Telematics infrastructure: Secure digitalization in networked medical technology

New forms of collaboration are needed for fully networked medical technology. Using the example of a connector to the telematics infrastructure, this article shows how medical technology 4.0 can succeed.

Digitalization is also in full swing in medical technology, and yet the revolution is proceeding at a more moderate pace compared to the successes in industry (Internet of Things, IoT). The medical technology environment is significantly more demanding, as more requirements are placed on the environment surrounding life-support systems. In particular, the handling of highly sensitive data poses additional challenges for the digital transformation in healthcare.

The development partnerships between manufacturers (distributors) and simple system integrators that have been customary up to now are also facing new tasks due to the required integration and consideration of security, data protection, encryption and the analysis of potential attack vectors for networked medical technology. Completely new forms of cooperation are required here, and all parties involved must take different paths, because the required know-how can no longer be mapped via a classic customer-supplier partnership between two participating companies.

Focus on security-specific requirements

In the development of fully networked medical technology, the focus is on security-specific requirements in addition to the usual requirements for reliability and quality as well as normative requirements; examples include encryption and infrastructural connections as well as standardized, location-independent network and service access for medical technology equipped with the appropriate hardware and software. One of the most important and at the same time most fundamental steps is the connection of medical practices to the telematics infrastructure (TI) in Germany. The path to secure and standardized handling of the digital patient file by the end of 2020 shows, even before the threshold into the actual treatment environment, what security and development specialists in medical technology will be confronted with.

The connector from security specialist Secunet, which now enables over 45,000 medical practices to access the TI via Arvato Systems’ VPN access service, is one of the latest success stories in med-tech digitalization. In the course of developing the so-called Secunet connector, developers at S.I.E, under the leadership of Secunet and its partner network, had a rare opportunity to witness and understand the above-mentioned new forms of collaboration in the medical industry between distributors, developers and partners in the efficient creation of highly complex, security-relevant systems such as the connector.

Digital medical technology requires rethinking

“The genesis of our connector for connection to the telematics infrastructure is a wonderful example of the changes that are also needed in the medical technology industry itself. Together with our development partner S.I.E, we broke completely new ground in the conceptual design and implementation of this solution,” says Markus Linnemann, Division Manager Critical Infrastructures Secunet Security Networks. And indeed, a look at the entire corporate network involved in the realization of this project quickly reveals that classic hierarchically organized development processes in a classic client-customer relationship between the various organizations would have stood in the way of the goal of targeted and efficient development.

In the development phase of the connector, Secunet Security Networks itself acted as a security specialist with the appropriate market access and S.I.E as a system integrator and expert for the development of the hardware. Arvato Systems, on the other hand, oversaw the connector’s counterpart, the VPN access service, and together with Secunet and its partner eHealth Experts implemented the “My Access Service” service. Of course, the Federal Office for Information Security (BSI) and gematik, as supervisory bodies for the security and functionality of the connector, are also involved in this security-sensitive case.

Josef Krojer, General Manager of S.I.E comments: “At this point, however, the network is far from complete. Of course, we also have appropriate partners for platform technologies or industrial design on board. However, in a classic systems integration development relationship of the past, these partners would not have any connection to the marketer, let alone direct end-customer feedback with the corresponding impact on schedules and costs.” In short – as can also be seen from the organizational matrix (see image) of this project, the requirements of a digital medical technology create a complex network already in the development phase, which requires new approaches.

Joint digital development and transfer platforms

Markus Linnemann of Secunet Security Networks explains, “This is precisely the point at which we realized, together with S.I.E, that we needed a more intensive form of know-how transfer and collaboration. Classic requirements specification development without a common understanding of the overall process and without a common goal in finding a solution slows down the processes and makes success within the given timeframes almost impossible.” As a result, the companies involved granted each other insight and access to data and partners in a completely new way.

In expert calls, the participating companies coordinated on the entire service supply chain within their respective development domains. Specialists from all areas of this service chain examined imponderables found in joint discussions, agreed short-term goals within the framework of agile development sprints, and transferred required know-how. Common digital development and transfer platforms also served as a basis. “This approach sounds absolutely simple and logical at first glance, but it is completely new.

Development processes, partner networks and calculations

Giving each other such deep insights into development processes, partner networks and also calculations in order to create a solution together requires courage and a new kind of trust. The classic fear of disclosing supply chains had to give way to the common goal of timely market entry and the clarity that only in a strong alliance with free communication channels was it possible to achieve the goal. This challenge was accepted and implemented excellently by all the companies involved,” says Josef Krojer.

The basis was created. A company network with open and modern, partially digitized communication channels, a complete know-how set and a common goal and solution concept of how the connection to the telematics infrastructure should look. As part of this collaboration, the companies not only granted each other significantly intensive access to each other’s resources, but the work within the individual domains was also actively shaped jointly.

Fewer loops in hardware development

As an example, a secure manufacturing domain was implemented for the connector at S.I.E. Markus Linnemann of Secunet Security Networks comments: “Due to the history of the company, we already had very deep knowledge in the certification of highly secure development and delivery processes. Being able to pass on this knowledge easily and effectively to our partners through the newly created communication structures was an important success factor.” This step enabled S.I.E.’s Common Criteria certification by the BSI to be achieved much faster and with fewer problems at the first attempt.

In addition, the matrix communication in the form of the expert calls paid off by significantly reducing the number of loops in hardware development, which also saved resources and led to bringing the product to market faster.

Over 45,000 connectors sold

However, a product or service only ever becomes a real success through the actual behavior of the market. After market launch, over 45,000 connectors have already been sold to date and a correspondingly large number of practices have been connected to the telematics infrastructure. Tests and surveys confirm the success of the development and give hope for the future development of the medical technology sector itself. Even at this early stage, the companies are planning to build on the success of the connector by developing a version for the hospital infrastructure.

“The connection of hospitals and other professional groups and institutions involved in medical care via a standardized interface technology, based on the devices already developed, is subsequently a logical next step,” says Josef Krojer in this regard. “Together with Secunet and the entire development network, we have created a basis in recent years to efficiently move from an abstract idea for digitalization in the regulatory demanding medical technology industry to a resilient roadmap of implementation.”

From security to production to logistics

The example of the Secunet connector and the approach of the network of companies involved shows the way forward for development projects in the medical technology industry. Above all, it provides insights and foreshadowing of how digitalization is actually progressing in highly sensitive environments and industries. New collaborative development processes, more open communication channels based on partnership, and a shared understanding of the goals of entire networks of specialists – from security to production to logistics – are necessary from the outset in order to achieve and drive forward the major common goal for digitalization.

Accordingly, the transformation itself takes place not only systemically and technically, but above all also in terms of corporate culture. These changes and the setting of the course, which – as can be seen in the example of the connector and the telematics infrastructure – are already in full swing, open up new paths and opportunities – on the way to medical technology 4.0.

ELEKTRONIKPRAXIS 23/2019