The Wired article, "What Doctors Wish You Knew About HIPAA and Data Security," delves into the limitations and misunderstandings surrounding the Health Insurance Portability and Accountability Act (HIPAA) in safeguarding personal health data. It highlights that HIPAA primarily regulates healthcare entities but does not cover consumer-generated data or information shared outside traditional medical settings, such as through personal devices or social media. The piece underscores the importance of individual vigilance in data protection, emphasizing the use of multi-factor authentication and careful sharing of personal health information, especially in non-regulated platforms. This article serves as a crucial reminder of the evolving challenges in health data security and the shared responsibility between healthcare providers and individuals in protecting sensitive health information.

It is crucial to have a Cybersecurity Action Plan for Protecting Personal Health Data because personal health data is sensitive and valuable information. A well-designed plan helps safeguard this data from unauthorized access, cyber threats, and potential misuse, ensuring privacy and maintaining trust between individuals and healthcare providers. Additionally, protecting personal health data reduces the risk of identity theft, fraud, and financial loss while also preserving the integrity and accuracy of medical records. Implementing a cybersecurity action plan promotes compliance with relevant data protection regulations, fosters a culture of security awareness, and contributes to overall digital safety.

A new Senate bill introduced in early April 2022 (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.

Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act.

From the MITRE website:

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbookoutlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. Recent global cyber attacks highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations.

Using mobile devices to store, process, and transmit patient information has become increasingly popular amongst healthcare providers. When health information is compromised, organizations can face penalties and lose consumer trust, and patient care and safety may be at risk.

To address this challenge, cybersecurity experts at the NCCoE collaborated with the healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.

From the CDC website on Asthma: "You can control your asthma and avoid an attack by taking your medicine exactly as your doctor or other medical professional tells you to do and by avoiding things that can cause an attack.

Watch a video to follow along with the correct way to use your metered dose inhaler.

Print the step-by-step instructions and keep them with your Asthma Action Plan."

From eHow Health's YouTube video: "In order to use a glucometer, a drop of blood will have to be placed on a test strip, which will then be placed in the glucometer itself. Find out how to prepare the skin to draw blood with help from a licensed RN in this free video on glucometers."

From the AHRQ Patient Safety Primers article on Adverse Event Reporting: "Being discharged from the hospital can be dangerous. A classic study found that nearly 20% of patients experience adverse events within 3 weeks of discharge, nearly three-quarters of which could have been prevented or ameliorated. Adverse drug events are the most common postdischarge complication, with hospital-acquired infections and procedural complications also causing considerable morbidity. More subtle discharge hazards arise from the fact that nearly 40% of patients are discharged with test results pending, and a comparable proportion are discharged with a plan to complete the diagnostic workup as an outpatient, placing patients at risk unless timely and complete follow-up is ensured. As nearly 20% of Medicare patients are rehospitalized within 30 days of discharge, minimizing post-discharge adverse events has become a priority for the US health care system."

The Quantified Self website provides a current list of many of the self-tracking tools out there.

From the FDA Patient Network website: "You can participate in FDA’s important decisions about the regulation of medical products in many ways. You don’t have to be an expert, and you don’t need lots of time. Find out how you can make your voice heard and help ensure the effectiveness and safety of drugs, devices, and other medical products."

SafeStar 55 Breathing System Filters reduce contaminants to ventilated patients. A defective lot may have obstructions that keep patients from getting oxygen.

The FDA is informing patients and health care providers that pulse oximeters have limitations and a risk of inaccuracy that must be considered.

As medical devices become more networked, they may become vulnerable to cybersecurity threats. Patients should preserve their personal information, monitor their device for strange symptoms or behaviors, and receive a device check-up from their health care practitioner or the device maker, according to the US Food and Drug Administration (FDA).

From the PubMed abstract: "Participants enrolled in a 2x2 factorial RCT and were assigned to one of four semi-automated, text message-based walking interventions. Experimental components included adaptive versus static steps/day goals, and immediate versus delayed reinforcement. Principles of percentile shaping and behavioral economics were used to operationalize experimental components. A Fitbit Zip measured the main outcome: participants' daily physical activity (steps and cadence) over the 4-month duration of the study. Secondary outcomes included self-reported PA, psychosocial outcomes, aerobic fitness, and cardiorespiratory risk factors assessed pre/post in a laboratory setting. Participants were recruited through email listservs and websites affiliated with the university campus, community businesses and local government, social groups, and social media advertising."

mFHAST Implications: Opportunity for text-message based reinforcement to increase effectiveness of a behavioral intervention (encouraging increased walking habits)

From the PubMed abstract: "A number of 344 women who received TIV were randomly assigned to a telephone interview group. They were telephoned seven days post-vaccination and administered a standard survey soliciting any adverse events following immunisation (AEFI) they experienced. They were matched by brand of vaccine, age group, and residence to 344 women who were sent a SMS seven days post-vaccination. The SMS solicited similar information. AEFI reported by SMS and telephone interview were compared by calculating risk ratios."

mFHAST Implications: Opportunities to use SMS for vaccination program adverse event reporting collection. 

From the article abstract: "Trivalent influenza vaccine (TIV) has been recommended for pregnant women in Australia for more than a decade and funded since 2009, yet vaccination coverage remains low. Misperceptions of the safety of TIV in pregnancy have been identified as a major contributor to low vaccination rates. Ongoing safety monitoring with dissemination of results could help improve antenatal influenza vaccine uptake."

mFHAST Implications: Opportunity for use of SMS for pregnancy related vaccination adverse event reporting