Crisis Intervention Vehicle: The Future of Emergency Mental Health Care

I. Digital Mindset: Disruption of Emergency Mental Health Services in Tucson, Arizona

Background

Paramedics and Emergency Medical Technicians (EMTs) are creative. Influenced by lessons learned on the battlefields and demonstrating the kind of ingenuity that can turn nothing into something, EMTs adapt to the ever-changing needs of their patients in the most unpredictable, sometimes unimaginable situations, doing whatever is necessary to render the best care possible. It should follow that the Emergency Medical Services (EMS) system would be just as agile, seeking to evolve constantly as needs change and as technologies emerge, and be driven by the users of the system. But that has not been the case.

While patient care may be driven by patient need, in Arizona the system and everything included therein, from point of access to transport vehicles, is controlled by a state bureau and a regional council disconnected from the point of services and reluctant to change. Input from those who work in the system must pass through groups gatekeepers who place a higher value on things like cost, return on investment, and liability protection. Surely there is a better way to be mindful of the business of patient care, while improving the way services delivered and integrated into the larger healthcare system.

Reimagining the Emergency Medical Services System must begin with an understanding of the current system. In Arizona, emergency medical services are currently provided by Emergency Medical Technicians and Paramedics who have been trained to render either basic or advanced life support, and who operate under the oversight and direction of a medical director, a board certified emergency physician. People access the 911 system via telephone call and speak to a live operator who confirms geographic location and, using a relatively simple triage algorithm, determines and dispatches the level of care needed. This system has functioned under the guiding principals that most people who access the 911 system are critically ill or injured, that early intervention is beneficial but delivery of the patient to definitive care is what is most important, and that definitive care begins at the local emergency department.

Decades of operating in this manner have included updates to the care rendered based on improved medical knowledge and practices, but updates to the 911 system and its processes have been few and far between. And despite the fact there has been a significant shift from requests for firefighting services to requests for medical services, the 911 response is still largely handled by fire departments. Entire ladder companies are still being dispatched on large, cumbersome ladder trucks to homes where someone is experiencing an acute cardiac event or a single mother with a sick child, wasting fuel and resources.

People experiencing acute mental health crises are transported by large, diesel ambulances to overcrowded emergency rooms, which almost never truly provide the right kind of definitive care. Additionally, more and more people are accessing the 911 system for primary healthcare which is neither emergent, nor well served by transport to an emergency department. The current one-size-fits-all delivery of emergency medical services is not sensitive to the needs of those it serves, and forces responders to expand the scope of service within a system not designed to be flexible.

A survey of the majority of people accessing the 911 system reveals growing diversity in customers, clear demand for variety in and options for services offered, and a critical need for a redesign of the system. Shifts in the volume and variety of people accessing the 911 system, changes to insurance and a growing population whose insurance does not allow for basic medical care, aging and inflexible infrastructure and equipment, and hospital emergency department overcrowding demand systems and technology that evolve as needs change.

The good news is that recent trends to relax regulations on emergency services providers and a surge in affordable digital and smart equipment are converging to create an environment ripe for a reboot. Advancements like telemedicine, point of care testing, biofeedback monitoring, data transmission and cloud computing, and autonomous vehicles offer solid foundations for a reimagined system, rather than the duct tape and mud fixes this industry has relied on to keep going. Innovation lives where need meets opportunity. Being able to dispatch responders and vehicles capable of treating and releasing customers or transporting them to more appropriate definitive care is key to redesigning the entire 911 system. Offering alternative responders and response vehicles to the traditional ambulance would better serve the majority of people accessing the 911 system, and would have the additional benefit of decompressing the overcrowding currently seen in emergency departments.

This proposal will focus on a single demographic to demonstrate the concept of specialized Crisis Response Vehicles serving as adjuncts to the traditional ambulance fleets currently utilized in Tucson, Arizona. Much needed services include primary care, rape crisis care, palliative care, and more, but perhaps the population most underserved by the current system is those seeking mental and behavioral health support. Acute behavioral health crises rarely require the kind of medical interventions usually provided by the current EMS system, and emergency departments are the furthest things from definitive care during these emergencies. Mobile Acute Crisis (MAC) Teams sponsored by insurance providers and regional behavioral health authorities work for on-site assessment and referral to appropriate treatment facilities only when they can be accessed by the people who need them. But the current 911 system does not allow for dispatch of these MAC teams.

A more integrated 911 system that utilizes new technologies to significantly expand the scope of services available to be dispatched will greatly improve patient care, reduce costs to customers, reduce time from system access to definitive care, preserve resources, and decompress overburdened emergency rooms.

Need

The average emergency room time for mental health patients in in Arizona includes:[1]

· Waiting time: 26 minutes

· Time until sent home: 170 minutes

· Transfer time to room: 109 minutes

This is in addition to any time the patient is in crisis throughout transport to the hospital.

In 2015, a total of 82,906 emergency room patients in Arizona received a primary diagnosis of a mental disorder.[2] Across the United States, a total of 5.0 million patients receive a diagnosis of a mental health disorder as a result of an emergency room visit.[3]

The process outlined in the current state model (see appendix) does not function well for the users: mental health services consumers (delay them from receiving the help they need), hospitals (increased patient burden), or other patients at already crowded ERs (longer wait). The process includes nine steps all with associated sub-processes. The process also includes three separate encounters with new groups of medical care professionals (EMS professionals, ER professionals, and mental health care facility professionals) and sometimes includes initial encounters with the police.

