📓
mediam
  • doc.mediam.dev
  • D1 - Specification
    • Introduction
      • What are the risks?
      • What is specific to healthcare?
      • New regulations
      • Regulatory requirements
    • Market study
      • Competitive landscape
        • Features
      • Market characteristics
      • Interviews
    • Use cases
      • Healthcare IT
      • Connected medical devices
      • BMS
    • References
  • Prototypes
    • Hardware prototype
    • Technical issues today
    • Solution architecture
    • D2 - Network management
      • HTTP3
      • SCHC
      • End to end encryption
    • D3 - Lifecycle management
      • Machine identity
        • Decentralized identity
        • DIF KERI
      • Remote updates
    • D4 - User access
  • perspectives
    • D5 - Final report
      • How to implement regulatory requirements
      • Next steps
Powered by GitBook
On this page

Was this helpful?

  1. perspectives
  2. D5 - Final report

How to implement regulatory requirements

Reviewing prototypes against regulatory requirements

PreviousD5 - Final reportNextNext steps

Last updated 3 years ago

Was this helpful?

During the mediam project, we focused on the building blocks required to build healthcare services (IT, IoT, BMS) that are more dependable, safe and secure. provides a detailed list of requirements for IoT in particular. However, a key lesson is that we need a technology layer that removes silos, instead of strengthening the current divide between IT/CISOs and biomedical engineers. That's the reason why we prototyped towards a better convergence of IoT and datacenter environments.

If we look back on the high level requirements analysed from regulations:

Regulatory requirement

Solution

Prototype status

Software patches and updates

scheduler + dependable DLU

Opensource + standard

User authN/authZ

IETF GNAP

Opensource + standard

Encryption

DIF KERI

Opensource + standard

Secure network communication

Ockam workers or HTTP message signature

Opensource + standard

Risk management

--

Not included in medIAM

Supply chain management

--

Not included in medIAM

Cybersecurity testing

--

Not included in medIAM

While we focused on the protocols, we suggested ways to also cover the organizational requirements:

  • doCRA's notion of duty of care for cyber risk management fits well with healthcare values. Threat management is of particular importance, and could be managed using opensource databases (CVE) and software (ex: )

  • cybersecurity testing can be done by organisms such as BSI, which made insightful studies referenced in the litterature section

  • supplychain management is arguably the hardest part to cover, because it is very vast. However, we provided tools for end to end encryption, which removes the requirement to get messages through third parties. We also provided tools for dependable updates from those vendors and tested requirements based on a mock user interface.

Getting the full picture would require industrial use cases, such as those mentioned in the "designing new devices".

ETSI EN 303 645
https://github.com/Netflix/dispatch