Virtual healthcare has to be understood and used for what it can offer

Among the many offshoots of the growth of technology; virtual healthcare is a very recent and important development. In simple language, virtual healthcare, a term easy enough to understand, is the use of technologies that enable remote consultation and monitoring of healthcare.

Putting technologies to remote use has been in use for a while now, what with corporate entities carrying out conferences and virtual conferences at the push of a button. Virtual technology has also been in widespread use in areas like education and for monitoring remote workers in many organizations. Virtual healthcare can be seen as a natural extension of these uses of technology.


Understanding the dynamics of virtual healthcare

Healthcare analysts are quite upbeat about the growth prospects of virtual healthcare, making prognoses about its explosive potential growth, with estimates ranging from a size of well over $3 billion by 2022 to much rosier, nearly $14 billion for video consultation alone by 2018. While time will tell whether these forecasts will be fulfilled, we need to understand this tool and its prospects and pitfalls.

When adapting virtual healthcare, patients and healthcare providers are likely to use virtual healthcare in these ways:


This should rank as the most important element of virtual healthcare. Virtual healthcare itself would come to be of no use if it did not offer the patient the opportunity to interact with the patient remotely. Patients are likely to use technologies in the form of tablets, smartphones and other personal devices to consult physicians.

virtualHealthcareConsultation is a very important component of virtual healthcare and it goes beyond just obtaining billing and other information that is usually a part of an Electronic Health Record (EHR). Virtual healthcare aids in direct, non-physical contact between the patient and the healthcare provider, which is what this medium primarily seeks to facilitate.

This feature is all the more useful in situations where the patient may not be in a condition to travel to the healthcare provider or where patients with long-term ailments need to be monitored on a regular basis without having to visit the hospital.



EHR could be another major component of virtual healthcare. Following the passage and implementation of Obamacare; the EHR has become a very important document for people seeking healthcare. Virtual healthcare can bring in a new dimension to EHR by enabling documentation and recording of important events in the physician-patient relationship.

Drawbacks of virtual healthcare

While there is no doubting the fact that virtual healthcare is set for major growth; it is important to understand its inadequacies. The most important disadvantage of virtual healthcare is that it is best suited only for noncritical healthcare situations. It may help patients with long term ailments, as mentioned above, but can help only when the patient has reached a stage where all treatments are done and only resuscitation or convalescence is needed. For a patient requiring immediate attention in an emergency, virtual healthcare is not likely to be very effective. Thus, a patient seeking medical information or advice for a viral infection is far more suited for virtual healthcare than a patient in need of CPR.

The uses to which virtual healthcare can be put are limited, at least at this stage of its development. When this technology advances enough to be able to offer healthcare in all situations and for all kinds of ailments; it will become a more effective medium. Till then, virtual healthcare has to be understood and used for what it can offer.


The EU’s Pharmacovigilance Directive

Pharmacovigilance is a major public health initiative of the EU. It is aimed at reducing the risk attendant in any part of the production, marketing and supply chain of medicinal products. Monitoring is done not only before the medicinal products enter the market; it is done at every stage after, too.

The aim of putting a strict vigilance regimen is to help detect any aspect of a medicinal product that could compromise on its safety. This whole system of monitoring is called pharmacovigilance.

The EU’s Pharmacovigilance Directive is the legal structure that spells out the objectives and implementation plans for the EU’s pharmacovigilance system. The Pharmacovigilance Directive is part of the EU’s efforts to enforce very stringent assessment of all medical products for their safety, quality and efficacy before they become authorized.

Regulation on all areas of medicineIn essence, the Pharmacovigilance Directive lays out the conditions and rules by which medicinal products have to be marketed within the EU and beyond. It prescribes the manner in which products have to be manufactured, labelled, marketed, recalled and destroyed. The Pharmacovigilance Directive, which applies to products for human use, bans any medicinal product that is not authorized by any member state of the EU from being marketed.

The review of 2010The Pharmacovigilance Directive underwent a major revision in 2010, by which a new legislation came into effect. The legislation passed that year further fortifies and streamlines the system relating to the safety of medicines that enter the European market.

The Pharmacovigilance Directive of 2010 strategizes areas relating to preventing, detecting and assessing of adverse reactions in patients to ensure improved patient safety and with it, public health. One of the major features of this amendment is that patients are empowered to directly report adverse drug reactions to the designated competent authorities. Another important aspect is that the definition of an adverse reaction has been widened to include issues like overdose and medication errors.

