Medical: Creating a Secure Open Platform for Health Information

2010-09-28T12:42:43+00:00

George Brooks and Robert Day explore how the complex requirements of the medical industry can be met using secure open platforms

Changing requirements in the healthcare industry are creating interesting consequences for the developer’s of tomorrow’s medical devices.

genie-300pxFor instance, there is a growing need for proactive healthcare providing prevention rather than cure, particularly for our aging baby-boomer population. Persistent monitoring and analysis of patients at hospitals, doctors’ surgeries and even at home is the way of the future.

The devices that service these needs will also be connected to the patient’s medical records. Doctors and specialists will be able to combine and analyse new information from the devices with the patient’s past history. This connected world opens up some interesting challenges with the US government regulated Health Insurance Portability & Accountability Act (HIPAA), which protects patient privacy. HIPPA appears to run counter to the openness and easy access to information that is needed to monitor and analyse a patient’s progress effectively.

To bridge these difficult issues, the government, the healthcare providers and the healthcare industry need to work with technology companies. This way new treatments and devices can be developed using advanced technologies to ensure the safety of the patient and the security of their personal health information.

The healthcare industry looks to advanced technologies to solve a plethora of complex problems. To stay competitive, medical device manufacturers must bring products to market that address the needs of healthcare while dealing with time-to-market pressures, cost constraints and more.

Trends

Medical device functionality is on a similar path to that of the consumer electronics industry, with size, weight, performance and mobility top priorities. Many medical devices are now implemented with wireless technologies to extend the portability of healthcare and reduce the clutter in the healthcare facility. For example, most European hospitals have telemetry units where patients can be monitored for vital parameters through patient-worn transmitters that connect to a central station.

Healthcare providers also want to reduce the number of devices needed to treat patients adequately by combining once disparate devices. For example, all the various sensors used to monitor a patient during surgery could be wirelessly connected to a single integrated graphical display on a single workstation. This would eliminate a tangle of wires and numerous pieces of monitoring equipment.

Finally, as providers move from a paper-based patient information system to a connected electronic health information world, they need to develop systems that ensure the security or privacy of patient information.

As device manufacturers move forward, they look to technology companies to provide commercial-off-the-shelf (cots) products. These hardware platforms with integrated software can offer the advanced technologies in standard and optimised form factors. This is a cost-saving measure and is a move away from proprietary systems that in the past were custom built to the specifications of the medical device manufacturer. Recently, cots products have become available that enable new highly integrated platforms to provide more processing power, lower energy consumption and the potential to reduce bill-of-material costs dramatically. Even more importantly, they provide the means to keep systems and data secure by using virtualisation technology to create a protected environment for running operating systems and applications.

Virtualisation

Virtualisation technology has been around for many years, mostly seen in data centres and the server world. Multiple applications are consolidated onto a single server or system to improve operational efficiencies and overall system performance.

A new generation of chip level virtualisation technology, which includes optimisations for embedded devices, can now be used to develop medical devices. Additionally, to meet the more stringent requirements for safety critical applications, a new type of software virtualisation has been developed. This software allows guest operating systems and their applications to run on top of it, in effect allowing multiple and even dissimilar operating systems to share a single physical hardware platform.

This is achieved by adding a software layer, called a hypervisor or virtual machine monitor, which manages the execution of guest operating systems in much the same way that operating systems manage the execution of applications.

Each guest operating system is assigned certain dedicated resources, such as memory, CPU time and IO peripherals. The software isolates each virtual instance by providing hardware protection to every partition with its own virtual addressing space. This makes it possible to run multiple applications safely on a single platform by isolating them into separate partitions to prevent unintended or dangerous software interactions. Additionally, it makes it possible to port existing or legacy applications easily to a new hardware platform, since these applications can run unmodified in the new environment.

Today’s medical device systems use a single operating system, typically a real-time operating system (rtos). However, as systems grow in complexity and feature set, developers may find advantages in using a general-purpose operating system (gpos) such as Linux or Windows for their user interface and connectivity to medical networks. In this case, the ideal scenario would be to use both a gpos for communications with the outside world and the rtos for real-time functions such as patient monitoring.

This could be done using virtualisation to run multiple operating systems on the same physical platform. Virtualisation works by abstracting the underlying processing cores, memory and devices.

This is done by running virtual machines (VMs) on top of an embedded hypervisor, with each VM running its own os and related applications. A hypervisor is a software layer that either resides directly on the hardware (type one hypervisor) or hosted on top of a conventional operating system running on the hardware platform (type two). A secure virtualisation platform is one that combines a type one hypervisor with a small separation kernel to provide secure isolation of the virtual machines and offer real-time performance and determinism when required.

Wireless Patient

When monitoring vital signs such as EKG and blood oxygenation during a patient’s hospital stay, numerous sensors must be attached to the body. Frequently, this results in an awkward and uncomfortable tangle of wires.

To help untether patients, the wires could be eliminated by using Bluetooth wireless biometric sensors. These sensors could then communicate their data to a single workstation. Within that workstation would be a virtualised environment running one or more virtual machines dedicated to the real-time monitoring and analysis of the patient. The heart rate sensor would report its data in one VM while the blood oxygenation sensor would connect to another VM, and so on. Each VM would run either an rtos or gpos such as Linux, with real-time scheduling and determinism guaranteed by the underlying separation kernel.

The information from all of the patient sensors could then be graphically portrayed for visual monitoring in a familiar Windows environment running in another VM, all running on the same workstation. The same Windows VM might also be used to connect local storage of patient data, or possibly the hospital network. The use of dedicated virtual machines means that the monitoring and analysis subsystem cannot be seen or compromised. Whatever occurs with the user interface or the network will not jeopardise the security or performance of the patient monitoring system. The data transfers from one subsystem to another are done in a controlled way and a controlled direction.
Software virtualisation platforms are available for both single- or multi-core architectures. These platforms can take advantage of the hardware assisted virtualisation available on modern Intel processor architectures for increased performance and security. The latest iterations of this platform can support both asymmetric multiprocessing (ASMP) and symmetric multiprocessing (SMP) virtualised (or guest) operating systems.

Virtualisation technology provides medical device manufacturers with a platform to meet safely and securely the complex requirements of the healthcare industry. Virtualisation increases reliability by allowing developers to run safety-critical code in safe, virtualised execution environments that isolate different work loads and prevent them from interfering with one another. It improves data security and system integrity because the hypervisor adds a layer of protection by controlling memory boundaries and preventing an application (such as rogue software) from accessing the data regions of other applications.

Virtualisation enables reuse of legacy applications with little or no porting effort because applications can run on their native operating system. By using a cots product, manufacturers can start with a proven design that lowers development risk and shortens time to market.

George Brooks is director of business development in the medical segment and Robert Day is vice president of marketing for LynuxWorks.