Customer and Other Primary Stakeholders

The center “customer” in this scenario is the individual experiencing a severe mental health incident. These are individuals in crisis and in need of medical intervention. Those in crisis may experience “deterioration of mental health status or an increase in mental health symptoms, coupled with acute emotional distress, thoughts of suicide or wanting to hurt oneself, thoughts of harm to others, physical aggression to others, and/or refusal of psychiatric or medical care because of impaired insight or judgment.”[4]

Services providers are also major stakeholders of CIV. In the current model, the service providers include: EMS professionals, ER professionals, and mental health services professionals.

In some instances, the police are also dispatched with first responders — if an individual is a threat to themself or others. The Tucson police has “specially trained officers whose only job is to serve court orders on mentally ill residents, respond to mental health crises and monitor mental patients who may become dangerous.”[5] Police as first responders in mental health crisis situations can often lead to further complications in treatment. According to Tucson Police Capt. Paul Sayre, “A uniformed police officer who shows up in a police car raises anyone’s anxiety, but seriously depressed people can’t react in the same way as a healthier person. They are not able to calm themselves down or put a rational component to it. The condition gets worse, and they escalate to doing something illogical.”[6] By quickly connecting an individual experiencing a mental health crisis to a professional who specializes in mental healthy services, CIV may also relieve reliance on law enforcement personnel to address mental health crises.

II. Crisis Intervention Vehicle (CIV) Design

Goals

In the CIV design, Emergency Medical Services (EMS) personnel, in additional to performing initial triage, also:

· Perform medical clearance.

· Employ telemedicine.

Most behavioral health facilities require medical clearance prior to admission for people who have accessed the 911 system and for new patients to the behavioral healthcare system. The specialized transport approach eliminates the need for a traditional emergency room visit. Telemedicine allows for the mental health crises to be handled by specially training mental health professionals immediately. See the appendix for the CIV Model of service provision.

Goal 1: Medical Clearance

With telemedicine and technological advances for monitors, the individual will receive medical clearance during the transport to the mental health facility. Health indicators such as pulse, blood pressure, and temperature will be taken en route. Blood, if necessary, will also be drawn. Blood samples may be tested using point of service equipment, or may be delivered to the mental health care facility with the patient (if they have the resources to perform blood tests) or taken to a lab. On board personnel can provide simple interventions if necessary as directed by the primary provider.

Goal 2: Telemedicine

Medical clearance screening will occur in the ambulance via telemedicine with a doctor on call who is focused on psychiatric issues. Because of the use of telemedicine, this doctor may be located anywhere in the United States (provided there are no legal restrictions against state licensing), which would allow for more ambulance systems to use the same doctor/personnel. This allows for a network of psychiatric-specialized doctors to respond to such incidents and opens up the concept of CIV to other jurisdictions.

Goal 3: Other Innovations

CIV will contain additional technological innovations in the ambulance to include:

· Biometrics tied to electronic medical records.

o Electronic medical records, to include the incorporation of biometrics, allows the individual’s information and medical history to be retrieved in near real time.

o Electronic medical records, such as the results of the last primary care health tests or previous interactions with the mental health system, will assist medical professionals in obtaining a comprehensive understanding of the individual’s medical history.

o In order to identify and load the electronic medical records, as well as positively identify the individual, biometric verification via fingerprint will be used because of its high accuracy.[7] Note: The CIV team is currently working with legal and logistical specialists to determine how best to incorporate biometrics into mental service provision in a way that enhances operations but also considers the constitutional rights and privacy of patients.

· A cognitive computer system (such as IBM’s “Watson”):

o Cognitive computing will assist intervention efforts by running the complete electronic medical records and the patient’s current medical vitals.

o Cognitive computing will assist EMS with connecting the dots for the patient’s medical condition. Cognitive computing “expands human cognition” by consuming, processing and analyzing large amounts of data in mere seconds. [8]

· Bio-monitors:

o Bio-monitors will assist EMS in rapidly collecting necessary vitals, which may then be transmitted to the telemedicine doctor.

III. CIV Talent Management

Goals

The main goals of CIV’s talent management and resources plan are to:

· Develop and sustain a culture of innovation.

· Adapt hiring procedures to ensure the recruitment transformative thinkers who are tech savvy and civic minded.

· Employ innovative and cross-sector models to leverage a broader technical landscape.

Goal 1: Develop and Sustain a Culture of Innovation

In order to develop a culture of innovation and effectively “hack” the current mental health emergency services model, CIV will engage transformative leadership. This will require an Executive Sponsor who will champion CIV[9] from the executive level and who has strong skills in political savvy, influencing/negotiating, external awareness, and strategic thinking.[10] CIV will also require the leadership of a skilled Chief Innovation Officer (CIO) who is a technically skilled and results driven innovator.[11] Both must have effective skills in leading people, creativity, and vision.[12] In essence, the Executive Sponsor must have the ability to tear down bureaucratic barriers and the Chief Operating Officer must have the skills to build the solution. [13]

CIV will also employ an organizational structure that aligns to innovation. The CIV program will be strategically embedded within the office of the Tucson City Manager. The City Manager — typically responsible for budget, policy implementation, city programs, and operations,[14] — will likely serve the role of Executive Sponsor and will consult with the Mayor to select a CIO for CIV program management. This model is similar to the model of the U.S. Digital Service, which is embedded within the U.S. Office of Managed and Budget, giving the group great leverage.[15] This structure of the CIV program will also be flatter than typical government hierarchical models, with each development team directly reporting to the CIO. This structure will allow CIV innovators to have direct access to decision makers and will increase the speed of innovation by decreasing barriers.[16] Please see the tentative organizational structure below.

