FDA QSR Cybersecurity Audits

Protecting your medical device, the enterprise network and confidential data has really never been easy….but due to all the cyber security attacks….it is only getting harder.

Network defenses are constantly under attack from cyber criminals, hacktivists, and other disgruntled entities. DDoS attacks, malware, botnets, and other threats are becoming more complex and better orchestrated.

Customers hold their providers responsible for not protecting their information. Even a small vulnerability in your network or data center infrastructure can lead to major financial damage and loss of customer loyalty.
You need to design networks that achieve the greatest possible security resilience—the ability to resist attacks and bounce back when one occurs.
This includes:
• Evaluating the performance of new technologies like next-gen firewalls, IPS systems, DDoS mitigation, and the like against the realities of your own network and threat profile
• Validating your overall defenses and processes before deploying and over time
• Addressing new vulnerabilities introduced by virtualization and other major initiatives

It is what you do not know….. that can hurt.

Integra Systems, Inc., and it’s partners can provide FDA QSR Cybersecurity Audits.

These audits can provide guidance and insight needed to meet FDA compliance requirements. They will provide the following:

• An evaluation of the classification of medical devices to identify the appropriate regulations.
• Identify predicate devices that are similar and already have a FDA 510(k) clearance. Then the new device will be evaluated to understand if the security aspects or use model could be based upon the predicate.
• Review in-house FDA compliance, guidance, standards, testing, and other specific requirements needed to claim substantial equivalence to predicate devices.
• Analyze risk mitigation and processes in place.
• Build and maintain a compliance program that satisfies current requirements.
• Provide change internal change process management when standards change.

Integra Systems, Inc. additionally has conducted testing for many medical device companies to include quality of service, security, and RF mitigation to include co-existence testing. We have authored cybersecurity guidance documentation for regulatory submittal for several medical device companies.

See attached the most recent FDA guidance documentation.

Download 1825

Wireless Patient Monitoring - Is WiFi Safe and Reliable?

The HTML link below will allow for registration

Download 131011_Draeger_sponsor_email

The debate is over. From 1999 (when 802.11b got approved….the extended set of 802.11) Integra Systems, Inc., has worked in multiple vertical markets designing mission critical (Department of Defense) and life critical networks.

In 2005, we worked with a major patient monitoring company and designed the first ever “converged” data, voice, video, and real time patient monitoring network. Many in the industry that were strong advocates of WMTS…said it just could not work.

The opinion it seems was not technical; but a business decision to keep moving forward.

It is now 2013 and every infusion device company is using 802.11 for their smart pumps, as well as Sp02 monitoring companies and “every” patient monitoring company (the leading ones), for patient transport monitoring.

The question…then remains why then is WMTS still being sold? One word describes this….interesting.

I think as a CEO of a healthcare system I may want to leverage my current investment in my infrastructure so I could use my savings in capital expenditures to support the EMR for meaningful use; versus spending dollars on proprietary architecture.

Folks also are it seems all over the map in terms of well “we need to have 802.11a” or we “cannot have WiFi” for wireless enabled medical devices. At the end of the day, an application that even is life critical such as patient monitoring; uses a very small amount of bandwidth and can be managed correctly with the right enterprise QoS mechanisms. What is important from the get go is to have the right radio design, the correct roaming algorithms, and right design of the infrastructure and environment to support the application requirements.

Look forward to the upcoming web based event video conference that Integra Systems, Inc. will be presenting next week surrounding all of the aforementioned.

In addition, we will be a moderator and presenter at the upcoming fifth annual Medical Device and Connectivity Conference & Exhibition – November 21-22 in Washington, D.C., as well presenting and moderating at the UBM Wireless Medical Device Conference, December 3-5, San Jose, CA. All presentations and discussions will be surrounding the best practices for testing, design, and deployment.

Please go to www.ixiacom.com the world’s leading networking test and instrument company and download the recently authored “white paper” by Integra Systems, Inc. about the best practices of design, testing, and deployment for a life critical wired and/or wireless medical device application.

Medical Device Connectivity

Collectively in the industry it has been often understood that the term medical device connectivity, simply means a connected medical device. The question remains what is the real definition of medical device connectivity? We are now faced with not only networked medical devices from a wired perspective; but also a wireless perspective. This wireless connectivity has been traditonally thought of as simply 802.11x, or 802.11a/b/g (n,is really not existent or needed at this point for medical device connectivity), or even this term of medical device connectivity could extend also in the case of WMTS (Wireleess Medical Telemetry Service). Others may not understand that this also includes to both the wide area (GSM/CDMA), as well as low power point to point and multi-point connectivity. The low power connectivity area has traditionally thought of as Bluetooth and Zigbee, but are many other RF radios and protocols that provide such connectivity as well. Whatever the wired or wireless protocol; there needs to be a strategic business plan developed for the healthcare end provider market, as the medical device community is bringing more and more of these multi-modality wireless devices into the marketplace. One may ask why is this evolution happening? It is pretty simple, Moores Law. Moores Law describes a long term trend in the history of computing hardware. The number of transitors that can be placed inexpensively on an an integrated circuit doubles approximetely every two years. This trend has continued for more than a half a century and is expected to continue until 2015 or 2020 or later. The pricing of of the technology whatever the means of medical device connectivity (in this case wireless), has been driven down to the affordable commmoditized price point where huge mobility business value can be realized. Add to this really baked out integration of the proper security and quality of service. So what are some of the challenges? First, how to develop a technology roadmap and business plan that will take into context all of the technology solutions and show the true business ROI and risk mitigation model in light of pending IEC 80001. This is exactly the sweet spot where Integra Systems, Inc. can help. We have over the years been in the trenches developing products and solutions for multiple medical device companies on both a low cost (point to point and multi-point), WLAN, and GSM/CDMA solution set. This has included, but has not be limited to also developing all the test plans and protocols as well as testing for an IDE and/or FDA 510k submission. This testing has included RF proximity testing as well ensuring the proper quality of service and security protocols over the enterprise with other life critical data, voice, video, and medical device applications.

