Mortality, Mayhem and You: Risk Management in Digital Health Session #155, February 22, 2017 Todd Cooper, Exec. Director, Trusted Solutions Foundry Nicholas J. Mankovich, VP & CISO, BD Philip Raymond, Dir. Center of Excellence for Wireless Competency, Philips Healthcare 1
Speaker Introduction Todd Cooper Exec. Director Trusted Solutions Foundry Nick Mankovich, M.S., Ph.D., CIPP VP & CISO BD Phil Raymond, Director Center of Excellence for Wireless Competency Philips Healthcare 2
Conflict of Interest Todd Cooper, Trusted Solutions Foundry Nicholas J. Mankovich, BD Philip Raymond, Philips Healthcare Have no real or apparent conflicts of interest to report. 3
Learning Objectives Describe how standards risk management promotes health IT system safety, effectiveness and security Illustrate how 80001 enables cooperation and coordination around safety, security and effectiveness Explain the value proposition for healthcare organizations in adopting the 80001 risk management framework for Medical IT networks as a component of their broader Enterprise Risk Management 4
Realizing the Value of Health IT via Risk Management of Networked Medical Technology Establishing a comprehensive risk management capability in your organization provides value at all levels: Satisfaction Technology works as expected, when needed reducing frustration, increasing care quality and increasing overall confidence in connected healthcare technology. Treatment/ Clinical Care quality is improved by connected healthcare technology providing the expected functionality when needed. Electronic Information/Data Information needed to provide care is available when needed, without information quality and availability challenges. Patient Engagement / Population Management Clinicians and patients can better engage when connected healthcare technology performs as expected, and is not a distraction and frustration factor. Savings Increasing reliability and up time reduces the cost of managing and maintaining connected healthcare technology. 5
Mortality, Mayhem and You: Risk Management in Digital Health Tale of Two Futures A play in two acts Act 1: Mayhem Rules the Day Act 2: Calmness Business as Usual Cast: Hospital: CIO, Clinical Engineering / Biomedical Engineering Lead (CE), Medical IT Network Risk Manager (MITnet RM) ICU Telemetry Vendor: Account Manager, Emergency Support Others to be announced later! 6
Act 1: Mayhem Rules the Day Setting Late Saturday night, the Clinical Engineer s phone rings: Telemetry network is down! 2 hours later, Telemetry at another facility is down!!! We re under attack! All hands on deck! {confusion results} Behind the Curtain IT hired an external consultant to perform security vulnerability testing across the hospital system s networks, without coordinating with those responsible for the networked devices and systems, nor realizing that medical technology often doesn t respond well to this testing! 7
Meeting #1 What s going on?! Scene: CIO calls a meeting Sunday morning at 07:00 with CE lead & telemetry vendor to figure out what is going on, increasingly losing confidence that anyone knows what is happening or has a plan to resolve the problems. This is becoming a catastrophe! CIO: CE/BME: Vendor: What s going on here? Why am I being called?! Ummmm well {confused responses to boss boss} I ll have to go back to engineering and see if they have any ideas 8
Meeting #2 Mortality Knocks Scene: CIO: CE/BME: Vendor: CIO calls a 2 nd meeting Sunday at 12:00 to follow-up What s the plan? {silence} Ummmm well {chaos finger pointing } This was probably caused by another vendor, or your wireless IT manager or other staff doing what we told you not to. CIO Conclusion: Clearly no one has a clue here. Don t talk to anyone. I ll have to call Legal and Public Relations, then I ll have to call the CEO. Someone could die. Even if no one is hurt, this could hurt our Level 1 accreditation. 9
Discussion Does this sound familiar? What should have been done? Who wore the White Hat and the Black Hat? 10
11 Note: 80001-1 being revised w/ new title, organization & wisdom
