March 14, 2024
Leadership vs. Management, what exactly are the differences? And what is needed in both areas to meet the current challenges?
Interview with Christian Rosenzweig (Johner Institute) – Part 1
Anyone who has been ill in the past few weeks has probably had at least one point of contact with the topic of e-health: since January 2023, certificates of incapacity for work have only been issued digitally. Prescriptions have also been redeemable digitally in pharmacies as e-prescriptions since September 2022. The introduction of an electronic health record is being discussed. At the same time, reports are piling up Hacking incidents in hospitals.
This raises the question of how things are with IT security in the field of e-health and what tasks still lie ahead of us.
For this we have with Dipl.-Ing. Biomed. Technology Christian Rosenzweig from the Johner Institute spoken. He advises manufacturers of medical devices on quality management and regulatory affairs. One focus here is risk management – especially with regard to the information security of the products.
This first article is primarily about the consumer perspective: How does digitization in healthcare affect me, as a patient or consumer, directly or indirectly? The anecdote in the video below makes it impressively clear how much this topic affects us all.
The following second article deals in particular with the aspect of IT security in the context of eHealth.
When it comes to eHealth, many readers probably first think of electronic health records or telemedicine. What other areas does eHealth cover? Which aspects do you as a consumer or patient perhaps not even have on your radar?
Due to the large number of topics, it is not possible to list everything, so I will limit myself to a few examples. From the consumer or patient perspective, the following areas are particularly relevant:
The addressed electronic health record is something you have been working on for years. The aim is to create a patient file in which all of a patient's data is managed under his authority and to which all doctors involved have read and write access.
telemedicine services are intended to help ensure that patients can be adequately monitored and cared for by suitable specialists at home or on the go.
The purchase of pharmaceuticals and medical products is also made easier for the end consumer Online pharmacies .
The topics self-care and disease prevention also play a role. These include services and products for senior care, assisted living, activity tracking and mobile apps designed to support health-conscious people. Health software and medical products on smartphones or workplace PCs are now also reimbursable if they are prescribed by a doctor (SAY – Digital health applications).
Networks are another aspect: health data can be Social networks to be shared. The "internet of things" connects everything and everyone, "body area networks“ connect sensors and actuators on the body.
Auch health portals on the Internet ("consumer health informatics") and internet medicine (Health care for diagnosis, monitoring, counselling, appointments, prescriptions) are important aspects in the field of eHealth.
In the area of hardware there are now mobile devices and wearables with sensors for numerous body parameters.
What you as a patient may not see directly are developments in the field of eHealth, which tend to affect medical practitioners. In the area of software and data, for example, new technologies such as “Machine Learning”, Big Data and Bioinformatics an increasing role. In the new branch of science "GenomicsIt is about the acquisition and analysis of DNA sequences. Also medical equipment are becoming more and more digital and networked, as the example in the video clearly shows.
What are the benefits associated with digitization in healthcare?
A big advantage is the availability of required data for everyone (the practitioner, but also those affected) at any time and any place. This also leads to a reduced exposure to harmful diagnostic procedures (e.g. X-ray) because repetitions are not necessary if everyone can access data that is already available. In this regard, an electronic health record, for example, would be an asset.
The Access to huge amounts of data (“big data”) enables diseases to be better recognized and predicted. Models for disease prediction and therapy are also better possible in this way.
Machine Learning is now so mature that in some areas better diagnoses are possible than by a human. For example, artificial intelligence (AI) detects tumors in X-ray images earlier than human diagnosticians.
Digitization also works Shift in the healthcare system from disease treatment to prevention or early detection. Through data access and transparency, it offers laypeople the opportunity to take responsibility for their own health. The availability of support systems helps with this.
We keep making it clear that digitization always brings with it more interfaces and thus more potential attack vectors. Anyone doing digitization must therefore necessarily think about cyber security. What dangers do you see specifically in the area of eHealth if IT security is not sufficiently integrated?
The dangers primarily affect the three classic protection goals of information security: confidentiality, integrity and availability of data.
In the field of eHealth, the confidentiality Due to its sensitivity, data plays a particularly important role: personal data, diagnoses, disease progression and forecasts can fall into the hands of unauthorized persons who make a profit from it (e.g. insurance companies, employers, blackmailers).
The integrity of health data is also of enormous importance: If diagnosis/treatment data are manipulated or no longer correct due to technical influences, serious health effects can arise (e.g. changed medication prescriptions from the doctor, which leads to a lethal dose). The integrity of such data can be compromised by technical errors, criminals (extortion) or even politically motivated attackers (warfare).
The way food is Availability of data is of particular relevance in eHealth: A doctor who cannot access the necessary data in an emergency situation cannot treat properly. A hospital that has lost all of its data and systems as a result of a "ransomware attack" can no longer function.
A striking example is the ransomware attack on the university clinic in Düsseldorf, which had to close its emergency room as a result. This resulted in the death of one accident victim due to late treatment.
In the second part of the interview, we clarify where the healthcare system currently stands in terms of IT security, what requirements medical device manufacturers have to meet in this regard and what role penetration tests play in this. Here it goes Part 2!
Leadership vs. Management, what exactly are the differences? And what is needed in both areas to meet the current challenges?
Should standard users in your tenant be allowed to complete an Azure App Registration? The answer is clearly “no” and this article
The bad news first: In Germany there is no central nationwide emergency number for hacked companies or authorities. That's why it is