Telemedical devices already for sale in local drug stores include glucometers, helpful for diabetics, that monitor blood-sugar levels, store the data, and send it encrypted to physicians via the Internet for diagnosis — a savings in time and effort for everyone concerned.

But the dark side of the burgeoning field of online medicine — in addition to its expense — is the potential for hackers to intercept medical data in transit or access confidential information stored in online repositories.

Sufferers from controllable long-term diseases like diabetes, or those genetically predisposed to such conditions, could face job turndowns and insurance rebuffs from companies acting on data hacked from storage banks and then sold. Politicians and entertainers would be particularly susceptible to scandal and blackmail from data intercepted about medical or psychiatric conditions. In more complex scenarios of the near future, patients relying upon computer-based treatment systems that utilize the Internet, such as remotely controlled intravenous fluid delivery equipment, could have their lives threatened by a cyber attacker attempting to alter their medicinal flow rate.

To reduce the likelihood of these scenarios, Sandia researchers have developed a computer component "architecture" that allows consumers to assemble off-the-shelf medical equipment in a manner similar to that of a home stereo system. The framework will incorporate built-in security mechanisms that protect the exchange of information between system components.

Formal clinical trials of telemedicine equipment complying with the architecture will be ongoing within the next eight months at New Orleans’ Alton Ochsner Medical Foundation, where principal investigator Dr. Richard Re and Dr. Marie Krousel-Wood are working with economists, epidemiologists, and statisticians to evaluate the cost-effectiveness and diagnostic feasibility of telemedicine applied to the care of patients suffering from hypertension.

"When I started this project four years ago, I wanted to identify a strong medical partner to complement our expertise in sensors and information systems," says Sam Varnado, Director of Energy and Critical Infrastructure Technology Center 6200. "We selected Ochsner after a competitive bidding process, and they have been truly outstanding partners."

Given the current state of online medical security, according to Dr. Leon Hoffman, spokesperson for the American Psychoanalytic Association, "We recommend not sending out identifiable data over the Net. We are fighting so hard over the privacy issue. It’s a terribly frightening proposition for people to have records out there in cyberspace."

Controlling unauthorized access

Dr. Dena McFadden, deputy medical director of the Massachusetts region of Brookline-headquartered Harvard Pilgrim Health Care, described the effect of an incident reported several years ago in which detailed mental health notes on a patient’s record were accessed along with physical health data. Since then, she says, "We’ve put in audit trails to tell us who’s accessed what, we’ve enhanced passwords and installed encryption, firewalls and dedicated lines. But what’s hardest to control is unauthorized access by authorized users."

The Sandia architecture deals with that very difficult problem, says project leader Steve Warren (15341), by enforcing strict role-based access.

The Sandia architecture, says Steve, should also hasten the delivery of cost-effective remote medical care by promoting competition between telemedicine equipment vendors. Sandia has applied for an intellectual-property patent on the architecture.

In its role as a national security laboratory, Sandia is interested in maintaining the confidentiality, integrity, reliability, and availability of electronic medical information as US consumers rely increasingly on the Internet for access to medical services.

The capability to use the Internet to send uncorrupted medical data throughout the United States is expected to play an important role in reducing the potentially large numbers of civilian casualties that could be expected from a natural disaster or terrorist event.

Some of the technological issues were detailed in papers presented in April in Rockville, Md., at the "Workshops on Future Medical Devices: Home Care Technologies for the 21st Century," and in early May at the "Toward An Electronic Patient Record ’99" conference in Orlando, Fla.

Lowered costs, better security

Sandia researchers’ first goal is to demonstrate that care providers can "mix and match" best-of-breed components from a number of telemedicine vendors, lowering costs by promoting vendor competition and allowing patients to choose only the functionality that meets their health care needs.

