Download Biomedical Computing and Standards

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
Document related concepts
no text concepts found
Transcript 
Biomedical Computing and Standards
Daine Richard Lesniak
Computer Science and Software Engineering Department
University of Wisconsin – Platteville
Platteville, WI 53818
[email protected]
Abstract
Bioinformatics and medical computing hereafter referred to jointly as biomedical
computing, are both areas with significant challenges, great risks, and even greater
rewards. Some of the challenges encountered in biomedical computing include extremely
large datasets, incompatible data vocabularies, human safety, and supporting
geographically distant collaboration while maintaining security. To achieve the rewards
and overcome the challenges solid software engineering approaches must be taken, and
one particular aspect of software engineering that has had great success in biomedical
computing is the use of standards. This paper will address the benefits of standards,
existing standards, and the creation of internal standards with respect to biomedical
computing. Special attention will be given to the IEEE 1073 family of standards and
standards associated with the recently enacted Health Insurance Portability and
Accountability Act. Standards will be evaluated in the context of four areas of biomedical
computing: Process Control, Archiving, Numerical Processing, and communications, as
detailed in “Bioinformatics Computing”, by Bryan Bergeron, MD. [1]
Introduction
BioMedical Computing
Biomedical computing is the use of computer technology to assist with endeavors in the
fields of biology and medicine. Biomedical computing is an area of much interest lately,
with advances in healthcare and biotechnology being increasingly tied to computers. Due
to this increased need for biomedical computing, many educational institutions are
offering graduate degrees in computational biology and bioinformatics. The demands of
industry and the emergence of academic programs have made biomedical computing an
area of active research.
Biomedical computing covers a broad spectrum of possibilities, including everything
from pacemakers to laboratory automation to databases full of patient records. What
makes biomedical computing interesting in that it is not a technology so much as a
domain; a broad set of problems that must be met with whatever technology is available
and appropriate. While biomedical computing covers many different types of technology
being used in many different ways, biomedical computing does address four main areas:
process control, archiving, numerical processing, and communications.
Standards
Standards are a useful tool in software engineering. Standards allow for reuse of
procedures and practices that have proved helpful in the past, hopefully keeping past
mistakes from being repeated while allowing success to be duplicated. Standards, like
biomedical computing, take many forms. Standards can be used to dictate how various
devices are to communicate with each other, the coding style to be used on a project, and
various safety criteria a program must meet before it can be put into general use.
HIPAA
One recent reason for an increase in standards for biomedical computing is HIPAA, the
health insurance portability and accountability act.[2] HIPAA covers a wide variety of
subjects, but one of particular interest is the aspect of HIPAA that addresses the security
of patient information. HIPAA has authority over heath plans, health clearinghouses, and
healthcare providers; it also requires these organizations to enter a chain of trust with
anyone they make patient information available to. This means that it is the responsibility
of the covered entity to ensure anyone they provide patient information to must also be
compliant with HIPAA. Failures in HIPAA compliance can be very costly due to the fact
that the penalty is a lawsuit on behalf of the injured party rather than a fine.[3] HIPAA
gives general guidance on issues of privacy and security, and requires covered entities to
generate, document, and implement internal standards that “make sense”.
Process Control
Process control consists of interfacing computer systems with the real world in order to
control a physical system or gather information from sensors. Process control in
biomedical computing can be implantable medical devices such as pacemakers,
automated laboratory equipment such as micropipette machines, and information
gathering machines such as the optical scanners used in micro array experiments. When
used to automate lab procedures, process control can not only speed up the initial setup of
experiments, but can also reduce error inherent in having humans do repetitive tasks.
Process control can also be used in instances where exposure to dangerous materials is
required; reducing the amount of human handling that must take place.
One common biomedical activity that incorporates a great deal of process control is a
microarray experiment. In a microarray experiment a microarray is prepared with spots of
known DNA samples, this initial preparation is often accomplished by using an
automated micropipette machine. A reference and probe sample, both constructed to
fluoress a different color, are then allowed to competitively hybridize with the known
DNA samples on the microarray; the more nucleotides the microarray spot and reference
or probe have that complement each other the stronger the attraction. The microarray is
then fluoressed, and an optical scanner is used to gather the information.
The greatest challenge faced by the process control aspect of biomedical computing is
ensuring human safety. Devices such as pacemakers and medical monitors are under the
regulation of the FDA, which is responsible for certifying their fitness for use and
performing such tasks as recalls when a defect is found in an already released device.
One such recall is the recent recall of the LIFEPAK 500, an automated defibulator. The
recall was a class 1 recall, which means that there was a likelihood that use of the device
would cause serious injury of death; the company was required to replace all the affected
units at no cost [4]. Clearly the challenge of human safety in process control and
biomedical computing should be held foremost, not only for the intrinsic value of human
life but for the financial and publicity burdens a technology company can face should a
device prove unsafe.
