Showing posts with label Wireless Communication. Show all posts
Showing posts with label Wireless Communication. Show all posts

Monday, January 28, 2019

Article: Year of Telehealth

Here's an article telling us what lots of us already have learned, that telehealth is an up a coming method of providing effective and cost-effective as well as continuous medical care where ever a patient may be. Here's the link to the article: https://www.beckershospitalreview.com/telehealth/dr-toby-cosgrove-2019-will-be-the-year-of-telehealth.html

Here's a quote from the article that I think is of interest:

"[Oakland, Calif.-based Kaiser Permanente] is seeing over 50 percent of their patients distantly," Dr. Cosgrove told CNBC.

What Cosgrove isn't telling us is how telehealth is being provided. Telehealth is pretty loosely defined. It can mean that patients have access to a health care provider through chat or the telephone. Or it can mean something more sophisticated such as continuous medical-device communication and automated monitoring. One way or another telehealth is clearly on the rise and will likely become the standard for providing care.

Wednesday, November 28, 2018

Careband: Keeping track of those with dementia

I was at an evening venture capitalist meeting on 13 November 2018. I'm not a venture capitalist but I have a few connections to this community and I periodically receive invitations to their meetings. Most of the time I pass on attending. I'm interested in science, mathematics and technology. VCs are interested in ways to make money. Nothing against them. We just live on different planes of existence.

However, I attended this meeting because I read the description of one of the companies doing a presentation, careband (http:www.careband.co).

careband

Careband provides a capability to track the location of people with dementia. This is a more difficult problem than you might imagine. In institutions, patients with dementia are known to wander away: from the institution, from their homes, from family members. The patients do not know where they are or how to return. Institutions who care for dementia patients frequently need to find their patients who have wandered away from the institution's grounds or to areas of the institution that caregivers do not expect that they would be able to wander. 

Thus there's a clear need to be able to keep contact track of dementia patients. To know where their location at all times and be notified when they've wandered off the grounds of the institution.  Here's a page from the careband.co website that summarizes the capabilities of their system.


The diagram above shows the elements of system for patients and customers/caregivers -- those responsible for caring for the dementia patient(s). Caregivers can see at a glance the current location of each patient. Each dementia patient wears a band about the size of a large wristwatch on the wrist that periodically sends a location related message to the network. All data is sent to careband's cloud server system. Patient location data is made accessible to the caregiver systems that are connected to the cloud server system.

The wrist bands connect to the Internet to the low-power communications system: LoraWAN. More information about this wireless data communications network is available here: https://lora-alliance.org/about-lorawan The LoraWAN network is a low-power, low-speed (0.3 kbps to 50 kbps) but long distance (up to 3 miles from an access point outside) and robust wireless communications system. 

The wristband also includes Bluetooth that is used to provide indoor location data. And an accelerometer has been included to provide information regarding whether the patient has moved his or her body during the reporting period. 

I am not familiar with all of the current capabilities of the careband.co system. However, I know that the wristband continually transmits to the cloud the following data:
  • Patient ID data
  • Transmission time 
  • Location data
  • Movement (whether or not the person has moved from the time of the last data transmission and the time of the current data transmission)
  • Battery charge level
How careband.co is currently analyzing is something of which I am presently unsure, but there are a number of pieces of information that can be derived from this relatively small amount of data. Here's what's possible:

  1. Current patient location
  2. Map of patient's activity and the distance covered over time
  3. Amount of time that the patient was moving
  4. Alarm initiation: should the patient stray away from the institution, the system can automatically notify the caregivers. (Boundaries should be able to be drawn on the display.)
  5. Trend and trend line analysis for patient activity time and distance covered. These could be indicators of the patient's cognitive health. Significant deviations from calculated trend lines could be indicators of a slip or improvement in a patient's cognitive and/or physical health.
  6. Suggest that the patient has removed the band from his or her wrist (when the patient appears not to have moved during normal activity time) or that the patient maybe in distress or died.
There could be more information that can derived from the wristband data that I have yet to think of. As I come up with additional thoughts regarding this, I shall post them.

Upgrades to the wristband could include pulse oximetry and pulse rate data. Again, there are other capabilities that could be added that I have yet to think of.

Since the transmission speed is so low, careband.co will likely need to develop a data compression system to effectively communicate this data back to the cloud server system. 

Careband.co is one more interesting product for remote medical monitoring. It's not designed for remote patient management largely because most patients will normally be closely supervised. However, it could be an aid to enable people with dementia to live for a longer time in their own homes. The benefits to both the patient and to society are massive. Six months to a few years of being able to live in one's own home would improve both the quality of life for people with dementia and significantly, dramatically reduce the cost of care.

I shall continue to monitor careband.co's progress. Stay tuned.

Careband.co plans on making their products available through medical device distributors. Their products are not yet commercially available. They are about to manufacture the wristband. Their wristband has been approved by the FCC. FDA approval is not required.  If you are interested in purchasing their product, please contact them at care band.co.

I should mention that careband.co is looking for investors. If you're interested in what careband.co is selling, please contact them directly using the URL listed above.

Friday, September 14, 2018

Apple Watch 4 -- FDA Announcement: Statement from FDA Commissioner Scott Gottlieb, M.D., and Center for Devices and Radiological Health Director Jeff Shuren, M.D., J.D., on agency efforts to work with tech industry to spur innovation in digital health

The FDA just provided what amounts to a "shout-out" to companies that design and manufacture intelligent, wearable devices that include medically-related monitoring devices and specifically, the Apple Watch 4.

