Secretary Burwell announces Region IX Director of HHS
Secretary Burwell announces Region IX Director of HHS
NNU Nurses Score Big Win: CA’s New Safety Guidelines Set Precedent for Nation’s Healthcare Workers
Nurses are celebrating California’s recent announcement of precedent-setting Ebola patient care guidelines that call for strong healthcare worker protections and provide a model for federal and state action for all U.S. hospitals. The new guidelines came in the wake of the Nov. 12 worldwide Day of Action for Ebola Safety by 100,000 registered nurses (see more on the Day of Action below).
The new California standards, an elaboration of existing Cal/OSHA regulations on Aerosol Transmissible Disease and other existing regulations, go well beyond the faulty procedures and protective gear employed by hospitals across the U.S., and the current, unenforceable recommendations of the federal Centers for Disease Control and Prevention.
By contrast, California regulations are mandatory and hospitals that fail to comply will face civil penalties. The regulations stipulate requirements for the optimal level of personal protective equipment (PPE) and rigorous training and drills. They break new ground in identifying modes of possible transmission of the virus and clarifying when safety precautions must be engaged for nurses and other front line health workers who encounter patients with the deadly Ebola virus.
“These rules are a testament to the outspoken efforts of nurses who have repeatedly pressed for the highest level of mandatory safety precautions to protect nurses, patients, and the public. Nurses have raised their voices, and California has now listened, acted, and once again set a benchmark for the nation,” said NNU and CNA Executive Director RoseAnn DeMoro.
“With the hospital industry dismissing the concerns of the nurses, and the federal government failing to order the hospitals to implement the optimal level of Ebola protection, California, under the stewardship of Gov. Brown, has heard the voices of nurses, and established a model that all should follow,” said CNA Co-President Zenei Cortez, RN.
Learn more about this exciting news here:
- Overview of the New California Standards on Ebola
- Press Release: Dramatic New California Ebola Mandate Inspired by RN Actions
- Nurses urge you to sign the Petition to President Obama and Congress Demanding that the Federal Government Adopt the Same Standards
Global Day of Action Energizes Nurses Campaign to
Protect Nurses and Stop Ebola
Nurses in Washington DC march near the White House on the Day of Action
Across the US, from the White House to the Federal Building in Oakland, CA, thousands of nurses took part in National Nurses United actions Nov. 12, demanding that US Hospitals dramatically ramp up preparedness for Ebola. The Nurses also called on the President to mandate the highest Ebola safety standards citing the laxity and unenforceability of current CDC guidelines. Nurses and healthcare worker unions also held actions in Australia, Canada, Ireland, the Philippines and Spain.
In over 150 locations in 16 states nurses held strikes, die-ins, rallies, candlelight vigils, bake sales, “walk-ins,” and pickets in front of hospitals and Federal, State and OSHA office buildings. Each action site featured red banners and life-sized placards of a nurse wearing a full-body HAZMAT suit illustrating the optimal standard of PPE/personal protective equipment RNs require to safely care for Ebola patients.
DC nurses die-in at the White House
Nurses from the DC area staged a “die-in” in front of the White House to underscore the urgency of providing healthcare workers with the optimal standard of personal protective equipment. “I put my heart into being a nurse every day and I want my patients to get the best possible care,” said Donna Fleming-Cobey, an RN at Providence Hospital, who participated in the die-in.
Rally and n95 respirator action in Oakland, California
Over two thousand nurses in red scrubs marched on Kaiser Headquarters and then rallied at the Federal Building in downtown Oakland, California. Nurses chanted “n95, We deserve better, n95, We deserve better,” and then tossed the shoddy respirators into large boxes that were shipped to the President after the action. You can watch some of the rally here: https://www.youtube.com/watch?v=oX5Q1Tny4gQ
Snapshots of some of the many other actions across the country:
In New York City nurses held a candlelight vigil in front of the Federal Courthouse.
Nurses braved 18° wind chill for actions at several sites in Chicago, IL including the University of Chicago Medical Center.
At the Hines VA action, nurses were joined by Iraq Veterans Against the War (IVAW) and Disabled Veterans of America (DVA). The veterans thanked NNU for standing up for what’s right, and speaking out when everyone else was quiet, or, worse, complicit in purposefully doing nothing to protect nurses, veterans and the public at large.
Members of the Michigan Nurses Association paid a visit to the state Capitol accompanied by a mobile billboard message to Governor Snyder.
Nurses held a vigil outside St. Louis University Hospital despite VERY cold weather.
