Home Design of a secure remote management module for a software-operated medical device
Article
Licensed
Unlicensed Requires Authentication

Design of a secure remote management module for a software-operated medical device

  • Urban Burnik ORCID logo EMAIL logo , Štefan Dobravec and Marko Meža
Published/Copyright: December 9, 2017
Become an author with De Gruyter Brill
Submit Manuscript Author Information
Biomedical Engineering / Biomedizinische Technik
From the journal Biomedical Engineering / Biomedizinische Technik Volume 64 Issue 1

Abstract

Software-based medical devices need to be maintained throughout their entire life cycle. The efficiency of after-sales maintenance can be improved by managing medical systems remotely. This paper presents how to design the remote access function extensions in order to prevent risks imposed by uncontrolled remote access. A thorough analysis of standards and legislation requirements regarding safe operation and risk management of medical devices is presented. Based on the formal requirements, a multi-layer machine design solution is proposed that eliminates remote connectivity risks by strict separation of regular device functionalities from remote management service, deploys encrypted communication links and uses digital signatures to prevent mishandling of software images. The proposed system may also be used as an efficient version update of the existing medical device designs.

Keywords: medical devices; PEMS; programmable electrical medical systems; remote management; risk management

Acknowledgment

This work was supported in part by research programme P2-0246 by the Slovenian Research Agency.

  1. Conflict of interest: The authors indicate no potential conflicts of interest in this work.

References

[1] Alemzadeh H, Iyer R, Kalbarczyk Z, Raman J. Analysis of safety-critical computer failures in medical devices. Security Privacy IEEE 2013; 11: 14–26.10.1109/MSP.2013.49Search in Google Scholar

[2] Brannigan VM. Software quality regulation under the Safe Medical Devices Act of 1990: hospitals are now the canaries in the software mine. In Proceedings of the 15th Annual Symposium on Computer Application in Medical Care. Washington, DC; New York: McGraw Hill, 1991: 238–242.Search in Google Scholar

[3] Brooks G, Kenney T. Consumer trends fuel medical device innovation. Medical Electronics Design, 2010, http://www.medicalelectronicsdesign.com/article/consumer-trends-fuel-medical-device-innovation, Accessed August 2017.Search in Google Scholar

[4] Burnik U, Dobravec S, Meža M, Vučnik M. Telenadzor: sodoben oddaljeni servisni dostop in uporabniška podpora na napravah 2D-DL: poročilo o opravljeni študiji. (Telecontrol: a contemporary remote service access and end user support for 2D-DL devices: case report) tech. rep., University of Ljubljana, 2009.Search in Google Scholar

[5] Catelani M, Ciani L, Diciotti S, Dori F, Giuntini M. ISO 14971 as a methodological tool in the validation process of a RIS-PACS system. In Medical Measurements and Applications Proceedings (MeMeA), 2011 IEEE International Workshop on, pp. 408–412, May 2011.10.1109/MeMeA.2011.5966726Search in Google Scholar

[6] Cooper T, Eagles S. Aiming for patient safety in the networked healthcare environment. IT Horizons 2010; 4:18–20, http://www.aami.org/publications/ITHorizons/2010/18-20_StandardsRegs_Cooper.pdf, Accessed August 2017.Search in Google Scholar

[7] Council Directive 93/42/EEC of 14 June 1993 concerning medical devices, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:01993L0042-20071011, 1993, Accessed August 2017.Search in Google Scholar

[8] Dzung D, Naedele M, von Hoff T, Crevatin M. Security for industrial communication systems. Proc IEEE 2005; 93: 1152–1177.10.1109/JPROC.2005.849714Search in Google Scholar

[9] FDA. Title 21: Food and Drugs, Part 860 – Medical Device Classification Procedures. Electronic Code of Federal Regulations, 1978, https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=9557aadd484e0d12d825cf3c20aadc38&ty=HTML&h=L&mc=true&r=PART&n=pt21.8.860. Accessed August 2017.Search in Google Scholar

[10] Haigh T, Landwehr C. Building code for medical device software security. IEEE Cybersecurity, 2015.Search in Google Scholar

[11] Hamzeh K, Pall G, Verthein W, Taarud J, Little W, Zorn G. Point-to-point tunneling protocol (PPTP), The Internet Society RFC 2637, 1999, https://tools.ietf.org/pdf/rfc2637.pdf, Accessed August 2017.10.17487/rfc2637Search in Google Scholar

[12] Hanna S, Rolles R, Molina-Markham A, Poosankam P, Fu K, Song D. Take two software updates and see me in the morning: the case for software security evaluations of medical devices. In Proceedings of the 2nd USENIX conference on Health security and privacy, no. August, pp. 6–6, USENIX Association, 2011.Search in Google Scholar

[13] Institute of Medicine (US). Committee on the Public Health Effectiveness of the FDA 510 (k) Clearance Process, I. Medical devices and the public’s health: the FDA 510 (k) clearance process at 35 years. National Academies Press, Washington, DC, 2011.Search in Google Scholar

[14] ISO. Medical device software – software life cycle processes. ISO 62304:2006, International Organization for Standardization, Geneva, Switzerland, 2006.Search in Google Scholar

[15] ISO. Medical devices – application of risk management to medical devices. ISO 14971, International Organization for Standardization, Geneva, Switzerland, 2007.Search in Google Scholar

[16] ISO. Application of risk management for IT-networks incorporating medical devices. ISO 80001, International Organization for Standardization, Geneva, Switzerland, 2010–2015.Search in Google Scholar

