[go: up one dir, main page]

US20180146266A1 - System and Method for Controlling Authentication of a Physiological Acquistion Device by a Patient Monitor - Google Patents

System and Method for Controlling Authentication of a Physiological Acquistion Device by a Patient Monitor Download PDF

Info

Publication number
US20180146266A1
US20180146266A1 US15/359,165 US201615359165A US2018146266A1 US 20180146266 A1 US20180146266 A1 US 20180146266A1 US 201615359165 A US201615359165 A US 201615359165A US 2018146266 A1 US2018146266 A1 US 2018146266A1
Authority
US
United States
Prior art keywords
physiological data
unidentified
data acquisition
connector
patient monitor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/359,165
Other versions
US9986314B1 (en
Inventor
Nathaniel Frederic Stoddard
Todd Weyenberg
David Hernke
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GE Precision Healthcare LLC
Original Assignee
General Electric Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Electric Co filed Critical General Electric Co
Priority to US15/359,165 priority Critical patent/US9986314B1/en
Assigned to GENERAL ELECTRIC COMPANY reassignment GENERAL ELECTRIC COMPANY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HERNKE, DAVID, STODDARD, NATHANIEL FREDERIC, WEYENBERG, TODD
Priority to CN201780080931.9A priority patent/CN110113989B/en
Priority to PCT/US2017/061980 priority patent/WO2018098008A1/en
Priority to EP17822069.5A priority patent/EP3544493B1/en
Publication of US20180146266A1 publication Critical patent/US20180146266A1/en
Application granted granted Critical
Publication of US9986314B1 publication Critical patent/US9986314B1/en
Assigned to GE Precision Healthcare LLC reassignment GE Precision Healthcare LLC NUNC PRO TUNC ASSIGNMENT (SEE DOCUMENT FOR DETAILS). Assignors: GENERAL ELECTRIC COMPANY
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H40/00ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
    • G16H40/60ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
    • G16H40/63ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q9/00Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/0002Remote monitoring of patients using telemetry, e.g. transmission of vital signals via a communication network
    • A61B5/0015Remote monitoring of patients using telemetry, e.g. transmission of vital signals via a communication network characterised by features of the telemetry system
    • A61B5/0022Monitoring a patient using a global network, e.g. telephone networks, internet
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/01Measuring temperature of body parts ; Diagnostic temperature sensing, e.g. for malignant or inflamed tissue
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/02Detecting, measuring or recording for evaluating the cardiovascular system, e.g. pulse, heart rate, blood pressure or blood flow
    • A61B5/0205Simultaneously evaluating both cardiovascular conditions and different types of body conditions, e.g. heart and respiratory condition
    • A61B5/02055Simultaneously evaluating both cardiovascular condition and temperature
    • A61B5/0402
    • A61B5/0476
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/145Measuring characteristics of blood in vivo, e.g. gas concentration or pH-value ; Measuring characteristics of body fluids or tissues, e.g. interstitial fluid or cerebral tissue
    • A61B5/1455Measuring characteristics of blood in vivo, e.g. gas concentration or pH-value ; Measuring characteristics of body fluids or tissues, e.g. interstitial fluid or cerebral tissue using optical sensors, e.g. spectral photometrical oximeters
    • A61B5/14551Measuring characteristics of blood in vivo, e.g. gas concentration or pH-value ; Measuring characteristics of body fluids or tissues, e.g. interstitial fluid or cerebral tissue using optical sensors, e.g. spectral photometrical oximeters for measuring blood gases
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/24Detecting, measuring or recording bioelectric or biomagnetic signals of the body or parts thereof
    • A61B5/316Modalities, i.e. specific diagnostic methods
    • A61B5/318Heart-related electrical modalities, e.g. electrocardiography [ECG]
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/24Detecting, measuring or recording bioelectric or biomagnetic signals of the body or parts thereof
    • A61B5/316Modalities, i.e. specific diagnostic methods
    • A61B5/369Electroencephalography [EEG]
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/74Details of notification to user or communication with user or patient; User input means
    • A61B5/742Details of notification to user or communication with user or patient; User input means using visual displays
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • G16H10/60ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61BDIAGNOSIS; SURGERY; IDENTIFICATION
    • A61B5/00Measuring for diagnostic purposes; Identification of persons
    • A61B5/08Measuring devices for evaluating the respiratory organs
    • A61B5/082Evaluation by breath analysis, e.g. determination of the chemical composition of exhaled breath
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2209/00Arrangements in telecontrol or telemetry systems
    • H04Q2209/40Arrangements in telecontrol or telemetry systems using a wireless architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2209/00Arrangements in telecontrol or telemetry systems
    • H04Q2209/80Arrangements in the sub-station, i.e. sensing device
    • H04Q2209/88Providing power supply at the sub-station