LinkedIn Medical Device Connectivity Group

Please see the following link and my response.

http://www.linkedin.com/groupAnswers?viewQuestAndAnswers=&discussionID=54797685&gid=1356777&trk=eml-anet_dig-b_nd-pmt-cn

This has been a debate in the industry for a very long time. "Stay with your monitoring vendor like Philips www.philips.com that you "trust" to go with...or go with a vendor neutral solution.

There is no question that the monitoring vendors have been struggling with third party device connectivity. Trying to keep up with a very dynamic and changing market is where the challenge lies.

And add to device connectivity this is not Philp's main focus - nor should it be because they make very good medical devices.

The other challenge is that the monitoring vendors (not singling out Philips), do not provide all of the available device parameters and alarms required by the enterprise IT systems ---such as EMR's or alarm management systems. This has been one of the major drawbacks of a monitor-central solution for third party device connectivity. If you want to read a good article - here is one written by an independent research company

http://www.capsuletech.com/Collateral/Documents/English-US/MSP%20Industry%20Alert%20article.pdf

Integra Systems Inc as a Healthcare Visionary for Point of Care Connectivity

Integra Systems, Inc. www.integrasystems.org is a forward looking visionary boutique firm firmly implanted in the wireless and medical device space that is based upon two decades of field integration experience. 

 
That will not stop us at nothing to advance the quality of the modern wireless healthcare delivery model.  We have been instrumental at driving this forward looking with vision over five years ago with Anyware Network Solutions, of which now is a part of www.gtri.com. Our original out of the box model was demonstrated with www.draeger.com and OneNet. This is our passion and mission of which is always pushing the envelope to take current technology offerings and to wrap them around perhaps non-proprietary solutions to move decision makers to the next level with the goal to save costs and manage risk.  From this mission as described it is coupled and tested to ensure that all caregivers have the best user experience for the patients and their families. This is as described also saves huge costs and decreases overall risk at the point of care and with medical devices on a wireless or wired network. Separate proprietary medical device networks are legacy. Go to www.linkendin.com for  our full profile. We have completed consulting and design work on a global basis with the leading medical device companies. (patient monitoring, infusion therapy, ventilation/anesthesia) whereby Integra Systems, Inc has been front and center in 2008 and 2009.  www.integrasystems.org  Download Edit Post - Healthcare Wireless and Device Connectivity TypePad Patents pending on RFID and wireless integration point of care devices of which are pending clinical trials will define the new avenue in the point of care space.  Just some messaging to put things into perspective will follow. We certainly can help in this perspective.  www.capsuletech.com of which we (David H. Hoglund) share a combined IP through a licensing agreement.

" The Pain in life Happens. It may last a minute, or an hour, or a day, or a year, but eventually  it will subside and something else will take it's place. If I quit, it lasts forever." Lance Armstrong. http://www.lssmn.org/

The message is:  "Just keep on a going"

What do you think is at present and forward looking; do you think that the days of proprietary medical device networks are over..why or why not?

Why should a hospital install a separate WMTS telemetry system, a separate stand alone patient monitoring network?  Why not converge them onto a single enterprise designed and managed WLAN?

How is the risk lowered by using enterprise tools for design and management?

Who is going to be responsible for the management of a life critical network if enterprise management tools cannot be used?

A goal here as described is to provide and enable the healthcare enterprise to provide the quality of healthcare wireless experience in a proactive fashion for 2009 and beyond that everybody needs.

Wi-Fi Pacemaker Reuters Article

I could not help read this article by Ben Gruber on Monday August 10 and make a comment.  It alludes to the fact (actually states), that the wireless pacemaker made by St. Jude Medical of which was approved in July uses Wi-Fi.  This is incorrect.  The actual Merlin Home Monitoring System uses the Medical Implant Communication Service (MICS), at 402-405 MHz. The FCC pentioned this in 1988, and was allocated in 1999.  Spending a few years in cardiac pacing, this is a huge advantage for patients and followup that is desired. Saves trips to the office to have the interrogation of the device and to validate battery longevity.

Download ConnectivityFactSheet

Download ConnectivityStatsSheet