A Sitra and HUS partnership project: safer data transfer in healthcare
Text: Ari Rysty
Photos: Paula Lehto
Although type I diabetes can be managed with simple insulin treatment, it is a stressful disease that requires parents to constantly monitor their child’s blood sugar and make numerous decisions about their child’s care. Even though blood sugar levels can be monitored with an under-skin glucose sensor and insulin can be administered with an insulin pump, it is often difficult to predict changes in blood sugar levels. To help make things easier, Sitra and HUS have joined forces on a project to develop safe data transfer between a diabetic child’s blood sugar level monitoring device and their parents, school, daycare centre and hospital physician. Patria is involved in ensuring the cyber security of the IT systems. “We met HUS’s representatives at VTT’s AI seminar in Otaniemi, where we discussed both data and cyber security. We introduced them to our expertise in April 2018, which led to us joining this interesting project,” says Product Group Manager Kaj Nyberg from Patria Systems.
Healthcare IT systems are an important part of the authorities’ security-critical functions. When a patient’s personal details are transferred between various actors, the patient’s permission is always required. So it is not only a question of transferring data securely – permission to use the data must also be acquired within the system. From the perspective of care and monitoring, the quicker the physician gets the data, the better it is for the patient. “Thanks to this process, the patient’s physician can monitor and predict changes in the patient’s blood sugar in almost real time. This leads to much more effective care than relying solely on blood tests taken at doctor’s appointments,” says Nyberg. The monitoring enabled by the project also opens up interesting perspectives on how to make healthcare more effective and how to make more extensive use of data in healthcare, but these ideas also involve high-level data security risks. Patria system architect Tommi Tani stresses that the bad guys are also interested in big data. For example, during an extensive data security breach in Norway last year, the health data of up to 2.9 million Norwegians may have ended up in the wrong hands. “The data in a poorly protected database can be scanned and mined. That’s why it’s important to ensure cyber security by pressure testing new systems and processes at the development stage,” says Tani.
The project plan approved by Sitra and its funding have progressed to the first Proof-of-Concept phase, which will determine how well the patient can grant and revoke permission for data transfer. The project will run until 2021. It will comply with person-centric MyData philosophy, and permission will be granted in accordance with Sitra’s IHAN concept. This means that data transfer in a system using an open interface should be fair and under the individual’s control. The shared goal is to make daily life easier for both diabetic children and their families. “Patria has been actively involved in the design meetings and workshops that have been held throughout the spring. Our role is to be the cyber security specialist who knows how to ask those ‘what if?’ questions during design and planning,” says Nyberg. Secure data transfer and the forthcoming 5G and 6G networks will enable predictive healthcare, and thereby savings of as much as a billion. Nyberg reminds us that cyber security in healthcare and the defence industry have much in common, which means that Patria’s customers will also benefit from this project in the long term.