COVID-19 Digital Supplement - Lessons Learned by MD Publishing

DIGITAL SUPPLEMENT 1technation.com

ADVANCING THE BIOMEDICAL / HTM PROFESSIONAL

DIGITAL SUPPLEMENT

POST-COVID LESSONS LEARNED

COVID-19 LESSONS FOR HEALTH CARE VALUE ANALYSIS TEAMS

WORD ON THE STREET: HTM PROFESSIONALS SPEAK ABOUT THE PAST YEAR PAGE 11, 19 & 27

PAGE 7

THE FDA’S FUTURE STATE OF OPERATIONS

$32 MILLION IN AMERICAN RESUCE PLAN FUNDING FOR TRAINING

PAGE 15

PAGE 23

HTM POST-PANDEMIC CHECKLIST

Download an HTM Post-Pandemic Checklist to ensure you take the appropriate steps in the months ahead. The checklist includes 10 key evaluation questions for CE departments, which combines real-world insights with best practices for meeting rising service requirements, labor challenges and cost pressures.

DOWNLOAD NOW!

Learn more about Agiliti Online: agilitihealth.com | Toll Free: 1-800-847-7368

C E L E B R AT I N G O U R

ANNIVERSARY!

...here for life Providing Healthcare organizations with the highest level of clinical engineering, surgical repair and medical device acquisition solutions

OFFERING • On-Demand BMET (Temporary Staffing) • Infusion Device Preventative Maintenance Solutions • Medical Equipment - Repair & Preventative Maintenance • Endoscopy and Power Instrument Repair • New & Refurbished Equipment Sales

salessupport@multimedicalsystems.com | www.mutimedicalsystems.com | 1-888-532-8056

Next-Generation Healthcare IoT Security What Sets Cylera Apart from "First-Generation" Providers?

Securing Modern Healthcare IoT Devices Medical Devices | IoT & Enterprise | OT/Infrastructure | Servers & IT | Specialty & Laboratory

Adaptive Datatype Analysis™ [Patented]

IoT Device Emulation™ "Digital Twin" [Patent-Pending]

[CCOM2] Integrated True Clinical Risk Unique Approach to Patching

Proven Success “Cylera's platform allows healthcare to not only secure their biomedical and IoT devices, but also better manage and utilize these mission-critical assets resulting in a significant increase in patient satisfaction, patient safety, operational resiliency, fleet optimization, and a revenue driver. It's truly a game-changer for us.”

- David Finkelstein Director of Information Security, St. Lukes' University Health Network

“Medical devices and IoT devices are critical to our ability to provide the best patient care possible to our local community. Over recent years the broad range of medical devices being networked and integrated with clinical systems has led to a new focus of cyber risk, requiring greater local intelligence and control. Through Cylera's patented technologies and integration with AbedGraham's [CCOM2] analytics, we are now able to identify cyber risks using this foundational approach.

- Neil Perry Director of Digital Transformation, Dartford and Gravesham NHS Trust

"IT and IoT has never been more critical to the delivery of patient care than throughout the COVID-19 pandemic. Cylera is providing needed visibility, inventory, unique digital twin to keep our connected IoMT safe and untouched, hygiene, utilization, and even the simple location of devices needed to treat patients."

- CISO Large US Metropolitan Healthcare Network

“The Cylera team is focused on our requirements, innovative, and extremely responsive. We highly recommend Cylera to any healthcare organization that wants a thought leader to improve healthcare together."

- Michael Archuleta CIO, Mt. San Rafael Hospital

Contact Us at info@cylera.com or at demo@cylera.com for a Demo Download our Technical Highlights: https://www.cylera.com/learn-more ABOUT CYLERA Founded and developed in New York City, USA, our three co-founders set out to improve on the status quo then available to healthcare delivery organizations (HDOs) for identifying and managing their entire IoT environment. Cylera's innovative, unique, next-generation solution helps HDOs find and measure their cyber risk and resilience across clinical engineering, IT security, and the needs of the business, align with standards and frameworks such as NIST CSF, ISO 27001, HIPAA, NIS, PCI DSS and others, and safeguards what matters most: patient care, safety, and privacy.

DIGITAL SUPPLEMENT TABLE OF CONTENTS

Letter from the editor

P.7 National Leaders Collaborate on COVID-19 Lessons for

The novel coronavirus (COVID-19) pandemic was a shock to the health care facilities and systems throughout the world, including the United States. It created changes in the way Americans do many things from grocery shopping to surgery. A national emergency was declared on March 13, 2020, and more than a year later lessons continue to be learned in every aspect of health care. Healthcare technology management (HTM) professionals proved, once again, to be unsung heroes. TechNation decided to highlight how HTM pros adjusted to maintain equipment, keep shelves stocked and provide a safe environment for patient care. In this special digital supplement, we explore just how they were able to achieve remarkable results as well as lessons learned that many will continue to use to do their jobs better and more efficiently in the future.

Healthcare Value Analysis Teams

P.8 Lessons from COVID-19: Reframing the Distribution of Responsibility for Medical Device Security

P.11 Word on the Street: What is one thing you know now that you wish you’d known 1 year ago?

P.12 Soma Serves, Grows Amid Pandemic P.15 FDA Outlines Inspection and Assessment Activities During Pandemic, Roadmap for Future State of Operations

P.16 Why Now, is the Best Time to Set Up a Medical Equipment Disposition Program

P.19 Word on the Street: What COVID-19 challenges have

you and your facility faced over the past year? How did you overcome them?

P.20 USOC Bio-Medical Services P.23 HHS Awards Over $32 Million in American Rescue Plan Funding to Expand COVID-19 Training and Support for Health Centers

P.24 College of Biomedical Equipment Technology P.27 Word on the Street: What advice can you give your

As always, we say thank you and applaud the men and women of HTM along with every health care system employee who stepped up in a time of crisis to provide quality care to patients. Sincerely,

fellow HTM colleagues moving forward?

P.27 Word on the Street: Are there any pandemic

takeaways you will keep implementing as part of how you do your job moving forward?

P.28 The Value of ACI Imaging Equipment Certification: A

John Wallace, Editor TechNation

Decision Maker’s Guide

P.30 HIPAA Headaches - Hybrid ePHI+Malware DICOM Image Files

Advancing the Biomedical/HTM Professional

COVID-19 | DIGITAL SUPPLEMENT

EMPOWERING

THE ENGINEER

Test bays and an expansive

Flexible service support

Our in-depth program was

System sales, upgrades,

warehouse to provide

from our expert team; when

created to uniquely bridge

installations, and

quality imaging parts, fast!

and where you need.

the gap between training

de-installations.

PARTS

SERVICES

TRAINING

EQUIPMENT

and real world service.

Tri-Imaging Solutions is an independently owned replacement parts, support services, training, and pre-owned equipment sales company for the diagnostic imaging industry.

VISIT WWW.TRIIMAGING.COM ISO 13485:2016 CERTIFIED

OR CALL 855.401.4888 (24/7/365)

NATIONAL LEADERS COLLABORATE ON COVID-19 LESSONS FOR HEALTH CARE VALUE ANALYSIS TEAMS ECRI, AHVAP issue risk mitigation strategies

CRI, the nation’s leading independent patient safety organization, and the Association for Healthcare Value Analysis Professionals (AHVAP) have partnered on a report that outlines key supply chain lessons and important risk mitigation strategies learned from the COVID-19 pandemic. Their new white paper, “Evolution of Risk Mitigation in Value Analysis during the COVID-19 Pandemic,” is part of a collaboration aimed at advancing value analysis best practices.

