Telecare Challenges: Secure, Reliable, Lower Power

Market for remote diagnostics and monitoring is growing quickly, but issues will persist alongside of that growth.


The adoption of telecare using a variety of connected digital devices is opening the door to much more rapid response to medical emergencies, as well as more consistent monitoring, but it also is adding new challenges involving connectivity, security, and power consumption.

Telecare has been on the horizon for the better part of two decades, but it really began ramping with improvements in sensor technology and with the onset of the coronavirus pandemic. Rather than sitting in a waiting room or lingering in a hospital bed, sick patients now can talk to medical experts remotely using videoconferencing, and they can relay test results or developments digitally.

According to the U.S. Food and Drug Administration, many types of telecare services are available today to show test results and manage everything from skin conditions to prescriptions and urgent care issues. Devices track health goals, blood pressure, cholesterol, and even physical and occupational therapies. And all of that can happen remotely 24/7.

“Home health care is probably the number one use case for the smart home,” said Diya Soubra, director of segment strategy for Automotive and IoT at Arm. “The best scheme to handle the large population of elderly people is to allow them to age gracefully with dignity in their own homes. Remote health care is only economically possible with smart home devices. Smart and connected devices can act collectively to serve an elderly person by anticipating their needs. A collective that is AI-enabled thus removes the need for a tech-savvy consumer. We are at the starting point of such home-based health services, and the launch of the Matter protocol will accelerate deployment.”

As with any nascent technologies, there also are challenges. Medical device failures (both external and implanted) are common. So are connectivity interruptions. Power is another issue, particularly when a device’s functionality is dependent on a battery, and any loss of power or degradation of a connection can affect the quality of data being exchanged.

“Power will depend on the use,” said Kathy Tufto, senior product manager in Siemens EDA’s Embedded Software Division. “If the device is something like a wearable, then minimum power usage is important. Other considerations, such as low power, robustness, reliability, and ease-of-use are all important for in-home use. Since the person using the device is not trained — or has, at best, minimal training specific to the device — it needs to be robust, reliable, and easy to use. We’re also seeing more potential medical applications from devices that are not specifically medical, but are instead applications on a smart phone or watch. These have the same requirements, but since the device itself is not a medical device they will split along two lines — those that are part of therapy/maintenance with a medical professional involved, and those that are more simply informational for the end user, which is much of what we see today. I see these two sides coming together. As these capabilities become sufficiently reliable, they will be combined with other data that will be available to a person’s doctors for monitoring and diagnostic purposes.”

Security issues
Security remains one of the big challenges for telecare, and one that needs to be addressed on an ongoing basis. Not all of these devices are secure initially, and not all of them will remain secure throughout their lifetimes. This is particularly daunting because the amount of data available through breaches, and the value of that data, is growing.

Cyberattacks on hospitals and care facilities are now regular occurrences. As the number of connected health care devices increases, so does the risk of cyberattacks. Alongside of that, debate continues about who owns the data collected from these connected medical devices. Where will the data be stored, and for how long? And if a ransomware attack occurs, who will be responsible for the damage caused by exposing patient health data?

Following recent breaches, patients were notified that security weaknesses would be addressed and they were offered free credit monitoring. But the bigger problem is the potential damage to a patient’s reputation and livelihood, and so far it’s not clear who is responsible if that happens.

“The hacking of medical devices has serious consequences,” said Steve Hanna, distinguished engineer at Infineon Technologies. “Not only will it compromise the privacy of the patients, such as exposing electronic health records, but it can also threaten the well-being of the patients. What is worse, ransomware attacks have grown to the point of affecting multiple parties. For example, hackers could demand the hospital pay a ransom. If refused, hackers could go to the patients and demand a ransom by threatening to sell patients’ personal health information underground. It is important to safeguard medical devices with a combination of things, including using secure hardware (security chips to perform authentication, encryption of sensitive data, and the management of cryptographic keys). Using software to detect the presence of malware is also important. Starting the design with secured chips is the important first step.”