Tentative Organizational Structure

CIV will employ non-traditional organizational practices. CIV program leadership will encourage team and individual autonomy by establishing the mechanisms for and encouraging telework, supporting flexible work schedules, and relaxed dress codes.[17] While each agile team may have specific roles that need to filled, based on skillsets (coding, content design, project management, analytics, etc.), CIV professionals will be given as much autonomy as possible to determine the make up and task goals of each agile team.[18] To achieve similar ends, the CIV program will also schedule reoccurring time blocks for team members to discuss new ideas and work on side projects.[19]

Goal 2: Adapt Hiring Procedures

The CIV program will adapt traditional city hiring practices to ensure the recruitment transformative thinkers who are both tech savvy and civic minded. CIV offers a unique value proposition[20] to potential candidates — the CIV program has a direct impact on the lives of Tucson citizens and assists a population in need of better care.

This unique sense of purpose has the ability to balance salary incentives (or disincentives) among certain populations with technical skills.[21] For example, that “77% of millennials say they always take organizational purpose into job considerations.”[22] Given this, the CIV program will ensure this sense of purpose is highlighted in recruitment activities.

The program will also explore the use of temporary (two year) positions. Individuals in the tech industry often move to new opportunities after meeting project mission needs.[23] The same individuals will often be highly engaged and functioning during their shorter tenures in any specific entity.[24] By recruiting for two-year positions, talented professionals may be more inclined to take salary cuts for the opportunity to pursue a worthwhile mission. This approach may also save the city of Tucson resources as non-permanent positions often have more limited benefits packages.

In order to recruit talented individuals, the CIV program will broaden minimal qualifications to broad categories such as general technical expertise and teamwork ability.[25] In the applicant screening process, this program will focus on civic mindedness, flexibility, and alignment to the CIV program culture. In theory, individuals with technical expertise and a passion for the project that fit into the culture of innovation within the CIV program will be able to build additional subject matter expertise through mentorship and training.[26] Conversely, individuals who have excellent subject matter expertise but little technical ability, interest in innovation, or civic mindedness may not adequately adapt to the CIV program culture, which may impact the team’s ability to produce effective solutions.

Goal 3: Employ Innovative and Cross-sector Models

The CIV program will employ innovative and cross-sector models to leverage a broader technical landscape. First, the CIV will develop a continuous learning process so that team members can broaden their technical ability. Skillset categories will be identified and biweekly “boot camp” sessions will be scheduled. For example, the first session may focus on project management, the next session on coding, the next session on financial modeling, etc. These opportunities will ensure that there is a base understanding of operations across roles[27] and will give team members the ability to explore different tracks. If a team member shows great ability or interest in a different track, the CIV program may be able to arrange additional professional development opportunities for him or her.

The CIV program will also explore alternative talent mechanisms including open source hackathons.[28] For example, the CIV program may submit an open source call on how to incorporate biometrics and computer adaptive learning into the model. Talented individuals from around the world may produce ideas that can be incorporated into CIV. The program may supply prizes for this work based on donations or, alternatively, non-monetary prizes, such as naming the first hacked ambulances after winners. Hackathaons and other open source talent opportunities will enable the CIV program to stay connected to the innovators in the private sector and to the greater tech industry.

IV. CIV Delivery

Agile development is “a model containing process groups run sequentially within a defined period of time or iteration, and with a feedback loop to the customer for solution validation. The solution can be discovered or defined in detail through iterations that deliver functions and features of the solution.“[29]

Agile is a useful methodology for healthcare projects when they meet certain criteria, including when:[30]

· Parts of the solution are known but not all aspects of the solution are understood.

· Scope may adjust over time.

· Stakeholder involvement is essential required to produce an effective solution.

· No hard deadline is required.

CIV meets these criteria and thus will employ an agile methodology for development. CIV will be developed in iterative stages, rather than waiting for the perfect product to be finalized before releasing it. The team fully expects that some of the functions of the CIV will need to be developed incrementally, and it does not wish to delay the concept until everything is completed.

By pushing out the product before an ultimate product is developed, CIV can be recalibrated dynamically to ensure the best product for the users. The CIV will fully employ agile development, which “relies on frequent feedback and adaptation to reach desired outcomes.”[31]

CIV Agile Delivery Cycle

The expected development and delivery cycle is diagramed below[32]:

Expected Development and Delivery Cycle

Goals

CIV service goals for optimum processes will be driven using agile delivery, including:

· Straightforward and easy to use platform.[33]

· Prompt delivery, routine adaptation, and continual testing and refinement.[34]

· Customer feedback loops built into the process. [35]

Goal 1: Straightforward and Easy to Use Platform

Users of the CIV are mental health providers, patients, and emergency services personnel. Patient information is restricted to users as per the Health Insurance Portability and Accountability Act (HIPAA). In order to effectively deliver CIV, two major actions are required. These include:

· Accessing CIV.

· Platform delivery.

Activity 1: Accessing CIV

A patient previously diagnosed with mental health issues will be added to the CIV system by his/her mental health professional or physician. The mental health professional or physician must agree to the terms of use, including a primary resource when their patients use the CIV services.

Patients not previously diagnosed with mental health issues will receive additional screening during the CIV triage process to determine if CIV transportation will be directly to the mental health facility, or to a full-scale hospital emergency room.

Activity 2: Platform Delivery

CIV relies on multiple delivery platforms. These include:

· Cellular telephone; applications technology (apps)

o Patients are enrolled in the CIV program by their mental health professional or physician. An app is provided to the patient using fingerprint, voice, or facial recognition technology to verify identity.

o The cellular service will be triangulated for location information verification.