Definitions

  • the present disclosure generally relates to medical patient monitoring systems, and more particularly to methods and systems for authenticating approved physiological data acquisition devices for connection to a patient monitor.
  • Patient monitors for monitoring physiological data often comprise a central patient monitor connectable to multiple auxiliary devices that acquire physiological data from the patient so that multiple different types of physiological data acquired by multiple different devices is collected and channeled through a central monitoring device.
  • the central monitoring device often includes a display to display the patient physiological data, memory to store the patient physiological data, and/or a transmitter to transmit the patient physiological data to a central network for storage in a patient's electronic medical record.
  • the patient monitor may be connectable with one or more of several different physiological data acquisition devices simultaneously, which could include a pulse oximeter (SPO2), a non-invasive blood pressure monitor (NIBP), an end-title CO2 (EtCO2) monitor, an electrocardiograph (ECG) device, an electroencephalograph (EEG) device, a temperature monitor, an invasive blood pressure monitor, a capnograph, or the like.
  • SPO2 pulse oximeter
  • NIBP non-invasive blood pressure monitor
  • EtCO2 end-title CO2
  • ECG electrocardiograph
  • EEG electroencephalograph
  • Patient monitors and physiological data acquisition devices come in regular contact with patients and must meet high standards of safety and reliability. Since patient monitors may be connected to various different physiological data acquisition devices, it is important to ensure that all physiological acquisition devices connected to the patient monitor are approved as meeting the appropriate quality and safety standards for device performance so that monitoring quality and patient safety are not compromised.
  • a patient monitor in one embodiment, includes a data connector configured to connect to a corresponding data connector of an approved physiological data acquisition device to provide data transmission to and from the approved physiological data acquisition device, and a power connector configured to connect to a corresponding power connector of the approved physiological data acquisition device to provide power to the approved physiological data acquisition device.
  • the patient monitor further includes a control module configured to detect connection of a corresponding power connector of an unidentified device at the power connection port and/or a corresponding data connector of the unidentified device to the data connector, and provide a limited power amount to the unidentified device through the power connector.
  • the control module performs an authentication process to determine that the unidentified device is the approved physiological data acquisition device, and then provides a full power amount through the power connector to the approved physiological data acquisition device.
  • One embodiment of a method for controlling authentication of an approved physiological data acquisition device by a patient monitor includes detecting connection of a corresponding power connector of an unidentified device to the power connector and providing a limited power amount to the unidentified device through the power connector. The method further includes performing an authentication process to determine that the unidentified device is the approved physiological data acquisition device, and then providing a full power amount through the power connector to the approved physiological data acquisition device.
  • FIG. 1 depicts a patient monitor and physiological data acquisition devices according to one embodiment of the present disclosure.
  • FIG. 2 depicts another patient monitor connected to a physiological data acquisition device according to one embodiment of the present disclosure.
  • FIG. 3 depicts one embodiment of a method of controlling authentication of an approved physiological data acquisition device by a patient monitor.
  • FIG. 4 depicts another embodiment of a method for controlling authentication of an approved physiological data acquisition device by a patient monitor.
  • the present inventors have recognized that systems and methods are needed for reliably and safely operating patient monitoring devices, including patient monitors that are connectable with various physiological data acquisition devices. Unauthentic devices may not meet the rigorous safety or quality standards set for medical monitoring devices. The inventors have recognized that physiological data acquisition devices must be verified and validated for use in a clinical environment with a patient monitor, both to ensure patient safety and to ensure quality and reliability of the acquired physiological data. In situations where a patient monitor may be connected with any number of data acquisition devices, including unauthentic or unapproved devices, manufacturers of such patient monitors need a way to ensure that only approved devices—and thus devices that meet high quality and safety standards—are connected to the patient monitor.
  • the patient monitor limits the amount of power available to any device connected thereto until that device has been verified as an approved physiological data acquisition device.
  • the limited power amount may be a restricted amount that ensures patient safety until such time as the unidentified device is confirmed to be an approved physiological data acquisition device.
  • the limited power amount may be an amount that is just sufficient to operate the identification aspects of the unidentified device and is not an amount sufficient to operate the physiological data acquisition aspects of the device, thus guaranteeing patient safety and that unreliable data is not acquired or transferred to the patient monitor.
  • the patient monitor may further block any patient data from being displayed by the patient monitor, and may further prevent any physiological data from being stored on any memory of the patient monitor.
  • the patient monitor may prevent transmission of any physiological data from unapproved devices via wired or wireless transmission means to any other devices or networks, such as to a host network of a medical facility.
  • the authentication process may include any of various verification and validation steps.
  • the authentication process may include receiving an identification code from a device and comparing the identification code to a list of acceptable identification codes prior to determining that an unidentified device is an approved physiological data acquisition device.
  • the authentication process may include operation of a hash function, whereby each of the patient monitor and unidentified device have the same hashing algorithm that each device uses to create a hash result. The calculated results of both devices are compared by the patient monitor to authenticate the device.
  • the patient monitor may communicate a hash key to the unidentified device.
  • the patient monitor then processes the hash key with the hashing algorithm to create a monitor hash result.
  • the device also processes the hash key with the same hashing algorithm to create a device hash result, which it communicates to the patient monitor.
  • the patient monitor receives the device hash result from the unidentified device and compares the device hash result to the monitor hash result. If the hash results match, then the unidentified device is determined to be an approved physiological data acquisition device. At that point, a full power amount is supplied to the approved physiological data acquisition device, and patient monitoring commences.
  • the patient monitor may continue to limit the available power to the unidentified device or may terminate power supplied to the unidentified device altogether. Alternatively or additionally, the patient monitor may continue to block physiological data from the unidentified device and/or prevent display or transmission of the physiological data. Alternatively or additionally, the patient monitor may generate an alert regarding the authentication failure, which may include generating an auditory alarm or providing a visual alert to a clinician operating the patient monitor.
  • FIGS. 1 and 2 provide block diagrams of differing embodiments of a patient monitor 1 connectable to one or more approved physiological data acquisition devices 2 a, 2 b.
  • the patient monitor 1 is generally configured to connect to any approved physiological data acquisition device 2 , which may include multiple different types of data acquisition devices, such as a pulse oximeter, an NIBP monitor, an EtCO2 monitor, an ECG, an EEG, a temperature monitor, or the like.
  • the approved physiological data acquisition devices 2 a, 2 b include an NIBP monitor 2 a and an ECG 2 b.
  • Each physiological data acquisition device 2 employs one or more sensors 8 connected to the patient 5 to gather the physiological data from the patient 5 .
  • the NIBP monitor 2 a has a sensor 8 that is a blood pressure cuff.
  • the ECG device 2 b gathers cardiac data through sensors 8 in the form of surface electrodes on the patient's chest and abdomen.
  • the patient monitor 1 connects to the approved physiological data acquisition devices via a respective data connector 15 a, 15 b on the patient monitor 1 .
  • Each data connector 15 a, 15 b is configured to connect to a corresponding data connector 14 a, 14 b on the approved physiological data acquisition device 2 a, 2 b.
  • the patient monitor 1 also has on or more power connectors 18 a, 18 b configured to connect to a corresponding power connector 17 a, 17 b on the respective approved physiological data acquisition device 2 a, 2 b to transfer power from the patient monitor 1 to the respective approved physiological data acquisition devices 2 a, 2 b.
  • the data connector 15 and power connector 18 may provide an electrical contact or any other connection that allows data communication and power transfer, respectively.
  • the data and power connectors 15 and 18 and the corresponding data and power connectors 14 and 17 may be Universal Serial Bus (USB)-compliant connectors.
  • the connectors 14 - 15 and 17 - 18 may be a custom medical USB connector designed for use in a clinical environment.
  • one or more of the connections may be through means not requiring galvanic contact between the patient monitor 1 and the physiological data acquisition device 2 .
  • the data connector 15 and corresponding data connector 14 may be optical devices configured to transfer data via optical data transfer means.
  • the data connector 15 and corresponding data connector 14 may be wireless communication devices operating on any of various radio frequency communication protocols, such as Bluetooth, Bluetooth Low Energy, near field communication (NFC), ANT, or according to any of various wireless network protocols, such as on the wireless medical telemetry service (WMTS) spectrum or on a WiFi-compliant wireless local area network (WLAN).
  • the power connector 18 may also provide connection with the corresponding power connector 17 by means other than through galvanic contact, such as via capacitive or inductive power transfer.
  • the respective connectors may include control and other circuitry for facilitating the data and power transfer.
  • the data connector 15 may include a universal asynchronous receiver/transmitter (UART), and thus may include an integrated circuit to translate data between parallel and serial forms.
  • the data connector 15 and the corresponding data connector 14 may include I 2 C for serial peripheral interface (SPI) communication bus devices.
  • SPI serial peripheral interface
  • the data connector 15 and the power connector 18 may be provided in a single connection port 36 a, 36 b that receives a single corresponding connection element 38 a, 38 b containing both a corresponding data connector 14 a, 14 b and a corresponding power connector 17 a, 17 b.
  • one or more cords 40 may be provided with the physiological data acquisition device 2 and may provide the corresponding data connector 14 and/or the corresponding power connector 17 , which may be connected and disconnected from the respective connectors at the patient monitor 1 .
  • the data connector 15 and the power connector 18 may be provided in separate and distinct connector ports and connector elements that are independent of one another. As explained above, certain embodiments may require physical connection between the respective connectors of the patient monitor 1 and the approved physiological data acquisition device 2 ; other embodiments may only require that the devices be in proximity with one another.
  • the physiological data acquisition device 2 may include any sensor 8 , which may include any lead, electrode, lead wire, or available physiological measurement device such as a blood pressure cuff, a pulse oximetry sensor, a temperature sensor, or other device available in the art for acquiring or detecting physiological information from a patient.
  • any sensor 8 may include any lead, electrode, lead wire, or available physiological measurement device such as a blood pressure cuff, a pulse oximetry sensor, a temperature sensor, or other device available in the art for acquiring or detecting physiological information from a patient.
  • the physiological signals recorded by the sensors 8 are digitized by an analog-to-digital converter (A/D converter) 9 in the approved physiological data acquisition device 2 .
  • the A/D converter 9 may be any device or logic set capable of digitizing analog physiological signals.
  • the A/D converter 9 may be an analog front end (AFE).
  • the approved physiological data acquisition device 2 may include a processor 10 , such as a microprocessor or a microcontroller, that receives the digital physiological data from the A/D converter 9 and oversees transmission of the digitized physiological data to the patient monitor 1 via the corresponding data connector 14 .
  • the processor 10 may further execute instructions, such as computer readable software code, which may process the digital physiological data, and the processed data may be transmitted alone or in addition to the raw digitized physiological data from the A/D converter 9 .
  • the physiological data acquisition device 2 may not include any processor.
