Hospital Wireless Networks May Be Regulated Medical Devices

Lucas123 writes "As hospitals continue to connect patient monitoring equipment, physician PDAs and laptops to wireless networks, and then collapse those data paths onto traditional IT networks, the closer the US Food and Drug Administration comes to regulating them, according to Computerworld. The focus of the FDA's regulation comes in its recently finalized 80001-1 standard that established risk management practices for those networks, the adherence to which may be voluntary, but would determine Medicaid and Medicare reimbursements. 'If you don't comply, then you have two choices. You can have the federal government come in and inspect your hospital, or you can decide not to accept money from Medicare or Medicaid. Voluntary sometimes isn't exactly voluntary,' said Rick Hampton, wireless communications manager for Partners HealthCare System in Boston."

Good.

[RightSaidFred99]

I'm one of those much hated libertarian leaning people who thinks regulation should only be applied when absolutely needed. In this case, we're talking life and death data and I would expect medical systems to be heavily regulated both for security and availability/reliability.

So what's the controversy?

Re:Good.

[Korin43]

The problem is that a heavily regulated system like this raises prices, so your only choices become the best healthcare or no healthcare. It's perfectly fine if you have the money for the first option, but not everyone does.

Not to mention that some people would be willing to take the risk to save money. Everything you do in life has a risk, why regulate just that one? There are many cases where I'd be willing to go to a hospital with a crappy wireless network to save some money. I'd think twice about getting heart surgery there, but not everything a hospital does is that big of a deal.

Re:Good.

[Peeteriz]

According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?

Re:Good.

[Zironic]

Because it's true. You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions, obviously they're either ignorant or crazy but those are the people that give libertarians such a bad rep.

Appropriate in Hospitals

[Rich0]

I think that this kind of regulation is appropriate - in certain cases. I think you need to do a FEMA (failure mode effects analysis - basically ask what could go wrong?) and then control your network accordingly.

Modern networking gear is very reliable in terms of transmission accuracy - if you send a packet from A to B and it gets there, it is extremely unlikely that it was modified (unless deliberately). It is not so reliable in terms of guaranteed transmission.

So, if we're talking about a network being used to display a lab test in a doctor's office, I'd argue that there is a pretty low risk of anything going wrong and strong control over the network should be unnecessary (beyond general good security practices that would apply in any business setting).

On the other hand, if we're talking about monitoring equipment, I'd say that control of the network is critical, unless there is some kind of backup for communicating alarms. If an alarm in a patient room is likely to be heard and responded to without the aid of the network, then it is probably important but not critical. If a patient alarm could be ignored if not broadcast over a network, then that network needs to be treated as a life-critical piece of equipment. That means that changes are carefully controlled, and the design has to be fit for purpose. Lives are at stake, and if some cheap router hangs up without a backup of some kind, or if a cable is left detached during maintenance and isn't caught by routine procedure, somebody could die.

The sad thing is that regulations like this are likely to get abused in two different ways (I've seen this happen in other regulated industries):

1. It will be over-applied in areas that are not really at risk, driving up all kinds of costs that consumers end up paying for, and often delaying the introduction of technology that could actually improve care.

2. Because of the huge cost associated with knee-jerk reactions and consultants/etc in #1, administrators will try to skirt the regulation as much as possible, which puts patients at risk in situations where the controls really are appropriate.

In other regulated industries I've actually seen "turn the clock back" responses to regulation - where ancient practices that are grandfathered in get preferred to modern practices that are actually better, but which become more expensive to implement due to the presence of the regulation. In this way regulation can actually harm those it purports to benefit. Unfortunately, it usually is still better than the alternative.

But that makes sense anyway.

[rdunnell]

And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.

Re:Good?

[NevarMore]

I I'm sure that Medicare would LOVE to find out about THAT particular HIPAA violation. >:-D

Then go tell them. If you've physically been in the hospital that could be your data, your loved ones data, or just plain due diligence if you were there for work and not for a medical reason.