The pandemic exposed vulnerabilities on many levels in health care supply chain, particularly those associated with ensuring adequate supply of personal protective equipment (PPE). Disruptions to the supply chain forced providers to pivot to non-traditional suppliers. New technologies were introduced rapidly without definitive safety and efficacy evidence. “While a devastating experience, the COVID-19 pandemic offers critical lessons for supply chain and value analysis professionals,” says Andrew Furman, MD, MMM, FACEP, executive director, clinical excellence at ECRI. “Among them is the critical role that physicians play in the value analysis process, especially in assessing clinical evidence, to ensure patient safety and outcomes.” The joint white paper outlines important COVID-19 lessons that will help health care value analysis and supply

Advancing the Biomedical/HTM Professional

chains think differently to prepare and mitigate future risks. • Recognize opportunities for improvement. Donated supplies, product discontinuations, and disruptions with traditional suppliers created vulnerabilities during the pandemic. ECRI and AHVAP recommend that health care organizations, manufacturers, suppliers, group purchasing organizations, and distributors work closely together to ensure that the right supplies are available to meet patient needs. Rapid changes require staff education to avoid potential safety errors. • Improve processes by evaluating vulnerabilities. The disruption to longstanding relationships between providers and traditional suppliers forced providers to source from nontraditional suppliers. Providers quickly learned that nontraditional suppliers, especially international suppliers, needed thorough, rapid, and repeated vetting. ECRI, AHVAP, and the Association for Health Care Resource & Materials Management (AHRMM) established a list of prequalifying questions for selecting nontraditional suppliers. Among their recommendations are tracking country of origin, reevaluating inventory models, and re-

evaluating partnerships and collaborations. • Access clinical evidence on emerging technologies and therapies. Involve physicians in the decision-making process to achieve positive patient and health system outcomes, and prevent diversion of critical resources when supplies, finances, and staff are strained. ECRI and AHVAP advise pulling in physicians and c-suite leadership, especially when selecting new technology. “Through closer integration, physician engagement, and a stronger reliance on evidence-based strategies, we see many new opportunities to reduce risk, cut costs, and improve care for all patients,” says AHVAP President, Susan Toomey, BSHA, CVAHP, CMRP, senior value analysis coordinator, Lehigh Valley Health Network.

The ECRI and AHVAP white paper, Evolution of Risk Mitigation in Value Analysis during the COVID-19 Pandemic, is available for free download at www. ecri.org/ecri-ahvap-whitepaper-evolutionrisk-mitigation-value-analysis-covid-19. For more information about ECRI, visit www.ecri.org, call 610-825-6000, or e-mail clientservices@ecri.org. For more information about AHVAP, visit https:// www.ahvap.org/ or e-mail info@ahvap.org.

COVID-19 | DIGITAL SUPPLEMENT

LESSONS FROM COVID-19

REFRAMING THE DISTRIBUTION OF RESPONSIBILITY FOR MEDICAL DEVICE SECURITY

ver the last year, the world was forced to adapt to the “new COVID normal.” In addition to surges of patients, healthcare has borne the brunt of the crisis while navigating staff, budgetary, equipment, and time shortages. Cyberattacks against healthcare also rose significantly, accentuating the need for biomed/CE teams to include medical device security within their scope of responsibility, and combine their healthcare industry intelligence expertise with the expertise of their IT/security counterparts.

MEDICAL DEVICES: THEIR ROLE IN THE NEW THREAT LANDSCAPE The growing number of (vulnerable) connected medical and IoT devices in clinical ecosystems has made hacking clinical networks easier than ever. Cyberattacks on hospitals are at crisis levels: Ransomware attacks rose by 580% in the second half of 2020. Attacks forced hospital shutdowns and returns to pen and paper records. They led to disruptions in medical treatments and a patient’s death. WHAT DO MEDICAL DEVICES HAVE TO DO WITH HOSPITAL SECURITY? Smart, connected medical devices make

DIGITAL SUPPLEMENT | COVID-19

care delivery easier, faster and more accessible, but many are extremely vulnerable to cyber attacks. Myriad devices run outdated OS/firmware that can’t be updated or patched. Devices that can be are often connected to patients. Finding times to safely disconnect devices for critical maintenance can take weeks or months, depending on inventory and availability. Delays are common and leave millions of medical devices exposed to threats. These delays expose devices connected to vulnerable ones to risk, placing the wider clinical network under threat. Although risk awareness has improved, there’s still a huge knowledge gap about risks and how they can infect and affect medical devices. MEDICAL DEVICES & CYBER RISK Malware can enter medical devices from various threat vectors. A few examples include: 1. Nurse stations connected to the Internet and to medical devices can get infected with malware 2. A third-party vendor gets compromised, infecting medical devices through an approved vendor connection (this can include VPN connections) 3. IP cameras on the same network as

medical devices get infected, allowing malware to spread to medical devices Any device (medical, non-medical IoT and IT) that connects to the Internet is vulnerable to attack - but medical devices’ risk impact is greater because they’re involved directly in patient care. MALWARE’S EFFECT ON MEDICAL DEVICES The repercussions of cyberattacks like ransomware can vary greatly, causing reputational and fiscal damage, and even negative patient outcomes. Successful attacks can give cyber criminals unauthorized access to medical devices, which can: Allow them to steal patient data (ePHI), sell it on the black market and/or hold it for ransom Grant remote access to devices, allowing the manipulation of device functions (e.g. change the dosage delivered by an infusion pump, or falsify the output recorded by a heart monitor) Force devices to shut down in a DoS (denial of service) attack, causing a cascade effect across a hospital, leading to the complete shutdown of connected devices and the inability to deliver medical care The risk to medical devices is clear but assigning responsibility for their cybersecurity is complicated. Should

www.1TechNation.com

SPONSORED CONTENT

biomed/CE or IT/security teams be responsible, or should responsibility be shared? MAPPING OUT THE SCOPE OF RESPONSIBILITY FOR MEDICAL DEVICE CYBERSECURITY Biomed/CE responsibilities have typically concerned managing medical device lifecycles, inventory and visibility; tracking utilization patterns; and procuring new devices. As medical devices and threats evolve, biomeds must also share responsibility for medical device security. This means fostering a close alignment with hospital IT/security teams. The Importance of Bridging the Gap Between Biomed/CE & IT/Security Siloed biomed/CE and IT/security departments are common. But in today’s cyber climate, lack of communication isn’t something we can afford in health care. Traditional IT tools don’t recognize connected medical or IoT devices, rendering them invisible to IT/security teams, and making it impossible to effectively manage organizational risk. If a clinically aware asset management solution is used to discover these devices, it’s imperative clinically intelligent policies are enforced for them, or critical medical device communications may be blocked - risking disruptions to clinical workflow and jeopardizing patient safety. DISTRIBUTING RESPONSIBILITY ACROSS TEAMS Crafting clinically intelligent security policies that account for health carespecific protocols and communications requires biomed/CE and IT/security teams to distribute medical device security tasks between them. Patching and updating OS/firmware to ensure at-risk devices continue to function properly falls to biomed/CEs, but IT/ security must provide the correct patch. Network segmentation and complex device vulnerabilities fall to IT/security, but collaboration is key: Biomed/CE teams know devices’ standard behaviors and how critical they are to clinical workflows. Providing IT/security with this Advancing the Biomedical/HTM Professional

