A ‘building code’ for building secure code in medical devices

Carl Landwehr portrait

Carl Landwehr

Last month, a broad mix of experts convened by THaW researcher Carl Landwehr convened in New Orleans to begin drafting a “building code” for medical-device software.  They’ve just released their report, and there is already talk about taking some of these ideas into the various standards bodies. Check out their report and feel free to leave comments on their site.  — dave

THaW at the mHealth Privacy & Security Symposium

Perhaps the largest annual event related to mHealth is the mHealth Summit, held near Washington DC.  Today, the summit kicked off with a Privacy & Security Symposium, including a panel on Medical Device Security anchored by both Kevin Fu and Darren Lacey from the THaW team.  Kevin, Darren and the other panelists spoke about some of the security concerns that medical devices pose for patients, clinicians, and hospitals.  The audience brought together a broad mix of medical practitioners, device and software vendors, security professionals, and computer scientists.

photo of the panelists

Kevin Fu and Darren Lacey at the center of a panel session at the mHealth Summit.

THaW leads panel at Grace Hopper Conference

Two THaW researchers led a panel on designing mobile and wearable devices for health and wellness at the Grace Hopper Conference in Phoenix, Arizona on October 10th, 2014. The panel was co-hosted by Dr. Klara Nahrstedt (THaW Co-PI and Professor of Computer Science at UIUC), and Aarathi Prasad (Ph.D. Candidate at Dartmouth College). Panelists included Ruzena Bajcsy (Professor of EECS at UC Berkeley), Jung Ook Hong (research scientist at Fitbit), and Janet Campbell (product lead at Epic). The panel discussed issues related to usability, security, and privacy that mobile and wearable health and wellness application developers should be aware of. Jung discussed the effect that data presentation has on user’s behavior; for example, users are more likely to take 10,000 steps than 8,000 steps because they receive an encouraging message to take a few more steps to cross the daily 10,000 step-count goal. Ruzena talked about the challenges faced by elderly users of mHealth technologies, such as small fonts and complicated buttons on a device. Klara presented the security and privacy issues that arise when people use mobile and wearable health and wellness devices and discussed the different THaW projects briefly. Finally, Janet talked about the issues of sending data to an EHR, such as identifying the patient whose data is in the EHR.

photo of 5 panelists

Jung Ook Hong, Klara Nahrstedt, Ruzena Bajcsy, Janet Campbell, Aarathi Prasad

 

Amulet project launched

We are pleased to announce that NSF CNS has awarded three years of funding for the Computational Jewelry for Mobile Health project, which complements many of the projects in the Trustworthy Health and Wellness program and involves several of the same Dartmouth researchers.

The project’s vision is that computational jewelry, in a form like a bracelet or pendant, will provide the properties essential for successful body-area mHealth networks. These devices coordinate the activity of the body-area network and provide a discreet means for communicating with their wearer. Such devices complement the capabilities of a smartphone, bridging the gap between the type of pervasive computing possible with a mobile phone and that enabled by wearable computing.

The interdisciplinary team of investigators from Dartmouth and Clemson is designing and developing ‘Amulet’, an electronic bracelet and a software framework that enables developers to create (and users to easily use) safe, secure, and efficient mHealth applications that fit seamlessly into everyday life. The research is determining the degree to which computational jewelry offers advantages in availability, reliability, security, privacy, and usability, and developing techniques that provide these properties in spite of the severely-constrained power resources of wearable jewelry.

Learn more about the Amulet project at amulet-project.org.

Our mission

Welcome to the Trustworthy Health and Wellness (THaW) project. Our mission is to enable the promise of health and wellness technology by innovating mobile- and cloud-computing systems that respect the privacy of individuals and the trustworthiness of medical information.

With this mission in mind, our team is launching a comprehensive, multi-disciplinary research agenda to address many of the fundamental technical problems that arise in securing healthcare infrastructure that, given recent trends, will increasingly be delivered using mobile devices and cloud-based services. The pervasive reach and (often) health-critical nature of these new technologies demand scientific solutions that provide trustworthy cybersystems for health and wellness. Our five-year research agenda is driven by the needs of the changing health & wellness ecosystem and addresses fundamental scientific problems that arise in other domains in transition to an infrastructure built on mobile devices and cloud services, such as transportation, m-commerce and education.

Specifically, our research agenda will contribute to authenticating mobile users in a continuous and unobtrusive way, segmenting access to medical records from mobile devices to limit information exposure, allowing individuals a usable way to control the information collected about them, handling genomic data in the cloud while enabling patient control over information, managing security on remote health devices while reducing the burden on the user, verifying medical directives issued to remote devices, detecting malware through power analysis, providing provenance information to those who use health data, and auditing behavior of this complex ecosystem of devices and systems.

Our research will have long-term impact by enabling the creation of health & wellness systems that can be trusted by individual citizens to protect their privacy and can be trusted by health professionals to ensure data integrity and security. Our healthcare partners will aid us to evaluate and demonstrate the value of our security solutions. We will also impact the next generation of scientists by creating new course modules, sponsoring summer programs for underrepresented minorities and women to broaden undergraduate and K-12 participation in computing; and creating an exchange program for our postdocs and research students to rotate among sites to broaden perspectives and receive mentoring on trustworthy computing.