Search

EP-4736048-A1 - A METHOD, DEVICE AND COMPUTER-READABLE MEDIA FOR TRANSMITTING INFORMATION FROM A MEDICAL DEVICE TO A SERVER

EP4736048A1EP 4736048 A1EP4736048 A1EP 4736048A1EP-4736048-A1

Abstract

The present disclosure relates to a method for transmitting information from a medical device to a first server, the method comprising: receiving first access level data, the first access level data indicating whether the first server is configured to receive personal identifiable information, PII, or not from the medical device; determining available information at the medical device; classifying the available information into at least one class of a plurality of classes, the plurality of classes comprising PII and non-PII; upon the first access level data indicating that the first server is not configured to receive PII, filtering the available information to remove PII and transmitting the filtered available information from the medical device to the first server; and upon the first access level data indicating that the first server is configured to receive PII, transmitting the available information from the medical device to the first server.

Inventors

  • ANDERSSON, JONAS

Assignees

  • Maquet Critical Care AB

Dates

Publication Date
20260506
Application Date
20240625

Claims (15)

  1. 1. A method (400) for transmitting information from a medical device (100) to a first server (102, 108), the method comprising: receiving (S402) first access level data, the first access level data indicating whether the first server is configured to receive personal identifiable information, PII, or not from the medical device; determining (S404) available information at the medical device; classifying (S406) the available information into at least one class of a plurality of classes, the plurality of classes comprising PII and non-PII; upon the first access level data indicating that the first server is not configured to receive PII, filtering (S408) the available information to remove PII and transmitting (S410) the filtered available information from the medical device to the first server; and upon the first access level data indicating that the first server is configured to receive PII, transmitting (S410) the available information from the medical device to the first server.
  2. 2. The method according to claim 1, wherein the non-PII comprises equipment data pertaining to the medical device.
  3. 3. The method according to any one of claims 1-2, wherein the PII comprises clinical data pertaining to the medical device.
  4. 4. The method according to any one of claims 1-3, wherein the medical device and the first server (102) are arranged in a local network (104), wherein the first access level data indicates that the server is configured to receive PII.
  5. 5. The method according to claim 4, further comprising the steps of: receiving the transmitted information at the first server (102), the transmitted information comprising PII; receiving (S412) second access level data, the second access level data indicating that a second server (108) is not configured to receive PII; and filtering (S414) the received information to remove PII and transmitting (S416) the filtered received information from the first server to the second server.
  6. 6. The method of claim 5, wherein the first server and the medical device are arranged in a local network, and wherein the second server is arranged externally to the local network.
  7. 7. The method of any one of claims 4-6, wherein the first server comprises an environment for running a clinical application using the information received from the medical device.
  8. 8. The method according to any one of claims 1-3, wherein medical device is arranged in a local network, wherein the first server (108) is arranged externally to the local network, and wherein access level data indicates that the first server is not configured to receive PII.
  9. 9. The method according to any one of claims 1-8, wherein the step of receiving first access level data comprises performing a handshake procedure between the medical device and the first server.
  10. 10. The method according to any one of claims 1-8, wherein the step of receiving first access level data comprises: receiving a certificate associated with the first server; verifying the certificate to determine validity of the certificate; and upon determining that the certificate is valid, extracting the first access level data from the certificate.
  11. 11. The method according to any one of claims 1-10, wherein the first access level data is received upon installation of the medical device.
  12. 12. The method according to any one of claims 1-11, wherein the medical device is at least one of: a cardiac support device, a respiratory support device, or a or monitoring device.
  13. 13. The method according to any one of claims 1-12, wherein the medical device comprises a display, and wherein the method further comprises the step of: displaying the available information on the display.
  14. 14. A medical device (100) comprising: one or more processors; and one or more non-transitory computer-readable media storing first computer executable instructions that, when executed by the one or more processors, cause the medical device to perform actions comprising: receiving (S402) first access level data, the first access level data indicating whether a first server (102, 108) is configured to receive personal identifiable information, PII, or not from the medical device; determining (S404) available information at the medical device; classifying (S406) the available information into at least one class of a plurality of classes, the plurality of classes comprising PII and non-PII; upon the first access level data indicating that the first server is not configured to receive PII, filtering (S408) the available information to remove PII and transmitting (S410) the filtered available information to the first server; and upon the first access level data indicating that the first server is configured to receive PII, transmitting (S410) the available information to the first server.
  15. 15. One or more non-transitory computer-readable media storing instructions executable by one or more processors, wherein the instructions, when executed, cause the one or more processors to perform operations comprising: receiving (S402) first access level data, the first access level data indicating whether a first server (102, 108) is configured to receive personal identifiable information, PII, or not from a medical device (100); determining (S404) available information at the medical device; classifying (S406) the available information into at least one class of a plurality of classes, the plurality of classes comprising PII and non-PII; upon the first access level data indicating that the first server is not configured to receive PII, filtering (S408) the available information to remove PII and transmitting (S410) the filtered available information to the first server; and upon the first access level data indicating that the first server is configured to receive PII, transmitting (S410) the available information to the first server.