  • the digitized physiological data is sent from the A/D converter 9 to the corresponding data connector 14 for receipt by the patient monitor 1 .
  • the patient monitor 1 may be configured to receive digitized raw data, digitized filtered data, processed data, or any other form of physiological data from the physiological data acquisition device 2 .
  • the physiological data acquisition device 2 is powered by the patient monitor 1 , and such power is received via the connection between the corresponding power connector 17 and the power connector 18 of the patient monitor 1 .
  • the power may be supplied via a galvanic connection between the corresponding power connector 17 and the power connector 18 , or through inductive or capacitive coupling, as is described above.
  • the processor 10 and the A/D converter 9 receive power via the power management module 12 .
  • the power management module 12 distributes the power to the various powered elements of the physiological data acquisition device 2 .
  • the power management module 22 may include voltage and current regulation circuitry and associated controllers.
  • the power management module 12 may include a battery that stores energy received from the patient monitor 1 .
  • the physiological data acquisition device 2 contains only simple components, such as for a simple temperature sensor, the power management capabilities may not be necessary and may be excluded from the physiological data acquisition device 2 .
  • the power supplied to the physiological data acquisition device 2 is controlled by the power management module 22 in the patient monitor 1 .
  • the power management module 22 may include voltage and current regulation circuitry and associated controllers.
  • the power management module 22 is controlled by and responsive to the control module 26 of the patient monitor 1 , which instructs the power management module 22 to limit the power amount provided to an unidentified device until such time as that unidentified device is verified to be an approved physiological data acquisition device 2 .
  • the control module 26 and the power management module 22 cooperate to regulate the power distribution within the patient monitor and the power supplied to the one or more physiological data acquisition devices 2 .
  • the managed power may be from a battery 20 or from a power supply 21 , such as an AC power supply in the medical facility building.
  • the power management module 22 may provide a limited power amount at an available current of 50 milliamps to an unidentified device. Such a limited current ensures safety of the unidentified device, as it eliminates concern about an improper or unsafe data acquisition device discharging current and injuring a patient 5 .
  • the limited power amount should be a restricted amount that ensures patient safety until such time as the unidentified device is confirmed to be an approved physiological data acquisition device 2 that can be safely operated for patient monitoring in conjunction with the patient monitor 1 .
  • the limited power amount may be an amount that is just sufficient to operate the identification aspects of the unidentified device and is not an amount sufficient to operate the physiological data acquisition aspects of the device.
  • a full power amount can be supplied such that the approved physiological data acquisition device 2 can perform all of its functions, including any one or more of gathering, processing, storing, and displaying physiological data, and transmitting physiological data to the patient monitor 1 .
  • the full power amount may be an available current of 700 milliamps.
  • the processor 10 of the physiological data acquisition device 2 may provide a device identification code to the patient monitor through the wireless or wired connection between the corresponding data connector 14 and the data connector 15 .
  • the physiological data acquisition device 2 may have an identification chip or element 13 that provides an identification pin to the patient monitor 1 .
  • the identification element 13 may be a passive or active radio frequency identification (RFID) chip, which may be energized or powered by the patient monitor 1 upon connection thereto.
  • the identification element 13 could be an application specific integrated circuit (ASIC) or other electronic or logic circuit that performs the device end of the authentication process.
  • RFID radio frequency identification
  • the hashing portion of the authentication process may be performed by the identification element 13 , which may receive a hash key from the patient monitor 1 and process the hash key with the hashing algorithm to generate the device hash result.
  • the hashing algorithm function may be performed by a processor 10 , such as a general purpose processor for the data acquisition device 2 .
  • the processor 10 or the identification element 13 acts as and/or includes memory upon which the hashing algorithm, or hash function, is stored.
  • the hashing algorithm accessed and used to calculate the device hash result.
  • the hashing algorithm may be an iterated cryptographic hash function, or message digest functions, such as MD5 and SHA-1.
  • the message authentication using the hash functions may be performed by any mechanism, such as hashed message authentication code (HMAC) described in RFC2104 of the Network Working Group of the Internet Engineering Task Force (IETF).
  • HMAC hashed message authentication code
  • steps may be performed by the control module 26 within the patient monitor 1 as part of the authentication process.
  • the hashing algorithm may be stored in memory 26 b and accessible by a processor 26 a comprising part of the control module 26 .
  • the control module 26 generates the hash key, which may be any value or string of values that it shares over the data connector 15 with the respective unidentified device or approved physiological data acquisition device 2 .
  • the hash key may be communicated to the processor 10 and/or identification element 13 of the physiological data acquisition device 2 (or unidentified device) as described above.
  • the hash key may be a preset value or string of values, or a randomly generated value or string of values.
  • the control module 26 then processes the hash key with the hashing algorithm to create the monitor hash result. It receives the device hash result from the unidentified device, and compares the device hash result to the monitor hash result to determine whether they match—e.g., whether the hash results are identical or at least a predetermined portion of the results are identical.
  • the control module 26 of the patient monitor 1 receives the digital physiological data transmitted from each of the one or more approved physiological data acquisition devices 2 a, 2 b connected thereto.
  • the control module 26 may be configured to process the digital physiological data prior to transmitting the data to a host network 30 or displaying the physiological data on a display 24 incorporated in or associated with the patient monitor 1 .
  • the control module 26 may not process the digital physiological data, and may simply relay that data to the host network 30 , such as via a wireless connection or transmission means.
  • the host network 30 may be a computer network of a hospital, which may be comprised of locally-housed servers or may be a hosted or cloud-computing network.
  • the host network 30 may include a patient electronic medical records (EMR) database 32 , and thus the patient monitor 1 transmits the physiological data to the host network 30 for storage in the patient's record within the EMR database 32 .
  • the control module 26 may control a receiver transmitter 28 , such as a transceiver, which communicates with a corresponding receiver transmitter 34 within the host network via a communication link 29 in order to transmit the physiological data.
  • the receiver transmitter 28 and 34 may communicate by any wireless or wired transmission protocols, several examples of which are listed above.
  • the display 24 may be any digital display device capable of displaying information about the condition of the patient monitor 1 and/or a connected approved physiological data acquisition device 2 , and/or displaying physiological data or a value calculated therefrom.
  • the control module 26 may control the display 24 to display summaries of the physiological data and/or the physiological data signals themselves to the clinician.
  • the display may be associated with and connected to the patient monitor 1 , such as a standard computer monitor, or may be incorporated into a housing with the other elements of the patient monitor 1 .
  • the display 24 may be a touchscreen providing a mechanism for a clinician to exercise user input control.
  • the systems and methods described herein may be implemented with one or more computer programs executed by one or more processors 26 a, which may all operate as part of a single control module 26 .
  • the computer programs include processor-executable instructions that are stored on a non-transitory, tangible computer readable medium, such as may comprise the memory 26 b.
  • the computer programs may also include stored data, which may also be stored in memory 26 b.
  • Non-limiting examples of the non-transitory tangible computer readable medium are nonvolatile memory, magnetic storage, and optical storage.
  • module may refer to, be part of, or include an application-specific integrated circuit (ASIC), an electronic circuit, a combinational logic circuit, a field programmable gate array (FPGA), a processor (shared, dedicated, or group) that executes code, or other suitable components that provide the described functionality, or a combination of some or all of the above, such as in a system-on-chip.
  • ASIC application-specific integrated circuit
  • FPGA field programmable gate array
  • module may include memory (shared, dedicated, or group) that stores code executed by the processor.
  • code as used herein, may include software, firmware, and/or microcode, and may refer to programs, routines, functions, classes, and/or objects.
  • shared means that some or all code from multiple modules may be executed using a single (shared) processor. In addition, some or all code to be executed by multiple different processors may be stored by a single (shared) memory.
  • group means that some or all code comprising part of a single module may be executed using a group of processors. Likewise, some or all code comprising a single module may be stored using a group of memories.
  • FIGS. 3 and 4 depict embodiments of a method 50 for controlling authentication of an approved physiological data acquisition device 2 by a patient monitor 1 .
  • Connection of a device is detected at step 52 , which is an unidentified device until such time as the device has been authenticated and determined to be an approved physiological data acquisition device 2 .
  • a limited power amount is supplied to the unidentified device at step 54 , which is supplied by the patient monitor 1 via the connection between the power connector 18 and the corresponding power connector 17 .
  • the authentication process is performed at step 60 to authenticate the unidentified device. If the unidentified device is determined to be an approved physiological data acquisition device 2 at step 70 , then the full power amount is provided at step 72 so that the approved physiological data acquisition device 2 can perform its data acquisition function.
  • the approved physiological data acquisition device 2 then acquires and digitizes physiological data, which is received by the patient monitor 1 at step 74 .
  • the patient monitor displays the physiological data on the display 24 at step 76 , and transmits the physiological data to the host network 30 at step 78 .
  • the limited power amount is not sufficient for the unidentified device to perform its data acquisition function, which effectively prevents the unidentified device from acquiring the physiological data from the patient in the first place and thus prevents transfer of the physiological data to the patient monitor 1 in the first place.
  • the patient monitor 1 may take active steps to prevent transfer of data by preventing receipt of data, such as the physiological data, from the unidentified device.
  • the limited power amount may continue to be provided to the unidentified device so that further authentication attempts can be made by re-performing the authentication process or performing different authentication steps.
  • an unidentified device that fails the authentication process once or a predetermined number of times may be cut off completely, including ceasing to supply the limited power amount.
  • FIG. 4 depicts one embodiment of an authentication process. After the limited power amount is supplied at step 54 , active steps may be taken at step 55 to prevent transfer and/or display of the physiological data.
  • the authentication process then commences by receiving an identification code 62 from the unidentified device. The identification code is compared to a list of acceptable identification codes at step 63 . If the received device identification code is on the list, then the patient monitor 1 may provide a hash key to the unidentified device, which is communicated through data connector 15 to the corresponding data connector 14 . The patient monitor 1 then processes the hash key with the hashing algorithm to generate the monitor hash result at step 65 . The device hash result is received at step 66 and compared to the monitor hash result at step 67 . If the hash results match then the unidentified device is determined to be an approved physiological data acquisition device at step 69 .
  • an alert is generated at step 68 to advise the clinician that the authentication process failed and that the unidentified device is not an approved physiological data acquisition device.
  • the alert may be a visual alert provided on the display 24 of the patient monitor 1 , and/or may include an auditory alert, such as an alarm.
  • the monitor may continue to provide the limited power amount and prevent data transfer, and then re-perform one or more of the authentication steps. Thereby, the patient monitor prevents operation of an unapproved and unidentified device, thereby maintaining control over the safety and quality standards of the physiological data acquisition devices connected to the patient 5 .

