ARGOS policy brief on semantic interoperability

Semantic interoperability requires the use of standards, not only for Electronic Health Record (EHR) data to be transferred and structurally mapped into a receiving repository, but also for the clinical content of the EHR to be interpreted in conformity with the original meanings intended by its authors. Accurate and complete clinical documentation, faithful to the patient’s situation, and interoperability between systems, require widespread and dependable access to published and maintained collections of coherent and quality-assured semantic resources, including models such as archetypes and templates that would (1) provide clinical context, (2) be mapped to interoperability standards for EHR data, (3) be linked to well specified, multi-lingual terminology value sets, and (4) be derived from high quality ontologies. Wide-scale engagement with professional bodies, globally, is needed to develop these clinical information standards

Challenges and Research Directions in Medical Cyber-Physical Systems

Medical cyber-physical systems (MCPS) are lifecritical, context-aware, networked systems of medical devices. These systems are increasingly used in hospitals to provide highquality continuous care for patients. The need to design complex MCPS that are both safe and effective has presented numerous challenges, including achieving high assurance in system software, intoperability, context-aware intelligence, autonomy, security and privacy, and device certifiability. In this paper, we discuss these challenges in developing MCPS, some of our work in addressing them, and several open research issue

Systematic Vulnerability Evaluation of Interoperable Medical Device System using Attack Trees

Security for medical devices has gained some attractions in the recent years following some well- publicized attacks on individual devices, such as pacemakers and insulin pumps. This has resulted in solutions being proposed for securing these devices, usually in stand-alone mode. Medical devices are however becoming increasingly interconnected and interoperable as a way to improve patient safety, decrease false alarms, and reduce clinician cognitive workload. Given the nature of interoperable medical devices (IMDs), attacks on IMDs can have devastating consequences. This work outlines our effort in understanding the threats faced by IMDs, an important first step in eventually designing secure interoperability architectures. A useful way of performing threat analysis of any system is to use attack trees. Attack trees are conceptual, multi-leveled diagrams showing how an asset, or target, might be attacked. They provide a formal, methodical way of describing the threats to a system. Developing attack trees for any system is however non-trivial and requires considerable expertise in identifying the various attack vectors. IMDs are typically deployed in hospitals by clinicians and clinical engineers who may not posses such expertise. We therefore develop a methodology that will enable the automated generation of attack trees for IMDs based on a description of the IMD operational workflow and list of safety hazards that need to be avoided during its operation. Additionally, we use the generated attack trees to quantify the security condition of the IMD instance being analyzed. Both these pieces of information can be provided by the users of IMDs in a care facility. The contributions of this paper are: (1) a methodology for automated generation of attack trees for IMDs using process modeling and hazard analysis, and (2) a demonstration of the viability of the methodology for a specific IMD setup called Patient Controlled Analgesia (PCA- IMD), which is used for delivering pain medication to patients in hospitals

Medical Device Interoperability With Provable Safety Properties

Applications that can communicate with and control multiple medical devices have the potential to radically improve patient safety and the effectiveness of medical treatment. Medical device interoperability requires devices to have an open, standards-based interface that allows communication with any other device that implements the same interface. This will enable applications and functionality that can improve patient safety and outcomes. To build interoperable systems, we need to match up the capabilities of the medical devices with the needs of the application. An application that requires heart rate as an input and provides a control signal to an infusion pump requires a source of heart rate and a pump that will accept the control signal. We present means for devices to describe their capabilities and a methodology for automatically checking an application’s device requirements against the device capabilities. If such applications are going to be used for patient care, there needs to be convincing proof of their safety. The safety of a medical device is closely tied to its intended use and use environment. Medical device manufacturers create a hazard analysis of their device, where they explore the hazards associated with its intended use. We describe hazard analysis for interoperable devices and how to create system safety properties from these hazard analyses. The use environment of the application includes the application, connected devices, patient, and clinical workflow. The patient model is specific to each application and represents the patient’s response to treatment. We introduce Clinical Application Modeling Language (CAML), based on Extended Finite State Machines, and use model checking to test safety properties from the hazard analysis against the parallel composition of the application, patient model, clinical workflow, and the device models of connected devices

