It is a special kind of partnership that goes beyond the classic concept of collaboration, where companies join forces to develop new products and then offer them on the market. In this case, the two companies offer individual co-creation services for customers. This allows medical device manufacturers and hospital IT providers to procure and implement better solutions much faster. One of the first customers to take advantage of this innovative offering based on agile development methods is secunet Security Networks. In a remarkable design sprint that took only a few months, the companies involved developed a new class of secunet gateway in two variants. Besides a controllable information flow for medical digitization concepts, it also offers a protected connection to centralized services and a secure execution environment for users’ own applications.
Trustful cooperation creates trustful products
With secunet medical connect Carna, the partnership has created a medical device gateway for the point-of-care (POC) environment. This gateway is designed for use as a medical IT accessory as well as for medical device approval. For safety-critical networking scenarios, it therefore not only provides the functions but also the necessary formal requirements from a single source – including essential approval information and evidence of quality management system ISO 13485:2016 or risk management ISO 14971 compliance. This gateway separates the connectivity layer of medical devices from the actual medical device, which makes it possible to regularly update the interface to the outside world without having to recertify the medical device itself. This ensures that the security and the operation of the various interfaces that change over time is always up to date. The medical device itself remains in the field unchanged. For data-intensive use cases or clusters of medical technology devices, the 19-inch rack server family Athene was built. It can be deployed in individual department networks or also centrally in the hospital data center. Depending on the design, it can be used either as a cloud frontend, security gateway or as a secure execution for AI tasks close to the medical data source.
Open and secure – that’s a challenge
Such application-ready medical gateway and server platforms are immensely important as digital healthcare transformation poses major challenges for all players involved. Medical device manufacturers must open their systems so that the collected data can be exchanged. At the same time, they must meet the highest security standards to protect this data exchange and their devices. Hospitals, on the other hand, must open their IT networks for such devices, while at the same time meeting legal requirements to ensure critical infrastructure (CRITIS) security and data protection (GDPR). As a result, all companies involved in the digitization process must pay constant attention to the IT security aspects of critical medical technology and its sensitive data. Yet this is not a core competence of the medical OEMs nor of the hospital operator. That is why secunet, as one of Germany’s leading cybersecurity companies, has joined forces with S.I.E and congatec to develop medical-device-compliant solutions that meet this need. The focus is on compliance with numerous standards and regulations – from EN 60601-compliant interfaces, to MDR and FDA cybersecurity guidelines to ISO 80001.
“We have benefited immensely from the strategic value-added partnership between S.I.E and congatec and their co-creation offering. Development has been a truly joint effort, from product ideation to manufactured gateway. This has enabled us to significantly accelerate our time-to-market and better address our customers’ needs, from hardware through to application,” explains Torsten Redlich, Global Head of Business Development and Deputy Head of eHealth at secunet Security Networks.
The early bird catches the worm
To co-create these products, the companies got together very early on in design sprints for hardware and software system integration. Functional prototypes were in place after just four and a half days. With a classic approach, it would have taken months for anything comparable to emerge. This is because internal company secrets and added value are normally protected and sealed off from other companies. A system design and integration house like S.I.E, which also takes care of the series production and assembly of such OEM platforms, does not usually bring its module supplier to the customer’s table during a pitch. The module supplier could all too easily decide to cooperate directly with the customer.However, considering the high division of labor within the embedded and edge computing supply chain, the immense lead times from initial idea to first prototype or finished series product are severe bottlenecks for OEM customers. To break down the walls between departments and companies, they are therefore looking for holistic solutions. After all, all development tasks should run in parallel and in constant synchronization with customers in order to create best-practice solutions.
congatec and S.I.E have taken on this challenge and formed a co-creation team that offers joint project and product development in collaboration with customers and the customer’s customers.
The focus shifts to the added user value
The advantage of such holistic co-creation offerings is that it is possible to think across the entire value chain in the design sprints. Development can therefore focus fully on creating added value for the product end user. Alternatively, if S.I.E had followed the classic value chain, it would have had to conduct a requirements survey at secunet and then use this to enter negotiations with the module supplier, who would not have had any knowledge of the ultimate end user needs.
“Classically, it is the OEM customers who initiate embedded computing business. While they usually know exactly what kind of system they need, they may not have considered every aspect, where the supplier often has more expertise. However, it is the customer’s requirements specification that sets the delivery expectations for the embedded computing supplier. So, if you start communicating before all the details are nailed down, you can already exchange ideas in the important creative phase,” emphasizes Josef Krojer, General Manager at S.I.E System Industrie Electronic.
In fact, the conventional development process upstream along the supply chain resembles the children’s game of ‘Chinese whispers’, where it is basically preprogrammed that information will be lost or misinterpreted and then passed on incorrectly. In a game like ‘Chinese whispers’, the results are often very funny. But that’s not the case when it comes to product development processes worth hundreds of thousands of euros.