information is the cornerstone of medical device risk management and improving hospitals’ cyber hygiene and organizational risk scores. Without this critical healthcare industry intelligence, IT/security teams can’t construct security infrastructures that guarantee operational safety and clinical service continuity. LEVERAGING AI-POWERED, HEALTH CARESPECIFIC SOLUTIONS TO STREAMLINE THE PROCESS Closing the gap between siloed biomed/CE and IT/security departments, distributing responsibility for medical device security, and building operationally safe security infrastructures can be overwhelming and have often been put on the back burner. Luckily, health care-specific solutions leveraging the power of AI and threat intelligence research can make it easier for teams to sync and collaborate. That’s why bridging the gap between AI and healthcare industry intelligence professionals is just as important as bridging the gap between teams. THE IMPORTANCE OF (HUMAN) HEALTH CARE INDUSTRY INTELLIGENCE TO A SOLID SECURITY PROGRAM Health care-focused security solutions use clinically intelligent AI to automate inventory and discovery, device profiling, and risk remediation and mitigation. But AI only goes so far. It’s not enough in today’s cyber climate to understand your own clinical environment - external intelligence is also needed to understand how threats behave in the wild, across the global healthcare industry. This is why the best health care IoT security solutions combine the power of AI with clinical threat intelligence research. Being able to monitor and crossreference static (e.g. MDS2 forms) and dynamic data from your clinical environment against industry benchmarks, trends and live security information (e.g, FDA recalls, new patches and newly discovered vulnerabilities) is critical to emergency preparedness, risk

management optimization and prolonging device life cycles. Threat intelligence teams will ensure you have the most up-to-date threat intel at your fingertips combined with the power of AI, leading to more accurate and actionable response plans. PUTTING IT ALL TOGETHER: BUILDING OPERATIONALLY SAFE SECURITY INFRASTRUCTURES FOR MEDICAL DEVICES Clinical threat intelligence research found that the best way to combat cyberthreats against health care is by setting up a security infrastructure based on the NIST Zero Trust framework.

Adopting operationally safe Zero Trust security infrastructures for medical and IoT devices can greatly reduce risk but requires tight cross-team alignment. By working together and leveraging the power of AI solutions and human healthcare industry intelligence, biomed/CE and IT/security teams can quickly achieve healthcare-safe policies that: • Prevent medical and IoT devices from using unnecessary connections • Contain attacks to specific network segments • Harden connected medical and IoT device services to reduce their security impact • Isolate infected devices to prevent breaches from spreading TO LEARN MORE about adopting operationally safe Zero Trust security infrastructures and bridging the gap between your biomed/CE and IT/ security teams, download Cynerio’s white paper,

Adopting Healthcare-Safe Zero Trust Security, or contact us.

COVID-19 | DIGITAL SUPPLEMENT

Your Teams Do So Much More than Just Maintenance Your CMMS Should Too

Ensure you’re prepared for the next emergency now. Learn how Sutter Health has developed tools in their CMMS to make sure they are more prepared when the next big emergency occurs.

Click here to watch their story

Cross-Department Functionality Support better patient care together, on one system,

With Nuvolo Connected Workplace for Healthcare, all teams are connected

to get work done faster and more efficiently.

Reporting Ensure safety and compliance through automated inspections and comprehensive reporting.

Financial Analytics Control costs with a complete view into your hospital’s equipment and facility maintenance expenses.

Operations Simplify your Alternative Equipment Maintenance (AEM) program with automation and reporting.

Learn more at Nuvolo.com or sales@nuvolo.com

Call us at: (866) 468-8656

t e e r t S e h t n Word o What is one thing you know now that you wish you’d known 1 year ago?

ANSWERED BY

• Chris Nowak, Senior Director, Universal Health Services • Dave Franceour, Senior Vice President of Marketing & Sales, TKA • Larry Fennigkoh, Adjunct Professor, Milwaukee School of Engineering • Ryan Harris, Director of HTM, Texoma Medical Center

Advancing the Biomedical/HTM Professional

COVID-19 | DIGITAL SUPPLEMENT

SOMA SERVES, GROWS AMID PANDEMIC W hile the health care industry is often resilient in the face of economic recession, COVID-19 proved to be an unfathomable type of challenge. Many hospitals were overwhelmed by COVID-19 patients while simultaneously being confronted with reduced revenue from postponed elective surgeries. In the non-acute space, many surgery centers temporarily closed because of the ban on non-emergency surgery. Local medical practices closed, or significantly reduced their hours, because of PPE shortages while patients feared contracting the disease. Many consumer-focused industries continue to be impacted by the pandemic. However, as cases have decreased, health care has been able to return to some semblance of normality: doctors are seeing patients for non-emergencies, hospital beds

DIGITAL SUPPLEMENT | COVID-19

are once again available for non-COVID patients and surgery centers have resumed conducting the elective surgeries that were postponed.

Soma Tech International was affected in many of the same ways as the health care industry at large, with an initial disruption in the spring of 2020 followed by a slow but steady climb back to an approximation of normalcy. However, unlike some health care businesses, Soma was able to remain at work throughout the pandemic; pivoting from its normal focus on surgical equipment for hospitals and surgery centers to focusing exclusively, for a time, on life-saving equipment (ventilators, infusion pumps, patient monitors, etc.) for acute care facilities. When the first waves of the

novel coronavirus hit the Northeast this past spring hospitals in New York/New Jersey and Connecticut were in desperate need. Soma leadership knew that it had both the equipment and the expertise to do its part to ensure that patients would not go without care for lack of proper medical equipment. To that end, Soma redesigned its production lines to put all of its resources toward refurbishing as much ICU equipment as it could, as quickly as possible. Soma quickly shifted from having each of its biomedical engineers specialize in a different category of equipment to an assembly line model structure where every engineer was trained to work on specific components to ensure many pieces of equipment could be refurbished simultaneously. Even the Soma sales and accounting teams pitched in as they were

www.1TechNation.com

SPONSORED CONTENT

able. For weeks, the engineering team worked 15- and 16-hour days, six or seven days per week to meet the need. Dedicated customer trucks waited on the loading docks to immediately ferry the ventilators, monitors and infusion pumps to their needed destinations. Soma were also flexible with customers, with the hopes that the pandemic would only be temporary. Soma offered rental equipment instead of selling them so that the devices could be returned once the local surge subsided. Altogether, Soma rented out several thousand infusion pumps and patient monitors as well as approximately 2,000 ventilators over the past year. Helping the local hospitals through the initial surge provided Soma with a blueprint that it was able to use to help other facilities around the country when they experienced a surge. Soma was especially involved in helping facilities during the Texas spike over the summer and in those in California this past fall and winter. Thankfully, these surges seem to be in the past. Hospitals and surgery centers are resuming elective surgeries. Soma’s engineering team is back to working on specific non-acute care products (C-arms, surgical tables, electrosurgical generators, ECGs, etc.) that each of them ordinarily specializes in. Some of Soma’s surgical center customers are busier than ever as they work their way through the backlog of cases that the pandemic forcibly postponed. Those centers that need to replace equipment can find themselves in a bind as they may have less capital available than normal after being closed for several weeks or months. For these facilities, Soma offers medical equipment that is refurbished back to original manufacturer’s specifications. These refurbished devices offer significant cost savings, compared to new devices, Advancing the Biomedical/HTM Professional

fter more than a year of helping health care partners A combat the coronavirus, Soma Tech International is excited by the prospect of a return to business-as-usual. that is valued now more than ever. Soma also offers financing and flexible payment options for facilities that prefer to spread payments out over time. Despite the myriad negative effects of COVID-19, Soma found opportunities for growth amongst the hardships. By batch processing orders during each of the regional peaks, Soma was able to save precious time and resources. Some has also forged new relationships with suppliers and customers. Now that these facilities and hospital groups have seen the expertise

and value that Soma offers, the company’s leadership looks forward to fulfilling their capital medical equipment needs for many years to come. After more than a year of helping health care partners combat the coronavirus, Soma Tech International is excited by the prospect of a return to business-as-usual, though the comapny stands ready to put its pandemic-related expertise to work should the need arise once again. LEARN MORE about Soma Technology at www.somatechnology.com/ COVID-19 | DIGITAL SUPPLEMENT

Secure. Faster.