Nurses in South Florida rallied at the OSHA office in Fort Lauderdale
Nurses and their families gathered at the Minnesota State Capitol for a candlelight vigil to honor those frontline healthcare workers who have been caring for or have pledged to care for Ebola patients. Nurses asked the state for mandatory standards to be enforced by OSHA that will protect them from all infectious diseases, and they pledged to make complaints to OSHA if hospitals aren’t ready.
In El Paso, TX nurses visited Congressmember Beto O’Rourke’s office. His staff pledged to support nurses’ efforts to win stronger federal standards for Ebola safety and offered to sponsor legislation toward that end.
Nurses from Reno and Las Vegas met with the Chief Administrative Officer of Nevada OSHA in Las Vegas to discuss nurses’ demands for optimal Ebola safety protocols including equipment and training while nurses conducted a bake sale outside to raise money for HAZMAT suits.
Nurses who work for hospitals operated by St. Joseph Health Systems “walked-in” on management at SJHS headquarters in Irvine, Ca to discuss their concerns about the lack of Ebola preparedness at SJHS. The nurses followed their surprise visit with a press conference in front of the headquarters.
Nurses at Kaiser San Francisco on one of many strike lines on the Day of Action
Many children joined the strike lines showing enthusiastic solidarity on the Day of Action!
More photos and media coverage of the Day of Action:
- Washington Post: Nurses win battle in California for mandated protections against Ebola
- Washington Post: Nurses go on strike for proper gear, training to protect them against Ebola
- Reuters: U.S. nurses hold strikes, protests over Ebola measures
- US Nurses strike over Ebola protection
- Sacramento Bee: Nurses Strike is Park of Larger Labor Push
- 18,000 Northern California Kaiser nurses walk out over contract talks
Visit National Nurses United’s Flickr site to see more Day of Action photos!
Nurse impacts patients in post retirement years
Nancy Lawson retired from a long career, but she did not stop nursing. At 85 she still cares for her patients.
ANA Calls for Stronger Collaboration between RNs, Employers to Reduce Risks from Nurse Fatigue
Pacemakers Get Hacked On TV, But Could It Happen In Real Life?
Jay Radcliffe breaks into medical devices for a living, testing for vulnerabilities as a security researcher.
He’s also a diabetic, and gives himself insulin injections instead of relying on an automated insulin pump, which he says could be hacked.
“I’d rather stab myself six times a day with a needle and syringe,” Radcliffe recently told security experts meeting near Washington, D.C. “At this point, those devices are not up to standard.”
Concern about the vulnerability of medical devices like insulin pumps, defibrillators, fetal monitors and scanners is growing as health care facilities increasingly rely on devices that connect with each other, with hospital medical record systems and —directly or not — with the Internet.
Radcliffe made headlines in 2011 by showing a hackers’ convention how he could exploit a vulnerability in his insulin pump that might enable an attacker to manipulate the amount of insulin pumped to produce a potentially fatal reaction. Now he talks about going without a pump to raise awareness about the potential for security lapses and the need for better engineering.
While there have been no confirmed reports of cyber criminals gaining access to a medical device and harming patients, the Department of Homeland Security is investigating potential vulnerabilities in about two dozen devices, according to a Reuters report. Hollywood has already spun worst-case scenarios, including a 2012 episode in the Homeland series portraying a plot to kill the vice president by manipulating his pacemaker.
“The good news is, we haven’t seen actual active threats or deliberate attempts against medical devices yet,” said Kevin Fu, a University of Michigan researcher who has made his career testing the vulnerability of medical systems.
The bad news is that hospital medical devices may be vulnerable to hackers simply because they can be the weak link that gives a criminal access to a hospital’s data system — especially if the devices haven’t been updated with the latest security patches, said Ken Hoyme, a scientist at Adventium Labs, a cybersecurity firm in Minneapolis.
In the real world, he said, a hacker is more likely interested in stealing records he can sell than in harming a patient.
“There are not that many bad…guys whose goal in life is to go and randomly mess with patients in hospitals,” Hoyme said. “They want money, not to shut off the ventilator of a particular patient.”
Hospitals are targets because they collect so much data, from patients’ Social Security numbers and financial information, to diagnosis codes and health insurance policy numbers.
Radcliffe estimates that medical identity information is worth 10 times more than credit card information —about $5 to $10 per record on the black market compared to 50 cents per account for credit card information.
Crooks can use it to apply for credit, file fake claims with insurers or buy drugs and medical equipment that can be resold.
And unlike the victims of credit card theft, those with stolen medical identities might not know for months or even years, giving the thieves more time to use their information.