Important features of the Pharmacovigilance Directive of 2010The Pharmacovigilance Directive of 2010 seeks to take concrete steps to enhance its core objectives of patient safety and public health. It is built on these foundations:

  • It puts in place a robust, proportionate and proactive risk management regimen
  • It enhances safety data quality
  • It strengthens the link between safety evaluations and actions from regulatory authorities
  • The Pharmacovigilance Directive of 2010 has led to greater communication, transparency and patient involvement
  • It assigns clear-cut responsibilities and tasks for everyone concerned
  • It facilitates the decision-making apparatus within the EU
  • The Pharmacovigilance Directive of 2010 has established The Pharmacovigilance Risk Assessment Committee, a new scientific committee to be based at the European Medicines Agency (EMA).

49-day Hack shows need for cyber security beef up

It took one NSW Government agency 49 days to shut down a hack by fraudsters, a new report on cyber security in the public service has revealed.

The attempted financial fraud in 2017 involved a government agency and its IT systems provider, and spread to other agencies before it was reported and stopped.

The case study is part of a new report by the state’s auditor-general Margaret Crawford.

She called for urgent improvements in the public sector’s ability to respond to cyber security incidents.

“There is a risk that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage may be lost,” the report said.

“Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.”


Hacked account sent out 450 bogus emails

The 2017 case study started with a compromised email account, and led to led to a shut-down of the agency’s financial payment system.

Six days later, the hacked account sent deceptive emails, known as phishing, in a bid to get the credentials of finance staff.

Two weeks after the initial hack, the agency’s IT provider detected a fraudulent invoice and raised the incident to major status.

Email account users were told to change their passwords, but by day-20, the hacked email account had sent out 450 bogus emails, and 300 staff had clicked on the link inside.


At that point the agency had found out that about 200 email accounts were under the control of criminals, yet it failed to temporarily lock the accounts.

It was not until day 36 that the IT provider reported the incident to the Government’s chief information security officer.

Six days later, it was found that the account that had been hacked at the start was still compromised.

The agency’s payments gateway, which handled business invoices, staff salaries and superannuation, was finally re-opened on the 49th day.

Click here to go in detail

When a medical device fails to meet these standards for precision and accuracy

All medical devices have their stated intended use. With time, many of them undergo changes with use. Because of this, they need to be calibrated to retain their effectiveness. The FDA’s medical device calibration requirements have been devised with the same intention.

Although the FDA has medical device calibration requirements, many of these medical devices do not have specific measures that need to be set. So, in view of this, the FDA can only require that the core quality needed for the medical device’s function -the ability to meet its intended use -is met from time to time.


The FDA’s code of regulations for medical device calibration requirements

The FDA has a code of regulations for medical device calibration requirements: Part 820 of its QSR, Section 72. 21 CFR Part 820.72, which deals with inspection, measuring, and test equipment; states that medical device calibration requirements shall cover the control of these aspects of the medical device. It broadly states that manufacturers have to ensure that “…all inspection, measuring, and test equipment, including mechanical, automated, or electronic inspection and test equipment, is suitable for its intended purposes and is capable of producing valid results”.

Further, it also requires medical device manufacturers to have procedures in place for calibrating, inspecting, checking and maintaining equipment. Also included in these procedures are provisions relating to how to handle, preserve and store equipment.

Medical device calibration requirements in relation to calibration

As for calibration requirements in particular, the FDA’s medical device calibration requirements require medical device companies to have procedures in place that specifically offer directions and limits with regard to precision and accuracy. When a medical device fails to meet these standards for precision and accuracy; the FDA will evaluate if these have the potential to cause harm in the form of adverse effect on the patient. If these are discovered, the manufacturer has to calibrate the medical device to improve quality till the standards are met. All these procedures are to be documented.

Medical device calibration requirements in relation to standards

On the question of standards, in the absence of standards specifically meant for medical device calibration requirements; the FDA states that relevant international, national, state or local standard have to apply. In the absence of any of these; the company has to form its own set of standards for meeting medical device calibration requirements.


Documentation of medical device calibration

Part 21 CFR 820.72 of the FDA clearly states that the medical device manufacturer has to document all the points of calibration such as the date on which the device was identified and taken up for calibration, the name of the staff who did this, and when the next calibration is due. All these records have to be made publicly available to designated staff in the medical device company. All these form part of the FDA’s medical device calibration requirements.

