Search

67 results found

  • 8 Steps To Protect Against Ransomware When Developing Or Deploying New Apps-The HSB Blog 7/26/21

    Our Take: With the rise of ransomware attacks, healthcare providers and application developers need to make sure they are practicing exceptional cybersecurity controls and security hygiene to avoid being victimized and to recover quickly if they are. As noted in a recent Forrester blog post, entitled “Ransomware: Surviving by Outrunning the Guy Next To You”, ransomware is about making yourself a less vulnerable target than others and protecting your critical infrastructure, ensuring that staff is familiar and practicing security protocols, reducing the potential places for malware intrusions and ensuring the safety of healthcare systems and patients. Key Takeaways: According to CISO magazine, 97% of organizations faced a mobile malware attack and 46% had at least one employee download a malicious mobile application in 2020. Between 2010-2017, over 176.4 medical records were breached by criminals aiming to monetize off of the medical and private information stored by the healthcare systems. According to the HHS, “4 out of 5 U.S. physicians have experienced some form of a cybersecurity attack.” Surveys indicate that recent ransomware attacks only heighten patient’s hesitancy to provide personal information and data online. The Problem: On May 1, 2021, Scripps Health in Los Angeles reported that it had begun experiencing a ransomware attack that would ultimately last several weeks. According to Scripps the attack exposed the health and personal information of approximately 150,000 patients, forced it to take its IT system offline for several weeks, and required medical personnel to revert to using paper-based records. This is only one example of the increasing rise in ransomware attacks on healthcare facilities that are occurring more frequently, putting patient’s information at risk and disrupting operations or entirely shutting down healthcare services. This not only places patients at risk but damages the healthcare organization’s brand and reputation. These ransomware incidents raise questions on the role healthcare systems themselves and users of these healthcare technologies and applications play in ensuring the security of patient data and their basic operating infrastructure as well. For example, according to HealthcareDive, “fewer than half of healthcare institutions met national cybersecurity standards last year” and IT and cybersecurity spending for healthcare systems remain low relative to other industries. The Backdrop: Cybersecurity, or lack thereof, is directly related to the protection of the delivery of healthcare to patients and patient health information. The possibility of a cyberattack increases the risk of exposing patient information, erasing or deleting health records, and even shutting down the entire system. Ransomware is a very dangerous example of what may result from attempts at email phishing or malware or targeted bugs. Ransomware is malware implanted by cybercriminals that utilizes encryption to in effect hold user information hostage for a ransom ranging in amounts from thousands to billions of dollars from the organizations that rightly own the data. Moreover, even when the demands for ransom are met, not all the data is recovered. For example, In 2020, the average “bill” paid to cybercriminals by companies to recover their information toppled upwards of 1.3 million dollars yet only about 69% of the stolen data was ever retrieved following this payment. Oftentimes, ransomware is launched into systems via emails and plug-ins such as USBs and other hardware. The data is encrypted so that owners of the data cannot access files, applications, or their databases unless they pay the ransom in order to get the “key” to decode or decrypt the data. Ransomware can also be designed to affect other parts of an organization’s systems. Due to the sensitive nature of its data and the life-and-death impact that data issues or delays can have on the quality of care the healthcare industry is vulnerable to and has been a prime target of ransomware. For example, in 2020 over a third of healthcare systems reported being hit with ransomware, and 65% of those reported that they had paid the ransom to cybercriminals to get their data unencrypted by the attackers. As noted above, this lack of IT security is in part due to institutional constraints, such as a lack of financial resources and understaffed and underfunded IT teams. These problems were heightened by the COVID crisis when healthcare systems had to deal with the stress of the shortage of physical facilities for patients and dramatically increased workloads on staff (some of whom became ill with COVID). Just as healthcare workers are expected to maintain certain practices and procedures for physical hygiene, healthcare organizations need to ensure they have and are following similar policies and procedures for data privacy and security and their online presence. These methods are most effective when they are communicated broadly throughout the organization, practiced widely, and the subject of drills so they can be put in place quickly in the event of an emergency. One suggestion for healthcare providers would be to follow the lead of organizations in the financial services industry, which generally have been at the forefront of cybersecurity controls. As such we would suggest that healthcare organizations implement the controls recommended by the New York State Department of Financial Services in a recent National Law Review article. These include: Email filtering and anti-phishing training for employees, including regular exercises and blocking malicious attachments and links; Vulnerability and patch management, including a documented program to identify, assess, track and remediate vulnerabilities on all enterprise assets; Multi-Factor Authentication, including for all logins to remote or internal privileged accounts; The disabling of Remote Desktop Protocol (“RDP”) access wherever possible, and if RDP is deemed necessary, restricting access only to whitelisted originating sources; Privileged access management, including implementing the principle of least privileged access; A way to monitor systems and respond to suspicious activity alerts, including an Endpoint Detection Response (“EDR”) solution; Comprehensive, segregated backups that will allow for recovery in the event of a ransomware attack; and An incident response plan that explicitly addresses ransomware attacks and will undergo testing, including with the involvement of senior leadership. Implications: The dramatic increase in ransomware combined with the proliferation of digital health tools requiring remote access has lead to an exponential increase in points of vulnerability points for healthcare suppliers, their partners, and their customers. As a result healthcare organizations need to make sure they look closely at any applications they may deploy in their systems to ensure they don’t expose vulnerabilities or create new ones. Similarly, application developers need to ensure they are following strong coding standards and design techniques and incorporating strong security tools from the earliest stages of development. While these may sound fairly straightforward, as noted in a recent article review in the Journal of Medical Internet Research, approximately 15% of the articles they studied noted that developers lack the expertise to secure mHealth apps, pay little or no attention to the security of mHealth apps and lack the resources for developing a secure mHealth app. As a result, we recommend that both app developers and those looking to deploy new digital health apps in their environment follow steps similar to the ones outlined in the W2S solutions blog entitled “Security Issues App Developers Need To Deal With While Developing A Mobile App.” While not meant to be exhaustive, the recommendations and others will help protect from ransomware entering an organization’s system. These include: Writing secure code, that uses strong coding practices like signing in and code hardening Encrypting data during development thereby making it more difficult to be accessed by malicious attackers Using third-party application libraries sparingly and testing code after using it to ensure the code is not compromised Using only authorized Application Programming Interfaces and using a central authorization for the complete API to ensure maximum security Deploying high-level authentication via such means as Multi-factor authentication (ex: OTP login, biometrics) Incorporating session management as a feature, in case the device is lost or stolen and using tokens instead of identifiers when managing sessions Testing continuously and properly, use emulators and penetration testing to determine any vulnerabilities Staying on top of evolving security technologies and threats to ensure that you are using the latest protection for your application Related Readings: Scripps Health EHR, Patient Portal Still Down After Ransomware Attack What Is Ransomware? Fewer Than Half of Healthcare Institutions Met National Cybersecurity Standards Last Year ​​More Than 1/3 of Health Organizations Hit by Ransomware Last Year, Report Finds. Security Issues App Developers Need To Deal With While Developing A Mobile App (Blog) A Wave of Ransomware Hits US Hospitals as Coronavirus Spikes

  • Scouting Report-Castor: Bringing the Clinical Trial Process into the 21st Century

