Monthly Archives: January 2017

Keeping Campaign Promises: Trump Issues First Executive Order to Repeal Obamacare AND a Call to Action for Congress

Throughout his campaign, Donald Trump was a vocal critic of the Affordable Care Act. Within hours of his swearing in, President Trump issued his first executive order aimed at dismantling Obamacare. In a meeting in the Oval office before he left for the Inaugural Ball, the President signed an order that aggressively begins the process of repealing the ACA. While the order itself cannot repeal the law, the document goes a long way toward eliminating key portions of Obama’s signature legislation.

Taking A Closer Look at the Executive Order—What’s In It?

In the one page order there are several important statements to note—powerful words that will effectively begin the dismantling of Obamacare even before Congress begins its debate in the coming weeks.

First of all, President Trump orders the immediate repeal of the Affordable Care Act and directs all agencies to “take all actions consistent with the law to minimize the unwarranted economic and regulatory burdens of the act and prepare to afford the States more flexibility and control”

In addition, the Order directs the heads of Federal agencies to “waive, defer, grant exemptions from or delay any provision…that would impose a fiscal burden on any Stat or a cost….on individuals, families insurers or makers of medical devices products or medications.”

Finally, President Trump orders all head of agencies to “encourage the development of a free and open market in interstate commerce for the offering of healthcare services and healthcare insurance”

What Will Be the Impact?

The most immediate result of Trump’s first executive order on healthcare is that he has now signaled both lawmakers and all Americans that he intends to make good on his promise to immediately begin work to repeal the ACA.

Using the words “to the maximum extent allowed by law” throughout the document also sends a message to all Federal agencies that they must move quickly and decisively to begin to dismantle certain provisions of the law. It is likely that a system will be developed to allow free competition of insurers for the individual market across state lines. IN addition, the move will likely result in less regulation and more flexibility for BOTH States and insurance companies—Something that had been requested and denied numerous times during the Obama administration.

While the order does not directly eliminate the individual mandate, it does substantially weaken the law by instructing government agencies to delay, or defer any tax penalties related to failure to purchase insurance. It is likely that no penalties will be levied going forward while Congress works to repeal the ACA.

While many insurers have pulled out of the ACA market due to high cost, high risk and low returns, President Trump’s orders may result in significant changes in the insurance market by providing more stability and predictability. By making the individual market more attractive to insurers through relaxing regulation and allowing for more inter state competition and business opportunities, it is likely that the Executive Order will result in more choices for consumers—whereas many Obamacare marketplaces currently have only one choice.

What Are the Next Steps?

The Executive Order sets the stage for the repeal of Obamacare. It is now incumbent on Congress and the likely head of HHS, Tom Price to move forward quickly. While repeal is vitally important, we MUST provide a simultaneous replacement. Uncertainty will undermine any efforts to revamp healthcare in the US and ensure coverage, access and affordability for all. A replacement plan must be produced and discussed openly in the coming weeks. I believe that Republicans in both the House and Senate have the scaffolding of a new healthcare law in place—now they must craft it into law. It is vital, however, that Republicans learn from the errors of their colleagues on the other side of the aisle—any legislation must be bipartisan—having one Party craft the law without ANY input from the other would be disastrous (just as the ACA turned out to be). A replacement healthcare law should address the shortcomings of the ACA and should keep the few things (such as protection for those with pre existing conditions) that actually worked.   We must continue to provide subsidies to those who cannot afford insurance in order to stabilize the market. We must, however, demand individual accountability from patients, doctors, insurers and government stakeholders. Patients MUST be engaged in their own care and take steps such as smoking cessation, diet and exercise, etc in order to improve their OWN health (in partnership with their doctors). Insurers must be allowed to compete across state lines and must be allowed to operate in ways that provide maximal access for patients but must be held accountable to control costs. Doctors must provide efficient, high quality care—and be allowed to do so without government interference.

There are many challenges ahead of Congress and President Trump in the coming weeks—none bigger than healthcare. The Executive Order issued on Inauguration Day has signaled that this administration will be one of action. Now it is time for Congress to do their part and provide a real, working replacement for the ACA that can be immediately implemented. We must remember that any new healthcare law must put #PatientsFirst and allow Medicine to return to its roots—Doctors and patients working together to improve health outcomes and ensure a long and happy life.


Cyber Hacking and the Heart: How Science Fiction Becomes Science Fact, And How Profits Influence Policy

This week, the Food and Drug Administration (FDA) confirmed that pacemakers and implantable defibrillators (ICDs) manufactured by St Jude Medical are vulnerable to cyber hacking. This completes months of cooperative investigation and evaluation by the company and the FDA. An announcement was made on January 9, 2017 that Abbott—who recently acquired SJM in a deal reported to be worth 25 billion dollars—has provided a software patch as a “fix”. To date, the FDA has confirmed that no patients have been harmed by the vulnerabilities.

