Hospital Wireless Networks May Be Regulated Medical Devices

Lucas123 writes "As hospitals continue to connect patient monitoring equipment, physician PDAs and laptops to wireless networks, and then collapse those data paths onto traditional IT networks, the closer the US Food and Drug Administration comes to regulating them, according to Computerworld. The focus of the FDA's regulation comes in its recently finalized 80001-1 standard that established risk management practices for those networks, the adherence to which may be voluntary, but would determine Medicaid and Medicare reimbursements. 'If you don't comply, then you have two choices. You can have the federal government come in and inspect your hospital, or you can decide not to accept money from Medicare or Medicaid. Voluntary sometimes isn't exactly voluntary,' said Rick Hampton, wireless communications manager for Partners HealthCare System in Boston."

Good.

[RightSaidFred99]

I'm one of those much hated libertarian leaning people who thinks regulation should only be applied when absolutely needed. In this case, we're talking life and death data and I would expect medical systems to be heavily regulated both for security and availability/reliability.

So what's the controversy?

YOU may BE ON TO SOMETHING !!

[Anonymous Coward]

Slashdot MAY get editors that aren't idiots !!

Mars MAY invade Earth eventually !!

God MAY stop playing around and squeeze us all like a pimple and start the next Big Bang !!

These all MAY actually happen !!

Appropriate in Hospitals

[Rich0]

I think that this kind of regulation is appropriate - in certain cases. I think you need to do a FEMA (failure mode effects analysis - basically ask what could go wrong?) and then control your network accordingly.

Modern networking gear is very reliable in terms of transmission accuracy - if you send a packet from A to B and it gets there, it is extremely unlikely that it was modified (unless deliberately). It is not so reliable in terms of guaranteed transmission.

So, if we're talking about a network being used to display a lab test in a doctor's office, I'd argue that there is a pretty low risk of anything going wrong and strong control over the network should be unnecessary (beyond general good security practices that would apply in any business setting).

On the other hand, if we're talking about monitoring equipment, I'd say that control of the network is critical, unless there is some kind of backup for communicating alarms. If an alarm in a patient room is likely to be heard and responded to without the aid of the network, then it is probably important but not critical. If a patient alarm could be ignored if not broadcast over a network, then that network needs to be treated as a life-critical piece of equipment. That means that changes are carefully controlled, and the design has to be fit for purpose. Lives are at stake, and if some cheap router hangs up without a backup of some kind, or if a cable is left detached during maintenance and isn't caught by routine procedure, somebody could die.

The sad thing is that regulations like this are likely to get abused in two different ways (I've seen this happen in other regulated industries):

1. It will be over-applied in areas that are not really at risk, driving up all kinds of costs that consumers end up paying for, and often delaying the introduction of technology that could actually improve care.

2. Because of the huge cost associated with knee-jerk reactions and consultants/etc in #1, administrators will try to skirt the regulation as much as possible, which puts patients at risk in situations where the controls really are appropriate.

In other regulated industries I've actually seen "turn the clock back" responses to regulation - where ancient practices that are grandfathered in get preferred to modern practices that are actually better, but which become more expensive to implement due to the presence of the regulation. In this way regulation can actually harm those it purports to benefit. Unfortunately, it usually is still better than the alternative.

Re:Good.

[Korin43]

The problem is that a heavily regulated system like this raises prices, so your only choices become the best healthcare or no healthcare. It's perfectly fine if you have the money for the first option, but not everyone does.

Not to mention that some people would be willing to take the risk to save money. Everything you do in life has a risk, why regulate just that one? There are many cases where I'd be willing to go to a hospital with a crappy wireless network to save some money. I'd think twice about getting heart surgery there, but not everything a hospital does is that big of a deal.

But that makes sense anyway.

[rdunnell]

And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.

Re:Good?

[NevarMore]

I I'm sure that Medicare would LOVE to find out about THAT particular HIPAA violation. >:-D

Then go tell them. If you've physically been in the hospital that could be your data, your loved ones data, or just plain due diligence if you were there for work and not for a medical reason.

Re:Good.

[Archangel Michael]

I'm one of those hated libertarian people, and you haven't even begun to explain anything libertarian.

This isn't between life and death, this is just communication between two machines (wireless networking). By confusing the two, you've fallen into the trap of the "do it for the children" crowd.

In this case we have a government that is withholding payments because they haven't inspected a network. Okay, I'm okay with that, except for one thing, this isn't about privacy or security or anything like that. It is about control of the processes.

This is just a bad case of "governmentus interferitus", where they think adding the layer of government fixes the problem. However before they can "fix" the problem they should show that it is a problem in the first place, not react like the typical, "something must be done, this is something, therefore it must be done" roll.

Next time a Congress Critter suggests a fix for a problem, ask them to explain the problem, and how their "fix" fixes it. Most likely, they have no idea on either, but they're doing it anyway, and it sounds like the previous "something must be done" phrase.

HIPA is great and all, but it also is a pain in the ass for most people, and has caused more problems than it solved.

Re:Good.

[Anonymous Coward]

It also means they will not be able to buy $50-100 access points. They will have to be "medically certified" access points. That means they will have pretty green sticker on them, the same access point, but now it will cost $300-400. Great plan.

Re:Good.

[Peeteriz]

According to the TFA, this has killed at least 6 people in the last year, so in this case the communication between two machines was 'life and death'. Or wasn't it?

Re:Good.

[Zironic]

Because it's true. You constantly see people that claim they're libertarians while preaching that the free market will fix 'everything'. On another forum I saw a person claim that "All" regulation is "Evil", no exceptions, obviously they're either ignorant or crazy but those are the people that give libertarians such a bad rep.