Here's the link to the FDA statement: https://www.fda.gov/NewsEvents/Newsroom/PressAnnouncements/ucm620246.htm

And here's an interesting quote from the announcement:

... [There have come] a new swath of companies that are investing in these new opportunities [e.g., wearable, intelligent monitoring devices measuring medically-related, physiological characteristics with analysis capabilities.] These firms may be new to health care products and may not be accustomed to navigating the regulatory landscape that has traditionally surrounded these areas. A great example is the announcement of two mobile medical apps designed by Apple to work on the Apple Watch. One app creates an electrocardiogram, similar to traditional electrocardiograms, to detect the presence of atrial fibrillation and regular heart rhythm, while the other app analyzes pulse rate data to identify irregular heart rhythms suggestive of atrial fibrillation and notify the user. The FDA worked closely with the company as they developed and tested these software products, which may help millions of users identify health concerns more quickly. Health care products on ubiquitous devices, like smart watches, may help users seek treatment earlier and will truly empower them with more information about their health.

---------------
I find it interesting that Dr. Gottlieb states that the Apple Watch analyzes pulse rate data, not the ECG, to detect "rhythms suggestive of atrial fibrillation." Yeah, that's a way to do it, but analysis of the ECG is a much better way. When I do a deep dive on the Apple Watch 4, I'll look into this and questions like it.


Wednesday, September 12, 2018

Apple Watch 4, Preview of Medical-Monitoring Features

Here's an article regarding the Apple Watch 4 and what are suppose to be built in medical monitoring features.

Here's the link: https://www.mobihealthnews.com/content/apple-watch-series-4-will-have-fda-cleared-ecg-fall-detection?mkt_tok=eyJpIjoiTkRVMk0yVmxNamsyWkRneiIsInQiOiJjWXRoaVpENmhJYlBRNFlzVVBYZ3hrc0VEVFdsYmNLUG1FQUIrQmcyMnVHMTRwSnBORDh6cW1Da1kzbjJqS2JxbHcydjRuTk0zaG5qRzBvMFR1MmdiMmZyNGhyXC9SZmYyYkduaSs5R0tyRG85TXkrMHVxTnFFYXFrVE5jWHpIRWwifQ%3D%3D

Here's the list of new medically-related features:


  1. ECG (30 second rhythm "strip")
  2. A-Fib detection (of course, if you're paying attention and you know the symptoms, you'll probably know sooner than the watch.)
  3. Fall detection (as in when the person falls, the watch detects that it has occurred)
All information is sent back to Apple Health Records where all this information be accessible to a physician/cardiologist.

Apple has received FDA approval, according to the article. 

I'm not going to comment until I've had a little more time to study the Apple Watch 4 except to say, if you can detect A-Fib, then why not V-Fib? V-Fib is much more life threatening. Also too, if you've got a 30 second rhythm snap shot, you can do a lot with that. 

I'll touch on these and other questions regarding the Apple Watch 4 and Apple's effort to product a remote medical monitoring device and medical monitoring system later. 


Monday, August 6, 2018

FCC approves telemedicine pilot for veterans, low-income, rural Americans

I'm actually surprised that this trial had not been approved earlier. Here is the announcement from the FCC.

 This is a link to an article that provide more detail on this program.

https://www.mobihealthnews.com/content/fcc-approves-telemedicine-pilot-veterans-low-income-
rural-americans?mkt_tok=eyJpIjoiT1dJNVl6UmxaVFExT1RkaCIsInQiOiJrb1B5Y0drbTRBMzRoMHFcLzBpUlpCTVljT1lBUGhhcUNCazA2RndKOW8zXC94dTFVSU5ua1VYY1NzeHBQazRsYW5hMkdsaTRETndXb01CTDZjN1Zva2VRYmRIUElic0FCc21BYVowSWdFTGVtTSt1Y2kxTXFGSHRuYlNCcitSRU5TIn0%3D

Since this is a pilot program, data should be collected about it's effectiveness. This is something that those who are interested in medical remote monitoring and remote patient management should be interested in following. I know I will.




Saturday, August 4, 2018

Article: Wearable Technology Is the Future of Healthcare

A bit of light reading about wearable fitness and medical devices.


An interesting quote from the article ...

There is no doubt that the adoption and retention of medical wearable devices will, at least for now and the foreseeable future, outrun that of general fitness wearable devices. This is understandable, as they fulfill a direct and current need for the consumer. However, my belief is, and I assume yours too, if you believe in prevention over treatment, that the more general one of these two has the feared but powerful potential to truly change the status quo. Where now, overall health goes down just before the age of 50, general fitness wearable devices could move up that number.  ...

Monday, July 30, 2018

Apple Watch 4: Will it be suitable as a remote medical monitoring device? Part 1

When I first commented about the Apple Watch as being a possible platform for a remote medical monitoring system in 2015, I was initially excited about the possibilities. Sadly, the technology in 2015 was not quite ready as a platform for remote medical monitoring systems. However, Apple may be turning a corner with the Apple Watch 4 due to be released in Fall 2018. 

To be an effective remote medical monitoring and remote patient management device, the Apple Watch will need to reach acceptable levels of performance in the following seven areas of concern:

  1. Bio-sensors
    • Built in: are there enough bio sensors with enough resolution?
    • Extended: the capability to have additional bio sensors that communicate wirelessly with the watch?
  2. Communications over the Internet: Is there a reliable and secure means of communication back to the patient's monitoring system? And the means to communicate with the patient over that same communications channel(s)? 
  3. Processing capability, hardware and software: Does the watch have the processing capability to host medical applications?
  4. User interface: Visual, touch screen - will patients be able to interact with medical application using the touch screen? Will the watch have an effective audio user interface in order to hear instructions and make requests of the application running on the watch?
  5. Reliability: Will the hardware and software reliable enough for a remote medical monitoring and patient management application to run on it?
  6. Battery life: When running a remote medical monitoring and patient management application(s) on the watch, will the battery life before needing to recharge be acceptable?
  7. Rugged: Is the Apple Watch 4 rugged enough to be a remote medical monitoring and patient management device?
I'm going to touch on each of the areas of concern regarding the performance of the Apple Watch 4.