What Exactly IS the Security Issue?

Most implantable cardiac devices such as pacemakers and defibrillators (regardless of manufacturer) are now able to connect to home monitoring systems wirelessly so that physicians can monitor the devices remotely. These remote monitoring systems are essential in the long-term management of device patients. This technology allows healthcare providers to respond quickly to any device alerts, malfunctions or changes in a patient’s clinical status. All of these networks contain embedded computer systems that are connected to the internet and this makes them vulnerable to malicious cyber attacks and these vulnerabilities have been discussed since before 2013. All major manufacturers have these home transmitters and each differs in the exact frequency with which the transmitter communicates with the device. Previous research has shown that medical devices are vulnerable to hackers who were able to assume control of the device in a laboratory setting. In the case of the St Jude Medical devices, the FDA released their findings on security vulnerabilities in a safety report dated January 9, 2017. In the report, the FDA states that the agency “has reviewed information concerning potential cybersecurity vulnerabilities associated with St. Jude Medical’s Merlin@home Transmitter and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user, i.e., someone other than the patient’s physician, to remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter.” According to the FDA, the issue at hand is that hackers could potentially access the Merlin@home transmitter and potentially reprogram the device or prematurely deplete the battery putting patients at significant risk. Based on the completed review, SJM (now Abbott) has released a software “patch” that was recently designed to address the vulnerabilites in the Merlin@home system. The patch will be automatically installed wirelessly over the internet in all home monitoring systems this week. The FDA will continue to monitor cyber security issues and advises both patients and physicians to continue to conduct home monitoring as per routine.

How and When Did This Come About? Follow the Money….

This story began in August 2016, when Muddy Waters Capital, a privately owned investment research firm, first suggested that these vulnerabilities existed and advised that they would be short selling the SJM stock. Muddy Waters, in turn, first learned about the cyber security issues concerning SJM devices from MedSec, an independent cyber security company. At the time, Med Sec claimed that their research suggested that St. Jude Medical was “by far the least secure” of the four largest implantable cardiac device makers in the United States. SJM responded by saying that the claims were “absolutely untrue” and that the Muddy Waters investigation was based entirely on “financial gain”.

In September public record indicated that SJM sued Muddy Waters—calling the short seller’s claims “irresponsible” in a press release—and ardently defended the safety and security of their devices.  The FDA acted immediately by beginning a joint investigation of the SJM device vulnerabilities in cooperation with the Department of Homeland Security. During the last year, SJM had been in the process of negotiating an acquisition deal with Abbott laboratories—the deal closed January 4, 2017.  Five days later, the FDA safety report was released.

Internet Connected Medical Devices Are At Risk: Guidance From The FDA

In December of 2016, (before the current SJM findings were released) the FDA published guidelines regarding cyber security issues and medical devices. As medicine becomes more digitally connected with patient devices being accessed via smartphones, tablets, doctor’s offices and hospital systems, security vulnerabilities are becoming more of a concern. In the document the FDA makes it clear that all medical devices are at risk and that more must be done in the pre market phase by industry to design more secure portals for data collection and device integration. I addition, more study is needed to identify potential risks and impact to patients. The guidance statement goes on to recommend a much more vigorous post market cyber security surveillance and suggests that all of the findings should be shared with the FDA. I expect that in the future, there will be a great deal more regulation involved for medical devices that are capable of wireless communication across the internet.

What Can We Learn from This? What’s Next?

Our lawmakers and the FDA must do more to regulate the medical device industry. We must do more to PUT PATIENTS FIRST. I am certain that SJM is not the only company with devices that are vulnerable to hacking—we have had reports of other devices—from MRI scanners, IV infusion pumps, personal insulin pumps and other connected devices that either have been compromised or have been identified as high risk. I think it is important for device makers to be proactive and tell us what we need to know now—What are they doing to do NOW to protect patients from cyber attacks? Outside research firms have suggested that most cyber security efforts related to medical devices and healthcare systems are lagging nearly a decade behind current technology. Many devices are still working on operating systems with known vulnerabilities such as Windows 7 and Windows XP.

I agree with the spirit of the FDA guidance statement from last month but I expect MORE. We must pursue post market cyber security issues aggressively. We must make every effort to identify and mitigate risk quickly. I would advocate for more cooperation between companies in cyber security efforts—by combining efforts to create more secure environments for medical devices and information, all parties will profit and ultimately patients and the healthcare system in general will benefit. . As a physician and a patient advocate, I am ready for change. While we must continue to promote free market competition and innovation, we MUST also protect the very people we are intending to serve—the patients who depend on us—and our devices—every single day.