New FDA Guidelines
Yet there are few cybersecurity standards for medical devices.
In October, the FDA issued guidance outlining what security features developers should bake into their products when seeking approval for a new device.
The guidelines, which aren’t binding, say that when seeking approval for a new device, manufacturers should detail cybersecurity threats they considered and create better ways to detect when it might have been hacked.
They should also build in protections, such as limiting access to authorized users and restricting software updates only to products with authenticated coding.
While a good start, some security experts say the guidelines should be binding. Others fear that giving them the force of regulation could be more harmful because they would become outdated quickly.
Nonetheless, the FDA’s guidance has, in effect, changed the conversation among device makers from, “‘Do I believe this is a real threat?’ to ‘What do I have to do to satisfy the FDA?’” said Hoyme.
By the end of the year, the agency is expected to issue similar recommendations for devices already on the market.
Common Vulnerabilities
One reason many existing devices might be vulnerable is they run on defunct operating systems like Windows XP, which Microsoft stopped supporting in April, meaning there won’t be any new security patches. Other, newer devices may have built-in passwords that are difficult to update. Gaining access to them can be fairly easy which could make them more vulnerable to attack, researchers say. In addition, sometimes, a password is intentionally disabled so it’s easily accessible to medical staff in an emergency.
Hackers can also get into some inadequately protected hospital systems when staff members click on links in emails, not knowing they contain malicious code. Once transmitted to a hospital’s intranet, that malware could find its way into unprotected device software and cause malfunctions, said Hoyme and Fu.
“If cyber criminals decide they can hack into a device to get health records, they won’t think about whether they’re messing with device performance: They’re going after the money,” Hoyme said.
Security experts warn that some of the same design flaws that make medical devices vulnerable would also make breaches hard to track.
“If your iPhone is compromised, it’s a lot more straightforward for someone to determine if it’s been tampered with. We’re not there yet” with medical devices, said Billy Rios, a former Google software engineer turned security consultant.
He describes how he was able to buy a secondhand EKG machine, used to measure the heart’s electrical activity, for just $25 online. Some infusion pumps and patient monitoring systems go for less than $100. That makes devices more readily available to those who want to figure out vulnerabilities to exploit.
“The effort required is so much lower,” he says. “That’s not a good position to be in.”
What Hospitals Are Doing
Hospitals are loathe to talk about device security publicly, but many are working to ensure their systems are stronger.
In a two-year test of information security, experts working for Essentia, a large Midwestern health system, found that many devices were hackable. For instance, they found settings on drug infusion pumps could be altered remotely to give patients incorrect doses, defibrillators could be manipulated to deliver random shocks and that medical records could be changed.
Stephen Curran, acting director of the Division of Resilience and Infrastructure Coordination with the Department of Health and Human Services, could not say how many facilities have a chief security officer or someone in charge of cybersecurity. But even small facilities have some relatively simple options for boosting the security of devices on their networks, he said, including “routine backups and patching of the systems and the use of anti-virus firewalls.”
Still, while “we definitely see a trend in hospitals to improve their security,” says Mike Ahmadi, global director of critical systems security at cybersecurity firm Codenomicon, vendors have to do more to engineer security.
“The bigger issue is that vendors are not held accountable for writing insecure code,” says researcher Rios. “There’s no incentive…so they don’t invest.”
Pressure On Vendors
A few hospitals, including the Mayo Clinic, have started to write security requirements into their procurement contracts.
At the University of Texas MD Anderson Cancer Center in Houston, any new software application has to be approved by the hospital’s security team, headed by Lessley Stoltenberg, chief information security officer.
He says device makers also will have to meet a slew of security requirements: Can the device be encrypted? Is there a unique identification for users? If the vendor is hosting the device, what does their system look like in terms of firewalls and other protections? Will the manufacturer provide up-to-date security patches?
Some companies, like Ahmadi’s Codenomicon, specialize in selling software to detect software bugs that could lead to security holes.
While Codenomicon has a number of device makers as customers, those are a fraction of the more than 6,500 medical device manufacturers in the U.S., some of which may not be doing even the most basic testing. Most vendors are small — 80 percent have fewer than 50 employees — and many are startups without the capital to invest in a security expert.
So, could hackers target infusion pumps or ventilators?
“Is it possible?” Stoltenberg mused. “Yes. Is it likely? No. No device in the world is absolutely 100 percent secure.”
Kaiser Health News (KHN) is a national health policy news service. It is an editorially independent program of the Henry J. Kaiser Family Foundation.