  1. Bio-sensors: I'm not going to address this issue until the Apple Watch 4 has been released. Once it has been released, I'll write an article specifically discussing this topic.
  2. Communications over the Internet: A model of the Apple Watch 3 does have the capability of communicating over 4G so reliable communication over the commercial wireless provider networks is possible. We can assume that this capability will continue to the next release. So communications capabilities are likely to be adequate. 
  3. Processing capability, hardware and software: Improvements in both are promised over the Apple Watch 3. We can probably assume that hardware and software capabilities will be adequate.
  4. User interface:
    • Visual, touch screen: The Apple Watch screen has been targeted to those with good visual acuity (with or without glasses) and fine finger control to be able to use the touch screen effectively. Current reports say that the screen will be larger than the Apple Watch 3. Nevertheless it's still a small screen. 
    • Auditory: The Apple Watch 3 has Siri, meaning it does have an auditory user interface. More on this after the release of Watch 4.
  5. Reliability: Apple has made positive strides in reliability with each release of the Apple Watch. We can assume that this will continue and that the Apple Watch 4 will be reliable enough to serve as a platform for remote medical monitoring and remote patient management applications.
  6. Battery life: The Apple Watch 3 has a reported battery life of up to 18 hours. Again Apple has continued its improvements in this area. Patient medical monitoring should be continuous and without long breaks. Even with one or more days of battery life, the watch will still need to be changed and that could take hours. However, having said that, the price of an Apple Watch (because of the ruggedness requirement) that would serve as a remote medical monitoring and patient management device would be around $600. As medical devices go, that's inexpensive and inexpensive enough so that the patient could or should have at least two Apple Watches that would enable the patient to switch watches when necessary. That would place a burden on application software developers to manage when patients change watches, however, this should be manageable.
  7. Rugged: The Apple Watch 3 has a version in a stainless steel case. This should be adequate for most situations. Also the issue of reasonably low price and the ability to have redundant watches should effectively address this issue.

Tuesday, July 24, 2018

Adhesives: Part of the Future for the Remote Monitoring Sensors?

I just ran across this article a few minutes ago. It's a serious article published in Machine Design. Here's the link: http://www.machinedesign.com/mechanical/adhesives-enabling-future-wearable-medical-devices?NL=MD-005&Issue=MD-005_20180724_MD-005_524&sfvc4enews=42&cl=article_1_b&utm_rid=CPG05000003255032&utm_campaign=18775&utm_medium=email&elq2=5b76b40ea8f44d76b2b883c5c09f23fe

It's an extremely readable article and what's being described has in my opinion real applicability in the future of medical sensors. Adhesive, "band-aid" or strip sensors development applies to both the fitness set as well as to remotely monitored patients.

Transmitting data to monitoring systems and people will likely require an intermediate device such as a smart phone. I suspect that the real issues and hurdles will likely revolve around digital communications issues and standardization. Having worked most of my life in the communications domain, communications issues can be successfully overcome.

Here are a few quotes from the article:

Device manufacturers are taking steps to create medical devices that are smaller, lighter, and less invasive. Whether they’re adhering device components together or sticking a device to skin, adhesives are uniquely bonded to a device’s success.

Both consumers and patients want wearable devices to be smaller, lighter and less cumbersome to use for seamless integration into their everyday lives. The design process can get challenging when devices must maintain accurate sensing capabilities, but also reduce friction to ensure precise data collection. Adhesives can help to keep friction to a minimum by being breathable and maintaining a low profile. In addition, options with flex electronics, as well as addressing battery implications and electromagnetic interference, provide opportunities for advancement.

Adhesive wear time is a crucial consideration when designing a wearable device, impacting overall resilience and durability, as well as how often the user will need to change their device. 

______________

I should mention that by the looks of things, it appears to me that 3M maybe behind the article. Nevertheless, I think that considering adhesives in the research, design and development process of a bio-sensor is worth your time. 


Sunday, July 22, 2018

15 Game-Changing Wireless Devices to Improve Patient Care

I happened across this slide show today and decided to share it.

https://www.medscape.com/features/slideshow/wireless-devices#17

Remote monitoring has by implication another side to it: remote patient management. The remote monitoring side of these devices seem to be on a strong, positive path of development, but I'm not seeing the same level of development on the remote patient management side. That piece of seems to be lagging and probably for good reason: it's the more difficult. And I can say that from experience working in the area. In addition, it will likely require further development of supporting automation, that is, artificial intelligence or expert systems.


Article: Remote Monitoring of Heart Failure Patients

Although this article was published in 2013, it's findings are still applicable today. Moreover, there is applicability of this system remote monitoring and remote patient management to patients with other chronic conditions other than heart failure. 

I have experience with engineering methods to support remote monitoring and treatment of heart failure patients and this article is an extensive review many of the systems that were and would be coming available in 2013 and later.

Here is the link: Remote Monitoring of Heart Failure Patients by Arvind Bhimaraj, M.D., M.P.H. I recommend this article if you have an interest in many of the details of remote monitoring and remote patient management.

Heart Failure


Heart failure is a chronic disorder and requires continual monitoring and management. The management of heart failure patients remotely can serve as a model for managing patients with other chronic disorders such as diabetes or COPD.