· Computer laptop or desktop; applications technology (apps)

o Patients are enrolled in the CIV program by their mental health professional or physician. An app is provided to the patient using fingerprint, voice, or facial recognition technology to verify identity.

o The IP address will be triangulated for location information verification.

· Traditional telephone request

o Patients are enrolled in the CIV program by their mental health professional or physician.

o The telephone number from the location where the call to the CIV processing center is made will be identified and verified (e.g. 911).

Goal 2: Prompt Delivery, Routine Adaptation, and Continual Testing and Refinement

Initial launch of the new CIV program will service a small delivery radius of 5 miles surrounding the main hospital and adjacent mental health facilities. As the CIV product is validated and expansion capable, a wider delivery area will be considered. Utilizing the agile delivery concept, launch and expansion will be under constant review, adaptation, testing, and refinement.

It is necessary for initial services to be basic and easy to use with direct communications channels between key stakeholders. In initial launch, CIV will include the following parameters:

· CIV pre-approved patients have received their personal mental health provider or physicians’ approval to be transported directly to the mental health facility and bypass the hospital, as normal process dictates.

· Using the CIV approved methods of contact, when a CIV pre-approved patient is in need of critical response, the cell apps, computer apps, or telephone authentication processes will be followed.

· The CIV will be dispatched to the location verified by the app or telephone verification process (similar to the 911 location verification process).

· The EMT crew will have all information available on the patient short history, diagnosis of mental health problems and general health conditions. This information can be used during the evaluation of the patient’s condition so the EMTs can make well informed decisions in conjunction with the CIV doctor on-call.

· The patient’s mental health provider or physician who enrolled the patient in the CIV process will be contacted immediately and verify condition and recommendation.

· Transfer of patient will take place under the supervision of a CIV physician.

Every CIV service call will be evaluated for accuracy, efficiency, professionalism, protocol. Following the Agile Approach, A CIV professional will conduct a post-event evaluation, which will include:

· The CIV physician, the patient’s physician, and an internal staff review to determine interactive collaboration.

· Digital application smooth operation.

· Patient and physician satisfaction and recommendations for improvement.

· Identify necessary refinements and initiate agile process as required (Scrum process).[36]

Goal 3: Customer Feedback Loops Built Into the Process

A patient’s mental health and the care they receive is the primary concern to launch the CIV service. The customer is not defined as singular to the patient, but the patient, the patient’s authorizing physician, the CIV physician on call, the EMT staff handling the call, and the mental health receiving facility. CIV staff understands the critical importance of the patient and physician’s concerns during initial triage, treatment, and transport. It is a complex moment in time that patient sensitivity is essential.

Utilizing a series of qualitative and quantitative measures of superior service, they will be used to determine expansion rates:

· Expansion of patients not previously enrolled in the CIV system.

· Expansion of distance or radius from the main hospital or mental health facility.

· Expansion of extreme types of mental health behavior that may be included in future.

V. CIV Procurement

Goals

The CIV team will approach procurement with the principles of open, incremental development. This will include two goals:

· Develop procurement methods aligned to agile methodology.

· Employ open solicitation for smaller projects.

Goal 1: Develop Procurement Methods Aligned to Agile Methodology

CIV will dispense with procurement procedures that align to traditional waterfall methodology and rely heavily on one contracting organization to architect a single solution. Instead, CIV will train acquisition professionals in private sector practices to be informed government buyers.[37] The strategies the CIV acquisition professionals will engage include:[38]

· Involve stakeholders in each acquisition phase. Stakeholders may include mental health care consumers (patients), medical professionals, city council members, etc.

· Condense timelines for Requests for Proposals and focus on small batches of requirements.

· Request prototypes from vendors early in the procurement process — well before contracts are awarded.

· Award multiple contractors and combine contracting organizations within agile teams.

These acquisition strategies align to the CIV development methodology. The strategies encourage less reliance on one individual company and allow for quicker development timelines with less risk.

Goal 2: Employ Open Solicitation

Recognizing the innovative solutions that have developed out of the Defense Advanced Research Projects Agency (DARPA), the CIV team will open up a public contest to encourage universities, Silicon Valley, or groups world-wide traditionally left out of the government contracting cycle to design certain requirements discussed in this proposal. While this proposal has outlined the basic framework for what is expected of the CIV, the goal is not to confine those in the contest to strict boundaries; instead, the requirements will be viewed as outcome-based parameters.

Contests and prizes, such as DARPA challenges, are most useful “when a large number of diverse participants can approach the problem in a variety of ways.”[39] Additionally, by opening up the competition to anyone, the hope is that diverse groups — from those with IT backgrounds to those with medical backgrounds — will submit proposals, code, and prototypes, allowing more angles to the potential solutions.

VI. CIV Cybersecurity Framework

The proposed CIV model is founded on the ability to exchange sensitive and highly regulated personal data that are stored in different locations, different formats, and in different systems. This also needs to be done in real time. In short, CIV is all about interoperability across multiple heterogeneous systems in real time by bringing together proprietary, closed systems to work with one another across an enterprise whose architecture hasn’t yet been defined.

In facing such a challenge, the cybersecurity considerations consist of three overarching domains: Confidentiality, Integrity, and Availability (CIA). Applied to the needed capabilities and use cases as previously proposed by the Crisis Intervention Vehicle (CIV) design, the larger cybersecurity mission needs can be subdivided into the following areas:

· Protect the confidentiality of sensitive patient data in-transit and at-rest.

· Ensure that only those with the authority and need to know receive access to relevant patient records in real-time.