Landscapes

  • Health & Medical Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Biomedical Technology (AREA)
  • Public Health (AREA)
  • Physics & Mathematics (AREA)
  • Heart & Thoracic Surgery (AREA)
  • Molecular Biology (AREA)
  • Surgery (AREA)
  • Animal Behavior & Ethology (AREA)
  • Pathology (AREA)
  • Veterinary Medicine (AREA)
  • Biophysics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Cardiology (AREA)
  • Epidemiology (AREA)
  • Primary Health Care (AREA)
  • Physiology (AREA)
  • Power Engineering (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Optics & Photonics (AREA)
  • Spectroscopy & Molecular Physics (AREA)
  • Pulmonology (AREA)
  • Psychiatry (AREA)
  • Psychology (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)

Abstract

A patient monitor includes a data connector configured to connect to a corresponding data connector of an approved physiological data acquisition device to provide data transmission to and from the approved physiological data acquisition device, and a power connector configured to connect to a corresponding power connector of the approved physiological data acquisition device to provide power to the approved physiological data acquisition device. The patient monitor further includes a control module configured to detect connection of a corresponding power connector of an unidentified device at the power connection port and/or a corresponding data connector of the unidentified device to the data connector, and provide a limited power amount to the unidentified device through the power connector. The control module performs an authentication process to determine that the unidentified device is the approved physiological data acquisition device, and then provides a full power amount through the power connector to the approved physiological data acquisition device.