Empowering Biomed & CE Teams with Healthcare-Safe Zero Trust Security We do the heavy lifting in medical device security so you can focus on caring for your patients

A year of COVID-19 brought a record-breaking number of cyber attacks on healthcare. We’re here to help you solve the crisis. Download the report to discover 3 main drivers that make the case for achieving medical device security with Zero Trust and how you can: ◼ Tackle ransomware, patching, and outdated operating systems ◼ Navigate the gap between Biomed/CE teams and IT security ◼ Ensure the access and availability of all connected medical devices

Download the Report

About Cynerio Cynerio is the one-stop-shop Healthcare IoT security platform. With a full suite of medical device management and security solutions, Cynerio gives hospitals everything they need to stay cyber-secure and focused on their top priority: the delivery of quality patient care.

FDA OUTLINES INSPECTION AND ASSESSMENT ACTIVITIES DURING PANDEMIC, ROADMAP FOR FUTURE STATE OF OPERATIONS

he U.S. Food and Drug Administration has issued a report titled, “Resiliency Roadmap for FDA Inspectional Oversight,” outlining the agency’s inspectional activities during the COVID-19 pandemic and its detailed plan to move toward a more consistent state of operations, including the FDA’s priorities related to this work going forward.

“Like most organizations around the world, the FDA experienced unprecedented and unique challenges during the SARS-CoV-2 pandemic. In particular, our inspection, surveillance and compliance activities were significantly impacted,” said Acting FDA Commissioner Janet Woodcock, M.D. “The FDA fully understands the importance of getting back to a more consistent state of inspectional capacity. This plan provides the public with a transparent picture of both the successes and challenges we’ve faced in these areas over the past year, as well as our plan moving forward. We want to assure the American public that we have used a variety of tools to oversee the regulated industry and ensure that Americans continue to have access to safe food and high-quality FDA-regulated products.” In March 2020, the FDA announced that it was temporarily postponing all domestic and foreign routine surveillance facility inspections, while continuing mission critical inspections when possible. Beginning the week of July 20, 2020, the FDA began to work toward resuming prioritized domestic inspections using its COVID-19 Advisory Rating system. The report outlines inspections that the agency was unable to complete during the past year due to travel restrictions or inability to ensure the safety of our workforce or the workforces the agency regulates. The report also outlines the number of mission-critical inspections the

Advancing the Biomedical/HTM Professional

agency completed during that time, such as inspections of facilities for which there was a drug shortage, inspections needed for the approval of novel drugs or drugs related to the potential treatment of COVID-19, support of pre-market and pre-license applications and response to foodborne disease outbreaks or other food safety risks such as undeclared allergens. Among other things, the report highlights: • From March 2020 through March 2021, the FDA conducted a total of 821 mission-critical inspections, including 29 in foreign countries. • Additionally, the agency conducted a total of 777 prioritized domestic inspections since resumption of that work in July 2020. • Of the more than 13,500 applications for medical product approval or authorization received since March 2020, an estimated 68 applications have been delayed due to the inability to conduct inspections — and a majority of those are not deemed mission critical. Additionally, the report outlines the FDA’s continued successful use of alternative tools and approaches where inspections were or are not currently feasible, including remote interactive evaluations (e.g., remote livestreaming video of operations, teleconferences or screen sharing), record requests and leveraging information from trusted regulatory partners. For example, over 1,300 record requests have been made to human and animal drug and biologic drug manufacturers that have led to a high level of on-time regulatory decision actions. The report further outlines the ongoing steps the agency is taking in order to resume standard operational levels of inspection activities, including how it intends to prioritize domestic and foreign inspections that were not performed

during the pandemic. The plan highlights a variety of possible scenarios given the continued uncertainty of the trajectory of the ongoing pandemic. Inspections considered critical to the FDA’s mission will remain the primary focus. When planning routine surveillance inspections, the agency will prioritize higher-risk establishments. Therefore, a longer interval between inspections will occur for the less high-risk facilities as the FDA adjusts to the impact of the COVID-19 pandemic. This means that postponed inspections will be prioritized based on risk and conducted over a longer period of time, ultimately increasing the amount of time between inspections of certain lower-risk facilities. The agency will also soon begin a multi-year modernization effort to further transform our data enterprise platforms and cross-program interoperability infrastructure to better support innovation related to its regulatory oversight role, including remote approaches. This modernization effort will include a review of inspectional approaches using next-generation assessment technologies and improvements. The FDA is also establishing an agency-wide FDA Inspectional Affairs Council that will plan and coordinate inspectional activities. The agency intends to share more information on these efforts as this work progresses. The FDA will continue to leverage and maximize every available tool and resource to meet its inspectional responsibilities, while achieving optimal public health outcomes. Related Information • Resiliency Roadmap for FDA Inspectional Oversight • FDA Voices: FDA’s Ongoing Use of Inspectional Tools for Ensuring Access to Safe, Quality Food and Medical Products During the COVID-19 Pandemic • Coronavirus Disease 2019 (COVID-19)

COVID-19 | DIGITAL SUPPLEMENT

SPONSORED CONTENT

WHY NOW, IS THE BEST TIME TO SET UP A MEDICAL EQUIPMENT DISPOSITION PROGRAM TIME. MONEY. SPACE.

s several states are now requiring hospitals to have at least a threemonth supply of masks, gloves, gowns and other PPE on hand, extra space to store unused retired or surplus biomedical, imaging and laboratory equipment is no longer a luxury healthcare facilities can afford. Creating an asset disposition plan that works for your healthcare system will be crucial following the pandemic to provide hospital staff more time, money, and space to do what they do best and serve their patients.

ZRG Medical has worked with many hospitals and healthcare systems of all sizes to create cost-neutral and even profitable tailored equipment disposition programs that fit each facility’s needs and goals. ZRG Medical provides full-service safe and environmentally conscious equipment liquidation services to healthcare facilities that want their surplus equipment to have a second life. We offer transparency and accountability in our practices through our online customer portal providing 24/7 access to inventory lists, releases of liability, and recycling and donation records certificates. LEARN MORE about ZRG Medical at www.zrgmedical.com

DIGITAL SUPPLEMENT | COVID-19

BREAKING NEWS!

“ Creating an asset disposition plan that works for your healthcare system will be crucial following the pandemic to provide hospital staff more time, money and space so that they can do what they do best, serve their patients.” www.1TechNation.com

MEDOT.NET Medical Equipment

De-installed On-Time We deinstall and install all imaging systems including Varian linear accelerators We have been working with hospitals and clinics across the country for 30 years with 100% satisfaction

JOIN THE MEDOT.NET TEAM! Working partner needed for established de/reinstall imaging company. Percentage of Ownership for the right engineer.

