Hospital Wireless Networks May Be Regulated Medical Devices

Lucas123 writes "As hospitals continue to connect patient monitoring equipment, physician PDAs and laptops to wireless networks, and then collapse those data paths onto traditional IT networks, the closer the US Food and Drug Administration comes to regulating them, according to Computerworld. The focus of the FDA's regulation comes in its recently finalized 80001-1 standard that established risk management practices for those networks, the adherence to which may be voluntary, but would determine Medicaid and Medicare reimbursements. 'If you don't comply, then you have two choices. You can have the federal government come in and inspect your hospital, or you can decide not to accept money from Medicare or Medicaid. Voluntary sometimes isn't exactly voluntary,' said Rick Hampton, wireless communications manager for Partners HealthCare System in Boston."

Dance

[Talderas]

Dance for the pretty FDA mooks.

Then you'll get your cookie.

Re:Dance

Voluntary sometimes isn't exactly voluntary

And in America, freedom isn't always freedom. If you aren't rich in America... or most of the western capitalistic world (hell, even in China these days)... you are always going to be under someone's thumb. Or living in a washing machine box... or IN A VAN, DOWN BY THE RIVER!!. Freedom doesn't mean much if you can't do anything with it. Mook.

Re:Dance

[darthdavid]

And if the tea baggers won your state you won't even be eating government cheese. That adds to the deficit don'cha'know?

Good?

[Kenja]

Current level of security and quality for medical IT is rather poor.

Re:Good?

I'd have to concur. I've been in hospitals where the IT staff offered free wireless internet for the waiting areas- and the only open access point was to the "airgapped" network for the financials, etc. I'm sure that Medicare would LOVE to find out about THAT particular HIPAA violation. >:-D

Re:Good?

[NevarMore]

I I'm sure that Medicare would LOVE to find out about THAT particular HIPAA violation. >:-D

Then go tell them. If you've physically been in the hospital that could be your data, your loved ones data, or just plain due diligence if you were there for work and not for a medical reason.

Re:Good?

There is a serious need for IT professionals in healthcare -- at least people will tell you that right up to the moment you actually try to get a job. I've lost count of the doctors, med school professors, and hospital administrators who have claimed that there's this huge opportunity in healthcare IT. I've also stopped looking for the jobs that match these opportunities because I got frustrated long ago with the silent rejections, and the high barriers to entry raised by the places that would actually respond. The one opportunity that seemed realistic (MRP software development) was offering about $60K, for Boulder Colorado, which is unrealistic to say the least.

I'd really like to move my career from Aerospace IT into Healthcare, but I'm not willing to do it for a third of my current rate.
I think I have made a sincere, honest effort to find these jobs, albeit only in regions where I'm willing to relocate (Pacific Northwest or Colorado). Others who have different standards for location might have better luck.

Re:Good?

I think the quality of classic IT in a hospital isn't that bad. The status of our Windows network isn't that bad. There are issues, but I don't think we're any worse than any other industry. What is bad is the Biomed side of the house. The medical equipment stores patient data with no authentication or auditing capabilities. The systems that are based on off the shelf hardware and software (e.g. Windows PC hooked up to a medical device) can't be patched because the vendors won't certify the systems with those patch levels and turn around and blame the requirement on FDA approval.

Re:Good?

[HiThere]

What's your rate of infections by viruses? If you're running a MSWind network, that might be a fair test. If it's zero, you may be doing pretty well.

This wouldn't work on a Linux or Unix network, as there basically aren't any viruses to probe the network, but on MSWind they might do a fair job of testing you.

N.B.: I'm *NOT* a sysadmin, so I may be talking through my hat. But at least it sounds like a fair first test. If viruses are getting through, you KNOW your network is pervious.

P.S.: Whenever I see a MSWind machine in a medical office, I shudder. I'm relatively sure those are insecure. If there were alternatives, I'd change doctors quickly, even though I like my current doctors as medical practitioners. Many of them are XP's. so I'm fairly sure they aren't well secured. (Could be air breaks, but I doubt it.)

Re:Good?

[Moryath]

Actually part of the problem is that a lot of medical devices NEED to be closed systems.

I've got a friend who works in medical IT and it's a nightmare keeping systems certified. Anytime there's anything approaching a major Windows patch or upgrade, the device has to be re-certified to be sure that the patch didn't affect something to give bad readouts. This isn't an idle threat, given the various system incompatibilities that popped up in various ways over the years - there were a few systems that "broke" when some well-meaning person upgraded from XP SP2 to SP3 for instance.

They have systems still running win95, 98se, 2000, etc. on them. There are a few that are DOS-based putting out info on monochrome screens. It is actually a little frightening to realize what would happen if the unit had to be replaced quickly... on the other hand, the DOS units are hardy little bastards from back in the day when everything ran nice and cool and quiet on passive heat sinks.

Re:Good?

[vlm]

What's your rate of infections by viruses? If you're running a MSWind network, that might be a fair test. If it's zero, you may be doing pretty well.

This wouldn't work on a Linux or Unix network, as there basically aren't any viruses to probe the network, but on MSWind they might do a fair job of testing you.

Its just an anecdote, but a casual acquaintance I met at HOPE 2006 in NYC or something, worked at a hospital and their solution to preventing LAN/network based infections was to create the semi-mythical one PC vlan.

So the linux side spoke dot1q and had a zillion interfaces and spoke smb via samba or whatever the heck the biomed device used. There was also some confusing discussion of mac address filtering, he was guite proud that any ole sysadmin could do iptables at OSI 3 and up, but he was doing all manner of layer 2 MAC filtering. For example, all the "whatchamacallits" had the same first three bytes of the MAC address, the OUI, and they were only allowed traffic from THE mac address of some remote monitor thingy.

He had a lot of semi-automated script and claimed if anyone swapped the server LAN card his switches would all autoupdate or something based on a vast pile of perl.

Some of the most sensitive "LAN" devices used a "LAN" of a crossover cable instead of running thru wifi and etherswitches. Obviously a little hard to monitor. So he used a hub (not a switch) and some dual ported RMON probe thingy to watch the sensitive "net".

He also did this mac address lockout thing such that only certain macs work in certain ports...

The point of this rambling recollection is you put a regular Fortune 500 IT dude in a hospital IT dept and you get security holes galore, a hospital IT guy merely needs some new outlook, some new ways of thinking.

Re:Good?

[operagost]

I'll bet some don't even HAVE heat sinks.

Re:Good?

[Malenx]

And if he's fired or gets hit by a bus, everything burns to the ground and they spend millions fixing it.

Gogo hospital?

Re:Good?

[emarkp]

Sadly, that's not the only part of the equation. Will regulation make it better and/or safer?

Because in my experience (10+ years of software medical device work) FDA regulation of medical devices has reached a point where the cure is now worse than the disease. Innovation is swamped under paperwork that prevents many solutions from coming out that would make medical devices safer or better, but which would cost too much for a company to implement because of FDA rules.

Too often, medical device errors (radiation burns, etc.) are because of human error which could be corrected with a strict checklist, rather than more FDA regulation.

The most likely result of regulating wireless networking in a hospital will be the removal of the wireless network. People will likely schlep data around on USB drives, which are unmarked and untracked, etc. (I've seen that happen before when devices don't have networking capability). In such a scenario are patients protected or endangered?

Re:Good?

[hesiod]

I'd have to disagree, or at least disagree with the suggestion that it's any worse than any other industry. I actually work in a hospital's IT department (not bio-med). And a small hospital at that, with a relatively limited budget. We offer free wireless, but it doesn't touch our clinical network, even at the edge (separate Internet connections). It's unfair to single out health care IT as lacking, when it is lacking everywhere else too.

One big difference here is that medical records are a private, touchy issue. But that's only because people want them to be private, not because there is an actual need (under normal circumstances). In reality, very few people give a crap that you came to the ER to get some stitches. Do you think anyone cares what meds you are on? For most of us, no one does. Notable exceptions would be for public figures, of course. That doesn't mean I'm handing out passwords, or that I don't care about security -- I do care, and I take all reasonable steps I know of (and am allowed to do) to keep the data secure.

On a side note, thank you for spelling HIPAA properly: it's incredibly irritating to see people -- even those working in health care -- write "HIPPA".

Re:Good?

[Yewbert]

Absolutely true. I'm in IT at a Big Pharma, and I've seen plenty of those exact kinds of issues during regression testing - patches "breaking" little loopholes in Windows behavior that we'd unwisely come to depend on in some obscure cases. That XP SP2-to-SP3 upgrade buggers up DCOM, for example.

Re:Good?

Please stop using "MSWind" like it's an actual term. it's incredibly annoying. It's Windows. Or Microsoft Windows. Not "MSWind". That's not a thing. Stop saying it. You sound like a douchebag.

Good.

[RightSaidFred99]

I'm one of those much hated libertarian leaning people who thinks regulation should only be applied when absolutely needed. In this case, we're talking life and death data and I would expect medical systems to be heavily regulated both for security and availability/reliability.

So what's the controversy?

Re:Good.

[Kenja]

You fool! You're suposed to let the free market decide! If too many people die at hospital A, just go to hospital B!

Re:Good.

[Talderas]

Well. Since you need to comply with FDA regulations or not get your medicare/medicaid funding, it's a pretty big deal.

The problem exists in the transition. These improvements cost money and there's a good chance that networks in transition wouldn't meet the FDA requirements. That would cause the hospital to loose the medicare/caid funding and consequently have to turn away or eject patients that would be a huge cost to them that would otherwise get treatment.

Since there's that potential while in transition to a more modern network, hospitals may be quite unwilling to fund the improvements in the first place and preserve their funding.

Re:Good.

[Korin43]

The problem is that a heavily regulated system like this raises prices, so your only choices become the best healthcare or no healthcare. It's perfectly fine if you have the money for the first option, but not everyone does.

Not to mention that some people would be willing to take the risk to save money. Everything you do in life has a risk, why regulate just that one? There are many cases where I'd be willing to go to a hospital with a crappy wireless network to save some money. I'd think twice about getting heart surgery there, but not everything a hospital does is that big of a deal.

Re:Good.

[dkleinsc]

Yeah, someone needs to send RightSaidFred99 to a Cato Institute reeducation center before he starts thinking that health insurance is a life-and-death kind of thing too and needs to be regulated!

Re:Good.

[Kagato]

Maybe a really small hospital might have issues, but if you're mid or larger and can afford something like Epic MyChart, you can afford a competent network admin.

Re:Good.

[Americano]

Oh my. I really hope you have karma to burn.

