Cloud infrastructure is now an essential component in the development of connected medical devices across the Internet of Medical Things (IoMT) space. It allows medical professionals and patients to access crucial health data remotely while enabling manufacturers to manage their device fleet. However, this convenience comes with its own set of security, compliance, and privacy challenges that product owners and cloud developers need to consider.
In this article, we will dive into five fundamental web app and cloud development areas crucial for building a successful Medical IoT cloud infrastructure. Leveraging Punch Through’s expertise in solving complex connectivity and custom software development issues, we aim to help you and your team avoid common pitfalls that could lead to unforeseen risks or delays to your cloud project.
Setting Your Cloud Project Up For Success
Cloud infrastructure starts with choosing a cloud provider and service offerings (AWS, Azure, and Google Cloud are the most common). As you begin designing and setting up a cloud-based infrastructure, keep in mind these five cornerstones: security, reliability, compliance, scalability, and observability.
Cloud Security Considerations for Medical IoT
Cloud infrastructure and data storage are critical components when securing connected medical devices. While a broader security design would also cover device-level protocols like BLE, this article zeroes in on important considerations for cloud security. Specifically, one should consider multi-layered security, restricted data access, and security integration across the software development lifecycle.
Multiple Layers of Security: Setting up multiple layers of security in your cloud infrastructure is essential. In each layer, you should ensure that only pre-approved traffic and users can pass through to the next layer. For example, these security layers can prevent one clinic from accessing another clinic’s patient data.
Limited Access to Sensitive Data: While implementing these layers, it is important to limit access to sensitive data to the smallest number of users and systems possible. This will reduce the chance of errors or unauthorized access and changes.
Security Throughout SDLC: Remember to think about security throughout the Software Development Lifecycle (SDLC), not just at the end of a project after the infrastructure has already been provisioned. By deliberately thinking about the security design up front, you save a lot of time in reworking the system to be more secure later.
Data Encryption: Make sure to consider data both in transit and at rest.
- In Transit: To ensure the security of potentially sensitive data sent to and from the cloud application, encrypt data in transit using HTTPS for web applications and TLS 1.2+ for database connections.
- At Rest: Data must also be encrypted where it’s stored. This can be accomplished by using the cloud service’s managed database services (like AWS’s RDS or Azure’s Database service) and choosing to have the database storage and backups reside in encrypted storage.
Automated Tests and Audit Logs: Implement automated tests to ensure security rules are in place and functioning as expected. Make sure to maintain audit logs to track everything a user or system attempts to access. Also, consider sending all security logs to a secure, separate logging service to help prevent an intruder from being able to modify or delete the logs.
This could be as simple as copying the logs to a separate AWS account with permissions set not to allow data deletion when another account sends log data to it.
Further Reading: For a more comprehensive approach to connected device security design, please read our article on the security design of your device’s BLE communication with a smartphone.
Cloud Reliability Considerations for Medical IoT
When capturing data from remote devices into your cloud solution, setting up a reliable system to ingest and store the data is essential for reliability. One of the goals here is to prevent any chance that critical medical data is lost or unable to be fully captured by the cloud system. To ensure this level of reliability in your strategy, consider leveraging event-based infrastructure, optimizing cloud ‘serverless’ services, and implementing fail-safes like over-provisioning and multi-zone deployment.
Event-Based Infrastructure: Depending on the volume of data collected, consider setting up some event-based infrastructure to ensure data capture so it can be transferred or analyzed later.
Leverage Cloud “Serverless” Services: One way would be to leverage cloud providers’ “serverless” services and an event or message bus service.
- Message Bus: Use a cloud provider’s “serverless” services and an event or message bus service to ensure reliable and scalable data capture.
- Asynchronous Process: Using an asynchronous process with a message bus can help ensure all the data is captured reliably in a way that is also scalable as the number of devices or the amount of the data grows.
Over-Provision Instances: One strategy you can employ is to slightly over-provision the number of cloud instances of your services. Should you experience a sudden spike in system usage, the capacity would already be there to handle such an influx. It also gives the system time to scale up during sudden traffic bursts.
Deploy Across Multiple Availability Zones or Regions: Another aspect to consider would be deploying your app in multiple availability zones in AWS or multiple regions on different cloud services. If there’s an outage in one zone or region, it won’t bring down the service.
