Your Complete Policy Management Partner
Everything your healthcare organization needs to confidently maintain accreditation compliance.
Robust document control and workflow management software solution
Simplify & automate policy access, review and approval across your organization
Web-based library of more than 18,000 customizable policy documents
Instantly access up-to-date policies, procedures & forms authored by MCN experts
Automated regulatory notification system of daily email or mobile alerts
Keep current with regulatory changes from more than a dozen federal regulatory bodies, including TJC & NIAHO
What Our Customers are Saying
MCN Healthcare has been indispensable to our accreditation compliance efforts. With Policy Manager, Policy Library and StayAlert!, we have peace of mind that our policies will always be up-to-date and easy to locate.
Beverly McKenzie, Compliance Programs Director, IASIS Healthcare
Helpful MCN Healthcare Resources
FDA Issues Safety Communication and Guidance on Cybersecurity for Medical Devices and Hospital Networks
The U.S. Food and Drug Administration (FDA) is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.
According to the FDA, many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.
Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations, including:
- Network-connected/configured medical devices infected or disabled by malware;
- The presence of malware on hospital computers, smartphones and tablets, targeting mobile devices using wireless technology to access patient data, monitoring systems, and implanted patient devices;
- Uncontrolled distribution of passwords, disabled passwords, hard-coded passwords for software intended for privileged device access (e.g., to administrative, technical, and maintenance personnel);
- Failure to provide timely security software updates and patches to medical devices and networks and to address related vulnerabilities in older medical device models (legacy devices);
- Security vulnerabilities in off-the-shelf software designed to prevent unauthorized device or network access, such as plain-text or no authentication, hard-coded passwords, documented service accounts in service manuals, and poor coding/SQL injection.
The FDA is not aware of any patient injuries or deaths associated with these incidents nor do they have any indication that any specific devices or systems in clinical use have been purposely targeted at this time. The FDA has been working closely with other federal agencies and manufacturers to identify, communicate and mitigate vulnerabilities and incidents as they are identified.
The FDA Safety Communication has recommendations for device manufacturers as well as health care facilities.
The FDA is recommending that health care facilities take steps to evaluate network security and protect your hospital system. In evaluating network security, hospitals and health care facilities should consider:
- Restricting unauthorized access to the network and networked medical devices
- Making certain appropriate antivirus software and firewalls are up-to-date
- Monitoring network activity for unauthorized use
- Protecting individual network components through routine and periodic evaluation, including updating security patches and disabling all unnecessary ports and services
- Contacting the specific device manufacturer if there us suspicion of a cybersecurity problem related to a medical device. If unable to determine the manufacturer or cannot contact the manufacturer, the FDA and DHS ICS-CERT may be able to assist in vulnerability reporting and resolution
- Developing and evaluating strategies to maintain critical functionality during adverse conditions.
Prompt reporting of adverse events can help the FDA identify and better understand the risks associated with medical devices. If a confirmed or suspected cybersecurity event has impacted the performance of a medical device or has impacted a hospital network system, the FDA encourages reporting through MedWatch, the FDA Safety Information and Adverse Event Reporting program.
Included with today's notice are policies and procedures related to the FDA Guidance on preventing cybersecurity attacks. Organizations will find that many of the recommendations included in this FDA guidance are already required by existing HIPAA regulations.
CDC Issues Health Advisory on Nationwide Shortage of Doxycycline - Resources for Providers and Recommendations for Patient Care
The Centers for Disease Control and Prevention has issued a Health Advisory with resources for providers and recommendations for patient care during the national shortage of Doxycycline. The Food and Drug Administration (FDA) originally reported a shortage of some forms of doxycycline (doxycycline hyclate) and unavailability of tetracycline on January 18, 2013, caused by both increased demand and manufacturing issues. The FDA continues to report shortage from some, but not all, manufacturers of some dosages and forms of doxycycline hyclate and doxycycline monohydrate.
The FDA does not currently report a shortage of intravenous doxycycline hyclate or the oral suspension doxycycline calcium commonly used in pediatric patients.