Standards play a central role in Process control. As previously stated, it is the
responsibility of the FDA to decide if medical devices are safe for use. The process of
getting a device approved can be expedited by use of a declaration of conformity which
shows that the device in question conforms to a recognized safety standard.[5] While this
may not be sufficient for a device to be fully approved, it certainly helps.
One set of standards currently being worked on is the IEEE 1073 family of standards.[6]
The IEEE 1073 point of care medical device communication standards specify formats,
speeds, and communication protocols for medical devices. The goal behind this is to
make medical devices more compatible with each other, allowing for standard plug and
play operation. By doing this, human safety is increased; information that would have to
be transferred to a paper intermediary or committed to memory then reentered on another
device can now simply be transferred at a lower risk of error. The IEEE 1073 family of
standards covers such devices as vital signs monitors, defibulators, and weight scales.
Archiving
The archiving aspect of biomedical computing involves storing biomedical data and
metadata, and ensuring that the data can be accessed in a timely manner. Archiving is
usually thought of in terms of databases, but also involves backups, access control, and
data formats. Many types of information are archived in biomedical computing, from
patient records to gene sequences to three-dimensional representations of proteins.
Biomedical databases vary quite a bit in size and scope, from proprietary databases
maintained by biotech companies to house data from their own labs to large public
databases such as Swiss-Prot and GenBank. Swiss-Prot and GenBank are large public
databases for protein information and gene sequences respectively.
One challenge faced by archiving is the extremely large datasets found in biomedical
computing. GenBank alone holds over thirty million gene sequences [7], and this
database would most likely be utilized with several other public and private databases in
order to achieve something useful.
Another challenge faced by archiving in biomedical computing is the fact that there is a
plethora of conflicting data vocabularies that must be reconciled with each other.
Incompatible data vocabularies occur not only due to the differences in the type of
information describes, such as disease symptoms and patient history, but there are many
conflicting data vocabularies for the same type of information as well.
Maintaining the security of archived information is also a significant challenge. This is
especially important with the enacting of HIPAA, which states that archived information
which is associated with patients must be protected in terms of confidentiality, integrity,
and availability. Protecting the confidentiality of archived information consists of making
sure only those who should have access have access, and that patient information is not
kept on insecure mediums. One example of this is that hospitals now will not leave
patient information on answering machines, as anyone can come and push play to hear
the message. Protecting the integrity of archived information is ensuring that the
information is not modified in any way that it should not be, and that when retrieved, it is
indeed the information left in the first place. Availability of information must be ensured
as well, meaning that if someone needs the information, and they are indeed entitled to it,
they can retrieve it in a timely manner. This is extremely important, given that
information such as allergies to medications can be needed on short order and can be life
critical.
HIPAA plays a very large role when it comes to archiving. It requires standards to be
generated, documented and implemented that address protecting archived data’s
confidentiality, integrity, and availability. HIPAA recommends first assessing the risks
and vulnerabilities to the information, developing and implementing security measures
that fit the particular needs of the organization, and then documenting these in the form of
an internal standard. There are specific things that HIPAA requires in the security
standard developed, as stated in the following list:
1)
2)
3)
4)
5)
6)
7)
The standards shall include access control
The standards shall include some form of cryptography
The standards shall include a data backup plan
The standards shall include a disaster recovery plan
The standards shall include an emergency operation plan
The standards shall be periodically reviewed and tested
The standards shall include a timetable for requirement 6
Most of the required aspects of the archiving security standard are self-explanatory; one
thing that may be unfamiliar is the emergency operations plan. The emergency operation
plan is how the system will function in the event of a disaster, which could be a physical
problem such as a tornado going through the server building, a hacker corrupting data, or
something else unexpected that disrupts normal operations. The disaster recovery plan
must identify which information must be available no matter what, and needs to have a
course of action that will make this information available until the full system can be
restored.
It should be noted that HIPAA attempts to be technology neutral and not prescribe any
specific solutions. This allows internal standards to be developed to comply with HIPAA
and still take advantage of improvements in technology.
An internal standard that is very useful when taking advantage of numerous public and
private databases is a data dictionary. A data dictionary is an internal standard that
describes what format information will take, and how to translate various formats into the
standard format. By utilizing a data dictionary in this way, diverse datasets can be tied
together into a single data mart.[1]
Numerical processing
Numerical processing in biomedical computing is when computers are used to analyze
and process information. One common numerical processing task is the prediction of
protein structure using statistical and machine learning algorithms. This is extremely
important in biotechnology, as proteins are the building blocks of organisms, and their
behavior and function is determined largely by the proteins structure. Numerical
processing is also used in gene sequencing. In gene sequencing geneticists first split a
genome into many smaller fragments, decode these, then utilize pattern-matching
algorithms to reassemble the decoded fragments into an entire decoded genome.