Description

    BACKGROUND
  • The present disclosure generally relates to medical patient monitoring systems, and more particularly to methods and systems for authenticating approved physiological data acquisition devices for connection to a patient monitor.
  • Patient monitors for monitoring physiological data often comprise a central patient monitor connectable to multiple auxiliary devices that acquire physiological data from the patient so that multiple different types of physiological data acquired by multiple different devices is collected and channeled through a central monitoring device. The central monitoring device often includes a display to display the patient physiological data, memory to store the patient physiological data, and/or a transmitter to transmit the patient physiological data to a central network for storage in a patient's electronic medical record. The patient monitor may be connectable with one or more of several different physiological data acquisition devices simultaneously, which could include a pulse oximeter (SPO2), a non-invasive blood pressure monitor (NIBP), an end-title CO2 (EtCO2) monitor, an electrocardiograph (ECG) device, an electroencephalograph (EEG) device, a temperature monitor, an invasive blood pressure monitor, a capnograph, or the like.
  • Patient monitors and physiological data acquisition devices come in regular contact with patients and must meet high standards of safety and reliability. Since patient monitors may be connected to various different physiological data acquisition devices, it is important to ensure that all physiological acquisition devices connected to the patient monitor are approved as meeting the appropriate quality and safety standards for device performance so that monitoring quality and patient safety are not compromised.
    • SUMMARY
  • This Summary is provided to introduce a selection of concepts that are further described below in the Detailed Description. This Summary is not intended to identify key or essential features of the claimed subject matter, nor is it intended to be used as an aid in limiting the scope of the claimed subject matter.
  • In one embodiment, a patient monitor includes a data connector configured to connect to a corresponding data connector of an approved physiological data acquisition device to provide data transmission to and from the approved physiological data acquisition device, and a power connector configured to connect to a corresponding power connector of the approved physiological data acquisition device to provide power to the approved physiological data acquisition device. The patient monitor further includes a control module configured to detect connection of a corresponding power connector of an unidentified device at the power connection port and/or a corresponding data connector of the unidentified device to the data connector, and provide a limited power amount to the unidentified device through the power connector. The control module performs an authentication process to determine that the unidentified device is the approved physiological data acquisition device, and then provides a full power amount through the power connector to the approved physiological data acquisition device.
  • One embodiment of a method for controlling authentication of an approved physiological data acquisition device by a patient monitor includes detecting connection of a corresponding power connector of an unidentified device to the power connector and providing a limited power amount to the unidentified device through the power connector. The method further includes performing an authentication process to determine that the unidentified device is the approved physiological data acquisition device, and then providing a full power amount through the power connector to the approved physiological data acquisition device.
  • Various other features, objects, and advantages of the invention will be made apparent from the following description taken together with the drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present disclosure is described with reference to the following Figures.
  • FIG. 1 depicts a patient monitor and physiological data acquisition devices according to one embodiment of the present disclosure.
  • FIG. 2 depicts another patient monitor connected to a physiological data acquisition device according to one embodiment of the present disclosure.
  • FIG. 3 depicts one embodiment of a method of controlling authentication of an approved physiological data acquisition device by a patient monitor.
  • FIG. 4 depicts another embodiment of a method for controlling authentication of an approved physiological data acquisition device by a patient monitor.
    •  DETAILED DESCRIPTION
  • The present inventors have recognized that systems and methods are needed for reliably and safely operating patient monitoring devices, including patient monitors that are connectable with various physiological data acquisition devices. Unauthentic devices may not meet the rigorous safety or quality standards set for medical monitoring devices. The inventors have recognized that physiological data acquisition devices must be verified and validated for use in a clinical environment with a patient monitor, both to ensure patient safety and to ensure quality and reliability of the acquired physiological data. In situations where a patient monitor may be connected with any number of data acquisition devices, including unauthentic or unapproved devices, manufacturers of such patient monitors need a way to ensure that only approved devices—and thus devices that meet high quality and safety standards—are connected to the patient monitor.
  • Based on their recognition of the aforementioned problems and needs, the inventors developed the disclosed system wherein the patient monitor limits the amount of power available to any device connected thereto until that device has been verified as an approved physiological data acquisition device. For example, the limited power amount may be a restricted amount that ensures patient safety until such time as the unidentified device is confirmed to be an approved physiological data acquisition device. Further, the limited power amount may be an amount that is just sufficient to operate the identification aspects of the unidentified device and is not an amount sufficient to operate the physiological data acquisition aspects of the device, thus guaranteeing patient safety and that unreliable data is not acquired or transferred to the patient monitor. The patient monitor may further block any patient data from being displayed by the patient monitor, and may further prevent any physiological data from being stored on any memory of the patient monitor. Likewise, the patient monitor may prevent transmission of any physiological data from unapproved devices via wired or wireless transmission means to any other devices or networks, such as to a host network of a medical facility.
  • The authentication process may include any of various verification and validation steps. For example, the authentication process may include receiving an identification code from a device and comparing the identification code to a list of acceptable identification codes prior to determining that an unidentified device is an approved physiological data acquisition device. Alternatively or additionally, the authentication process may include operation of a hash function, whereby each of the patient monitor and unidentified device have the same hashing algorithm that each device uses to create a hash result. The calculated results of both devices are compared by the patient monitor to authenticate the device.
  • For example, upon connection of an unidentified device, the patient monitor may communicate a hash key to the unidentified device. The patient monitor then processes the hash key with the hashing algorithm to create a monitor hash result. Presumably, if the unidentified device is an approved physiological data acquisition device, the device also processes the hash key with the same hashing algorithm to create a device hash result, which it communicates to the patient monitor. The patient monitor receives the device hash result from the unidentified device and compares the device hash result to the monitor hash result. If the hash results match, then the unidentified device is determined to be an approved physiological data acquisition device. At that point, a full power amount is supplied to the approved physiological data acquisition device, and patient monitoring commences.
  • If the unidentified device does not present a device hash result that matches the monitor hash result, then the operation of the device is not approved. In that case the patient monitor may continue to limit the available power to the unidentified device or may terminate power supplied to the unidentified device altogether. Alternatively or additionally, the patient monitor may continue to block physiological data from the unidentified device and/or prevent display or transmission of the physiological data. Alternatively or additionally, the patient monitor may generate an alert regarding the authentication failure, which may include generating an auditory alarm or providing a visual alert to a clinician operating the patient monitor.
  • Aspects of the disclosure are described herein in terms of functional and/or logical block components and various processing steps. It should be appreciated that such block components may be realized by any number of hardware, software, and/or firmware components configured to perform the specified functions. For example, an embodiment may employ various integrated circuit components, e.g., memory elements, digital signal processing elements, logic elements, look-up tables, or the like, which may carry out a variety of functions under the control of one or more processors or other control devices. In addition, those skilled in the art will appreciate that the present invention may be practiced in conjunction with any number of medical devices, including any number of different physiological data acquisition devices, and that the system described herein is merely one example application. The connecting lines shown in the various figures contained herein are intended to represent example functional relationships and/or physical couplings between the various elements. It should be noted that many alternative or additional functional relationships or physical connections may be present in a practical embodiment.
  • FIGS. 1 and 2 provide block diagrams of differing embodiments of a patient monitor 1 connectable to one or more approved physiological data acquisition devices 2 a, 2 b. The patient monitor 1 is generally configured to connect to any approved physiological data acquisition device 2, which may include multiple different types of data acquisition devices, such as a pulse oximeter, an NIBP monitor, an EtCO2 monitor, an ECG, an EEG, a temperature monitor, or the like. In the depicted embodiment, the approved physiological data acquisition devices 2 a, 2 b include an NIBP monitor 2 a and an ECG 2 b. Each physiological data acquisition device 2 employs one or more sensors 8 connected to the patient 5 to gather the physiological data from the patient 5. In the depicted embodiment, the NIBP monitor 2 a has a sensor 8 that is a blood pressure cuff. The ECG device 2 b gathers cardiac data through sensors 8 in the form of surface electrodes on the patient's chest and abdomen. These and other types of physiological data acquisition devices are well known and standard in the field of medical patient monitoring.
  • The patient monitor 1 connects to the approved physiological data acquisition devices via a respective data connector 15 a, 15 b on the patient monitor 1. Each data connector 15 a, 15 b is configured to connect to a corresponding data connector 14 a, 14 b on the approved physiological data acquisition device 2 a, 2 b. Thereby, data can be transferred in both directions between the patient monitor 1 and the respective approved physiological data acquisition device 2 a, 2 b. The patient monitor 1 also has on or more power connectors 18 a, 18 b configured to connect to a corresponding power connector 17 a, 17 b on the respective approved physiological data acquisition device 2 a, 2 b to transfer power from the patient monitor 1 to the respective approved physiological data acquisition devices 2 a, 2 b.
  • The data connector 15 and power connector 18 may provide an electrical contact or any other connection that allows data communication and power transfer, respectively. For example, the data and power connectors 15 and 18 and the corresponding data and power connectors 14 and 17 may be Universal Serial Bus (USB)-compliant connectors. Alternatively, the connectors 14-15 and 17-18 may be a custom medical USB connector designed for use in a clinical environment.
  • In alternative embodiments, one or more of the connections may be through means not requiring galvanic contact between the patient monitor 1 and the physiological data acquisition device 2. For example, the data connector 15 and corresponding data connector 14 may be optical devices configured to transfer data via optical data transfer means. Alternatively, the data connector 15 and corresponding data connector 14 may be wireless communication devices operating on any of various radio frequency communication protocols, such as Bluetooth, Bluetooth Low Energy, near field communication (NFC), ANT, or according to any of various wireless network protocols, such as on the wireless medical telemetry service (WMTS) spectrum or on a WiFi-compliant wireless local area network (WLAN). The power connector 18 may also provide connection with the corresponding power connector 17 by means other than through galvanic contact, such as via capacitive or inductive power transfer.
  • The respective connectors may include control and other circuitry for facilitating the data and power transfer. For example, the data connector 15 may include a universal asynchronous receiver/transmitter (UART), and thus may include an integrated circuit to translate data between parallel and serial forms. Alternatively, the data connector 15 and the corresponding data connector 14 may include I2C for serial peripheral interface (SPI) communication bus devices.
  • As depicted in FIG. 1, the data connector 15 and the power connector 18 may be provided in a single connection port 36 a, 36 b that receives a single corresponding connection element 38 a, 38 b containing both a corresponding data connector 14 a, 14 b and a corresponding power connector 17 a, 17 b. In certain embodiments, one or more cords 40 may be provided with the physiological data acquisition device 2 and may provide the corresponding data connector 14 and/or the corresponding power connector 17, which may be connected and disconnected from the respective connectors at the patient monitor 1.
  • Alternatively, as depicted in FIG. 2., the data connector 15 and the power connector 18 may be provided in separate and distinct connector ports and connector elements that are independent of one another. As explained above, certain embodiments may require physical connection between the respective connectors of the patient monitor 1 and the approved physiological data acquisition device 2; other embodiments may only require that the devices be in proximity with one another.
  • The physiological data acquisition device 2 may include any sensor 8, which may include any lead, electrode, lead wire, or available physiological measurement device such as a blood pressure cuff, a pulse oximetry sensor, a temperature sensor, or other device available in the art for acquiring or detecting physiological information from a patient.
  • The physiological signals recorded by the sensors 8 are digitized by an analog-to-digital converter (A/D converter) 9 in the approved physiological data acquisition device 2. The A/D converter 9 may be any device or logic set capable of digitizing analog physiological signals. For example, the A/D converter 9 may be an analog front end (AFE). The approved physiological data acquisition device 2 may include a processor 10, such as a microprocessor or a microcontroller, that receives the digital physiological data from the A/D converter 9 and oversees transmission of the digitized physiological data to the patient monitor 1 via the corresponding data connector 14. The processor 10 may further execute instructions, such as computer readable software code, which may process the digital physiological data, and the processed data may be transmitted alone or in addition to the raw digitized physiological data from the A/D converter 9. In an alternative embodiment, the physiological data acquisition device 2 may not include any processor. In such an embodiment, the digitized physiological data is sent from the A/D converter 9 to the corresponding data connector 14 for receipt by the patient monitor 1. Accordingly, the patient monitor 1 may be configured to receive digitized raw data, digitized filtered data, processed data, or any other form of physiological data from the physiological data acquisition device 2.