The CDC Health Advisory Notice provides advice on alternatives to doxycycline when available, as well as situations where there is no recommended alternative to doxycycline.
Doxycycline is a broad-spectrum, bacteriostatic antibiotic used to treat a variety of diseases. For many indications, doxycycline is one of several options available for patients. However, for rickettsial infections, doxycycline is the treatment of choice. No data are available to recommend minocycline as an equally effective alternative to doxycycline for any of the diseases mentioned. Additionally, the spectrum of adverse effects with minocycline is higher than that for doxycycline. Tetracycline may be a suitable alternative for some diseases and indications; however, a similar shortage of tetracycline has been reported.
- Doxycycline should be used to treat suspected rickettsial infections; no alternatives can be recommended that have the same proven degree of efficacy in limiting fatal outcome. Because treatment delay can result in adverse or fatal outcome, planning for doxycycline availability is essential.
- Doxycycline is the recommended drug for prophylaxis of Lyme disease; alternatives have not been tested for efficacy. Providers should be judicious in its use following a tick bite.
- Doxycycline should still be used for the prophylaxis and treatment of malaria according to the standard recommendations.
- Alternatives exist for the treatment of STDs and Lyme disease - Providers should use clinical judgment in making treatment and prophylactic decisions. Refer to the links in the Health Advisory, a link to which is provided below.
Detailed explanation of the rationale for these recommendations can be found in the Health Advisory. Doxycycline is currently available from most manufacturers, although providers may need to explore new contracts for procurement; projected return to availability for the one manufacturer reporting a shortage is uncertain, but is currently projected by September 2013, based on information provided by FDA. Health care professionals should ensure they have access to doxycycline for the listed indications, and advance planning is essential to ensure treatment is not delayed. Those who encounter difficulty ordering doxycycline or increased pricing from their usual suppliers should contact alternate distributors or directly contact the manufacturers. In circumstances where outages and increased pricing occur, health-care professionals should contact their state health department to inquire about other procurement options.
Follow the links below for additional information.
The US Food and Drug Administration (FDA) and Symbios are informing the public of a Class 1 Recall of all GoPump Rapid Recovery System kits and GOBlock Kits manufactured with flow control components assembled prior to July 2012.The affected products may have excessively high flow rates. As a result, medications could be delivered too quickly from the balloon to the surgical site and cause patient toxicity due to the rapid influx of medication. This can lead to serious illness, including seizure, abnormal heart rhythms and death. Elderly patients and patients with low body mass are at high risk of these complications.
The Symbios GOPump Rapid Recovery System is a disposable local pain management system that consists of a small balloon that is inflated with a local anesthetic medication. The medication is delivered slowly through tubes from the balloon to the surgical site.
Please see the Recall Notice with listing of all the lot numbers affected. Customers who have purchased the affected devices were notified by letter dated May 10, 2013 about the problem. Follow-up letters were sent on May 14, 2013 and May 30, 2013 notifying customers of additional recalled lots. Symbios is working to secure all affected product and have it returned.
Featured Policy Library Manuals
MCN Healthcare’s HIPAA Guidelines Policy and Procedure Manual provides policies and procedures addressing the HIPAA Privacy Rule, the HIPAA Security Rule, Notification of Breach of Protected Health Information (HITECH), and Transactions and Code Sets as mandated by the federal government. Policies and procedures include the changes covered in the Omnibus Final Rule, January 2013.Read more »
The Medical Office Policy and Procedure Manual is cross referenced to Joint Commission standards for Ambulatory Care and Primary Care Medical Homes and NCQA standards for Patient Centered Medical Homes. This manual includes policies that meet OSHA requirements for safety and infection control, Human Resources policies and Medical Office Compliance Plan and much more!Read more »
MCN Healthcare’s Comprehensive Long Term Care Manual contains over 600 policies and procedures that are cross-referenced to Joint Commission standards and CMS regulations. The LTC Manual addresses the following areas: Emergency Management, HR, Infection Control, Information Management, Leadership, Medication Management, Performance Improvement, Patient Care, Medical Records, Resident Rights and Waived TestingRead more »