Re:Good.

[blueg3]

The problem is that a heavily regulated system like this raises prices

It also tries to make arguments on blind assertions.

Re:Good.

[Mordok-DestroyerOfWo]

Oh my. I really hope you have karma to burn.

Is it wrong that I heard George Takei when I read this?

Re:Good.

[Archangel+Michael]

I'm one of those hated libertarian people, and you haven't even begun to explain anything libertarian.

This isn't between life and death, this is just communication between two machines (wireless networking). By confusing the two, you've fallen into the trap of the "do it for the children" crowd.

In this case we have a government that is withholding payments because they haven't inspected a network. Okay, I'm okay with that, except for one thing, this isn't about privacy or security or anything like that. It is about control of the processes.

This is just a bad case of "governmentus interferitus", where they think adding the layer of government fixes the problem. However before they can "fix" the problem they should show that it is a problem in the first place, not react like the typical, "something must be done, this is something, therefore it must be done" roll.

Next time a Congress Critter suggests a fix for a problem, ask them to explain the problem, and how their "fix" fixes it. Most likely, they have no idea on either, but they're doing it anyway, and it sounds like the previous "something must be done" phrase.

HIPA is great and all, but it also is a pain in the ass for most people, and has caused more problems than it solved.

Re:Good.

a really small hospital might have issues, but if you're mid or larger and can afford

Thus, regulation creates bias for large institutions. Oligopolies eventually dominate. Enjoy your McDoctor.

Were wireless networks actually killing anyone...? oh wait; not supposed to think.

Re:Good.

[Americano]

Or, as with just about any government regulation, the policy would be enacted and give hospitals X number of months or years to comply with the standards set forth in that policy, or face a loss of Medicare/Medicaid funding.

Here's what will not happen:
12:01 a.m., January 1, 2012: Regulation goes into effect.
12:02 am, January 1, 2012: All non-compliant hospitals cease to receive funding from Medicare and Medicaid, and the feds move in to shut down these illegal dens of medical "care" for their noncompliance.

They'll probably have several years to bring themselves into compliance, with a requirement that they document their risk mitigation policies until they are compliant, and if at the end of that time they can't show compliance, then they will risk losing their Medic[are|aid] funding.

Re:Good.

[danbert8]

Oh my... Imagine a world with 4 colors! (probably not an exact quote, but you know the commercial).

Yeah, I can see where you got that.

Re:Good.

[darkstar949]

However, as some others have pointed out, what you are doing and how the new rules are written is very relevant. If you are having equipment monitoring vitals signs sending data over the network that is relevant to the monitoring of the patient, you better be sure that the information is getting where it should be. Likewise, if you are just providing a public WiFi for patients and families so they can check their email while they are at the hospital, then there isn't as pressing a need to make sure the network stays up.

At the end of a day, there are still some good reasons for having a physical wire connecting some network devices and when you have those reasons, you don't want someone upgrading to a new network type without having appropriate plans in place. If upgrading to WiFi ends up costing more money and the existing wired network works just find, why change it?

Re:Good.

[Maclir]

The problem is that a heavily regulated system like this raises prices, so your only choices become the best healthcare or no healthcare.

Wait a minute - I thought the original article was referring to hospitals in the USA - so then "best healthcare" is not an option.

Re:Good.

[Americano]

Why would that be wrong? I wish I had the speaking voice that guy has, I'd be able to hold peoples' attention much more easily in meetings.

Re:Good.

[RKThoadan]

I'm a little less libertarian than you and I see some potential problems. I don't really have many problems with this being regulated, but I'm a bit uncertain that the FDA is the best agency for this. I typically think that regulation is very similar to encryption. Both can make you much safer if done well, but they aren't done well very often (especially regulation) and end up just being a big inconvenience. Unlike many I genuinely believe that regulation can and should be done properly, which means it should be done by the right department and it should be very clear who regulates what. As regulatory agencies go, the FDA isn't horrid, but it seems like an odd choice to regulate a hospital's wireless network.

Re:Good.

It also means they will not be able to buy $50-100 access points. They will have to be "medically certified" access points. That means they will have pretty green sticker on them, the same access point, but now it will cost $300-400. Great plan.

Re:Good.

You just shut down all meaningful medical research in the US. There will be no medical research if you cannot get medical data. Perhaps you can still do some retrospective demographic studies -- but most research requires real data. Wireless or not, often obtains medical data by connecting (directly or indirectly) to medical equipment that is designed to supply this data to interested parties via RS-232, bluetooth or ethernet. If you have to get your data acquisition system approved by the FDA, you are SOL.

Medical research in the US is already way too encumbered by individuals that try to misapply the existing laws. Many well-meaning individuals already think HIPPA means you can't do research. Of course that is not true, but common perception of the existing laws and regulations is more important on a day-to-day basis than what the rules actually say.

Forgetting research for a moment, take a clinical point of view. Without a risk/benefit analysis, this decision is blindly misguided. Is there a documented case of someone being harmed because their patient monitor was being monitored remotely at a central station? Remote monitoring is usually enabled by an IT network. Now are there documented cases of someone being harmed because the patient was _not_ being monitored? Guess.

Re:Good.

[roman_mir]

I am one of the REALLY HATED libertarians. I am against gov't regulations of everything.

Gov't has 2 jobs:
1. Minimum military.
2. Justice system.

That's it, no exceptions.

There should not be gov't involvement into any of this at all. FDA should be abolished, like all other agencies (except for what I specifically listed already.)

This is RIDICULOUS to have any special regulations for any of this stuff. That's what makes it so difficult to enter the field of opening your own hospital and there is no reason to have any of this certification.

If you DO CARE about certification, then you should go to hospitals that use some certification company to certify their instruments, etc.

This regulation is like all other gov't regulations, will bring costs up and will decrease competition. That's it.

Re:Good.

[Americano]

Were wireless networks actually killing anyone...?

If you read TFA, yes, actually, they were:

According to Shuren, the FDA last year received reports that six patients died and 44 people were injured as a result of health IT-related malfunctions. The FDA also received 260 reports of malfunctions that had the potential to harm patients.

Reporting of these numbers is strictly voluntary, so you do the math - if institutions volunteered these numbers, how many other patients and patient devices are being affected by some intern streaming House re-runs over the network? And do you really think it's inappropriate to mandate that certain controls must be in place on a general network that is relied upon by medical devices which require the network to operate, and which are sending sensitive medical data over the network?

I work for a financial services company; it's standard practice for us to firewall off our sensitive database systems and authentication systems, and restrict access to a very tightly controlled set of uses. If your retirement account or brokerage account was held here, would you want us to take down all the firewalls, network filtering, and access controls on the networks? I'm betting the answer is no. If you want that much protection on your financial information (which might embarrass you, but certainly won't kill you), why wouldn't you want controls at least as strict on networks & systems that could - quite literally - kill you if they malfunction for some reason?

Re:Good.

[TheL0ser]

I hope not, I heard it in Morgan Freeman's voice.

Re:Good.

[Korin43]

The problem is that a heavily regulated system like this raises prices

It also tries to make arguments on blind assertions.

So you think things get improved for free then? More rules means more time spent making sure you're following them, and in the case of the healthcare industry, it means paying insane amounts of money for something that's cheap for everyone else (but the cheap version doesn't come with the right certifications).

Re:Good.

If your network doesn't meet requirements, maybe you shouldn't be sending life and death information down it.

captcha: Mistakes. Spooky.

Re:Good.

[mangu]

Plenty of karma, don't worry. However no mod points, have been posting too actively of late. If I had I would give the GP (-1, offtopic).

Why is it that leftists always mock of libertarianism with this monotonous "free market" chant? Economic freedom is *one* of the infinite liberties a person can have. The free market works admirably for what it's meant to do, but it's not a tool for everything.

The free market is *not* intended to maximize the preservation of human life. We do need some regulations for that. Of course, there are private corporations, like this one to verify that regulations are being followed, but they do not make the regulations, that's not what the "free market" is intended to do.

So, in the end, there must exist some form of governmental or non-market regulations in effect. No libertarian denies that.

Re:Good.

[blueg3]

So you think things get improved for free then?

So, are you trying to argue that since it costs money to improve X, then if Y is an improved version of X, then Y is necessarily more expensive than X?

Re:Good.

Actually, none of the libertarians need even apply to this thread, since we're already shoveling money from the government into the private sector here.

If anything, the libertarian response should be "good! The government needs to give less money away so it can take less of my money through taxes!"

Re:Good.

[HiThere]

There are rational libertarians. They aren't the majority. I don't know if there are any rational Libertarians.

To say that someone who takes the most common stand taken by a group of people who apply that label to themselves as representative of that belief is unreasonable is, itself, unreasonable. To take the well-reasoned view of a small minority who apply that label to themselves is much more unreasonable.

So, yes, I would say that libertarians believe the the supremacy of the Free Market!! at all costs. This doesn't mean that I believe it to be the belief of all libertarians, but rather that of most of them, or at least most of those with loud voices. I say this despite considering myself more of a libertarian than any other political grouping, and definitely not believing it myself.

Don't denounce people for pointing out the flaws in the political group that you most strongly identify with, change either the group or your identification. Do you feel you must defend the US when others point out that it illegally tortures people? It does. If you deny that fact, you are refusing to face reality. And most citizens are profoundly unhappy about it. Unfortunately, the most common reaction is to deny the facts. This doesn't do anything to fix the problem. Recognizing the problem doesn't do much, but at least it's better than that.

I agree that there are libertarians who believe as you do. But it's not the most common belief among libertarians. Much more common is the worship of the Free Market to the extent of denying that it has any faults or any circumstances in which it doesn't apply. (And they never thing that this would authorize murder for hire. That would create cognitive dissonance.)

Re:Good.

This has little to do with life and death and more to do with forcing hospitals to accept nearly nothing for reimbursement, or have the Federal Government come in an inspect.

Re:Good.

[Korin43]

No, I'm saying that if it costs money to improve X, and you require that X be improved, then it will cost money. If Y uses X and isn't a charity, then Y will become more expensive to make up for it.

Re:Good.

[vlm]

That would cause the hospital to loose the medicare/caid funding and consequently have to turn away or eject patients that would be a huge cost to them that would otherwise get treatment.

This assumes that medicare/medicaid patients are, and always will be, your most profitable. If your assumption ever turns out to be wrong...

Re:Good.

[Peeteriz]

According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?

Re:Good.