· Implement a multi-modal biometrics and biographical authentication system to verify and validate the identity of patients in real-time.

· Certify that the most recent and accurate patient data is being provided.

There are significant capability gaps that would need to be addressed to satisfy above mission needs, including changes to regulations and laws that govern the access and use of health information. Addressing these gaps would require a significant commitment of resources and subject-matter expertise in order to begin defining the technical and governance architecture upon which such a system will evolve. In other words, any cybersecurity effort will not be a sprint but a carefully-designed and mapped-out marathon across a difficult landscape.

Goals

The first step is to develop long terms goals of a cybersecurity framework to enable the initial development and implementation of CIV. To this end, the larger goals for the CIV cybersecurity framework are as follows:

· Apply continuous monitoring processes to the CIV environment for security weaknesses and prioritize remediation efforts;

· Use comprehensive security processes to mitigate existing cyber vulnerabilities;

· Acquire, develop, and test technologies that lower cybersecurity risk; and

· Assign and enforce responsibility to comply with policy and standards.

CIV Cybersecurity Framework

Cyber Threat Environment

The world is facing a dynamic cyber threat environment against highly-skilled adversaries capable of mounting crippling attacks on our nation’s critical infrastructure, including hospitals and health providers, as amply demonstrated in recent attacks by ransomware against hospitals across Europe and the United States. The threats range from foreign actors stealing classified data to terrorist groups launching attacks on technologies that protect and serve the patients. In addition to malicious actors, health care provider error may also introduce vulnerabilities to health technologies, such as inserting unencrypted or infected thumb drives into medical devices.

Leaving medical devices and enabling technologies vulnerable to these types of security incidents diminishes the assets’ ability to detect threats, potentially allowing a malicious actor or unaware health provider to introduce malware into the enterprise, which could cause infrastructure damage or even potential loss of life. Given the current cyber threat environment, the CIV leadership team must anticipate that cybersecurity will be a strategic and persistent concern.

Given fiscal realities and the evolving threat landscape, it is critical to dynamically prioritize risk mitigation, focusing on the highest risk areas first. Building on the compliance assessment efforts already in place to inform risk-based decision making optimizes resource allocation and improves the effectiveness and efficiency of securing and maintaining a heightened security posture for the CIV systems and continued growth of the CIV model.

This allows the CIV leadership team to continue to support the transition of the current mental care model into the CIV model, while protecting the equipment and capabilities that support this transition from emerging and dynamic cyber threats that inevitably follows with any complex system that seeks to exchange sensitive data in real time.

CIV Cyber Plan

When analyzed in conjunction with mandatory regulatory activities and industry best practices, CIV needs to follow four overarching goals to position itself for long-term cyber health as the CIV model matures:

· Apply continuous monitoring processes to the environment for security weaknesses and prioritize remediation efforts;

· Use comprehensive security processes to mitigate existing cyber vulnerabilities;

· Acquire, develop, and test technologies that lower cybersecurity risk; and

· Assign and enforce responsibility to comply with policy and standards.

These four goals, supporting activities, and corresponding subtasks help CIV achieve its future state by identifying the policies, procedures, and technological advancements necessary to design, implement, and socialize a cybersecurity program of this complexity and scope. The goals address mission critical activities while outlining immediate remediation activities for known vulnerabilities and weaknesses, such as those related to access control and obsolete operating systems for legacy systems that are part of the current ambulance technology suite.

The goals are highly interdependent and the implementation of each goal is necessary if CIV is to achieve a robust, risk-based cybersecurity posture. For example, without the workforce alignment and training called for in “Goal 4, Assign and Enforce Responsibility to Comply with Policy and Standards,” CIV does not have the necessary subject matter expertise to support the activities in Goals 1 through 3.

Each goal is supported by several specific activities and subtasks. While there is flexibility in the activities that CIV implements first, the subtasks are meant to be implemented sequentially.

Goal 1: Apply Continuous Monitoring Processes to the Environment for Security Weaknesses and Prioritize Remediation Efforts

In other words, know what you have and what’s important from a cybersecurity perspective. This goal promotes technology and infrastructure that’s needed to support a CIV model and assign action to remediate compliance issues. This goal also includes activities that help inventory and categorize the necessary CIV technology assets (including endpoints, network infrastructures, and backend servers) according to risk level, as an accurate understanding of the technology enterprise enables more effective monitoring.

Goal 1 champions and facilitates the implementation of automated monitoring techniques that’s used for other critical infrastructure. In combination with the automated patching and alerting programs, this enables a future state that is proactive in nature and has the ability to automatically respond to identified threats through security policies, procedures, and software. There are several activities that apply to Goal 1:

Activity 1: Asset Inventory

The need for an accurate inventory for CIV technologies is critical if CIV is to achieve its goal of near 100% network-connected system. CIV’s goal to automate data collection of patients’ mental health data requires an understanding of the systems, resources, hardware, and software that support the system, along with an understanding of how they support CIV’s mission, allows CIV’s cybersecurity team to create cyber risk profiles and prioritize their highest-risk technology assets. CIV must continue to use and augment asset inventory tools to enable CIV to fully understand its technology inventory and any inventory gaps. Full maturity also requires CIV to develop processes to guarantee asset inventory is updated in real-time, which allows CIV to map various technologies to business and mission functions, therefore having the right cybersecurity protections applied immediately upon introduction.