We also buy, sell most pre-owned imaging systems and medical devices PLEASE VISIT OUR WEBSITE FOR SOURCING SYSTEMS AND PARTS medot.net

(727) 678-4134

info@medot.net

s t h g i s n I d e m Bio What COVID-19 challenges have you and your facility faced over the past year? How did you overcome them?

ANSWERED BY

• Clarice Holden, Chief Biomedical Engineer, VISN 17, Heart of Texas Healthcare Network • J.C. Newell, Director of HTM, JPS Health Network • Chris Nowak, Senior Director, Universal Health Services • David Braeutigam, Consultant, Author, Educator, Braeutigam Enterprises LLC

Advancing the Biomedical/HTM Professional

COVID-19 | DIGITAL SUPPLEMENT

USOC BIO-MEDICAL SERVICES A li Nazem Youssef is the CEO at USOC Bio-Medical. Along with many advanced technical certifications, he has earned a bachelor’s degree in Electrical Engineering from the University of California, Irvine where he is currently pursuing a master’s degree in Electrical Engineering. Ali N Youssef has been involved in the growth of other biomedical repair facilities throughout the years, that experience gave him the ability to see what does and does not work in producing a successful biomedical engineering business. The knowledge motivated him to pursue his goal of owning and operating USOC. The father of four is always waiting for his next challenge. His passion for his work and the love for his family is what makes USOC the industry example that sets the bar sky high.

Youssef founded USOC in 2009 to offer “simple solutions for complex devices” – namely, biomedical equipment, patient monitors and durable medical equipment. Ali Youssef’s goal was to create an efficient and reliable repair company and that focus continues to motivate the entire team at USOC.

DIGITAL SUPPLEMENT | COVID-19

Today, USOC employs more than 100 people who provide biomedical equipment repair solutions to health care facilities, clinics and medical companies of all types and sizes. The company’s commitment to providing high-quality, cost-effective equipment and services is reflected in its ISO 9001:2008 and 13485:2016 certifications. USOC, located in Irvine, California, has a proven approach designed to keep medical equipment running in peak condition at a guaranteed cost savings. USOC is a leader in the medical device industry determined to know its customers, provide high-quality services, build solid relationships, and maintain vendor neutrality. The company’s core values are quality, integrity, innovation, accountability, collaboration, and leadership. We recently gathered more details about the company.

an you share a little bit about C your company’s history and how it achieves success?

USOC: One of the keys to USOC’s success lies in our commitment to understanding not just the equipment, but each customer’s

unique situation, level of expertise and needs. The company has achieved success by understanding the pressures today’s health care professionals face. Another key to USOC’s success is that Youssef created a team, not just employees that work together. They treat everyone with respect, trust, and care for each other. Our innovative practices and expert engineers have allowed us to reduce the price of patient monitoring service without sacrificing quality. In 2016, the Small Business Association (SBA) presented a special achievement award to USOC Founder and Owner Ali Youssef. The company has grown from its original three employees in 2011 to more than 100 staff members!

hat are some advantages W that your company has over the competition?

USOC: Our added value is our value proposition, especially compared to the competition. We are more than a repair facility for our biomeds, we act as a partner to help facilitate the repair process. We create a partnership with the biomeds and support them. We are the biomed shop

www.1TechNation.com

SPONSORED CONTENT

for our biomeds as well as 24/7 technical support. We understand more than anyone else the biomed’s needs as our CEO is a biomed and serves as our lead technician and head engineer. We have leveraged our experiences to create a unique repair facility that meets the quality standards and turn times of each valued customer. Our quality is the reason we have the confidence to offer a 12-month end-to-end warranty for most repairs. We facilitate our biomeds’ daily tasks through our updated customer portal (USOC e-link) that is used not only for repairs but also provides support and guidance. We also have an emergency kit for our biomeds. The emergency kit consists of the most popular items that break down. It can be used as an exchange program when devices break down.

hat were some of the challenges W your company faced last year during the COVID-19 pandemic?

USOC: First, USOC would like to express our appreciation for the health care industry’s hard work and dedication during this time of crisis and uncertainty. We realized last year that we had a special role during this unprecedented time, supporting our families and communities both locally and nationwide. Although at times our stock ran short, we were able to respond to an increasing demand for our services and continue to give the best service to our customers.

an you explain your company’s C core competencies?

USOC: USOC provides biomedical equipment repair solutions to health care facilities, clinics and medical companies in the USA and Canada. Here is how it works: The hospital calls for troubleshooting and, if necessary, sends equipment to us. We test, diagnose, and repair it at our facility and then send it back to them. We offer a warranty Advancing the Biomedical/HTM Professional

“If you just sit at home and only work for a few hours a day, nothing will get done and you won’t achieve your goals. Do not waste your time.” – Ali Youssef

Ali Nazem Youssef, CEO USOC Bio-Medical that allows the biomed shop to send the equipment back free of charge if there is ever a problem. We also offer continuing troubleshooting over the phone. If the equipment needs to be sent in for repair, USOC will program a loaner based on the hospital’s data and expedite shipping to the facility.

hat product or service are you W most excited about right now?

USOC: We are excited about patient monitoring and the development of cost-effective ways to perform repairs on products as well as the implementation of software that enriches and eases the customer experience. We are also excited about our brand-new customer portal that will allow all our clients to manage their repairs, create a Return Goods Authorization (RGA), print a shipping label, follow the different stages of the repair, and have a complete dashboard of all their repairs with USOC BioMedical Services.

hat is your company’s mission W statement?

USOC: Our vision is empowering better patient health with technical insights. Our three goals are to promote a healthier world, build value and create an inspiring

workplace. Our five-point strategy to achieve our goals are innovative growth, drive operational excellence, simplify the organization, focus on technical information services, and deliver great products and services. An important part of the USOC Bio-Medical Services environment are our behaviors, which are customer focused, performance oriented, united as one team, transparent and agile. The core values at USOC Bio-Medical Services are quality, integrity, innovation, accountability, collaboration, and leadership. In closing, we asked Youssef what he those starting out in this industry should know. He said it is important to believe in oneself and that the saying “anything is possible if your work hard” is true and not just a cliché. He recalls that when he started USOC he did every job. He worked long hours, including some days when he worked past midnight and into the early morning hours of the next day. Youssef stressed the importance of setting goals, being efficient and teamwork. “If you just sit at home and only work for a few hours a day, nothing will get done and you won’t achieve your goals. Do not waste your time,” he said. Youssef also stressed self-confidence. If one person can achieve something than “you can do it too.” He said some days will be easy, but others will come with challenges and problems. The key, he said, is to face the problems head on and work hard to resolve them. Then, move forward and on to the next task. LEARN MORE about USOC at www.usocmedical.com COVID-19 | DIGITAL SUPPLEMENT

2179 East Lyon Station Road • Creedmoor, NC 27522 Toll Free: 877.255.9472 • Phone: 919.255.9472 www.csmedicalllc.com • info@csmedicalllc.com

HHS AWARDS OVER $32 MILLION IN AMERICAN RESCUE PLAN FUNDING TO EXPAND COVID-19 TRAINING AND SUPPORT FOR HEALTH CENTERS

Targeted investments will promote effective and efficient use of resources to support equitable access to COVID-19 vaccination, testing, treatment

hrough the American Rescue Plan, the U.S. Department of Health and Human Services (HHS), through the Health Resources and Services Administration (HRSA), awarded over $32 million to 122 organizations that provide training and technical assistance support to HRSA Health Center Program-supported health centers nationwide. These organizations — Primary Care Associations (PCAs), National Training and Technical Assistance Partners (NTTAPs), and Health Center Controlled Networks (HCCNs) — will use the funds to provide health centers with critical COVID-19 related training, technical assistance, and health information technology support.