Much more needs to be done, including setting standards for security and privacy. In addition, devices need to be updated to remain in compliance with those standards and to prevent new attacks, which in turn opens another possible avenue for attacks.

“It is expected that most edge devices, including connected medical devices, will be self-contained,” said Gijs Willemse, senior director of product management at Rambus. “Nevertheless, they are vulnerable due to their interfaces and the ability to receive software updates. Secure boot, device authentication, and secure communication, along with protection of provisioned key material, are critical for devices that operate in the public domain and/or could be confiscated. This requires a hardware root of trust, and depending on the performance and latency requirements of the application, hardware acceleration to encrypt/decrypt the data transferred over its interfaces. These hardware security cores should include anti-tamper protections to guard against side-channel and fault injection attacks.”

Navigating through a trove of constantly changing standards is a challenge by itself.

“There appear to be two different paths for home medical devices that rely on electronics/ software for their capabilities,” said Siemens’ Tufto. “For one class of devices, the same standards and guidance that apply to devices in a provider’s network will apply (such as IEC 62304 and ISO 13485). The other class of devices will not be medical-specific, but apps running on a multi-purpose device. If these applications are used as input to a person’s therapy, the same correctness and security considerations will still apply, since laws like HIPAA will also apply. For security, UL2900 has emerged, and many medical device manufacturers are implementing a security architecture that complies with this standard. The FDA has defined a concept called SaMD (Software as a Medical Device) and has published initial guidance on how these applications should be developed and how to identify and manage risk. This guidance will continue to grow with the industry.”

Understanding telecare
While the concept of remote, connected health care has been talked about for years, telecare is relatively new. Yet based on market growth predictions, it’s catching on quickly. Verified Market Research projects the global connected medical devices market size, including heart rate monitors, insulin pumps, and remote monitoring services would reach $137 billion by 2028, up from $27 billion in 2020.

Some of this is simple economics. On average in the United States, it cost $2,607 per day to stay in the hospital. For California and Oregon patients, that cost was $3,726 and $3,271, respectively. For both the health care provider and patient, there are strong financial incentives to discharge patients as soon as is practical. However, they still need to monitored for complications, and telehealth can provide 24/7 remote patient monitoring that until recently took place only within health care facilities.

Using telephone, video, and connected wearable medical devices which monitor patients’ vital signs, health data are received and analyzed either manually or going through M2M/IoT, ultimately saving both time and energy for the patients and caregivers. But this is easier said than done. It takes time to set up a telehealth technology infrastructure, which includes ongoing IT and network maintenance costs. Moreover, caregivers who may not have a technical background need training on how to operate telecare equipment, and patients need to learn how to use the online portal and apps. The massive amount of health data received requires processing, adding another burden.

Many different types of connected wearable medical devices/sensors are needed in remote patient monitoring, such as ECG or EKG monitors, temperature monitors, BP cuffs, and oxygen saturation (SpO2) monitors. There also are an increasing number of AI-based devices, such as Eko’s smart stethoscopes, which use algorithms to detect heart murmurs and atrial fibrillation. In conjunction with the Mayo Clinic, Eko is working on new research for a low ejection fraction algorithm known as ECG Low Ejection Fraction Tool (ELEFT) capable of detecting a weakened heart pump, which is present in about half of heart failure patients and could indicate that a heart attack will occur.

Fig. 1: AI-based stethoscopes use algorithms that can detect heart murmurs and atrial fibrillation (AFib) with performance comparable to human experts. Source: Eko

Fig. 1: AI-based stethoscopes use algorithms that can detect heart murmurs and atrial fibrillation (AFib) with performance comparable to human experts. Source: Eko

Remote patient monitoring (RPM) technology is improving. According to a survey conducted by Vivalink, the newer mobile cardiac telemetry (MCT) method is preferred by caretakers over the traditional Holter monitoring. Additionally, many new RPM applications are expected to use MCT.

