The growing digitalization of healthcare systems is increasing the complexity of the tasks connected devices must fulfill — particularly the handling of highly sensitive data, which poses additional challenges for the digital transformation in the healthcare sector. Experts from different companies are therefore increasingly working together to meet product development challenges instead of shutting themselves off from each other with specifications and linear project phases.
The goal is to become faster, better, and more efficient, instead of getting bogged down in specifications, and to apply agility not only to their own in-house development but to the entire project across all involved stakeholders — using frameworks such as Scrum. This requires a fundamentally different culture of collaboration between companies than is possible in traditional customer/supplier relationships and strictly hierarchical corporate structures. Companies need to become much more open and enter into substantive partnerships if they want to work together more efficiently.
The ultimate goal is to develop a high-performance culture in the project-specific teams that is based on trust, error tolerance, and results with the aim of creating high-performance capability. A similar openness is also encouraged by trends such as the Sharing Economy, which no longer revolves around owning things but using them — an approach that ultimately increases sustainability, since resources can be optimally utilized in this way. Besides, it is also a fact that processes simply take too long if companies isolate themselves and neglect to define the success of the joint project as the most important goal.
Case Study: An Engineering Ecosystem
Several companies applied these principles in the development of a connector for the telematics infrastructure of Germany’s digital healthcare system. Today, the secunet connector is already being used in around 50,000 medical practices, enabling them to use digital services such as medical emergency data management (MEDM), electronic medication plans (eMP), and qualified electronic signatures (QES). Such applications help physicians to make daily tasks more efficient and ultimately support further digitization of healthcare.
In the future, it should also become possible to exchange e-prescriptions via the digital healthcare network. The connector acts as a link between the doctor’s practice or the pharmacy; i.e., the so-called medical service provider, and the telematics infrastructure. Doctors or pharmacists need to identify themselves clearly with the help of a so-called institution card, the SMC-B card, before they can connect as a service provider with the infrastructure resources of the digital healthcare system.
All in One Boat
In total, seven companies and organizations were involved in the collaborative development of the connector: secunet Security Networks AG acted as the security specialist with the appropriate market access, and S.I.E Solutions was the system integrator and expert for the development and assembly of the hardware system, which the company developed on the basis of a customized hardware platform from embedded computer manufacturer congatec. Other collaborators included eHealth Experts GmbH, which contributed its extensive health IT experience, and Arvato Systems, which provided VPN access. Also involved in this high-security project were Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) and gematik, which operates the telematics infrastructure.
Pulling in the Same Direction. It’s easy to understand that such a complex constellation can only be managed if everyone operates in unison. As a rule, embedded hardware suppliers have little to do with the requirements of the BSI and gematik, since the required certificates must be obtained by the companies that bring the product to market. Yet at the same time, they are the ones who provide the essential foundation for the final hardware. Consequently, to be able to implement projects quickly, it’s necessary to get a powerful embedded supplier to join the ecosystem. S.I.E Solutions, the company commissioned by secunet, proved to be an extremely competent system integrator and expert for the development and assembly of the hardware system.
Meeting BSI and Gematik Compliance. S.I.E carried the full responsibility for the development of all standard and safety-compliant hardware, including the production-ready mechanical system design and the application-specific motherboard with secure BIOS. Today, S.I.E also takes care of system assembly and the entire supply chain management. S.I.E left the customization of the board to embedded computing manufacturer congatec, which was an integral part of the product development process from the very beginning, so that all participating companies formed an extremely powerful ecosystem for the digitalization of the healthcare sector. This makes them the go-to experts for further digitization projects with BSI and gematik security requirements, especially since congatec has many references from well-known players in medical technology.
Joining Forces to Achieve the Goal Faster. The collaboration was very successful right from the start: Within a week, code could be tested on the hardware platform proposed for the application. As a result, secunet’s software developers were able to test their solutions directly on the hardware that, after some application-specific adaptations, was to be used in the final product. A rapid prototyping of the presumably final layout was then completed within four months and, with only minor revisions, brought to series production in less than a year. “Without cross-company collaboration and the dedicated efforts of congatec, it would have taken us at least twice as long to develop a fully certified system,” notes Sami Badawi, head of marketing and corporate communication at S.I.E Solutions.
High Performance, Clear Objectives
What made the project special was the intense collaboration and communication over a longer period, and the close, usually weekly, coordination. If problems arose, they were solved quickly and effectively via calls in which experts from each of the companies involved in the entire development chain participated. The communication matrix was designed to cross company boundaries. This also applied to reviews, where in each case the entire development chain was involved via this matrix — effectively saving redesign loops. Setting a very clear objective also proved very helpful in creating a high-performance climate: On day X, a finished product had to be approved and market ready.
All participants understood this critical target and what needed to be achieved. Agile adjustments and changes were implemented where necessary. “A linear approach following traditional waterfall models with successive project phases would have been neither possible nor sensible within the time schedule,” explains Markus Linnemann, head of the eHealth division at secunet.
Involve test institutions right from the start. Another important element was the direct involvement of the SRC test center commissioned by secunet, with all stakeholders working very closely to achieve the required site certifications. For instance, to obtain BSI Common Criteria Certification, it was necessary to create secure areas with motion detectors, secure networks, etc., so for any high-security aspects, a special platform was used to coordinate the project. As a result, this audit was passed first time. Today, not only each individual partner is BSI certified, but also all individual components of the product — right across the entire value chain.
Secure Series Production. Very close collaboration was required both during development and during series production. All production processes and the required documentation were developed and implemented in cooperation with secunet. Here, too, the joint know-how of a virtual team was used, which was set up specifically for this collaboration project but is also predestined for other comparable tasks. Early testing guaranteed a smooth start to production. It was further possible to scale production from 2,000 units per month to over 10,000 without any problems since organizational process, failure, and series scenarios were tested and practiced just as extensively as the technically required signal compliance, electromagnetic compatibility, or climate tests.
Based on standard board technology. Interestingly, the technological basis for the new medical edge connector was provided by a board design from congatec, whose hardware-based security functionalities matched the requirements of S.I.E and secunet. When selecting the appropriate hardware platform, it was essential to take full account of all aspects around security, data protection, and encryption, as well as the analysis of potential attack vectors. Relying on products that are already in series production also offers the necessary security for application-specific variants, which means no serious teething troubles are expected to arise even with large individual series. This has proven to be true in the concrete project.
To date, over 50,000 connectors have been sold, and many institutions are already connected to the telematics infrastructure. The connector is meanwhile also available in a high-performance design specifically for use in data center environments. This version is suitable for hospitals, among others. Secunet was able to re-use the existing ecosystem for the development of the data center connector. This is another proof of the partners’ ability to create efficient digital solutions for the healthcare and medical technology industry, even under the most demanding regulatory conditions.
This article was written by Zeljko Loncaric, Marketing Engineer at congatec, Deggendorf, Germany. For more information, visit here .