The Diversity Matters Webinar – Now Available on Demand
Laws Spreading That Allow Terminal Patients Access To Experimental Drugs
Earlier this month, Arizona voters approved a referendum that allows terminally ill patients to receive experimental drugs and devices. It’s the fifth state to approve a “right-to-try” law this year.
Supporters say the laws give dying patients faster access to potentially life-saving therapies than the Food and Drug Administration’s existing “expanded-access” program, often referred to as “compassionate use.” But critics charge they’re feel-good laws that don’t address some of the real reasons patients may not receive experimental treatments.
The legislatures in Colorado, Louisiana, Michigan and Missouri also passed right-to-try laws this year as part of a nationwide effort spearheaded by the conservative Goldwater Institute, which hopes to get right-to-try laws on the books in all 50 states. The measures generally permit a patient to get access to an experimental drug after it’s passed through phase 1 of a clinical trial, the initial testing in which a drug is given to a small group of people to evaluate its safety and side effects.
“For people with terminal illness, for whom nothing else has proved effective, they don’t have the luxury of waiting four to five months to get through the FDA’s compassionate-use program,” says Victor Riches, vice president of external affairs at the Goldwater Institute. Riches says that timeframe includes a lengthy application by the patient’s physician, FDA review and approval of the request and a federally required review by an institutional review board, a group of medical experts that evaluates the risks and ensures the patient understands them as well.
Between 2009 and 2013, the FDA received roughly 1,000 expanded-access applications annually and approved virtually all of them. Among other things, the FDA considers the severity of the patient’s condition and whether other avenues of treatment have been exhausted. Some patient advocates and policy experts say that while the FDA process could be sped up, they support the agency’s continued oversight because of its critical role in ensuring drug safety and effectiveness.
But even if the FDA approves a request for an experimental drug, the patient might not get it. Drug companies are not obligated to provide the drug to patients who request it.
Right-to-try laws are no different.
“We take a free market approach to problem solving, and we would never mandate that the drug companies provide these medications,” says Riches.
Without any assurance of access to an experimental drug or device, and with no financial support to help patients cover the costs, right-to-try laws give patients false hope, say critics of the laws.
“There’s no money in these laws, and no provision for companies to supply anything,” says Arthur Caplan, director of the division of medical ethics at New York University’s Langone Medical Center’s Department of Population Health. Caplan has been a vocal critic of right-to-try laws.
In addition to the cost of the drug, if the drug company doesn’t cover it, patient advocates say expenses can be a significant burden on people who have to travel to get access to an experimental drug.
“It’s a big issue for patients with rare diseases,” says Diane Dorman, vice president of public policy at the National Organization for Rare Disorders. NORD has historically been supportive of the FDA expanded-access program. It doesn’t take a position on right-to-try laws.
The degree to which insurers cover drugs and medical services under FDA’s expanded-access program varies, say health policy experts. According to the FDA website, some companies charge patients for the experimental drug, and medical services may or may not be covered.
The right-to-try model legislation developed by the Goldwater Institute explicitly states that insurers are not required to cover the costs of either the drug or device, or other services related to its use.
In addition to questioning whether right-to-try laws will make any meaningful difference in ill patients lives—Riches says he’s unaware of any patients who have taken advantage of the laws to date—critics voice a broader concern about the potential impact on the drug development process.
The decision by drug companies whether to provide a drug to one very sick individual is wrenching. How do they balance the needs of that person against the potential to introduce the drug to a broader patient population? Terminally ill individuals who receive experimental drugs may well suffer serious adverse events, potentially setting back the drug approval process.
“The concern is that these laws don’t really address the risks to the companies,” says Brenda Huneycutt, a director of regulatory strategy and FDA policy at Avalere Health, a research and consulting firm.
In addition, if more people get access to drugs through right-to-try laws, they may be less likely to participate in the clinical trials that are essential to new drug development, say experts. Why risk being given a placebo when patients can be assured of getting the drug under a right-to-try law?
“For us, the most important thing is that the clinical trial process remains robust so products can be approved most quickly,” says Dorman.
Please contact Kaiser Health News to send comments or ideas for future topics for the Insuring Your Health column.
Kaiser Health News (KHN) is a national health policy news service. It is an editorially independent program of the Henry J. Kaiser Family Foundation.
As California Expands Medicaid To New Beneficiaries, Many Others Are Dropped
When it comes to expanding health coverage to its poorest residents, California could be taking two steps forward and one step back.
Even as the state celebrates its enrollment of more than 2.7 million low-income Californians in Medi-Cal in 2014, it may drop an unusually high number of beneficiaries from its rolls by year’s end.