  • The physiological data acquisition device 2 is powered by the patient monitor 1, and such power is received via the connection between the corresponding power connector 17 and the power connector 18 of the patient monitor 1. The power may be supplied via a galvanic connection between the corresponding power connector 17 and the power connector 18, or through inductive or capacitive coupling, as is described above. The processor 10 and the A/D converter 9 receive power via the power management module 12. The power management module 12 distributes the power to the various powered elements of the physiological data acquisition device 2. For example, the power management module 22 may include voltage and current regulation circuitry and associated controllers. The power management module 12 may include a battery that stores energy received from the patient monitor 1. In other embodiments, where the physiological data acquisition device 2 contains only simple components, such as for a simple temperature sensor, the power management capabilities may not be necessary and may be excluded from the physiological data acquisition device 2.
  • The power supplied to the physiological data acquisition device 2 is controlled by the power management module 22 in the patient monitor 1. For example, the power management module 22 may include voltage and current regulation circuitry and associated controllers. In the depicted embodiment, the power management module 22 is controlled by and responsive to the control module 26 of the patient monitor 1, which instructs the power management module 22 to limit the power amount provided to an unidentified device until such time as that unidentified device is verified to be an approved physiological data acquisition device 2. Thus, the control module 26 and the power management module 22 cooperate to regulate the power distribution within the patient monitor and the power supplied to the one or more physiological data acquisition devices 2. The managed power may be from a battery 20 or from a power supply 21, such as an AC power supply in the medical facility building. For example, the power management module 22 may provide a limited power amount at an available current of 50 milliamps to an unidentified device. Such a limited current ensures safety of the unidentified device, as it eliminates concern about an improper or unsafe data acquisition device discharging current and injuring a patient 5. Generally, the limited power amount should be a restricted amount that ensures patient safety until such time as the unidentified device is confirmed to be an approved physiological data acquisition device 2 that can be safely operated for patient monitoring in conjunction with the patient monitor 1. Further, the limited power amount may be an amount that is just sufficient to operate the identification aspects of the unidentified device and is not an amount sufficient to operate the physiological data acquisition aspects of the device.
  • Once the authentication process has been successfully completed to determine that the unidentified device is the approved physiological data acquisition device 2, a full power amount can be supplied such that the approved physiological data acquisition device 2 can perform all of its functions, including any one or more of gathering, processing, storing, and displaying physiological data, and transmitting physiological data to the patient monitor 1. To provide just one exemplary embodiment, the full power amount may be an available current of 700 milliamps.
  • In various embodiments of the authentication process, the processor 10 of the physiological data acquisition device 2 may provide a device identification code to the patient monitor through the wireless or wired connection between the corresponding data connector 14 and the data connector 15. In certain embodiments, the physiological data acquisition device 2 may have an identification chip or element 13 that provides an identification pin to the patient monitor 1. In one example, the identification element 13 may be a passive or active radio frequency identification (RFID) chip, which may be energized or powered by the patient monitor 1 upon connection thereto. In other embodiments, the identification element 13 could be an application specific integrated circuit (ASIC) or other electronic or logic circuit that performs the device end of the authentication process. For example, in embodiments where the authentication process includes a hashing algorithm, the hashing portion of the authentication process may be performed by the identification element 13, which may receive a hash key from the patient monitor 1 and process the hash key with the hashing algorithm to generate the device hash result. Alternatively, the hashing algorithm function may be performed by a processor 10, such as a general purpose processor for the data acquisition device 2. Either the processor 10 or the identification element 13 acts as and/or includes memory upon which the hashing algorithm, or hash function, is stored. Upon receipt of a hash key from the patient monitor 1, the hashing algorithm is accessed and used to calculate the device hash result. For example, the hashing algorithm may be an iterated cryptographic hash function, or message digest functions, such as MD5 and SHA-1. The message authentication using the hash functions may be performed by any mechanism, such as hashed message authentication code (HMAC) described in RFC2104 of the Network Working Group of the Internet Engineering Task Force (IETF).
  • Likewise, steps may be performed by the control module 26 within the patient monitor 1 as part of the authentication process. For example, the hashing algorithm may be stored in memory 26 b and accessible by a processor 26 a comprising part of the control module 26. In one embodiment, the control module 26 generates the hash key, which may be any value or string of values that it shares over the data connector 15 with the respective unidentified device or approved physiological data acquisition device 2. The hash key may be communicated to the processor 10 and/or identification element 13 of the physiological data acquisition device 2 (or unidentified device) as described above. For example, the hash key may be a preset value or string of values, or a randomly generated value or string of values. The control module 26 then processes the hash key with the hashing algorithm to create the monitor hash result. It receives the device hash result from the unidentified device, and compares the device hash result to the monitor hash result to determine whether they match—e.g., whether the hash results are identical or at least a predetermined portion of the results are identical.
  • In the embodiment of FIGS. 1 and 2, the control module 26 of the patient monitor 1 receives the digital physiological data transmitted from each of the one or more approved physiological data acquisition devices 2 a, 2 b connected thereto. The control module 26 may be configured to process the digital physiological data prior to transmitting the data to a host network 30 or displaying the physiological data on a display 24 incorporated in or associated with the patient monitor 1. In other embodiments, the control module 26 may not process the digital physiological data, and may simply relay that data to the host network 30, such as via a wireless connection or transmission means. For example, the host network 30 may be a computer network of a hospital, which may be comprised of locally-housed servers or may be a hosted or cloud-computing network. The host network 30 may include a patient electronic medical records (EMR) database 32, and thus the patient monitor 1 transmits the physiological data to the host network 30 for storage in the patient's record within the EMR database 32. For instance, the control module 26 may control a receiver transmitter 28, such as a transceiver, which communicates with a corresponding receiver transmitter 34 within the host network via a communication link 29 in order to transmit the physiological data. The receiver transmitter 28 and 34 may communicate by any wireless or wired transmission protocols, several examples of which are listed above.
  • The display 24 may be any digital display device capable of displaying information about the condition of the patient monitor 1 and/or a connected approved physiological data acquisition device 2, and/or displaying physiological data or a value calculated therefrom. For example, the control module 26 may control the display 24 to display summaries of the physiological data and/or the physiological data signals themselves to the clinician. The display may be associated with and connected to the patient monitor 1, such as a standard computer monitor, or may be incorporated into a housing with the other elements of the patient monitor 1. In certain embodiments, the display 24 may be a touchscreen providing a mechanism for a clinician to exercise user input control.
  • The systems and methods described herein may be implemented with one or more computer programs executed by one or more processors 26 a, which may all operate as part of a single control module 26. The computer programs include processor-executable instructions that are stored on a non-transitory, tangible computer readable medium, such as may comprise the memory 26 b. The computer programs may also include stored data, which may also be stored in memory 26 b. Non-limiting examples of the non-transitory tangible computer readable medium are nonvolatile memory, magnetic storage, and optical storage.
  • As used herein, the term module may refer to, be part of, or include an application-specific integrated circuit (ASIC), an electronic circuit, a combinational logic circuit, a field programmable gate array (FPGA), a processor (shared, dedicated, or group) that executes code, or other suitable components that provide the described functionality, or a combination of some or all of the above, such as in a system-on-chip. The term module may include memory (shared, dedicated, or group) that stores code executed by the processor. The term code, as used herein, may include software, firmware, and/or microcode, and may refer to programs, routines, functions, classes, and/or objects. The term shared, as used above, means that some or all code from multiple modules may be executed using a single (shared) processor. In addition, some or all code to be executed by multiple different processors may be stored by a single (shared) memory. The term group, as used above, means that some or all code comprising part of a single module may be executed using a group of processors. Likewise, some or all code comprising a single module may be stored using a group of memories.
  • FIGS. 3 and 4 depict embodiments of a method 50 for controlling authentication of an approved physiological data acquisition device 2 by a patient monitor 1. Connection of a device is detected at step 52, which is an unidentified device until such time as the device has been authenticated and determined to be an approved physiological data acquisition device 2. A limited power amount is supplied to the unidentified device at step 54, which is supplied by the patient monitor 1 via the connection between the power connector 18 and the corresponding power connector 17. The authentication process is performed at step 60 to authenticate the unidentified device. If the unidentified device is determined to be an approved physiological data acquisition device 2 at step 70, then the full power amount is provided at step 72 so that the approved physiological data acquisition device 2 can perform its data acquisition function. The approved physiological data acquisition device 2 then acquires and digitizes physiological data, which is received by the patient monitor 1 at step 74. The patient monitor displays the physiological data on the display 24 at step 76, and transmits the physiological data to the host network 30 at step 78.
  • Returning to step 70, if the unidentified device is not an approved physiological data acquisition device, then the limited power amount continues to be provided and no physiological data is displayed or transmitted to the host network. Presumably, the limited power amount is not sufficient for the unidentified device to perform its data acquisition function, which effectively prevents the unidentified device from acquiring the physiological data from the patient in the first place and thus prevents transfer of the physiological data to the patient monitor 1 in the first place. Alternatively or additionally, the patient monitor 1 may take active steps to prevent transfer of data by preventing receipt of data, such as the physiological data, from the unidentified device. In certain embodiments, the limited power amount may continue to be provided to the unidentified device so that further authentication attempts can be made by re-performing the authentication process or performing different authentication steps. In other embodiments, an unidentified device that fails the authentication process once or a predetermined number of times may be cut off completely, including ceasing to supply the limited power amount.
  • FIG. 4 depicts one embodiment of an authentication process. After the limited power amount is supplied at step 54, active steps may be taken at step 55 to prevent transfer and/or display of the physiological data. The authentication process then commences by receiving an identification code 62 from the unidentified device. The identification code is compared to a list of acceptable identification codes at step 63. If the received device identification code is on the list, then the patient monitor 1 may provide a hash key to the unidentified device, which is communicated through data connector 15 to the corresponding data connector 14. The patient monitor 1 then processes the hash key with the hashing algorithm to generate the monitor hash result at step 65. The device hash result is received at step 66 and compared to the monitor hash result at step 67. If the hash results match then the unidentified device is determined to be an approved physiological data acquisition device at step 69.
  • If it is determined at step 63 that the received device identification code is not on the list of acceptable identification codes, or it is determined at step 67 that the device hash result does not match the monitor hash result, then an alert is generated at step 68 to advise the clinician that the authentication process failed and that the unidentified device is not an approved physiological data acquisition device. For example, the alert may be a visual alert provided on the display 24 of the patient monitor 1, and/or may include an auditory alert, such as an alarm. The monitor may continue to provide the limited power amount and prevent data transfer, and then re-perform one or more of the authentication steps. Thereby, the patient monitor prevents operation of an unapproved and unidentified device, thereby maintaining control over the safety and quality standards of the physiological data acquisition devices connected to the patient 5.
  • This written description uses examples to disclose the invention, including the best mode, and also to enable any person skilled in the art to make and use the invention. Certain terms have been used for brevity, clarity and understanding. No unnecessary limitations are to be inferred therefrom beyond the requirement of the prior art because such terms are used for descriptive purposes only and are intended to be broadly construed. The patentable scope of the invention is defined by the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have features or structural elements that do not differ from the literal language of the claims, or if they include equivalent features or structural elements with insubstantial differences from the literal languages of the claims.