The reason for interest in plug-and-play — a term for adding or subtracting components at will — is driven by the high expense of current telemedicine systems. As Sandia authors wrote in the abstract of a paper delivered in early May: "Most telemedicine systems are custom-designed and do not inter-operate with other commercial offerings. Users are limited to a set of functionality that a single vendor provides and must often pay high prices to obtain this functionality, since vendors in this marketplace must deliver entire systems in order to compete. Besides increasing corporate research and development costs, this inhibits the ability of the user to make intelligent purchasing decisions regarding best-of-breed technologies."

The second goal is to demonstrate that proper use of security technology can balance the need for care providers to access electronic medical information with the need to maintain strict patient confidentiality and medical information integrity.

Protecting interactions

The Sandia architecture will provide security mechanisms for device-device and person-device interactions so that electronic medical data cannot be intercepted and misused or altered while in transit to a physician, billing agency, or other medical entity.

"What unique technology does Sandia offer?" asks Richard Craft (6234), lead architect for the Sandia project. "We have leading-edge cryptography libraries that can strengthen a toolkit of telemedicine security algorithms. The Sandia-proprietary telemedicine architecture will be licensed to industry so that off-the-shelf devices manufactured by a large number of companies can provide medical monitoring solutions for different care scenarios. We are currently working on the initial implementation of the architecture: laying the ground rules for how telemedicine devices will talk with one another within the secure environment. It’s like a card game: first you lay the ground rules, then you play."

Service areas that are supported within the Sandia-designed telemedicine architecture include user interfaces; medical devices for acquiring patient data, delivering therapy, or analyzing specimens; electronic patient records that store information collected by devices; processing services that can analyze and interpret data; communication mechanisms and the supporting directory services; protocols that dictate orders of operation for medical instruments; and a backplane, a service similar to an operating system that stitches the other service areas together.

Benefits of online medicine

Telemedicine uses technology to provide an alternative to traditional, in-person physician visits. Computer-based video conferencing, medical devices, and electronic patient records together provide medical care at a patient’s location, regardless of the location of the medical professional or care provider team.

Computer scientists familiar with the medical field believe that within the next five years, computers at remote locations will control vital-sign monitoring and limited types of medical treatment. Medical care will travel with patients, whether they are in the home, the office, or on travel, so their electronic medical records must be accessible from any location.

"Sensors attached to patients will transmit signals to computers, either in the home or at a remote location, for state-of-health analysis," says Steve. "Because these vital-signs sensors will be noninvasive and comfortable to wear, they will acquire medical information from the patient around the clock instead of a few times a day. This approach to continuous physiological monitoring and trend analysis will lead to a preventative health care model where the future health of an individual will be predicted based on information acquired from these sensors. This differs from the primary care delivery model employed today, where a patient visits a physician only after suffering discomfort or experiencing a health emergency."

"Future telemedicine systems will be based on plug-and-play technologies that use wireless communications to create ‘virtual devices’ composed of physically dispersed but cooperating components," predicts Richard.

"Interactions between these components must be secure in order to maintain patient confidentiality and the integrity of the electronic medical information acquired and stored by these devices."

Because of this versatility, online medicine has the potential to widen health care choices, cut costs, and provide maximum care to a large number of people. The ongoing effort

The work is part of a joint study undertaken by Sandia and Alton Ochsner Medical Foundation. Drs. Re and Krousel-Wood of Ochsner Clinic are evaluating the cost-effectiveness and diagnostic feasibility of telemedicine applied to hyper-tension monitoring.

The research team at Ochsner Clinic is currently using a commercial, turnkey telemedicine system manufactured by TelAssist Corporation, Ridgefield, N.J., for their hypertension study. Sandia, in an effort to test the effectiveness of the "plug-and-play" approach to telemedicine, is renovating that commercial system for use on Sandia’s secure telemedicine device architecture. The new system will be tested jointly by Sandia and Ochsner Clinic in a controlled clinical study that assesses the cost-effectiveness and diagnostic feasibility of the approach.

Other members of the Sandia development team include Rudy Garcia (6238), Raymond Parks (6232), Linda Gallagher (6238), and Donald Funkhouser (6532).

The work is supported by the Telemedicine and Advanced Technology Research Center, US Army Medical Research and Materiel Command, Fort Detrick, Frederick, Md.