MEDICALDEVICESYSTEMSANDBLUETOOTH®WIRELESS
TECHNOLOGY:OPPORTUNITIESANDCHALLENGES
MakingMedicalDevicesWirelessintheDigitalHealthAge:Issues,Risks,andPracticalAdvice
BillSaltzstein
CodeBlueConsulting
Outline
• Bluetooth®wirelesstechnologyintroduction• Bluetoothbenefitsformedicalsystems• TheMedicalInternetofThings• Bluetoothcoexistence• Bluetoothsecurity• Bluetoothmedicaldeviceregulatory
07/18/18 IEEE2018EMBSconference 2
BluetoothisaregisteredtrademarkoftheBluetoothSIG,Inc.
Bluetoothwirelesstechnologyintroduction
• Provides connectivity for all mobile platforms • Ubiquitous • Low power • Low cost • Audio & Data transports • Good range – typically 50 feet connection to iPhone/Android
• Operates well (cooperates) in RF noisy/crowded environments • Fast 2.4 GHz FHSS radio (Frequency Hopping Spread Spectrum) • Adaptive Frequency Hopping • Error detection, retransmission, error correction
• Bluetooth 4.0 added Bluetooth low energy transport • Greatly improved cost/power (CFR2032 coin cell operation) • Lower data rates, (100’s of Kbps à 1 Mbps) • Greatly simplified communications stack • Flexibility for custom services & profiles • Beacons • Mesh
07/18/18 IEEE2018EMBSconference 3
TheBluetoothlowenergytechnologybasics
• 2.4(–2.485)GHz,FrequencyHoppingSpreadSpectrumtechnology• 40discretechannels,2MHzwide,psuedo-randomhoppingsequence(1600
hops/second)• DedicatedAdvertisingchannels• Adaptivefrequencyhopping(AFH)forcoexistence/interference• 10dBMmaximumpoweroutput;increasedforBT5• ~50metersdependingonplatform/implementation• ~100Kbpsrealizablethroughputdependingonplatform/implementation
07/18/18 IEEE2018EMBSconference 4
Bluetoothbenefitsformedicalsystems
• Ubiquitoussupport–itiseverywhere
• ExcellentcoexistencewithWiFi
• Lowcost,lowpoweroperationenablesmobileandwearabledevicesandsystems
• Firsthoptothecloud• PersonalAreaNetwork• MedicalInternetofThings
07/18/18 IEEE2018EMBSconference 5
• BluetoothlowenergyGenericAccessProfile(GAP)specifiesadvertiser/scannertoestablishconnections
• Anadvertisementcanputoutanyinformationanddoesn’trequireconnection
• Abeaconisastructuredadvertisement– Undirectedbroadcastofdata– ThinkUDPascontrastedwithTCP
• Twoad-hocstandardshaveevolved– iBeacon-iOS– Eddystone–Google/Android
Beacons
07/18/18 IEEE2018EMBSconference 6
Bluetoothmesh1.0• Version1.0usesadvertisingandrepeaters• “Flood”network• Doesn’trequireBluetooth5
a
b
jc
d
f
h
i
g
ka
b
jc
d
f
h
i
g
k
Edgerouter
Edgerouter
IPbackbone
07/18/18 IEEE2018EMBSconference 7
Bluetooth5• Releasedattheendof2016• Longrange
– Upto4x(~200meters)– Tradeoff:lowerspeed– Alsohigherreliability…
• Highspeed– Samepower– Tradeoff:reducedrange
• Increasedadvertisingcapability– Morebroadcastdata– Advertisingondatachannelstoreducecongestion– Chaining– Periodicadvertising
• Additionalcoexistencemeasures• Alloftheaboveareoptionalandarenegotiatedafterconnectionforbackwards
compatibility
07/18/18 IEEE2018EMBSconference 8
TheMedicalInternetofThingsArchitecture
Wearable:Sensors,Button,LEDs,
Rxdelivery Usage,data
Settings,Software
Patientinfo,data
Settings,Software
AI(coaching)
Usedata
EHR
Real-timePersonalCoaching/Analytics
Billing
07/18/18 IEEE2018EMBSconference
Short-range Long-range
Enterprise
AdaptedfromChronoTherapeuticssmokingcessationsolution(investigational)
Thisslidehasnotbeenreviewedorapprovedbytherespectivemanufacturer.Informationpresentedutilizespubliclyavailableinformation,butmayalsoincludefeaturesthatareincludedforillustrationbythispresenter,andarenotpartoftheactualsystem.
