'Patch' Has Potential to Monitor Patient Health Securely

June 19, 2008 — There's a simple flaw in the diagnostic process. When you visit your doctor's office, the nurse takes a single measurement of your vital signs — temperature, pulse rate and blood pressure— and your physician makes decisions about your treatment based, in part, on these one-time measurements. There's no certainty, however, that these measurements are not one-of-a-kind anomalies and are truly representative of your condition.

Technology being developed by U.Va. computer science professor Alf Weaver and electrical engineering professors Ben Calhoun and Travis Blalock could provide physicians with a continuous stream of vital-sign data for 24 hours or more, helping them make more accurate diagnoses. 

The three are working on a wearable device they have dubbed "The Patch." About the size of a large Band-Aid, the Patch contains a low-power integrated circuit that incorporates a sensor, microcontroller and radio, as well as a power supply. The Patch collects biometric data, performs some local processing and transmits the data wirelessly to a computer or PDA. Ultimately the team hopes to incorporate circuits that can scavenge energy from the body, in the form of motion or temperature gradients, allowing the designers to dispense with the power supply altogether and make the Patch even smaller and lighter.

As with all medical information, privacy is of paramount concern. "Most mobile devices have one layer of security, a password," says Weaver. "We would like to make the Patch even more secure." To do so, the Patch would monitor the stream of biometric data coming from the sensor. If this signal is interrupted or changes in a significant way — indicating that the Patch has been lost or that the wearer's health has been compromised — the Patch would react appropriately. It could lock itself down — requiring further authentication to resume operation — or put itself in a safe state by encrypting or erasing the information it has collected. Weaver has devised a system that makes it easy for users to program the events that trigger these actions and the response they wish the Patch to follow in each situation.

While the Patch prototype has initially been designed to monitor pulse rate, it will ultimately be able to accommodate a variety of different sensors, enhancing its use as a diagnostic tool and enabling users to develop more elaborate security policies. "There are a number of issues we will have to examine to get us to this point," said Weaver. "For instance, we don't know yet if data from EKG and other biometric sensors would be unique enough for personal authentication."

They also hope to expand the type of mobile devices that could benefit from the biometric authentication being developed for the Patch. An obvious target is the cell phone, which is on the verge of being opened up to applications like Internet banking. Preventing other people from getting access to the personal and financial data that will soon be stored on the cell phone will become increasingly important. The biometric security system that Weaver, Calhoun and Blalock are developing could be used to encrypt or erase financial data if the cell phone is lost or stolen. Weaver also believes that government uses will also be significant, protecting the myriad types of sensitive information contained on laptops and PDAs that are now ubiquitous. 

"One of the advantages of our biometric authentication system is that it operates constantly behind the scenes," Weaver said. "Once it is set up, there's nothing a user has to do."