[17] Kumar A. Not complying with IEC 62304 for software design could be detrimental on many levels. Medical Electronics Design, no. May/June, pp. 13–17, 2011.Search in Google Scholar

[18] Lincoln JE. Product risk management under ISO 14971:2007. J Validation Technol 2009; 15: 10–18.Search in Google Scholar

[19] Ortiz S. Virtual private networks: leveraging the Internet, Computer 1997; 11: 18–20.10.1109/2.634834Search in Google Scholar

[20] Prasad D, Ray S, Majumdar AK, et al. Real time medical image consultation system through internet. J Healthc Eng 2010; 1: 141–154.10.1260/2040-2295.1.1.141Search in Google Scholar

[21] Rafeh R. A proposed approach for safety management in medical software design. J Med Syst 2013; 37: 9925.10.1007/s10916-012-9925-0Search in Google Scholar PubMed

[22] Rakitin R. Coping with defective software in medical devices. Computer 2006; 39: 40–45.10.1109/MC.2006.123Search in Google Scholar

[23] Rakitin SR. Networked medical devices: essential collaboration for improved safety. Biomed Instrum Technol 2009; 43: 332–338.10.2345/0899-8205-43.4.332Search in Google Scholar PubMed

[24] Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC, http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L:2017:117:FULL&from=EN, 2017, Accessed August 2017.Search in Google Scholar

[25] Sametinger J, Rozenblit J, Lysecky R, Ott P. Security challenges for medical devices. Commun ACM 2015; 58: 74–82.10.1145/2667218Search in Google Scholar

[26] Schrenker R. The case for a systems focus in healthcare. IT Horizons 2010; 4: 13–17.Search in Google Scholar

[27] Steffen A, Hientzsch D. Software-based risk management documentation for medical devices. Biomed Tech 2013; 58: 1.10.1515/bmt-2013-4236Search in Google Scholar PubMed

[28] Tanabian M. “Testing android devices,” Medical Electronics Design, no. May/June, 2011.FDA, “Applying human factors and usability engineering to medical devices”, Guidance for Industry and Food and Drug Administration Staff (nonbinding recommendations), U.S. Department of Health and Human Services, Food and Drug Administration, Center for Devices and Radiological Health,Office of Device Evaluation, 2016, https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm259760.pdf, Accessed August 2017.Search in Google Scholar

[29] Van Roy P, Haridi S. Concepts, techniques and models of computer programming. Cambridge, MA: The MIT Press, 2004.Search in Google Scholar

[30] Vogel, DA. Medical device software verification, validation and compliance. Norwood, MA: Artech House, 2010.Search in Google Scholar

[31] White paper of Joint NEMA/COCIR/JIRA Security and Privacy Committee. Remote Services in Healthcare – Use Cases and Obligations For Customer and Service Organizations, http://www.medicalimaging.org/wp-content/uploads/2011/02/Remote-Service_2008-08-06_final.pdf, 2008, Accessed August 2017.Search in Google Scholar

Received: 2017-01-10
Accepted: 2017-11-07
Published Online: 2017-12-09
Published in Print: 2019-02-25

©2019 Walter de Gruyter GmbH, Berlin/Boston

Articles in the same Issue

  1. Frontmatter
  2. Review
  3. Wheeze sound analysis using computer-based techniques: a systematic review
  4. Research articles
  5. Effect of a combination of flip and zooming stimuli on the performance of a visual brain-computer interface for spelling
  6. A cost-sensitive Bayesian combiner for reducing false positives in mammographic mass detection
  7. Influence of acquisition frame-rate and video compression techniques on pulse-rate variability estimation from vPPG signal
  8. Design of a secure remote management module for a software-operated medical device
  9. Long-term recording of electromyographic activity from multiple muscles to monitor physical activity of participants with or without a neurological disorder
  10. Biomechanical investigation of different surgical strategies for the treatment of rib fractures using a three-dimensional human respiratory model
  11. Numerical investigation of complete mandibular dentures stabilized by conventional or mini implants in patient individual models
  12. Reliability and validity of lumbar disc height quantification methods using magnetic resonance images
  13. Designs and performance of three new microprocessor-controlled knee joints
https://doi.org/10.1515/bmt-2017-0005
Keywords for this article
medical devices; PEMS; programmable electrical medical systems; remote management; risk management

Articles in the same Issue

  1. Frontmatter
  2. Review
  3. Wheeze sound analysis using computer-based techniques: a systematic review
  4. Research articles
  5. Effect of a combination of flip and zooming stimuli on the performance of a visual brain-computer interface for spelling
  6. A cost-sensitive Bayesian combiner for reducing false positives in mammographic mass detection
  7. Influence of acquisition frame-rate and video compression techniques on pulse-rate variability estimation from vPPG signal
  8. Design of a secure remote management module for a software-operated medical device
  9. Long-term recording of electromyographic activity from multiple muscles to monitor physical activity of participants with or without a neurological disorder
  10. Biomechanical investigation of different surgical strategies for the treatment of rib fractures using a three-dimensional human respiratory model
  11. Numerical investigation of complete mandibular dentures stabilized by conventional or mini implants in patient individual models
  12. Reliability and validity of lumbar disc height quantification methods using magnetic resonance images
  13. Designs and performance of three new microprocessor-controlled knee joints
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2025 De Gruyter Brill
Downloaded on 6.10.2025 from https://www.degruyterbrill.com/document/doi/10.1515/bmt-2017-0005/html?lang=en
Scroll to top button