Software Safety and Security Risk Mitigation in Cyber-Physical Systems

Cyber-physical systems (CPSs) offer many opportunities but pose many challenges--especially regarding functional safety, cybersecurity, and their interplay, as well as the systems\u27 impact on society. Consequently, new methods and techniques are needed for CPS development and assurance. This article [and issue] aims to address some of these challenges

Bottom-Up Modeling of Permissions to Reuse Residual Clinical Biospecimens and Health Data

Consent forms serve as evidence of permissions granted by patients for clinical procedures. As the recognized value of biospecimens and health data increases, many clinical consent forms also seek permission from patients or their legally authorized representative to reuse residual clinical biospecimens and health data for secondary purposes, such as research. Such permissions are also granted by the government, which regulates how residual clinical biospecimens may be reused with or without consent. There is a need for increasingly capable information systems to facilitate discovery, access, and responsible reuse of residual clinical biospecimens and health data in accordance with these permissions. Semantic web technologies, especially ontologies, hold great promise as infrastructure for scalable, semantically interoperable approaches in healthcare and research. While there are many published ontologies for the biomedical domain, there is not yet ontological representation of the permissions relevant for reuse of residual clinical biospecimens and health data. The Informed Consent Ontology (ICO), originally designed for representing consent in research procedures, may already contain core classes necessary for representing clinical consent processes. However, formal evaluation is needed to make this determination and to extend the ontology to cover the new domain. This dissertation focuses on identifying the necessary information required for facilitating responsible reuse of residual clinical biospecimens and health data, and evaluating its representation within ICO. The questions guiding these studies include: 1. What is the necessary information regarding permissions for facilitating responsible reuse of residual clinical biospecimens and health data? 2. How well does the Informed Consent Ontology represent the identified information regarding permissions and obligations for reuse of residual clinical biospecimens and health data? We performed three sequential studies to answer these questions. First, we conducted a scoping review to identify regulations and norms that bear authority or give guidance over reuse of residual clinical biospecimens and health data in the US, the permissions by which reuse of residual clinical biospecimens and health data may occur, and key issues that must be considered when interpreting these regulations and norms. Second, we developed and tested an annotation scheme to identify permissions within clinical consent forms. Lastly, we used these findings as source data for bottom-up modelling and evaluation of ICO for representation of this new domain. We found considerable overlap in classes already in ICO and those necessary for representing permissions to reuse residual clinical biospecimens and health data. However, we also identified more than fifty classes that should be added to or imported into ICO. These efforts provide a foundation for comprehensively representing permissions to reuse residual clinical biospecimens and health data. Such representation fills a critical gap for developing applications which safeguard biospecimen resources and enable querying based on their permissions for use. By modeling information about permissions in an ontology, the heterogeneity of these permissions at a range of levels (e.g., federal regulations, consent forms) can be richly represented using entity-relationship links and embedded rules of inference and inheritance. Furthermore, by developing this content in ICO, missing content will be added to the Open Biological and Biomedical Ontology (OBO) Foundry, enabling use alongside other widely adopted ontologies and providing a valuable resource for biospecimen and information management. These methods may also serve as a model for domain experts to interact with ontology development communities to improve ontologies and address gaps which hinder successful uptake.PHDNursingUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162937/1/eliewolf_1.pd

Modeling communication network requirements for an integrated clinical environment in the Prototype Verification System

Health care practices increasingly rely on complex technological infrastructure, and new approaches to the integration of information and communication technology in those practices lead to the development of such concepts as integrated clinical environments and smart intensive care units. These concepts refer to hospital settings where therapy relies heavily on inter-operating medical devices, supervised by clinicians assisted by advanced monitoring and co-ordinating software. In order to ensure safety and effectiveness of patient care, it is necessary to specify the requirements of such socio-technical systems in the most rigorous and precise way. This paper presents an approach to the formalization of system requirements for communication networks deployed in integrated clinical environment, based on the higher-order logic language of a theorem-proving environment, the Prototype Verification System