Every day, my family puts our faith into the accuracy of healthcare software and the precision of medical devices. If they don’t work as promised, my daughter’s life is immediately at risk.
My daughter Jalen has been surviving Type 1 Diabetes since she was sixteen months old. Each day we rely on flawless communication between three pieces of technology: a continuous glucose monitor to report blood glucose levels, mobile apps on our devices that convert that data into precision dosing instructions, and an electronic insulin pump that administers the exact amount of insulin Jalen needs at exactly the right time. With Type 1 Diabetes, the margin of error is too microscopic to make mistakes.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
Unfortunately, machines and software do fail
Over the last eight years, we’ve been on the receiving end of some unintended but life-threatening consequences, all of which stem from a lack of governance, ineffective auditing, and poor operational oversight of both software and hardware. This is why I’ve spent the last ten years debating with software engineers about moral coding philosophy, ethics in software, professional responsibility, and, well, the inconvenient truth about code rot.
Now, we rely on two sophisticated products to keep Jalen alive: an automated glucose monitor with corresponding mobile applications and an insulin pump. The future is a closed-loop system to continuously monitor her blood glucose, calculate needed insulin, and automatically administer it with better-than-human precision. These machines could be a modern miracle. Until they don’t work.
After a forced upgrade on our mobile phones and the app that controls the CGM, features disappeared, critical alerts failed, and notifications stopped. We didn’t realize it until Jalen’s blood sugar hovered at 47 BG for over an hour while she slept. No alarms went off. Jalen awoke to her body shaking in response and at nine years old, she relied on instincts to save her own life by “juicing” herself with lemonade. We wondered if we were alone, but a quick look at the reviews on Google Play and the Apple App stores confirmed a widespread loss of trust. Technically speaking, we were on the receiving end of code rot.
What is code rot? Code rot is the slow deterioration of software performance over time or its diminishing responsiveness that will eventually lead to software becoming faulty, unusable, or in need of an upgrade. If not upgraded, software can quickly become defective or completely obsolete.
Health Benefit Consultants, Share Your Expert Insights in Our Survey
Share some of the trends you are seeing among your clients across healthcare, including chronic conditions, behavioral health, healthcare navigation, and more.
Why does code rot happen?
Unfortunately, today’s IT teams are heavily burdened and preoccupied with perimeter level cybersecurity and data breaches. While they’re busy checking outward-facing compliance boxes that simply catalog the current inventory of existing tools, they lose the time and ability to focus on solving systemic operational problems happening inside the organization. This is a huge blind spot and it’s quickly becoming one of healthcare’s fastest-growing threats.
There are a few common challenges contributing to this growing threat:
- Growing code and technological complexity across digital environments and devices
- Delivery schedule and innovation pressures from the business
- Inexperienced or indifferent security and development teams working in silos
- Lack of FDA regulations for internal systemic resilience
Why aren’t the current regulations enough?
Progress in regulations is not translating to patient safety. The growing risk of Internet of Things (IoT)-powered medical devices, has spurred new legislation and collaboration amongst the US Food & Drug Administration, the American Hospital Association, and the US Department of Commerce’s National Telecom & Information Administration, however, that legislation does nothing to address mounting technical debt.
Technical debt is a concept in software development that reflects the implied cost of additional rework. Technical debt can be compared to monetary debt; when it’s not repaid, it can accumulate ‘interest,’ making it harder to implement changes later on. Unaddressed technical debt increases code rot. In medical software and devices, this technical debt translates to security and patient risk.
Doing the inside work. Addressing systemic operational health effectively.
Healthcare software and device manufacturers need to define what systemic operational health looks like for all stakeholders and then proactively work toward achieving it. We believe there are four pillars to a successful framework for operational health:
- Collaboration – Systemic operational health takes collaboration among security, IT, and engineering teams. It also takes treating internal risk with the same rigor and proactive discipline as external threats.
- Balance – Systemic operational health takes a commitment to balancing the pace of innovation with the ethical responsibility to monitor and maintain existing products that impact patients.
- Education – Systemic operational health takes educating policymakers and calling for real regulatory support from authoritative bodies.
- Automation – Finally, systemic operational health requires the right tools to keep up. Unfortunately, humans alone cannot keep pace. Systemic operational health requires smart automation tools that can surveil and detect issues in millions of lines of code — instantly.
As the promise of medical technology continues to enhance and even extend patient lives we will find ourselves even more dependent on the software and devices that keep us well. When they work properly, we won’t even know they’re there. However, as that dependency grows, so must our vigilance around creating and maintaining operational oversight and governance for both software and hardware. With a clear understanding of the operational health challenges we all face, and with a shared framework to help us move forward, we can (and should) build a culture of digital ethics, trust, and transparency.
Photo: Witthaya Prasongsin, Getty Images
Seasoned entrepreneur and software executive Jeremy Vaughan co-founded TauruSeer after directly experiencing how much of an impact Product-Centric Risk Management of healthcare software, mobile applications, and medical devices could have on patient safety.