That is because Medicaid eligibility standards relating to income and household size changed under the Affordable Care Act, forcing the 8.6 million people who had been on the program before Jan. 1 to apply under the new rules. (Medi-Cal is California’s version of the federal Medicaid program.)
Beneficiaries always have to renew their coverage annually, and there is always some churn in enrollment as people’s circumstances change. But this year, the forms asked for a host of new information, and many more people than usual haven’t responded, according to state officials, county welfare directors and advocates.
In past years, depending on the county, about 20 to 40 percent of Medi-Cal beneficiaries do not renew their coverage. But this year, the numbers are running as high as 50 percent in some counties, according to state Health Care Services Director Toby Douglas. Los Angeles County reported 38 percent hadn’t returned applications sent in August, compared to 15 to 20 percent in previous years.
Although the state isn’t yet giving out estimates, advocates say this reduced response rate could translate into as many as a million or more additional people cut from the Medi-Cal rolls this year.
On Monday, the Western Center on Law & Poverty, along with several other advocacy groups, sued the California Department of Health Care Services in Alameda Superior Court, charging that Medi-Cal beneficiaries are being unfairly dropped from coverage. The groups are also applying for a temporary restraining order to stop the state from canceling coverage for Medi-Cal recipients who haven’t been properly notified.
The problem is coming to a head now in part because the state granted people a six-month grace period past their usual renewal dates to re-enroll. In November and December, many of the renewals are coming due – and those who don’t respond are being told they will be cut off.
“A lot of people will be getting a notice right before Thanksgiving telling them that they’re losing their Medi-Cal,” says Jen Flory, a senior attorney at the Western Center on Law & Poverty. “Our concern is that a lot of them don’t really understand what’s going on and haven’t had an opportunity to provide the adequate information.”
Recipients who do not return their packets and receive a termination can be reinstated if they send in their information within 90 days.
The California Department of Health Care Services declined to comment on the lawsuit. Before the suit was filed, Rene Mollow, deputy director of healthcare benefits and eligibility at the health services department, said that renewing Medi-Cal benefits “was always a very involved process.” This year, the department was under a compressed timeline to develop the new forms but worked to make the forms as simple as possible, she said. Next year’s form should be easier to use, she added.
“We do have remedies in place where people can come back into coverage,” said Morrow. “2014 was a year of change. Our goal here is to continue working with our counties and beneficiaries to make sure the people who are eligible retain coverage.”
Consumers can seek help by phone or at their local health department office, and the forms provide a number to call if the recipient speaks another language, Morrow said.
The California Department of Health Care Services sent everyone who needed to renew the necessary application in the mail, but advocates like Flory say people have struggled to complete it. The form is complicated, asks for information the recipients hadn’t provided in the past and is available only in English and Spanish.
“There’s a lot of confusion, and it’s a language access issue,” said Connie Lo, health programs coordinator at Asian Americans Advancing Justice Los Angeles. “Most of our clients are limited English proficiency. They don’t even know what these packets are for and why they’re receiving so many documents together that they can’t even read.”
“There’s going to be a lot of people who lose coverage. That’s bad for them, but it’s also bad for the medical program and trust in DHCS,” Lo said. “We had this big push to get people enrolled in health insurance this year, and now we’re just terminating people.”
Language isn’t the only barrier, advocates said.
“It’s a very confusing form even in English, and it looks very different from what it looks in past years,” said Cori Racela, a staff attorney at Neighborhood Legal Services of Los Angeles County, which runs a consumer helpline. “We believe it’s very burdensome to consumers.”
Flory said she doesn’t think the terminations are an accident. “When people fail to jump through these hoops to stay on the program, the state saves money,” she said.
The population who were already on Medi-Cal before Jan. 1 is a lot more expensive for the state to cover, she said. The federal government pays only half of their health care costs, compared to 100 percent of the costs for those who qualify under the ACA’s broader eligibility guidelines.
Some counties have been doing additional outreach this year to help people with previous Medi-Cal coverage renew in time. San Mateo County Health System director Iliana Rodriguez says the county has been working with health plans to call recipients, make robo calls in their primary languages and send out additional reminders.
“We’re leaving no stone unturned in terms of getting them in the door,” says Rodriguez, who adds that San Mateo is on track to hit about a 76 percent rate for Medi-Cal renewals this year.
Blue Shield of California Foundation helps support KHN coverage of California.
Kaiser Health News (KHN) is a national health policy news service. It is an editorially independent program of the Henry J. Kaiser Family Foundation.