Open Ecosystem Through Secure Plug and Play Interoperability: An Overview

Abstract

Background:

Interoperability is a critical enabler for integrated Personalized Diabetes Management (iPDM), automated insulin delivery (AID), and the digital transformation of healthcare in general. However, manufacturers still create closed ecosystems (ie, solutions designed to work end-to-end minimizing collaboration with other organizations) with proprietary interfaces because of various interoperability challenges. Therefore, the aim of this article is to provide an overview of how to achieve organizational interoperability in an open ecosystem (ie, solutions designed to integrate different organizations via interoperability standards) for diabetes management.

Methods:

The proposed interoperability design approach called Secure Plug and Play Interoperability (SPPI) supports building and using interoperable system elements in an open ecosystem. Secure Plug and Play Interoperability enables interoperability over the entire system life cycle with its reference architecture, secure interoperability standards, and organizational capabilities. These standards were developed with participation from healthcare providers, regulatory authorities, payers, academia, and manufacturers. Publicly available information provides examples of implementation support and practical usage.

Results:

Organizational interoperability in an open ecosystem can be achieved through organizational capabilities and a selection of secure interoperability standards. ISO/IEEE 11073, Bluetooth profiles, and HL7 FHIR with test specifications, test tools, software development kits, and quality assurance programs represent a coordinated selection suitable for building an open ecosystem. Practical usage is demonstrated with real-world solutions that build on these standards.

Conclusions:

Secure Plug and Play Interoperability facilitates the end-to-end integration of devices, digital products, and services from partners in an open ecosystem. Moreover, even a single manufacturer, who provides all system elements of a solution, can use and benefit from SPPI.

Keywords

automated insulin delivery cybersecurity integrated personalized diabetes management privacy reference architecture standards

Introduction

Diabetes is one of the fastest-growing global health emergencies. According to the International Diabetes Federation Diabetes Atlas 2021,¹ approximately 537 million (one in ten) adults aged 20 to 79 years are living with diabetes worldwide. This number is projected to reach 643 million (one in nine) by 2030 and 783 million (one in eight) by 2045. Of these people living with diabetes in 2021, approximately 44% were undiagnosed and 6.7 million (one in every five seconds) died because of diabetes. Thus, the World Health Organization (WHO)² reports diabetes among the top 10 causes of deaths worldwide.

Diabetes management is complex, personal, and achieving therapy goals is an ongoing challenge. Integrated Personalized Diabetes Management (iPDM)³ is the key to limit progression of the disease,^4-9 strengthen patient-healthcare provider (HCP) collaboration,^4,6,7,9 and to improve outcomes to contribute to healthcare system sustainability.^4-7 The elements of iPDM are depicted in Figure 1. Patient-relevant data, combined with an intelligent platform, can transform data into personalized insights and improve outcomes. The people with diabetes and the involved groups receive the information that they need for optimal care. Interoperability enables iPDM, allowing solutions to come together in an open ecosystem (ie, solutions designed to integrate different organizations via interoperability standards).^10-12

Figure 1.

Elements of integrated Personalized Diabetes Management (iPDM).

Another example where interoperability is an important enabler is automated insulin delivery (AID) systems with system elements from different manufacturers. An AID system consists of an insulin pump, a continuous glucose monitor (CGM), and an AID algorithm (eg, algorithm embedded in the insulin pump, algorithm in an app on smartphone) as depicted in Figure 2. Automated insulin delivery systems showed in studies and meta-analyses the improvement of glycemic control, time in range, and quality of life.¹³

Figure 2.

System elements of a multi-manufacturer AID system.

In this context, interoperability is the ability of two or more system elements (ie, devices, digital products, services) from the same or different manufacturers to exchange information and use the information.^14-16 Interoperability is a critical enabler for the digital transformation of healthcare.^16,17 The two primary goals of healthcare interoperability are to (1) provide secure, timely, and seamless portability of information and (2) optimize health outcomes for individuals and populations.¹² The benefits of interoperability include the following:^16,18

Advanced clinical decision support. Ready-to-use patient-centric information facilitates advanced clinical decision support in both diagnostics and treatment.

Care coordination. Sharing data in uniform formats accessible to all care teams enhances care coordination.

Patient empowerment. Providing patients with access to their health data empower them to actively manage their conditions.