    The Driver: Castor, a provider of clinical trial software to empower decentralized clinical trials, recently raised $45M in a Series B funding led by Eight Roads Ventures and F-Prime Capital with additional investments from existing investors Two Sigma Ventures and Inkef Capital. With offices in New York and Amsterdam, Castor is attempting to disrupt an antiquated clinical trials process that is often not digitally driven and which results in approximately 40% of trials being halted due to slow enrollment. The Takeaways: Less than 5% of patients participate in clinical trials and trial diversity is a persistent problem, particularly for certain disease populations. According to data from IQVIA, 49% of patients drop out of clinical trials before completion and 48% of trial sites miss their enrollment targets. On average new therapies take approximately 10 years to reach the market and cost approximately $3B to develop. A typical travel requirement is for patients to visit a trial site 15-20 times over a 6 month period. The Story: Founded in 2012, while CEO Derk Arts was doing his final medical internship in an intensive care unit in the Netherlands and had to assist with a clinical trial. As part of the trial, Arts had to input case report forms into each individual patient's case report file which then had to be combined in order to get results for the study. Upon using this system, Derk soon realized it would not scale easily. Building upon the programming experience he had used to help support himself while at school, it took him two weeks to build a prototype for use in the ICU, according to the company’s website. After doing a little more research Arts states that he came to find out “that almost all unfunded investigator initiated studies used Excel or SPSS for data collection” as colleagues noted open source software was too complicated to build and professional systems were too costly. According to the company, Derk soon partnered with a friend who was a PhD student and within two months they had built what was to become the Castor Electronic Data Capture system. Castor states that the EDC offers a “modern, self-service clinical research platform which enables every researcher worldwide to design studies and integrate data from any source in real-time.” Castor is attempting to use human-centered design to improve the speed, efficiency and patient experience of the clinical trial process. The Differentiators: Traditionally clinical trials are based around a physical trial site around which trial participants are recruited and to which they periodically report to have their blood drawn and other lab tests to evaluate the efficacy of the drug candidate. Often the process was very paper intensive and manually based. Castor is attempting to modernize this legacy process through the use of digital technology. Castor’s enrollment portal allows organizations to recruit, screen and obtain electronic informed consent forms in an automated fashion. This is extremely important as trials often have a difficult time recruiting diverse populations, in part because of the difficulties that many underrepresented communities have in accessing trial sites. For example, according to Pharma Voice, patients often have to travel an average of 50 miles to reach a trial site. In addition, Castor’s platform allows “participants to easily provide data, and stay up-to-date from the comfort of their own homes”. As noted above almost 40% of trials are halted due to missing enrollment targets, in part due to the burdens trials place on their participants such as manually having to keep records of medication administration, efficacy and side effects. By allowing trial participants to keep records and communicate through its app, Castor’s platform streamlines and simplifies the process for patients. In addition, with the average cost to successfully develop and bring a drug to market equaling approximately $3B, Castor’s products empower companies to drive down trial costs and speed delivery of new products helping to drive competitive advantage. This is achieved via real time visibility into trial data which facilitates monitoring patients and incorporating trial amendments (if necessary), and flexible remote data capture which provides an API that allows data collection from other systems. The Big Picture: As noted by Castor co-founder and CEO Derk Arts, prior to COVID, clinical trials were “stuck in a rut”, the process was cumbersome, required heavy manual input from both patients and trial personnel and did not allow for easy monitoring of side effects or changes in trial protocols. However, due to the need for social distancing and to limit exposure to COVID, digital clinical trials gain new popularity, By reducing travel time and expense for participants, which often spans several times per week over a six-month span, tools like Castor helped increase recruitment of more diverse trial panels and the recruitment of sub-populations which can be critical in certain diseases. In addition, as illustrated by a number of short trial stoppages during COVID vaccines development, rapid tracking and monitoring of drug candidate side effects can be crucial in helping speed products to market and in investigating potential issues or the need for changes in protocol. Moreover, the pace of pharmaceutical innovation relative to the amount spent on R&D is largely unchanged since the 1950’s, in part because of the difficulties encountered with recruiting, retaining and completing trains, Castor and products like it, which bring the process into the digital age, should help speed the pace of innovation. Castor, a Clinical Trial Process Company, Raises $45M to Create More Human-Centered Research, Castor Raises $45M Series B to Modernize the Clinical Trial Process and Maximize the Impact of Research Data on Patient Lives

  • AR & VR for Mental Health: Ready for Prime Time-The HSB Blog 7/19/21

    Our Take: For the past two decades, Virtual Reality (VR) and Augmented Reality (AR) have emerged as treatment protocols for mental health and are regularly studied in psychological research. Using an immersive experience, individuals feel as if they are in an environment other than the physical world they are actually in and experiencing sensations consistent with the artificial environment. The AR/VR industry has had a growing interest in medical applications over the past 20 years; however, the pandemic caused a boom in the usage of virtual reality in behavioral healthcare. For example, as reported in Scientific American, “a new wave of psychological research is pioneering VR to diagnose and treat medical conditions from social anxiety to chronic pain to Alzheimer’s disease.”. Although there is success with VR/AR therapies, additional research is necessary in order to ensure users are receiving cost-effective, high-quality care to cope with mental health issues. Key Takeaways: Recent studies indicate VR compares favorably to existing treatments in anxiety disorders, eating and weight disorders, and pain management. Over 5,000 studies indicate that VR has the ability to diminish pain, steady nerves, and boost mental health. In December 2020, 2 in 5 adults (42%) reported symptoms of either anxiety or depressive disorder, an increase from 36% when measured in August. There are ways to blend VR and AR into the healthcare system, by incorporating VR treatments into psychiatric care and providing better directions for VR-based treatment and clinical research. The Problem: Following a dramatic increase in usage during the Pandemic, studies have revealed the benefits of using AR/VR technology in treating mental health and the need to increase the use of such technologies. AR/VR technologies have the unique characteristic of physically creating a sensation for patients that can be used to cause them to feel as if they are in stressful or uncomfortable situations to use in a therapeutic context. Combining that with automated therapies or virtualized coaching would guide the individual to better cope with the stressful situation. The need for social distancing during the Pandemic led to increased treatment via AR and VR in conjunction with counseling and cognitive behavioral therapy to treat addictions, panic disorders, phobias, eating disorders, and post-traumatic stress disorders (PTSD). Successful use of AR/VR in treatment protocols during COVID underscores the need for greater focus to be placed on seamlessly blending VR and AR technologies into the treatment of mental health. This includes incorporating VR treatments into psychiatric care, and providing better direction for VR-based mental health treatment and clinical research. The Backdrop: AR and VR technologies have been used in the treatment of mental health since the late 1990’s. Within a safe and controlled environment AR/VR VR technologies can, through a controlled and deliberate process, increase levels of stimuli or exposure to situations that would provoke anxiety for a particular individual. Slowly as each level of exposure continues to reveal a lack of actual threat, the individual becomes less and less anxious around that stimuli. Virtual reality exposure therapy (VRET) and augmented reality exposure therapy (ARET) are most commonly used to treat PTSD. A study published in the Journal of Psychiatric Research carried out in accordance with PRISMA, Preferred Reporting Items for Systematic Reviews and Meta-analyses aimed to review the efficacy of VRET and ARET as PTSD treatment. The study included participants who have PTSD due to various traumas with a cut-off score on the Davidson Trauma Scale ranging from 40 to 65 points (the Davidson Trauma Scale, a common measure of PTSD ranges from 0-68, with 68 indicating extreme PTSD). The study concluded VRET might be an effective alternative to current psychiatric treatments for PTSD, especially among patients who have not responded to previous treatment. While it has not always been feasible to use exposure therapy for patients, these relatively new digitally assisted exposure therapies of ARET and VRET will broaden the ability to treat more patients. VRET creates the digital surroundings, and ARET adds digital fear stimuli to the user's physical world, aided by an interactive digital device such as a computer, smartphone, or tablet. ARET and VRET aim to increase the sensation of the presence of anxiety-provoking stimuli during exposure therapy, thus improving the efficacy of the treatment. In addition, these treatments are less dependent on the patient’s imagination and make it possible to reproduce the traumatic stimuli in a systematic, consistent and realistic way. An article from JAMA reported that in December 2020, 2 in 5 adults (42%) reported symptoms of either anxiety or depressive disorder relative to 36% in August 2020. These numbers indicate the toll the pandemic had on individuals. The pandemic exacerbated the highest rates of PTSD and anxiety among healthcare workers (22.8%). This rise in mental health care needs during the pandemic caused the healthcare industry and local communities to depend more on VR therapy. Overall, according to a study entitled, “Impact of the recreational use of virtual reality on physical and mental wellbeing during the Covid-19 lockdowns” an increase in VR usage during the lockdown helped keep people occupied and improved their mental health and physical wellbeing detailing that over 75% of increased VR use was for fitness, 55% for socializing and 37% for meditation. Although virtual reality treatment for mental heatlh needs to be used cautiously as not everyone can tolerate it, there are over 5,000 studies that reveal VR can diminish pain, steady nerves, and boost mental health. For example, an early study on VR and PTSD found that of 20 service members who enrolled in and completed the study treatment protocol, 75% had experienced at least a 50% reduction in PTSD symptoms and no longer met DSM-IV criteria for PTSD at post-treatment. Average PTSD scores decreased by 50.4%, depression scores by 46.6%, and anxiety scores by 36%. Implications: Originally applied to PTSD, virtual reality treatment has since been broadened to include areas such as anxiety and stress disorders, schizophrenia, autism, dementia and pain. Recent studies have shown that VR-based strategies have positive impacts and have successfully been used to manage mental health issues. For example, a literature review of 36 articles examined VR use during clinical trials and the effects it had on individuals when therapy was administered. It revealed that VR environments can help alleviate the symptoms of depression, improve cognition, and even positively impact social functioning. One study in particular examined the effect virtual reality headsets have on pain distraction during immunizations. It found that the use of the VR headsets improved those who had fears and pain in 94.1% of subjects. AR/VR therapy is also a cost-effective strategy to help individuals cope with phobias, anxiety and other underlying issues. Given the increase in PTSD cases following the pandemic, VR and AR are receiving more attention as potential treatment modalities because of their effectiveness and ease of use. This type of therapy can broaden access to care for those whose time for treatment may be limited or who can now access the treatment because of the continually declining cost of the technology. While the cost of virtual reality equipment in the early 2000s was about $25,000, VR headsets are now available for under $300. Additionally, though the decrease in cost allows for easier access by a larger population and can reduce disparities in those seeking care, it does not guarantee the quality of care. For example, researchers have reported a significant number of cases where individuals are both self-diagnosing and self-treating, leading to adverse effects. AR and VR therapies need to be administered in a controlled environment with patients gradually introduced to the appropriate stimuli and scenarios in order to develop a proper therapeutic approach that will help them to overcome their fears. While there is solid backing for this approach, more well-designed, evidence-based research in this field is necessary. Literature reviews in this area revealed limitations in the current research and highlighted the need for future research, notably high-quality randomized controlled trials. This would allow researchers to gain important additional information related to side effects and adverse effects of the therapies. In the research process thus far, the benefits of AR and VR have produced successful results; however, there have been times when these environments were incomplete, untested, and not properly trialed by psychologists. For example, although there are many positive aspects of VR therapy, an article entitled “Virtual experience, real consequences: the potential negative emotional consequences of virtual reality gameplay” noted that there are negative emotional consequences in some VR scenarios such that users may experience vertigo, nausea, or dizziness. This is a clear indication that more research needs to be completed in the area to ensure end users derive the best experience from the technology and get the highest quality of care that can be rendered. Moreover, the process of developing and implementing VR needs to have clearer rules in place so that patients and providers can identify and report the successes, failures, and limitations of the treatment. In this way the necessary safeguards and improvements can be put in place. The importance of this is underscored by a report by Perkins Coie, which says that 68% of healthcare professionals believe that AR/VR training simulations will be the primary focus of new solutions and applications through 2022. The report highlights that the AR/VR market will be used to simulate surgical training for doctors and nurses, palliative hospice care, pain management, and 3D visualization of diseases at the molecular level. VR technology will also allow doctors to visualize and assess patients remotely to aid early diagnosis and treatment while protecting health workers from potential exposure to contagions. For AR & VR technologies to achieve these goals all necessary steps and controls for seamless integration into the clinical setting need to be considered and codified. This therapy is technologically driven and consequently sufficient initial and ongoing training needs to be provided as well as continued support and supervision to ensure that clinicians are using the technology as safely and effectively as possible. Related Reading: Efficacy of Immersive PTSD Treatments: A Systematic Review of Virtual and Augmented Reality Exposure Therapy and a Meta-analysis of Virtual Reality Exposure Therapy Virtual Reality Therapy: Emerging Topics and Future Challenges The Pandemic Saw Surges of PTSD in Healthcare Workers- Can Virtual Reality Therapy Help? Virtual Experience, Real Consequences: the Potential Negative Emotional Consequences of Virtual Reality Gameplay A Literature Overview of Virtual Reality (VR) in Treatment of Psychiatric Disorders: Recent Advances and Limitations