Simulation and visualization of biological processes are also important aspects of
numerical processing. These are used to perform in silica experiments, which can be used
to find where more costly wet lab experiments are warranted. Data mining is also a useful
numerical processing activity in biomedical computing. Data mining makes direct use of
the large archived datasets by searching them for relationships that could be of interest.
Numerical processing faces many of the challenges archiving does with respect to large
and incompatible datasets. This is especially true for data mining, which must make use
of different datasets to find relationships.
The data dictionary created for archived information proves invaluable to numerical
processing tasks. Whether data mining or simulation, numerical processing requires
information to be processed, and that information must be understood, this understanding
comes from the metadata description contained within the data dictionary.
While not a formal standard, OpenGL has become the defacto standard for threedimensional graphics in biomedical computing.[1] Programs that facilitate visualization
of biological data invariably use OpenGL, in part because of the inertia it has in the field.
The more projects it is used on, the more expertise is invested in it, and the more likely
future projects will be implemented in OpenGl.
Communications
In the past ten years computers have revolutionized communications, and this has
impacted biomedical computing a great deal. Archiving the mass of biomedical
information would be of little value without the ability to transfer the information from its
database to the end user via networks. Computer communication technology not only
aids biomedical researchers with email, file transfers, and web searching, but also allows
for collaborative software. Collaborative software allows for two or more people to
operate and share control of the one running program. This is very useful for
collaboration between geographically distant people. A popular program for molecular
modeling is chimera, which also has a collaborative extension to allow for remote
collaboration [1].
The primary challenge faced by the communications aspect of biomedical computing is
security. If information being communicated is patient information HIPAA comes into
play, but even if the communications are outside the scope of HIPAA it is important to
address the security of communications. Proprietary biomedical information can often be
worth quite a bit of money, with 2001 pharmaceutical R&D adding up to thirty billion
dollars. [1] It is also important to note that there are active groups that oppose certain
aspects of biotechnology, and hacktivism is a real possibility.
HIPAA requires entities that communicate patient information to generate, implement,
and document standards for communications security in the same manner that they are
required for archiving security. Like archiving, the communications standards are open
ended to allow for incorporation of new technologies, and are intended to make sense for
the covered entity. The required items in a HIPAA compliant communications are as
follows:
1) The standards shall include data integrity checks
2) The standards shall include message authentication
3) The standards shall include entity authentication
4) The standards shall include access controls
5) The standards shall include some form of encryption
6) The standards shall include alarms
7) The standards shall include audit trails
8) The standards shall include event reporting
9) The standards shall be periodically reviewed and tested
10) The standards shall include a timetable for requirement 9
Alarms and event reporting are two required aspects of a HIPAA compliant
communications security plan that warrant further explanation. Alarms are a combination
of being able to detect when something has happened, and being able to alert the proper
individuals. This could be information that was sent but never received causing an email
and cell phone alert to go to both the sender, receiver, and whoever is responsible for
HIPAA compliance. Event reporting is the procedure for alerting external entities about
what has happened, including law enforcement authorities and the patient who’s privacy
has been violated. This is an especially important aspect of HIPAA as many security
lapses go unreported to authorities, ensuring those responsible are never caught.
Conclusions
Biomedical computing is a varied field, with many challenges. One aspect of software
engineering that has had great success in meeting these challenges is standards. Some
standards, HIPAA for example, are required by law. Other standards simply assist in
successful program operations, such as a data dictionary and IEEE 1073. HIPAA has had
a significant impact, causing both increased privacy and security for patients and an
immediate need for covered entities to evaluate their current systems.
References
[1]Bryan Bergeron, M.D., Bioinformatics Computing, Prentice Hall, Upper Saddle River,
2003.
[2] http://www.hhs.gov/ocr/hipaa/
[3] http://www.cms.hhs.gov/hipaa/hipaa2/enforcement/default.asp#penalties
[4]http://www.fda.gov/cdrh/recalls/recall-020305.html
[5]http://www.fda.gov/cdrh/ost/guidance/321.html
[6] http://www.ieee1073.org/
[7]http://www.ncbi.nlm.nih.gov/Genbank/
[8]http://www.cgl.ucsf.edu/Research/collaboratory/project.html
Related documents
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
Bachelor of Science (Hons) Biomedical Science Upon completion of
Bachelor of Science (Hons) Biomedical Science Upon completion of
Biomedical/Clinical Research Information Specialist
Biomedical/Clinical Research Information Specialist
Final 2013
Final 2013
Presentation 1
Presentation 1
Inci ÇiLESiZ
Inci ÇiLESiZ
Sociology of Health
Sociology of Health
Unit 6-Infectious Diseases
Unit 6-Infectious Diseases
request for action by the engineering curriculum committee
request for action by the engineering curriculum committee
Final-2010
Final-2010
Functional and metabolic imaging of the brain: New perspectives for
Functional and metabolic imaging of the brain: New perspectives for
Syllabus
Syllabus