While “share the love” may serve as the theme song for many charitable organizations and hippie retailers, “share the data” may be the new rallying cry for the previously closed, unyielding health care industry.
The ability to seamlessly share data across an often uncoordinated network of disparate medical devices and systems is a significant concern in the health care field that is becoming more palpable with the emergence of Electronic Medical Records (EMRs) and Electronic Health Records (EHRs). As some EHR vendors are promoting standards to exchange clinical data among providers and policymakers are calling for a roadmap to advance health IT interoperability, the industry is recognizing the need to collaborate on a consistent framework for communicating patient data.
The task of changing workflows in an industry that still runs on fax machines and paper forms isn’t an easy undertaking. The health care sector, under the compulsion of long and rigorous FDA regulations, uses legacy systems, which are not built to share. Whether old or relatively new, many of these systems – both hardware and software – were purposely built as proprietary rather than open platforms, says Mike Cioffi, security architect at McAfee Embedded Security.
“These systems don’t talk to each other, so standardized data sharing is a huge challenge,” Cioffi says. “New business intelligence solutions are trying to solve this with software that can pull data in from the disparate systems and try to amalgamate different data from the silos into one view for analyzing, but that is not resolving the fact that the data is still not standardized.”
Even though some health IT standards exist today, such as those developed by Health Level Seven International (HL7), earlier versions allowed customizable fields that manufacturers took advantage of by adding optimizations for their own systems, making them custom products that are not necessarily interoperable with other systems, Cioffi says.
In addition to requiring standardized methods for data exchange, the push for interoperability in health care demands that data be unlocked for health professionals to share information, thus creating an opening for security breaches.
“If the data could be kept point-to-point or in a single private network, the problem with security, it could be argued, could be solved the way it always has been,” Cioffi says. “But once this data must leave the private network to get to a common database, then both the data and network are exposed to external forces.”
The challenges to achieving medical data interoperability must be solved by different teams in the health care ecosystem with the help of organizations such as IEEE, IHE, American Society for Testing and Materials (ASTM), and Healthcare Information Technology Standards Panel (HITSP) supporting various standards, Cioffi asserts. Furthermore, a governance council and data czar are needed to guide the integration of clinical data, which would help streamline communication among health care providers, reduce costs for resources, and improve outcome metrics success and thus patient care and satisfaction, he says.
Another solution for integrating medical data shared among dissimilar technology platforms is to move all this data to the cloud.
“The cloud can improve interoperability by having translators between the formats described by various standards, then supplying it to various EMRs,” Cioffi says. “Providing a safe and consistent place for data at rest could also be an advantage.”
While the cloud promises to increase interoperability among medical systems, it does not protect the systems or data being exchanged, so embedded designers must take precautions such as whitelisting to secure their medical designs from potential attacks, Cioffi says. Software solutions such as McAfee Embedded Control lock down the system and address HIPAA and FDA requirements for privacy and auditable control by preventing unauthorized code from running and ensuring that software changes only happen via authorized mechanisms. The platform can help maintain medical systems in a known predictable state while securing them from external or internal threats, reducing operation costs by eliminating the need for emergency patching.
To further increase the robustness of medical systems, embedded developers can leverage Intel® Virtualization Technology (Intel® VT), which accelerates the transfer of platform control between guest Operating Systems (OSs) and a Virtual Machine Manager (VMM) or hypervisor. Utilizing Intel® VT in a medical system design allows several OSs to be run so that various modalities can be separated and consequently be less susceptible to attack, given that two or more OSs have to be defeated versus just one OS, Cioffi says. Intel® Trusted Execution Technology (Intel® TXT) can also make medical systems safer by generating a root of trust, he adds. Trusted compute pools with Intel® TXT can protect medical data in the cloud from attacks toward hypervisor and other pre-launch software components.
Moving medical data to the cloud to achieve greater health care system interoperability necessarily requires effective cloud security solutions for protecting data and the overall infrastructure. Read this paper to learn how Intel and McAfee are working together to secure the entire server stack for cloud computing, from the underlying silicon and hardware through the hypervisor, OS, and applications. And tune in to this upcoming webcast to hear how several embedded technology manufacturers are tackling the challenges of advancing standards and interoperability in the health care field.
To learn more about delivering quality health care with secure devices, see intel.com/go/embedded-medical.
For more on securing connected devices, see intel.com/go/embedded-security.
OpenSystems Media®, by special arrangement with Intel® Intelligent Systems Alliance
McAfee is an Associate member of the Intel® Intelligent Systems Alliance.