St. Jude Medical, Inc. has recently received merit for achieving high standards for health information security with its vast EHR and Health Information Technology systems. It has successfully completed its second interoperability testing process for the company’s Merlin.net(TM) Patient Care Network (PCN), an Internet-based repository of patient and implantable device data. The company also announced that the Merlin.net PCN is the first medical device network to be awarded ISO 27001 certification, a strict worldwide information security standard.
Merlin.net PCN utilizes implantable cardiac devices that capture and record information about device performance and patient heart rhythms, which are vital to patient care. Merlin.net PCN organizes this information for fast analysis and easy review, and this data can be sent directly to a clinic’s or a hospital’s EHR system. This allows physicians to remotely monitor and assess patient device data and determine the level of care needed. Alert notification delivery times can be customized to fit in with physician determined clinic hours, or after-hours processes.
During the week of Jan. 11, St. Jude Medical participated in the IHE (Integrating the Healthcare Enterprise) Connectathon for the second interoperability testing process of the Implantable Device Cardiac Observation profile. This testing demonstrated the ability for the Merlin.net PCN to connect to third-party EHR systems using defined industry standards, which allows physicians and hospitals to seamlessly share data between systems. This interoperability increases productivity, providing tools for improved clinical decision making and quality of care, and eliminating redundant medical device management systems.
St. Jude Medical, Inc. was also awarded the ISO 27001 Certification. ISO/IEC 27001:2005 is an information security management system (ISMS) standard, published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is the gold standard in information security across a broad range of industries, with 96 U.S. companies earning certification. The standard specifies the methodology to enable a business to establish, implement, operate, monitor, review, maintain and improve effective information security. St. Jude Medical’s Merlin.net PCN has established processes and standards that maintain the strictest levels of confidentiality, integrity and availability for its customers.
Eric S. Fain, M.D., president of the St. Jude Medical Cardiac Rhythm Management Division stated: “Receiving recognition from these two organizations demonstrates to our medical industry stakeholders the high standards St. Jude Medical has set for both the security and efficiency of our patient care network.”
In addition to meeting the ISO/IEC 27001:2005 standard, the Merlin.net PCN system adheres to the HIPAA rules and guidelines for protecting patient privacy during the electronic transmission of health information.
St. Jude Medical has set a precedent for other large medical and hospital systems. This achievement shows that the utmost safety and security of digitized medical information can be achieved while optimizing interoperability of medical information, efficiency and productivity between healthcare providers. It will be interesting to see what additional medical facilities follow suit, as more and more are moving into the digitized world of EHRs and merging EHRs with medial technology, such as remote moinitoring devices.
For more information on St. Jude Medical, Inc. achievements in health information technology, security and interoperability please see the original article.