  • Scouting Report-Bayesian Health:AI Tools to Reduce Physician Overload & Improve the Quality of Care

    The Driver: Bayesian Health, a spinoff from John Hopkins University raised $15 million following its emergence from stealth mode in a funding round led by Andreessen Horowitz, along with Health 2047 Capital Partners, Lifeforce Capital, and Catalio Investments. Founded by the director of the machine learning and health care lab at John Hopkins, Suchi Saria, the company will use the funding to commercialize its sepsis detection machine learning algorithm and develop other models to detect conditions earlier to improve care. The Takeaways: According to the Journal of Patient Safety, approximately 400,000 preventable deaths cost over $17 billion a year. Almost 300,000 people per year die from sepsis, a complication from infection, accounting for 1 in 3 patients who die in a hospital according to the CDC. One in every six patients are affected by diagnostic errors and one in every 1,000 primary care visits cause preventable harm. Sepsis is treatable with early diagnosis and intervention yet the risk of dying from sepsis remains in the range of 10-30%. The Story: Founded in 2018 by Dr. Suchi Saria, Bayesian Health has received honorary recognition and awards for its digital health platform, powered by AI, allowing clinicians to quickly provide a better quality of care. Dr. Saria spent over 5 years researching and developing machine learning models to detect early signs of sepsis when she lost her young nephew to sepsis. Her research attempts to demystify health AI data has gained the trust of many healthcare professionals; it provides clinicians with reliable tools to improve the quality of care. Bayesian Health makes the EHR system more proactive by allowing physicians to catch life threatening conditions earlier with the use of AI models which are continuously analyzing patient’s data. The company’s system alerts healthcare professionals of actionable clinical signals during critical moments in patient care, allowing for prompt intervention. Bayesian Health platform is powered by over two dozen studies resulting in precision care delivery, reduction in bias, and improvement in the quality of evaluation and reporting. Bayesian’s research-first approach created a trustworthy AI platform which transforms delivery of care. Bayesian Health deployed its sepsis detection model to five hospitals (over a 2-year period) and found that “the platform drove 1.85 hour faster antibiotic treatment for sepsis where timely treatment directly impacts mortality rate.” Additionally, the platform adoption was sustained at 89% by physicians and nurses “driven by the sensitivity and precision of the insights and user experience of the software”. The Differentiators: Given the tremendous demands on clinician’s time with most doctors and nurses feeling overworked and facing burnout, there is strong demand for healthcare interventions that help prioritize critical interventions. In addition, given the increased deployment of technology, physicians are often overloaded with data but not adequately trained or equipped to understand or rely on the output of AI technology so they don’t appropriately use the data or output of AI-based systems to drive clinical decision making. Bayesian Health offers one platform where the EHR system is integrated with clinical workflows, allowing for manageable and actionable alerts. This is especially noteworthy as exemplified by a recent JAMA article which found that “the Epic Sepsis Model poorly predicts sepsis” generating a large number of false positives and leading to alert fatigue among clinicians. EPIC's model was crafted from the hospital’s billing codes, while Bayesian’s model “pools data in real time from the electronic health records and other data systems [and then] stitches all the data together to create a comprehensive, longitudinal patient view. As sepsis can be fatal and is an indicator of the quality of care provided, false and overactive alerts can influence morale issues amongst healthcare providers who feel in essence that they have let patients down by allowing them to contract sepsis. Bayesian Health reported that their “technology accuracy is 10 times higher than other solutions” which will not only improve detection but will also help associated morale issues. In addition to increasing a healthcare provider’s confidence, Bayesian Health uses “cutting edge AI/ML strategies such as a wait and watch strategy and real-time feedback loops to increase precision, and strategies to make the models stronger”. The Big Picture: According to the book, Medical Error Reduction and Prevention, “the most common diagnostic errors that occur in primary care settings include failure to order appropriate tests, faulty interpretation, failure to follow-up, and failure to refer with one in every six patients affected and one in every 1,000 primary care visits causing preventable harm.” For example, in 2018, the Department of Human and Health Services (HHS) reported that sepsis hospitalizations cost Medicare $41.8 billion, and the costs are expected to increase 12-14% every 2 years. Sepsis models are particularly useful for hospitals to administer because it is a preventable condition; if left untreated, patients can undergo septic shock which costs more to treat. Bayesian Health provides healthcare systems with an optimal solution to promptly treat sepsis which fits into the workflow, without the possibility of alert fatigue. While the company has started by targeting sepsis it is also looking at applying its AI technology to other high priority areas for hospitals such as in-hospital deterioration and pressure injuries. As noted earlier, systems like Bayesian’s will be key to incorporating AI into the care process and transforming the delivery of care by making AI explainable and trustworthy thereby increasing clinician’s usage leading to a more direct influence on clinical decision making. Moreover, with the increasing use of sensors and technology in both at home and inpatient care, clinicians will increasingly have to rely on the computational power of AI to help in decision making. However, while AI models will undergo extensive training and testing, the human body is not a predictable system and AI models will always need human oversight and intervention. AI models should always be used to optimize and augment clinician performance, not as a replacement for their clinical assessment or skills. Johns Hopkins Spinoff Building Risk Prediction Tools Emerges with $15M; Popular Sepsis Prediction Model Works ‘Substantially Worse’ than Claimed, Researchers Find; External Validation of a Widely Implemented Proprietary Sepsis Prediction Model in Hospitalized Patients