“Health centers play a critical role in responding to COVID-19 in their communities,” said HHS Secretary Xavier Becerra. “This funding will help ensure that health centers serving medically underserved communities and those disproportionately impacted by COVID-19 have the training and support they need to provide equitable access to COVID-19 vaccination, testing, and treatment.” Approximately $16 million will be awarded to 52 PCAs to support statewide and regional COVID-19 training and technical assistance activities,

Advancing the Biomedical/HTM Professional

including helping health centers ensure medically underserved individuals and communities receive access to high quality preventive and primary health care services. Approximately $5.5 million will be awarded to 21 NTTAPs to provide national training and technical assistance activities in their specific areas of expertise, including assisting health centers to provide services for migrant and seasonal agricultural workers, residents of public housing, and individuals experiencing homelessness. Approximately $10.5 million will be awarded to 49 HCCNs to support and expand the use of health information technology and data in health centers to enhance the impact of their COVID-19 response efforts. “Our training and technical assistance partners help ensure that our health centers can provide COVID-19 testing, treatment, and vaccinations as effectively and efficiently as possible,” said Acting HRSA Administrator Diana Espinosa. “This funding will promote access to key resources for health centers serving underserved communities that have been especially hard hit by COVID-19, including agricultural workers, rural populations, and people experiencing homelessness.” HRSA Health Center Program-funded health centers are community-based and patient-directed organizations that deliver

affordable, accessible, quality, and costeffective primary health care to nearly 30 million patients each year. Over 91% of health center patients are individuals or families living at or below 200% of the Federal Poverty Guidelines and nearly 63% are racial/ethnic minorities. Health centers across the nation are playing vital roles in supporting local community responses to the COVID-19 public health emergency. Resources For a list of PCA award recipients, visit: https:// bphc.hrsa.gov/program-opportunities/arp-primary-care-associations/awards For a list of NTTAP award recipients, visit: https://bphc.hrsa.gov/program-opportunities/arp-national-training-technical-assistance-partners/awards For a list of HCCN award recipients, visit: https://bphc.hrsa.gov/program-opportunities/arp-health-center-controlled-networks/ awards For more on HRSA’s Health Center Program training and technical assistance partners, visit: https://bphc.hrsa.gov/qualityimprovement/ strategicpartnerships/index.html.

COVID-19 | DIGITAL SUPPLEMENT

COLLEGE OF BIOMEDICAL EQUIPMENT TECHNOLOGY I t has been a tough year for most, including those of us in education. The upheaval caused by closed campuses and restrictions placed on travel, socialization, and other everyday activities, has led to disruptions and, in some cases, permanent closings of programs and colleges across the United States. Navigating through the turbulence has been a challenge. However, surviving and even thriving in these difficult circumstances has come down to a couple of essential elements: the adoption of a “team of teams” approach; the commitment to excellence in service; and focusing on what we do and striving to do it better. At CBET, we are approaching these unique challenges as opportunities.

NAVIGATING THE THROUGH THE TURBULENCE WITH A TEAM OF TEAMS APPROACH Accomplishing our mission while navigating the complexities of the current environment has hinged on our team of teams’ strategy. The truth is that we can no longer afford to approach HTM education through a purely competitive lens. Less competition and better collaboration and cooperation are necessary, and COVID has underscored this reality. Three years ago, we began establishing an educational consortium of like-minded organizations with whom we can collaborate to solve problems and to develop, and ultimately deliver, higher quality education, training, and job placement services to our students. The industry response to this initiative has been overwhelmingly positive. The concept of an HTM Education Consortium includes a collaborative effort involving the College of Biomedical Equipment Technology (CBET), Southeastern Community College in Iowa, Charter College, Charter Career Academy, and others with whom we have shared best practices, integrated new concepts, 24

DIGITAL SUPPLEMENT | COVID-19

and developed innovative approaches. “Intellectually, we all know that relational thinking and action is sustainable whereas transactional thinking, though good for the moment, is short lived. Too often, though, we choose the latter over the former. Our engagement in this consortium is refreshing and enlivening,” according to Shane Reeder of Charter College. The result of this approach has been the formation of strong alliances with like-minded HTM educators willing to challenge the status quo and address rapidly evolving education, training, and workforce needs more efficiently and effectively. Over the past year, we’ve focused on aligning and forming personal and strategically important professional relationships with our industry partners. Industry representatives serve on our academic advisory boards and support our externship and job placement initiatives. Advisory Board members help us steer our programs by contributing to our continuous efforts to revise, refine, improve, and validate our curricula to ensure that outcomes are consistent with industry requirements. Throughout next year, as the country continues to reopen and hiring freezes begin to expire, we will need to place between 100-150 graduates in externships in the U.S., a task made possible because of the confidence in the quality of our programs and the demonstrated skills of our graduates. Externship sponsors support the hands-on components of our BMET certificate and degree programs by serving as mentors, advisors, coaches, and supervisors during a structured sixweek training and evaluation period. We understand that, for this concept to work, relationships of trust are essential. Further, the support we have received from the Association for the Advancement of Medical Instrumentation (AAMI) and healthcare societies and biomedical associations nationally has

Dr. Richard L. “Monty” Gonzales President, College of Biomedical Equipment Technology been invaluable. AAMI’s Vice President of HTM, Danielle McGeary, serves on our academic advisory board and has played a strategically important role in ensuring our programs align with industry recognized standards and best practices. Similarly, associations, like the Kentucky Association of Medical Instrumentation (KAMI), the Hawaii Healthcare Technology Management Association, the Central Florida Biomedical Society, the Healthcare Technology Management Association of South Carolina, and others, have contributed to our understanding of evolving workforce needs and helped us better connect our program graduates with mentors across the country. COMMITMENT TO EXCELLENCE COVID-19, while challenging for education generally, presented an exciting opportunity for colleges with online programs, including ours. Almost overnight, practically every college and university in the world began moving their curricula and programs online out of necessity. For years, we have argued and proved with the quality of our graduates that online programs can be as effective www.1TechNation.com