Activity 2: Asset Prioritization

Asset prioritization is the process of determining the highest-risk assets by evaluating both the business process factors affecting an asset as well as the technical factors that drive cybersecurity vulnerabilities. Fully accounting for required security controls, CIV must develop/implement methodology that facilitates risk ranking by assigning risk scores to individual security controls that reflect the different levels of threat and vulnerability present within its IT system. With that model comes the challenge of consistently representing risk, understanding all of the underlying factors that could potentially affect a system, and establishing a degree of consistency for the model’s application across a diverse and expansive enterprise. This helps shift security efforts from a compliance-based strategy to a risk-based strategy. Additionally, as CIV acquires, inventories, and prioritizes new assets, it will update the asset inventory and create risk profiles to prioritize its new assets. Ultimately, CIV must create individual Component Risk Profiles for each piece of key equipment by analyzing the business process and technical factors and generating a quantitative risk ranking from these.

Activity 3: Technical Threat Scanning & Endpoint Monitoring

Scanning and monitoring allows an enterprise to identify extant vulnerabilities in the enterprise and categorize them according to risk profiles previously set during asset prioritization. Full operational maturity requires CIV to transition from reliance on labor-intensive, manual assessment policies to a fully-automated capability that supports near real-time data capture. Due to the complexity and size of the network boundary, scanning medical equipment currently — especially on an ambulatory platform — might require a technician to manually scan and collect data from each piece of connected equipment at every CIV ambulance within a boundary. CIV would need to quickly leverage existing tools and incorporating new capabilities that support a best-of- breed automated assessment infrastructure capable of identifying security vulnerabilities and misconfigurations in near real-time.

Activity 4: Incident Response Planning

CIV requires a plan to address cybersecurity breaches from hackers, terrorists, and other threat vectors while still maintaining critical CIV operations. CIV must also define how it would continue to operate and allow diagnosis in the event of a catastrophic cyberattack, and how it would respond. This planning is facilitated through exercises. Further, CIV needs to update its emergency protocols with lessons learned from the exercises.

Goal 2: Use Comprehensive Security Processes to Mitigate Existing Cyber Vulnerabilities

This goal defines a plan for CIV cybersecurity and addresses the creation and enhancement of policies architected and designed to protect assets from threats by internal and external actors. In the low maturity state, these policies and procedures leverage technologies like data encryption, access control, and anti-virus software to remediate vulnerabilities that are identified through scanning procedures. As the system continues to mature and grow in scope/size, CIV needs to utilize automation techniques to increase efficiency and effectiveness. Goal 2 prompts the creation of tools that are critical to the realization of the desired end-state. It also champions the automation of these tools in high maturity states. This allows for high levels of automated decision making and expedited data collection around vulnerabilities and means for remediation. There are several activities related to Goal 2.

Activity 1: Operating System Patching

Patching operating systems to mitigate and protect against potential vulnerabilities is a critical component of cyber hygiene and has recently become a major focus across the CIV sustainment effort. It is important for CIV to first understand its current patching processes and determine a feasible patching cadence, given the uniqueness of mission and drive for automation. Once that is determined, CIV will be able to move toward an automated patching processes and understand how the different medical devices might be impacted if a patch is not immediately applied.

Activity 2: Anti-Virus

There are certain best practices around AV software scans that rid a computer of viruses, specifically requiring all machines to have current AV protection prior to connecting to the network. Further, all machines should be required to receive AV updates in near-real time, and machines with detected viruses need to be removed from the network while remediation efforts are performed. A fully effective AV monitoring requires automating reporting, data collection, correlation with other sources.

Activity 3: Physical Security of Space and Contract Requirements

CIV is challenged to establish and enforce physical security standards because the physical layout and operational environment for each CIV ambulance platform varies, and many CIV are not self-owned but belong and reside in non-CIV owned facilities. In short, there is no one ownership and control over the ambulances and necessary endpoint devices. Operational CIV’s can be located in highly trafficked locations that are visible — and, at times, accessible — to the public. Consequently, CIV would need to collaborate with participating health providers and with medical/ambulance equipment industry to create and implement physical security requirements throughout the lifecycle of CIV technologies, from initial deployment to retirement. This requires the physical security of CIV assets to be audited throughout its lifecycle to drive physical security implementation.

Activity 4: Logical Security (Software-Based Access Control, Elevated Privileges)

Given the recent cyber breaches, logical security has become a priority for all IT systems. Logical security measures include general safeguards to protect a network and are the first line of defense for CIV’s technology platforms. Examples of these measures include requiring strong user names and passwords, filtering traffic, and disabling ports and protocols for network-based access.

Thousands of medical service providers and other types of end users would need to operate or access CIV information on a daily basis. While unauthorized access is typically associated with malicious activity, an authorized user may provide improper user access, or improperly access/use patient information otherwise (e.g., unapproved thumb drives). Additionally, this risk is heightened as remote access is enabled as everything becomes interconnected.

The first step of effectively implementing logical security measures is to audit existing users to validate that users are provided the appropriate access levels based on their role and responsibility, and continue to periodically audit the user pool. To achieve the desired eventual biometric authentication, CIV needs to simultaneously explore a comprehensive biometrics strategy that would define the biometrics modality of choice.

Activity 5: Data Encryption and System Interconnection Standards

This activity protects data-at-rest and data-in-transit via approved encryption methods and ensures that restricted data cannot be accessed by unauthorized devices. The enhancement of risk-based security may require changes to existing architecture and data flows and the introduction of interfaces to external entities. Interfaces and system demands evolve to meet real-time speed and security effectiveness requirements, challenging both equipment manufacturers and CIV. Additionally, the introduction of varying levels of secured data in sensitive patient data systems necessitate different encryption levels for data-at-rest and data-in-transit (e.g., personally identifiable information or other classifications of HIPAA data).