Improving business and administrative processes. Operational data streamline workflows and support outcome-driven improvement cycles.

Value-based care. Population-level data analysis is crucial for managing high-risk patients and public health. Access to longitudinal health data reduces duplicate testing and closes information gaps.

Within and across organizations, standards enable interoperability. Standards are published documents that establish a mutually agreed-upon course of action. From proven practices to requirements, standards help ensure a common approach and repeatable outcome in the design and development of solutions.¹⁹ There are four levels of interoperability building on each other and supported by different kinds of interoperability standards as described in Table 1.¹⁸

Table 1.

Interoperability Levels and Standards.

Interoperability level	Description	Standard kind	Standard examples
Organizational (level 4)	Addresses the ability of different organizations within an ecosystem to work together. This level involves aligning policies, business processes, and workflows to support the seamless exchange of information across organizational boundaries. An example is a hospital and a healthcare provider sharing patient information to ensure continuity of care. Another example is an automated insulin delivery (AID) system with interoperable system elements from independent manufacturers.	Identifier	ISO object identifier (OID), national patient identifier, national provider identifier, unique device identification (UDI)
Semantic (level 3)	Takes interoperability to a higher level by ensuring that the exchanged content is understood at the level of clinical meaning. Standardized terminologies are used to present and interpret data. An example is the exchange of observations using codes, such as Logical Observation Identifiers Names and Codes (LOINC) to ensure that the meaning of measurements is accurately understood by the receiving system.	Terminology	ISO/IEEE 11073-10101 medical device communication (MDC) codes, LOINC
Structural (level 2)	Goes beyond the ability to transport data and focuses on the data structure being exchanged. This level ensures that the exchanged content is understood at the data field level and that a mapping of data fields between system elements is possible. Examples are the exchange of data containers from devices over smartphone apps to electronic health record (EHR) systems, where the data are mapped to the appropriate fields in the EHR.	Content	ISO/IEEE 11073 family of PHD/PoCD standards, Bluetooth profiles, FHIR resources
Foundational (level 1)	Establishes the inter-connectivity requirements needed to securely transport data between system elements. The system elements transport data, but do not interpret it. Transport, security, and privacy standards enable this level of interoperability. Examples are the exchange of proprietary data between devices and smartphone apps using Bluetooth LE.	Transport, privacy, and security	USB-IF PHDC specification, Bluetooth Core specification, FHIR RESTful application programming interface (API)

Some standards from standards development organizations (SDOs), like the International Organization for Standardization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE) Standards Association, are de jure standards (ie, legally recognized). Other specifications come from leading technology organizations, such as the Bluetooth Special Interest Group (SIG) and the USB Implementers Forum (USB-IF), which are de facto standards (ie, in practice).

Regulatory authorities promote the development and availability of interoperable medical devices. For example, in the United States, there is a dedicated Food and Drug Administration (FDA)¹⁴ guidance document for Interoperable Medical Devices. The FDA²⁰ has recognized various consensus standards that support healthcare device interoperability. For AID systems, the FDA created a modular class II 510(k) clearance process, so that, the manufacturers of the different system elements can develop and maintain them independently from each other:

Continuous glucose monitor according to “FDA 21 CFR 862.1355 integrated Continuous Glucose Monitoring System” (iCGM).²¹

Insulin pump according to “FDA 21 CFR 880.5730 Alternate Controller Enabled Infusion Pump” (ACE pump).²²

AID controller according to “FDA 21 CFR 862.1356 interoperable Automated Glycemic Controller” (iAGC).²³

In Europe, the Medical Device Regulation (MDR)¹⁵ and In Vitro Diagnostic Regulation (IVDR)²⁴ demand that devices intended to be operated together are designed and manufactured in such a way that the interoperability is reliable and safe. Guidance documents provide specific regulatory considerations for interoperability, such as hardware-software combinations,²⁵ cybersecurity,²⁶ qualification, and classification of software²⁷ from the same and different manufacturers. Both regulations demand that medical devices and in vitro diagnostics are state-of-the-art and standards are a source for that.²⁸ There are various European Standards that support healthcare device interoperability.²⁹ In Europe, a CGM system is classified as class IIa, an insulin pump system as class IIb, and an AID system as class III.^27,30,31

With the benefits of interoperability, on one hand, two examples from outside the healthcare sector may help illustrate why the lack of interoperability is no longer acceptable. For instance, the right combination of tires, rims, air pressure, and fasteners tailored to the car model and season is crucial for driving safety. Without interoperability, only the car manufacturer’s wheels could be used, they would have to be assembled by the car manufacturer, and would likely be sold at a higher cost.

