Research Article | Open Access
Interoperable Medical Instrument Networking and Access System with Security Considerations for Critical Care
The recent influx of electronic medical records in the health care field, coupled with the need of providing continuous care to patients in the critical care environment, has driven the need for interoperability of medical devices. Open standards are needed to support flexible processes and interoperability of medical devices, especially in intensive care units. In this paper, we present an interoperable networking and access architecture based on the CAN protocol. Predictability of the delay of medical data reports is a desirable attribute that can be realized using a tightly-coupled system architecture. Our simulations on network architecture demonstrate that a bounded delay for event reports offers predictability. In addition, we address security issues related to the storage of electronic medical records. We present a set of open source tools and tests to identify the security breaches, and appropriate measures that can be implemented to be compliant with the HIPAA rules.
- F. A. Mora, G. Carrault, and J.-P. Le Pichon, “Intelligent patient monitoring and management systems: a review,” IEEE Engineering in Medicine and Biology, 1993, Dec.
- D. Panescu, “Emerging technologies: healthcare applications of RF identification,” IEEE Engineering in Medicine and Biology Magazine, 2006, May/June.
- E. J. Manders and B. M. Dawant, “Data acquisition for an intelligent bedside monitoring system,” in 18th Intern. Conf. of IEEE Engineering in Medicine and Biology Society, 1996.
- B. M. Dawant, S. Uckun, E. J. Manders, and D. P. Lindstrom, “The SIMON project: model-based signal acquisition, analysis, and interpretation in intelligent patient monitoring,” IEEE Engineering in Medicine and Biology, 1993, Dec.
- S. Warren, J. Yao, R. Schmitz, and J. Lebak, “Reconfigurable point-of-care systems designed with interoperability standards,” in Proceedings of the 26th Annual International Conference of the IEEE EMBS, 2004.
- J. Yao, R. Schmitz, and S. Warren, “A wearable point-of-care system for home use that incorporates plug-and-play and wireless standards,” IEEE Transactions on Information Technology in Biomedicine, vol. 9, no. 3, 2005, Sept.
- P. Varady, Z. Benyo, and B. Benyo, “An open architecture patient monitoring system using standard technologies,” IEEE Transactions on Information Technology in Biomedicine, vol. 6, no. 1, 2002, March.
- M. F. Freeman - chair of nomenclature maintenance agency, The global medical devices nomenclature: a summary, 2002.
- S. Price, R. Summers, and D. J. Williams, “Medical device databases: a scoping study,” in Proceedings of the IEEE Engineering in Medicine and Biology, 2005.
- A. Prentza, S. Maglavera, N. Maglaveras, and D. Koutsouris, “Healthcare services towards individualized wellness (i-wellness),” in Proceedings of the IEEE Engineering in Medicine and Biology, 2005.
- R. C. Watt, E. S. Maslana, and K. C. Mylrea, “Alarms and anesthesia: challenges in design of intelligent systems for patient monitoring,” IEEE Engineering in Medicine and Biology, Dec. 1993.
- R. Summers, E. R. Carson, and D. G. Cramp, “Ventilator management: the role of knowledge-based technology,” IEEE Engineering in Medicine and Biology, 1993, Dec.
- T. Sukuvaara, M. Sydänmaa, H. Nieminen, Arno, Heikelä, and E. M. J. Koski, “Object-oriented implementation of an architecture for patient monitoring,” IEEE Engineering in Medicine and Biology, 1993, Dec.
- F. Lamberti and B. Montrucchio, “Ubiquitous real-time monitoring of critical-care patients in intensive care units,” in Proc. of the 4th IEEE Conf. on Information Technology Applications in Biomedicine, 2003.
- D. Salamon, M. Grigoni, M. Gianni et al., “Indoor telemedicine in hospital: a PDA-based flexible solution for wireless monitoring and database integration,” in Proceedings of the IEEE Engineering in Medicine and Biology, 2005.
- João Bosco da Mota Alves, Juarez Bento da Silva, and Suenoni Paladini, “A low cost model for patient monitoring in intensive care unit using a micro web-server,” in IADIS Virtual Multi Conference on Computer Science and Information Systems, MCCSIS, 2006.
- I. Niubo, M. Mulet, T. Gual, and A. Rodriguez, “Designing a communication protocol for a central station monitoring system,” in Proceedings of the 25th Annual International Conference of the IEEE EMBS, 2003.
- B. Wu, Y. Zhou, X. Zhu, Q. Yan, L. Zhu, and G. Li, “A novel mobile ECG telemonitoring system,” in Proceedings of the IEEE Engineering in Medicine and Biology, 2005.
