Fail-safe open software platforms for cyber-physical medical systems (CPMS) are expected to securely host medical applications of medical devices, clinical systems and health repositories for the purpose of safe healthcare delivery to patients at the point of care. Secure and reliable ad-hoc connections to medical systems and health records are mandatory when health professionals need immediate access to the patient's live vital data and electronic medical records during individual medical procedures. Here, we report about a service-oriented open software platform that has been developed for cyber-physical networks of distributed medical systems. An automated data logging cyber-physical software system for medical procedures is described, which is characterized by secure user authorization, standardized device and system communication and softwareassisted guidance utilizing a WHO surgical safety checklist.
Cyber Physical Systems (CPS) are defined as systems of collaborating
computational elements controlling physical entities [
The central component of the service oriented medical platform is a vendor-neutral interoperability gateway which hosts the middleware and orchestrates applications which derive from medical systems in the point-of-care (PoC) network communicating with disparate health-IT networks. A schematic of the interoperability gateway connecting medical devices and systems in the IT and PoC network is illustrated in Fig. 1.
Individual or Open SDC2 networked medical devices are connected to the Open Web Interface
(OWIN)3 middleware of the gateway through Web application programming interfaces
(WebAPIs) between Web server and the Web client applications. User agents are Web client
applications of browser programs, commonly found in frontend devices. A standard has been
proposed regarding the architecture for distributed systems of medical devices in high acuity
2 Open SDC: http://sourceforge.net/projects/opensdc/
3 Open Web Interface (OWIN): http://owin.org/
environments [
The Web-API can optionally be designed as a FHIR6 interface between resources as JSON representations. The Fast Healthcare Interoperability Resources (FHIR) implementations define a set of resources that represent granular clinical concepts7. Each of the resources has a predictable URL. The resources can be managed in isolation or bundled into complex documents. If suitable, open internet standards are used for FHIR data representation.
The open service-oriented health software platform and its capability to implement
clinical workflow-based health services have been described elsewhere [
In this scenario, Web-API controllers act as resource servers. An authentication filter validates access tokens. When a controller or action has an “Authorize” attribute, all requests to that controller must be authenticated. Otherwise, authorization is denied, and the Web-API returns an error for unauthorized access8 4 RESTful Interface: http://en.wikipedia.org/wiki/Representational_state_transfer 5 JSON: http://en.wikipedia.org/wiki/JSON 6 FHIR-API: http://www.hl7.org/implement/standards/fhir/http.html 7 FHIR: http://wiki.hl7.org/index.php?title=FHIR 8 OAuth2 API Controller: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
An automated data logging system is built in software, which automatically records user interactions, events and alerts from data communication between the devices and systems. The software includes a graphic user interface that is specifically designed to assist the OR safety manager of maintaining live a surgical safety checklist (SSC) as promoted by the World Health Organization (WHO). The WHO SSC was developed after extensive consultation with health professionals aiming to decrease errors and adverse events, and to increase teamwork and communication in surgery . The checklist is designed to guide communication among the health professionals and with the patient 9 OAuth2 http://oauth.net/2/ aimed to enhance patient safety in surgery. Implementation of SSC in surgical routines has proven to significantly reduce morbidity and mortality in surgery. The WHO SSC application is implemented in software as a request/response routine with the OWIN middleware as a standard interface between the gateway server and the SSC application.
Our work concerns the development of a fail-safe open software platform for cyberphysical medical systems in surgery. This paper has described a concept and technical implementations of users securely accessing the medical IT network during live surgical procedures. The OAuth2 standard is employed which is particularly suited for healthcare delivery organizations (HDOs) to grant user specific authorization flows when accessing medical device and Health IT system networks. The deployment of a Health IT communication server and a vendor-neutral interoperability gateway has proven to be a feasible infrastructure for the open software platform. Multiple Web-APIs to medical device networks and health IT systems are managed through implementing an established standardized open web interface middleware as a request and response pipeline across device and systems domains.
The WHO Surgical Safety Checklist application is presently built as a demonstrator for
automated device, system and workflow integration in the surgical room.
The SSC application under development is a project in the framework of the German
federally funded flagship project “OR.NET”, in which more than 50 partners from
industry and research participate [
Future works concerns the development of software routines for testing the health Web platforms in clinical environments and for verifying routines for compliance with ISO and IEC standards and with profiles of the “Integrating the Healthcare Enterprise (IHE) association including FHIR.
This work was supported by the German Federal Ministry of Education and Research in the framework of the ICT flagship project OR.NET10 10 OR.NET German Federal Research Project: www.ornet.org