Employ Automated Software Test Suites: It’s also important to note that automated software test suites with unit and integration tests can help reduce the number and severity of defects that make it to production. Have these test suites run with each code change your software developers create to help catch defects early in the development process and prevent regressions. Use a cloud-based CI service like GitHub Actions or Azure DevOps to build the software, run the automated test suites, and deploy the code to a test environment once all checks pass and reviewers approve the code change.
Cloud Compliance Considerations for Medical IoT
Given the stringent regulatory requirements for patient privacy in healthcare, navigating compliance is critical to setting up cloud infrastructure for medical devices. To successfully navigate these compliance challenges, selecting HIPAA-compliant cloud providers is crucial, as understanding their specific services for healthcare applications and utilizing reference architectures is a starting point.
HIPAA-Compliant Cloud Providers: These companies ensure that the provider designates the services you use to securely handle personal health information (PHI). Ensure a HIPAA Business Associate Agreement (BAA) between your organization and the cloud provider is in place.
AWS as an Example:
- List of Services: AWS provides a list of HIPAA-compliant AWS services.
- Reference Architecture: AWS also offers a HIPAA reference architecture to help set a starting point for securing your infrastructure. This documentation can guide you on what services to use and how to configure networking between them securely.
Cloud Scalability Considerations for Medical IoT
Understanding how to scale your cloud infrastructure effectively is vital to managing costs and performance in the connected medical device space. To master this, you’ll want to focus on initial traffic assessment, the benefits of cloud-based hosting, and the specific cloud services that facilitate scalability.
Initial Traffic Assessment: When launching your service, it’s crucial to understand the traffic needs of different system components. Knowing the scalability settings of your cloud services allows you to adjust instance counts on the fly, accommodating more traffic than initially expected.
Benefits of Cloud-Based Hosting: One key advantage of using cloud-based hosting for web applications is the platform’s scalability controls. These help you manage peaks and dips in traffic gracefully. Well-designed systems can reduce costs by removing under-utilized resources without affecting the performance of users’ experience.
Load Balancing and API Gateways: The major cloud providers offer a few different services to guarantee scalability. The two areas to explore would be load balancing and API gateway services.
- Load Balancers: These route web requests to different service instances based on traffic volume or geographical location.
- API Gateways: These route web API requests to different services based on the HTTP path or other request attributes.
Functions-as-a-Service/Serverless: These services will offer auto-scaling settings, or you can set up your control of how many instances are running of each service. You can even scale these services down to zero instances to save money when a service isn’t being used and have it automatically started or scaled up as the load grows.
- Auto-Scaling: Major cloud providers offer “functions as a service” or “serverless” options with auto-scaling settings.
- Manual Control: You can also manually control the number of running instances, scaling to zero to save costs when unused.
- Docker Containers: Cloud providers offer services to run web applications via Docker containers, which can be quickly scaled up if designed to run statelessly.
- Manual or Auto-Scaling: Like serverless offerings, you can configure these services to scale the number of container instances based on traffic or CPU metrics.
Cloud Observability Considerations for Medical IoT
Implementing robust observability practices is essential for monitoring system health and performance to ensure the smooth operation of your cloud-based medical device application. To achieve this, a comprehensive approach to observability should include system monitoring, structured logging, and application performance monitoring, each offering its advantages.
System Monitoring: As you test and then launch your new cloud-based application, you’ll want a way to understand and monitor the system. Monitoring will help detect defects (hopefully before they make it to production), assist with quickly fixing them, monitor application performance, and understand how the system functions in the different deployed environments.
Structured Logging: Consider setting up a structured logging system in your web-based application. Structured logging systems will provide information about each request coming in and what the system did to act upon that request. Ensure these logs are stored in a secure location that can have information appended but does not allow logs to be overwritten or deleted.
- Alerts: Set up alerts so you know if your application isn’t performing according to your service level objectives (SLOs) or is suddenly much slower than usual. APM services often have an error tracking feature you can use to get alerts when unhandled errors occur.
- Error Tracking: Use the information in APM error reports and structured logs to speed up the time to make and deploy fixes. Sentry, in particular, shines at this and makes it easy for software engineers to set up error capture and quickly see important error information.
By keeping these five pillars—security, reliability, compliance, scalability, and observability— at the forefront of your Medical IoT cloud infrastructure planning process, you’ll be well on your way to building a high-quality, robust solution. Also, don’t miss the advice cloud providers like AWS, Azure, and Google Cloud provide to give you additional guidance on architecting systems in the cloud.
Related Medical IoT Articles
- What to Consider Before Building a Mobile Medical App
- BLE Security: Where to begin when creating a connected system