All hands onboard
In this specific case, the prototype was developed jointly by secunet, S.I.E and congatec right from the start. Once it was operational, the end customers were also involved. This enabled them to also provide active input at a very early stage in the proof-of-concept phase and gave them the opportunity to shape the design of the product that they would ultimately be using. During the product design of medical connect Carna and Athene, both the medical technology manufacturers – who want to be able to connect their devices securely – and the hospital infrastructure operators and their service providers – whose interests are often seen as counteractive to such developments – were on board. After all, the latter’s main concern is to safeguard their own network from the medical device. Integrating both sides into such a creative process and identifying all their requirements was the ultimate aim of the co-creation process. The goal was to develop a product that fully satisfies both stakeholder groups. To achieve this, it was of course necessary to evaluate various application scenarios to find out what additional requirements the prototype had to meet, and eventually – after several agile design sprints – to specify the final product design. After eight months, the two gateway products are now ready for market launch.
The users decide what they want
Ultimately, this co-creation approach enables human-centered design if the medical device manufacturer also gets the users on board. Their feedback is immensely important to increase the quality and precise match of the solution. Co-creation means that development is no longer driven by purely technical considerations and happening in isolation before being pushed out into the market. Instead, users decide what they want, with the effect that development changes from push to customer-centric pull.
Naturally, building such co-creation teams that operate across all departments, hierarchy levels and company boundaries requires a corresponding corporate culture and methodological skillset. For example, in a design sprint everyone – from career starter to management – must be allowed to express their opinion freely. Every voice is important and welcome. Only when everyone is heard can the best result be achieved. This is also why it’s important to set up interdisciplinary teams. Everyone has the same voting rights and openness is not only permitted but actively encouraged.
Forethought instead of afterthought
This is an entirely different approach to product development. More holistic, it is ultimately also faster as it is easier to master a steeper learning curve by thinking and preparing ahead. Instead of waiting until the end of a long development phase to present the customer with a finished product based on the requirements specification, various intermediate loops are made as the product gradually approaches the desired target solution.
“Congatec offers the perfect solution kit for such agile development processes. Standard modules and carrier boards are ideal for rapid prototyping. They are scalable from low to high performance and come with all interfaces. Adapting them individually at a later stage is also much faster than with full-custom solutions. If the quantities allow it, you can still implement a full-custom design with COM and carrier fusion. This is much faster and more efficient than any other approach,” says Gerhard Edi, congatec’s Chief Strategy Officer, accentuating the technological basis of the co-creation alliance.
In the end, for medical connect Carna, the choice fell on a Computer-on-Module that was optimized for the application. In the case of medical connect Athene, the decision was taken to go for a new high-performance module based on the COM-HPC standard. congatec is the only leading embedded computing provider worldwide that focuses on core competencies around board level products, particularly Computer-on-Module technology. To better serve customers who, like secunet, demand individually tailored system-level products with full system responsibility, the company is investing in strong vertical market partnerships such as the one with S.I.E and aims to create similar co-creation offerings also for other vertical markets.
Creative minds seeking new challenges
Such a co-creation offering is not just ideal for OEM customers in the medical device sector; it also suits any other customer requiring tailored system integration. From medical OEMs who want to redesign a medical device, to healthcare solutions that require comparable cybersecurity without a medical device, to companies outside the medical sector who simply want a full-custom design that can be developed quickly, efficiently and precisely to spec by a development partnership such as the one between S.I.E and congatec. After all, time-to-market and user-centered engineering are the keys to successful product launches.
Secunet medical connect also brings flexibility. For instance, you can use Docker applications to enable own and third-party providers to process data from the medical device. Of course, only data that you want to process and have granted access to. The transfer of this data must be highly secure. It is precisely in this area that secunet offers outstanding core competencies with its own hardened operating system, proven security expertise over the entire lifetime of systems, and the provision of secure virtualized execution environments to shield applications from the core functions of the secure medical gateway and server platforms. As a result, the solutions address any digitization need and are open for future digitization requirements despite their highly secure design.
Safe and secure
“Looking only at the rising risk of cyber attacks to critical infrastructures and the need for a higher class of quality, traceability and documentation that comes with MDR regulations, we see an ever increasing number of applications that can benefit from the strategic partnership between congatec and S.I.E, which bundles each of our strong core competences into best-in-class quality for our OEM customers. Together, we offer an unparalleled value proposition with full system responsibility – from the computing core to certification, mass production and life cycle management. This is especially valuable if customers in regulated markets are looking for a source with central European roots,” emphasizes Josef Krojer, CEO at S.I.E. System Industrie Electronic.
In addition to critical healthcare infrastructures and medical OEM equipment, S.I.E and congatec also aim to enter further embedded and edge computing markets with critical infrastructures, such as the financial and insurance sector, water and energy utilities, information technology and telecommunications, or transportation and traffic, all of which rely on cybersecure systems for their IT infrastructure.