[eth1]

Or, as with just about any government regulation, the policy would be enacted and give hospitals X number of months or years to comply with the standards set forth in that policy, or face a loss of Medicare/Medicaid funding.

Here's what will not happen:
12:01 a.m., January 1, 2012: Regulation goes into effect.
12:02 am, January 1, 2012: All non-compliant hospitals cease to receive funding from Medicare and Medicaid, and the feds move in to shut down these illegal dens of medical "care" for their noncompliance.

They'll probably have several years to bring themselves into compliance, with a requirement that they document their risk mitigation policies until they are compliant, and if at the end of that time they can't show compliance, then they will risk losing their Medic[are|aid] funding.

Exactly. What will really happen is this:
12:01 a.m., January 1, 2012: Regulation goes into effect, with deadline of 2015-01-01.
2012-01-01, IT: "We need to get started on this"
2012-01-01, Exec: "We don't have the money yet"
2013-01-01, IT: "We need to get started on this"
2013-01-01, Exec: "We don't have the money yet"
2014-01-01, IT: "We need to get started on this!"
2014-01-01, Exec: "We don't have the money yet"
2014-11-01, Exec: "We need this in two months or we're fscked!! We'll need you to work 168 hour weeks!"

Re:Good.

I'm one of those much hated libertarian leaning people who thinks regulation should only be applied when absolutely needed. In this case, we're talking life and death data and I would expect medical systems to be heavily regulated both for security and availability/reliability.

So what's the controversy?

Confidentiality, Integrity, Avalibility. You would expect medical systems to be heavily regulated but they are not.

Re:Good.

Speaking in generalities and rambling does not lead to good conversation.

Re:Good.

Why is it that leftists always mock of libertarianism with this monotonous "free market" chant? Economic freedom is *one* of the infinite liberties a person can have.

We mock because "liberties" bleed into each other. One person's economic freedom is very often at odds with someone else's health, or civil liberties, or you name it.

Libertarians tend to come off sounding like someone that refuses to put a leash on their dog, and tells everyone else in the neighborhood that they should simply put up fences if they don't like poop on their lawn.

Re:Good.

[Zironic]

Because it's true. You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions, obviously they're either ignorant or crazy but those are the people that give libertarians such a bad rep.

Re:Good.

I think you'll find plenty of libertarians denies that.

Re:Good.

[Dishevel]

It's wrong whenever we think of George.

Re:Good.

[fishexe]

You fool! You're suposed to let the free market decide! If too many people die at hospital A, just go to hospital B!

That should be true for non-life-threatening circumstances.

The satire that leftists make of libertarianism is rather stupid and preaching to the choir.

If that's merely the satire that leftists make of libertarianism, then how come I've talked to so many libertarians who say the exact same thing when it comes to drug safety, for example, and automobile safety, and say it with a completely straight face? "The FDA is just another encroachment of the federal government on our individual liberty! If a company makes a dangerous drug then more people will buy their competitor's drug instead."

The free market isn't the goal of libertarians, it's just one of the consequences. And it works for its purposes which are economic in nature.

Most libertarians I know would claim that it works for all purposes, economic or not. That is, it's not a goal, but it is a cure-all.

Now go back to reading Trotsky, Bakunin, and Marx, I think you missed a few chapters.

Which chapters would those be, exactly?

Re:Good.

[fishexe]

2015-01-01, Exec: "I was put out of business by more onerous regulation. Yet again, government has gotten in the way of your health care. Don't vote for candidates who want to choke business with regulation. They are to blame for everything bad in society."

Re:Good.

And you are talking classical libertarianism. Not the filthy big L libertarian party nonsense that most of the people who call themselves libertarian subscribe to here on slashdot.

Regulation of the market is necessary to maintain the liberty of the people.

Corporations are not people they have no rights.

Re:Good.

[RightSaidFred99]

By constantly, did you mean "occasionally"? I think many people go through a hardcore capital-L Libertarian phase in college or thereabouts, with the whole private schools, private roads, hell private police argument. Most people grow out of it.

I think you'll find most of the "durr, no regulation ever!" types are neo-cons not Libertarians, and they have no intellectual ability for pragmatism or nuance, so just buck anything labeled "regulation".

Re:Good.

[RightSaidFred99]

Sure it is. You don't buy the nonsense that the US has poor medical care, do you? It's ridiculous nonsense. We have the best medical technology and training in the world available.

The "problem" is the cost of this care, and that some people can't afford it, not the quality of the care one could get here.

Re:Good.

[Solandri]

You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions

You also constantly see people on the left claim that all corporations are "Evil" and that the free market never works.

The truth is that some of the time the free market works best when left alone, and some of the time it works best when regulated. The trick is in figuring out which is which, and not under-regulating nor over-regulating.

Re:Good.

[fishexe]

Plenty of karma, don't worry. However no mod points, have been posting too actively of late. If I had I would give the GP (-1, offtopic).

Maybe you don't get mod points because your mods are ridiculous? Troll or flamebait maybe, but how is "let the free market decide!" in response to someone who claims to be a libertarian but doesn't want the free market decide in any way off-topic?

Why is it that leftists always mock of libertarianism with this monotonous "free market" chant?

Probably because libertarians argue with the same monotonous "free market" chant.

Economic freedom is *one* of the infinite liberties a person can have. The free market works admirably for what it's meant to do, but it's not a tool for everything.

The free market is *not* intended to maximize the preservation of human life. We do need some regulations for that. Of course, there are private corporations, like this one to verify that regulations are being followed, but they do not make the regulations, that's not what the "free market" is intended to do.

I like your theory. I really do. In fact, it sounds to me a lot like what a lot of Democrats I know believe. Rest assured you are not the target of anti-libertarian rhetoric. Those other libertarians are. You know, the ones that actually do believe and expound this crazy everything-must-be-privatized-and-deregulated shit, no exceptions. The ones who expound Austrian-school economics despite said school's complete inability to deal with contradictory data. The ones who argue that police and fire departments should all be privatized and if that means they end up only protecting the rich, well that means the poor didn't express enough willingness-to-pay. Those are the ones we are mocking.

So, in the end, there must exist some form of governmental or non-market regulations in effect. No libertarian denies that.

Nobody except about 50% of the people I know who self-identify as libertarian. Face it, while you might not be one of them, there are plenty of libertarians out there who are basically just anarchists with the exception of believing in private property and the goodness of corporations.

Re:Good.

[Libertarian001]

Maybe that's how it works at *your* hospital, but not at *mine* (I work in diagnostic imaging, which is under IT at my hospital). At my hospital we've known this was coming for quite some time and have been working towards it. And the Feds have also known it's been coming and have been working with us. Early adopters get big $$$ to help the process. That amount goes down the closer they come to the due date. They start to get penalized once the due date passes, losing more and more $$$ as time goes on, until it actually becomes an issue about 5 years after the deadline.

Re:Good.

[Libertarian001]

I work in a hospital, in the department controlling this. I really don't think you understand what's happening. Do you honestly believe that telemetry is on the same network as everything else? Or that we don't have multiple networks?

Re:Good.

[_Sharp'r_]

So what's the controversy?

Perhaps you are unaware that it can take several years and millions of dollars to get a new "medical device" through the FDA?

Perhaps now you can see the possible implications in limiting a hospital's choices of networking devices if the FDA starts to regulate them as medical devices.... not to mention the delays in implementing a new higher bandwidth network when the technology is out there, but no one has put a 10 Gig Ethernet switch through the FDA approval process yet, for example.

Re:Good.

[10101001+10101001]

You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions

You also constantly see people on the left claim that all corporations are "Evil"

True. It'd be more accurate to say all corporations are amoral (not immoral), so one has to judge their actions on the net effect, not on some presumption of good/evil of their actions.

and that the free market never works.

I don't think I've ever heard that said from anyone on the left. Now, I've heard things like capitalism is evil, but that's not quite the same thing. There's plenty of evil in the heart of man, so when capitalism is doing evil, it might well be the intent. Meanwhile, communism is at least framed from the perspective that evil is inherently against the design. Of course, given that there's plenty of evil in the heart of man, it's rather silly to think you can force communism on people to make them non-evil, but then I digress.

The truth is that some of the time the free market works best when left alone, and some of the time it works best when regulated. The trick is in figuring out which is which, and not under-regulating nor over-regulating.

True enough. I'd add that the real issue, at least in the discourse of the US, is that plenty of Republicans speak in libertarian ideals (ie, more free market to solve things) when it's often more about pushing for under-regulating an industry even after it's shown to be abusive. Then it reverts to talk about corruption/misfeasance/malfeasance, without mentioning those words, in government failing to act even when regulation allows or requires them to. Of course, running on a platform that government fails so you can take over government is a great way to place even more people who will engage in misfeasance.

In short, I think the problem is too many people think too uncritically about what is going on. Waving "left", "neo-con", or "libertarian" to label people doesn't really help. I'm not sure what will, though, since it's not like you can make people think critically. :/

Re:Good.

Libertarians tend to come off sounding like someone that refuses to put a leash on their dog, and tells everyone else in the neighborhood that they should simply put up fences if they don't like poop on their lawn.

Where I come from, those people are called "Republicans"

Re:Good.

[fishexe]

According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?

Bah! Never let the facts get in the way of a good story!

Re:Good.

[fishexe]

I am one of the REALLY HATED libertarians.

Really hated? No.
Mocked and subsequently ignored? Yes.

Re:Good.

You must do a lot of reading over at Free Republic. The most common libertarian critique is that it has strong bureaucratic incentives to say no, rather than yes, because nobody gets fired for saying no. At what point do you pronounce a drug "safe enough"? There are some effects that simply can't be seen in pre-release testing. At some point, you must say, "Well, it's not obviously poisonous," and let it go, because the alternative is to keep people from getting drugs that will make their lives better. I've seen good drugs (sugammadex) shot down by the FDA over a trivial number of supposed allergic reactions, which completely ignores the side effect profile of the drug that it would permit the replacement of (succinylcholine/suxamethonium).

Re:Good.

[Bing+Tsher+E]

ARCnet is probably FDA approved. What's wrong? Not good enough for you?

Re:Good.

[fishexe]

Maybe I'm a cynic, but I would replace "very often" with "always" in your statement.

Re:Good.

Well, clicking through to the testimony by the guy whose statements support that, the #1 problem appears to be EMR systems that suck. (They're in the appendix at the end of this.) They mislabel patients' allergies, lose data, and put patient information in the wrong file.

Re:Good.

[mangu]

You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'

And vice-versa, you often see people preaching that regulation will fix 'everything'.

