COMBINING WORLD-CLASS HEALTH CARE WITH SECURE PATIENT RECORDS
Our society faces a growing threat from misuse of information in cyber-systems. The cost of intellectual property theft to U.S. companies alone tops $250 billion a year, and it is estimated that $1 trillion was spent globally to address problems caused by cyber-breaches. As cyber-security has become a national priority, ISIS has focused a great deal of work on the science of security, including ensuring privacy for the next generation of information systems, such as electronic medical records (EMRs).
The goal of ISIS researchers is to understand the fundamental issues that cause cyber vulnerabilities and to develop model-based methods and tools to help prevent problems before they occur. Among the projects on that front are Team Research in Trusted Ubiquitous Security Technologies (TRUST) project, which is a Science and Technology Center funded by the NSF, and the Strategic Health Care IT Advanced Research Projects on Security (SHARPS), which is funded by the Department of Health and Human Services.
TRUST is the umbrella for multiple projects led by Janos Sztipanovits, ISIS director and E. Bronson Ingram Distinguished Professor of Engineering, in partnership with researchers from University of California at Berkeley, Carnegie Mellon University, Cornell University, and Stanford University. In this project, ISIS focuses on creating trustworthy health information systems that, by design, are aware of and enforce privacy constraints." If you model policies correctly, you can compute the proper behavior," Sztipanovits explained. "You need precise modeling that applies logic and reasoning."
In the SHARPS project, ISIS works with researchers at the Vanderbilt University Medical Center to develop modeling tools for privacy policies and technology tools to integrate privacy models in the exchange of health information. SHARPS leverages the expertise built up from TRUST to specifically target health care applications. Partners with Vanderbilt on SHARPS are University of California-Berkeley, Carnegie Mellon University, Dartmouth University, Harvard University, Johns Hopkins University, New York University, Stanford University, University of Illinois at Urbana-Champaign, and University of Washington.
EMRs are an aspect of TRUST and SHARPS that has become a national priority as the government strives to normalize and institutionalize EMRs nationwide to improve access and reduce cost. The complexity of EMRs stems from the need to integrate multiple, software-reliant systems some commercial, some produced in-house—in a manner that satisfies the rapidly changing (and often conflicting) demands of medical innovations, clinical procedures, and insurance and government regulations, explained Yuan Xue, assistant professor of electrical engineering and computer science and an integral part of TRUST and SHARPS.
EMRs are connected to an array of systems that support health care business operations, including clinical documentation, laboratory reports, radiology services, pharmaceutical dispensing, and billing. Patient data security and compliance with regulations, such as Health Insurance Portability and Accountability Act (HIPAA) requirements, present complexities, as does the fact that most EMR systems are connected to Web portals, exposing them to continual Internet attacks.
"We've developed techniques to build an architecture that protects the EMR system and the Web portal," Xue said. The system works like a firewall that's intelligent enough to recognize intended information and updates so the entire system need not be shut down for every change. This approach is typical for ISIS researchers—getting multiple systems to work together and to detect and prevent anomalies. "We really enjoy these complex multidisciplinary challenges," added Sztipanovits.
Another collaborative project within the TRUST program is CareNet, which supports remote patient monitoring by using sensor technologies to send data to medical personnel. CareNet allows home monitoring of patients with chronic diseases, such as heart conditions or diabetes, improving patient comfort and reducing medical costs.
Sztipanovits also leads an ISIS team in a collaborative TRUST project with the Vanderbilt University Medical Center and the Department of Biomedical Informatics of the School of Medicine to develop a patient management system for sepsis treatment. Triggered by bacteria invasion through wounds or IV lines, sepsis causes the body to literally attack itself. The rapid sepsis detection and patient management system, currently in clinical trial, integrates with an automated decision support system to help hospital personnel navigate successfully through the complex treatment process. The success of the sepsis program is an exemplar for other such model-based, decision support systems to normalize treatment plans, said Sztipanovits.
The Privacy Preserving Record Linkage project, led by Brad Malin, associate professor of biomedical informatics at Vanderbilt University Medical Center, is yet another SHARPS and TRUST offshoot that allows the secure integration of medical records from multiple sources, including multiple treatment facilities or ancillary services, such as radiology or pathology. It also enhances research opportunities by allowing third parties, such as the National Institute of Health (NIH), to collect a large number of records for research while protecting individual patient's identities in accordance with HIPAA regulations.
Vanderbilt was a natural choice for TRUST and SHARPS due to the combination of ISIS and a world-class medical center, said Xue. "The Vanderbilt University Medical Center has long applied new technologies to facilitate better patient care, while ISIS has been a leader in developing secure, robust technologies for health care and other mission- and safety-critical domains," she said. "What is unique to Vanderbilt is this combination of excellent, practical medical care plus the availability of advanced software and information technology, which creates a strong foundation for rapid progress."
Most software tools and platforms developed at ISIS are open-source, making the results of ISIS research widely accessible. The availability of open-source tools enables rapid adaptations to cyber-security needs and opens the field to small- and mid-sized companies' participation in the competitive process, Sztipanovits said. Multiple spin-off opportunities from TRUST and SHARPS are emerging as the need increases to secure health care platforms and protect patient privacy.