Protection and Safety: How to Work Within the Healthcare-Domain

Working with healthcare projects comes with strict requirements for data protection, quality, and simplified product use in order to provide safety and efficacy. Below is a brief exploration of IT company MEV’s experience working with this domain.

Since 2006 our team has delivered solutions ranging from mobile apps to heavily loaded distributed IoT platforms and Big Data analytics systems. Pharmaceutical and healthcare projects occupy a significant place in MEV's portfolio. The company has upgraded a SaaS platform to manage drug pricing, helped to standardize the way pharmaceutical companies and health insurance companies (payers) do business, created software solutions for a pharmaceutical company to optimize visualization, analysis, and sales messaging, designed and built a comprehensive market access-specific CRM for an international pharmaceutical company, as well as built an enterprise-grade, HIPAA-compliant data system for regional a Pharmacy Benefits Manager (PBM). 

‍Changing the world of diagnostics  

One of the most outstanding projects MEV has worked on is a low-cost, easy-to-use, at-home diagnostic platform created by Alveo Technologies. 

The Alveo's be.well™** testing system is designed to give individuals access to cutting-edge molecular testing and cloud-based data analytics for rapid diagnostics and infectious disease management. With an initial focus on acute respiratory infections such as COVID-19, Flu A/B, and RSV, Alveo’s agile and dynamic diagnostic platform would eventually be adapted to detect many diseases that threaten public health. Through the use of sophisticated technology, the platform could help intercept the spread of infectious diseases and offer affordable, rapid diagnostics. In 2021 it was named the winner of the $6M XPRIZE Rapid Covid Testing competition, a contest which challenged any and all innovators across the world to develop frequent, fast, cheap, and easy COVID-19 screening solutions to help meet the surging demand for tests in order to relieve the global supply chain. 

The be.well™ system is easy to use. Customers can download the app to a mobile device, create a secure account, pair the mobile device with the analyzer, use the swab to sample, insert the sample into the cartridge, start the test and have results in under an hour. Pretty simple, right? Let's take a closer look at the system’s components.

‍Bring the lab to your home

As mentioned before, be.well™ system consists of a few different parts:

• Analyzer - portable, palm-sized, rechargeable, has ~8 hours of battery life, and displays results on mobile devices. During the collaboration, MEV partly modified the middleware of analyzers. 
• The single-use cartridge, which has all the reagents required for an isothermal amplification reaction.
• Single-use Assay Buffer vial.
• Individually packaged Nasal Swab used for mid turbinate nasal sample collection.
• Transfer Pipette which is single-use, fixed-volume, and used to transfer the sample from the be.well™ Assay Buffer vial to the be.well™ Cartridge.

Alveo’s be.well™ Mobile App is designed to streamline the testing process for users. After creating a secure account on the be.well™ Mobile App and connecting mobile devices to the be.well™ Analyzer, users receive real-time results in under an hour and test results are delivered directly to them. They also have the ability to share their results in a PDF format.

Focus on data-protection

It's important to mention that all users` data is stored in a HIPAA- and GDPR-compliant cloud-based server. In fact, MEV helped modify the Alveo` system to meet the requirements of HIPAA and GPDR for passing third-party audits.

HIPAA (Health Insurance Portability and Accountability Act) is an American federal law that provides data privacy and security provisions for safeguarding medical information. According to HIPAA compliance, healthcare products must be validated for security and vulnerability by auditors before direct release. 

Alveo, in collaboration with the MEV team and external consultants, created a series of documentations (Cybersecurity Design Features and Controls, Software Design Document, Configuration Management Plan, Hazard Analysis) describing the technical design of the system for each component (Desktop, Cloud, Mobile, Firmware). This documentation enabled auditors to ensure that the level of security for each component was sufficient enough to protect user data and fend off any cyber-attacks. 

‍… And cybersecurity 

In order for a product to be launched on the European or North American market, it must match the European requirements for the cybersecurity of each component.

According to IEC 62304, which specifies life cycle requirements for the development of medical software and software within medical devices, each subcomponent of the product must receive its own safety classification for the end user. According to its level of safety, additional requirements for ensuring the safety of the component should appear.

‍

One of these requirements is providing BLE security level ≥ 3. Let's take a step back and explain what this means. There are currently two types of Bluetooth-enabled devices: Bluetooth Classic (BR/EDR), used in wireless speakers, car infotainment systems and headphones, and Bluetooth Low Energy (BLE) commonly used in power-sensitive applications (such as battery-powered devices) or devices that transmit small amounts of data with long interruptions between transmissions. In BLE, devices connected to a link can pass sensitive data by setting up a secure encrypted connection, making the data unreadable to all but the Bluetooth master and slave devices. To comply with level 3 security, each subcomponent of the system must have:

1. Coded data when transferring it to another component.
2. Encoded data "at rest".
3. The mobile application and the analyzer authenticated with each other.

For example, in Google, you can go to the site using authorization through the interface of your mobile phone. But the be.well ™ analyzer has no interface other than the 4 LED lights, which it needed for authentication. Despite this nuance, Alveo, MEV and the security consultants were able to develop a separate authentication strategy and procedure. It is to include all subcomponents of the system and will meet BLE 3 security level needs.

‍In the end 

Alveo’s success continues to bring necessary innovation to molecular sensing and diagnostics, whether it is at the point of care, over the counter, at home, or in the field. With MEV’s help, the be.well ™ platform may eventually be adapted to the veterinary sector, agriculture, and other industries in need of diagnostic technologies.