Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References...

10
4/5/17 1 Secrets of successful medical device connectivity Bill Saltzstein Code Blue Communications Playbook Vancouver 2017 * The secrets: * All medical devices shall be connected * You shall understand the requirements requirements * Wandering and wondering the wide world of wireless * Two keys/pleas from me * Q&A Agenda 4/5/17 MEDICALDEVICE Playbook Vancouver 2017. Copyright (c) Code Blue Communications 2

Transcript of Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References...

Page 1: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

1

Secretsofsuccessfulmedicaldeviceconnectivity

BillSaltzsteinCodeBlueCommunicationsPlaybookVancouver2017

*  Thesecrets:*  Allmedicaldevicesshallbeconnected*  Youshallunderstandtherequirementsrequirements

*  Wanderingandwonderingthewideworldofwireless*  Twokeys/pleasfromme*  Q&A

Agenda

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 2

Page 2: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

2

* Why?* Where?* How?

Allmedicaldevicesshallbeconnected

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 3

Allmedicaldevicesshallbeconnected–Why?

*  Replacewiredconnections*  Mobility/safety*  Datacollection

*  Telemedicine*  Remoteconsultation&review(photo)*  HomeHealth*  AginginPlace

*  HealthandFitness*  Cloudconnectivity*  ElectronicHealthRecord(EHR)*  BigDataanalytics

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 4

Emergency!1972-1977

Page 3: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

3

*  Classicanswers:*  Hospital*  EMS*  Home

*  Realanswers:*  Starbucks*  37,000feet*  StuckonI-5*  Inthebathroom*  Intheelevator

*  Realenvironmentsrequirecreativesolutionsforconnectivity

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 5

Allmedicaldevicesshallbeconnected– Where?

Example:ChronoTherapeuticsTechnology+Psychology

Wearable:Sensors,button,

Rxdelivery Usage,data

Settings,software

Patientinfo,data

Settings,software

AIcoaching

Usedata

EHR?

Real-timePersonalCoaching/Analytics

Billing

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 6

Short-range Long-range

Enterprise

Photosandinformationobtainedfromwww.chronothera.com

Page 4: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

4

*  Toomanytimeswecomeupwiththeanswerbeforethequestion(42)*  Connectivitydoesn’tmaketheproduct*  Connectivityenablestheproduct*  Behaviormodification:TechnologycannotdirectlyaddressPsychology

*  Understandingtheusemodelisessentialforconnectivitydecisions*  Users–notethe‘s’*  Environment–home,Starbucks,hospital,EMS,airplane,…*  International

*  Requirementstoconsiderformobility*  Powermanagementandcharging–batteries,batteries,batteries!*  Bodyproximity–antennas,antennas,antennas!*  BYOD(BringYourOwnDevice)

How:Understandtherequirementsrequirementsforconnectivity

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 7

*  Tworealchoicesforshortrange1)  WiFi2)  Bluetooth

*  MultipleflavorsofCellularforlongrange(nG,lowrate)*  Everythingelse*  MICS(MedicalImplantCommunicationSystem)*  MBAN(MedicalBodyAreaNetwork)*  ZigBee,Thread(802.15.4)

*  Heresy:rememberthatawirecanstillbeagoodthing*  Remembertoconsider/comparethewiredexperience

Wanderingandwonderinginthewideworldofwireless

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 8

Page 5: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

5

*  Gobacktoyourrequirementsandenvironment!*  Ifyouneedlong-range,independentconnectivityàcellular*  Ifyou’reinhospitalandneedEHRconnectivityàWiFi*  ForanythingelseàBluetooth*  Fulldisclosure:I’maBluetoothgeek…

*  Right,nowwhichflavorofBluetooth?*  Bluetoothclassicif*  Audio*  High-ratestreaming*  Longrange

*  Fornow…Bluetooth5providesforthoseneedsifyoucanwait

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 9

Howtochoose?

*  Theissues:*  Isthererealcompatibility?*  Marketplace–iscompatibilityanassetoraliability?*  Regulatoryandtesting

*  Wirelessstandardsbodies*  BluetoothSIG–legalrequirement*  WiFiAlliance–marketplacerequirement?

*  Industrycompatibilityspecifications*  AAMI–primarilyforin-hospitaldevices*  ContinuaAlliance*  BluetoothSIG

*  BluetoothTranscodingWhitepaper*  Health/medicalprofiles–usethemifyouwish*  WithBluetoothlowenergyyoucanmakeyourown

*  Medicalregulatoryrequirements*  FDA*  Europeanregulations(andwhatabouttheUK?)*  Othercountryspecificrequirements

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 10

Thedual-edgeofstandards

Page 6: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

6

*  Designforregulatory*  Understandingtestingrequirements*  Real-worldenvironmentbased*  Interoperability/compatibility

*  Design-intestabilityfeatures*  Designforsecurity*  Securityaspartofhazardanalysis&mitigation*  Don’tdothisà

Mypleas–Please!

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 11

Features

ship

implementsecurity

*  ThetruesecretsareinUnderstandingandPlanning*  Understandwhereandhowconnectivitybenefits/enablesyoursystem*  Understandtheusemodels*  Pickthetechnologyandsystemcomponentsbasedontherequirements,notthecool-factor*  Design-inforregulatoryandsecurityupfront

Summary

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 12

Page 7: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

7

*  BillSaltzsteinCodeBlueConsultingbill@consultcodeblue.com425-442-5854

Q&A

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 13

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 14

Backupslidesandreferencematerial

Page 8: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

8

Notesonrequirements

*  Extractrequirements,notsolutions*  Yes:“batterypowered”,“disposable”,“body-wornusingadhesive”,“interfaceto

smartphones”*  No:“Bluetoothlowenergy”

*  IdentifyInteroperabilityandCompatibility*  Medicaldeviceinteroperability–howdoesitoperate/interfacetoothersystemsor

devices*  Infrastructure–“shallconnectusingin-hospitalwirelessinfrastructure”*  Informationsystems–“shallsupportdataflowtoEHSincludingCernerandMcKessen”

*  IdentifyObsolescenceandtechnologylifecycle*  ConsidermismatchbetweenMedicalDevicelifecycleandWirelesstechnologylifecycle*  “shallbemaintainedfor5yearsofsales,10yearsofsupport”

*  ConsiderCyberSecurity*  “shallcomplywithHIPAA”*  “shallsupportUSVAsales”(eg:FIPS140-2specificationrequirement)

*  IdentifyCountry-specificregulatoryrequirements*  “shallsupportsalestothefollowingcountries”*  Goodtoincludetheseingroups–initialcountries,2ndwave,3rdwave,…

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 15

RecommendedFDAguidance

*  FDAlandingpageforDigitalHealth*  http://www.fda.gov/medicaldevices/digitalhealth/

*  GeneralWellness:PolicyforLowRiskDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM429674.pdf

*  MobileMedicalApplications*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM263366.pdf

*  MedicalDeviceDataSystems,MedicalImageStorageDevices,andMedicalImageCommunicationsDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM401996.pdf

*  RadioFrequencyWirelessTechnologyinMedicalDevices*  ohttp://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077272.pdf

*  GuidanceforIndustry,FDAReviewersandComplianceonOff-The-ShelfSoftwareUseinMedicalDevices*  http://www.fda.gov/downloads/MedicalDevices/.../ucm073779.pdf

*  SOFTWAREASAMEDICALDEVICE(SAMD):CLINICALEVALUATION(draft)*  http://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm524904.pdf

*  Enforcementdiscretion*  http://www.fda.gov/MedicalDevices/DigitalHealth/MobileMedicalApplications/ucm368744.htm

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 16

Page 9: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

9

SelectedCybersecurityReferences

*  GuidanceforIndustry-CybersecurityforNetworkedMedicalDevicesContainingOff-the-Shelf(OTS)Software*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077823.pdf

*  ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices*  http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf

*  PostmarketManagementofCybersecurityinMedicalDevices*  http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf

*  NIST:CybersecurityPracticeGuide,SpecialPublication1800-1:"SecuringElectronicHealthRecordsonMobileDevices”*  https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices

*  NIST:GuidetoBluetoothSecurity*  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-121r1.pdf

*  ISO14971:2007Medicaldevices--Applicationofriskmanagementtomedicaldevices*  http://www.iso.org/iso/catalogue_detail?csnumber=38193

*  HHS:YourMobileDeviceandHealthInformationPrivacyandSecurity*  https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security

*  Archimedes–AnnArborResearchCenterforMedicalDeviceSecurity*  https://secure-medicine.org

*  BITAG:InternetofThings(IoT)SecurityandPrivacyRecommendations*  http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf

4/5/1717MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications

AAMI

*  TIR57:Principlesformedicaldevicesecurity—Riskmanagement*  https://standards.aami.org/kws/public/projects/project/

details?project_id=876*  TIR59:RiskAssessmentofradio-frequencywirelesscoexistenceformedicaldevicesandsystems*  https://standards.aami.org/kws/public/projects/project/

details?project_id=1114*  AMSIC63.27

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 18

Page 10: Secrets of successful medical device connectivity … · 4/5/17 9 Selected Cybersecurity References * Guidance for Industry - Cybersecurity for Networked Medical Devices Containing