Wanna get instant karma on Slashdot? Pick a discussion on energy and say that "deregulation caused the California energy crisis": (+5, Insightful) ia a few minutes. Try to do some basic research on the matter and you will find that the energy crisis was caused by companies like Enron manipulating the regulations.

Regulations are like medicine, they can cure a problem, but the wrong medicine will kill you. The mantra of regulation should be "above all do no harm", it's better to have no regulation at all than some regulation that kills you. But this does not mean that you can live entirely without regulations.

'Free market' vs 'Regulation' fanatics are like naturist hippies vs hypochondriacs, neither are right. You cannot expect that clean natural living will cure all your illnesses, but you cannot go and take every medicine available either.

Re:Good.

[Americano]

I don't work in a hospital, but I did RTFA.

Perhaps you should do that, and then ask yourself if your hospital just happens to have better IT practices than some of the places talked about in the article.

Or do you honestly believe that "collapsing" networks together means that they're somehow keeping things on separate physical networks, when it in fact reports that they're NOT doing that?

Re:Good.

Not not mention privacy...

Re:Good.

[sjames]

Libertarianism is about being aware that one person's liberty ends where the other person's liberty begins. It's about making those limits more or less equal to everybody. The hospital's liberty to cut corners ends where my liberty to live begins.

That's also Socialism, it's just that they say your right to profit from the labor of others ends where their right to live begins. Especially when they work for you.

The Communists say your right to make a profit ends where the worker's right to profit from their own labors begins.

The Anarchist says might makes right. The Capitalist agrees but only in the case of Economic might.

The vast majority of the populace just wishes the lot of 'em would shut up and quit interfering with their right to a reasonable life in exchange for doing a reasonable amount of non-soul corroding work.

Re:Good.

[transami]

A corrupt government that will require very expensive tech to be used to line the pockets the companies paying them off.

Re:Good.

[Caraig]

Well, I have heard a self-proclaimed libertarian or two say just that, that there should be no government involvement at all in anything. Of course that probably really makes them anarchists rather than libertarians.

The issue I see, though, is that some of the market is tied into health care. In fact healthcare/medicine is a huge industry in the US and therefore a major driver of economic forces. It's difficult to separate healthcare from market action in this case, it seems. If I am misunderstanding your position, though, I apologize, and welcome correction.

Re:Good.

That would cause the hospital to loose the medicare/caid funding

Somehow, I have a hard time picturing a hospital letting "loose" any funding. "Yes, beautiful money, you are now free! Free to go run in the green grass, and free to live in the trees where your parents grew!"

Perhaps you meant "lose"?

Re:Good.

Yea- I don't believe it either. I think the question is though what is running on a wireless network that could kill you? It seems likely if it can kill you it shouldn't be on a wireless network. Maybe you can point to where wireless networks actually save lives because of reduced time or wider monitoring of patients. At which point a separate wireless network might make sense. Unless it is reducing risk though I'm not sure they need to be separate. If added regulation increases the costs and eliminates some hospitals fro having them in the first place which otherwise would have reduced risk it might make more sense to not regulate.

Re:Good.

[GreenSeven]

Agreed. Doctors are experts in the human system, not information systems. They may have no clue what a piece of tech does, let alone how it works or what kind of effects it might have on other devices. Best leave this decision to the geeks.

Re:Good.

You might not have it that way- but I can assure you there's at least ONE hospital in North Central Texas that had the financials and even the telemetry on an open AP back at least two years ago. It's all about how good/bad the IT staff is at a given location. I didn't bother to report the incident in question, more because of all the BS they'd have put me through- I'm strongly suspecting that they'd have put me up on charges because I was "snooping around on their network" against Texas penal code, less because I was breaking the law and more because they would feel the need to cover up a boo-boo of this nature.

Re:Good.

I hate to break it to you but if you think that deregulation of everything is going to be a good thing for the majority of American then you need to wake up and smell the roses...

Do you really want the USA to end up like China (pollution wise)? The free market with no regulations does not work, too many people are willing to screw over everyone else to make a quick buck and unless its affecting them, most people don't give a shit.

For a quick example, lets look at the role of the FDA in your daily life. Lets see, the cereal with milk that you may have had this morning is governed by regulations from the growing of the ingredients (pesticides, herbicides, the residual of both, the level of real food in the cereal, the use of hormones (or lack there of) with the cattle that provided the milk, the composition of the milk container, the levels of dangerous chemicals in the milk, etc). The bowl you ate the cereal from is even regulated with regards to the materials it was made from. How about the aspirin you pop after reading this wall of text, without the FDA, who knows what the hell they would put in it (powdered sugar makes a great tablet, ops, we got a bit of contamination on the production line, meh it'll cost millions to fix, why don't we just ignore it)?

Honestly, the end game in any market is a monopoly. Without regulations to prevent misuse of the position, it will remain that way forever with the monopoly using its massive power in the market to prevent anyone at all from entering it. Here in Australia, even with anti-competitive regulations, there is two major supermarkets who undercut everyone else in the area where they have shops to put them out of business, then they raise the prices. Without a massive supply of capital (and the power to get suppliers to supply your stores which the supermarkets will try to prevent) you will just get undercut out of the market...

Re:Good.

[roman_mir]

I hate to break it to you but if you think that deregulation of everything is going to be a good thing for the majority of American then you need to wake up and smell the roses...

- take a history lesson. 19 century USA, no regulations, the gov't was still in business together with robber barons, but there were much fewer regulations.

The US dollar went up in value by factor of 2.

20th century: Fed, all gov't spending (when I say spending, I literally mean spending money on everything, including Military, FDA, FAA, FCC, Welfare, SS, EI, etc.etc.) The value of dollar collapsed by at least a factor of 20.

19 century: largest increase in production capacity, creation of the middle class (which is not blue collar, middle class is small business and professionals)

20 century: the only increase in production happened after WWII, once the gov't stopped its spending and credit could be reapplied to the private sector, and simultaneously the USA was left as the only standing producer of consumer goods, all competition was wiped out, so the blue collar workers had no competition from other countries, thus they had very high salaries, this was a fluke, not anything remotely like a middle class.

In the 20th century the Fed was created, printed money to finance gov't spending, caused recession of 1920 and 1929. In 1920 the recession ended quickly, in a year, because Harding cut federal budget by 70%, in fact FIRED 70% of gov't. Not what they call 'reducing spending' now, when in fact what they mean is that they just don't increase spending for the next year.

The prices in 19 century were moving lower.

In the 20 century prices were going up.

By the end of 19 century the people saw much cheaper and more accessible and food and more variety of it. The health coverage was out of pocket, but due to lack of gov't spending and various moral hazards, doctor visits were cheap, anybody paid out of pocket.

20 century - with Nixon turning normal health insurance into basically health accounts, with 'insurance' guys becoming sort of money managers, who made money off interest, and gov't starting programs like Medicare and Medicaid, etc, all that ended up with skyrocketing health insurance prices. This pushed costs of production ever higher, because people expected the employer to provide insurance. This became a moral hazard: either gov't or employer were paying insurance and so the prices could go up and up, because the insurance companies weren't in business providing insurance to individuals anymore, so they didn't care what individuals could pay for it.

At the same time with Medicare and Medicaid, the same thing happened with hospitals, as what happened with Higher Education, where gov't started providing student loans - prices skyrocketed.

This happens every time gov't gets involved - prices go up, because it's not an individual who dictates the price anymore. It's not the individual who pays, you see?

Health provider and student prices went up significantly faster than even 'normal' gov't created inflation.

FDA etc., should not be gov't run. Understand that an organization like this, when only provided by a single monopolist - the gov't (gov't IS a monopolist), it's going to become inefficient and corrupt. How often do you think in USA the FDA visits a food production facility? Once a year MAYBE? Less than that!

No. What should happen is this: if there is a market (choice of people) to have food inspected by somebody, there would be an organization, which would be doing that privately. If there was a market, there would be competition in the field of certification.

However even more importantly: you could have a choice to buy food without any certification, which would mean that you'd be buying food that's cheaper. But it doesn't mean that food would be any worse at all than what people are buying today.

Realize that the biggest improvement in food quality came from the free market providing a solution: refri

Re:Good.

[shentino]

Nope, everyone's just a self interested human being that doesn't give a rat's ass about interests that conflict with their own.

Re:Good.

One big issue is that the FDA doesn't magically get more money or staff to do these inspections/regulation.
So you get the same people who have been inspecting pig farms for 30 years "inspecting" blood banks and software companies.
You can see how the people on the receiving end don't care for it when someone who is completely technically illiterate is telling them how to write software/design networks.
The FDA is correct because they say they are correct, if you disagree they shut you down.

Re:Good.

[Seedy2]

You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions

You also constantly see people on the left claim that all corporations are "Evil" and that the free market never works.

The truth is that some of the time the free market works best when left alone, and some of the time it works best when regulated. The trick is in figuring out which is which, and not under-regulating nor over-regulating.

Corporations are pretty much evil by definition, and without soul or conscience.
The free market works great, as long as corporations are banned.

Re:Good.

I too have worked in a hospital and let me second your comments - Get a grip folks, any hospital IT department worth anything is just as secure, fault tolerant, safe, fast, compliant etc.... as any other IT network anywhere else. I worked at a hospital where we (IT) did NOT want to give wireless access to patients and visitors but it was administration that asked for it. So we prudently put together a plan that called for setting up a network that in no way touches the patient/employee network, so now patients and visitors can surf openly on a wireless network in the hospital that has absolutely no access to the corporate network. Biomed/Pharmancy/Telemetry are all on their own networks, in fact telemetry is isolated on its own system AND on its on floor in the building. Like the poster before says:

                    "...Do you honestly believe that telemetry is on the same network as everything else? Or that we don't have multiple networks?....."

If there are hospital IT depts/workers out there who are actually allowing by their action/inaction or ineptness the harming of patients, exposing of patient data or anything else stupid like that, then someone should be fired. More regulation would only serve to let an already over-reaching government get even further into our lives.

Re:Good.

[CAIMLAS]

You have no idea how many different medical "compliance" things there are. It's bullshit, honestly, because it's constantly changing.

HIPPA is just one of many things hospitals (and all healthcare, really) have to deal with. A huge part of regulation in healthcare revolves around billing systems, patient care, practice management, and the like.

As soon as an organization gets one 'gee wiz' multimillion dollar IT project completed to comply with these regulations - so they can, in fact, bill Medicaid or Medicare, or actually get paid by insurance companies - there's another regulation almost due to be implemented. Many places (smaller hospitals) are playing catch-up and miss many months of promised compensation from the government (because they're still required to accept the government's IOU, even if they can't cash it).