- J. W. Seo, M. S. Ryu, K. S. Park, and D.-U. Jeong, “A home-based bedside monitoring system of ECG via Bluetooth protocol,” IEEE, 2003.
- D. Daglish and N. Archer, “Electronic Personal Health Record Systems: A Brief Review of Privacy, Security, and Architectural Issues, Congress,” in 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, pp. 110–120, 2009.
- ANSI, ISO/TR 18308 Health Informatics - Electronic Record Architecture, ISO 2003.
- J. Grimson, W. Grimson, D. Berry et al., “A CORBA-based integration of distributed electronic healthcare records using the synapses approach,” IEEE Trans. Inf. Technol. Biomed., vol. 2, pp. 124–138, 1998.
- A. Shabo, “A global socio-economic-medico-legal model for the sustainability of longitudinal electronic health records. Part 2,” Methods Inf. Med., vol. 45, pp. 498–505, 2006.
- C. Lovis, S. Spahni, N. Cassoni, and A. Geissbuhler, “Comprehensive management of the access to the electronic patient record: towards trans-institutional networks,” Int. J. Med. Inform., vol. 76, pp. 466–470, 2007.
- A. R. Bakker, “The evolution of Health Information Systems, security in practice and open issues,” Stud. Health Technol. Inform., vol. 96, pp. 15–20, 2003.
- B. Blobel, “Advanced and secure architectural EHR approaches,” Int. J. Med. Inform., vol. 75, pp. 185–190, 2006.
- Helma van der Lindena, Dipak Kalrab, Arie Hasmanc, and Jan Talmona, “Inter-organizational future proof EHR systems: A review of the security and privacy related issues,” International journal of medical informatics, pp. 141–160, 2009.
- A. K. Massey, P. N. Otto, L. J. Hayward, and A. I. Anton, “Evaluating existing security and privacy requirements for legal compliance,” Requirements Eng, vol. 15, pp. 119–137, 2010.
- H. Farooqui, E. Crowley, D. Gurkan, and F. Merchant, “Open Source tools for optimizing HIPPA compliance,” in Biomedical Society Annual Conference, 2009, Oct.
- M. Gallaraga et al., “Proposal of an ISO/IEEE 11073 platform for healthcare telemonitoring: plug-and-play solution with new use cases,” in 29th IEEE EMBS Annual International Conference, 2007.
- S. Warren, J. Yao, R. Schmitz, and J. Lebak, “Reconfigurable point-of-care systems designed with interoperability standards,” IEEE EMBC, vol. 26, pp. 3270–3273, 2004.
- IEEE Standards Association page: http://standards.ieee.org/.
- R. J. Kennelly and R. M. Gardner, “Perspectives on development of IEEE 1073: the medical information bus (MIB) standard,” Int. Journ. Clin. Monit. Comput., vol. 14, pp. 143–149, 1997.
- P. K. McKneely, F. Chapman, and D. Gurkan, Plug-and-Play and Network-Capable Medical Instrumentation and Database with a Complete Healthcare Technology Suite: MediCAN, 2007 HCMDSS and Medical Device Plug-and-Play Interoperability.
- Suman Gumudavelli, Paul K. McKneely, Pongnarin Thongpithoonrat, D. Gurkan, and Frank M. Chapman, “Medical Instrument Data Exchange, IEEE EMBC 2008, 2008, August.
- Insecure.Org. Top 100 Network Security Tools. Retrieved May 2009, from http://sectools.org/: http://sectools.org/.
- Homeland Security. (N.A, N.A). National Vulnerability Database. Retrieved May 2009, from cve.mitre.org: http://cve.mitre.org/cve/.
- System Administration, Networking, and Security Institute. (2007). Top 20 Internet Security Problems, Threats and Risks. Retrieved July 2009, from www.sans.org: http://www.sans.org/top20/#s7.
- B. Grindlay and D. Litchfield, Database Hacker's Handbook: Defending Database Servers, Wiley, John & Sons, Incorporated, 2005.
- Microsoft. SQL Injection. Retrieved July 2009, from msdn.microsoft.com: http://msdn.microsoft.com/en-us/library/ms161953.aspx.
- Rapid7. (N.A, N.A). Dowload the Metaspoit Framework. Retrieved September 2009, from www.metasploit.com: http://www.metasploit.com/framework/download/.
- Bob Beauchemin, SQL Server 2005 Security Best Practices - Operational and Administrative Tasks, March 2007. Retrieved July 2010 from http://download.microsoft.com/download/8/5/e/85eea4fab3bb-4426-97d0-7f7151b2011c/SQL2005SecBestPract.doc.
Copyright © 2010 Hindawi Publishing Corporation. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.