ISO/IEC 80001 The RESPONSIBLE ORGANIZATION TOP MANAGEMENT Roles & responsibilities ensure clear communication & coordination Defined policies, processes ensures an enterprise-wide risk management capability supports problem & event resolution + maintenance activities Approves MEDICAL IT- NETWORK RISK Risk MANAGEMENT Management FILE File Residual Risk Policies Processes Procedures Supervises creation of (IEC 80001-1:2010, Figure B.1) Provides input to Appoints Guide activities of MEDICAL IT-NETWORK RISK MANAGER Provides input to Provides experts to Provides experts to Provides experts to Provides experts to Provides input to Clinical Area of expertise Biomedical Engineering area of expertise IT area of expertise Other... 12 Medical device manufacturer or provider of other IT technology A Medical device manufacturer or provider of other IT technology B Subcontractor
Act 2: Calmness Business as Usual Setting (deviating from the actual event) Late Saturday night the Medical IT Network Risk Manager s phone rings patient telemetry is down at one of the facilities. As there was no scheduled testing, he notifies the emergency response team. They use established documentation & tooling to begin assessing the problem. Behind the Curtain Hospital implemented 1 st level of 80001 in a project two years earlier Networked medical technology is now risk managed, in accordance with established policies, processes & procedures; responsibility agreements in place with vendors Effective and consistent communication & coordination between stakeholders, including CE, health IT, clinicians, audit & compliance, purchasing, etc. 13
1 st Meeting Managing the Event Scene: CIO: MITnet RM: Vendor: In accordance with policy and procedure, the Medical IT Network Manager notifies the CIO that a security event has been detected and is being assessed. The CIO calls a meeting Sunday morning at 07:00 with the MITnet RM, telemetry vendor and other primary stakeholders to get an update on the assessment and resolution plan. What s going on here? Do we know the problem and have a plan? Yes, we invoked the emergency response process, the team is engaged and assessing the problem, no patients are in danger, and we should have a resolution plan in a few hours. We are working with your team to determine the source of the problem 14
2 nd Meeting Rational Minds Prevail Scene: CIO calls a 2 nd meeting Monday morning at 09:00 to follow-up CIO: CE/BME: What s the plan? {silence} We completed the assessment and determined that a zero day vulnerability in a medical system hosted in the Data Center caused a local network IP storm. We are working on the Data Center problem with the other vendor. However, we have invoked the back-to-local scenario and telemetry is up and running on the local server (isolated but HIS vendor is informed of data stoppage). Vendor: We are working with the MITnet RM team in the data center but clinical telemetry is fully operational. CIO Conclusion: We didn t know about this zero-day problem but we were prepared and everyone responded well. I have full confidence in this team! Let me know if there are any other issues. 15
Conclusions Stuff happens every day but establishing a foundation of 80001-based of risk managed healthcare technology enables an enterprise to address routine changes + event & problem resolution as biz-as-usual Balancing between safety, effectiveness and security is crucial to ensure medical technology will meet user needs when needed Effective communication and coordination between all stakeholders breaking down inter- and intra-organizational silos - is a key benefit of 80001 Integrating 80001 as a component of an enterprise health IT risk management process ensures that networked medical technology will perform safely, effectively and securely improving quality and savings 16
Parts of this vignette and more is included in this AAMI white paper. ISO/IEC 80001 standards, guidance and training are available from www.aami.org 17
Realizing the Value of Health IT via Risk Management of Networked Medical Technology Establishing a comprehensive, enterprisewide risk management capability will ensure that an organization s investment in health IT including integrated medical technology will perform as expected, safely and securely. This will result in improved satisfaction on the part of all involved, improved clinical quality, improved security, improved patient satisfaction and ultimately improved savings due to lower ownership costs. 18
Questions Contact us at: Todd Cooper Nick Mankovich Phil Raymond Todd@TrustedSolutionsFoundry.com Nick.Mankovich@bd.com phillip.raymond@philips.com Don t forget: Complete the online session evaluation! 19