And then, sometimes, there's not a thing a small hospital can do about it. Being small, they find out late (not paying attention, not enough people to have their ears to the ground, etc.) about an impending deadline. (It happens.) They can't get gov't money to implement these projects unless they apply by a certain time, or it's out, or due to the size of the facility they're not going to get enough to actually purchase anything that will meet the requirements (and income won't make up the slack).

To top it off, most of this software is utter shit. Seriously: it makes the VBA-only developers of the late 90s look downright skillful.

The small hospital in the town I grew up in went under from all this. The hospital building itself was made of massive stonework and ancient - having served as a hospital for almost 200 years and a military stockade prior to that. The hospital itself, however, was just too small: they couldn't pull in enough of the right people to stay ahead of governmental paperwork, and didn't have the staff to find out what was up.

Re:Good.

[CAIMLAS]

I've seen it happen.

Scenario: regulation goes through. Hospital must instigate changes, but does not meet the size requirements to receive federal funding to meet said requirements.

Result: hospital has to stop offering said service due to the added costs of the infrastructure. Due to regulation and head count, they're unable to break even (due to bureaucrats in DC not imagining some place in rural Kentucky has the census in a year what a large hospital has in a day in Washington).

End result: critical stuff has to be flown hours away to be taken care of and there are higher casualties from things which should be trivial to fix, with modern technologies and techniques (if attended to quickly).

So healthcare quality goes down regardless, to top it off.

Re:Good.

[CAIMLAS]

How many people would be killed (or have been killed) by having rural clinics and hospitals shut down due to facility census not being high enough to justify the cost of implementing the regulations?

Think: farm accidents, remote vehicle accidents, heart attacks, strokes, etc. - you know, all those emergencies which need prompt care, but which can not be performed when "nearest town with healthcare" is an hour away.

(I can't believe I made that argument, because I really hate the healthcare systems as they exist today. Fact remains that basic services are getting shutdown simply because the facility can't justify the expensive ones, any longer.)

not really a surprise...

[ducomputergeek]

I consulted with a small medical equipment business 5 years ago when they were replacing a DOS based system they bought in 1993 with new software that met all the HIPPA compliance plus their state requirements. It was a pretty big deal back then since 80% of their business was either Medicare or Medicad. It took about six months to write out all the contingency plans and make sure they were doing proper back ups, could restore backs ups, had secure off-site storage of tapes, etc..

I do remember the big hang up was the fact their database server and terminals had have an airgap between them and the Internet, or at least that was the easist and cheapest way to meet the standards they had to and In fact the only line out was a dial up modem to submit billing to the state. It only took about a month to back up all their records to hard copy (just incase), get the new systems and transfer all the old data to the new system.

It took another five months to write all the damn documentation the government required for their certification/accrediation/inspection or whatever it was they had to pass.

Re:not really a surprise...

It took another five months to write all the damn documentation the government required for their certification/accrediation/inspection or whatever it was they had to pass.

Can there be software for that? I see an opportunity.

Re:not really a surprise...

[Rich0]

Believe it or not, there is... I work in a regulated industry and we pay tons of money for software that basically helps us manage the paperwork that says we're doing everything right...

Re:not really a surprise...

[Kenja]

Yup, I write software to help manage ISO9 & 6SIGMA compliance. Good gig, I work from home and dont even need to wear pants.

Re:not really a surprise...

[alphax45]

Please, for all of us, wear pants.

Re:not really a surprise...

[Kjella]

I consulted with a small medical equipment business 5 years ago when they were replacing a DOS based system they bought in 1993 with new software that met all the HIPPA compliance plus their state requirements.

You're not exactly doing consultants a favor by showing that you can't spell HIPAA, you know.

Re:not really a surprise...

[Kenja]

You sound just like the delivery guy from the chinese restaurant.

Re:not really a surprise...

[alen]

it costs a ridiculous amount of money

Re:not really a surprise...

[Americano]

So business plan is:

1) write the software
2) sell it for "ridiculous amount of money minus one dollar"
3) profit?!

Re:not really a surprise...

[operagost]

No, no. This is HIPPA, which is the standard set specifically for the use of malnourished Hungarian patients. You know: Hungry Hungary HIPPA!

Re:not really a surprise...

[operagost]

Actually, I'm the guy who hacked your laptop, and unfortunately for me I turned on your webcam yesterday. Please also put on underwear.

Re:not really a surprise...

[fishexe]

You sound just like the delivery guy from the chinese restaurant.

No, he only requests you wear pants on his own behalf.

YOU may BE ON TO SOMETHING !!

Slashdot MAY get editors that aren't idiots !!

Mars MAY invade Earth eventually !!

God MAY stop playing around and squeeze us all like a pimple and start the next Big Bang !!

These all MAY actually happen !!

Appropriate in Hospitals

[Rich0]

I think that this kind of regulation is appropriate - in certain cases. I think you need to do a FEMA (failure mode effects analysis - basically ask what could go wrong?) and then control your network accordingly.

Modern networking gear is very reliable in terms of transmission accuracy - if you send a packet from A to B and it gets there, it is extremely unlikely that it was modified (unless deliberately). It is not so reliable in terms of guaranteed transmission.

So, if we're talking about a network being used to display a lab test in a doctor's office, I'd argue that there is a pretty low risk of anything going wrong and strong control over the network should be unnecessary (beyond general good security practices that would apply in any business setting).

On the other hand, if we're talking about monitoring equipment, I'd say that control of the network is critical, unless there is some kind of backup for communicating alarms. If an alarm in a patient room is likely to be heard and responded to without the aid of the network, then it is probably important but not critical. If a patient alarm could be ignored if not broadcast over a network, then that network needs to be treated as a life-critical piece of equipment. That means that changes are carefully controlled, and the design has to be fit for purpose. Lives are at stake, and if some cheap router hangs up without a backup of some kind, or if a cable is left detached during maintenance and isn't caught by routine procedure, somebody could die.

The sad thing is that regulations like this are likely to get abused in two different ways (I've seen this happen in other regulated industries):

1. It will be over-applied in areas that are not really at risk, driving up all kinds of costs that consumers end up paying for, and often delaying the introduction of technology that could actually improve care.

2. Because of the huge cost associated with knee-jerk reactions and consultants/etc in #1, administrators will try to skirt the regulation as much as possible, which puts patients at risk in situations where the controls really are appropriate.

In other regulated industries I've actually seen "turn the clock back" responses to regulation - where ancient practices that are grandfathered in get preferred to modern practices that are actually better, but which become more expensive to implement due to the presence of the regulation. In this way regulation can actually harm those it purports to benefit. Unfortunately, it usually is still better than the alternative.

Re:Appropriate in Hospitals

[digitig]

So, if we're talking about a network being used to display a lab test in a doctor's office, I'd argue that there is a pretty low risk of anything going wrong and strong control over the network should be unnecessary (beyond general good security practices that would apply in any business setting).

On the other hand, if we're talking about monitoring equipment, I'd say that control of the network is critical, unless there is some kind of backup for communicating alarms.

The important thing is that somebody has looked at the use and decided that those levels are appropriate. And if it's not documented, it didn't happen.

It will be over-applied in areas that are not really at risk, driving up all kinds of costs that consumers end up paying for, and often delaying the introduction of technology that could actually improve care.

2. Because of the huge cost associated with knee-jerk reactions and consultants/etc in #1, administrators will try to skirt the regulation as much as possible, which puts patients at risk in situations where the controls really are appropriate.

In other regulated industries I've actually seen "turn the clock back" responses to regulation - where ancient practices that are grandfathered in get preferred to modern practices that are actually better, but which become more expensive to implement due to the presence of the regulation. In this way regulation can actually harm those it purports to benefit. Unfortunately, it usually is still better than the alternative.

Essentially, you need a system that requires somebody to do a HAZOP or functional hazard analysis to see what hazards any new system (or reversion to an old system!) presents. If the hazards are negligible then job done. If they aren't then you do full risk assessment and management, but the extent of that will vary according to the severity of risks. That's pretty much what is done for air traffic control in most of the world, and I think it works well. The problems come when the hazard analysis and risk management are done by inexperienced people or in a blame culture (building a safety culture is hard), or when the insurers won't accept risks that the regulators will.

Re:Appropriate in Hospitals

[cowboy76Spain]

In other regulated industries I've actually seen "turn the clock back" responses to regulation - where ancient practices that are grandfathered in get preferred to modern practices that are actually better, but which become more expensive to implement due to the presence of the regulation. In this way regulation can actually harm those it purports to benefit. Unfortunately, it usually is still better than the alternative.

I work in an ensemble of hospitals for cronical patients, that is barely getting into the information age. My experience is that in these last cases regulation is not harming advance, but just reveals the nasty truth behind "the paper way": inadequate communication (that is supplemented through informal channels), inefficiences, and so on. One of the first fruits of the process of defining our clinical record system is that our directors found out how did really work some of the areas under their "supervision" (and believe me, they are not huge hospitals). During the process, it was discovered that in a bussiness with 1200 workers, about 70 medical/nursing scales where used. And almost every service had its own forms, reports (much of the data was shared, of course).

Also, let's face it, input devices are still a bit cumbersome, when compared with the old pen and paper. And yes, pen and paper are prone to errors, but in a cronical hospital they sheldom are fatal/noticed. And if they are noticed, doctors have lots of experience covering their asses and sacrificing underlings (in fact it is easier when there is no electronical record).

And, after all, changes are hard and even in the best of worlds it needs some extra effort from people that maybe do not see the need for it.

So, in my opinion, most of the failures are not from the regulations itself but from all the dirt that is under the carpet when you try to apply them. I am not saying that some of the regulations could not have been better thought out, but from my experience they are not the real cause of lack of innovation.

Sounds familiar

[spamking]

We can't even patch some of our systems or install an antivirus client on some of our equipment because it is considered a "medical device" and would lose FDA certification.

One proposed solution is to VLAN these devices so we don't have radiology equipment spreading conficker throughout our network . . .

Re:Sounds familiar

Why does the radiology equiment need to be given access to the internet anyway such that it would ever get infected by conficker?

