Telemedicine: POST-MARKET SURVEILLANCE OF SECURITY AND PRIVACY PROBLEMS
Lead Institution: University of Massachusetts Amherst
Project Leader: Kevin Fu
Research Progress
-
Abstract
Once deployed, the follow up of medical devices is done through databases at the FDA. Being clinician centric, only a small number of security issues have been reported, although the software running on medical devices account for a large portion of the reported issues. -
Focus of the research/Market need for this project
Without understanding the security risks in modern communicating medical devices, the safety of patients relying on health IT systems can be compromised. Having a clear picture of the inter-dependencies of devices during the FDA approval process can also help in understanding the cause and nature of software issues. -
Project Aims/Goals
Understanding the prevalence of security and privacy risks in clinical settings by surveying the FDA recall databases. -
Key Conclusions/Significant Findings/Milestones reached/Deliverables
-
Survey of security based recalls using FDA’s databases spanning varying ranges from 2 to 11 years.
-
Evaluated the impact that the results of the FDA data analysis have on patient and provider perceptions regarding telemedicine security and privacy.
-
Analysis completed and report disseminated to medical device engineers via open-access journal.
-
Recalls and adverse events from federal government databases reveal sharp inconsistencies with databases at individual providers with respect to security and privacy risks.
-
The survey method could be applicable to other risks (such as safety) in medical devices. A follow- up survey of the FDA’s 510k equivalence database allowed a much clearer picture and enabled graph based techniques to analyze the medical device equivalence relationships. A sample of the graph (about 1% of the nodes) is shown below.
-
-
Materials Available for Other Investigators/interested parties
Publication available as open access, the code is Open Source: https://github.com/denisfookune/510k -
Market entry strategies
- Outreach to manufacturers, NIST, and FDA to encourage better collection of post-market data on security and privacy risks.
- Future effort with FDA on a follow-up program and manuscript preparation for submission to JAMIA summer of 2014.
Bibliography
Making the Invisible Visible: Analyzing the 510(k) Device Dependencies
Tingyi Wei, Denis Foo Kune, and Kevin Fu
USENIX Workshop on Health Information Technologies, August 2013