There are many healthcare-oriented apps in the marketplace, but there are few out there that offer cognitive behavioral therapy (CBT) and that have also been built on a multi-decade foundation of program efficacy data. Magellan’s CBT apps engage participants in psychoeducational content and activities through interactive sessions designed to maximize self-management of behavioral health symptoms such as sleep, depression, and anxiety. We recently released three apps to the Apple App Store including RESTORE (for insomnia and sleep problems), FearFighter (for anxiety, panic, and phobia), and MoodCalmer (for mild to moderate depression) and have plans to release two to three more in the near future.

But what does it take to build and release these kind of apps?

First and foremost, teamwork.

The best apps, healthcare or other, are not built by one person. They require a team of individuals coming together to work towards common goals. Our primary team includes two product owners, and two project managers who collectively work to get the vision from senior leadership (e.g. sketching ideas, wireframing, developing a curriculum), and then oversee the development teams building the apps (e.g. writing user stories, participating in daily scrum meetings, recording and producing videos, providing feedback), and then ensure smooth and timely deployment of various iterations that get delivered to our customers (e.g. delivering training, scheduling releases, communicating upgrades). Without teamwork these critical processes could not be completed and the App Store would have three fewer apps.

Second, and also very important, user feedback.

We have tens of thousands of active users on our platform, and we know that the majority of individuals who do two or more sessions report improvements in their sleep and mood. Therefore, it is very important for us know how to keep our users engaged. To drive engagement we seek out users and give them the opportunity to give us feedback on what would make our apps more helpful and more useful. Importantly, our users do not just include patients, members, and consumers, but also clinicians, care managers, and providers. We investigate how they use our apps and what features they would like to have included.  We incorporate this user feedback into our development sprints using what are called “user stories.” User stories help keep us focused on the core needs of our users, and they give us clear actionable tasks that can gauge what makes our apps successful and can also determine development steps for future iterations. For example, when we started asking our users what they would like added to our apps’ user experience, we learned about different features they would like to see. To help frame those features from the user perspective, we listed them out in user stories, such as, “As a RESTORE user I would like my sleep diary data to sync with my sleep data in the HealthKit app on my iPhone, so that I can see how data from my wearable device aligns with the sleep goals I set in RESTORE.”  When we roll out features developed from user stories, we see our engagement grow from previous years, and we validate our overall approach.

Lastly, we need to measure, test, learn, and keep building.

Our apps include a lot of content, in both English and Spanish speaking versions. The primary psychoeducational components include video recordings of narrators and clinical vignettes. The videos vary in length, and for each video embedded in the apps (there are dozens) we need to measure the length, test how long we can keep users watching, and learn from their experience. We have found that some videos are more watched than others, and we have found greater acceptance with shorter video length. Aside from just the videos, we have run a battery of tests on the features embedded in our apps and platform. These tests help us work out the bugs and improve the overall user experience. Once we are satisfied with our testing, we determine our readiness for release. Apple is pretty thorough with its acceptance and release of apps to the App Store, and we were very pleased with the turnaround time. We are now preparing to release our apps to Google Play, and will also be releasing later iterations with enhanced graphics, text-based reminders, and other features recommended by our users. Ironically, our apps are both complete and never finished, but I look forward to seeing how our apps will evolve, and continue to lead individuals to more healthy, vibrant lives.

Ransomware, malware, distributed denial of service attacks, Mirai – bad actors in a scary sci-fi thriller targeting your personal computer (PC), tablet or gaming device? Cyber attacks look for vulnerabilities in any system, not just your PC. Many sectors including credit cards, banking, government, retail and social media are objects of cyber attacks. The healthcare ecosphere, particularly medical devices, are a prime target of cyber bugs. In fact, healthcare is the number one industry when it comes to breach of data and generally lacks specialized security controls. Moreover, personal health information is 50 times more valuable on the black market than a credit card.

Ransomware, which block access to a computer or network until money is paid, are on the rise with 88 percent of attacks occurring in healthcare. Earlier this year, a California hospital paid $17,000 to cyber intruders to regain control of its electronic health network. Just last year, Anthem’s database of about 80 million people was also hacked.

Internet-connected medical devices, hospital networks, and other devices fall in the realm of Internet of Things (loT). Like computers, these connected devices can be hacked, potentially affecting the safety and effectiveness of the device and compromising patient privacy and safety.

In October 2016, J&J reported the potential for hackers to exploit a security susceptibility in the Animas® One Touch Ping® insulin pump. This could force the pump to deliver unauthorized insulin injections, leading to a possible insulin overdose, which can be life threatening. In August 2016, there were denied allegations about a possible dangerous cyber bug with one manufacturer’s cardiac devices. Last year, the FDA issued a few warnings about potential cyber bugs with Hospira’s (now Pfizer) infusion pumps. Despite these reports, the FDA is not aware of any cases where hackers have exploited cyber vulnerabilities to harm a patient.

In January 2016, the FDA made medical device cybersecurity a priority by issuing draft guidance for manufacturers. It provides direction to monitor, identify, and address cybersecurity vulnerabilities throughout the medical device lifecycle. This is largely a voluntary framework to aid manufacturers in building a scaffolded approach to minimize and mitigate risk.

Cyber attacks on medical devices are expected to grow and become more sophisticated as hackers continue to hone their craft. Threatened connected devices range from security cameras to coffee makers and from the federal government to medical devices such as MRIs, infusion and insulin pumps, and the list goes on. There is a proliferation of wearables and medical devices with software and programmable logic. When factoring in the evolution of electronic medical records and telehealth, regulators, medical device manufacturers, and health networks need to get savvier in order to provide solid security against this new reality.