Personal Health Device Cybersecurity Whitepaper and Pre-Standards Development Activity

A collaboration to achieve comprehensive understanding of cybersecurity in the Personal Health Device community

About

Today’s users of personal health devices (PHDs) have implicit expectations on convenience, connectivity, accessibility of their data, and security. They expect to readily connect PHDs to their mobile devices, view their data in the cloud, and easily share information with their clinicians or care providers. While manufacturers are working on solving PHD connectivity with proprietary solutions, there is a lack of a standardized approach to providing secure Plug & Play interoperability.    

The motivation of this activity is to address the process (i.e., risk analysis) and capability (i.e., information security) of secure Plug & Play interoperability for PHDs. In order to maximize the possibility of receiving opinions from various stakeholders this team is open to everyone and interacts with various organizations in the personal connected health domain.

The mission of this activity is to build common ground about cybersecurity in the PHD community and create an “information security toolbox” appropriate for standards addressing data exchange typically for small, battery powered devices, such as the IEEE 11073 PHD family of standards or the Bluetooth SIG specifications. The result of this work is collected in the “PHD Cybersecurity Whitepaper”. It contains the background related to PHD cybersecurity, a detailed risk analysis of use cases specific to PHD device types and the controls to be adopted for a future enhancement of the said data exchange standards (e.g., the Optimized Exchange Protocol defined in IEEE Standard 11073-20601). The whitepaper will serve as the basis for future standardization of secure Plug & Play interoperability.

 

Get Involved:

We welcome new participants that are interested in the Personal Connected Health market. This includes people who use personal health devices in home and mobile environments, personal health device vendors, personal health manager vendors, institutions that may ultimately receive data from these devices (e.g. hospitals, doctor offices, diet and fitness companies), payers (e.g., insurance companies), regulatory agencies, telemedicine consultants and businesses.

 

Possible Outcomes:

Published documents that are intended to be widely accessed by the public to encourage future participation as part of standard projects, and to encourage adoption of current standards developed in this space.

 

How to Participate:

To learn how to join the PHD Cybersecurity Paper and Pre-Standards Development Activity team, please express your interest by sending an inquiry to:    


Christoph Fischer, co-chair
christoph.fischer@ieee.org

Nathaniel Hamming, co-chair
nate@hmtconsulting.org

Additional Contacts
Industry Connections Program Administrator