  • The Evolution of the FDA's Device Approval Process: What You Need to Know-The HSB Blog 7/12/21

    Our Take: Innovators relying on the ease of the FDA’s 510(k) streamline device approval process need to be aware of potential changes as well as what the ongoing threat of cyber security incidents could impose on both premarket and post market security management for those devices. Key Takeaways: More than 90% of medical devices enter the market via the FDA’s less intensive 510(k) pathway which has caused them to miss adverse events or lead to product recalls. While the FDA’s requirement for substantial equivalence to “predicate devices” can lead to more rapid approval some believe it can also lead to “device creep” and comparison to outdated and unsafe predicate devices. The FDA recently introduced the Safety and Performance Based Pathway to modernize and streamline premarket device testing. Device manufacturers and innovators should monitor how this evolves as it will have important implications for device approvals While devices approved via the 510(k) process make up the majority of recalls, devices approved via the PMA process pose approximately a 3x greater risk to public safety (JAMA Network Open) The Problem: The FDA has a three tier process for the approval of medical devices “based on their risks and the regulatory controls necessary to provide a reasonable assurance of safety and effectiveness”. Class I devices are considered minimal risk while Class III devices are considered to pose the highest risk for the patient. Under FDA regulations there are three major processes for applying for and receiving FDA approval for medical devices, 1) Pre-market approval or (PMA), 2) pre-marketing notification or more-commonly the 510(k) process, and 3) the humanitarian device exemption (HDE). Following several high profile medical device recalls that had been approved through the 510(k) pathway, in 2011 the Institute of Medicine (IOM) “recommended the FDA replace the pathway after concluding it was inadequate to ensure device safety and effectiveness to promote technological innovation.” As a result of this and other criticism, in 2019 the FDA introduced the Safety and Performance Based Pathway to modernize and streamline premarket device review and evaluation. As a result, innovators need to be aware of which products might qualify for approval via the existing 510(k) pathway as well as impending changes to the FDA’s device approval regimen. In addition, given the increasing use of networked devices in clinical settings and the ongoing threat of cyber security incidents, medical device manufacturers need to ensure that they are meeting FDA standards for cyber security controls. The Backdrop: Under the Federal Food Drug and Cosmetics Act a medical device is defined as: "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part or accessory which is: recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes." In order for these devices to be publicly used in the United States, they must be approved by the Food and Drug Administration. As noted earlier there are three main approval processes used by the FDA to approve medical devices. First is the Pre-market Approval process or PMA. Given that Class III devices “are those that support or sustain human life, are of substantial importance in preventing impairment of human health, or which present a potential, unreasonable risk of illness or injury” they are required to receive PMA approval. As noted by the FDA, the PMA must contain “scientific, regulatory documentation to the FDA to demonstrate the safety and effectiveness of the Class III device”, including clinical trial data that demonstrate that the product’s benefits outweigh the risks associated with its usage. In addition, the data must show that the device will successfully help a majority of its intended population and that the applicants must prove their device’s data is independent of any other data reported by another device. According to an article published in the Journal of the American College of Cardiology, medical device approval via the PMA pathway can take anywhere from three to seven years. The second approval process is the 510k process accounting for about 90% of new device approvals. As noted in “Modernizing The FDA’s 510(k) Pathway”, in order for a device to receive 510(k) approval, the FDA “requires manufacturers to demonstrate that devices are ‘substantially equivalent’ in intended use and technological characteristics (with allowable exceptions) to currently legally marketed (‘predicate’) devices. A predicate device is one that is identical or similar to a device that is already legally approved and marketed in the United States for use. One must prove their device is substantially equivalent by meeting two requirements. First, the intended use of the new device must be the same as the predicate device. Secondly, for a device to be substantially equivalent to a predicate device, it must also display similar technological functions. If after review, a device is not determined to be substantially equivalent to the predicate device, then it is classified as a Class III classification, requiring PMA approval. According to data from a 2017 study from Emergo, the average time from FDA submission to clearance under the 510(k) pathway is approximately six months. A number of high profile incidents which led to recalls of devices approved via the 510(k) process, including highly publicized recalls of metal-on-metal hips, pacemaker and implantable cardioverter-defibrillator (ICD) as well as angioplasty devices has exposed weaknesses in the 510(k) process. This has raised questions and concerns about safety and efficacy. A recent study in JAMA noted that given the large majority of medical devices to reach the market do so via 510(k) clearance. Interestingly, although recalls of 510(k) approved devices make up the majority of recalls, new devices approved via the PMA process pose approximately a 3x greater risk of recall that would threaten patient safety, only partially reflecting the fact these are higher risk devices. As a result of publicity around device recalls and these safety concerns, in February of 2019, the FDA announced the Safety and Performance Based Pathway to aid in modernizing the 510k premarket process by no longer comparing new devices to predicate devices. In doing so, the goal is to potentially avoid any oversights missed in assuming device stability and reliability by using predicate devices’ data. The Safety and Performance Based Pathway would instead call for new applicants to compare the performance of moderate-risk medical devices to FDA-identified criteria. These criteria would also include agency-recognized standards that are objective, transparent and validated. The goal of this modernized process is to yield safer and well developed medical devices. Along with the PMA and 510(k) process, the FDA also has a third approval process called the Humanitarian Device Exemption (HDE). The HDE is a regulatory pathway typically used for rare diseases. This process is used under special and emergency circumstances whereby there are no other Humanitarian Use Devices available to treat or aid in illnesses. In addition to the issues in the approval process, given the increased connectivity of medical devices as well as incidences of ransomware, the FDA is becoming increasingly more stringent on the cybersecurity controls in medical devices. While this is particularly important for innovators in terms of premarket submissions, manufacturers must also pay attention to post-market surveillance as well. As noted in “Cybersecurity-Related Regulatory Considerations for Medical Devices” the FDA expects manufacturers to develop and maintain a set of controls around several general areas to protect the device from cyber attacks. For premarket controls, these include: 1) Making extensive use of encryption to keep data private, 2) using digital signatures to verify authenticity of devices, data, and instructions, 3) Designing devices to anticipate regular/routine cybersecurity patches, 4) Adopting the use of strong user authentication tools, and 5) Ensuring devices alert users when any cybersecurity breach occurs. With respect to device surveillance post-market the FDA recommends:1) Understanding, assessing, and monitoring assets, threats, and vulnerabilities, 2) Maintaining a process for software lifecycle management including ongoing updating and patching, 3) Deploying threat modeling techniques to assess the impact of threats and vulnerabilities on device functionality and end users/patients; and, 4) Having and participating in a coordinated vulnerability disclosure policy. Implications: Given the increasing pace of innovation as well as ongoing exposure to cyber threats, startups should anticipate additional actions on the part of regulators and increasing vigilance in terms of both approval and cybersecurity. Product developers should do their best to anticipate the needs of the FDA and prepare the documents accordingly by staying abreast of industry standards and guidance published by the FDA and industry bodies. First and foremost, startups must make sure they understand the appropriate regulations, what regulations apply to their product, and be prepared to supply regulators with the required data in support of their product. Given the current focus on the shortcomings of the 510(k) process, including the risk of “device creep” and undue reliance upon the use of outdated predicate devices, device manufacturers must ensure they are not overly reliant on the 510(k) process and be prepared for the possibility that they may have to pursue the PMA process. In addition, there are approximately 10-15 medical devices per hospital bed and that an increasing number of devices are being deployed in hospital at home configurations. As a result, medical device network security and remote monitoring security will be paramount. Moreover, developers must be aware of risks that reliance upon outside parties could pose to security. For example, developers who incorporate the use of “off-the-shelf software” are responsible for maintaining security of that software, not the vendor of the off-the-shelf software. Similarly, medical device manufacturers that incorporate the use of cloud services into their products should understand how and where their data will be stored (ex: domestically/overseas), what data security and privacy regulations that may expose them to and what the security obligations of their agreement with the cloud vendor are. In addition, innovators must realize that they need to incorporate a lifecycle management approach for their devices to ensure they “demonstrate a commitment to implementing cybersecurity best practices both before and after their devices are on the market.” Related Reading: FDA Safety and Performance Based Pathway Risk of Recall Among Medical Devices Undergoing US Food and Drug Administration 510(k) Clearance and Premarket Approval, 2008-2017 Drugs, Devices, and the FDA: Part 2 Cybersecurity-Related Regulatory Considerations for Medical Devices

