A number of macroeconomic pressures continue to drive change in our healthcare systems. Take, for example, the growing number of elderly people in industrialized countries. According to the U.S. Department of Health and Human Services, the U.S. should expect to support some 72 million seniors over the age of 65 in the year 2030, over twice the number in the year 2020. I hope to be a part of that population, but I also realize that more than 80% of one’s health expenses come in the later years of one’s life. According to the report “Health Care Costs — From Birth to Death,” sponsored by the Society of Actuaries, the U.S. government expects to spend $450,000 for each new-age Medicare beneficiary during their expected lifetime of 20 additional years.

New healthcare policies, such as the Affordable Care Act, stress reimbursements while also increasing the number of people insured. To limit the overall human and financial cost burden for the U.S. and global societies, healthcare systems will need to find innovative ways to provide cost effective, high quality care to an increasing number of patients.

Unfortunately, there is an unhealthy divergent trend: the number of caregivers and primary care physicians has been in steady decline. The Association of American Medical Colleges suggests that the U.S. will face serious shortages of both primary care and specialist physicians. By the year 2020 we will employ some 91,000 too few primary care physicians, surgeons, and medical specialists. With these factors and more, we are witnessing the formation of a perfect storm.

So how we do navigate our way out of the storm? Telehealth and remote patient monitoring (RPM) can certainly help tame it, and the reimbursement climate, at least in EMEA and the US, is turning the tide in a positive direction as well. RPM and connected homes, with wireless sensor networks, allow home environments to be connected to the internet and cloud, and properly designed systems can be safely and securely monitored and controlled using smart mobile devices and data aggregators.

An aggregation device can take many physical forms; it could reside in your television or set-top box, exist as a stand-alone unit, or even be embedded in your refrigerator or bedside clock. For those of us lucky enough to be on the move, a smartphone with appropriate levels of safety and security could be the target aggregator — or how about that automobile laden with sensors in the seat, steering wheel, and dash? Use cases will be many.

As I age gracefully and begin to consume more caregiver resources, I am willing to trust a remote system, but admittedly, I have little patience for performance glitches, nor do I have any tolerance for systems that lack security. This isn’t a HIPAA issue or concern, but rather, a very real consumer concern regarding hack threats and potential loss of my privacy.

Unfortunately, when it comes to security, not all software platforms for aggregation devices are created equal. Consider the code sizes of operating system (OS) kernels. According to a recent count, the generic Linux kernel contains over 19 million lines of code. Other monolithic general-purpose operating systems (GPOSs) are even larger. This contravenes a basic security principle that a software component be as simple and verifiable as possible. Otherwise, unexpected side effects, behaviors, or vulnerabilities are more likely to occur. In comparison, the same measurement of the QNX Neutrino OS is much smaller — only about one hundred thousand lines.

Next, here’s a term to consider: attack surface. It represents the total of all possible entry points for a security breach or hack on a networked device or software stack. The total attack surface for any system will also include application executables, shared libraries, networking stacks, and other software components that make up the device’s total behavior, but those are more or less fixed in size, regardless of the size or architectural composition of the OS kernel. (The operating systems’ internal architecture is another key point of comparison that can have significant impact on the attack surface of the device and on safety certification efforts — more on this in a subsequent post.)

Given all the wired and wireless communications that exist between the first meter and the cloud of an RPM system, cybersecurity should be top of mind. So why start with an OS that offers many more times the malware and security vulnerabilities?

Beyond the OS is an obvious question: data security. Who and what is getting access to the data that my medical monitor is connected to? Is my data going to the right remote network? Can anyone listen in? Who can send my insulin pump a firmware update, recalibration, or subscription update? Is it my prescription or someone else’s? Is my data protected from unauthorized remote connections? And is the remote network really talking to my device, or is someone else’s device purporting to be mine? In effect, has the device manufacturer done a good job protecting data at rest, data in motion by securing device keys, using mutual authentication, secure boot, and tested and approved cryptographic algorithms to ensure my well-being?

With, and only with, a safe, secure OS and cryptography algorithms should telehealth hubs be deployed. These, coupled with personalized data based on biometrics gathered through health devices and from networks of people comprising family members, friends and care givers, can lead to better health, better outcomes, and a less-expensive healthcare system.

Also read: