Telemedicine: OUTREACH ON HIT SECURITY AND PRIVACY

Lead Institution: University of Massachusetts Amherst

Project Leader: Kevin Fu

Research Progress

  • Abstract
    Understanding the security challenges and approaches is critical for manufacturing of networked health IT systems and medical devices.

  • Focus of the research/Market need for this project
    Parties that may be interested may not be aware of current developments in medical device security. IMD security research applies to wearable and other non-implanted devices as well as lightweight security applications.

  • Project Aims/Goals
    Outreach effort to inform manufacturers and researchers of the current security challenges and solutions in medical devices.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables

    • Workshop held in April 2011: See http://si.epfl.ch/SPIMD
    • Springer book contract approved.
    • 29 technical talks and panels to clinical engineers, security researchers, regulators, including MIT, Stanford, American College of Clinical Engineering, InfoSec technology transfer council, NIST, White House PITAC.
    • Workshop held in May 2013 (Archimedes workshop, http://secure-medicine.org/workshop/2013) bringing together members of academia, industry and regulatory organizations to work through 9 of the most prominent cybersecurity issues for medical devices.
    • Continued outreach via invited talks at health IT venues in industry and academia. Completion of book containing 12 chapters on medical devices, bio-sensors, and security/privacy mechanisms.
    • Specific topics include discussion of the causes of security and privacy vulnerabilities, engineering and management strategies that would mitigate the risks, technical and policy roadblocks, and standards needed to improve security. We also speak with members of standards bodies such as the IEC 80001 group on security and risk management for health IT networks.
    • First graduate level class on medical device security offered in Winter 2013 at the University of Michigan.
    • 2 day training session on medical device security and privacy offered at WelchAllyn headquarters, Fall 2013.
  • Materials Available for Other Investigators/interested parties
    More information for HIT security personnel can be obtained through the following list of URLs.

  • Market entry strategies
    Participation in standardization efforts and authored chapter in AAMI TIR-57 security practices and guidelines.

Bibliography
On the Expectations of Smart Cards to Reduce Medicare Fraud
Kevin Fu
Testimony to the Subcommittee on Health, Committee on Energy and Commerce, United States House of Representatives, Hearing on Examining Options to Combat Health Care Waste, Fraud and Abuses, Wednesday, November 28, 2012