FMEA in medical devices can work better when mated with ISO 14971

Failure Mode and Effects Analysis (FMEA) is a core aspect of risk management and risk analysis in medical devices. FMEA is essentially about analyzing the reasons for which a problem arises and the effects it has on the system. In the field of medical devices, it is absolutely critical to understand the failure mode and effects because the consequences of not doing this can be disastrous and many times, even fatal.

Required, but not clear about the steps

The FDA only broadly states that risk management has to be built into the manufacturing process. This leaves medical device manufacturers in a kind of quandary, because although the FDA is clear about the requirement for risk management; there is no clear-cut guideline on how this needs to be carried out. This leaves the implementation of FMEA in medical devices something that is at the discretion of the medical device company.

The FDA’s Final Rule on cGMP Quality System Regulation (QSR) is, to quote its own words, “less prescriptive and gives the manufacturer the flexibility to determine the controls that are necessary to be commensurate with risk” ( In other words, there is no specific guideline on risk management, using which medical device manufacturers can decide the ways and processes of implementing risk management. The guideline is all the more vague about risk analysis approaches and procedures like FMEA.

Complementarity with ISO 14971Since the guidelines on medical devices FMEA are rather general medical device companies that implement FMEA have to go by a buzzword: implementing FMEA at every level. In this regard, they can work complementarily with ISO 14971, whose guidelines relate to risk management.

FDA steps up efforts at bringing about medical device cyber security

It is a disturbing, but true fact that medical devices are hacked. Medical devices have inbuilt software, and hackers try to breach this. Medical device cyber security is thus critical, because lack of it can bring harm to patients who use medical devices that come with software built into them.

An important factor that makes medical devices vulnerable to cyberattacks, thus triggering and hastening the need for medical device cyber security is that many times, medical devices are not standalone devices. They are connected via the Net to a number of important sources such as hospitals, electronic records and healthcare providers.

This fact makes it easier for hackers to carry out cyberattacks on medical devices because it is not necessary for them to actually have access to the device to carry out their breach. All these factors combine to make medical device cyber security a much needed system.

CyberAttacksIndustries_gifThe FDA guideline of June 2013:

Keeping in mind the nature of fallibilities in a medical device; the FDA, with the intention of bringing about medical device cyber security passed the draft guideline on this topic in mid-2013. Titled the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices; this guideline sought to address the issue of medical device cyber security by making an attempt at identifying the issue from its root.

That is, this guideline on medical device cyber security put in place security checks and procedures that manufacturers of medical device have to put in place right from the earliest stages of manufacture, going all the way up to the time it is implanted in or used by the patient.


The main intention of this FDA medical device cyber security guideline is to offer recommendations that medical device manufacturers need to take to reduce the intentional or unintentional risk of an attack on a medical device. This FDA guideline seeks to enforce medical device cyber security by ensuring that the manufacturers take steps to secure medical devices by clearly defining medical device cyber security.

Terms clearly defined

The FDA defines medical device cyber security as steps taken to prevent any of these:

  • Unauthorized modification
  • Misuse of the device
  • Denying the use of the device
  • Unauthorized use of the information that is stored in these devices. This relates to the information stored, accessed and modified when the device is transferred from one source to another

Documentation is at the heart of ensuring medical device cyber security

Towards ensuring medical device cyber security as defined by it; this FDA guideline requires manufacturers to monitor and document all the aspects of medical device cyber security at all stages. Medical device manufacturers should bring about medical device cyber security by developing a set of controls in three vital areas:

  • Firstly, medical device manufacturers should take steps to permit only authorized personnel into the software of the medical device
  • Medical device manufacturers should also ensure medical device cyber security by filling only relevant and accurate data into the device
  • They should also ensure that data is available when asked for

Controls, controls, controls

A very important aspect of medical device cyber security that the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices brings about is that it requires medical device manufacturers to monitor and document all the possible potential for medical device cyber security breach from the design stage itself.

medicalDeviceCyberSecurityMedical device manufacturers have to also bring to the notice of the FDA whenever they make changes related to security at the premarket notification stage. It seeks to fortify medical device cyber security by requiring medical device manufacturers to provide information relating to medical device cyber security by submitting data related to the following:


How a new technology is changing the lives of people who cannot speak

Last November, Joe Morris, a 31-year-old film-maker from London, noticed a sore spot on his tongue. He figured he’d bitten himself in his sleep and thought nothing more about it until halfway through the winter holidays, when he realised the sore was still with him. He Googled “cut on tongue won’t heal” and, after sifting through pages of medical information on oral cancer, he decided to call his doctor.

