Wireless Medical Devices: Security Issues, Market Opportunities and Growth Trends

The number and variety of wireless medical devices is growing rapidly, driven by the expansion of wireless communication technology and the medical needs of the aging U.S. population. However, these devices face security problems that may be avoided with careful planning and implementation.

In 2008, two independent groups demonstrated how a defibrillator may be wirelessly attacked. An electromagnetic field enabled a wireless connection with the defibrillator from a distance of inches from the “patient’s” chest. However, it is far more likely that such devices will invite attacks because they are using the Internet as a communications backbone. Approximately 9,700 patents have been issued, with many more pending, that describe an embodiment of wireless communication or wireless connectivity that could be vulnerable to attack or spurious disruption. To accompany them, there is a growing body of patents addressing medical device security.

The State of the Wireless Medical Device Market

The currently available applications of wireless medical devices that are monitoring patients range from defibrillators to infusion pumps. These devices communicate with a primary caregiver who monitors data, and can contact the patient for treatment or device re-adjustment. One example currently in use is a glucose infusion pump. The patient’s blood sugar levels are continuously monitored and automatically adjusted, and communicated via Bluetooth to a mobile phone which establishes a VPN or IP-SSL connection directly to a recordkeeping system at the primary physician’s office. The device provides the physician with ongoing information about the condition of the patient under everyday conditions.

According to present trends, by 2020 at least 160 million Americans will be monitored and treated remotely for at least one chronic condition. The market for such remote monitoring of patients was $3.6 billion in 2007; it is estimated to have grown to $3.8 billion in 2008 and is forecast to reach $5.1 billion by 2013.

Market Sectors to Watch – IVD, Tracking

The total market for wireless RFID tracking and management market devices and devices capable of monitoring more complex medical conditions is very large and growing. The glucose monitoring market alone (including wireless monitoring) represented an $11.6 billion market that is poised to increase dramatically when in vitro diagnostics (IVD) point of care applications are more fully deployed. IVD will measure, in real time, blood characteristics and hormone levels and transmit the data wirelessly to a centralized clearinghouse. The total IVD market was $42 billion in 2007 and it is projected to grow at about 6.2% annually. By 2025 an additional $10-$12 billion will be added to this market.

RFID has also been established as a valuable tool for identification and tracking of goods in the supply chain. Over the last few years, many pharmaceutical companies and clinical research organizations are realizing the value of using RFIDs to keep track of biological specimens and drugs. One bio-specimen supplier was able to realize a $2.6 million annual decrease in inventory losses by using RFIDs to track and properly identify bio-specimens that had previously disappeared or spoiled due to mislabeling and improper storage. With bio-specimens priced from a few hundred dollars to as much as $25,000, tracking makes an enormous impact.

RFID technology is also finding use in the pharmaceutical industry. It can supply the tracking of the raw materials within a drug and also the drug product itself to prevent counterfeiting and the illegal import of unregulated drugs from other countries. It is estimated that if the pharmaceutical industry were to fully adopt RFID technology for tracking its raw materials and products, the market would be $12.5 billion currently. We expect that this market will start to develop and mature over the next 4-5 years.

The application areas where we expect to see the greatest growth are:

·        Hospital bed monitoring - facilitating wireless patient monitoring, enabling greater utilization of hospital space and facilities.

·        Laboratory automation - IVD testing can be done on an outpatient basis and in real time, decreasing the need to make repeated trips to a clinic for retesting. It should also yield better patient data, leading to better understanding of a patient’s true condition. We see the insurance companies and HMOs clearly supporting the use of IVD for early detection and prevention of catastrophic diseases.

·        Mobile medicine practices - will provide means for treating chronic conditions on an outpatient basis, resulting in fewer doctor visits and lower health care costs.

OS and Middleware Security

The development of devices that monitor patients’ conditions and dispense medications adds a lot of medical information moving wirelessly through cyberspace that is vulnerable to corruption or interception. By 2015, a substantial portion of the IVD market will be ported to mobile devices and chip-based technologies. Seventy-five percent of all medical data was already on mobile or portable devices in 2005, a staggering percentage in view of the susceptibility to theft of such devices. Intercepted information may contain private information such as social security numbers or credit card account numbers that can lead to identity theft or blackmail of the company responsible for its privacy. Likewise, data corruption can be caused by viruses, worms, and web crawlers initiated by malicious individuals or by companies seeking to gain information.

The most vulnerable part of a wireless medical device is the middleware that sits on top of the OS and provides the management, transmission and receipt of information. As new wireless applications for medical monitoring are developed and commercialized, software and operating systems, many of them for real time data transfer, have also been developed for these smaller platforms. The need for greater security is being addressed by certain states, but is not yet a requirement in most states. Indiana, for example, has had a law on the books addressing the security of medical data since 2006, and in 2008 amended it to address encryption of patient data on mobile and portable devices.