Description

A METHOD, DEVICE AND COMPUTER-READABLE MEDIA FOR TRANSMITTING INFORMATION FROM A MEDICAL DEVICE TO A SERVER Technical Field The present invention relates to medical device connectivity, and more specifically to technologies for transmitting information from the medical device to a server. Background Medical device connectivity has become an increasingly important aspect of healthcare technology, primarily due to the evolving need for real-time transfer and monitoring of patient data as well as equipment data. Medical devices, such as monitors, ventilators, extracorporeal membrane oxygenation devices, infusion pumps, and similar devices, may establish and maintain a connection through which data are transferred to a server, for example in a local or external device and data management (DDM) setting. The data transfer can be employed for various applications, including applications for patient monitoring, diagnostics, device status monitoring, and device control. Personal identifiable information (PII), such as patient or clinical data, may be included in data obtainable from a medical device. This transfer of information can be subject to various data protection regulations that mandate the lawful, fair, and transparent processing of PII. These regulations often impose geographical limitations on PII data transfer and stipulate robust security measures, including requirements for encryption, pseudonymization, confidentiality, and the continuous integrity and resilience of data processing systems and services. When data is stored externally, for instance, on a cloud-based server or a third- party bare metal server, it may be challenging to maintain comprehensive knowledge of how the data is processed, stored, and managed. Furthermore, controlling the physical location of the data might not always be feasible. These factors make compliance with the aforementioned data protection regulations potentially more challenging in such settings. There is thus a need for improvements in this context. Summary In view of the above, solving or at least reducing one or several of the drawbacks discussed above would be beneficial, as set forth in the attached independent patent claims. According to a first aspect of the present invention, there is provided a method for transmitting information from a medical device to a first server, the method comprising: receiving first access level data, the first access level data indicating whether the first server is configured to receive personal identifiable information, PII, or not from the medical device; determining available information at the medical device; classifying the available information into at least one class of a plurality of classes, the plurality of classes comprising PII and non-PII; upon the first access level data indicating that the first server is not configured to receive PII, filtering the available information to remove PII and transmitting the filtered available information from the medical device to the first server; and upon the first access level data indicating that the first server is configured to receive PII, transmitting the available information from the medical device to the first server. The information obtainable from a medical device (i.e., the available information) typically varies based on the intended use and features of the medical device. The available information may generally include elements like log files, physiological alarms, technical alarms, measured or computed values for a medical device, data trends, configurations, settings, and information about the current patient, among others. This information can be categorized into several classes, primarily differentiated based on whether the data can be identified as Personal Identifiable Information (PII) or non-PII. Further sub-classes may also be formed to achieve a more granular classification of the information. The classes and/or sub-classes may be assigned to different roles or role categories implemented by the medical device and/or the first server. PII may be understood as data that can be used on its own or with other information to identify a patient and typically include patient identification information such as name, ID number and the like. The PII may further relate to treatment information, such as oxygen concentration, tidal volume, blood flow rate, physiological responses, administered medications, and duration of the treatment. Non-PII information generally refers to information that cannot be used to identify, directly or indirectly, an individual, such as aggregate statistics, device information relating to make, model, software version, maintenance logs, and general usage information such as number of times a particular device has been used over a period of time. The non-PII information may also include de-identified data from which all identifying information has been removed, such as oxygen levels, heart rates, or blood pressure readings that are not tied t