SPONSORED CONTENT

as in a traditional setting. Looking to the future, we feel strongly that online training and educational programs will surpass traditional brick-and-mortar programs as the solution to educating the workforce. Our partnership for quality with our accrediting agency, the Accrediting Council for Continuing Education and Training (ACCET), is the cornerstone of our college’s commitment to our students and the healthcare industry we serve. As the President of a nationally accredited vocational college and graduate of a regionally accredited college, I can attest to the fact that a commitment not only to quality assurance, but quality improvement has played an essential role in ensuring our programs serve the interests of our students and industry partners. We are committed to establishing a reputation as a healthcare technology management education and training center of excellence. As an online college, our instructors serve as the brick and mortar of the institution. Small organizations benefit from the luxury of hand-picking their teams – our academic cadre includes industry professionals and veterans with decades of experience in leadership, education, and healthcare. Because we are hyper-focused on HTM education, we approach the hiring of our instructors strategically. As a result, we have been able to form a deep talent pool of innovative, creative, and dedicated instructors committed to revolutionizing education and training. An additional essential characteristic of our college is our agility and desire to close the gap between teaching and industry demands. One of the best examples of our collaborative work in this area is our affiliation with the Medical Imaging Solutions Group. David Anthony, Vice President and Chief Operations Officer at MIS, and his team have partnered with us to strengthen the imaging content in our BMET program and to explore innovative approaches to enhancing imaging training Advancing the Biomedical/HTM Professional

for the industry. Relationships of trust, such as the one we have fostered with MIS, have helped us improve program quality, lower costs, and strengthen confidence in the knowledge and skills of our graduates. REVOLUTION, NOT EVOLUTION! Education has turned to comfortable routines and normal patterns rooted and protected in centuries of academic tradition for far too long. We believe this typical pattern is failing students and not fulfilling our obligations to the healthcare industry. We reject the status quo and believe that future success hinges on revolutionary change to meet exponentially developing changes and needs in our industry, the type of change we see with breakthrough discoveries rather than the slow evolution customary in higher education. The next frontier in education must be more dynamic, more flexible, student-centered, and aligned with workforce demands and expectations, which, in our industry, appear to be changing at the speed of light. We are not simply talking about moving education online; we are talking about what is next. To revolutionize how we deliver on our promise, we are focusing on the rapidly evolving needs of the healthcare community. We are developing virtual reality content to support our online education programs and students’ continuing education and professional development needs. Strategically, virtual reality is an important initiative that enables us to strengthen the quality of the curricula we deliver to our students, better support underserved regions of the world, and

increase the education and training options we provide. We are focused on quality, accessibility, flexibility, and cost. We also recognize our role in creating the talent pipeline for the HTM workforce of tomorrow. To that end, we partnered with the Department of Defense Skillbridge initiative to support transitioning military service members in exploring educational opportunities and careers in the healthcare industry. The Skillbridge initiative has been both rewarding and productive to the college and our industry partners. By supporting the Skillbridge, we continue to serve our veterans. If the past year has taught us anything, successful companies are flexible and capable of evolving, and, make no mistake about it, higher education is also a business. We have seen many of our colleagues in the education business struggle to adapt through the pandemic and be forced to face tough decisions ranging from the sustainability of programs to campus closures. We have been mindful of our vulnerabilities and worked tirelessly to ensure that we position the college to survive and thrive through the disruption. We believe that success demands always looking past the next horizon to better understand the environment of tomorrow. As an educational institution, we know that to remain relevant, our programs must continue to be affordable, accessible, and valuable to the students we are training and the healthcare providers hiring the institution’s graduates. LEARN MORE about CBET at www.cbet.edu COVID-19 | DIGITAL SUPPLEMENT

Word on the Street

ANSWERED BY

• J.C. Newell, Director of HTM, JPS Health Network • David Braeutigam, Consultant, Author, Educator, Braeutigam Enterprises LLC • Dave Franceour, Senior Vice President of Marketing & Sales, TKA

ANSWERED BY

• Nathan Smitth, Radiology Director, Georgia Bone and Joint, Owner/CEO, Imaging Diversified • Sarah Riskey, Radiology Manager, United Medical Center Advancing the Biomedical/HTM Professional

COVID-19 | DIGITAL SUPPLEMENT

The Value of ACI Imaging Equipment Certification A Decision Maker’s Guide

n biomedical imaging circles, you’ll frequently hear about the need for AAMI Credentials Institute (ACI) biomedical imaging equipment certification. Unfortunately, the benefits of ACI certification aren’t always readily apparent to high-level decision makers. Proper training is often perceived as a cost, rather than an investment.

If you’re familiar with the process at all, you know that becoming certified requires an investment in both time and money for the training needed to pass the ACI certification exam. Finding the opportunity and funding necessary for proper training can make acquiring certification seem a bit daunting. Nonetheless, it’s vital to your success, and the success of your 28

DIGITAL SUPPLEMENT | COVID-19

organization—not to mention the health and safety of the patients and technicians you’ve been entrusted to protect—that all imaging technicians and engineers be properly certified. WHY IS ACI CERTIFICATION FOR IMAGING EQUIPMENT MAINTENANCE STAFF SO IMPORTANT? As healthcare becomes more complex, certification is one way to demonstrate and showcase core competencies in specific areas, like biomedical imaging, for both healthcare professionals and organizations. For healthcare technology professionals, achieving certification is a powerful way of demonstrating their accomplishments, mastery of skills, and experience while highlighting their ability to provide quality and trustworthy service. This added

credibility can often serve as the next step to career advancement by demonstrating a commitment to the industry and a desire for increased job responsibilities. In the case of healthcare organizations, staff certification strengthens the public’s confidence in the safety and capabilities of that particular hospital, clinic, or imaging services provider. This is clearly demonstrated by the agreement of all applicants, candidates, and certified professionals to comply with the ACI Code of Conduct, which means they will: • Conduct professional activities with honesty and integrity. • Uphold professional conduct to the highest ethical standards. • Provide only those services for which they are qualified to perform. www.1TechNation.com

SPONSORED CONTENT

•

Maintain and improve professional knowledge and competence through regular self-assessments, continuing practice, continuing education, and training. • Act in a manner free of bias and discrimination against clients, colleagues, and customers. • Maintain the privacy of individuals and confidentiality of information obtained. • Obey all applicable laws, regulations, and codes. • Follow all certification policies, procedures, guidelines, and requirements of the ACI. An ethical agreement like this speaks volumes about the quality and reliability of imaging team members and the equipment they maintain. This level of professional commitment is easily recognized by patients and coworkers alike, and ultimately leads to a higher level of medical care. In addition, once a certification is earned, it must be maintained through a three-year cycle of continuing education and renewal fees. Recertification is extremely important because it requires imaging staff to maintain the established standard for their field. This ensures that Advancing the Biomedical/HTM Professional

both patients and equipment continue receiving the best level of care. WHAT’S SO SPECIAL ABOUT TRAINING WITH AN AAMI CERTIFIED TRAINING CENTER? We’re proud of our status as a AAMIcertified Siemens training center and have been leading the charge for many fundamental changes regarding AAMI certification for imaging engineers. Premium courses, like those we provide, offer eight or more continuing education credits (CEUs) per day of training from the ACI and are now considered the gold standard. In support of that level of excellence, our students earn 45 ACI CEU credits (9 per day) per course on more Siemens equipment than any non-OEM provider. AAMI’s ACI certification programs recognize healthcare technology companies, like Technical Prospects, whose training courses support high standards for the safety and efficacy of medical equipment. Their primary goal is to they help the healthcare field ensure the safe and effective production, distribution, and use of health technology, which includes the repair and maintenance of imaging systems. We

help AAMI achieve that goal by not only training students to maintain and repair imaging systems, but by familiarizing them with the device’s role in a clinical setting. What Other Benefits Does Technical Prospects Training Provide? Our in-person lab-based courses are taught at our world-class training center in Appleton, Wisconsin. The facility includes 17 clinical environment training and QA bays with 27 fully operational Siemens systems, two modern classrooms, and a cafeteria/kitchen area. During our courses, students engage in discussions, lectures, and labs centered on the core principles of equipment operation, configuration, troubleshooting, and repair of all primary system components while strictly adhering to CDC workplace guidelines. In response to the growing need for imaging engineer training, as well as to provide easier access to that training, we’re developing the Interactive Virtual Training Academy, a modernized training solution based on the needs of today’s imaging engineer. Keep an eye out for more information coming soon. LEARN MORE at technicalprospects.com COVID-19 | DIGITAL SUPPLEMENT

HIPAA Headaches - Hybrid ePHI+Malware DICOM Image Files By Kat Brocklehurst, VP, and Cylera Paul Bakoyiannis, Co-founder and CTO, Cylera

t seems nearly every few days, we hear news about threat actors targeting healthcare organizations, especially since the advent of COVID-19. Given the all-encompassing struggle of the pandemic, most clinicians and biomedical engineering organizations would understandably acknowledge that they’re concerned with patient care, not cybersecurity.

