Point of Care (PoC) devices and systems can be categorized into three broad
classes (CAT 1, CAT 2, and CAT 3) based on the context of operation and
usage. In this paper, the categories are defined to address certain usage models
of the PoC device. PoC devices that are used for PoC testing and diagnostic
applications are defined CAT 1 devices; PoC devices that are used for patient
monitoring are defined as CAT 2 devices (PoCM); PoC devices that are used
for as interfacing with other devices are defined as CAT 3 devices (PoCI). The
PoCI devices provide an interface gateway for collecting and aggregating data
from other medical devices. In all categories, data security is an important aspect.
This paper presents a security framework concept, which is applicable
for all of the classes of PoC operation. It outlines the concepts and security
framework for preventing security challenges in unauthorized access to data,
unintended data flow, and data tampering during communication between
system entities, the user, and the PoC system. The security framework includes
secure layering of basic PoC system architecture, protection of PoC devices
in the context of application and network. Developing the security
framework is taken into account of a thread model of the PoC system. A proposal
for a low-level protocol is discussed. This protocol is independent of
communications technologies, and it is elaborated in relation to providing
security. An algorithm that can be used to overcome the threat challenges has
been shown using the elements in the protocol. The paper further discusses
the vulnerability scanning process for the PoC system interconnected network.
The paper also presents a four-step process of authentication and authorization
framework for providing the security for the PoC system. Finally,
the paper concludes with the machine to machine (M2M) security viewpoint
and discusses the key stakeholders within an actual deployment of the PoC
system and its security challenges