9
MobileorFixedgateway
InsertableCardiacMonitor• AbbottConfirm™RXICM• “Theworld’sfirstsmartphone-compatibleICM”• FDAclearedOctober,2017
07/18/18 IEEE2018EMBSconference
Thisslidehasnotbeenreviewedorapprovedbytherespectivemanufacturer.Informationpresentedutilizespubliclyavailableinformation,butmayalsoincludefeaturesthatareincludedforillustrationbythispresenter,andarenotpartoftheactualsystem.
10
Bluetoothcoexistencemechanisms
• FrequencyHoppingSpreadSpectrum(FHSS)• AdaptiveFrequencyHopping(AFH)• Errorhandling
– Detection– Packetretransmission– ForwardErrorCorrection
07/18/18 IEEE2018EMBSconference 11
Bluetooth-specificcybersecurity
• Security/authenticationwithoutphysicalconnection– Spoof/mimicdataconnections– Eavesdropping
• ManinTheMiddle(MTM)attacks(especiallyduringpairing)
• OverTheAir(OTA)upgrades• Settingchanges• Advertisingpromiscuously
IEEE2018EMBSconference07/18/18 12
Bluetoothsecurityfeatures• FHSSinherentlydesignedtominimizeeavesdropping(butthatwasfor
WWII)• Pairingandbondingmodesdependingonrequirementsanduserinterface
– Notethatold-stylePINhasbeendeprecatedandshouldnotbeusedinnewdevices
• Caution:“Justworks”modeisavailablewithnoencryptionorauthentication
• 128-bitAESforencryption,severalmethods/meansforauthentication• Modeandleveldefinitionallowsforappropriateimplementations
– SecurityMode1Level4:strongestincludingauthenticatedlowenergySecureConnectionspairing&EllipticCurveDiffie-Hellman(ECDH)basedencryption
– SecurityMode1Level3requiresauthenticatedpairing&encryptionbutdoesnotuseECDH-basedcryptographyandprovideslimitedeavesdroppingprotectionduetoweakencryption
– Othersecuritymodes/levelsallowunauthenticatedpairing(meaningnoMITMprotectionisprovidedduringcryptographickeyestablishment)
– Somemodes/levelsdonotrequireanysecurityatall• Itisessentialtoperformappropriatecybersecurityandriskanalysisand
implementandtestappropriately07/18/18 IEEE2018EMBSconference 13
Cybersecurityrecommendations• UseBluetooth4.2andlater• Securitybydesign,notobfuscation
– End-to-endsolution,bothconnectivityandatrest– DesignforCybersecurity– DesignforPrivacy
• Limitinformation:don’texchangeunnecessarydata• Limitvulnerabilities
– Limittimeandaccessibility• Pairing• Securitykeyexchanges
– Don’tuseunnecessaryprofiles– Setandenforcepolicies
• Don’tadvertisepromiscuously
07/18/18 IEEE2018EMBSconference 14
• Medicalregulatoryrequirements– USFDA– EUMedicalDeviceRegulation(andwhatabouttheUK?)– Othercountries/regionspermarketing
• Wirelessstandardsbodies– BluetoothSIG–legalrequirement– NoIEEEformalapproval(IEEE802.15.1)
• Radioregulators-required– FCC–US
• SARforpatient-worndevices)– IC–Canada– EU–ETSI,R&TTE– Japan–MIC– Othercountries/regionspermarketing
07/18/18 IEEE2018EMBSconference 15
The3groupsofregulators
– Interoperabilityisadual-edgesword• Marketdominance• Regulatoryscope
– AAMI–primarilyforin-hospitaldevices– BluetoothSIGprofiles
• BluetoothTranscodingWhitepaper• Health/medicalprofiles–usethemifyouwish• WithBluetoothlowenergyyoucanmakeyourown
– ContinuaAlliance?– FHIR,HL7,…ifutilized
07/18/18 IEEE2018EMBSconference 16
…andthe4thgroup:“interoperability”
• Safetyandefficacyfortheintendeduseintheintendedenvironment(s)
• Interference&Coexistence– Ad-hoctestingbasedonenvironmentforIntendedUse– RFGuidancedocumentsandindustrystandards
• Latency&Throughput– Considerdegradationagainbasedonenvironment
• Cybersecurity• NIST• Referencesattheendofthispresentation
07/18/18 IEEE2018EMBSconference 17
Regulatoryconsiderations
Summary
• Bluetoothwirelesstechnologyprovidesanexcellentcommunicationsmethodformedicaldevicesandsystems
• Aswithallwirelesstechnologiesspecification,design,implementation,andtestingarekeyelements
07/18/18 IEEE2018EMBSconference 18
Contactinformation
BillSaltzsteinCodeBlueConsulting
425-442-5854
07/18/18 IEEE2018EMBSconference 19
SelectedCybersecurityReferences• HealthcareIndustryCybersecurityTaskForcereport
– https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf• GuidanceforIndustry-CybersecurityforNetworkedMedicalDevicesContainingOff-the-Shelf(OTS)Software
– http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077823.pdf• ContentofPremarketSubmissionsforManagementofCybersecurityinMedicalDevices