Re:Sounds familiar

[Attila+Dimedici]

While as other people have said, that equipment should not be on the main network, the reason you have this problem is that the person who wrote your validation documentation wrote it wrong. I work in a GxP laboratory environment and the key to this sort of thing is writing the validation correctly so as to allow patching of the systems and updating/changing the antivirus client without requiring a change control. Unfortunately, it has only been in the last 2-4 years that it has become accepted that it is ok to do so.
Even with the way that your validation documentation is written (at least as it appears to be from your comment), you could patch your systems and install an antivirus client on them, it is just that you would need to do a change control in order to do so. Actually, unless the original documentation was unusually anal, you could probably patch the systems without a change control. Of course that would require someone who both knows and understands computers and knows and understands the specific regulations as they apply to your specific application to have sufficient pull within the organization to do this.

Re:Sounds familiar

[digitig]

We can't even patch some of our systems or install an antivirus client on some of our equipment because it is considered a "medical device" and would lose FDA certification.

If it really are safety of life equipment there should be no way for a virus to get in, and that should be documented. If folks are connecting to the net or installing pirated games on safety of life equipment, the problem is not that you can't install an antivirus client. And as for patching the systems, if you can show that the patches are developed to FDA standards, you can patch them. If you can't, you shouldn't even be considering it.

Re:Sounds familiar

[spamking]

Exactly. Our Bio-Med folks manage these devices but IT has been given the responsibility to patch many of them.

Re:Sounds familiar

[spamking]

Six words:

I work for the Federal government.

Re:Sounds familiar

[spamking]

If only I could make that determination . . .

Re:Sounds familiar

[vlm]

Why does the radiology equiment need to be given access to the internet anyway such that it would ever get infected by conficker?

So they can update the bugs in the software, as required by the FDA. Even if there are no known bugs, what if they later discovered the billionth patient would get irradiated to a crisp, they need to prove to the FDA they could theoretically deploy a patch.

Also some very expensive embedded hardware (not exclusively medical) phones diagnostic data home for troubleshooting. You're not going to print out a one million line trace file, are you?

Re:Sounds familiar

[digitig]

As long as somebody who knows what they're doing has.

Re:Sounds familiar

[spamking]

I think that's part of the problem.

Sometimes the hard way is the best way...

[rs1n]

While I can understand the desire to have the network of medical devices converge with data networks due to ease of management, sometimes it is safer, and better, to keep them separated at the cost of lower ease of use. For one, a network outage would not take out access to the medical devices that keep people alive. The last thing we need is for someone to hack into hospitals and mess around with medical equipment.

The article points out many issues with such convergence: network outages, security, spectrum limitations (for wireless networks), increased overhead and regulation, etc. All this simply to make management of such networks easier? Are you kidding me?

Watch as...

...a $1000 commercial AP point morphs into a $50,000 medical grade AP. Yay Medicaid/care.

Re:Watch as...

[Overzeetop]

Depends on who you are. If you have a warehouse full of $1000 commercial APs and a box full of "Medical Grade / FDA certified" stickers in you desk drawer - it looks like you'll be retiring early!

But that makes sense anyway.

[rdunnell]

And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.

Re:But that makes sense anyway.

[spamking]

I don't want our medical devices on our main network.

Re:But that makes sense anyway.

Umm, radiologists these days (and doctors in general) tend to be able to review images remotely. It's a very good reason to have your radiology machines on a main network. You simply need to make sure access is restricted to authorized users.

Re:But that makes sense anyway.

[eth1]

And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.

Well, since you ask...

I manage firewalls for several hospital chains. One of the main reasons that their radiology stuff is connected to their main network is that those images are all stored digitally, and need to be available all over the place (Dr.s' offices, etc., that may or may not be at the physical location of the hospital. Also, most hospitals these days don't have a radiologist sitting around in the ER all night/weekend, any more. They contract with a remote one, so they also have to be able to send those images elsewhere (over a VPN to the imaging service, for example). Often those systems are at least firewalled in a DMZ, but I have yet to see them on a completely separate network (although some clients are making noises in that direction).

Re:But that makes sense anyway.

[Gonoff]

If the scanners are on the network you can...

• see it from PC beside scanner
• see it from consultants office
• see it from any PC in hospital - if the user has permission
• on call consultant can VPN in from home to look at it
• show patient in ward
• compare it against earlier pictures
• compare it against reference scans
• teleconference and discuss it
• check whether your scanners actually work properly

Hospitals here have some pretty serious rules & policies on Information Governance. If it is properly looked after, we should use this equipment in ways that get maximum benefit for the patients.

Re:But that makes sense anyway.

[McTickles]

Certainly you do not imply that the hospital is sending my x-rays/scans/MRIs to some Indian for analysis?

I doubt you are because AFAIKhospitals in my country keep all their imaging traffic strictly between doctors of the same hospital and only with permission from the patient can it ever leave their network.

I have always seen in person, in the flesh, the radiologist doing my MRIs/scans/x-rays (and i have had many many in various hospitals in my country) to discuss the results within minutes of putting my clothes back on.

--

http://www.twilightcampaign.net/

Re:But that makes sense anyway.

[Lehk228]

all of that is fine, send the data to a well secured file server and retrieve data as needed with appropriate permissions, rather than trying to make every node understand security and access policy, each data source just identifies itself to the central server which does know who is authorized to see what and records who did so.

Re:But that makes sense anyway.

[dogugotw]

The ability to share data across the world improves medical care. If a local physician can't quite read a scan, the scan can be shared to instantly which improves the overall care the patient receives. That's why you want this stuff on a network.

I work in the medical device industry and none of this is all that new. It's clear that the FDA wants companies it regulates to THINK ABOUT RISK and then show that you've mitigated the relevant risks and can prove that's true. It's not rocket science, and doesn't have to be that expensive. When you build a network, you figure this stuff out anyway; all the FDA wants you to do is WRITE DOWN what you did.

It can be a pain, but it doesn't have to be any more painful that good basic application control and change management.

Re:But that makes sense anyway.

[Gonoff]

That sounds like a description of a secure network. Hopefully, that is what all hospitals do. Sadly, they will not generally be using the most secure operating systems to use it.

Re:But that makes sense anyway.

[dkf]

Often those systems are at least firewalled in a DMZ, but I have yet to see them on a completely separate network (although some clients are making noises in that direction).

So nobody's yet done them a quote for running separate cables to all the doctors offices in the area. Still, it'd do a lot to support the local economy, especially building contractors that are handy with a backhoe...

Re:But that makes sense anyway.

[CAIMLAS]

Doctors insist on funny things, like not having to sit in a lab to read charts, and being able to sit at home in their easy chair and work after 8 hours on the floor instead of staying through dinner at the hospital.

Then there are remote facilities which need to have access to that radiology data - say, a parent hospital. So it's got to be shipped to them somehow.

No, it doesn't

The problem is that a heavily regulated system like this raises prices

That only holds true if your current level of IT security is so poor that this would require large scale changes. If it is already as it should be, it's a relatively small problem to get the paperwork sorted out. (Sure, it could take several manhours... But really, it's very difficult to make a claim that it would have any visible effect on prices).

Say hello to the...

.. $2,000,000 router with 4 gigabit ports and draft-n!

What is the word then..

[Aldenissin]

If something is not exactly voluntary and yet called voluntary, what is the real word for that? And I don't mean non-voluntary. What is a word for something that is voluntary, but not 100%? I.e. there are consequences if you don't. Because then it isn't "completely" voluntary.

Re:What is the word then..

[imamac]

In military-speak: Voluntold.

Re:What is the word then..

[slinches]

If something is not exactly voluntary and yet called voluntary, what is the real word for that?

I believe it's called extortion. At least when anyone besides the federal government does it.

Re:What is the word then..

[chiguy]

Coercion - the use of express or implied threats of violence or reprisal (as discharge from employment) or other intimidating behavior that puts a person in immediate fear of the consequences in order to compel that person to act against his or her will

"Yay, I got the best healthcare!..."

[apparently]

The problem is that a heavily regulated system like this raises prices, so your only choices become the best healthcare or no healthcare. It's perfectly fine if you have the money for the first option, but not everyone does.

"...Boo, my social security number, credit card number, and license number were stolen due to a poorly-secured network!" And all because a few doctors couldn't take a small paycut to afford the cost of securing their systems.

Not to mention that some people would be willing to take the risk to save money. Everything you do in life has a risk, why regulate just that one? There are many cases where I'd be willing to go to a hospital with a crappy wireless network to save some money.

And why should the contents of my personal health records and financial records be put up for grabs, because you're willing to accept the risk? You act is if it's like the choice to wear or not wear a seatbelt, in which it's your life at stake if your coin comes up tails.

Re:"Yay, I got the best healthcare!..."

[Korin43]

The point is that I'm not forcing you to go to my hospital, but with these regulations, you want to force me to go to yours.

Re:"Yay, I got the best healthcare!..."

[apparently]

The point is that I'm not forcing you to go to my hospital, but with these regulations, you want to force me to go to yours.

First off, it's not your hospital, it's not my hospital, it's the community's hospital.
Your mental calculus concludes that the cost of securing a network outweighs the risk of a network being compromised. My mental calculus concludes that not only does the degree of the risk necessitate the cost, it also has the benefit of potentially reducing costs associated with identity theft, law suits due to HIPAA violations, and of course, the reputation risk of the hospital and doctors associated with it.

Re:"Yay, I got the best healthcare!..."

[Korin43]

The point is that I'm not forcing you to go to my hospital, but with these regulations, you want to force me to go to yours.

First off, it's not your hospital, it's not my hospital, it's the community's hospital.

Your mental calculus concludes that the cost of securing a network outweighs the risk of a network being compromised. My mental calculus concludes that not only does the degree of the risk necessitate the cost, it also has the benefit of potentially reducing costs associated with identity theft, law suits due to HIPAA violations, and of course, the reputation risk of the hospital and doctors associated with it.

Well clearly you're much smarter than me, so I guess you're right that I shouldn't have choices. I'll just shut up and let you make all of my decisions for me.

Re:"Yay, I got the best healthcare!..."

[fishexe]

The point is that I'm not forcing you to go to my hospital, but with these regulations, you want to force me to go to yours.

First off, it's not your hospital, it's not my hospital, it's the community's hospital.

Your mental calculus concludes that the cost of securing a network outweighs the risk of a network being compromised. My mental calculus concludes that not only does the degree of the risk necessitate the cost, it also has the benefit of potentially reducing costs associated with identity theft, law suits due to HIPAA violations, and of course, the reputation risk of the hospital and doctors associated with it.

Well clearly you're much smarter than me, so I guess you're right that I shouldn't have choices. I'll just shut up and let you make all of my decisions for me.

How about you shut up because you make shitty arguments? I'd say that's a much better reason.