Article Abstract (from the article)

Heart failure continues to be a major burden on our health care system. As the number of patients with heart failure increases, the cost of hospitalization alone is contributing significantly to the overall cost of this disease. Readmission rate and hospital length of stay are emerging as quality markers of heart failure care along with reimbursement policies that force hospitals to optimize these outcomes. Apart from maintaining quality assurance, the disease process of heart failure per-se requires demanding and close attention to vitals, diet, and medication compliance to prevent acute decompensation episodes. Remote patient monitoring is morphing into a key disease management strategy to optimize care for heart failure. Innovative implantable technologies to monitor intracardiac hemodynamics also are evolving, which potentially could offer better and substantial parameters to monitor.

My Analysis

With the advent of smartphones and increasingly sophisticated, smaller and lower power bio-sensors, remote monitoring and remote patient management of all types of chronic conditions should be on the rise. Furthermore, the rise and acceptance of computerize expert medical systems (artificial intelligence), should make remote monitoring and remote patient management a first choice. Not only will this lower costs, but as we have seen it: increases patient satisfaction and mobility, enabling a patient to spend time traveling and enjoying the life that remains.

One more thing ... and I have to add this as a point of pride, a quote from the article:

Also, advancements in implantable wireless technology seen with the pulmonary capillary pressure monitoring device CardioMEMS® (CardioMEMS, Inc., Atlanta, GA) and the left atrial pressure monitor HeartPOD System (St. Jude Medical, Inc., St. Paul, MN) or Promote® LAP System (St. Jude Medical, Inc., St. Paul, MN) bring us closer to finding the holy grail of home monitoring systems. (my emphasis)

I had a part in SJM's LAP project. I was working at SJM when this project was in the state of early patient trial. The project manager needed assistance with issues related to and testing of operation of the user interface including the how the computerize system would interact with patients to collect necessary data and provide the patient with directions on what to do to manage their current condition -- mostly, taking medication and performing certain activities. I provided that assistance, design direction and usability testing for this early stage product. Although I haven't seen this system in it's commercial form, I suspect that a lot of what I did was included in the commercial product. The "holy grail" comment is personally gratifying. And I should mention that my experience with the LAP system was one of this things that lead me to starting and continuing with this blog.


Tuesday, March 24, 2015

Benefits of Remote Monitoring & Mayo Clinic Announcement

I've been arguing for some time that remote monitoring can not only lower medical costs, but it show itself to be of benefit to the patient as well. Here's an article that not only shows that remote monitoring can be of benefit to the patient, but to the physician as well.

Remote monitoring can not only provide better and more data ... that can lead to better analysis and conclusions. It can provide that data to the physician before the patient comes in for a visit. Furthermore, if an adverse medical event occurs, that data is captured and available to the attending health care providers. Admittedly the patient would have needed to have been wearing the monitoring device at the time, but if the person was wearing the monitoring device that information would be available.

Here's the link to the article: http://www.healthcareitnews.com/news/remote-patient-monitoring-steps-toward-new-era

Here are a few quotes from the article that I found interesting ...

... if you spend $100 a month to monitor patients remotely – over a year it would cost much less then what you would pay if they have to come back to the hospital.


[T]here are two waves of activity. The more traditional top down wave extends the reach of hospitals with FDA approved medical devices that are deployed out in the home by providers by doctors to keep track of these patients.
There is also an increasing consumer wave where people are going out and buying the sensors and devices on their own and tracking their fitness and health and bringing that information to their healthcare providers.
=== I find this quote interesting in light of the Apple Watch and other similar devices ======
Some physicians, Kleinberg asserted, don’t need and don’t want that data from the patient and claim that they don't have a place to put the data and they don't have time to look at it.
=== Actually, machines can monitor this data on a continual basis. The machines can alert physicians as needed and provide summaries. Physicians need not review raw data. ======
"There's a push back to this consumer-up bottom-up wave. But over time I think we're going to see that the sensors and the data that’s coming from these devices is going to have more and more value and providers are going to put more faith in it," said Kleinberg. "They're going to look at it and make some sense of it and part of the way they are going to do that is if they have more confidence about that data."
=== I think the last sentence may be one of the most significant in the article. Confidence in the data and automated analysis will build and become mainstream. And I think that cost considerations will be a factor. =====

Announcement Title: Mayo Clinic To Develop Wireless Sensors To Treat Obesity

I found this quite interesting when I came across it. The sensors are far from being developed but I thought it worth posting the announcement link.


Here's a quote from the announcement.

The goal is to produce the first wearable patch sensor – the size of a bandage – that is wireless, disposable, and can remotely monitor patient movements via smartphone. This new technology would simplify tracking with greater accuracy of patients and clinical trial subjects for whom a certain level of activity is prescribed to achieve their goals.

Internet of Things ... From a Connected Medical Device Perspective

Before I dive into the issues regarding the possible means for connecting medical devices to the Internet, I would like to provide you with a little background on two relevant research programs I have lead. I was the principal investigator on two Federally supported research programs described below.

The first was a NIST Research grant to support the development of a secure and commercially viable wireless data communications technology. Much of that technology has been incorporated into today's smartphones, although not all of what we created has yet found its way into the current generation of smartphones. But with each iteration, more of what we created gets incorporated.

A central part of our program was to insure secure and private data communications. It would be secure from infiltration by malware and impenetrable by snoops ... including the NSA. The system worked by securing and controlling both ends of the communication. It was capable of sending a single file to over multiple communications channels simultaneously, the packets could be sent out of order using multiple forms of encryption including nonstandard or private encryption methods -- that are much harder to break. By securing and controlling both ends of the connection between devices, we could completely control what went in and out of the channel. Nothing would flow to the other end that was out of our view or control.

