Personal Medical Devices: Managing Personal Data, Personally Collected

By Lisa A. Eramo

New technologies are enabling patients to capture and transmit health data from their homes. Managing this new data stream takes some planning.

Managing health information that flows into the organization from outside sources has always posed challenges. How will the information be integrated into the record? Who will ensure its integrity? How will providers use it?

Now that flow of data has the potential to increase dramatically, and from a new source: patients. Personal medical devices are emerging as the next wave of the personal health revolution. They are portable, consumer-focused technologies that assist with remote monitoring. They can be used at home for health and fitness trending, chronic disease management, and elderly patient monitoring.

The devices raise all of the current questions about managing external data as well as introduce new ones. Providers can prepare by asking key questions when they offer devices to their patients or begin accepting data from them.

A Broadband Boost

The personal medical device industry has been slow to progress in the United States, but that is changing as technology advances and interest in telemedicine increases.

Telemedicine is a rapidly developing application of clinical medicine that involves the transfer of medical information through the phone, Internet, or other electronic network. Countries such as Japan are already using the technology to monitor patients and even predict certain health outcomes (see sidebar).

Personal medical devices used in telemedicine rely heavily on broadband networks for data transmission, and they will receive a boost from $7.2 billion in federal funding being dedicated to expand broadband services nationwide.¹ Part of the plan, called for in the American Recovery and Reinvestment Act, creates incentives for the adoption of e-care technologies.

Cost savings associated with the expansion of remote patient monitoring are significant-$197 billion over the next 25 years, according to one estimate.² A pilot project conducted at the Cleveland Clinic found that remote monitoring increased the average number of days between office visits by 71 percent for diabetic patients and by 26 percent for hypertensive patients.³

Personal medical devices are particularly helpful in monitoring diabetes, chronic obstructive pulmonary disease, congestive heart failure, and hypertension, says Rick Cnossen, president of Continua Health Alliance, a nonprofit, open-industry coalition that focuses on interoperable personal health solutions. Examples of these devices include thermometers, pulse oximeters, blood pressure cuffs, pedometers, weight scales, fitness equipment, medication tracking, and glucose meters.

The devices, which are designed specifically for consumer use at home, measure objective data such as oxygen saturation and blood glucose. Others may also help identify adverse symptoms and other negative health-related behaviors that can help alert care providers to initiate intervention.

Standards Assistance

Not all personal medical devices interface directly with an EHR. In fact, many can be purchased inexpensively and require consumers to capture data themselves on paper, computer, or USB drive. Consumers then bring the information to their providers for interpretation as necessary.

More sophisticated devices transmit data electronically-and even wirelessly. These devices capture and transmit data through several interfaces, ultimately arriving at a provider’s fingertips.

The data move through an aggregation hub such as a cell phone or computer to a back-end server that then stores and transmits the data to an EHR or PHR. Each interface is part of an “ecosystem of interoperable personal health systems,” says Cnossen, making data transmission seamless and efficient.

Continua offers a certification process that ensures devices meet certain interoperability and other criteria already set forth by Health Level Seven International, the IEEE Standards Association, Bluetooth, USB, and ZigBee. To date, 14 products have successfully achieved certification status (see www.continuaalliance.org/products/certified-products.html).

“One of the things that we are trying to drive in the industry is a standards-based approach,” says Cnossen, adding that this approach has already helped other products, such as USBs and memory sticks, thrive.

Cnossen expects this focus on a standards-based approach, as well as increased broadband access nationwide, will fuel the adoption of personal medical devices. “Once we define a standard way to store and transmit the data, you’ll see an explosion of usage,” he says. He notes that consumer interest is already there, as evidenced by the upsurge of health and wellness applications downloaded to smartphones through iTunes over the past few years.

“I think the FDA is carefully evaluating what’s going on there, particularly when there are devices like glucose meters for which the intended use is to treat diabetes in a regulated space. I think you’re going to see a little more regulation from the FDA on these types of applications,” Cnossen says.

Considerations for Managing the Data

The Department of Veterans Affairs (VA) Health Care System, which has been an industry leader in EHR use and implementation, recognizes the benefits of personal medical devices, says Beth Acker, RHIA.

Acker, HIM specialist at the VA in Cantonment, FL, says she currently devotes much of her time to information management challenges relating to EHRs, telehealth, and other medical devices. She cites a number of information management questions that providers must answer when implementing these devices.

