How to consider the information security of POCT equipment?
In recent years, with the continuous iteration of POCT technology, POCT equipment has become more miniaturized, the operation is more convenient, and the application scenarios have been lowered. The double upgrade of accuracy and speed has been achieved. POCT has become more and more popular in emergency medicine and clinical departments.
At present, data management and network connection fields such as patient data economy, data and data transmission encryption, and technical security communication on POCT analyzers are not yet mature, and hospital information technology security regulations have not yet adapted to the particularity of POCT. Therefore, the construction of the hospital's informatized POCT management system, the improvement of standardization capabilities, and quality control have also become the focus of everyone's attention.
Whether a concept supports workflow in a meaningful way depends largely on the performance of the IT systems used. Modern systems developed specifically for POCs offer users more opportunities to make the operating system as simple and secure as possible.
The demand for POCT IT solutions is mainly focused on the easy operation of the analyzers, documentation of patient results, and quality control (QC) results. The innovation of POCT information technology solutions lies in the high integration of hospital IT network and POCT equipment. POCT equipment is usually connected to the hospital information system (HIS) to obtain and manage patient data
While it makes sense to fully integrate equipment with all the data available across facility systems, this approach does have its drawbacks. Devices used in patient rooms may be unlocked and may be accessed by unauthorized persons. This is a major data security breach, as devices contain not only measurements but also personal patient data. To protect this data, devices must be intelligent, with user identities, access authorizations, role-specific permissions, and encrypted communications. Rigorously implementing such a concept throughout the usage environment is a huge technical and organizational challenge for users.
Extensive remote maintenance capabilities have become standard for equipment manufacturers. Manufacturers must control and document this process, ensure proper day-to-day operation of the system and document system failures. This deep level of integration, coupled with the increased need for security, has given rise to new requirements for POCT-IT.
POCT Information Technology Requirements
Always focus on safety
The increasing digitization of the healthcare system has undoubtedly improved patient care, but it has also raised a host of IT-related risks. In recent years, hospitals have been vulnerable to cyber-attacks, viruses or hacking software, shutting down medical services or compromising health data. Regulatory agencies have established healthcare industry-specific security standards requiring manufacturers to design POCT devices with security considerations in order to protect data availability, integrity, authenticity, and confidentiality.
Is POCT a critical service?
Whether POCT is a critical service from a regulatory perspective is difficult to answer. POCT is defined as medical diagnostic testing performed near the point of patient care (time and place). The driving philosophy behind POCT is to bring immediate, clinically valid results to patients and physicians. In clinical practice, POCT technology provides a wide range of diagnostic tests (such as blood glucose testing, blood gas analysis, rapid coagulation testing). POCT plays an important role in applicable hospitals and clinics. In the hospital environment, POCT involves three key steps of "diagnosis", "treatment" and "care". POCT blood gas analysis and coagulation tests (such as activated clotting time) can directly affect continuous medical measures, such as mechanical ventilation and extracorporeal membrane oxygenation (ECMO), where POCT is a key service. Therefore, POCT devices are part of key services, depending on the usage scenario.
Are there risks in using a POCT analyzer?
Certain inherent characteristics of POCT make it more vulnerable to security issues than other critical IT-based services.
1.POCT instruments are usually mobile and some are handheld, so it is very difficult to control them for use, maintenance and service, repair and update in different places.
2.There are many types of POCT instruments in hospitals and clinics, and it is difficult to standardize this type of equipment with a unified standard.
3.POCT instruments are often operated by personnel with different backgrounds, functions, and roles. Therefore, sufficient user management and continuous training are required for different users.
In recent years, relevant regulatory agencies have successively issued recommendations and guidelines for manufacturers of diagnostic products, strongly encouraging manufacturers of POCT equipment to consider IT and functional safety as an added value and a necessary audit part of product quality. For operators of POCT devices, the implementation of future security requirements will be a selection criterion for a specific POCT manufacturer or device type, in addition to basic quality requirements.
The first step in managing POCT-IT security in compliance with regulatory requirements is to implement an IT security structure. Manufacturers should identify and review risks in the diagnostic process of POCT devices and design security should be in place. The POCT-IT solution for different analyzers monitors general threats, IT specific threats and vulnerabilities. Risk reduction measures for POCT should start with basic steps such as access control, encryption, and secure communication.
In the context of the rapid development of connected medical care, ITL is also constantly accumulating technology and experience in the intersection of mobile devices (smartphones and tablets) and portable POCT products, technologies such as near field communication, wireless charging, Bluetooth transmission and remote control APP It is widely used in medical device projects developed by ITL. It has unique solutions for remote monitoring, monitoring multiple experiments and patient conditions at a time, connecting data through the cloud, user instructions, order information, and experimental process management. At the same time, we have experience in FDA, CE and other pre-market approval processes, and pay attention to the regulatory measures of IT medical technology to determine and solve the compliance issues of POCT-IT development in a timely manner.