The second Federal grant was for a data security program. VoIP communications channels are lightly secured largely due to the requirements to insure that audio is clear and voices understandable. This fact makes VoIP channels particularly vulnerable vectors to use for an attack. There have been attempts to logically divide voice and data channels; however, there have been several demonstrations that this does not always work. Our research focused on methods to detect the presence of an intruder without disrupting or significantly lowering audio quality. And when we detected a possible intruder, we attacked this apparent intruder through a series of escalating techniques that could finally end with terminating the connection when it was clearly apparent that an intruder was using the VoIP connection to do something nefarious.

Architectures for the Internet of Things

The two architectures I would like to review are direct and mediated connections that could be used in the realm of the Internet of Things.

Direct and mediated connections are illustrated in the figure below.


The real difference between the two diagrams is the way the Apple Watch is connected to the Internet. On the left the Watch is directly connected to the Internet. When connected, it is an addressable device on the Internet. On the right, the Watch is connected to the Internet through the iPhone. The iPhone mediates the connection to the Internet through the iPhone. All the data traffic to and from the Watch goes through the iPhone.

A mediated connection through the device can be as simple and unmanaged as one through a router. However, with the appropriate software on the iPhone, the iPhone should be able to manage the connection with and security of the Watch.

In the case of the direct connection, management of the connection to the Internet including security must be done by the Watch itself. The Watch could be subject to a direct attack and must defend against such an attack by itself.

Best Architecture for Medical Devices?

In the diagram above, I'm treating the Watch as if it were a medical device ... and a medical device it could be. It would seem that the safest connection to the Internet would be a mediated connection. However, there are hybrid scenarios. For example, incoming communications including software updates could require a mediated connection. Encrypted uploads from the Watch to a centralized server system could use a direct connection.

This is a brief introduction into this topic. I'll have further explorations into this issue in future articles.

Monday, March 23, 2015

More on Apple Watch as a Medical Monitoring Device

I recently ran across an article about Apple's continuing work to make the Watch a medical monitoring device. Here's a link to that article:
http://appleinsider.com/articles/15/02/16/apple-scrapped-advanced-apple-watch-health-monitoring-features-due-to-reliability-issues

According to the article Apple considered including a number of medical monitoring devices/capabilities for their first generation Watch. For the first generation, those have been scrapped for reliability and regulatory reasons. Apparently Apple is still interested in adding more physiological sensors to the Watch, but if those capabilities appear, they'll be included in next generation Watches.

However, there was something that caught my interest from the article:

"Aside from catchall smartwatch devices, a number of standalone solutions for off-the-shelf medical style monitoring already exist in the form of products — usually wrist-worn — from smaller manufacturers and startups. For example, the W/Me band incorporates a specialized sensor to measure a user's autonomic nervous system for keeping track of stress levels, while the latest products from Fitbit tout all-day heart rate monitoring."


There are lots of other companies making sensors that would be useful for medical monitoring purposes. For Apple and the Watch there are many ways this can play out. Frankly none of these are mutually exclusive.

  1. Apple can purchase the sensing technology to incorporate into Apple-produced sensors.
  2. Apple can purchase the sensors and integrated them into the Watch 
  3. The third-party sensors can communicate with the Apple Watch over WiFi. 
The data collected by the Apple Watch could be:

  1. Analyzed and presented locally ... by the Watch
  2. Uploaded to the iPhone were the iPhone would process the data and either communicate it back to the Watch for display or be displayed on the iPhone ... or both.
  3. Uploaded to the iPhone that intern uploads it to a centralized system for processing. The results of that analysis could be communicated back for display on the iPhone or Watch. If so indicated an alert could be included if conditions warranted. 
Again, none of these are mutually exclusive. Data could be processed and displayed on the Watch and communicated back to a centralized system.

More updates on the Apple Watch to come ...

Friday, March 20, 2015

Apple Watch: An Emergent Medical Monitoring Device?

Apple has been grappling with the design and capabilities of a smart watch for years. Apple CEO Tim Cook announced that Apple would produce a smart watch in September 2014. The initial rollout is scheduled for 25 April 2015.

Tim Cook has suggested that the Apple Watch would do more than provide its owner with the time and as a wearable means to communicate with your iPhone ... something that you would rather leave in your pocket or purse. He suggested that this device could also serve as a means to assist people with monitoring their health and fitness. But can this device that is strapped to your wrist really do that?

Research on Smart Watches and Their Owners


Before doing the deep dive into the Apple Watch, I want briefly discuss some of my experience with researching smart watches. I can't divulge all the details of that research because some of that work that I was part of a research team is proprietary. I can say a few things about smart watches, the variety of their capabilities and some of the opinions about them that people who have used them have provided.

The smart watches that we used in our research had capabilities that fell into two categories. The first were capabilities that allowed the owner to communicate with and control their smartphone. For example, a smart watch would allow an owner to control music or podcasts being played or allow the owner to make and receive calls through the smart watch. Communication between the two devices was over Bluetooth (IEEE 802.15.1) The second were independent capabilities this can include GPS map capabilities, collecting and displaying running or cycling distances and routes. And providing the date and time.

We found that owners of smart watches were initially excited and enthusiastic about owning a smart watch. However, over time that excitement and interest disappeared ... and disappeared to the point where most owners were considering ways to rid themselves of their smart watches. Based on our research, smart watches seemed like a good idea. But once initially-enthusiastic owners tried to incorporate smart watches into their lives, their response to them became negative.