Goal 3: Acquire, Develop, and Test Technologies that Lower Cybersecurity Risk

This goal acknowledges the importance of, and efficiencies gained, by introducing cybersecurity considerations into the early stages of the acquisition lifecycle. It also acknowledges CIV’s innate dependence on these third parties to deliver capabilities necessary for mission execution. In order to deploy capabilities in an efficient manner, collaboration early in the development process is critical so that vendors may adjust investments and resources towards meeting cybersecurity requirements.

While Goals 1 and 2 discuss the programs that are necessary to identify and mitigate vulnerabilities, Goal 3 captures activities and subtasks relevant to the acquisition lifecycle that are necessary to secure capabilities. It focuses on the contract requirements and also determines the adequate structure for the testing of cybersecurity requirements.

Activity 1: Vendor Requirements

Partnership with medical equipment industry is critical in creating sound cybersecurity requirements that protect CIV enterprise from cyberattack. CIV needs to work heavily with vendors throughout the acquisition process to communicate its cybersecurity needs and comply with cybersecurity-related requirements.

Activity 2: Test Processes and Certifications

Cyber testing involves verifying that vendors have successfully implemented CIV-required cybersecurity measures into medical equipment to be deployed onto CIVs, and that these cybersecurity measures do not interfere with the CIV’s mission capabilities to deliver the most accurate patient data to the medical provider with the access and authority.

Activity 3: Supply Chain Risk Management

Supply chain risk management is the process by which stakeholders maintain the integrity of each component of the supply chain. This would require CIV contractors to purchase materials from original equipment or component manufacturers, their authorized resellers, or other trusted sources whenever available, and to reference the Qualified Bidders List when selecting providers. In the future, CIV will have to work with vendors and perhaps even other government entities, like DHS’ National Protection and Programs Directorate (NPPD), to prioritize supply chain integrity and certify that the products used in CIV-related medical devices have not been compromised prior to integration into ambulances.

Goal 4: Assign and Enforce Responsibility to Comply with Policy and Standards

This goal helps CIV understand the resources, organizational considerations, and workforce needs to execute and integrate activities in Goals 1–3. Without the resources and processes in place, the outlined cybersecurity measures are not achievable. Implementing this goal requires CIV to analyze its current workforce across the CIV stakeholder landscape and engage in workforce planning efforts to implement the new cybersecurity requirements. It also requires CIV to evaluate and update current processes and organizational constructs so that those processes and organizations effectively address cybersecurity in the short-term and create a basis for ongoing compliance and protection. Overall, Goal 4 is created to address the organizational and workforce implications involved in implementing all other goals.

Activity 1: Workforce Alignment

Workforce alignment addresses how CIV staff roles would need to be created and/or change to accommodate new cybersecurity measures, as well as what gaps may exist in current resourcing and workforce capabilities. This is especially a challenge since CIV is not viewed to be a separate governance organization but a capability that medical providers can access. At the same time, a centralized executive and management team would need to be established to provide cohesive and coherent guidance on the requirements need to build and maintain a highly complex, interoperable system that deal with sensitive patient data.

At the very least, CIV executive team would need to draft guidance and tools for its stakeholder and partners necessary to develop the required blend of technical, policy, and leadership resources needed to cover the multiple disciplines within use hiring and staffing recommendations to augment its existing cyber capabilities to implement current and future cybersecurity requirements. Since responsibility to execute against responsibilities also falls across CIV partners, CIV must coordinate these activities with them.

Activity 2: Training and Change Management

Training and change management includes providing training, tools, and other development opportunities to CIV core staff and partners to support changing roles or responsibilities in cybersecurity and enable adoption of new security rules. To achieve the desired end state, CIV must identify and/or develop discrete training and on the job performance support, including executive briefings, job aids, formal workshops, and one-on-one support sessions. Communications must underscore the importance and impact of cybersecurity actions and reinforce key messages to identified stakeholders.

Activity 3: Governance

Cybersecurity policies and procedures are required to support and manage CIV’s far-flung and interconnected IT system development and operations. Governance refers to the policies that assign responsibility and authority for cybersecurity actions. Effective governance introduces accountability for individuals and divisions involved in CIV cybersecurity process and delineates clear hand-offs and decision-making processes. While determining internal cybersecurity responsibilities is a significant activity, CIV leadership must further consider how different partners would contribute to or support CIV’s cybersecurity goals.

CIV Cybersecurity Plan Execution

There are multiple elements to CIV’s cybersecurity plan; addressing all of them simultaneously requires a significant influx of resources (i.e., both staff and funding). Without a full understanding of these resources, CIV cannot yet address ownership or schedules in support the activities listed under of each goal; rather, the plan outlines all the activities that would support a robust cyber risk management capability.

As CIV looks to implement the plan, the next step is to prioritize all outlined activities, determine preliminary resource needs, and build out a high-level roadmap with major milestones, planned resources, and timing to guide the enterprise. Of all the activities and subtasks that underpin the plan, the following five items must be prioritized to secure CIV and its enabling technologies, as well as ensure that CIV is operating within the bounds of regulations set forth by the relevant regulations (e.g. HIPAA):

· Asset Inventory: Underpins the transition to a mature cybersecurity capability, including asset prioritization, discovery scanning, operating system patching, antivirus updates, and locating and updating obsolete and unsupported operating systems.

· Basic Discovery Scanning: Related to asset inventory, enables CIV to confirm its existing technology assets currently being used and their respective cybersecurity capabilities.