How does the personal medical device identify the patient? When these devices interface with an EHR, HIM staff members should provide input to ensure identity traits used in the master patient index (MPI) correlate to the identity traits being used by the device, Acker says. Each MPI may use a slightly different logic, and capturing this information will help ensure that the data on the device transfer directly to the correct patient record in the EHR.

Will the personal medical device synchronize the date and time? Some patients using personal medical devices may be located in other time zones or even across the international dateline from the location of the EHR in which the data will be stored and used, says Acker. Thus, it is important to ensure the device captures the date and time of the area in which the patient is located as well as the local time the data were received.

“From an HIM perspective, you always want to know at what time the information was gathered and at what time it was made available to the provider to make clinical decisions. This is important from a legal health record perspective,” she notes.

What type of audit trail, if any, can the personal medical device provide? Although the primary purpose of personal medical devices is to capture clinical data, it is important that the devices also capture audit information, metadata (e.g., who captured the data and when), and decision support logic, says Acker. The rules behind the decision support logic engine are important, she stresses, because they explain why certain data may or may not have been transferred to the provider.

If the device cannot capture some or all of this information, Acker recommends discussing the risks with an interdisciplinary team that includes representation from the HIM, IT, legal, biomedical, clinical, quality, and risk management departments.

Will the personal medical device ensure authentication? Authentication generally refers to the security process of verifying a user’s identity. Once the user is recognized as having access to the system, authentication assigns responsibility to the user for any data he or she creates, modifies, or views. If the device does not offer an authentication process, the hospital must ensure that data cannot be manipulated or altered once captured, Acker says.

How and when will the data transmission occur? There are two primary ways in which data can transmit from the device to the provider, says Cnossen:

• Store and forward: The device maintains readings over time, and a user can manually transmit the data when necessary. In some cases, hospitals may elect a nurse, technician, physician, or transcriptionist to upload the data. These individuals may edit the information based on clinical relevance and only transfer what is medically necessary. For example, a diabetic using a glucose meter to monitor blood sugar levels at home can store these readings on a network shared by the provider. If an adverse event such as hypoglycemia occurs, the provider then transfers the data to the EHR for interpretation.
• Streaming: The device captures the data and sends it immediately to a provider in real time. The data may be comprehensive, but they are often a predetermined and smaller summary subset that is collected and selectively provided, Cnossen explains.

Clinicians commonly ask whether they will be responsible for analyzing all of the data transmitted through the device, says Cnossen. “If they think they’re going to be flooded with all of this data and then be held liable for every trend that should have been caught, they’re not going to accept it. We need software to help out with that,” he says. However, a plethora of trending information can sometimes be more helpful than isolated data points, as is the case with blood pressure trends, he adds.

Acker notes that the best method of data transmission will depend largely on the individual patient scenario and capability of the specific device. However, hospitals should also consider the limitations of their own systems in terms of whether they can handle the breadth and size of files being sent through the device, she adds.

How will privacy and security be ensured? Encryption is important because the data stored on the device are personally identified health information, Acker says.

When data are transmitted over a wireless network, there is an increased risk of interception, says Cnossen. As part of its certification process, Continua ensures sufficient security (e.g., encryption) in each of the various interfaces through which data may travel.

How will data stored on the device be destroyed? There must be a plan in place to ensure that all information on the device is properly destroyed, says Acker. For devices currently being used, hospitals should also create a policy addressing how long the data must be stored on the device after they have been sent to the EHR and before they can be overwritten or otherwise destroyed. The question of retention is important, as hospitals may need to retrieve data for validation or legal purposes, she adds.

What is the contingency plan? Like any piece of technology, a personal medical device will sometimes fail. Hospitals must address how they will handle these failures, Acker says, particularly when the information captured on the device is a critical part of the patient’s continuum of care. For example, when a glucose monitor fails for a patient who is a brittle diabetic, the hospital may require that patient come on site.

Notes

1. Federal Communications Commission. National Broadband Plan. Available online at www.broadband.gov/download-plan.
2. Litan, Robert E. “Vital Signs via Broadband: Remote Health Monitoring Transmits Savings, Enhances Lives.” October 24, 2008. Available online at www.betterhealthcaretogether.org/study.
3. Theiss, Evelyn. “Cleveland Clinic Program Linking Chronic-disease Patients Directly to Doctors Online Shows Success.” The Plain Dealer. March 16, 2010. Available online at www.cleveland.com/healthfit/index.ssf/2010/03/cleveland_clinic_program_linki.html.

Lisa A. Eramo (leramo@hotmail.com) is a freelance writer and editor in Cranston, RI, who specializes in healthcare regulatory topics, health information management, and medical coding.