  • Scouting Report-Somatus: An Integrated Care Model for Chronic Kidney Disease

    Recently Somatus successfully raised an additional $60.1M, which follows it’s Series C round of $64M, bringing its total raised to over $165M. The funding was backed by lead investor Longitude Capital as well as Optum Ventures, eerfield Management, Town Hall Ventures, The Blue Venture Fund, and Flare Capital Partners. Founded in 2016, Somatus’ goal is to expand their integrated care model for patients with chronic kidney disease and end-stage renal disease. The Takeaways: According to the CDC, over 37 million (15%) Americans suffer from kidney complications, many of which are undiagnosed. 40% are unaware that they have chronic kidney disease (CKD) while living with severely reduced kidney function. When untreated, CKD can lead to cardiovascular issues and stroke. In 2019, as a result of an executive order, the Advancing Kidney Health Initiative had an ambitious goal of treating 80% of End-Stage Renal Disease (ESRD) with either at-home dialysis or kidney transplant by 2025 (American Journal of Kidney Disease) In underserved communities, the prevalence of kidney failure is persistent due to the social determinants of health (SDOH) factors which limit patients in receiving preventative care and managing their health and wellbeing. The Story: With a goal of becoming the world’s best integrated care provider for patients with kidney disease, Somatus was founded by Dr. Ikenna Okezie who wants to provide holistic patient care to improve patient outcomes. Somatus has partnered with major kidney care stakeholders (health plans, health systems, nephrology, and primary care groups) in an attempt to transform kidney care. The improved care model relies on a steady network engagement, dialysis provisioning, and field-based nursing. Somatus claims that their model leads to a 42% reduction in length of hospital stay (compared to the national average). The Somatus model also uses its proprietary RenalIQ® technology platform, an AI-powered diagnostic tool, which the company reports can help predict the disease, disease progression, and recommend the best course for treatment. Since there are no early symptoms of kidney disease, CKD often goes undetected until it has progressed to the final stages of kidney failure. Kidney failure is a progressive and permanent condition that leads to ESRD which requires dialysis and eventually a kidney transplant. Both treatment options are intensive and require proper continuous care. The Somatus’ value-based kidney care model has “seen high levels of engagement and adoption from patients and delivered significant quality and cost outcomes for partners'' According to the company, Somatus currently has over 600 employees in 34 states serving over 150,000 patients. In addition, in June of 2021 Somatus, announced it has been awarded access to the Centers of Medicare and Medicaid Services’ (CMS) Virtual Research Data Center (VRDC) which comprises a 20-year beneficiary database that will be used to examine how demographic data and social determinants of health (SDOH) can impact chronic kidney disease (CKD) outcomes. Somatus will be collaborating with John Hopkins’ Center for Health Equity to study various factors associated with CKD and mortality rates. According to the company, the study is expected to be released in 2022. This study will allow healthcare providers to understand the primary drivers of disparities and use evidence-based practices to intervene and provide better care for many patients affected by kidney disease The Differentiators: With over 600 Somatus partners, Somatus works with patients and providers to provide the best care suitable for the patient’s lifestyle. Somatus can provide at-home dialysis through trained nurses and community health workers who are also tasked with the role of informing the patients of their options, their current status, and their overall treatment plan. According to the American Journal of Kidney Diseases, peritoneal dialysis (PD), which can be administered at home, has greater patient satisfaction, fewer complications, and better health outcomes. Somatus holds a deep understanding of the elements of SDOH and works with their patients to ensure that social barriers are not in the way of their treatment. While providing a high-quality of care, Somatus is set on reducing avoidable costs associated with undertreated CKD. According to their website, though members with kidney disease make up a small percent of the health plan’s total population, the financial impact of ESRD is disproportionately high vs. other conditions. For example, on average, a Medicare beneficiary with an ESRD treatment plan can cost up to $90,000 per year. Additionally, 32% of the annual costs are spent on dialysis services. According to the CDC, in 2018, treating Medicare beneficiaries with CKD cost over $81.8 billion, and treating people with ESRD cost an additional $36.6 billion, with approximately 20% of the Medicare budget being spent on kidney disease. The Big Picture: To meet the Advancing Kidney Health Initiative by 2025, CMS updated their ESRD Treatment Choice Model to promote greater use of at-home dialysis, improving patient outcomes and reducing healthcare burdens. Somatus has been attempting to transform how kidney care is delivered since 2016. Somatus reports that the current state of kidney disease has a 33% readmission rate for dialysis patients (within 30 days of discharge) and 1.7 hospital admission per year per dialysis patient. Their mission is to equip healthcare providers with tools to detect kidney disease earlier and provide holistic interventions before reaching the final stages of kidney disease, particularly for patients in underserved communities. According to the company their tools include “personalized support and care plans that include nutrition and health coaching, medication management, home dialysis modality education, behavioral health, and social services.” All of these attempt to facilitate the use of home dialysis and increase the rates of kidney transplantation serve to help improve the cost and quality of care for patients with chronic kidney disease. However, studies indicate that home dialysis can often require up to 4-6 weeks of training for proper use, creating a significant opportunity for companies like Somatus. In addition, other studies indicate that training for home dialysis did not vary by education, indicating an opportunity to extend more effective and frequent treatment of chronic kidney disease to many underserved patients who may need it most. Somatus Lands $64M to Expand Value-Based Kidney Care Model; Home Dialysis in the United States: A Roadmap for Increasing Peritoneal Dialysis Utilization; Effect of Frequent Nocturnal Hemodialysis vs Conventional Hemodialysis

  • Untangling the Intricate World of Digital Health Regulation-The HSB Blog 6/28/21

