With the emergence of wearables growing significantly at a seemingly exponential rate, the challenges involved in their development grow as well. Factors such as security, data management, social media integration, and more all must be addressed sufficiently. When developing these innovations for the healthcare space, these concerns grow even more in terms of importance.
In the interest of getting additional insight on these critical factors in the development of wearables for the medical space, I was fortunate enough to speak with Gabe Grifoni, the CEO and co-founder of the wearables company Rufus Labs. The company has essentially put a minicomputer onto a user’s wrist, which could be used by doctors in the healthcare space or by first responders to communicate with a hospital. I posed questions to Grifoni on the topics mentioned to get his input on how important they were in medical device wearable development.
Sean Fenske: Thank you for agreeing to an interview with me to discuss wearables in the healthcare space and address several challenges. Before we get started on the technology, would you please share your background in the development of wearables and/or medical technologies?
Gabe Grifoni: My development in wearables is probably stronger than medical technologies specifically. With wearables, I have a background in software since college. On the hardware side, wearables is a new category. We have been working on wearables for about three years and my background goes a little beyond that.
With wearables, in general, there’s a lot of learning to be done, especially when it comes to how to get the best tuning and frequency on an antennae. This is especially true when it’s close to the body, which has polarization that can affect those antennas. There are a lot of tricky elements to wearables that is even fairly new in the last five years.
Fenske: Why is data security so important when it comes to medical wearables? Does anyone really care what someone’s blood pressure is?
Grifoni: With medical wearables, especially ones that are monitoring someone’s blood pressure, heart rate, and levels in their bloodstream, is that the more precise and the more things we can discern, the better we can be at making sure we catch things before they kill or do damaging things to someone. The downside is we are getting more data on every single individual person and even if someone doesn’t care what someone’s blood pressure is, that information all together allows people to do a lot of bad things.
Security has to be addressed now as more critical information becomes available and recorded because a hacker can take that information. We don’t really know yet nor can we fathom the amount of damage that could be done if we have someone’s information. If you were using authentication to get into doors based on someone’s heart rate or biorhythms, it would be just like having someone’s fingerprint for a fingerprint scan because you have their very unique biorhythmic signature.
Fenske: What strategies or tools can medical device manufacturers employ to ensure data security?
Grifoni: One is a robust operating system. If I have an app on my iPhone, iOS is a fairly secure operating system and you can be a little more safe in knowing your credit card data is secure in a remote enclave in that hardware. We have to do the same thing with medical software, whether it be Android-based or iOS. It needs to be locked down, encrypted, and up-to-date the same way that our smartphones, desktops, and laptops are. There is a new threat everyday so you have to treat it as if it were a computer you were using at home. Software has to be very robust, strong, and always updated.
Hardware also plays a role. I mentioned the iPhone has a remote enclave in their chip that stores specific data that isn’t allowed outside that chip so no other apps can access it. As a hardware manufacturer, there are things we need to consider when working with encrypted data or important data we are collecting on someone. We need to put this in a very secure place in the hardware where it can stay and get spit out as something totally different in a way that people who need to use it can use it.
I think software and hardware need to work together really well to secure it from outside threats, such as WiFi and Bluetooth, and so that you have physical pieces of hardware in the devices that store data that don’t allow it to go anywhere else.
Fenske: Can you speak more to the hardware solutions for security with medical devices? For example, what are some realistic physical design strategies for enhancing security in a wearable medical device?
Grifoni: When you can add hardware that can either sense certain biometrics or pulse that can be used for security reasons to authenticate someone, that is a physical design element that should be put into a device. Building a device also that is not easily removed, like a pair of glasses that hold the secrets to my company, is also very important. Wearables need to be more tied to us such that if it was a wrist worn device it could not be easily stolen from someone’s arm. This is especially important for medical devices that hold so much sensitive information.
Fenske: What are consumer responses to data breaches in medical device technology?
Grifoni: I think it scares consumers — any kind of data breach including Target attacks or Ashley Madison. Payment information breaches scare consumers the most because you can ruin someone’s credit and their life with their social security number and identity. The same will apply on the medical side because these devices will now know everything about people, more than even doctors do. It’s really important to make sure this hardware and software infrastructure is set up before being deployed and data collection begins because if you have a breach, you will set the clock back years because consumers will be wary of doing these things again.
Fenske: Does it make sense for a device maker or OEM to develop their own proprietary security solution or work with a security vendor?
Grifoni: It makes more sense to work with a security vendor because unless you are a skilled device maker or OEM in the security space, like Google or Apple, you won’t be able to have an entire team dedicated to making a device secure. If you are making hardware and devices, and need to keep information secure, this needs to be done with a security firm that has 15 to 30 years of experience with encryption because this could ruin your device if you have a breach. Security is something where you want to have someone who does it for a living.
Fenske: Should medical device manufacturers be concerned with data security moreso with cloud-based applications?
Grifoni: Anytime you have data that isn’t just staying on your phone, computer, or wearable, and it’s being sent out via a wireless connection to a cloud, there is always a greater risk. The data is out there and accessible via remote location access. With the cloud as the essential element for all this data to be collected and sent around, data security is a legitimate concern. You want to go with a cloud service such as Amazon web service or Rackspace, or a cloud service that is more specialized.
Watch: The Connected Person
Fenske: Let’s move away from the security of data and talk about the actual data itself for a moment. Is it best for manufacturers to identify only the most critical data for a given device/application or should they collect all potential data points for implementation of future upgrades that would need the previously collected data?
Grifoni: I think it’s a combination of both; you don’t want to do a scattered approach where you collect data on everything and have no idea what to do with that. You want to figure out the three to five most important data points to be monitored. There might be additional data points where, if collected, can prove valuable in the future. We need to focus on the things that matter most, but if there are some beneficial fringe areas, you should collect that data, which in turn could save someone’s life.
We haven’t tracked this type of data on human beings for extended periods of time ever before because up until the last year or two, we’ve never had wearable devices on us that tracks this data. We don’t know if someone’s movements every day for 20 years could help prevent Parkinson’s. That data could be relevant in 20 years, but maybe not today.
Fenske: What are the dangers and concerns with sharing data via social media?
Grifoni: These are the same dangers we have when people post a picture on the plane and everyone knows you’re not home for a week. When using social media for sharing super personal stuff, people have to understand it’s out there and that the Internet is forever. Putting medical data and anything else personal on there should be done at people’s own risk.
Fenske: So should this type of functionality be avoided in medical devices?
Grifoni: FitBit, for example, when you’re linked to five friends, you all share your steps with each other and it’s not blasted to the world. I don’t see people sharing other types of medical data via social media. I only see the need for it to be shared with those in the medical field. These devices and wearables that collect data are very personal as there isn’t much we wear all the time. Sharing this information won’t be a big thing and it shouldn’t be integrated into solutions if it’s not needed.
Fenske: As we close, I want to jump back to security. What’s next in terms of wearables security in the healthcare industry? Will things get better?
Grifoni: Things will most definitely get better from everything I see now and know is coming. Wearable security will be a big part of wearables. They will replace smartphones eventually and they will be seamless parts of us without having to pick anything up. Therefore, the security in them will need to be what we have now and even ten times better.
What’s next is a lot more of development in the wearable field for consumers in terms of collecting data and providing data to healthcare professionals who can use this for good and keeping patients well. On the healthcare industry side, the workers will be using wearables too and they will have access to all of their patients’ data, making them even more of a target to hackers. Thus, we will have better devices, better ability to monitor people’s health, and all of this will require increased data security.