The traditional Holter monitor is a small medical device worn by a patient with heart conditions for 24 to 48 hours. The built-in digital recorder, with five to seven electrodes connected to the patient, will record the electrocardiogram or ECG signals generated from the heart.


Fig. 2: Mobile cardiac telemetry (MCT) method used in RPM applications. Source: Vivalink

Fig. 2: Mobile cardiac telemetry (MCT) method used in RPM applications. Source: Vivalink

To simplify RPM design, biosensor chip manufacturers, including analog devices and ams-OSRAM AG are coming out with chips with an analog front-end (AFE) to support multiple functions such as ECG, SpO2, photoplethysmogram (PPG), and bioimpedance (BioZ), which are capable of measuring common vital signs including heart rate, respiration rate, blood pressure, oxygen saturation level, and even heart rate variability (HRV). HRV aka R-R interval measures the time between each heartbeat. Some of these chips consume very low power, ranging from microamps to milliamps, depending on the types of measurements, with supply voltage of less than 2 volts. Additionally, some of these functions can be turned off when not in use to further save power. Die sizes can be as small as 1.7mm<sup>2</sup>, which are needed for wearable devices like earbuds, smart patches, fitness bands, smart watches, and cuff-less optical blood pressure measurements.

For low-power AI applications, Synaptics developed a chip integrating an MCU with multiple sensors. The chip includes capacitive, inductive, Hall effect, and temperature sensing. Supporting functions like touch + force + proximity + temperature detection, the chip consumes only 240 µW in typical operation mode and 10 µW in sleep mode.

Smarter devices
One of the big changes in this sector involves the addition of AI/ML.

“Based on the medical data gathered by medical devices, an AI system would be able to deduce the recommended actions or guide a user toward next steps in most scenarios,” said Boris Cipot, senior security engineer in Synopsys’ Software Integrity Group. “A smart set of home medical devices could help on the initial level to ensure that doctors are contacted only in conditions that are time-sensitive or require deeper or human analysis. Various sensors in AI-driven medical devices would associate certain symptoms to those stored in a database, enabling the technology to deduce if the patient is in urgent need of medical attention.”

AI also opens the door to entirely new business models associated with health care.

“AI technology adoption is happening in the medical device industry, and it’s not just driving exciting new features and high-end functionalities into the devices themselves,” said Dana McCarty, vice president of sales and marketing at Flex Logix. “This technology is also enabling manufacturers to reap the rewards from new service models, where instead of just selling and supporting devices, manufacturers can capture recurring service revenue streams, while at the same time strengthening customer relationships.”

This has a direct bearing on what kind of hardware is used inside of these devices, as well. “When choosing an AI accelerator, whether it is IP or chips, there are many factors to consider, including throughput, performance, processing at the edge, flexibility to update models, and power,” McCarty said.

All things considered, the future of telecare is bright, but the challenges ahead are also very real. With new investment coming to the health care industry, telecare will continue to grow and change. This in turn will energize new innovations in medical devices, sensors, networks, security, AI, and more.

Clothing with built-in smart sensors, for example, is a segment with great growth potential. The challenge is finding affordable textile materials and ways to ensure that electronic sensors are hermetically sealed and washable. Another area of interest is energy harvesting in wearable patient monitoring or implant devices. If energy can be captured from a person’s body heat or motion and applied to the wearable devices, it will lengthen the battery life.

But challenges will continue around patient privacy, securing medical devices and their connections, lowering the costs of operations, and creating devices that consumers will find easy to use. On top of that, insurance companies will need to support telehealth.

And finally, there are unanswered questions about what to do with the massive data generated from the connected medical devices. Should the data be stored, and by whom and for how long?

This market will continue to grow, but challenges will continue alongside of that growth.


Leave a Reply

(Note: This name will be displayed publicly)