Data Security: Encryption, VPNs, IP-SSLs

Wireless devices for monitoring and dispensing drugs and adjustments in real time mean there will be an increased risk of exposure to threats from cyber-criminals and incidental exposure to whatever is linked using the Internet as the communications backbone. Data encryption will be required to establish a more secure connection between provider and patient and provide additional assurance that any intercepted data will not be compromised. We expect to see an increase in VPN technological markets as well as the associated encryption and firewall technologies.

The most secure connection that we envision will be based upon dynamic keying, establishing a direct VPN connection based upon a continuous rapid sampling of the data stream to change the codec for both sender and receiver. Researchers at the Chinese University of Hong Kong have proposed using the heartbeat of the patient to generate a randomized codec for an encrypted data stream for implanted defibrillators. This is but one creative response to the challenge of data security for wireless medical devices.

The regulatory environment will play a key role in the development of the encryption market for wireless medical devices. The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to make patient records more easily transferable electronically and to establish standards for doing so to protect patient privacy. It included a requirement for health care providers to protect patient privacy, but did not address data encryption. Several states are considering versions of data privacy laws, but so far Indiana is the only one that has a law on the books that requires encryption of patient data to relieve heath care providers, including doctors and clinics, of liability where a data theft occurs. It will be up to industry to develop the means to protect data and provide secure communications between devices.

The Growing Patent Thicket

Currently a gross estimate of patent rights indicates that over 9,700 issued patents address wireless communications or connectivity in medical devices. The patented devices range from advanced orthotic knee braces that wirelessly synchronize upper and lower leg movement to wireless cardiac monitoring devices. If we also add patenting for RFID tagging for medical device and specimen tracking and management, it is clear that a potentially insurmountable mountain of intellectual property could slow innovative product development.

While larger companies can spread the risk of possible litigation costs over multiple product lines, smaller companies, who have historically been the innovators in this field, may be severely slowed or even halted due to threats of litigation or royalty charges. We propose that a consortium of patent owners put their patents into a patent pool and determine reasonable, uniform royalties to be paid by members and nonmembers.

A patent pool could provide more than the control of royalties and litigation risks; it also could address the issue of standardization for interoperability. Consistent protocols are essential to the current and future development of mobile wireless medical devices, especially in light of the federal government’s initiative to establish electronic records to simplify health care.

The Obama administration is pushing hard to create a national electronic database of medical records and medication control with respect to patients taking several different medications. Drug delivery, such as insulin and other metered outpatient medications may be electronically synched with the record keeping system to monitor patient medications and amounts of prescriptions per patient. Without standards to keep consistency in the data and the transmission protocols, large systems will not be possible.

Will pen injectors give way to infusion pumps that can be monitored anywhere in the world via wireless communications and Internet access via local WiMax or Wifi portals? Maybe not entirely. But perhaps wireless wellness monitoring to catch and prevent major health incidents from occurring will be just what the insurance companies order.

About Nerac
Nerac Inc. is a global research and advisory firm for companies developing innovative products and technologies. Nerac Analysts deliver custom assessments of product and technology development opportunities, competitor intelligence, intellectual property strategies, and compliance requirements through a proven blended approach to custom analysis: review of technical knowledge, investigation of intellectual property, and appraisal of business impacts. Nerac deploys analysts in diverse disciplines to help clients discover new applications, serving as a catalyst for new thinking and creative approaches to business problems or identifying strategic growth opportunities.

About the Author

Analyst Scott Taper draws on over 30 years of experience assisting companies in licensing, business development, and technology development. He has guided startup company incubation at several of the world’s best-known technology generators, including the Electric Power Research Institute (EPRI), the University of California, Kyocera Wireless, and SRI International. He also worked as an engineer and proposal manager for General Electric and Lockheed’s Advanced Systems Division. At UC Berkeley, Taper was responsible for incubating and developing the first spin-out company, Berkeley MicroInstruments, which designed and fabricated standing wave MEMS sensors. At SRI International he led the development, licensing, fundraising, and incubating of six software, biotech, life sciences, medical devices, and networking companies, including his own venture in free-form rapid prototyping. Four of those companies were featured in the 1998 Business Week article, “Spin-out City.” He also negotiated and concluded deals for licensing the Advanced Hydrothermal Oxidation process for destruction of hazardous organic waste to Mitsubishi and structured the deal for licensing Li-ion ultra-capacitor batteries to Sanyo. He is well known in the technology transfer and licensing community as the former co-owner and moderator of the premier licensing and commercialization discussion group, Techno-L. Taper earned his bachelor’s degree in engineering from University of Pennsylvania and his M.B.A. at Santa Clara University. He was an instructor in Golden Gate University’s MBA program, and the University of California Extension’s Technology Transfer Seminar, and he currently co-chairs the San Francisco/East Bay chapter of the Licensing Executives Society. He is a consultant to the nonprofit X-Prize Foundation for the Alternative Energy Prize and is listed in Who’s Who in Technology Licensing. Among his areas of expertise are the fields of energy, telecommunications, and convergent technologies in biotechnology and life sciences. His business expertise includes university, government, and corporate licensing, business development, technology alliances, joint ventures and mergers and acquisitions.