Apple Watch


The Apple Watch is almost upon us with great fanfare. Based on photographs and my read of the hardware and descriptions of the Apple Watch, it appears to be stylish that its predecessors ... an important quality. It appears that it will have many of the same capabilities as it's predecessors as well ... the ability to communicate with and control the owners iPhones (5 or later) - the smart watch will have Near Field Communication (NFC), Bluetooth (4.0), a speaker, microphone and a touch screen to enable communication and control - and a number of independent capabilities based on the following embedded sensors: accelerometer, gyroscope, heart rate sensor and barometer.

Beyond the heart rate sensor, what else might make the Apple Watch a wearable system to assist people with their health and fitness? I'm not sure, but what I found interesting about the Apple Watch, what makes it potential game changer in the realm of health and fitness is this: WiFi (802.11 b/g/n).

From all that I can tell, the inclusion of WiFi could be something that might make the Apple Watch something significant with respect to means for medical monitoring. WiFi is different from Bluetooth in that Bluetooth creates a dedicated one to one communications channel. A WiFi access point (AP) can support multiple, simultaneous connections. Is Apple working with other companies to create new body sensors that can communicate with the Apple Watch using WiFi? It's plausible and well worth watching. 

Monitor this blog ... more on this to come.


Tuesday, June 28, 2011

Hacking Grandpa's ICD: Why do it?

Background

I am part of another professional discussion group with an interest in Medical Data, System and Device security.  One of the topics was whether medical devices are a likely target for cyber-attacks.  I made a contribution to the discussion and stated that I believed that although unlikely, I thought that medical devices will eventually be targets of cyber-attacks.  But putting data security measures into medical devices is at odds with the directions that the medical device industry wants to take its product lines.  The trends are for smaller and less power-hungry devices.  Adding data security measures could increase power demands, increase battery sizes and thus increase device size.  Nevertheless, I believe that starting the process of putting data security measures into the medical devices has merit.

I received a well-reasoned response that hacking medical devices was highly unlikely and research funding on security measures for medical devices would be money best spent elsewhere.  That response started a thought process to develop a threat scenario to address his points.

I reviewed my earlier article on "hacking medical devices," http://medicalremoteprogramming.blogspot.com/2010/04/how-to-hack-grandpas-icd-reprise.html.  I revisited the paragraph in my regarding the motivation for hacking a medical device, an extortion scheme. 

When I wrote that article, I did not have any particular scheme in mind.  It was speculation based more on current trends.  Furthermore, I did not other motivations as particularly viable - data theft, not much money or value in stealing someone's implant data or killing a specific person, there are easier ways to do this although it might make a good murder mystery.

I did come up with a scenario, and when I did, it was chilling.





The Threat Scenario

First, as I had previously suggested, the motivation for hacking medical devices would be extortion.  The target of the extortion would be the medical device companies.  Before getting into the specifics of the extortion scenario requires that you understand some of the technologies and devices involved.

The wireless communications of interest occurs between a "base station" and a wirelessly enabled implanted device as shown in the figure below.

The base station need not be at a permanent location, but could be a mobile device (such as with the Biotronik Home Monitoring system).  The base station in turn communicates with a large enterprise server system operated by the medical device company.


The two systems communicate use wireless or radio communication.  For example, St. Jude Medical uses the MICS band - a band designed by the FCC for medical devices in the range of 400Mhz.  To insure that battery usage for communications is minimal, the maximum effective range between is stated as 3 meters.  (However, I have seen a clear connection established at greater 3 meters.)  


In general, the implant sends telemetry data collected it has collected to the base station.  The base station sends operating parameters to the implant.  Changing the operating parameters of the medical device is know as reprogramming the device and define how the implant operates and the way the implant exerts control over the organ to which it is connected.


Device Dialogue of Interest to Hackers

As you probably have guessed, the dialogue of interest to those with criminal intent is the one between the base station and the device.  The "trick" is to build a device that looks like a legitimate base station to the medical device.  This means that the bogus device will have to authenticate itself with the medical device, transmit and receive signals that the device can interpret.  In an earlier article (http://medicalremoteprogramming.blogspot.com/2010/03/how-to-hack-grandpas-icd.html), I discussed an IEEE article (http://uwnews.org/relatedcontent/2008/March/rc_parentID40358_thisID40398.pdf**) where the authors had constructed a device that performed a successful spoofing attack on a wireless Medtronic ICD. So, based on the article, we know it can be done.  However, based on the IEEE article, we know that it was done at distance of 5 cm.  This was aptly pointed out in a comment on my "How to Hack Grandpa's ICD" article.


Could a Spoofing/Reprogramming Attack be Successful from Greater than 5 cm or Greater than 3 meters?


I believe the answer to the question posed above is "yes."  Consider the following lines of reasoning ...
  1. As I had mentioned earlier, I know that base stations and medical devices communicate at distances of 3 meters and can communicates greater distances.  The limitation is power.  Another limitation is the quality of the antenna in the base station.  The communication distance could be increased with improvements in the antenna and received signal amplification. 
  2. The spoofing/reprogramming attack device could be constructed to transmit at significantly greater power levels than current base station.  (Remember, this is something built by a criminal enterprise.  They need not abide by rules set by the FCC.)  Furthermore, a limited number, maybe as few as one or two, of these systems need be constructed.  I shall explain why later.
  3. A base station can be reverse-engineered.  Base stations can be easily obtained by a variety of means.  Medical devices can be stolen from hospitals.  Documentation about the communication between the medical device and the base station can be obtained.
Thus, I believe the possibility exists that a device that emulates a base station and could successfully perform a spoof/reprogramming attack from a significant distance from the target is possible.  The question is, what is to be gained from such an attack?