The DICOM standard is used by systems ranging from medical devices that produce imagery, such as CT and MRI machines, to specialized workstations for analyzing scan results, to phones and tablets used to view diagnostic information. DICOM files contain sensitive medical information pertaining to individual patients, and are thus classified as electronic protected health information, or ePHI.

However, in an American Journal of Roentgenology article published in 2020 by a team of radiologists, top cybersecurity experts (including from Cylera Labs), and DICOM security leaders, two major exploits of the DICOM radiologic imaging standard were reported, and the article warns that radiologists could be using systems today that are exposed to altered data or data that contains malicious elements.

MALWARE CLOAKED IN EPHI FILES Security researchers at Cylera Labs and other research organizations spend time investigating, reverse engineering, and decoding protocols and functionality found in clinical networks while carefully assessing related specifications and implementations for weaknesses and mitigations (ways to work around, better prepare, or fully resolve). The work results in advance discovery of potential ways the industry

“ Disruptive ransomware and other malicious cyberattacks significantly reduce Healthcare and Public Healthcare (HPH) entities’ ability to provide patient care and can contribute to patient mortality. Threat actors aim to disrupt HPH entities who have a low tolerance for down-time and may be experiencing resource and staffing constraints due to the COVID-19 pandemic.” - U.S. Cybersecurity Infrastructure and Security Agency (CISA) warned of threats to Healthcare and Public Healthcare (HPH), January 2021 WHAT’S DICOM? DICOM stands for “Digital Imaging and Communications in Medicine,” and is a globally-recognized standard for the exchange and storage of medical images used throughout the healthcare industry for over 30 years. The DICOM standard, drafted by National Electrical Manufacturers Association (NEMA), defines a file format for the representation and storage of medical imagery and a communication protocol for the transmission of imagery over a network. 30

DIGITAL SUPPLEMENT | COVID-19

and technology solutions can help would-be victims to be forewarned and armed against escalating cyber warfare. This mission is especially important for healthcare patient care, safety, and privacy. In 2019, researcher Markel Picado Ortiz of Cylera Labs demonstrated a first of its kind vulnerability in “proof-ofconcept” attack scenarios that uncovered an exploitable weakness in the DICOM image format. This vulnerability enables malware to infect patient data by inserting

Figure 1 – Illustration of malware location in a DICOM image file itself directly into medical imaging files and thereby essentially becoming part of the ePHI embedded within the image. Since the malware insertion does not damage the patient data while inserting itself into a DICOM file, it leaves the file perfectly intact and usable, undetectable by clinicians, biomedical engineers, and even IT with typical tools such as anti-virus and other vulnerability scanning. Clinicians could continue to use and exchange an infected imaging file during patient diagnosis and treatment without any indication that the file lives a double life as fully-functioning malware. For further details with imagery, download Cylera’s research paper titled HIPAA-Protected Malware? Exploiting the DICOM Flaw to Embed Malware in CT/ MRI Imagery. CYBERSECURITY AND PATIENT IMPACTS The fusion of fully-functioning malware and ePHI creates a set of regulatory- and security-related complexity that did not previously have to be considered www.1TechNation.com

SPONSORED CONTENT

during IT incident response processes. Any attempt to remove or alter the malware file can now harm the patient information contained within it. The malware effectively exploits the nature and regulatory implications of the data it hides behind to protect itself from discovery. Other realistic mitigation scenarios: • Malware could evade detection by 1) antivirus software that was configured by the organization or device manufacturer to ignore clinical data, 2) by poorly-designed antivirus or sandbox software that ignores DICOM files as they do not seem executable, or 3) by human analysts who recognize the file as a fully-functioning DICOM image. • Malware payloads could spread throughout an organization as infected DICOM data is sent and saved to clinical systems during normal usage patterns, such as the viewing of imaging results by multiple practitioners. The malware payloads would lie latent in the data contained within these files and would need to be processed and activated by a secondary payload as part of a two-stage attack, which would involve modifying the file’s “Preamble” and executing the DICOM file directly. • Antivirus software can accidentally delete or leak ePHI to the cloud or public internet by performing standard analysis and remediation routines on infected DICOM files. This could not only have regulatory consequences related to exposing protected patient data, but could also potentially disrupt clinical workflows relying on the availability of the affected files. • Security teams can accidentally delete or leak ePHI in the same way that an automated antivirus can; uploading suspicious files to cloud services such as VirusTotal, for example, is a common step used by IT analysts that would now upload the protected patient information in addition to the malware. • Security teams may be unable to delete/ quarantine malware if they recognize it Advancing the Biomedical/HTM Professional

“ Once infected, these medical images become hybrid files – fullyexecutable malware, and fully functioning, standards-compliant DICOM images that preserve the original patient data, adhere to HIPAA privacy requirements, and can be used by clinicians without arousing suspicion.” Paul Bakoyiannis, Chief Technical Officer at Cylera and Head of Cylera Labs. as not only a malware executable, but also a functional DICOM image file containing ePHI. Without proper tools to deal with infected files, they may be forced to retain malware-infected files on their clinical systems. SUMMARY AND STEPS TO TAKE For most organizations, progress toward improved cybersecurity is a journey. Further, understanding true cybersecurity risks to patient safety and privacy are often impossible to determine for clinical and biomedical professionals. And candidly, medical professionals don’t really want to have to be cybersecurity experts (we have technology for that). At the same time, it is difficult for IT security personnel to provide real support without knowing what devices are connected, understanding the workflows and threats, vulnerabilities and risks to patient care and services, (We have technology for that too.) However, cybersecurity risks to healthcare IoT and medical devices (IoMT) will persist, continue to increase, and intensify their impact as adversaries become

bolder and more sophisticated in the attacks on healthcare organizations. For guidance, and steps to take, consider these resources, and potentially point your IT teams toward looking at www.cylera.com, or ask for a demo@cylera.com and details of how we can help determine if your DICOM systems have this or other weaknesses. The U.S. Cybersecurity Infrastructure and Security Agency’s CISA Insights, Cybersecurity Perspectives: Healthcare and Public Health (HPH) Response to COVID-19, Threats to the HPH sector, January 2021. (A single-page factsheet summary – 2-minute read) The Joint Cybersecurity Advisory from CISA, FBI, and Department of Health and Human Services Ransomware Activity Targeting the Healthcare and Public Health Sector, AA20-302A October 28, 2020 (An in-depth 22-page document suitable to forward to your IT team or enjoy yourself!) Executive Summary of What Sets Cylera Apart (A single sheet, front and back, 7-minute read) COVID-19 | DIGITAL SUPPLEMENT

THE TOOL YOU'LL

ALWAYS

USE

100,000 USERS STRONG! ASK A QUESTION FIND A SERVICE COMPANY SEARCH FOR EQUIPMENT START YOUR FREE ACCOUNT TODAY!

MEDWRENCH.COM