As the country continues to embrace value-based business models in health care, the question becomes how does this shift in focus effect other silos in the industry such as medical device companies? The escalation of healthcare costs demands a change in thinking for medical practices, hospitals and insurance providers. Now, medical device manufacturers need to consider how this spiral will impact their business model.
Value-based solutions are becoming the name of the game this year and in years to come.
Consider ways the med device industry might have to adjust to stay current with this trend.
What is a Value-Based Payment System?
The former payment model such as, agents like Medicare simply pay medical providers for their service without considering the quality of care or how it affected health outcomes. The fee-for-service reimbursement system delivered based on the amount billed or an annual fee schedule. With the implementation of the Affordable Care Act and other health reform efforts, The Department of Health & Human Services created a plan to convert their fee-for-service system for Medicare payments to a value-based program.
The move to value-based payments failed to recognize the medical device industry, though. A December 2017 report issued by the Advanced Medical Technology Association points out that the measurements of quality adopted by this new system were inadequate and might actually have a negative impact on patient care quality. This study highlights the uneven playing field established for the medical technology sector, potentially curtailing innovate device design and depriving these patients of top quality care.
Compared to other healthcare expenditures, medical device spending hasn’t changed much over the last 25 years. Medtech spending increased by just .9 percent from 1989-2013. Compare that to the cost of medical care services which jumped by 4.8 percent. The focus of this change to a value-based payment system isn’t on medical devices but it still has an impact on the overall industry.
As the health industry becomes more reliant on digital technology, the issue of cybersecurity becomes an essential business and ethics priority. When it comes to health technology, digital security means more than the safety of data – the very lives of patients could be at stake.
Recall the report in late 2013 when former Vice President Dick Cheney had the wireless functionality of his heart implant disabled due to fears it might be hacked. Though no hack was ever directed at the former Vice President then, such a threat is considered to be plausible.
The FDA recently recalled approximately 465,000 pacemakers that were vulnerable to hacking, but the situation points to an ongoing security problem.
The Threat
Yes, every aspect of digital health could be at risk, including wearable medical devices. Studies coming out of the United Kingdom and Belgium have shown that hackers can deliver fatal programs directly to implanted medical devices including defibrillators, insulin pumps and pacemakers. There have been cases of medical facilities in the United States closing because of malware interrupting the security of computers involved in cardiac surgeries.
Embedded devices are not known for having the best security. In previous generations, there was no reason for it, but there is definitely urgency in the current generation on two fronts. First of all, patients must be protected so that hackers do not have the ability to break into devices that support or sustain human life. Secondly, medical devices that are vulnerable can become an entry point to a larger network of monitors, sensors, medical records and other important notes of information.
Because of the urgency that medical emergencies demand, digital health cyber security is a much larger opportunity for hackers than perhaps any other industry. A ransomware attack on an embedded medical device could evolve into literally a ransom on a person’s life – of far greater urgency than the demands for Bitcoin that hackers impose on insurance and financial securities companies. The opportunities for extortion are exponentially greater now, a viewpoint that has been backed up by the highly reputable research company Trend Micro.
The aging population that we see using more medical technology to stay vital, healthy and alive is a growing industry that currently stands at around $400 billion. It is a market that is poised to expand at a rate of about 3% per year until 2022. After this, it has the ability to explode exponentially serving the needs of the Baby Boomer population as they move into their later years.
The majority of IT networks in hospitals remain far behind the security challenges that this growing industry presents. Many surveys show that cyber security budgets are being misappropriated towards cloud security and infrastructure in an unbalanced way. Adding fuel to the fire, government frameworks have done little to deter hackers from doing their worst. The emerging frameworks of regulators for the medical industry currently provide guidance only, not penalties for improperly directing security funds. Under this current system, it is a simple thing for medical IT professionals to overlook the risks that unprotected medical devices represent. This is especially true in an environment where an attack on a device has not happened yet.
