What is the State of Cybersecurity in Your Organization?

Posted on June 19, 2013 by mcn_admin

The U.S. Food and Drug Administration (FDA) is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyber attack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.

According to the FDA, many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smart phones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.

Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.  A new FDA Safety Communication has recommendations for both device manufacturers as well as health care facilities.

In evaluating network security, hospitals and health care facilities should consider:

  • Restricting unauthorized access to the network and networked medical devices.
  • Making certain appropriate antivirus software and firewalls are up-to-date.
  • Monitoring network activity for unauthorized use.
  • Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services.
  • Contacting the specific device manufacturer if there is suspicion of a cyber security problem related to a medical device. If unable to determine the manufacturer or cannot contact the manufacturer, the FDA and DHS ICS-CERT may be able to assist in vulnerability reporting and resolution.
  • Developing and evaluating strategies to maintain critical functionality during adverse conditions.

What is the state of cybersecurity in your organization?  You need to be certain that you have comprehensive policies and procedures that address the protection of your IT networks and software including:

  • Maintenance of Computer Software Programs
  • Workforce Clearance and Network Access Authorization
  • Network Access Establishment and Modification
  • Protection from Malicious Software
  • Security Incident Procedure – Response and Reporting
  • Data Backup Plan

This week MCN Healthcare’s StayAlert Compliance Alert Product published a review of the FDA Safety Communication and included example policies like the ones above.  Do you need help getting the most up-to-date policies in place?  Consider a free trial of StayAlert today!

Posted in MCN Healthcare | Leave a comment

MCN Learning: Alternative Care Delivery Sites

Posted on June 18, 2013 by mcn_admin

Even though schools of nursing have just graduated the 2013 class many professors and departmental heads are already drafting up clinical rotation sites and opportunities for the upcoming fall semester.

A nursing professor colleague and I recently had a conversation about the challenges of identifying viable clinical rotation sites for students. This professor is finding that many sites are limiting the amount of care the students are able to provide, primarily because of patient privacy laws and the risk for medication errors. The students are just not getting the volume of hands-on care opportunities as in the past which is limiting experience while in school.

We both recalled the days when student clinical rotations included acute care, home care, possibly employee health outpatient care, nursing homes, and if one was available, psychiatric inpatient care. The specialty rotations always included labor and delivery, postpartum care, and the well-baby nursery. The pediatric rotation was a bit more challenging because no student was ever permitted to provide medication to a pediatric patient – at least when I was attending school – so this rotation was really providing private-duty babysitting to the pediatric patient.

These options are becoming more limited today. Some health care organizations are not permitting students onto acute care units but rather to long-term skilled inpatient care areas. Maternity stays are shorter so the students are not really able to provide postpartum care to the mother or the infant as was the option years ago. Many hospitals have closed inpatient psychiatric care areas and pediatric care areas are few and far between.

Besides these basic issues the nursing professor explained that many students want experiences that are not “typical.” When this professor asked the exiting class what types of clinical experiences would have enhanced their nursing education, the responses were interesting and included:

  • Forensics/crime scenes
  • Correctional facilities
  • Emergency medicine organizations

By this time both of our heads were spinning – imagining what type of mayhem would ensue if any of these locations had groups of nursing students completing clinical rotations! However I raised another area that might be of interest to nursing professors in the future – rock medicine.

No, this is not archeological medicine but rather emergency medicine organizations that staff medical emergency tents during rock and roll concerts and provide health care to the participants as needed. Actually an organization in California has been providing medical support to concert-goers since 1973 and just celebrated 40 years of caregiving.

Back in 1973 a promoter for a rock group approached a medical clinic in San Francisco to provide emergency medical care during a Grateful Dead and Led Zeppelin concert. From there the group has grown to over 1100 physicians, nurses, paramedics, and emergency medical technicians who volunteer to provide medical care for football games, concerts, fairs, and other events throughout California. This particular organization – Rock Medicine – provides care free of charge so health care professionals are volunteers and they accept nursing students.

Since my nursing professor colleague is not located in California and the volume of rock and roll concerts that occur in her vicinity are slim, this option was not embraced however it did help us both start thinking outside of the box for student clinical rotations.

Health care is being provided in locations that were not even imagined a few decades ago. Who would have thought that peritoneal and hemodialysis could be provided in the home? What about the elderly patient who has a computer transmitter on the kitchen table that transmits morning weight and vital signs to the health care provider so heart failure medication can be titrated according to the current health status?  And home care nurses are using smartphones to send photos of wounds to health care providers so dressing treatment can be prescribed in real-time.

The nursing student and nurse of the future will have many more opportunities, options, and avenues to provide health care to patients. So even though many cities might not have a Rock Medicine organization to use as a clinical rotation for students, it serves as an example of what settings can be used for learning in the future.

These are exciting times for the profession of nursing. The barriers and restrictions for clinical rotations might still exist but nurses, with their collective infinite creativity, will find ways to obtain the learning experiences that are needed and desired to meet the needs of the ever-evolving population.

In the meantime, rock on!

Until next week….

Check out this and other articles at the MCN Learning blog.

Contributed by:
Dawna Martich, MSN, RN
Director of Education

Posted in MCN Learning | Leave a comment

QOTW – QUESTION OF THE WEEK: Critical Access Hospitals and the Emergency Department

Posted on June 13, 2013 by mcn_admin

Question:
Does the Conditions of Participation (CoP) for Critical Access Hospitals (CAH) require a physician to appear on-site when an individual comes to the Emergency Department?

Answer:
The CAH Emergency Services CoP does not require a physician to appear on-site whenever an individual comes to the Emergency Department.

  • Under 42 CFR 485.618(d), a doctor of medicine (MD), a doctor of osteopathy (DO), a physician assistant (PA), a nurse practitioner (NP), or a clinical nurse specialist (CNS), with training or experience in emergency care, must be immediately available by telephone or radio, and available on-site within 30 minutes (60 minutes for CAHs in frontier areas that meet certain conditions). Under the CAH CoPs an MD or DO is not required to be available in addition to a non-physician practitioner.
  • Under the CoP at §485.618(e), an MD or DO must be immediately available by telephone or radio contact on a 24-hours a day basis to receive emergency calls, provide information on treatment of emergency patients, and refer patients. This requirement can be met by the use of a telemedicine MD/DO as well as by an MD/DO who practices on-site at the CAH.

Reference:
CMS, Critical Access Hospital (CAH) Emergency Services and Telemedicine: Implications for Emergency Services Condition of Participation (CoPs) and Emergency Medical Treatment and Labor Act (EMTALA) On-Call Compliance, June 7, 2013, http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertificationGenInfo/Policy-and-Memos-to-States-and-Regions-Items/Survey-and-Cert-Letter-13-38.html?DLPage=1&DLSort=2&DLSortDir=descending

Related Products from MCN:
Policy Library
http://www.mcnhealthcare.com/policy-library/about

Administrative Manual for Critical Access Hospitals will be available in July, 2013

Posted in CMS - Centers for Medicare and Medicaid Services | Leave a comment