Lead Institution: University of Washington

Project Leader: Tadayoshi Kohno

Research Progress

• Abstract
  Medical device security and privacy solutions need to not only preserve patient security and privacy and be usable. Medical device security and privacy solutions must also address the other needs and constraints imposed by all the stakeholders in the medical device ecosystem, including patients, providers, and manufacturers. This project studies those broader constraints, with the goal of informing future solutions for medical device security and privacy.

• Focus of the research/Market need for this project
  Numerous medical devices exist today, and manufacturers are designing devices to provide some level of security. A large gap, however, is in public, academic discussions about the broader constraints affecting medical device security solutions. There is a need for public discourse on these broader constraints – such as constraints imposed by patients, providers, and manufacturers – so that the public research community can help contribute to the design of secure medical device security solutions.

• Project Aims/Goals
  The goal of this project is to study the medical device ecosystem and assess key constraints on medical device security and privacy solutions.

• Key Conclusions/Significant Findings/Milestones reached/Deliverables
  Grounding our work in value sensitive design, we collaborated as an interdisciplinary team to conduct three workshops with medical providers and other individuals involved in providing care for patients with implantable cardiac devices. We obtained results on: what they find important with respect to providing care and performing their jobs; their reactions to potential security system concepts; and their opinions on what security system properties should be sought or avoided due to negative side effects. We synthesized these results into design considerations for future technical security systems and suggest directions for further research.

• Materials Available for Other Investigators/interested parties
  A research paper summarizing the results has been submitted for publication. Research results presented at numerous venues, including Indiana University, Johns Hopkins University, Univeristy of Arizona, and University of Southern California.

• Market entry strategies
  Our projects deliverables are sets of recommendations for designers of medical device security and privacy solutions to consider. We plan to make these recommendations available to the public.

Bibliography
Stakeholder Participation in Early-Stage Security System Development: Investigating Medical Providers’ Values, Priorities, and Constraints to Inform the Design of Security Systems for Implantable Medical Devices
Tamara Denning et al, under Review