There is also a potentially large problem of older medical devices being incompatible with new guidance. Medical device capital equipment such as MRI scanners do not experience a great deal of turnover in medical offices – the average age of a scanner in an American medical office is 11.4 years. Even if an office wanted to build a more robust medical device security infrastructure, it would mean a huge outlay of upfront funds. That office would have to upgrade its hardware as well as its security systems, a feat that might be beyond the reach of many smaller offices.
The Opportunity
Despite the challenges mentioned here, there is a huge opportunity within the medical industry in terms of digital health cybersecurity. For medtech companies, one such opportunity lies in the area of security as a strategic advantage. Making bullet proof the next generation of medical devices that are susceptible to hacking could prove to be a key differentiator.
The International Organization for Standardization came out with guidelines for disclosure of product vulnerabilities in 2014. This standard will be revised in 2019. It is essential that any maker of medical devices understands these new standards and uses them to their advantage in new product development.
Healthcare providers also have a chance to clean up their digital hygiene. Those who deliver health services should be trained to stay in compliance with security policies. This too opens the door to offering professional development training to ensure compliance and patient safety.
Executives and managers also now have a reason to enforce an office policy of leaving your home devices at home. Even a cell phone that taps into office Wi-Fi can become a back door for hackers to move into the wider digital space of a medical office.
Offices also have leveraged to focus on the security shortcomings of legacy devices. They may be able to apply pressure on suppliers and manufacturers to help bring devices up to code with a minimum of cost to the office. Many governmental agencies are beginning to require that offices follow guidance. Although this framework is far from complete, medical offices should band together now to put the pressure on vendors and suppliers to adhere to standards so that the cost of compliance does not fall completely on the shoulders of the offices.
Large hospital systems should reorganize their priorities when recruiting executive and management leadership. The new breed of leaders should have a working knowledge of medical IT infrastructure along with their core skill sets. Once hospitals take responsibility for their own digital safety in this way, the pressure will be on entity surrounding these seminal institutions, including vendors and governmental agencies, to shape up their production values and framework guidance, respectively.
For medtech boards and senior management interested in creating value by using information security as a strategic advantage will likely be required to find talent from outside the firm’s ranks. Hiring appropriate leadership, that understands the strategic implications of digital health cybersecurity as a critical component of future innovation will likely come about from the outside of the organization. This is due to the fact that it has not been the tradition of medical device makers to prioritize this as part of the senior executive skills package. This becomes particularly important as more medtech companies move toward “smart” medical devices.
Executives who can envision digital health cybersecurity as an opportunity for will bring unique value to the table.
As more medical device companies realize that cybersecurity can be leveraged as an opportunity to create value, differentiation and new revenue streams, recruiting leaders who can bring this expertise to the executive ranks will be more vital than ever.
Leadership and Talent for a Value-based System
As medical device leaders look to invest in value-based strategies having the suitable leadership in place will be essential. Changes in the regulatory environment along with the need for cost containment demands a new ways of thinking about innovation. As you assess the profile of your leadership, look to build a management who can:
- Understand the new payment programs and how medical devices fit into the spend patterns;
- Determine both the clinical and economic advantages of a device;
- Be able to produce data that encourages investment and influences stakeholders.
It can be challenge to quantify the worth of a medical device, as opposed to a life-saving drug. There is a learning curve in the use and operator variability to consider. A value-based system demands that companies consider both the clinical and economic relevance of their products. They must be clinically efficient and provide a positive patient experience, as well as effectively lowering the cost of the service. The expense of adding the Medtronic antibacterial envelope is significantly less than the cost of treating an infection and replacing the device, making it an insightful choice for this device company.
Value-based healthcare looks to be the future. Medtech companies that want to fully capitalize on the value-based trend should make certain they bring into their ranks visionary leadership that can rethink how their medical device company can gravitate from a product based strategy to a solutions based strategy.
JP Boyle & Associates provides medical device executive search services to health technology companies across the United States and the globe.
Let’s engage in a conversation on how we can help you expand. Please contact us here.