The cut was nothing, Joe was sure: he was a non-smoker with no family history of cancer. But he’d make an appointment, just in case.

I’m sure it’s nothing, the doctor said. You’re not a smoker, and you’re 31 years old. But see a specialist, just in case.

I’m sure it’s nothing, the specialist said, you don’t check any of the boxes, but we’ll do a biopsy, just in case.



When the biopsy results came back positive for cancerous cells, the specialist said that the lab must have made a mistake. The second time Joe’s biopsy results came back positive, the specialist was startled. Now Joe was transferred to Guy’s hospital, which has one of the best oral cancer teams in Britain.

The oncologists at Guy’s reassured Joe again: the cancerous spot was small, and cancer of the tongue typically starts on the surface and grows inward. This tiny sore could likely be nipped out without much damage to the rest of his tongue. They’d take an MRI to make sure there wasn’t any serious inward growth, and then schedule the surgery.

The image revealed a tumour like an iceberg. It was rooted deep in the base of Joe’s tongue, mounding upward and out, its tip breaking the surface just where the telltale sore was located. “When the doctor told me the news, there was a work email that was bugging me and I still had that on my mind,” Joe wrote to me last summer. “As he was explaining to me that I was going to lose my tongue, I was redrafting a reply in my head.”

“You’re going to lose two-thirds of your tongue,” the doctor was telling him. “This is going to seriously affect your ability to eat. And your speech.”

Joe wanted to know how the surgery would affect his speaking. Would he have a lisp?

The doctor hesitated, and then looked at his hands. “Your family will still be able to understand you.”

A week before the surgery, Joe started to panic: he realised that he might never speak again. Even if he did, he would no longer sound like himself. Knowing that he was about to lose a huge part of his identity, Joe asked a friend to film an interview with him so that he would have a permanent record of his voice.

In the video, Joe’s speech is already beginning to falter: he has a bit of a lisp, and he has to sip water frequently and take breaks to withstand the strain of talking. He is dressed in a black knitted V-neck sweater, and seated near a window through which you can see the London skyline at dusk. He is pale, with sunken, blue eyes, dark, shaggy hair and three days of stubble. He looks a little unwell, a little sad, and a little rueful, as if he’s unsure about being the centre of attention. He keeps ducking his head and looking away, or making jokes. When asked to state the date, he smirks and says, with wry formality, “The date is, I believe, the 24th of February, the year of our Lord 2017.”

Speaking to the camera, Joe struggles genially to articulate what it feels like to contemplate losing his voice for ever. “I’m not what you’d call a vain man,” he says, quietly. “Usually it’s very far into the day before I’ve looked in the mirror. I don’t care about any of that.” He takes a moment. “But I am human. And the idea that I’m going to not look like me or sound like me … terrifying.” He swallows. “And also my job, my life, is all about communication, all about talking. I love talking,” he says feelingly, with a little smile. “I’ve got a few things to say.”

Shortly before this video was taken, the friend behind the camera had come to Joe with some news. He had found a company outside Boston called Vocal ID, which creates custom digitised voices for people who use devices to help them speak. The company could use recordings of Joe speaking to recreate his own voice on a computer for him to keep and use for ever.

When they contacted Vocal ID’s founder, a speech pathologist named Rupal Patel, she explained that it would be possible to digitally reconstruct Joe’s voice if, before his surgery, he was able to “bank” his voice. This meant recording the few thousand sentences that Vocal ID has developed to capture all the phonemes in the English language.

Joe agreed to try. He recorded several hundred sentences and then, realising the magnitude of the task, stopped for several days. “This was my last week of freedom and I had a lot of stuff to do, people to see, life to live (and steaks to eat),” he wrote to me. Two days before the surgery, he started again. Banking his voice was slow and painful – by then, it was excruciating to talk, and he was trying to be at his most eloquent. On the final day, he recorded late into the night.

The next morning, Joe went back to hospital and had his tongue cut out, joining the ranks of those who cannot, in any traditional sense, speak.