Claims (20)

1. A patient monitor comprising:
a data connector configured to connect to a corresponding data connector of an approved physiological data acquisition device to provide data transmission to and from the approved physiological data acquisition device;
a power connector configured to connect to a corresponding power connector of the approved physiological data acquisition device to provide power to the approved physiological data acquisition device;
a control module configured to:
detect connection of a corresponding power connector of an unidentified device to the power connector and/or a corresponding data connector of the unidentified device to the data connector;
provide a limited power amount to the unidentified device through the power
connector wherein the limited power amount is sufficient to power the authentication process by the unidentified device, but is insufficient to power physiological data acquisition by the unidentified device;
perform an authentication process to determine that the unidentified device is the approved physiological data acquisition device; and
provide a full power amount through the power connector to the approved
physiological data acquisition device so as to power physiological data acquisition by the physiological data acquisition device.
2. The patient monitor of claim 1, wherein the control module is further configured to prevent display of physiological data from the unidentified device to the patient monitor until after it determines that the unidentified device is the approved physiological data acquisition device.
3. The patient monitor of claim 2, wherein the patient monitor:
receives physiological data from the approved physiological data acquisition device after the control module determines that the unidentified device is the approved physiological data acquisition device; and
transmits at least a portion of the physiological data to a host network.
4. The patient monitor of claim 3, wherein the patient monitor displays at least a portion of the physiological data from the approved physiological data acquisition device on a display.
5. The patient monitor of claim 1, wherein the control module is configured to:
provide hash key through the data connector to the unidentified device;
process the hash key with a hashing algorithm to create a monitor hash result;
receive a device hash result through the data connector from the unidentified device;
compare the device hash result to the monitor hash result; and
determine that the unidentified device is the approved physiological data acquisition device if the device hash result matches the monitor hash result.
6. The patient monitor of claim 5, wherein the control module is further configured to prevent transfer of physiological data from the unidentified device to the patient monitor other than the device hash result until after it determines that the device hash result matches the monitor hash result.
7. The patient monitor of claim 1, wherein the control module is further configured to:
receive a device identification code from the unidentified device; and
determine that the device identification code matches one of a list of acceptable identification codes prior to receiving the device hash result from the unidentified device.
8. The patient monitor of claim 1, wherein the data connector and the power connector are provided in a single connection port on the patient monitor that receives a single corresponding connection element containing the corresponding data connector and the corresponding power connector.
9. The patient monitor of claim 1, wherein the data connector is a wireless transceiver in the patient monitor configured to wirelessly connect to the corresponding data connector, which is a wireless transceiver in the approved data acquisition device.
10. The patient monitor of claim 1, wherein the limited power amount is an available current of 50 milliamps.
11. A method for controlling authentication of an approved physiological data acquisition device by a patient monitor, the method comprising:
detecting connection of a corresponding power connector of an unidentified device to the power connector and/or a corresponding data connector of the unidentified device to the data connector;
providing a limited power amount to the unidentified device through the power connector, wherein the limited power amount is sufficient to power the authentication process by the unidentified device, but is insufficient to power physiological data acquisition by the unidentified device;
performing an authentication process to determine that the unidentified device is an approved physiological data acquisition device; and
providing a full power amount through the power connector to the approved physiological data acquisition device so as to power physiological data acquisition by the physiological data acquisition device.
12. The method of claim 11, wherein the authentication process includes:
providing hash key through the data connector to the unidentified device;
processing the hash key with a hashing algorithm to create a monitor hash result;
receiving a device hash result through the data connector from the unidentified device;
comparing the device hash result to the monitor hash result; and
determining that the unidentified device is the approved physiological data acquisition device if the device hash result matches the monitor hash result.
13. The method of claim 12, further comprising preventing transfer of physiological data from the unidentified device to the patient monitor until after determining that the device hash result matches the monitor hash result.
14. The method of claim 13, further comprising:
receiving physiological data from the approved physiological data acquisition device after determining that the device hash result matches the monitor hash result; and
transmitting at least a portion of the physiological data to a host network.
15. The method of claim 14, further comprising displaying on a display in the patient monitor at least a portion of the physiological data from the approved physiological data acquisition device.
16. The method of claim 12, wherein the authentication process further includes:
receiving a device identification code through the data connector from the unidentified device; and
determining that the device identification code matches one of a list of acceptable identification codes prior to receiving the device hash result from the unidentified device.
17. The method of claim 12, further comprising:
determining that the unidentified device is not the approved physiological device if the device hash result does not match the monitor hash result;
continuing to provide the limited power amount to the unidentified device through the power connector; and
preventing display of physiological data from the unidentified device to the patient monitor.
18. The method of claim 11, further comprising preventing display of physiological data from the unidentified device to the patient monitor until after determining that the unidentified device is the approved physiological data acquisition device.
19. The method of claim 11, wherein the authentication process includes:
receiving a device identification code from the unidentified device; and
determining that the device identification code matches one of a list of acceptable identification codes prior to receiving the device hash result from the unidentified device.
20. The method of claim 11, further comprising:
determining that the unidentified device is not the approved physiological device; and
continuing to provide the limited power amount to the unidentified device through the power connector; and
preventing transfer of physiological data from the unidentified device to the patient monitor.
US15/359,165 2016-11-22 2016-11-22 System and method for controlling authentication of a physiological acquistion device by a patient monitor Active US9986314B1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US15/359,165 US9986314B1 (en) 2016-11-22 2016-11-22 System and method for controlling authentication of a physiological acquistion device by a patient monitor
CN201780080931.9A CN110113989B (en) 2016-11-22 2017-11-16 System and method for patient monitor control authentication of physiological acquisition device
PCT/US2017/061980 WO2018098008A1 (en) 2016-11-22 2017-11-16 System and method for controlling authentication of a physiological acquistion device by a patient monitor
EP17822069.5A EP3544493B1 (en) 2016-11-22 2017-11-16 System and method for controlling authentication of a physiological acquistion device by a patient monitor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/359,165 US9986314B1 (en) 2016-11-22 2016-11-22 System and method for controlling authentication of a physiological acquistion device by a patient monitor

