OPC UA Security for Mobile Healthcare Services

IT was first introduced in healthcare systems in the 1950s, but only recently has digitization become more pervasive and applied to products, channels, processes, and medical records, creating a completely new operating model. One of the aspects that is benefiting greatly from this transition is telemedicine: doctors and patients can interact beyond the confined medical environment, healthcare professionals can take immediate decisions, based on predictive and analytical data, and patients can be monitored more closely and frequently.

Smart Item Technologies (SIT) – such as RFID and sensor networks – offer enormous potential for optimization in many areas of application. Many technical, economic, and psychological barriers still tend to stop the adoption of the new technologies on a broader front, and much of their potential still remains unexploited.

OpSIT is a project supported by the German Federal Ministry of Education and Research whose goal is to support the health sector with the optimized application of Smart Item Technologies, using the example of patient care. Companies like Asperado, EnOcean, Peter Janssen Group, SRH Holding, Symeda, SysCom electronic, Wibu-Systems, the Fraunhofer Institute, the SRH High School in Berlin, and the Technical University in Berlin have come together to create a testbed that explicitly shows how to use Smart Item Technologies.

Assisted living is an outpatient residential care concept that combines the advantages of remaining comfortably at home with the fast and permanent availability of trained nursing staff. This decentralized approach includes self-medication as well, which is, however, a quite delicate point. According to recent studies, 15 to 30% of self-administered drugs are not handled correctly, mainly due to the patient missing their prescribed schedule.

The OpSiT system tackles the problem by sending on-time alarms to the patients, logging all medicine intake, and warning the nursing staff in the event of unusual behavior. Registered relatives of the patients and the medical team can access the cloud and verify the records at any time.

The digitization of patients also implies dealing with highly sensitive data. Two major preconditions therefore apply for project management: data integrity and privacy, both of which can be met with Wibu-Systems CodeMeter®. A sensor gateway (an EnOcean Smart Items Gateway implemented on the Raspberry-Pi and Intel’s Edison Platform) for cloud-based web applications in healthcare was developed to deliver medication tracking for residential patients. The high level of security provided by CodeMeter ensures software and data protection at the endpoints, where data is transmitted and computed. Additionally, networking interoperability for the sensor gateway is maintained using the OPC UA client-server architecture and standardized security profiles.wibu

The choice to use the industrial-oriented protocol OPC UA came from its flexibility and near real-time capability to transport the encrypted delivery intake report to the care cloud gateway server (OPC UA Historian Server). Even more importantly, its native security features, well integrated with CodeMeter to protect all sensitive keys in a trusted secure element, underline the security-by-design goal intended by the project’s key actors.

Beyond this specific application, the architecture can be replicated in numerous other IoT cloud-based services to prevent data depredation or tampering. High levels of assurance concerning data privacy and software protection can be met with a single hardware device. Specific software protection is provided to all client and servers communicating with the care cloud.

In short, OpSIT captures the complex cost structure of Smart Item Technologies applications and enables a cost-optimized design. Savings and many other benefits are promised by:

  • better utilization of available capacities
  • optimized production and process flows
  • greater responsiveness to disturbances
  • better medical monitoring in the private sector
  • improved preventative healthcare
  • considerably simpler processes for servicing and maintenance
  • error reduction in workflows
  • IP protection and secure usage history
  • detailed cost control