Potential Advantages of Applying Assurance Case Modeling to Requirements Engineering for Interoperable Medical Device Systems

This poster describes our initial work in applying assurance cases to the requirements engineering processes necessary in building interoperable medical device systems

Foundations for Safety-Critical on-Demand Medical Systems

In current medical practice, therapy is delivered in critical care environments (e.g., the ICU) by clinicians who manually coordinate sets of medical devices: The clinicians will monitor patient vital signs and then reconfigure devices (e.g., infusion pumps) as is needed. Unfortunately, the current state of practice is both burdensome on clinicians and error prone. Recently, clinicians have been speculating whether medical devices supporting ``plug & play interoperability\u27\u27 would make it easier to automate current medical workflows and thereby reduce medical errors, reduce costs, and reduce the burden on overworked clinicians. This type of plug & play interoperability would allow clinicians to attach devices to a local network and then run software applications to create a new medical system ``on-demand\u27\u27 which automates clinical workflows by automatically coordinating those devices via the network. Plug & play devices would let the clinicians build new medical systems compositionally. Unfortunately, safety is not considered a compositional property in general. For example, two independently ``safe\u27\u27 devices may interact in unsafe ways. Indeed, even the definition of ``safe\u27\u27 may differ between two device types. In this dissertation we propose a framework and define some conditions that permit reasoning about the safety of plug & play medical systems. The framework includes a logical formalism that permits formal reasoning about the safety of many device combinations at once, as well as a platform that actively prevents unintended timing interactions between devices or applications via a shared resource such as a network or CPU. We describe the various pieces of the framework, report some experimental results, and show how the pieces work together to enable the safety assessment of plug & play medical systems via a two case-studies

Medical Device Interoperability With Provable Safety Properties

Applications that can communicate with and control multiple medical devices have the potential to radically improve patient safety and the effectiveness of medical treatment. Medical device interoperability requires devices to have an open, standards-based interface that allows communication with any other device that implements the same interface. This will enable applications and functionality that can improve patient safety and outcomes. To build interoperable systems, we need to match up the capabilities of the medical devices with the needs of the application. An application that requires heart rate as an input and provides a control signal to an infusion pump requires a source of heart rate and a pump that will accept the control signal. We present means for devices to describe their capabilities and a methodology for automatically checking an application’s device requirements against the device capabilities. If such applications are going to be used for patient care, there needs to be convincing proof of their safety. The safety of a medical device is closely tied to its intended use and use environment. Medical device manufacturers create a hazard analysis of their device, where they explore the hazards associated with its intended use. We describe hazard analysis for interoperable devices and how to create system safety properties from these hazard analyses. The use environment of the application includes the application, connected devices, patient, and clinical workflow. The patient model is specific to each application and represents the patient’s response to treatment. We introduce Clinical Application Modeling Language (CAML), based on Extended Finite State Machines, and use model checking to test safety properties from the hazard analysis against the parallel composition of the application, patient model, clinical workflow, and the device models of connected devices

Software Perfomance Assessment at Architectural Level: A Methodology and its Application

Las arquitecturas software son una valiosa herramienta para la evaluación de las propiedades cualitativas y cuantitativas de los sistemas en sus primeras fases de desarrollo. Conseguir el diseño adecuado es crítico para asegurar la bondad de dichas propiedades. Tomar decisiones tempranas equivocadas puede implicar considerables y costosos cambios en un futuro. Dichas decisiones afectarían a muchas propiedades del sistema, tales como su rendimiento, seguridad, fiabilidad o facilidad de mantenimiento. Desde el punto de vista del rendimiento software, la ingeniería del rendimiento del software (SPE) es una disciplina de investigación madura y comúnmente aceptada que propone una evaluación basada en modelos en las primeras fases del ciclo de vida de desarrollo software. Un problema en este campo de investigación es que las metodologías hasta ahora propuestas no ofrecen una interpretación de los resultados obtenidos durante el análisis del rendimiento, ni utilizan dichos resultados para proponer alternativas para la mejora de la propia arquitectura software. Hasta la fecha, esta interpretación y mejora requiere de la experiencia y pericia de los ingenieros software, en especial de expertos en ingeniería de prestaciones. Además, a pesar del gran número de propuestas para evaluar el rendimiento de sistemas software, muy pocos de estos estudios teóricos son posteriormente aplicados a sistemas software reales. El objetivo de esta tesis es presentar una metodología para el asesoramiento de decisiones arquitecturales para la mejora, desde el punto de vista de las prestaciones, de las sistemas software. La metodología hace uso del Lenguaje Unificado de Modelado (UML) para representar las arquitecturas software y de métodos formales, concretamente redes de Petri, como modelo de prestaciones. El asesoramiento, basado en patrones y antipatrones, intenta detectar los principales problemas que afectan a las prestaciones del sistema y propone posibles mejoras para mejoras dichas prestaciones. Como primer paso, estudiamos y analizamos los resultados del rendimiento de diferentes estilos arquitectónicos. A continuación, sistematizamos los conocimientos previamente obtenidos para proponer una metodología y comprobamos su aplicabilidad asesorando un caso de estudio real, una arquitectura de interoperabilidad para adaptar interfaces a personas con discapacidad conforme a sus capacidades y preferencias. Finalmente, se presenta una herramienta para la evaluación del rendimiento como un producto derivado del propio ciclo de vida software