Publications (2)

Publication Number Publication Date
US20180146266A1 true US20180146266A1 (en) 2018-05-24
US9986314B1 US9986314B1 (en) 2018-05-29

Family

ID=60813950

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/359,165 Active US9986314B1 (en) 2016-11-22 2016-11-22 System and method for controlling authentication of a physiological acquistion device by a patient monitor

Country Status (4)

Country Link
US (1) US9986314B1 (en)
EP (1) EP3544493B1 (en)
CN (1) CN110113989B (en)
WO (1) WO2018098008A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10410446B1 (en) * 2016-07-25 2019-09-10 United Services Automobile Association (Usaa) Authentication based on through-body signals

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112002119B (en) * 2020-05-06 2021-06-11 深圳市小水滴健康科技有限公司 Physiological data ultra-low power consumption acquisition system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140223037A1 (en) * 2013-02-07 2014-08-07 Apple Inc. Method and system for detecting connection of a host device to an accessory device

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5400267A (en) 1992-12-08 1995-03-21 Hemostatix Corporation Local in-device memory feature for electrically powered medical equipment
US6298255B1 (en) 1999-06-09 2001-10-02 Aspect Medical Systems, Inc. Smart electrophysiological sensor system with automatic authentication and validation and an interface for a smart electrophysiological sensor system
CA2659226C (en) * 2006-10-13 2016-08-02 Aspect Medical Systems, Inc. Physiological sensor system with automatic authentication and validation by means of a radio frequency identification protocol with an integrated rfid interrogator system
US9510755B2 (en) * 2008-03-10 2016-12-06 Koninklijke Philips N.V. ECG monitoring sytstem with docking station
US7728548B2 (en) * 2008-06-02 2010-06-01 Physio-Control, Inc. Defibrillator battery authentication system
US9830670B2 (en) * 2008-07-10 2017-11-28 Apple Inc. Intelligent power monitoring
US20110208013A1 (en) * 2010-02-24 2011-08-25 Edwards Lifesciences Corporation Body Parameter Sensor and Monitor Interface
KR20120036244A (en) * 2010-10-07 2012-04-17 삼성전자주식회사 Implantable medical device(imd) and method for controlling of the imd
CN102462491A (en) * 2010-11-03 2012-05-23 苏州大学 Intelligent wireless human body blood pressure monitoring system, monitor and monitoring method
WO2012151652A1 (en) * 2011-05-06 2012-11-15 Certicom Corp. Managing data for authentication devices
EP3505065B1 (en) * 2011-09-23 2021-03-03 Dexcom, Inc. Systems and methods for processing and transmitting sensor data
WO2014027273A1 (en) * 2012-08-16 2014-02-20 Koninklijke Philips N.V. Connected patient monitoring system and method to provide patient-centric intelligent monitoring services
WO2014210510A1 (en) * 2013-06-28 2014-12-31 Zoll Medical Corporation Systems and methods of delivering therapy using an ambulatory medical device
US9443059B2 (en) * 2013-10-29 2016-09-13 General Electric Company System and method of evaluating an association between a wireless sensor and a monitored patient
US11017898B2 (en) 2013-10-29 2021-05-25 General Electric Company Patient monitor sensor type auto configuration
JP6329810B2 (en) * 2014-04-30 2018-05-23 シャープ株式会社 Data processing terminal and data processing method
US9613197B2 (en) * 2014-11-10 2017-04-04 Wipro Limited Biometric user authentication system and a method therefor
EP3032443A1 (en) * 2014-12-08 2016-06-15 Roche Diagnostics GmbH Pairing of a medical apparatus with a control unit
US9917821B2 (en) * 2015-12-29 2018-03-13 Itron, Inc. Hardware cryptographic authentication

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140223037A1 (en) * 2013-02-07 2014-08-07 Apple Inc. Method and system for detecting connection of a host device to an accessory device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10410446B1 (en) * 2016-07-25 2019-09-10 United Services Automobile Association (Usaa) Authentication based on through-body signals
US10755512B1 (en) 2016-07-25 2020-08-25 United Services Automobile Association (Usaa) Authentication based on through-body signals
US11049348B1 (en) 2016-07-25 2021-06-29 United Services Automobile Association (Usaa) Authentication based on through-body signals
US11798341B1 (en) 2016-07-25 2023-10-24 United Services Automobile Association (Usaa) Authentication based on through-body signals

Also Published As

Publication number Publication date
CN110113989B (en) 2022-09-13
CN110113989A (en) 2019-08-09
EP3544493A1 (en) 2019-10-02
US9986314B1 (en) 2018-05-29
WO2018098008A1 (en) 2018-05-31
EP3544493B1 (en) 2021-08-18

Similar Documents

Publication Publication Date Title
US6792396B2 (en) Interface device and method for a monitoring network
US8700158B2 (en) Regulatory compliant transmission of medical data employing a patient implantable medical device and a generic network access
US10124184B2 (en) Defibrillator/monitor system having a pod with leads capable of wirelessly communicating
AU2019276992A1 (en) System and method for secured sharing of medical data generated by a patient medical device
Mohanthy Real time internet application with distributed flow environment for medical IoT
CN104224116B (en) Medical sensor, method for using same and operating device
WO2006051464A1 (en) Method for automatic association of medical devices to a patient and concurrent creation of a patient record
US20170000346A1 (en) Wireless Charging And Pairing Of Wireless Associated Devices
EP3544493B1 (en) System and method for controlling authentication of a physiological acquistion device by a patient monitor
US20140310024A1 (en) Wifi cloud electronic vital-sign monitoring system
CN115298744A (en) Automated device pairing using biometric identifiers
TWI591568B (en) Distal immediate health warning system
JP7005391B2 (en) Biometric information system
CN112512404B (en) Monitor and control method thereof, acquisition and receiving device and communication method thereof
JP6560037B2 (en) Biological information measuring apparatus and control method thereof
EP3720340B1 (en) Device and method for device detection using electrical non-linear characteristics
CN109939356A (en) Access method of implantable medical device, server, terminal and storage medium
US10827933B2 (en) Sensor, and patient monitoring system
CN114078589B (en) Medical follow-up device, method, medium and apparatus for medical follow-up
KR20190076649A (en) Method and apparatus for measuring bio-signal for encryption key generation
US20160143597A1 (en) Processing device
EP2998893A1 (en) Medical device system and medical device
KR101583311B1 (en) Method for physiological value based key agreement
CN117257255A (en) Physiological monitoring device and monitoring method
CN111833980A (en) A Safe and Immediate Health Care System

Legal Events

Date Code Title Description
AS Assignment

Owner name: GENERAL ELECTRIC COMPANY, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WEYENBERG, TODD;STODDARD, NATHANIEL FREDERIC;HERNKE, DAVID;REEL/FRAME:041018/0193

Effective date: 20161110

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: GE PRECISION HEALTHCARE LLC, WISCONSIN

Free format text: NUNC PRO TUNC ASSIGNMENT;ASSIGNOR:GENERAL ELECTRIC COMPANY;REEL/FRAME:071225/0218

Effective date: 20250505