A conversation with Elektra Labs’ Andy Coravos and Christine Manta
Medicine is practiced by a diverse group of professionals — from physicians and nurses to pharmacists and researchers — who work to diagnose, treat, and prevent disease. Increasingly, medicine is becoming digital, bringing developers, engineers, data scientists, and security researchers into the field of health.
Andy Coravos, co-founder and CEO of Elektra Labs, knows many of the roles in digital medicine. She has served at the FDA in its digital health unit, was a software engineer at a digital therapeutics company, and has worked in healthcare, consulting, and private equity. Now, her healthcare-security company is advancing the safe, effective, and personalized adoption of medicine.
In advance of a busy fall conference season, we spoke with Andy and Elektra Labs’ Head of Research Christine Manta about their digital measures discovery platform, their involvement in the newly launched Digital Medicine Society (DiMe), and why the medical device community should get to know hackers.
First, tell us what you’re working on at Elektra Labs.
Andy: Elektra Labs serves companies that are collecting digital biomarker data remotely. Today, we mostly work with pharma companies that are collecting biometric data remotely through decentralized clinical trials. And we’re building out the Digital Measures Atlas; it’s a catalogue of more than 650 different sensors, and we evaluate them based on their accuracy, usability, cybersecurity risk and data rights. The Atlas can be used by pharma to collect remote data or healthcare providers who are looking to monitor their patients remotely. We view this as the early stages of a formulary for connected technologies.
Christine: I’m the research project manager at Elektra Labs, building out Atlas, the digital database of connected tech that can be deployed in both research and clinical settings. The research side of that is ingesting a lot of the evidence — the peer-reviewed papers, ClinicalTrials.gov data, and FDA decisions — into the database to support the accuracy and usability of these tools.
Beyond your full-time work at Elektra Labs, you’re both part of the founding team at DiMe, the Digital Medicine Society. Tell us more about what it is and why it exists.
Christine: The Digital Medicine Society, a nonprofit that was founded earlier this year, is the professional home for all who serve in digital medicine; it’s a multidisciplinary group. We have clinicians, developers, software engineers, payers, all different kinds of people. I’m also the research lead at DiMe. We have some ongoing projects around verification and validation of connected tech, which ties in nicely with the work I do at Elektra.
Andy: Doctors take a Hippocratic Oath to do no harm when they graduate from medical school. Should software engineers and data scientists and security researchers also take some sort of oath? And would it look different or would it look the same? That question sparked a much bigger discussion — not just about oaths — because being in digital medicine is not just for doctors anymore. There’s a new category of practitioners who need training and want to be part of a community. The Digital Therapeutics Alliance (DTA) is an organization that companies join; same goes for CTTI, the Clinical Trials Transformation Initiative; there was no professional home for individuals. And besides, digital therapeutics is just one component of digital medicine — there’s also digital biomarkers and things that take diagnostic measurements. So DiMe launched in March, and Christine and I both support the organization and its executive director, Jen Goldsack.
Christine: DiMe is bringing together people with different backgrounds and different disciplines who wouldn’t normally have conversations with each other. We have a Slack channel for anyone who joins, so they can be actively involved in all different kinds of conversations with different people. There’s also a Virtual Journal Club and webinar series. It’s set up to engage people, to be able to ask questions and find resources.
Andy: An example from the Virtual Journal Club is one on digital biomarkers: the authors of a primer on digital measurement and biomarkers all came together to talk about it. Another session was an introduction to machine learning in healthcare. People throw around terms like AI and machine learning quite a lot — clinicians and providers aren’t always sure what people mean when they say those words, and in many instances, the terms aren’t used correctly. These resources are geared toward making the topics accessible to people.
What are the questions DiMe is trying to answer in digital medicine?
Christine: For DiMe’s research projects, they may come up with places where we need to start — ethical considerations, verification and validation of tools, or measuring adherence. So the one that we’re focusing on right now — we’re submitting a paper very soon — is around verification and validation. We put out a call to the Slack community for people with expertise in that area, who may want to contribute as authors to the paper. And then we led an effort to bring those people together, make edits, and submit a collaborative paper. We are not trying to be a standards organization, and we’re not putting out standards — but we’re making recommendations on who should be involved in these verification and validation processes and where they need to go.
DiMe was at DEF CON’s Biohacking Village this summer. What’s the connection between digital medicine and security research?
Christine: This ties into something that Elektra is focused on as well: the security of connected technologies and medical devices. DEF CON is a conference for hackers; I didn’t know who was going to be there or what to expect. It was exciting to meet some of the people who work on the different security teams at hospitals like the Mayo Clinic.
Andy: A lot of people view hackers as “bad”, and the medical device community doesn’t always understand that there’s a difference between black hat hackers and white hat hackers, where black hat hackers generally do it for financial or personal gain and disrupt systems in a negative way. But white hat hackers — also known as security researchers — are those performing ethical hacking, finding flaws and vulnerabilities, and they do things like coordinated disclosure and update privately. The FDA began attending DEF CON three years ago and working closely with the security researchers. And they’ve now published a couple pieces of really powerful guidance around pre- and post-market cybersecurity, with lessons incorporated from the security research community.
What topics should be on our radar in 2020? What do you wish people were thinking about?
Andy: I do think people should rethink how to integrate white hat hacking and security research into healthcare products early in development. And security isn’t something you can slap onto your product afterward; it needs to be built from the beginning. Additionally, there is a difference between attacks on data, which security systems can help with — but that’s different from data leakages. In many instances, companies are sharing data by design; it’s not a security issue but rather a governance issue. Many data leaks are not due to hacking the system; they are a feature, not a bug. There’s a difference between making sure your systems are secure from an engineering standpoint versus from a legal standpoint — and making sure that your engineers are reading the end-user license agreements and terms of service, so that what the lawyers say the product does actually happens behind the scenes.
Christine: These tools have impressive capacities to collect an enormous amount of data that can be used to inform clinical decisions. Clinicians and other providers really need to be involved in the conversations around building these tools so that the data generated is going to be useful and displayed in a way that makes sense for them to actually make a clinical decision. There’s potential for unintended consequences, once these tools are implemented and in use broadly. We should be mindful of something that sounds amazing but might have a negative impact for certain groups or populations.
Fall conference season is upon us. Where can we hear you speak?
Andy: This week, we’re at an FDA meeting on cybersecurity in medical devices and Sage Bionetworks Mobile Health App Developers Workshop. Next week, we’re heading to Mobile in Clinical Trials and then DPharm, where I’ll be doing a fireside chat on clinical trial data security with Nina Alli, who runs Biohacking Village at DEF CON. Later this month, I’m speaking on a digital therapeutics panel at Rock Health Summit in San Francisco, I’ll also be speaking at CNS Summit later this fall.
Luminary Labs is also heading to DPharm next week, where CEO Sara Holoubek is speaking about voice technology’s impact on clinical trials. And we’ll be at HLTH (October 27-30 in Las Vegas), as well as HBA’s annual conference (November 11-12 in San Diego). We’d love to say hello — email firstname.lastname@example.org to set up a time to chat.