    Our Take: The current regulatory landscape for digital health tools is complex and doesn’t lend itself to easily determining where digital health tools belong or how they should be regulated. As a result it is not clear how to design these tools within regulatory guidelines and what process they should or may need to follow for approval. This can risk the health and safety of patients as well as slow the pace of development of innovative products to market. Furthermore, it risks having devices or services that are not safe and effective coming to market with the potential of exposing patients to an unacceptable level of risk and vulnerabilities. In addition, it risks stifling innovation, lowering the ability of patients to monitor and participate in their own care and slowing the development of digital tools that could result in higher quality, lower cost care. As a result, for startups to remain compliant they must learn how to navigate this complex web of regulation and guidance and create a system for staying on top off any updates from the appropriate agencies. Key Takeaways: There is a lack of understanding about regulatory guidelines and how digital tools (i.e., software and medical applications) are classified. There are at least six guidance documents from the FDA broadly concerning software related to medical devices and mobile medical applications. The regulation of software that is based on Artificial Intelligence (AI) or machine learning (ML), created a whole new series of issues for regulators The market for mobile health apps, both those intended for medical use as well as health and wellness, is projected to grow over 800% between 2019 and 2025 (Statista) The Problem: Healthtech regulation affects everyone, including patients, healthcare professionals, and manufacturers. The current regulatory landscape is complex and not set up to rapidly respond to classifying the space in which digital health tools belong. As a result, It is not clear how these tools should be designed within regulatory guidelines. Startups that are developing medical devices and mobile medical applications need to keep this in mind when considering what regulatory pathway, if any, they will have to follow. The Backdrop: Even prior to the COVID pandemic there was a large increase in the number of digital medical devices as well as health and wellness apps. This number grew exponentially during the COVID pandemic as providers looked for ways to extend healthcare to those in need while keeping them out of physical facilities and away from exposure to infection. According to Statista there were approximately 54,000 mHealth apps on the Apple App Store in Q1 2021. Like most current technology, most devices are driven by software and it is the most important component in healthtech. As a result in 2019, the FDA provided guidance for the regulation of software in medical devices in a document entitled, “Policy for Device Software Functions and Mobile Medical Applications/ Guidance for Industry and Food and Drug Administration Staff.” The goal of the document was to help developers understand which mobile medical applications fall under the medical device oversight requirement based on their functions. Under the FDA’s classification scheme, software involved in medical devices broadly falls into two categories, 1) Software as Medical Device (SaMD) defined as software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device, and 2) Software in a Medical Device (SMD) which is defined as software that powers the mechanics of a medical device or processes the information that is produced by a medical device. According to the FDA guidance, how they regulate software is unrelated to the platform and instead is determined by the functionality of the software. As a result, the FDA only regulates applications (apps) that are intended for medical use (ex: provide a diagnosis) and not those that are intended just to help improve or monitor general health and wellness. In 2016 the 21st Century Cures Act came into effect which modified the definition of “medical device” and specifically excluded from regulation any software that is used “for maintaining or encouraging a healthy lifestyle and is unrelated to the diagnosis, cure, mitigation, prevention, or treatment of a disease or condition.” In its guidance the FDA noted that for certain types of medical devices, which meet the definition of medical devices but have low risk for the users of the device, the FDA will “exercise enforcement discretion.” As such developers wouldn’t have to obtain normal pre-market approval (PMA) from the FDA nor will manufacturers have to register devices with the FDA. According to the guidance document software, where the FDA expects to exercise enforcement discretion includes apps such as those that: 1) Help patients (i.e., users) self-manage their disease or conditions without providing specific treatment or treatment suggestions; 2) Automate simple tasks for health care provider, and, 3) Have software functions that coach patients with conditions such as cardiovascular disease, hypertension, diabetes, or obesity, and promote strategies for thing such as maintaining a healthy weight.” In 2019 the FDA launched a precertification program “to help address the regulatory challenges posed by novel medical software.” As noted in an article in Psychiatric News, “companies that are ‘pre-certified’ by the FDA will be given a fast and streamlined review process for all their digital health products and will then be responsible for monitoring the effectiveness and user satisfaction of their products and providing periodic reports to the FDA.” According to the FDA the goal of the program is “to provide more streamlined and efficient regulatory oversight of software-based medical devices developed by manufacturers who have demonstrated a robust culture of quality and organizational excellence, and who are committed to monitoring real-world performance of their products once they reach the U.S. market.” According to the FDA, “this proposed approach aims to look first at the software developer or digital health technology developer, rather than primarily at the product, which is what we currently do for traditional medical devices. The agency expects the program to “enable a modern and tailored approach that allows software iterations and changes to occur in a timely fashion under appropriate controls”. The regulation of software that is based on Artificial Intelligence (AI) or machine learning (ML), created a whole new series of issues for regulators. As a result, the FDA also recently proposed a regulatory framework for artificial intelligence (AI) in mobile medical apps (AKA adaptive AI). As noted in the Bioethics article cited above “the issue with adaptive AI is the software’s function can change over time as the AI algorithm learns. The implication is that software submitted to the FDA for review (and approval) could act and function very differently from the software eventually experienced by users.” The article notes that this has implications for the issue of “informed consent” as well as an issue of re-review by FDA. Currently the FDA’s guidance does not appear to cover apps that use adaptive AI that are not intended for medical use Medical apps and software also fall under the regulatory purview of the Federal Trade Commission (FTC) but generally only after they are released under their power to regulate “unfair and deceptive trade practices”. s noted in a 2019 article from Bioethics, on regulation of health and wellness apps, “the FTC has thus far taken on more of the regulatory role that one might expect the FDA would play. For example, a number of app developers have agreed to pay settlements to the FTC for making false claims about their app’s ability to improve vision, cognitive performance, and measure blood pressure.” Implications: The market for digital health tools is growing rapidly and the current regulatory apparatus is simply not fit to keep pace with either the pace of scale or change. According to Statista, the market for mobile health apps, both those intended for medical use as well as health and wellness, is projected to grow over 800% between 2019 and 2025. As a result the public is left with a market which is complicated and confusing, often leaving developers guessing which regulations apply to them and how to be compliant. While “intended use” of the company’s marketing the product is the key to determining how regulations apply, developers may not know or understand that they risk violating the regulations until they are notified by the FDA. Conversely, the labyrinth of regulations may slow the development of products to market or cause developers to inappropriately interpret regulations leading them not to apply their technology where it could have medical efficacy. Even worse yet, there is the potential that products may make it to market without the appropriate regulatory review of the medical technology possibly threatening patient safety and even potentially becoming ingrained in care protocols. As a result there are a number of steps that developers can take to ensure they are following the appropriate regulatory pathway. While this is not meant to be an exhaustive list and is in no way meant as a substitute for legal or other professional advice, these steps should help clarify the regulatory pathway. Clearly review the products “intended use” as well as “labeling, promotional statements, and other statements made on or on behalf of the marketer” including those on your website. Consult with regulatory authorities and take the time to review these with outside advisors/counsel early on in the process. Review FDA interpretive guidance including the Policy for Device Software Functions and Mobile Medical Applications cited above and referenced at the end of the publication as well as the Cures Act to determine how your product may be regulated (note the Cures Act specifically excludes certain types of software from regulation). Along those lines startups should consult the FDA guidance documents entitled “General Wellness: Policy for Low Risk Devices” concerning where “enforcement discretion” will be applied (also referenced below). Moreover, startups and their developers need to stay on top of emerging FDA regulations regarding the use of adaptive AI algorithms in medical devices and FTC actions on deceptive trade practices to ensure they are aware of and following the latest developments and guidelines. While all of the above should aid you in educating yourself in determining if you are subject to FDA regulatory approval and which pathway to take, it is imperative that you take steps to continually monitor any and all developments from the appropriate regulatory bodies. As a result, given the complexity of the regulatory landscape, innovators would be well served to bring in outside counsel and advisors at crucial decision points in the planning and strategy process as money spent early on in the development of products and services will likely help avoid regulatory issues or delays and will have a high ROI. Related Reading: Policy for Device Software Functions and Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff General Wellness: Policy for Low Risk Devices FDA Examples of Mobile Apps That Are NOT Medical Devices FDA Expanded FDA Regulation of Health and Wellness Apps - Bioethics FDA’s Streamlined Health App Approval: Better for Patients or Companies? Psych News

  • Scouting Report-Cleerly: Applying AI for Early Detection and Treatment of Coronary Disease

