Device Integration Specialists Are Needed to Fill Vital Support Gap

weeden@uchealth.org As technology changes and more devices are being integrated with electronic medical records (EMRs), a growing gap exists within the support model. No professional specialty has taken ownership of this vital behind-thescenes environment, where transfer of information occurs among devices and with the EMR. This gap signals an opportunity for a new specialty within healthcare technology management (HTM): the device integration specialist. This support area is characterized by unique security requirements, knowledge of in-play devices, and an understanding of the Health Level-7 (HL7) standard. The device integration specialist is capable of handling an entire spectrum of support services, from individual devices to the server, including patching, antivirus protection, integration and middleware, and device troubleshooting. As many readers likely are aware, a vast difference exists between traditional information technology (IT) security and the security requirements of medical devices. Traditional IT security has three main areas of focus, with the following order of priority: 1) confidentiality (data must stay private), 2) integrity (ensuring data are correct), and 3) accessibility (data are available to those who need them). Medical devices take more of an operational technology (OT) approach, where the order of priorities is 1) control (a strict method of how communication happens), 2) accessibility, 3) integrity, and 4) confidentiality. In addition to often being a point of contention, this inverse approach is indicative of why device integration systems need not be updated as often as IT systems. For example, many medical devices are running on legacy operating systems (OSs) that are the bane of system administrators' existence. However, it isn’t feasible for a hospital to buy a new computed tomography (CT) scanner just because the OS is outdated. A specialization in device integration would include training in OT security, allowing these professionals to present better arguments and rationale to the hospital security team. Security doesn’t stop at the device level; medical devices are required to transmit information across multiple platforms to an EMR. Vendor networks can incorporate many specialized devices and requirements, which may make them difficult to support and can lead to expensive contracts. Considering these factors, a clear opportunity exists for HTM professionals to branch out from traditional technician roles. We understand the requirements and nuances of devices and can apply that knowledge to device networks and specialized servers. Knowledge of devices is not the only consideration, however. An area of growth opportunity also lies in understanding HL7. HL7 is an American National Standards Institute–accredited standard that provides a comprehensive framework for the exchange of electronic health information (e.g., patient name, demographics, medical record number, vital signs data, other test results). This information flows from the device across the network and into the EMR. It can be a direct feed, go through some sort of middleware, or be translated within a server. To troubleshoot problems effectively, a device integration specialist has to have a basic understanding of the format of HL7 and be able to interpret the data within various systems. In the past, branching out from traditional HTM roles has resulted in new certifications, such as the CRES (Certified Radiology Equipment Specialist), CLES (Certified Laboratory Equipment Specialist), and the new CHTM (Certified Healthcare Technology Manager). As HTM professionals take on the device integration role, it only follows that a certification should be created. The CDIS (Certified Device Integration Specialist) exam would test knowledge in the areas of device connectivity, middleware, networks, server administration, HL7, and both IT and OT security. This path will allow device integration to remain within the HTM field and provide HTM professionals with a path to keep pace with growing technology. This book provides practical cybersecurity guidance from leading healthcare systems, along with examples of purchase agreements, vendor contracts, and risk assessment and management practices.