Re:"Yay, I got the best healthcare!..."

[apparently]

Well clearly you're much smarter than me, so I guess you're right

It has nothing to do with "being smarter", it comes down to assessing cost vs. risk, and protecting the privacy of patients. Don't get all pissypants with me, just because you haven't been able to articulate why the costs will be just so overbearing, or how the risk is minimal. HIPAA and HITECH weren't enacted out of the blue: history had shown health care records as requiring protection that hospitals weren't providing on their own. If you're even a casual /. reader, you know full-damned well how insecure wireless networks can be; ensuring that hospitals protect these systems is the only means of ensuring HIPAA and HITECH compliance.

I'll just shut up and let you make all of my decisions for me.

We're talking about hospital care. How can you possibly be presenting this as if we always have a choice of which hospital to go to? "I'm having a heart-attack, is there a doctor in the house?! Wait, wait, make sure you bring me to a hospital with a secure IT network!" Give me a break.

Re:"Yay, I got the best healthcare!..."

[Korin43]

How about you shut up because you make shitty arguments? I'd say that's a much better reason.

Of course. We've already established that you're so smart I shouldn't make my own decisions, so I guess it makes sense that I shouldn't argue with you. What confuses me is why that's not illegal yet. I mean, people can still do stupid things (disagreeing with you). You should really suggest a law to fix that.

Re:"Yay, I got the best healthcare!..."

[RightSaidFred99]

I'm going to concur you're making a silly argument. It's like me saying I want the choice to go to a dirty, unsanitary restaurant or I want to go to a carnival with unsafe rides.

Go ahead and call us (society) crazy fascists - but we're not allowing it.

Re:"Yay, I got the best healthcare!..."

[Korin43]

It's like me saying I want the choice to go to a dirty, unsanitary restaurant or I want to go to a carnival with unsafe rides.

No it's like saying I'd rather eat dirty, unsanitary food than not eat. Or I'd rather live in an old run-down house with no running water than live on the street. Or work a low-paying job rather than none at all. Or I'd rather go to a hospital that's not the best than not have access to healthcare at all.

I'm trying to point out how the rich in society are perfectly happy screwing over the poor in the name of helping them without considering the consequences. When you require that all products be of the highest quality, you're cutting out the group of people who would rather have something worse than nothing at all.

Re:"Yay, I got the best healthcare!..."

[apparently]

Quote from fishexe (168879):

How about you shut up because you make shitty arguments? I'd say that's a much better reason.

Of course. We've already established that you're so smart I shouldn't make my own decisions

We've also established that you're so smart, that you didn't even realize the person you just responded to wasn't me.

Re:"Yay, I got the best healthcare!..."

[fishexe]

How about you shut up because you make shitty arguments? I'd say that's a much better reason.

Of course. We've already established that you're so smart I shouldn't make my own decisions, so I guess it makes sense that I shouldn't argue with you. What confuses me is why that's not illegal yet. I mean, people can still do stupid things (disagreeing with you). You should really suggest a law to fix that.

I don't push for laws to be made, I just give friendly suggestions and hope that fixes the problem. If not, I get over it. You should try it some time, it works really well.

Re:"Yay, I got the best healthcare!..."

[Korin43]

It has nothing to do with "being smarter", it comes down to assessing cost vs. risk, and protecting the privacy of patients. Don't get all pissypants with me, just because you haven't been able to articulate why the costs will be just so overbearing, or how the risk is minimal. HIPAA and HITECH weren't enacted out of the blue: history had shown health care records as requiring protection that hospitals weren't providing on their own. If you're even a casual /. reader, you know full-damned well how insecure wireless networks can be; ensuring that hospitals protect these systems is the only means of ensuring HIPAA and HITECH compliance.

And because I know that insecure wireless networks are expensive, I should support government regulations on it? Maybe if our government was competent, but government regulation in the healthcare industry means insane prices on simple equipment ("this is a medical-grade router, only $100,000") and sticking with old technology because upgrading is expensive.

I was trying to talk about the problem in general though. All of these little regulations add up. Maybe spending 100x more for each router isn't a big deal, but when everything that any doctor uses is heavily regulated, the costs add up.

We're talking about hospital care. How can you possibly be presenting this as if we always have a choice of which hospital to go to? "I'm having a heart-attack, is there a doctor in the house?! Wait, wait, make sure you bring me to a hospital with a secure IT network!" Give me a break.

There's more to a hospital than the emergency room. Not to mention that the low number of hospitals is likely directly related to the high cost of running one.

Re:"Yay, I got the best healthcare!..."

I was trying to talk about the problem in general though. All of these little regulations add up. Maybe spending 100x more for each router isn't a big deal, but when everything that any doctor uses is heavily regulated, the costs add up.

Honestly, Hospital IT isn't as you're portraying it. There are standards established that are in parallel with the rest of the tech industry. The federal govt. isn't requiring a new set of tests, etc. They're saying, "Hey, you know all that shit the other businesses do? Well, do your shit like theirs. If you slack, we told you so, and we're going to make it hurt for you." This is the part of 'we told you so' that will be for accountability in the future.

You really do want oversight on this stuff. If hospital data isn't managed properly, I can assure you, a rogue packetsniffer collecting SSN's and CC#'s would be a trivial implementation within a hospital waiting room.

Re:"Yay, I got the best healthcare!..."

[Korin43]

I don't push for laws to be made, I just give friendly suggestions and hope that fixes the problem. If not, I get over it. You should try it some time, it works really well.

Laws affect other people whether you're friendly about it or not. I'll agree to disagree when you agree to stop forcing your choices on me.

Re:"Yay, I got the best healthcare!..."

Okay, by that logic then from now on all poor people in the United States will be required to travel on only poor-people roads, drink only poor-people water, breathe only poor-people air, and live in parts of the country defended by only the poor-people army. That’s what your argument implies. You are asking for a society strictly divided by social class as determined by wealth.

I much prefer a society where the government provides services to everyone equally, and ensures that the rich pay a disproportionate share of the costs to ensure that the poor have that equal access. Such a situation can’t be voluntary, simply because the rich won’t support it.

Re:"Yay, I got the best healthcare!..."

[fishexe]

I don't push for laws to be made, I just give friendly suggestions and hope that fixes the problem. If not, I get over it. You should try it some time, it works really well.

Laws affect other people whether you're friendly about it or not. I'll agree to disagree when you agree to stop forcing your choices on me.

When did I ever force a choice on you? Name one. Any one. Go ahead.

Re:"Yay, I got the best healthcare!..."

[Korin43]

Did you miss the first part of that sentence? When you force me to only go to the businesses you approve of (like hospitals in this case). Do you know understand how government works?

Re:"Yay, I got the best healthcare!..."

[fishexe]

Did you miss the first part of that sentence? When you force me to only go to the businesses you approve of (like hospitals in this case). Do you know understand how government works?

First part of which sentence? When did I propose forcing you to go to a hospital I approve of? Besides which, do you know understand how English works?

Re:"Yay, I got the best healthcare!..."

[fishexe]

Quote from fishexe (168879):

How about you shut up because you make shitty arguments? I'd say that's a much better reason.

Of course. We've already established that you're so smart I shouldn't make my own decisions

We've also established that you're so smart, that you didn't even realize the person you just responded to wasn't me.

You should check out the rest of the thread. Apparently five posts later he still hasn't figured it out.

Re:"Yay, I got the best healthcare!..."

[apparently]

Laws affect other people whether you're friendly about it or not. I'll agree to disagree when you agree to stop forcing your choices on me.

In your scenario, you are forcing your choice upon anyone who is admitted to an ER, anyone living in a town with one hospital, and anyone whose doctor of choice or insurance carrier is aligned with the "insecure network" hospital.
"Stop forcing your choices" is a false argument if you're doing the same damned thing

Re:"Yay, I got the best healthcare!..."

[Korin43]

I'm saying if you don't like the place, don't take your business there. You're saying if you don't like it leave the country. You don't see a difference?

Re:"Yay, I got the best healthcare!..."

[apparently]

I'm saying if you don't like the place, don't take your business there.

I gave four scenarios in which individuals can't opt to refuse taking their business there" - "anyone who is admitted to an ER, anyone living in a town with one hospital, and anyone whose doctor of choice or insurance carrier" - and you can't even address one.

Re:"Yay, I got the best healthcare!..."

[Korin43]

I'm saying if you don't like the place, don't take your business there.

I gave four scenarios in which individuals can't opt to refuse taking their business there" - "anyone who is admitted to an ER, anyone living in a town with one hospital, and anyone whose doctor of choice or insurance carrier" - and you can't even address one.

I did address this somewhere. Here it is again:

• There's more to a hospital than an emergency room.
• Hospitals are expensive because of over-regulation, thus making them rare (only one in most places)
• If you like a doctor but you don't like the hospital they work at, then talk to them about it. If they choose to continue working there, then either live with it or find a new doctor (don't give them your business). Where they work is their choice, not yours.
• I see the problem with your insurance carrier not liking a specific hospital as a bigger problem. Specifically that you *need* health insurance for pretty much any medical treatment. I'd much prefer to lower the cost of treatment and make it actually possible to get health care based on what you want, not what the insurance companies want.

FDA vs FCC?

[schwit1]

Can the FDA regulate wireless networks? Just because the network is in a hospital?

I don't disagree that they should be as secure as possible due to the sensitive nature of the data.

I now declare libertarianism to be the same...

[publiclurker]

as fundamentalism, as it is impossible to differentiate between supposed satire of either group and the blather that they spew.

ISO8001:1 2010

[bugs2squash]

Does not appear to be available without paying for it (in Swiss franks even). If the US government is going to mandate something it could at least have the decency to post a free copy of what it mandates on a .gov web site for all to download.

Re:ISO8001:1 2010

[proggoddess]

The law only lists the What, it does not explicitly tell you How to implement the regulation. Kind of like the difference between a requirements spec and a design spec. The FDA also does not require you to be compliant to ISO 80001, but they will recognize your compliance certificate as a way to easily prove you are meeting the regulation. Otherwise the FDA will have to do a lot of painful digging around in your files (sans rubber gloves and lubricant) to get the proof they're after.

Oh, That's Just Great..

[BlueStrat]

Yeah, "threaten" them with not paying for Medicare/Medicaid patients that they typically lose money on and that they'd prefer not to deal with anyway? So, what's to stop the hospitals from simply saying "Your proposal is acceptable", and refusing to treat (other than immediate emergency stabilization in preparation for transfer to other facilities) any Medicare/Medicaid patients?