    The Driver: New York-based Cleerly secured $43 million in series B funding providing a cutting-edge digital health platform with machine learning capabilities for early detection and treatment of coronary disease and heart attacks. The Series B funding was led by Vensana Capital, with additional backing from LRVHealth, New Leaf Venture Partners, DigiTx Partners, the American College of Cardiology, and Cigna Ventures. Founded in 2017 by Dr. James K. Min, a cardiologist and director of the Dalio Institute for Cardiac Imaging at New York Presbyterian Hospital/Weill Cornell Medical College, Cleerly has raised $54M in total funding. Cleerly has two FDA approvals and will use the funding to commercially scale their company, obtain more FDA approvals, and invest in Research and Development (R&D) for their “precision prevention” technology. The Takeaways: Cleerly has spent five years building out its data science teams, perfecting its algorithms, and obtaining some approvals from the Food and Drug Administration in order to have recently emerged from “stealth” mode. Cleerly believes that by applying their AI-based technology to analyze heart scans they could reduce costs of cardiovascular care by 60% including a 75% reduction in invasive cardiac catheterization tests. Heart disease is largely asymptomatic and the first sign of heart disease is often a heart attack. 60% of those who have a heart attack have no prior symptoms. The causes of heart disease are not thoroughly understood and healthcare providers rely on risk indicators that are insufficient to prevent heart attacks. The Story: James K. Min, MD FACC, founder, and CEO of Cleerly is attempting to revolutionize the diagnosis and prevention of heart diseases by empowering primary care providers to “reach patients earlier [prior to hospitalization] where costs spiral out of control.” Cleerly is meant to allow for intervention by primary care providers by helping them to understand and interpret its advanced imaging without the need for a specialist. This will allow earlier diagnosis and treatment, before the patient complains of chest pain which is the “end-stage phenomenon” reflecting arteries that are already compromised with plaque or fatty deposits. For example, while risk factors such as cholesterol levels are currently used to determine the patient’s cardiac health, there is an 80% overlap “of cholesterol levels for people who do and don’t have heart attacks” according to Dr. Min in a recent Forbes article. In other words, risk factors are not enough to prevent heart attacks. Indeed, Dr. Min noted that often the first symptom of coronary artery disease can be a patient actually experiencing a heart attack itself, indicating a need for earlier diagnostics and preventative care plans. The Differentiators: According to the company, Cleerly has a database of 50,000 CT scans that Dr. Min and his team have cataloged and labeled to highlight certain characteristics. He and his team used AI and machine learning to train the algorithms to identify common patterns which characterize cardiovascular disease including the “presence, extent, severity and type” of disease. Unlike an invasive cardiac catheterization test, which is expensive, requires sedation and several hours in the hospital for recovery, Cleerly offers non-invasive medical interventions to conduct “comprehensive coronary artery phenotyping” which will help healthcare professionals to formulate a preventative healthcare plan. In addition, Cleerly’s platform is based upon analysis of what are called Cardiac Computer Tomography Angiogram (CTA) images, which are non-invasive but can still take detailed images of the heart illuminated by a dye injected into the patient. Although CTA is not yet first line therapy in the U.S., the American College of Cardiology has noted that the technology holds great promise and United Healthcare does reimburse for the procedure for lower risk patients with chest pain. CTA became first line therapy for those with chest pain in 2016. In addition, while Min initially theorized that “the more narrow and blocked a person’s arteries were, the more likely they would be to experience a heart attack”, however his team found it was not the amount of plaque but the thickness of the plaque that mattered. Patients who had so called fibrofatty or necrotic core plaque in their hearts, which was more likely to be softer and made of fat, cholesterol and other fatty compounds. According to the National Institutes of Health, understanding how the necrotic core develops is an urgent goal in heart-disease research. While the company is not positioning its product to replace trained doctors who can interpret scans, a June 2021 study commissioned by the company noted that the AI had a diagnostic accuracy of about 99.7 when assessing scans of patients whose tests indicated they had severe narrowing in their arteries. The Big Picture: According to the U.S. Centers for Disease Control (CDC) approximately 650,00 people will die from heart disease this year and heart disease will cost the healthcare system approximately $219 billion annually. As noted above, often the first indication of disease is severe chest pain or a heart attack, with about 60% of those who have heart attacks never having any prior symptoms of disease. Cleerly intends to change this dynamic by reaching patients earlier in the process and through their primary care providers instead of the ER when it can be too late to intervene. Considering the nature of heart disease, silent and asymptomatic, Cleerly will allow various healthcare professionals (PCPs, specialists, radiologists) to quickly identify the presence and nature of the heart disease without the need for invasive procedures like cardiac catheterization. As a result the company believes it can reduce expensive, invasive procedures by 75% and lower costs of cardiovascular treatment by 60%. By taking advantage of AI, Cleerly’s technology can analyze CT scans within minutes, compared to the 8 hours it would take humans to manually analyze the CT scans which makes the analysis feasible and cost effective. By deploying a non-invasive test such as this, Cleery’s technology would likely allow for broader scanning of the approximately one-half of Americans who currently display one of the three highest risk factors for the nation’s number one killer; high blood pressure, high cholesterol or smoking. As such it may be a more effective and efficient way to find some of the almost 20M people the CDC estimates currently have heart disease in the U.S. As Clinical Guidelines Shift, Heart Disease Screening Startup Pulls in $43M Series B & This AI Startup Raised $43 Million To Save Lives (And Money) By Treating Heart Disease Earlier

  • How Can Healthtechs Navigate the FDA and CMS Regulatory Maze?-The HSB Blog 6/21/21