Attack Motivations


Extortion: Earlier I mentioned that in an other article, I suggested that the motivation would be extortion: money, and lots of it.  I think the demands would likely be in the millions of US dollars.

In this scenario, the criminal organization would contact the medical device companies and threaten to attack their medical device patients.  The criminal organization might send device designs to substantiate their claims of the ability to injure or kill device patients and/or send the targeted company with news reports sudden unexplained changes in medical devices that have caused injuries or deaths in device patients.


Market Manipulation: Another strategy would be as a means to manipulate the stock prices of medical device companies - through short-selling the stock.  In this scenario the criminal organization will create a few base station spoofing/reprogramming systems. Market manipulation such as placing the value of the stock at risk could be a part of the extortion scheme.




Book of Interest: Hacking Wall Street: Attacks And Countermeasures (Volume 2)


In another article I'll discuss how someone might undertake an attack.




** Halperin, D, Heydt-Benjamin, T., Ransford, B., Clark, S., Defend, B., Morgan, W., Fu, K., Kohno, T., Maisel, W. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses, IEEE Symposium on Security and Privacy, 2008, pp 1-14.

How to Hack Grandpa's ICD: New Develoments

A little over a year ago I published a couple of articles in this blog regarding "Hacking Grandpa's ICD." Here are the links: 



I receive a bit of flack from some people regarding the unlikelihood of such a thing occurring. I even wrote another article that I never published because I had convinced myself that ICD hacking scenario would be so unlikely. 

Well, it suffices to say that I have changed my mind. It seems that McAfee has take this seriously. Here are two articles for your consideration.

After this, I'm publishing the article that I had originally decided not to publish.

Friday, April 30, 2010

How to Hack Grandpa's ICD, Reprise ...

Several weeks ago I published an article (How to Hack Grandpa's ICD) discussing another article published in an IEEE journal that described a variety of ways to hack, illicitly manipulate or modify an ICD.  To those in the know, this is a potentially greater concern than I had imagined.  As it turns out, not surprisingly enough, the concerns about hacking are not limited to ICDs. 

One of my readers notified me of a recent article published by the CNN website that discusses concerns regarding the capability to hack ICDs.  Here's the link to the article that was published on 16 April 2010.  I was also republished in the Communications of the ACM (of which I am a member) on 19 April 2010.


Much of the article appears below Before proceeding, I would like to add a little background about myself and a little bit of commentary regarding hacking.  I am a co-founder of data leak security company, Salare Security (http://www.salaresecurity.com).  If anyone is interested in what the company does, please do follow the link above.  (As of this point, I am a silent partner in the company.  My partners are currently running the business.)  I mention this because I have some real-world based knowledge regarding system vulnerabilities.  

From experience and research I have found that even vulnerabilities that seem unlikely to be exploited, inevitably are exploited.  If something can be gained from a target and a vulnerability exists, you can be assured that the vulnerability will be exploited.  

For example, specific vulnerabilities that Salare Security addresses months ago were considered unlikely to be exploited because of the lack knowledge and a lack of interest on the part of hackers.  However, the vulnerabilities are of significant interest because if exploited, the damage to a government, a company or other organization could be severe.  Nevertheless, the thinking in the industry has been that exploitation of the vulnerabilities over the near term were remote.

However, recently, we have received information that the system vulnerabilities that Salare Security addresses have been exploited by a government funded group of hackers.  So much for "nothing happening in the near term."  

In the case of the vulnerabilities that Salare Security protects ... the hackers were after information.  (I do not know the details of the attack so I cannot tell you what information they stole.)  But, why might hackers develop systems to exploit medical device vulnerabilities?  

My sense is that the hackers most likely are not out to attack, injure or kill people with medical devices.  In my estimation, these hackers would be engaged in an extortion scheme against a device manufacturer or manufacturers.  This suggestion is based on some of the current trends in criminal activity. (Please see: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1510919,00.html?track=NL-102&ad=763387&asrc=EM_NLN_11442713&uid=6228713)  The article references other possible motives for hacking medical devices.  I would strongly side with any motivation that opens the door for extracting money from a manufacturer.

Here is the article published by CNN

Scientists work to keep hackers out of implanted medical devices
By John D. Sutter, CNN  (4/16/2010)

(CNN) -- Nathanael Paul likes the convenience of the insulin pump that regulates his diabetes. It communicates with other gadgets wirelessly and adjusts his blood sugar levels automatically.
But, a few years ago, the computer scientist started to worry about the security of this setup.
What if someone hacked into that system and sent his blood sugar levels plummeting? Or skyrocketing? Those scenarios could be fatal.  
Researchers say it is possible for hackers to access and remotely control medical devices like insulin pumps, pacemakers and cardiac defibrillators, all of which emit wireless signals.
In 2008, a coalition of researchers from the University of Washington, Harvard Medical School and the University of Massachusetts at Amherst wrote that they remotely accessed a common cardiac defibrillator using easy-to-find radio and computer equipment. In a lab, the researchers used their wireless access to steal personal information from the device and to induce fatal heart rhythms by taking control of the system.
This article references the same IEEE article that I referenced in my blog posting.
"Medical devices have provided important health benefits for many patients, but their increasing number, automation, functionality, connectivity and remote-communication capabilities augment their security vulnerabilities," he wrote.
FDA spokeswoman Karen Riley declined to say whether the FDA is looking into new regulations of wireless medical devices; she added that the responsibility for making the devices secure falls primarily on the manufacturer.

