Working with healthcare projects comes with strict requirements for data protection, quality, and simplified product use in order to provide safety and efficacy. Below is a brief exploration of IT company MEV’s experience working with this domain.
MEV is a software development company based in the United States and Ukraine. Since 2006 its team has delivered solutions ranging from mobile apps to heavily loaded distributed IoT platforms and Big Data analytics systems. Pharmaceutical and healthcare projects occupy a significant place in MEV’s portfolio. The company has upgraded a SaaS platform to manage drug pricing, helped to standardize the way pharmaceutical companies and health insurance companies (payers) do business, created software solutions for a pharmaceutical company to optimize visualization, analysis, and sales messaging, designed and built a comprehensive market access-specific CRM for an international pharmaceutical company, as well as built an enterprise-grade, HIPAA-compliant data system for regional a Pharmacy Benefits Manager (PBM).
Changing the world of diagnostics
One of the most outstanding projects MEV has worked on is a low-cost, easy-to-use, diagnostic platform created by Alveo Technologies.
The Alveo’s be.well™** testing system is designed to give individuals access to cutting-edge molecular testing and cloud-based data analytics for rapid diagnostics and infectious disease management. With an initial focus on acute respiratory infections, including COVID-19, Flu A/B, and RSV, Alveo’s agile and dynamic diagnostic platform can be adapted to detect many diseases that threaten public health. Through the use of sophisticated technology, the platform can help intercept the spread of infectious diseases and offer affordable, rapid diagnostics. In 2021 it was named a winner of the XPRIZE Rapid Covid Testing competition, which challenged all innovators worldwide to develop, fast, inexpensive, and easy to use COVID-19 screening solutions to help meet the surging demand for tests and relieve the global supply chain.
The be.well™ system is easy to use. Customers download the app to a mobile device, create a secure account, pair the mobile device with the analyzer, use the swab to sample, insert the sample into the cartridge, start the test and have results in under one hour. Let’s take a closer look at the be.well system.
Bring the lab to you
- be.well™ Analyzer – portable, palm-sized, and rechargeable;
- The single-use be.well™ Cartridge, which has all the reagents required for an isothermal amplification reaction.
- Single-use be.well™Assay Buffer vial.
- Individually packaged Nasal Swab used for mid-turbinate nasal sample collection.
- Transfer Pipette which is single-use, fixed-volume and used to transfer the sample from be.well™ Assay Buffer vial to be.well™ Cartridge.
Users also need Alveo’s be.well™ Mobile App, which is designed to streamline the testing process. After creating a secure account on the be.well™Mobile App and connecting a mobile device to be.well™ Analyzer, users receive real-time results in under one hour; test results are delivered directly to them, with the ability to share the results as a PDF.
Focus on data protection
It’s important to mention that all users` data is stored in a HIPAA- and GDPR-compliant cloud-based server. In fact, MEV helped developed the Alveo system to comply with the requirements of HIPAA and GPDR.
HIPAA (Health Insurance Portability and Accountability Act) is United States’ legislation that mandates data privacy and security steps be taken to safeguard medical information.
Alveo,with MEV’s team and external consultants, drafted documentation (Cybersecurity Design Features and Controls, Software Design Document, Configuration Management Plan, Hazard Analysis) describing the technical design of the system for each component (Desktop, Cloud, Mobile, Firmware). This documentation enables auditors to ensure that levels of security for each component are sufficient to protect user data and fend off cyber-attacks.
… and cybersecurity
According to IEC 62304, which specifies life cycle requirements for developing medical software and software within medical devices, each subcomponent of the product must receive its own safety classification for the end user. According to its level of safety, additional requirements for ensuring the component’s safety are required.
One of these requirements is providing a BLE security level ≥ 3There are currently two types of Bluetooth-enabled devices: Bluetooth Classic (BR/EDR), used in wireless speakers, car infotainment systems, and headphones, as well as Bluetooth Low Energy (BLE), commonly used in power-sensitive applications (such as battery-powered devices) or devices that transmit small amounts of data with lengthy interruptions between transmissions. In BLE, devices connected to a link can pass sensitive data by setting up a secure encrypted connection. This makes the data unreadable to all but the Bluetooth master and slave devices. To comply with level 3 security, each subcomponent of the system must have the following:
- Coded data when transferring it to another component.
- Encoded data “at rest”.
- The mobile application and the analyzer authenticated with each other.
For example, in Google, it is possible to visit the site using authorization through the interface of your mobile phone. But the be.well™ analyzer had no interface other than the 4 LED lights, which it needed for authentication. Despite this challenge, Alveo, in collaboration with MEV and security consultants, was able to develop a separate authentication strategy and procedure. It includes all system subcomponents and meets the needs of the BLE 3 security level.
Last but not least