4/5/17

10

*  Transcoding(andother)Whitepapers:https://www.bluetooth.com/develop-with-bluetooth/white-papers

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 19

BluetoothSIG

The2.4GHzworld…

4/5/17MEDICALDEVICEPlaybookVancouver2017.Copyright(c)CodeBlueCommunications 20


On Medical Device Cybersecurity Compliance in EU

On Medical Device Cybersecurity Compliance in EU

Wireless Medical Infusion Pumps- Medical Device Cybersecurity Issues

Wireless Medical Infusion Pumps- Medical Device Cybersecurity Issues

FDA & Medical Device Cybersecurity - HIMSS20€¦ · FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science

FDA & Medical Device Cybersecurity - HIMSS20€¦ · FDA & Medical Device Cybersecurity Closing Keynote, February 19, 2017 Suzanne B. Schwartz, M.D., MBA Associate Director for Science

ANSM’S GUIDELINE - Cybersecurity of medical devices ...

ANSM’S GUIDELINE - Cybersecurity of medical devices ...

Cybersecurity at a glance - Siemensassets.new.siemens.com/.../ca-en-cybersecurity-infographic.pdf · cybercrime annually¹ Already more than 8.4 billion networked devices. By 2020,

Cybersecurity at a glance - Siemensassets.new.siemens.com/.../ca-en-cybersecurity-infographic.pdf · cybercrime annually¹ Already more than 8.4 billion networked devices. By 2020,

Software and Cybersecurity Risk Management for Medical … · Software and Cybersecurity Risk Management for ... Multi-perspective analysis f. Case study. ... Software and Cybersecurity

Software and Cybersecurity Risk Management for Medical … · Software and Cybersecurity Risk Management for ... Multi-perspective analysis f. Case study. ... Software and Cybersecurity

Postmarket Management of Cybersecurity in Medical Devices ...studiolegaleferrari.it/sites/default/files... · Postmarket Management of . Cybersecurity in Medical Devices Draft Guidance

Postmarket Management of Cybersecurity in Medical Devices ...studiolegaleferrari.it/sites/default/files... · Postmarket Management of . Cybersecurity in Medical Devices Draft Guidance

10 Challenges in Managing Medical Device Cybersecurity

10 Challenges in Managing Medical Device Cybersecurity

Medical Devices Cybersecurity? - foocus.com · ©2017 ECRI INSTITUTE Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare Marc Schlessinger, RRT,

Medical Devices Cybersecurity? - foocus.com · ©2017 ECRI INSTITUTE Medical Devices Cybersecurity? Introduction to the Cybersecurity Landscape in Healthcare Marc Schlessinger, RRT,

MEDICAL DEVICE CYBERSECURITY: Through The FDA Lens · and manufacturers of medical devices • Address cybersecurity during the design and development of the medical device • Establish

MEDICAL DEVICE CYBERSECURITY: Through The FDA Lens · and manufacturers of medical devices • Address cybersecurity during the design and development of the medical device • Establish

CYBERSECURITY - UL€¦ · Cybersecurity of Medical Devices Cybersecurity Threats in Healthcare Virtually unknown just a decade ago, attacks on information technology (IT) infrastructure

CYBERSECURITY - UL€¦ · Cybersecurity of Medical Devices Cybersecurity Threats in Healthcare Virtually unknown just a decade ago, attacks on information technology (IT) infrastructure

Collaborative Approaches for Medical Device & Healthcare Cybersecurity

Collaborative Approaches for Medical Device & Healthcare Cybersecurity

Medical Device Cybersecurity - IFMBE Clinical …cedglobal.org/wp...Medical-Device-Cybersecurity_Grimes-Wirth_AAMI_… · Medical Device Cybersecurity Axel Wirth, CPHIMS, ... ventilators,

Medical Device Cybersecurity - IFMBE Clinical …cedglobal.org/wp...Medical-Device-Cybersecurity_Grimes-Wirth_AAMI_… · Medical Device Cybersecurity Axel Wirth, CPHIMS, ... ventilators,

Networked medical device cybersecurity and patient safety ...

Networked medical device cybersecurity and patient safety ...

Postmarket Management of Cybersecurity in Medical Devices ...

Postmarket Management of Cybersecurity in Medical Devices ...

The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance

The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance

The Vdoo The Medical Device Cybersecurity Challenge ...

The Vdoo The Medical Device Cybersecurity Challenge ...

CYBERSECURITY FOR NETWORKED SUBSTATION …

CYBERSECURITY FOR NETWORKED SUBSTATION …

Medical Device Cybersecurity

Medical Device Cybersecurity

The Rebirth of Cybersecurity in Medical Technology the age ...

The Rebirth of Cybersecurity in Medical Technology the age ...