· Asset Prioritization: Helps CIV determine how to apply cybersecurity resources to safeguard its most important data and systems, while simultaneously meeting requirements of the need to expand and include more and more third-party data systems.

· Design Standards for Imminent Procurements to Support Recapitalization: Helps vendors plan for new CIV-required medical devices cybersecurity requirements.

· Full Lifecycle Planning: Completes transition planning for the remainder of the plan implementation over the next several years, including assigning resources and organizational responsibilities for plan implementation.

Conclusion

An increasingly interconnected and frontline mental health diagnosis model propels CIV into a more dynamic, data-driven state; however, the increased connectivity also comes with the increased risk for cyberattacks. CIV needs to mobilize to protect itself against internal and external threats that could have a detrimental impact on mission execution and patient lives. This plan lays out the strategies, policies, and tools necessary to achieve a desired outcome where CIV equipment is proactively protected against cyberattack. CIV achieves these partnerships through the execution of goals, activities, and subtasks in this plan, and by internal cross-collaboration with CIV participants and external collaboration with industry partners.

VII. CIV Silos and Next Steps

As previously articulated, the CIV proposal dismantles silos through data sharing and a generally horizontal hierarchical structure. Information and data sharing is the core basis of CIV effectiveness and is what allows for streamlining the process of crisis intervention and mental health services. In order to ensure CIV’s data sharing framework, the CIV team will need to continue to assess policy issues related to EMS medical care, information sharing, especially biometric data sharing and electronic medical records. [40]

In order to further dismantle silos, the CIV will also need to work with the city government of Tucson to ensure a “basic technological infrastructure” that will support CIV and other digital efforts in the long-term. This may involve updating data sharing agreements across sectors and departments, including but not limited to housing, transportation, police, social services, etc.[41] Dismantling silos may also include “phasing out legacy systems” across sectors.[42]

Another silo the CIV needs to address is the silo of medical certifications. In Arizona, paramedics can only take orders from an emergency physician; the goal of the CIV is to integrate alternative providers who can provide more appropriate care. The versatility gained by not limiting the delivery of telemedicine to board certified emergency physicians will serve patients, but will also require collaboration with the Arizona Department of Health Services and the regional EMS councils to derive workarounds like standing orders to facilitate seamless and compliant care.

VIII. Appendix

Current State Model

CIV Model

[1] — — -, “ER Wait Watcher App,” https://projects.propublica.org/emergency/, accessed on September 18, 2017.

[2] Marguerite L. Sagna, Sanhita Gupta, and Clare Torres, “Emergency room visits and discharges of inpatients with mental disorders by category of first-listed diagnoses and all-listed diagnoses and type of record (Table 5) dated 2015”, accessed October 3, 2017.

[3] National Center for Health Statistics, “Mental Health”, https://www.cdc.gov/nchs/fastats/mental-health.htm, accessed October 3, 2017, last updated May 3, 2017.

[4] Buffalo & Erie County Emergency Mental Health Response Services, “Mental Health,” Crisis Services, June 5, 2015, http://crisisservices.org/mental-health/.

[5] Winthrop Quigley, “In Tucson, Special Unit Handles Mental Health Calls,” Albuquerque Journal, n.d., https://www.abqjournal.com/565005/in-tucson-a-special-unit-handles-mental-health-calls.html.

[6] Ibid.

[7] A. K. Jain, A. Ross and S. Prabhakar, “An introduction to biometric recognition,” IEEE Transactions on Circuits and Systems for Video Technology 14, no. 1 (January 2004): 4–20, accessed September 25, 2017, doi: 10.1109/TCSVT.2003.818349, 9.

[8] IBM, “TED: Cognitive Computing,” YouTube video, 02:06, Posted August 13, 2013, https://www.youtube.com/watch?v=np1sJ08Q7lw.

[9] William D. Eggars, Delivering on Digital (Deloitte University Press, 2016).

[10] U.S. Office of Personnel Management, “Executive Core Qualifications,” U.S. Office of Personnel Management, n.d., https://www.opm.gov/policy-data-oversight/senior-executive-service/executive-core-qualifications/.

[11] Ibid.

[12] Ibid.

[13] William D. Eggars, Delivering on Digital.

[14] “City Manager — Responsibilities,” accessed September 22, 2017, http://dallascityhall.com/government/citymanager/Pages/responsibilities.aspx.

[15] William D. Eggars, Delivering on Digital.

[16] Ibid.

[17] Ibid.

[18] Ibid.

[19] Ibid.

[20] Ibid.

[21] Ibid.

[22] Ibid.

[23] Ibid.

[24] Ibid.

[25] Ibid.

[26] Ibid.

[27] Ibid.

[28] Ibid.

[29] Chet Stagnaro, “Agile Management Can Benefit Healthcare Process Improvement Projects,” April 8, 2016, https://www.beckershospitalreview.com/human-capital-and-risk/agile-management-can-benefit-healthcare-process-improvement-projects.html.

[30] Ibid.

[31] Noelle Knell, “7 Steps to Agile Development,” govtech.com, http://www.govtech.com/people/7-Steps-to-Agile-Development.html, accessed October 3, 2017.

[32] Adapted from the

[33] William D. Eggars, Delivering on Digital. (L1219/4730).

[34] Ibid. (L564/4730).

[35] Ibid. (L1288/4730).

[36] Ibid. (L1401/4730).

[37] Ibid.

[38] Ibid.

[39] Eggers, (L2053/4730)

[40] William D. Eggars, Delivering on Digital.

[41] “City of Tucson Department Directory,” June 16, 2014, https://www.tucsonaz.gov/departments.

[42] William D. Eggars, Delivering on Digital.