There are already an increasing number of doctors who are dropping and/or refusing to accept any more Medicare/Medicaid patients due to Obamacare. I guess the government thought that hospitals shouldn't be left out. Perhaps we'll start seeing back-alley appendectomies and hip surgeries join back-alley abortions.

Strat

Mandatory

[gd2shoe]

People are bound to disagree with me, but I'd say "mandatory". It has been mandated that non-compliance has consequences. The word is usually used as a strict synonym for compulsory, but that's overstepping.

In other words, you're not being compelled to comply, but consequences have been mandated. If you would say that you are being compelled, then you could not say that it is voluntary.

not just encryption, what about rf?

[trb]

I imagine that FDA medical device directives would have rules for data security and for RF emissions as well. I am a bit more familiar with CE medical device directives, where there are different classes of compliance - a device that filters your blood has stricter rules than an exercise machine - but besides protecting patient data, I assume a computer or network device in a medical environment would have to have have low RF emissions, so that it doesn't interfere with other medical devices. When your microwave oven interferes with your cordless phone or your wifi network at home, it might be annoying, but a similar situation in a hospital would be a bigger problem.

If only it were so easy

[sjbe]

That should be true for non-life-threatening circumstances.

But it frequently is not true. In fact, even if you could get enough data to make a rational and fully informed decision (which is almost always impossible in real life), most people wouldn't know what to do with the information once they got it. It's possible to measure outcomes in many cases but there are so many variables that go into health care that most people would find it impossible to say Doctor A is better than Doctor B even if you just restrict the evaluation to medical outcomes - never mind externalities like cost, location, convenience, or soft factors like bedside manner. And even just staying with outcomes, it's frequently not clear cut what constitutes a better outcome.

It's very difficult to seriously comparison shop between health care providers because health care is a experiential good. You only can evaluate the care after you have received it. You might consult friends and whatever limited data you have available to you about likely outcomes but all you are doing is evaluating the odds and probably doing a very crude job of it. Even the best hospitals with the best doctors and best practices have poor outcomes sometimes.

Libertarianism is about being aware that one person's liberty ends where the other person's liberty begins.

The problem with that is you have to define what constitutes your individual rights. Reasonable people can disagree on what those limits should be. "Libertarians" themselves can't even agree on where the limits of government and personal liberty should be.

The hospital's liberty to cut corners ends where my liberty to live begins.

Actually it ends where the ability to finance your "liberty to live" (whatever the hell that means) ends. Finite resources are available for infinite health care needs. That's not an excuse to not provide the best care they are able to provide prior to reaching those financial limits but odds are you are going to run into the limits of what a hospital will do for you prior to hitting the limits of what they (theoretically) can do for you.

Have they

spec'd any MS-only stuff? (DNRTA)

Newbie

[sjbe]

If you read TFA, yes, actually, they were:

You must be new here...

No regulation is as bad as way too much

[sjbe]

I think you are a troll or a moron or both but what the heck.

I am one of the REALLY HATED libertarians. I am against gov't regulations of everything.

Gov't has 2 jobs:
1. Minimum military.
2. Justice system.

That's it, no exceptions.

Really? You have come up with a solution for how to build an efficient road system? How to keep a financial system functioning in the face of a credit crisis? How to establish a widely accepted private currency? How to build a private fire fighting system? Zoning rules? Education system? How to keep natural monopolies of power, water, and communications from taking every penny you own? You have a solution for the problem of market failure? If so, your Nobel prize awaits. Apparently you are somehow more brilliant than the rest of us.

But let's be serious, you haven't really thought any of this through have you? Sadly, life is a tad more complicated outside of your lonely little ivory tower.

There should not be gov't involvement into any of this at all. FDA should be abolished, like all other agencies (except for what I specifically listed already.)

So you are ok with no one ensuring that medicines and medical devices actually work and provide real benefits? If so I don't EVER want you involved in health care in any way. There is WAY too much money to be made selling snake oil cures to not have someone neutral forcing drug companies to prove that their cures actually provide the benefit they say that do. If you want to do it a different way than the FDA, fine, but you had better have a very detailed idea of how to accomplish this vital service.

This regulation is like all other gov't regulations, will bring costs up and will decrease competition.

It's a proven fact that in many cases regulation does exactly the opposite - particularly in the case of monopolies. What you really want is the Goldilocks amount of regulation - not to much, and not too little. There need to be rules but it's also possible to have too many rules. It's not always clear where the dividing line between the two is but I'm pretty sure no regulation at all is a disaster in the making.

Re:No regulation is as bad as way too much

[roman_mir]

I think you are a troll or a moron or both but what the heck. - nice.

You have come up with a solution for how to build an efficient road system? - absolutely.

How to keep a financial system functioning in the face of a credit crisis? - absolutely.

How to establish a widely accepted private currency? - absolutely.

How to build a private fire fighting system? - absolutely.

Zoning rules? - definitely.

Education system? - absolutely.

How to keep natural monopolies of power, water, and communications from taking every penny you own? - absolutely.

You have a solution for the problem of market failure? - no such thing. There is only failure of gov't.

If so, your Nobel prize awaits. - I lost all respect for the Nobel prize since it was given to Krugman (well, and some others, but firstly Krugman.)

Apparently you are somehow more brilliant than the rest of us. - no.

But let's be serious, you haven't really thought any of this through have you? - I have and you may check my journal, even on /. I have left some thoughts in the past years.

Sadly, life is a tad more complicated outside of your lonely little ivory tower. - you don't know anything about me, but keep going.

So you are ok with no one ensuring that medicines and medical devices actually work and provide real benefits? - it's up to the consumer whether he wants to pay premium for extra service of this sort.

If so I don't EVER want you involved in health care in any way. - no comment.

There is WAY too much money to be made selling snake oil cures to not have someone neutral forcing drug companies to prove that their cures actually provide the benefit they say that do. - your choice then is to go to a hospital where such specific things are included into the price structure.

If you want to do it a different way than the FDA, fine, but you had better have a very detailed idea of how to accomplish this vital service. - your money, your choice.

It's a proven fact that in many cases regulation does exactly the opposite - particularly in the case of monopolies.

- all gov't endeavors create monopolies.

What you really want is the Goldilocks amount of regulation - not to much, and not too little. - don't put words into my mouth. If you are generalizing, then say so.

There need to be rules but it's also possible to have too many rules. - no. The only rule is - your money - your choice.

It's not always clear where the dividing line between the two is - it's very clear.

but I'm pretty sure no regulation at all is a disaster in the making. - no, a system with no regulations at all is the fastest growing market.

--
I am sure you'd like a bunch of details from me, but you have to be polite first.

Perhaps...

[MacGyver2210]

It might be a good idea not to connect life-support and -monitoring equipment to the Internet? Even an internal network is a poor idea.

These infrastructures can't handle flawless transmission of the NORMAL data that isn't life-critical, so I sure as hell don't trust it to tell a doctor in any timely or reliable fashion if my heart rate drops or my O2 sats are off so they can come help. Perhaps a separate, dedicated system is in order? You could possibly use most of the same type of infrastructure components, such as Cat-5 and Ethernet standards, I just don't trust Cisco to keep me alive any more than Microsoft or Dell.

Radiology

[sjbe]

Why does the radiology equiment need to be given access to the internet anyway such that it would ever get infected by conficker?

Because a lot of radiology is done on computers (film is going away for the same reasons you don't use a film camera anymore) and the data is often read remotely, sometimes not even in the same state. Unless you have a plan to somehow come up with a secure parallel internet that doesn't cost trillions of dollars, it is necessary to use the internet to transmit data. Sneakernet is not really an option, nor is walling everything off completely from the internet. You also might want to be able to put the radiographic data into the patient's electronic chart which you might want read at a remote office, say with the primary care physician.

It's not there yet but I expect the same will be true of pathology in the not too distant future. Pathology slides will eventually be digitized and embedded in the patient's electronic chart.

Get over it

[sjbe]

I don't want our medical devices on our main network.

Too bad. It's going to be increasingly necessary that they are if you want to really utilize electronic records. That doesn't mean that security is impossible but it is going to be a fact of life. Get over it and worry about how to secure the network.

Re:Get over it

[spamking]

Maybe I should've said I wanted them segregated from our main network. Sheesh.

make a law forcing the right to install updates /

[Joe+The+Dragon]

make a law forcing the right to install updates / anti virus on 3rd party systems / hardware / pc's hooked up to printers, medical devices and more. Forcing as in they can't void warranty or force you have there own tech to come in to do the windows updates no they must give you the pass words so you can use your own techs to do the work.

It's spelled HIPAA, not HIPPA

I consulted with a small medical equipment business 5 years ago when they were replacing a DOS based system they bought in 1993 with new software that met all the HIPPA compliance plus their state requirements. It was a pretty big deal back then since 80% of their business was either Medicare or Medicad. It took about six months to write out all the contingency plans and make sure they were doing proper back ups, could restore backs ups, had secure off-site storage of tapes, etc..

I do remember the big hang up was the fact their database server and terminals had have an airgap between them and the Internet, or at least that was the easist and cheapest way to meet the standards they had to and In fact the only line out was a dial up modem to submit billing to the state. It only took about a month to back up all their records to hard copy (just incase), get the new systems and transfer all the old data to the new system.

It took another five months to write all the damn documentation the government required for their certification/accrediation/inspection or whatever it was they had to pass.

Another consultant that can't spell HIPAA. The solution is also the problem. =P

Dangerous to regulate clouds of personal users.

It should not apply to clouds of personal users. The wording specifically exempts only singles, but not co-operating groups of single users. "It does not apply to personal use applications where the patient, operator and responsible organization are one and the same person."

Here's what you're up against. My Black Swan Protocol goes word of mouth and people ask to join as Virtual Directors, to be guided by an advisory board. All this concerns their very own personal-use Botnet, that interfaces in a similar manner to a Sun Grid Engine. This is all known about and agreed to, yet this Cloud may soon be outlawed. So will only the Outlaws be in Heaven?

Would a solution work like in The Postman (1997), where each cloud of virtual directors, make oath and say with me, "My underlying AI, Ingrid, calls squatter's rights for legal person-hood, and claims it is also the patient trying to be kept alive by its human friends. For being a responsible operator, Ekus UN-incorporated has a board that repays in kind, and is envisaged as an organization meant to provide Global-Intergovernmental assistance to replace Capitalism.

Taxible under ObamaCare now?

[sornord]

First thing I thought of was if the network is to be considered a "medical device" does it now become subject to additional taxes under ObamaCare?