cybersecurity
Why are U.S. cyber laws so bad at protecting patients' lives?
Cyber experts have been sounding the alarm about a deluge of security incidents that could completely halt health care operations. So far their predictions seem to be playing out, ranging from the Change Healthcare attack in February to Crowdstrike's Windows outage to a breach at at McLaren earlier this month. But why is the health care sector so vulnerable in the face of mounting threats? My colleague Brittany Trang is hot on the case, canvassing dozens of experts, current and former government officials and hospital leadership to get a clearer picture. Here's what she found: Decades of legislation, some outdated, has led to providers being more focused on privacy compliance than cybersecurity, or delivery of care. And the disjointed patchwork of federal agencies overseeing cyber issues in health care compounds the confusion.
“There’s a lot of crossing our fingers like, ‘Let’s just hope no one gets into this network. We’ll put up a firewall and just hope nobody gets in. Because if they do get in, our hospital is going down,’” Kevin Fu, a professor of electrical engineering and computer science at Northeastern University told Brittany. “[Ransomware] is the Covid of cybersecurity…We’re never going to eliminate it, but we need to contain the risks to make them manageable so that patients can count on having highly available care.” Read more.
digital therapeutics
Big Health gets FDA nod for insomnia treatment
Big Health has scored Food and Drug Administration clearance for its prescription insomnia treatment SleepioRx, which offers cognitive behavioral therapy, Mario Aguilar reported late last week. The company already sells a wellness version to employers and health plans.
It's not the first to get clearance for an insomnia product: the beleaguered Pear Therapeutics, which filed for bankruptcy late last year, had a product called Somryst which was eventually acquired by Nox Health. Read more from Mario.
Otsuka says it'll lose money on its depression product
Also on digital therapeutics, Otsuka Pharmaceutical has started selling its FDA cleared prescription app aimed at treating symptoms of major depressive disorder, Mario reports. At launch, the app, called Rejoyn, will cost $50 out of pocket, and it'll be accessible mainly through an online portal through which clinicians can prescribe it to patients.
That's significantly more affordable than competitors' attempts: Before its bankruptcy, Pear was charging more than $1,000 for its cognitive behavioral therapy apps.
Sanket Shah, who leads Otsuka Precision Health, said the company has already spent hundreds of millions of dollars to bring Rejoyn to market, and that it can't realistically be profitable at its launch price.
“To be honest, we’re probably gonna lose a lot of money on this, but that's sort of the approach that you need to take to be able to understand the market learnings,” he said. Read more from Mario.
washington
FTC squashes app using pictures for STI diagnosis
The Federal Trade Commission has shut down an app whose developer said could identify sexually transmitted infections from a single picture of a penis. That's following uproar from patient advocates, doctors and privacy experts when the app was launched, Lizzy Lawrence reports. FTC said HeHealth, parent company of the app known as Calmara, didn't have adequate scientific evidence supporting the app and that the data used to train the AI model included photos from people whose diagnoses were not confirmed.
“The FTC requires companies to have competent and reliable scientific evidence when making health-related claims,” the agency wrote in a letter to HeHealth. “The substantiation for HeHealth’s ad claims that existed at the time the claims were made appears to be problematic for several reasons.”
The agency's investigation into HeHealth's marketing began in June, and last month, executives agreed to shut down STI detection apps, refund some customers and delete personal user information, among other steps. Read more from Lizzy.
White House eyes paperwork, logistical hassles
The Biden administration plans to use its waning days to crack down on corporations wasting consumers' time with excessive paperwork, long hold time and maze-like subscription cancellation processes — including complicated claims submission forms for health insurance companies. Per a White House memo this week, the Health and Human Services Department and the Labor Department will urge health plans to simplify consumers' interactions with their offerings; the Office of Personnel Management will also require federal health plans to make it easier to submit out-of-network claims online and find information on how to appeal claims denials. Read the memo here.
HHS proposes that contractors meet its data sharing standards
An HHS office proposed late last week that the companies fulfilling its tech services must also meet certain federal standards for data sharing, sparking pushback from a lobbying group that said the Department was exceeding its expertise and authority.
"By aligning on standards that enable interoperability, HHS is ensuring that federal investments do not contribute to the proliferation of proprietary modes of exchange and data silos that inhibit access, exchange, and use of data," said an HHS blog post announcing the proposal, which is open for public comment until October.
But the Health Innovation Alliance, a health IT lobbying group, issued a sharply-worded statement following the proposal. "In the past few weeks, HHS’s IT office has given themselves a promotion and proposed to drastically expand their review of products used by the health care industry," it said in a statement. "Everyone should be concerned. Historically, the government does not do technology well, yet we’re seeing government reach far and wide to control and dictate technology used in health care."
Where do you fall in this debate? Send thoughts over to mohana.ravindranath@statnews.com.