Risk Assessment Framework for Evaluation of Cybersecurity Threats and Vulnerabilities in Medical Devices

Medical devices are vulnerable to cybersecurity exploitation and, while they can provide improvements to clinical care, they can put healthcare organizations and their patients at risk of adverse impacts. Evidence has shown that the proliferation of devices on medical networks present cybersecurity challenges for healthcare organizations due to their lack of built-in cybersecurity controls and the inability for organizations to implement security controls on them. The negative impacts of cybersecurity exploitation in healthcare can include the loss of patient confidentiality, risk to patient safety, negative financial consequences for the organization, and loss of business reputation. Assessing the risk of vulnerabilities and threats to medical devices can inform healthcare organizations toward prioritization of resources to reduce risk most effectively. In this research, we build upon a database-driven approach to risk assessment that is based on the elements of threat, vulnerability, asset, and control (TVA-C). We contribute a novel framework for the cybersecurity risk assessment of medical devices. Using a series of papers, we answer questions related to the risk assessment of networked medical devices. We first conducted a case study empirical analysis that determined the scope of security vulnerabilities in a typical computerized medical environment. We then created a cybersecurity risk framework to identify threats and vulnerabilities to medical devices and produce a quantified risk assessment. These results supported actionable decision making at managerial and operational levels of a typical healthcare organization. Finally, we applied the framework using a data set of medical devices received from a partnering healthcare organization. We compare the assessment results of our framework to a commercial risk assessment vulnerability management system used to analyze the same assets. The study also compares our framework results to the NIST Common Vulnerability Scoring System (CVSS) scores related to identified vulnerabilities reported through the Common Vulnerability and Exposure (CVE) program. As a result of these studies, we recognize several contributions to the area of healthcare cybersecurity. To begin with, we provide the first comprehensive vulnerability assessment of a robotic surgical environment, using a da Vinci surgical robot along with its supporting computing assets. This assessment supports the assertion that networked computer environments are at risk of being compromised in healthcare facilities. Next, our framework, known as MedDevRisk, provides a novel method for risk quantification. In addition, our assessment approach uniquely considers the assets that are of value to a medical organization, going beyond the medical device itself. Finally, our incorporation of risk scenarios into the framework represents a novel approach to medical device risk assessment, which was synthesized from other well-known standards. To our knowledge, our research is the first to apply a quantified assessment framework to the problem area of healthcare cybersecurity and medical networked devices. We would conclude that a reduction in the uncertainty about the riskiness of the cybersecurity status of medical devices can be achieved using this framework

