Apple “ECG” watch, OIG on FDA MD cybersecurity

TLP White: We start with discussion around the Apple watch’s new features and what it means to healthcare. We also look at the OIG’s recommendations for the FDA when reviewing medical devices before they hit the market. We conclude by shedding some light on how using AI to create synthetic brain cancer scans actually preserves privacy. Welcome back to Hacking Healthcare.
Authors note: In recognition of the H-ISAC’s increased focus on international healthcare, we will be adding additional information regarding policy and legislative hearings from around the world. We welcome any feedback on how to make this as useful as possible.

Hot Links –


1.  Apple Watch’s Medical Makeover.

Last week Apple revealed an upgraded Apple watch with new heart-monitoring and fall-detection capabilities. The new Apple watch contains electrodes and sensors that convert the watch into an electrocardiogram (“ECG”) with the capacity to measure a heart’s electrical activity and detect disorders and irregularities. These new utilities make the Apple watch seem more like a medical device than simply a timepiece, and reflect a larger trend among tech companies that are now dabbling in medical monitoring.

The U.S. Food and Drug Administration (“FDA”) seems to be optimistic about the watch’s potential, stating that the new features “may help millions of users identify health concerns more quickly.” The FDA approved marketing of the ECG app and irregular-rhythm notification on the watch on Tuesday, the day before Apple’s big reveal. The FDA’s approval came just a day after the Department of Health & Human Services Office of the Inspector General (“OIG”) released a report containing recommendations for the FDA regarding cybersecurity and the agency’s medical device review process.

2.  OIG Urges FDA to Further Integrate Cybersecurity in Medical Device Review.

As referenced above, the Department of Health and Human Services Office of the Inspector General (“OIG”) recently released a report following a study examining the U.S. Food and Drug Administration’s (“FDA”) review of cybersecurity in premarket submissions for networked medical devices. Currently, FDA reviews cybersecurity documentation in premarket submissions prior to allowing the device to be marketed. Using 2014 guidance on the content of premarket submissions and cybersecurity, FDA reviewers consider whether a device demonstrates known cybersecurity risks and threats in addition to reviewing any documentation provided by the device manufacturer that would describe the device’s cybersecurity risks, controls, and threats that the manufacturer has already considered.

Following the study, OIG recommended that FDA make better use of the presubmission meetings to address cybersecurity-related questions by including cybersecurity documentation as a criterion in FDA’s Refuse-To-Accept checklists. The FDA uses these checklists to screen submissions for completeness, and the checklists currently do not include checks for cybersecurity information. Additionally, OIG recommended that FDA include cybersecurity as an element in its Smart template, a tool that the FDA uses to guide reviews of submissions.

3.  AI Application in Healthcare That Actually Preserves Privacy.

The trouble with rare medical conditions is, well, they are rare. Of course this makes it difficult for medical professionals to have enough data readily available so that they can detect abnormalities as early as possible. AI researchers from Nvidia teamed up with the Mayo Clinic and the MGH & BWH Center for Clinical Data Science to understand how to use generative adversarial networks (“GANS”) to create synthetic brain MRI images. GANS essentially are comprised of two AI systems: one that creates images and another that works to differentiate between synthetic and real images. The result is that the two networks are trained such that the discriminatory system is unable to distinguish between real images and synthesized images.

This type of machine learning opens the medical field up to a much larger dataset for all types of conditions, including those that are especially rare. The beauty of it is that once the dataset is created, it can be accessed and shared broadly without running into the types of patient privacy concerns associated with traditional data collection. Researchers are actively exploring other ways to apply machine learning to medical research, and we can expect even more innovative applications to come.
As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC. Read full blog below:

Hacking Healthcare 9.18.2018 TLP White