🔥 Find me at MedicalDevicesGroup.net 🔥
Has anyone started to put WiFi into medical devices such as BP monitor, Glocose monitor, ECG monitor, etc. such that these data can be uploaded to Healthcare Cloud automatically?
10 min reading time
As originally asked by Kah Yee Eg(吴家义).
There seem to be many Health Cloud started where EMRs are built and all of these Healthcare Clouds are quite useless if the measurement from the medical devices are not connected to the IP network. Survey shows that the EMR entered manually are fairly error prone.
Zigbee is great, low power!!, convenient and can be set as a short range mesh network. Requires a ‘base station’ to connect to. Common frequencies across all countries.
WiFi much longer range, higher power requirements, can be configured to connect to other access points. Higher bandwidth than Zigbee. Common frequencies across most countries.Biggest issue is the custom configuration for each home network, campus networks can be setup to allow the device to roam.
Cellular has the highest range (due to network coverage), lower power requirements than WiFi. Bandwidth (and power) vairies with network, CDMA/3G./4G. Highest ongoing cost. Easiest setup.
Interested to hear what your thoughts are on embedding cellular into the Athena GTX vital sign monitors? Or is WiFi/Zigbee good enough for the products now?
Attackers can place the device inside a Faraday cage ([http://www.youtube.com/watch?v=tw9vEiys2Zk|leo://plh/http%3A*3*3www%2Eyoutube%2Ecom*3watch%3Fv%3Dtw9vEiys2Zk/2sPW?_t=tracking_disc]) and it will be unable to communicate with the network. This way they can hack it while it is on, with no fear of remote wipe (unless the auto-wipe with periodic cancel is employed). Another, even lower tech (Faraday cages are not really high-tech) is to have a work shop at the bottom of a canyon in California where there is no cell service.
You definitely bring up a good point. If the device is not registered on the network (ie turned off), it will not be wiped. However, I would think that they would have to turn the device on in order to access the information. If this is the case, there would be an alert notification being sent to the network or medical device manufacturer to know to wipe when they see it registered on the network.
Currently, with GSM cell phones (AT&T & T-Mobile) you can remove the SIM card and it won’t register on the network. CDMA cell phones (Verizon & Sprint) has a radio module & no SIM card. Thus, harder to remove. If you are thinking about security, it’s best to use an embedded SIM card so it can’t be easily removed by the user.
Yes, very good point. Neither MDM nor sandboxing/virtualization will protect against a stolen device. The only defense in the case of a stolen device is full device encyrption, a strong user password (on login to the device), lack of rooting/jailbreaking and strong anti-tamper/anti-reverse-engineering protection on the medical application itself.
Another point to consider, is even if there is wipe-logic on the device (provided via some sort of MDM facility) so long as the attacker keeps the device off the network (so that it can’t receive the wipe command), they are free to hack all they want.
One possible option is to have an automatic wipe-device timeout with a periodic cancel command delivered from the back end server; that way if the attacker obtains the device and keeps it off the network via a faraday cage or the local canyon (aka dead spot) in California, they have only the automatic wipe-timeout period in which to successfully crack the device. Since having a short timeout could provide a very bad user experience (device randomly wiping itself, even when not stolen if there is a period of non-connectivity) it is likely that the timeout would need to be reasonably long, and that provides a window in which the attack might gain access.
If you can provide a stand alone solution that sends the data to the hospital backend system and you take away this delay, imagine how much less money you have to spend on the overhead cost of just negotiating with the IT department.
Additionally, if you look at the different reports that came out on breaches of EMR records for hospitals, the number is pretty astounding. Just take a look at the reports HIMSS puts out. The biggest reason for this breach is because of hospital staff having access to devices they shouldn’t or misplacing it & the device gets stolen.
From a cellular perspective, what if you can wipe the data on that device once it gets stolen? Cellular networks are able to do that (at least ours) or if the medical device manufacturer had implemented the logic into their application. I’m not sure Wi-Fi can. I know bluetooth or USB cannot.
The rate of cellular adoption is slow because of these roadblocks. However, medical device manufacturers are looking at their 1st/2nd gen devices that contain bluetooth or wi-fi and realize it doesn’t work for their patients. It’s not simple to use or they can’t take it outside. Therefore, they are looking to cellular for their next generation devices.
I’ve also run into some cases where companies want to use cellular in their first generation devices, but the cost of the module was too expensive and they didn’t have the funds for it. Unfortunately, this happens more often that not.
Embedding cellular into these remote patient monitoring applications instead of bluetooth/wifi/USB is important when you think about the patients. Most patients are not technologically savvy (thinking older generation) so they might not know how to input Wi-Fi passwords or sync medical devices. Even if they did, would they really want to deal with the connectivity issue of unpairing or reinputting passwords all the time? Or would they want to use USB to put the information into their computers all the time? Not really. it decreases their chances of using the device, which defeats the purpose of having the device in the first place.
Cellular takes care of those problems by making it easy for the patient to use the device and have it automatically upload to the backend system. It works out of the box.
This is the biggest driver of cellular connectivity: ease of use for the patient. However, there are a couple of other drivers:
2. more control of the device: being able to update firmware on the device or touch the device
3. being able to monitor compliance: if a device is cellular connected, it’s suppose to send data once the patient uses it. Therefore, if it does not send data for the day, you can assume the patient has not used the device provided the connectivity for the device is working. The last portion is crucial to the M2M business. Knowing that the connectivity is working for the device through your carrier’s device management portal allows the medical manufacturer to take the appropriate steps in troubleshooting the device & quickly figure out of it’s a device problem or a network problem. For example, the Aeris dashboard conveys this visibility to their customers by showing if their VPN connection is working or if their data connection is working or not. If yes, & there’s no data being sent, then it’s a compliance issue or a device issue. If no, then it’s a network issue and there’s subsequent actions you can take to fix it.
In terms of the biggest roadblocks:
They also (in most times) have a monthly cost. The medical device manufacturer has to figure out if they want to absorb this cost or pass this cost to their customers/patients and the logistics of it. Of course, this monthly cost is roughly in the low dollars for low usage profiles (roughly KB-4MB)
2. Form factor: some medical devices need to be a certain size and have height or width restrictions. There might not be a cellular radio module that can fit into this device & therefore the medical device manufacturer would have to redesign their device.
Kah Yee Eg(吴家义)
If the data is uploaded via https or secure FTP then the security issues can be resolved.
However, most M2M applications and mhealth applications transmit very little data, where a typical device can cost $2.00/month for cellular connectivity depending on usage profile (i.e. less than 2 MB/month)
From the research that I’ve done, and please correct me if I’m wrong, Wi-Fi and RF cause more interference than cellular does because it’s using the same bandwidth the hospital is using. Cellular has its own dedicated channels, which can allow data to be transmitted faster. Additionally, it’s a stand alone product, which means you don’t have the stop gap by the hospital IT department about hospital security & allowing 3rd party devices onto their network.
Modesto (Mo) Casas
Marked as spam
Meet your next client here. Join our medical devices group community.
Please log in to post questions.