The Second International Conference on Health Information Technology Advancement

TABLE OF CONTENTS I. Message from the Conference Co-Chairs B. Han and S. Falan …………………………....….……………. 5 II. Message from the Transactions Editor H. Lee …...………..………….......………….……….………….... 7 III. Referred Papers A. Emerging Health Information Technology and Applications The Role of Mobile Technology in Enhancing the Use of Personal Health Records Mohamed Abouzahra and Joseph Tan………………….……………. 9 Mobile Health Information Technology and Patient Care: Methods, Themes, and Research Gaps Bahae Samhan, Majid Dadgar, and K. D. Joshi…………..…. 18 A Balanced Perspective to Perioperative Process Management Jim Ryan, Barbara Doster, Sandra Daily, and Carmen Lewis…..….…………… 30 The Impact of Big Data on the Healthcare Information Systems Kuo Lane Chen and Huei Lee………….…………… 43 B. Health Care Communication, Literacy, and Patient Care Quality Digital Illness Narratives: A New Form of Health Communication Jofen Han and Jo Wiley…..….……..…. 47 Relationships, Caring, and Near Misses: Michael’s Story Sharie Falan and Bernard Han……………….…..…. 53 What is Your Informatics Skills Level? -- The Reliability of an Informatics Competency Measurement Tool Xiaomeng Sun and Sharie Falan.….….….….….….…. 61 C. Health Information Standardization and Interoperability Standardization Needs for Effective Interoperability Marilyn Skrocki…………………….…….………….… 76 Data Interoperability and Information Security in Healthcare Reid Berryman, Nathan Yost, Nicholas Dunn, and Christopher Edwards.…. 84 Michigan Health Information Network (MiHIN) Shared Services vs. the HIE Shared Services in Other States Devon O’Toole, Sean O’Toole, and Logan Steely…..……….…… 94 D. Health information Security and Regulation A Threat Table Based Approach to Telemedicine Security John C. Pendergrass, Karen Heart, C. Ranganathan, and V.N. Venkatakrishnan …. 104 Managing Government Regulatory Requirements for Security and Privacy Using Existing Standard Models Gregory Schymik and Dan Shoemaker…….…….….….… 112 Challenges of Mobile Healthcare Application Security Alan Rea………………………….……………. 118 E. Healthcare Management and Administration Analytical Methods for Planning and Scheduling Daily Work in Inpatient Care Settings: Opportunities for Research and Practice Laila Cure….….……………..….….….….… 121 Predictive Modeling in Post-reform Marketplace Wu-Chyuan Gau, Andrew France, Maria E. Moutinho, Carl D. Smith, and Morgan C. Wang…………...…. 131 A Study on Generic Prescription Substitution Policy as a Cost Containment Approach for Michigan’s Medicaid System Khandaker Nayeemul Islam…….…...……...………………….… 140 F. Health Information Technology Quality Assessment and Medical Service Delivery Theoretical, Methodological and Practical Challenges in Designing Formative Evaluations of Personal eHealth Tools Michael S. Dohan and Joseph Tan……………….……. 150 The Principles of Good Health Care in the U.S. in the 2010s Andrew Targowski…………………….……. 161 Health Information Technology in American Medicine: A Historical Perspective Kenneth A. Fisher………………….……. 171 G. Health Information Technology and Medical Practice Monitoring and Assisting Maternity-Infant Care in Rural Areas (MAMICare) Juan C. Lavariega, Gustavo Córdova, Lorena G Gómez, Alfonso Avila….… 175 An Empirical Study of Home Healthcare Robots Adoption Using the UTUAT Model Ahmad Alaiad, Lina Zhou, and Gunes Koru.…………………….….………. 185 HDQM2: Healthcare Data Quality Maturity Model Javier Mauricio Pinto-Valverde, Miguel Ángel Pérez-Guardado, Lorena Gomez-Martinez, Martha Corrales-Estrada, and Juan Carlos Lavariega-Jarquín.… 199 IV. A List of Reviewers …………………………..…….………………………208 V. WMU – IT Forum 2014 Call for Papers …..…….…………………20

Supporting model based safety and security assessment of high assurance systems

Doctor of PhilosophyDepartment of Computer ScienceJohn M HatcliffModern embedded systems are more complex than ever due to intricate interaction with the physical world in a system environment and sophisticated software in a resource-constrained context. Cyber attacks in software-reliant and networked safety-critical systems lead to consideration of security aspects from the system’s inception. Model-Based Development (MBD) is one approach that has been an effective development practice because of the abstraction mechanism that hides the complicated lower-level details of software and hardware components. Standards play an essential role in embedded development to ensure the safety of the users and environment. In safety-critical domains like avionics, automotive, and medical devices, standards provide best practices and consistent approaches across the community. The Analysis and Design Language (AADL) is a standardized modeling language that includes patterns that reflect best architectural practices inspired by multiple safety-critical domains. The work described in this dissertation comprises numerous contributions that support a model analysis framework for AADL that aims to help developers design and assure safety and security requirements and demonstrate system conformance to specific categories of standards. This first contribution is Awas - an open-source framework for performing reachability analysis on AADL models annotated with information flow annotations at varying degrees of detail. The framework provides highly scalable interactive visualizations of flows with dynamic querying capabilities. Awas provide a simple domain-specific language to ease posing various queries to check information flow properties in the model. The second contribution is a process for integrating risk management tasks of ISO 14971 - the primary risk management standard in the medical device domain — with AADL modeling, specifically with AADL’s error modeling (EM) of fault and error propagations. This work uses an open-source patient-controlled analgesic (PCA) pump - the largest open-source AADL model to illustrate the integration of risk management process with AADL and provides the first mapping of AADL EM to ISO 14971 concepts. It also provides industry engineers, academic researchers, and regulators with a complex example that can be used to investigate methodologies and methods of integrating MBD and risk management. The third contribution is a technique to model and analyze security properties such as confidentiality, authentication, and resource partitioning within AADL models. This effort comprises an AADL annex language to model multi-level security domains along with classification of system elements and data using those domains and a tool to infer security levels and check information leaks. The annex language and the tools are evaluated and integrated into the AADL development environment for a seamless workflow

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India