– http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM356190.pdf• PostmarketManagementofCybersecurityinMedicalDevices
– http://www.fda.gov/downloads/medicaldevices/deviceregulationandguidance/guidancedocuments/ucm482022.pdf• NIST:CybersecurityPracticeGuide,SpecialPublication1800-1:"SecuringElectronicHealthRecordsonMobile
Devices”– https://nccoe.nist.gov/projects/use_cases/health_it/ehr_on_mobile_devices
• NIST:GuidetoBluetoothSecurity– http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-121r1.pdf
• ISO14971:2007Medicaldevices--Applicationofriskmanagementtomedicaldevices– http://www.iso.org/iso/catalogue_detail?csnumber=38193
• HHS:YourMobileDeviceandHealthInformationPrivacyandSecurity– https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security
• Archimedes–AnnArborResearchCenterforMedicalDeviceSecurity– https://secure-medicine.org
• BITAG:InternetofThings(IoT)SecurityandPrivacyRecommendations– http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf
07/18/18 20IEEE2018EMBSconference
AdditionalFDAguidance• FDAlandingpageforDigitalHealth
– http://www.fda.gov/medicaldevices/digitalhealth/• GeneralWellness:PolicyforLowRiskDevices
– https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm429674.pdf• MobileMedicalApplications
– http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM263366.pdf
• MedicalDeviceDataSystems,MedicalImageStorageDevices,andMedicalImageCommunicationsDevices– http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM401996.pdf
• RadioFrequencyWirelessTechnologyinMedicalDevices– ohttp://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm077272.pdf
• SoftwareasaMedicalDevice(SAMD):ClinicalEvaluation– https://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM524904.pdf
• ClinicalandPatientDecisionSupportSoftware(draft)– https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm587819.pdf
• ChangestoExistingMedicalSoftwarePoliciesResultingfromSection3060ofthe21stCenturyCuresAct(draft)– https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm587820.pdf
• GuidanceforIndustry,FDAReviewersandComplianceonOff-The-ShelfSoftwareUseinMedicalDevices– http://www.fda.gov/downloads/MedicalDevices/.../ucm073779.pdf
• Enforcementdiscretion– http://www.fda.gov/MedicalDevices/DigitalHealth/MobileMedicalApplications/ucm368744.htm
• DecidingWhentoSubmita510(k)foraSoftwareChangetoanExistingDevice– https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm514737.pdf
• DesignConsiderationsandPre-marketSubmissionRecommendationsforInteroperableMedicalDevices– https://www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482649.pdf
07/18/18 IEEE2018EMBSconference 21
AAMI• TIR57:Principlesformedicaldevicesecurity—Riskmanagement– https://standards.aami.org/kws/public/projects/project/details?project_id=876
• TIR69:RiskAssessmentofradio-frequencywirelesscoexistenceformedicaldevicesandsystems– https://standards.aami.org/kws/public/projects/project/details?project_id=1114
• ANSIC63.27-2017:AmericanNationalStandardforEvaluationofWirelessCoexistence– https://standards.ieee.org/findstds/standard/C63.27-2017.html
07/18/18 IEEE2018EMBSconference 22
• Transcoding(andother)Whitepapers:– https://www.bluetooth.com/develop-with-bluetooth/white-papers
• Bluetooth5Standard:– https://www.bluetooth.com/specifications/bluetooth-core-specification
07/18/18 IEEE2018EMBSconference
BluetoothSIG
23
Acronyms(googlefordefinitions/information)
• AFH–AdaptiveFrequencyHopping• BLE–Bluetoothlowenergy• BR/EDR–BasicRateorEnhancedDataRate(SeeBluetoothspecifications)• FHSS–FrequencyHoppingSpreadSpectrumradiotransport• ISM–Industrial,Scientific,andMedical:frequencybandsallocatedbythe
FCC• LAN–LocalAreaNetwork:IEEE802.3• MBAN–MedicalBodyAreaNetwork• MDDS–MedicalDeviceDataSystem(seeReferencesection)• NFC–NearFieldCommunications• PHI–ProtectedHealthInformation• SIG–SpecialInterestGroup,inthiscasetheBluetoothSIG• WiFi–WirelessFidelity:IEEE802.11specifications• ZigBee–WirelessstandardfromtheZigBeeAlliance,basedonIEEE
802.15.4
07/18/18 IEEE2018EMBSconference 24
Top Related