The future of patient care
Remote patient care will likely remain part of the new normal even after the current pandemic passes. Building and scaling the infrastructure necessary to support remote patient care is dependent on securing and harmonizing interoperability between patient systems and medical products, hospital equipment and other connected devices. This critical healthcare infrastructure must be protected from those who seek to compromise and exploit it. Lessons learned from the current pandemic paired with innovations coming to market through rapid response processes, such as U.S. Food and Drug Administration Emergency Use Authorizations (EUAs), can serve as the foundation for more secure and interoperable global critical care response networks in the future.
Cybersecurity and interoperability
Interoperability cannot be attained without first establishing a baseline of cybersecurity hygiene, which helps ensure that critical infrastructure such as hospital networks are not completely debilitated by a single, poorly secured medical device. Between January and March of 2020, more than 6,000 indicators of compromise were identified for exploit attempts related to COVID-19.
Building complex healthcare infrastructure includes finding ways to address new risks such as those from emergent properties, where the whole is greater than the sum of its parts. This introduces both unique system deployment challenges as well as regulatory challenges; however, compliance with standards that have been recognized by regulators can help expedite innovative devices to the bedsides of patients.
Compliance requirements for interoperable medical systems
Compliance to AAMI UL 2800-1, the Standard for Medical Device Interoperability, supports an integration framework for multiple stakeholders who may participate in the development, deployment, assembly and operation of a medical system with interoperable elements. Such a system, referred to as an interoperable medical system, would help reduce patient risks, maintain clinical effectiveness and support timely and adequate access to data while protecting its security, and enable adequate provision of care.
Compliance with UL 2900-2-1, the Standard for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare and Wellness Systems, and certification under the UL Cybersecurity Assurance Program (UL CAP) can help to demonstrate regulatory compliance for expeditious market access, even under EUA policies.
Connected system risk management for healthcare facilities
UL offers comprehensive assessments for remote-controlled ventilators, remote-controlled infusion pumps, safety control systems, and other connected and smart products. Our field engineering and cybersecurity experts assess the overall interoperability vulnerability of a health delivery facility or protocol and examine its individual connected devices according to AAMI UL 2800-1 with results recorded in a comprehensive and informative test report. Additionally, we can help you demonstrate compliance to UL 2900-2-1 for expeditious market access, even under Emergency Use Authorization policies.
With a baseline of cybersecurity hygiene in place, interoperability for telehealth and other applications can be deployed with greater confidence.