    Healthtech companies have to navigate a complex regulatory process to bring products to market and it’s important they understand the role of different agencies and what they look for. Perhaps the two most important aspects that companies have to deal with are regulatory approval and financial reimbursement which fall under the purview of the Food and Drug Administration and the Center for Medicare and Medicaid Services (CMS). Navigating the regulatory process should be managed in an integrated fashion allowing compliance to create a competitive advantage for startups who do so. Key Takeaways: The FDA’s main role is to ensure that drugs/devices/medical products are safe and effective for their intended use. As such, it is imperative for startups to understand that the FDA is by nature a risk-averse, slow-moving entity as mistakes carry significant consequences and are very high profile. CMS’s main role is to determine whether the cost of the product (medical device or drug) is “reasonable and necessary" for their beneficiaries of the Federal healthcare programs (Medicare, Medicaid, Tricare, etc.) in order to decide whether to extend reimbursement coverage and pay for the products. Commercial insurers typically follow the lead of CMS in extending coverage. Formulating an integrated regulatory approval and reimbursement strategy early in the startup lifecycle can significantly impact time to market, costs and addressable market opportunity creating a competitive advantage. Engaging regulatory agencies early on in the process and using expert consultants often has a significantly higher ROI than doing so later in the process as it can both help anticipate and answer potential issues and pitfalls which slow time to market. The Problem: Emerging healthtech companies have to balance their desire for bringing an often new and untested product to market as quickly as possible against regulators' responsibility to ensure public safety and value. In addition, rapid changes in regulations in response to events or legislation (either permanent or temporary) can create short term windows of opportunity or demand which may accelerate the tension between the need for digital health innovations and regulatory compliance. As such when designing and creating go to market plans for new technologies companies need to keep in mind that the FDA’s 4-step marketing approval process can take up to 7 years for the approval of medical devices and up to 12 years for drugs. Moreover, gaining FDA approval for a drug or product does not necessarily mean that CMS will cover a drug or product quickly or ever extend coverage to the approved device or drug. In addition, even if innovators see the likelihood of approval and reimbursement as high, they must also figure in the increasing cost of such approvals. For example, according to the Tufts Center for the Study of Drug Development between 2003 and 2013, there was a 145% increase in the costs of getting market approval for prescription drugs while the approval rate increased by only 12%. This is one of the risk reward decisions where founders need to make a careful assessment of their own limitations and understand what they don’t know. The Backdrop: The approval process for healthcare products in general can be incredibly burdensome and time consuming. For example, for certain technologies and interventions, including medical devices, and certain medical procedures. CMS issues coverage policy through one of two mechanisms: national coverage determinations (NCDs) or local coverage determinations (LCDs). As noted in the Journal of Law, Medicine and Ethics, “the responsibility for making the reasonable and necessary determination for the vast majority of devices falls to fiscal intermediaries that serve as representatives of different Medicare districts within the US. These contractors assess whether a device meets the reasonable and necessary criteria, resulting in a local coverage determination. LCDs may limit the coverage of items or services to specific diagnoses, or may preclude coverage entirely, with each decision applicable within the contractor’s local jurisdiction.” By contrast, CMS typically reserves NCDs for a select subset of 'big ticket' interventions likely to have a significant impact on costs or quality of care, or those which are associated with safety concerns and typically represent only a small percentage of all CMS coverage determinations. Add to the complication of going through CMS’s normal approval process the fact that the cutting edge technologies like artificial intelligence are incorporated into many new healthtech products and that process becomes even more confusing and lengthy. For example, the FDA is currently trying to determine the appropriate method of regulating products and devices that employ so-called adaptive AI where the treatment algorithm or protocols change in response to feedback learned by the product as it is actively treating patients. In addition, regulators are working to determine the nature and extent of what informed consent would look like for both practitioners and patients in such situations, including if and under what circumstances it would need to be updated based on changes in treatment protocols. As a result, products that currently use these technologies face an uncertain and potentially changing regulatory environment as they race to take advantage of being early to market (not to mention how this could impact product adoption). Moreover, this issue can create a snowball effect leading to additional questions and delays in reimbursement on top of what is already a median 9-month delay from FDA approval to initiation of a CMS NCD. Complicating all of the above is the fact that startups are often loath to spend precious cash on advisors and consultants who may be able to help them navigate the process, particularly early on in their incubation when course corrections are the least expensive. Often they will rely on friends and family as advisers who may have some experience with the requisite agencies but not in the relevant or appropriate specific area of expertise. This can be a costly mistake. Implications: Startups should formulate an integrated regulatory approval and reimbursement strategy early in their lifecycle knowing that it can significantly impact time to market, costs and addressable market opportunity creating a distinct competitive advantage. As noted by Ralph Hall, Principal of Leavitt Partners in a recent panel discussion we moderated at Georgia Bio, you need an upfront integrated strategy that links your FDA regulations, your reimbursement coverages (including private payers), your consumers, your professional societies, your market, your competitors. He also advised that you want to do it so if the FDA wants to change something, you have the foresight and can do a cost-benefit analysis. Given the need for speed to market in healthtech this kind of flexibility can be key. In addition, innovators should keep in mind that the Silicon Valley mindset of growth at all costs is likely to be at odds with the culture of the regulatory agencies which are risk averse. As noted by Mr. Hall, when dealing with regulators it’s important to keep in mind the environment of the agencies and the culture of the organization, “at the FDA, if you approve a product you’re carrying a risk.” As they wind their way through this process, it’s beneficial to anticipate the needs and requirements of both the FDA and CMS from their point of view and keep their organizational dynamics in mind. When hitting a roadblock companies should actively solicit the feedback of the agencies and if startups realize they are beyond their area or expertise or competency they should strongly consider hiring appropriate consultants or counsel to help them through the process. While it may be tempting to use political connections to go around the agencies, Mr. Hall strongly urges against this as this can irritate the regulators, particularly the FDA, and backfire. All of these strategies will help turn what is often an impediment in bringing products to market into a competitive advantage that should help secure FDA approval and CMS coverage more rapidly and more easily. Related Reading: Investing Amid Regulatory Uncertainty-Panel Georgia Bio MedTech & Digital Health Innovation Summit Evidence Supporting FDA Approval and CMS National Coverage Determinations for Novel Medical Products, 2005 through 2016: A Cross-Sectional Study Harmonizing Standards and Incentives in Medical Device Regulation: Lessons Learned from the Parallel Review Pathway

  • Scouting Report-Sempre Health: Incentivizing Prescription Adherence with Dynamic Pricing

    The Driver: On June 15th, San Francisco based startup Sempre Health announced that it had raised $15M in a Series B round led by Blue Venture Fund with UPMC Enterprises, Rethink Impact, and LifeForce Capital and Industry Ventures joining the round. Founded in 2015, the company offers behavioral-based discounts on drug copays. The company currently offers discounts on drugs for diabetes, cardiovascular and respiratory conditions. The company plans for use the proceeds to attempt to enroll more patients in the service and expand the number of drugs offered for coverage under their plans. The Takeaways: Medication non-adherence costs between $100M-$300B per year, and causes approximately 10% of hospitalizations, often driven by cost of the prescriptions. Sempre claims that its behavioral economics based approach can increase adherence by 15% on average while achieving a Net Promoter Score (NPS) of 92 from its members. The company states that they have had more than 125,000 patients managing chronic conditions on their platform and have one healthcare partner that implemented its program in January 2020 and is “on track to eclipse $1 million in savings for members in just seven months.” While a 2012 study noted “evidence is limited on whether [interventions to improve adherence] are broadly applicable or drive long-term outcomes, Sempre’s approach which incorporates both behavioral economics and dynamic pricing may hold promise. The Story: Sempre was founded by Anurati Mathur, who has a B.S. in microbiology and business for U.C. Berkeley and who has been involved in healthcare and healthcare startups including Propeller Health, Practice Fusion and DaVita Healthcare Partners. Mathur became frustrated when she went to pick up some prescription eye drops for an allergy, and left without the prescription when she found out it would cost $150. Realizing that patients like her often don’t pickup or take their medications due to cost led her to found the company. Under the program the company sends out text based reminders with information about discounts and how they might change depending upon when the prescription is picked up. According to Mathur the discounts help incentivize adherence. However, only patients who routinely pick up their medications are eligible for the discounts. The program is driven by a two-sided marketplace, whereby Sempre solicits drug companies to participate by adding their drugs and setting a budget on the Sempre platform, while it simultaneously works with its health plan customers to determine which of the plan’s customers it will invite to participate in the service. Sempre stated that they have had more than 125,000 patients managing chronic conditions since April 2019 and expects to surpass 250,000 on its platform by the end of 2020. In addition the company claims to have one healthcare partner that implemented its program in January 2020 and is “on track to eclipse $1 million in savings for members in just seven months.” The Differentiator(s): According to the New England Journal of Medicine 20-30% of prescriptions are never even filled and costs the U.S. Healthcare system anywhere between $100-$300B per year. Sempre uses incentives based on behavioral economics and dynamic pricing to drive higher engagement and better adherence and medication compliance. Compared to traditional copay programs Sempre’s program is targeted at high cost and chronic conditions and allows players to target the customers who will receive the discounts. In addition, by using dynamic pricing and text-based reminders Sempre works with patients to get them to refill and pick up prescriptions early in the process at lower cost creating a self reinforcing pattern where they control the size of their discounts as a direct result of their behavior. In addition, by using budgets from the pharmaceutical companies to fund discounts in copayments from insurers to consumers Sempre is connecting all the players in the ecosystem, something typically not found in healthcare. The Big Picture: As noted, prescription adherence and compliance is a major problem in the U.S. healthcare system, often driven by the cost of medication and copays. Sempre is simply applying the principles of behavioral economics used in other industries such as the airlines or automobile insurance (ex: good driver discounts) to influence behavior. Too often in healthcare, patient/consumer behavior cannot influence cost, leaving all patients at the mercy of arbitrary pricing mechanisms, disconnected from market economics. While Sempre’s programs are currently only being used for high-cost and chronic conditions there is the potential to adapt these mechanisms to any illness where improved compliance is an easy and cost-effective way to improve outcomes and quality. However, given that the program is currently directed to those who are already diligent about filling their prescriptions, it will be important to review how compliance and adherence are affected for those who are less diligent about filling prescriptions, a greater source of poor care and outcomes. Assuming behavioral economics proves as successful in healthcare as it has in other disciplines, this model could easily be applied not just to prescriptions but to other problem areas in healthcare where compliance and adherence are an issue, like routine diagnostic testing and even post-procedure follow-up appointments. While other factors influencing behavior might need to be factored into these types of programs, such as patients' access to transportation, this would likely be easy enough to design in (please note: these are hypothetical musings, and not product suggestions from Sempre Health). Programs such as these which inject an element of transparency and patient control into pricing and move healthcare towards a more market and consumer driven model are sorely needed as we move into a more value-driven, consumer centric model. This Startup Just Raised $15 Million to Help People Better Afford Their Medicines; Sempre Health Raises $15M in Series B Financing to Improve Medication Affordability