"The FDA shares concerns about the security and privacy of medical devices and emphasizes security as a key element of device design," she said.
Wendy Dougherty, spokeswoman for Medtronic Inc., a large maker of implantable medical devices, said the company is willing to work with the FDA to establish "formal device security guidelines."
The company is aware of potential security risks to implanted medical devices, she said. "Safety is an integral part of our design and quality process. We're constantly evolving and improving our technologies."
In a written statement, Dougherty described the risk of someone hacking into a wireless medical device as "extremely low."
Wireless connections

The security concerns stem from the fact that pacemakers, defibrillators and insulin pumps emit wireless signals, somewhat like computers.
These signals vary in range and openness. Researchers who reported hacking into a defibrillator said some in-the-body devices have a wireless range of about 15 feet.

Many devices do not have encrypted signals to ward off attack, the researchers say. Encryption is a type of signal scrambling that is, for example, employed on many home Wi-Fi routers to prevent unknown people from accessing the network.
Motive

There's some question as to why a person would hack into a pacemaker or insulin pump and how the hacker would know a person uses a medical device.
Maisel listed some possible scenarios in his New England Journal article.
"Motivation for such actions might include the acquisition of private information for financial gain or competitive advantage; damage to a device manufacturer's reputation; sabotage by a disgruntled employee, dissatisfied customer or terrorist to inflict financial or personal injury; or simply the satisfaction of the attacker's ego," he wrote.
Denning, from the University of Washington, said the current risk of attack is very low, but that someone could hack into a pacemaker without apparent motive.
She referenced a case from 2008 in which a hacker reportedly tried to induce seizures in epilepsy patients by putting rapidly flashing images on an online forum run by the Epilepsy Foundation.
I emphasized Denning's comments because in my experience those are "famous last words." If there is a way to profit from exploiting a vulnerability, be assured, it will be exploited.

 
Additional Resources




 

Friday, April 23, 2010

Medical Implant Issues: Part 1, A True Story

When I started this article, I thought I could place it into a single posting.  However, having written just the first section, noted it's length and how much more there was to write.  Thus, I decided to turn this into a serialized publication just as I am doing with HE-75.  Thus, here is Part 1 ...
 

Part 1: Background Story

Before I dive into the technical details of this issue, I want to tell a true story from my own experience.  It involves a friend of mine.  (I need to be vague regarding the person's identity including gender and how I came to know this person.  As you read this, you'll understand.

My friend was incredibly intelligent (e. g., the best applied statistician I have ever known) and physically attractive, and diagnosed as a paranoid schizophrenic.  In the early 1990's, my friend underwent back surgery.  To my amazement, my friend claimed that the surgeon had placed a "chip," small processor into the person's spinal cord.  My friend said that the chip could be activated by people with controls that looked like garage door openers.  When activated, the chip would cause my friend to have a sudden, overwhelming desire to have sexual relations with the person who had activated the chip.  My friend called this chip a "tutu."

At the time I had been part of the cutting-edge technology community to know that such a chip was absurd.  And I told my friend that this chip did not exist. My information was not well received by my friend who was convinced of the reality of this chip.

I tell this story because at the time my friend informed me of the "tutu," the idea of embedding a chip in a human being and activate it using wireless means was patently absurd.  Embedding programmable chips with wireless communications less than a decade and a half later is no longer considered absurd, but real.  And for some people, frightening with religious overtones.  Consider what the Georgia state legislature just passed and you'll understand what I mean.  Here's a link to that article: Georgia Senate Makes "Mark of the Beast Illegal."


The reaction from the Georgia Senate makes my paranoid-schizophrenic friend's story seem plausible.  Interestingly enough and I did not realize it at the time (but I do now), that was my introduction to wireless, medical remote programming.  As I said, my friend was extremely intelligent and as it turned out more creative and prescient than I realized at the time.  Turns out that today a device embedded in the spinal cord with the ability to trigger sexual experience is real.  And the ability to embed microprocessors and controls in people with the capability of wireless communication and medical management is also real.


I tell you that story not to make light of people's stories and fears, but as a "sideways" introduction to the technical topic of dealing with multiple, embedded medical monitoring and remote programming systems.  And to suggest that people may have real fears and concerns regarding the capabilities that technologists like myself often overlook.  In this series I discuss real and imagined fears as well as the technical problems with multiple, implanted devices.




Part 2: Multiple, Implanted Wireless Communicating Devices






Books sold by Amazon that might be of interest in this series

New Frontiers in Medical Device Technology

MEMS and Nanotechnology-Based Sensors and Devices for Communications, Medical and Aerospace Applications
 

Remote Monitoring Demonstration System for Diabetes & COPD Available

I want to share the article and it's link to the the demonstration systemHere are a few quotes from the article.

Health Revolution Sciences Inc. has launched a new Website demonstrating its remote health care monitoring capabilities for perspective patients and care givers.
Called ForVida, the software application represents a sea change in health care technology. 
The software allows physicians and patients to watch streaming cardiac telemetry or reference steadily growing actionable patient EKG and heart rate histories.

The system apparently uses a communication model similar to one I have described in an earlier article.  (http://medicalremoteprogramming.blogspot.com/2009/10/communication-model-for-medical-devices.html)  I do not know what data integrity and security measures they have taken.
 
The article can be found at:
http://www.healthrevolutionsciences.com/2010/04/forvida-demo-up-and-running/

Saturday, April 17, 2010

Article: Investments in Real Time Medical Monitoring

This is an article targeted to the investment community regarding investment in real time medical monitoring.  I do not endorse anything in this article.  However I do find it interesting.  I do not know the track record of this publication.  Nevertheless, here a link to the article: http://www.onemedplace.com/blog/archives/4878