indispensable.
Misdiagnosis: While rife with potential for preventative health care, many apps have been developed without being validated for diagnostic accuracy or utility using established research methods. The use of digital health apps and any technology requires an overhaul of existing processes and procedures, as well as a process to evaluate and revise workflows. The following due diligence may help mitigate operational risk related to validity and ethicality:
- Research whether the app does what it says its going to do. Developers should be able to provide information about testing and provide disclaimers that their apps are not medical devices and are not approved by the FDA, when applicable.
- Prepare the patient, practitioners and organization to utilize the digital health app.
- Carry out a mock trial run of a patient encounter utilizing the technology before it is actually incorporated into patient care.
Informed consent: A variety of clinical risks may arise through the use of digital health apps. One such concern is informed consent and the question regarding what consent means when care is supplemented through the use of digital health apps. For example, patients may be given a code to download a specific app. When the patient downloads the app, does that mean the patient consented to the use of the app? Of course the clinician should complete the risk and benefit conversation with the patient, but when is consent complete?
Clinicians should follow existing guidelines for informed consent and revise the process as necessary to conform with the unique nature of incorporating technology into patient care. There are multiple criteria for informed consent that are applicable to this process, such as:
- Evaluating and documenting the patient’s competence to understand and to decide.
- Voluntary decision-making. This is important because the patient should not be coerced into using this technology if he/she does not want to.
- Disclosure of material information is a key component of the consent process. It should be clear to the patient how the information gathered will be used in their treatment plan.
- The patient should expressly, in writing, authorize the plan. The plan should include when and how the patient should access the digital health app, and a process should be in place to follow-up with the patient to determine whether the patient has accessed the app at the designated time and whether the patient has been able to utilize the app as intended.
Digital health apps will quickly become a regularly used tool to complement existing patient care practices. There are many upsides to the risk, including more expeditious care through transmitting information in real-time, greater patient satisfaction, greater practitioner satisfaction, chronic disease management, and opportunity for competitive advantage. There are potential risks, too, but these risks can be effectively managed when proactively identified.
