Headlines report hackers stealing credit card codes or disrupting national defense systems, but for David Kotz ’86, the implications of cybersecurity strike much closer to home. His interest is focused on security and privacy in personal mobile devices, in particular as applied to health care.
“Technology is emerging that allows you or your physician to monitor your health through the use of mobile devices,” says Kotz, the Champion International Professor of Computer Science and associate dean of faculty for the sciences. “Smartphones and specialized wearable devices already on the market are being brought into play.”
While this burgeoning field of mobile health (or “mHealth”) may lead to better health outcomes and lower health costs, it also opens the door to security problems and potential violations of personal privacy through wireless data transmission.
“My concern is that most producers of new hardware and software won’t be worried about your privacy or about the security of your data,” Kotz says. “Our challenge is to think ahead about those issues and to design the systems that do protect your privacy or protect the data quality from various threats.”
Kotz cites dramatic examples, one from colleagues at the University of Massachusetts who have discovered a way to hack into pacemakers. Not only can they read your name and medical status from the device, while standing nearby, but they can also reconfigure its parameters with the potential of inducing a heart attack. Another sensational demonstration took place at a recent hacker conference. A diabetic who wears an insulin pump demonstrated how to hack into his own device and reconfigure it so as to potentially produce a lethal overdose.
“Such examples have awakened people to the realization that medical device makers must focus on issues they’ve previously ignored, namely wireless network and computer security,” Kotz says. “Now members of Congress have asked the U.S. Government Accountability Office (GAO) to investigate how much attention we are paying to these kinds of risks and whether the Federal Communications Commission (FCC) should be doing more with the cybersecurity aspects of medical devices.”
While security issues are especially dramatic, there are also privacy concerns. An example Kotz often gives is that of a pregnant job candidate wearing an inconspicuous fetal monitor that wirelessly broadcasts information to her phone, which is then forwarding it to her doctor. She is worried that the prospective employer may intercept the transmission, learn of her pregnancy, and use it against her.
Federally funded research
Kotz’s security and privacy concerns have translated into Dartmouth’s involvement in two aggressive, multidisciplinary research programs. The first, known by the acronym TISH (Trustworthy Information Systems for Healthcare), is funded by the National Science Foundation (NSF). TISH is a broad-based effort that Kotz characterizes as “reaching into every corner of the Dartmouth campus.”
Denise Anthony, a major TISH collaborator, is research director of Dartmouth’s Institute for Security, Technology, and Society (ISTS). Anthony, a sociologist, is interested in how people think about security and privacy issues in the context of electronic medical records and other electronic systems. ISTS was instrumental in recruiting partners from the Veterans Affairs Medical Center in White River Junction, Vt.; Intel Labs; and Google, complementing a cadre of Dartmouth faculty in computer science, sociology, the Dartmouth Medical School, and the Tuck School of Business.
The TISH team brings a multidisciplinary approach to develop and analyze information-sharing technology that ensures security and privacy while meeting the needs of patients, clinical staff, and health care organizations to deliver efficient, high quality care.
SHARP (Strategic Healthcare Information Technology Advanced Research Projects) is the other major program in which Dartmouth is involved. Supported by the U.S. Department of Health and Human Services (HHS), this is a much larger undertaking, comprising a 12-institution consortium led by the University of Illinois at Urbana-Champaign.
Kotz and Anthony are participating here as the Dartmouth contingent in this $60 million, multi-institutional initiative. As with TISH, the work undertaken by the Dartmouth group is directed at information technology security, along with its applications in medical practice and patient care, in the design of new and improved networks and for electronic health records.
While dealing with the risks inherent in the proliferation of mHealth, Kotz is quick to point out the benefits of mobile device technology to health care. “Fitness-conscious individuals will be able to use inexpensive portable devices to monitor their own health and track personal improvement,” says Kotz. “People with chronic diseases like diabetes, asthma or heart disease, can help a physician monitor either the evolution of their symptoms or the efficacy of their treatment.”
It might mean that you won’t have to go to the hospital as often for checkups or to explore something of concern to you because the doctor will be able to look at the data remotely and assess your condition, he explains.
The Third World
The potential benefits of mHealth technology extend far beyond its applications in our society through its increasing use in developing countries. With greater mobile phone use in low-income nations, mHealth is providing expanded health care access as well as improving the capacity of health systems in such countries to provide quality health care.
In pursuit of that goal, Kotz has begun another NSF-funded project, in which he will collaborate with Rice University and the Indian Institute of Technology Delhi. “We will be taking on some of the technology challenges involved in making mHealth devices for the developing world, including addressing security concerns,” Kotz said.
The partners will be developing the scientific foundations for a modular kit of mHealth components—portable, inexpensive, and usable by patients or health care workers with limited training—that can be assembled into a variety of combinations for different circumstances or health care purposes.