Alec Hager, Tariq Goland, Nicholas Sapio, Isaiah Hurt
{"title":"Securing private medical data, and influencing medical device design to prioritize privacy: A Systems Analysis Approach","authors":"Alec Hager, Tariq Goland, Nicholas Sapio, Isaiah Hurt","doi":"10.1109/SIEDS49339.2020.9106633","DOIUrl":null,"url":null,"abstract":"As device integration continues to expand across the global market of the healthcare industry, the threats of data loss, exploitation and device control by nefarious actors are negative outcomes we are seeking to avoid. Medical device manufacturers in the U.S. market are required to comply with federal regulations like quality system regulations (QSRs) however, the U.S. Food and Drug Administration (FDA) does not conduct premarket testing or evaluations of implemented software on said devices, and is even less concerned with it once the hardware has been officially launched into the marketplace. The responsibility for validation of software design changes, penetration testing, and simulations regarding IoT security falls upon the manufacturer. Smart healthcare is the integration of digital solutions to improve patient outcomes and the operational efficiency of the facility. Privacy in the healthcare sector is the practice of ensuring the security and confidentiality of patient records, dependent upon the discretion of healthcare providers and the communication methods that are employed. Complex problems are those in which solutions can be derived from differing perspectives to achieve multiple results applicable to the scenario.We approach this subject from a systems perspective and emphasize taking actionable steps to achieve long term change in the policy, technical and social aspects of this complex problem. Due to the scale of the industry, individual scrutiny for each revision and update of all healthcare sector products by a third party is an unrealistic expectation. The keystone of our solution is to encourage the instantiation of a new NIST standard that would encompass the healthcare sector and the medical devices that are used within it. This categorization change positively influences device manufacturers’ access to the standards that are currently relevant within their domain.","PeriodicalId":331495,"journal":{"name":"2020 Systems and Information Engineering Design Symposium (SIEDS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Systems and Information Engineering Design Symposium (SIEDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIEDS49339.2020.9106633","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
As device integration continues to expand across the global market of the healthcare industry, the threats of data loss, exploitation and device control by nefarious actors are negative outcomes we are seeking to avoid. Medical device manufacturers in the U.S. market are required to comply with federal regulations like quality system regulations (QSRs) however, the U.S. Food and Drug Administration (FDA) does not conduct premarket testing or evaluations of implemented software on said devices, and is even less concerned with it once the hardware has been officially launched into the marketplace. The responsibility for validation of software design changes, penetration testing, and simulations regarding IoT security falls upon the manufacturer. Smart healthcare is the integration of digital solutions to improve patient outcomes and the operational efficiency of the facility. Privacy in the healthcare sector is the practice of ensuring the security and confidentiality of patient records, dependent upon the discretion of healthcare providers and the communication methods that are employed. Complex problems are those in which solutions can be derived from differing perspectives to achieve multiple results applicable to the scenario.We approach this subject from a systems perspective and emphasize taking actionable steps to achieve long term change in the policy, technical and social aspects of this complex problem. Due to the scale of the industry, individual scrutiny for each revision and update of all healthcare sector products by a third party is an unrealistic expectation. The keystone of our solution is to encourage the instantiation of a new NIST standard that would encompass the healthcare sector and the medical devices that are used within it. This categorization change positively influences device manufacturers’ access to the standards that are currently relevant within their domain.