Securing private medical data, and influencing medical device design to prioritize privacy: A Systems Analysis Approach

2020 Systems and Information Engineering Design Symposium (SIEDS) Pub Date : 2020-04-01 DOI:10.1109/SIEDS49339.2020.9106633

Alec Hager, Tariq Goland, Nicholas Sapio, Isaiah Hurt

{"title":"Securing private medical data, and influencing medical device design to prioritize privacy: A Systems Analysis Approach","authors":"Alec Hager, Tariq Goland, Nicholas Sapio, Isaiah Hurt","doi":"10.1109/SIEDS49339.2020.9106633","DOIUrl":null,"url":null,"abstract":"As device integration continues to expand across the global market of the healthcare industry, the threats of data loss, exploitation and device control by nefarious actors are negative outcomes we are seeking to avoid. Medical device manufacturers in the U.S. market are required to comply with federal regulations like quality system regulations (QSRs) however, the U.S. Food and Drug Administration (FDA) does not conduct premarket testing or evaluations of implemented software on said devices, and is even less concerned with it once the hardware has been officially launched into the marketplace. The responsibility for validation of software design changes, penetration testing, and simulations regarding IoT security falls upon the manufacturer. Smart healthcare is the integration of digital solutions to improve patient outcomes and the operational efficiency of the facility. Privacy in the healthcare sector is the practice of ensuring the security and confidentiality of patient records, dependent upon the discretion of healthcare providers and the communication methods that are employed. Complex problems are those in which solutions can be derived from differing perspectives to achieve multiple results applicable to the scenario.We approach this subject from a systems perspective and emphasize taking actionable steps to achieve long term change in the policy, technical and social aspects of this complex problem. Due to the scale of the industry, individual scrutiny for each revision and update of all healthcare sector products by a third party is an unrealistic expectation. The keystone of our solution is to encourage the instantiation of a new NIST standard that would encompass the healthcare sector and the medical devices that are used within it. This categorization change positively influences device manufacturers’ access to the standards that are currently relevant within their domain.","PeriodicalId":331495,"journal":{"name":"2020 Systems and Information Engineering Design Symposium (SIEDS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Systems and Information Engineering Design Symposium (SIEDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIEDS49339.2020.9106633","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

As device integration continues to expand across the global market of the healthcare industry, the threats of data loss, exploitation and device control by nefarious actors are negative outcomes we are seeking to avoid. Medical device manufacturers in the U.S. market are required to comply with federal regulations like quality system regulations (QSRs) however, the U.S. Food and Drug Administration (FDA) does not conduct premarket testing or evaluations of implemented software on said devices, and is even less concerned with it once the hardware has been officially launched into the marketplace. The responsibility for validation of software design changes, penetration testing, and simulations regarding IoT security falls upon the manufacturer. Smart healthcare is the integration of digital solutions to improve patient outcomes and the operational efficiency of the facility. Privacy in the healthcare sector is the practice of ensuring the security and confidentiality of patient records, dependent upon the discretion of healthcare providers and the communication methods that are employed. Complex problems are those in which solutions can be derived from differing perspectives to achieve multiple results applicable to the scenario.We approach this subject from a systems perspective and emphasize taking actionable steps to achieve long term change in the policy, technical and social aspects of this complex problem. Due to the scale of the industry, individual scrutiny for each revision and update of all healthcare sector products by a third party is an unrealistic expectation. The keystone of our solution is to encourage the instantiation of a new NIST standard that would encompass the healthcare sector and the medical devices that are used within it. This categorization change positively influences device manufacturers’ access to the standards that are currently relevant within their domain.

查看原文本刊更多论文

保护私人医疗数据，并影响医疗设备设计以优先考虑隐私:系统分析方法

随着设备集成在医疗保健行业的全球市场不断扩展，数据丢失、恶意行为者利用和设备控制的威胁是我们试图避免的负面结果。美国市场上的医疗设备制造商必须遵守联邦法规，如质量体系法规(QSRs)，然而，美国食品和药物管理局(FDA)并不对上述设备上实施的软件进行上市前测试或评估，一旦硬件正式投入市场，就更不关心了。关于物联网安全的软件设计变更验证、渗透测试和模拟的责任落在了制造商身上。智能医疗是数字解决方案的集成，旨在改善患者的治疗效果和设施的运营效率。医疗保健部门的隐私是确保患者记录的安全性和保密性的做法，取决于医疗保健提供者的自由裁量权和所采用的通信方法。复杂问题是指可以从不同的角度得出解决方案，从而实现适用于该场景的多种结果的问题。我们从系统的角度来看待这个问题，并强调采取可行的步骤来实现这个复杂问题的政策、技术和社会方面的长期变化。由于行业的规模，由第三方对所有医疗保健行业产品的每次修订和更新进行单独审查是不现实的。我们的解决方案的关键是鼓励实例化一个新的NIST标准，该标准将涵盖医疗保健部门和其中使用的医疗设备。这种分类变化积极影响了设备制造商对其领域内当前相关标准的访问。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 Systems and Information Engineering Design Symposium (SIEDS)

自引率

0.00%

发文量