If we apply this lack of interoperability to smartphones, for example, only the smartphone manufacturer’s headphones and charger could be used with a given smartphone model. The user would not be able to choose their preferred headphones and non-reusable chargers would create unnecessary waste.

These scenarios are no longer acceptable for users and the population. The ability to combine system elements based on user needs in both the automotive and smartphone industries has been made possible through interoperability based on standards, supporting regulations, and the drive to reduce long-term costs and waste.

However, manufacturers still build closed ecosystems (ie, solutions designed to work end-to-end minimizing collaboration with other organizations)¹¹ with proprietary interfaces for diabetes management. In 2024, the insulin pumps of the six AID systems in the US market can only be controlled by the specific AID controller sold by the same insulin pump manufacturer. This restricts user choice to specific ACE pump and iAGC algorithm combinations along with one or more iCGMs.³² In addition, all devices using Bluetooth technology have to declare compliance with Bluetooth Core Specification (ie, level 1 interoperability), so that, they can use the wireless technology, but so far, only one insulin pump and one CGM are Bluetooth-qualified on profile level enabling higher-level interoperability.^33,34 At first glance, closed ecoystems and proprietary interfaces may be seen as an advantage because the manufacturer can build a more optimized solution for their use cases and have tighter control over it. Furthermore, if already closed ecosystems from one manufacturer have communication issues resulting in adverse events³⁵ and recalls,^36-38 how should manufacturers even develop interoperable system elements and combine them in an open ecosystem? Security issues are also frequent with standardized interfaces, such as Bluetooth LE^39-45 and Health Level Seven International (HL7) Fast Healthcare Interoperability Resources (FHIR).⁴⁶ Another challenge is that over 40 SDOs,¹⁸ responsible for developing and maintaining health information exchange (HIE) standards, have numerous standards with overlapping use cases. Moreover, even when organizations agree on standards, they are subject to misinterpretation, potentially making system elements incompatible.

Therefore, the aim of this article is to provide an overview of how to achieve organizational interoperability in an open ecosystem. To that end, the interoperability design approach called Secure Plug and Play Interoperability (SPPI) is introduced. Secure Plug and Play Interoperability supports diabetes management by facilitating the end-to-end integration of devices, digital products, and services from the same manufacturer and partners based on secure interoperability standards. Furthermore, the article discusses interoperability challenges and how to overcome them.

Methods

Enabling an open ecosystem requires an interoperability design approach across the entire system life cycle, taking a holistic view of contradictory needs. Interoperability, for example, does not imply that unauthorized entities have full control or access to all data. Too strong cybersecurity, on the contrary, can make plug and play less useful by making user interactions more complicated (ie, decrease user experience) or even stopping interoperability when proprietary security protects an interoperable transport. Therefore, the author conceived SPPI as an interoperability design approach and contributed to underlying standards in collaboration with various stakeholders. Secure Plug and Play Interoperability based on secure interoperability standards emphasizes:⁴⁷

Secure. Cybersecurity is the process and the capability of preventing unauthorized access, unauthorized modification, misuse, denial of use, or unauthorized use of any data that are stored on, processed from, or transferred between system elements.^48,49

Plug and Play. Good user experience is an integral part of SPPI. Ideally, the user (eg, patient, caregiver, HCP) only needs to approve the connection between the system elements. The involved system elements automatically communicate with each other without further human interaction.⁴⁷

Interoperability. Organizations can use secure interoperability standards to build a closed ecosystem with interoperable system elements and participate in open ecosystems when combined with organizational capabilities.¹⁸

To address the challenge with many HIE standards and establish a foundation for SPPI, a reference architecture is applied. A reference architecture defines system elements, their relationships, common terminology, and practices using them. For SPPI, the architecture as depicted in Figure 3 was derived by the author from the International Telecommunication Union (ITU) “ITU-T H.810 Interoperability design guidelines for personal connected health systems.”⁵⁰ Unlike ITU-T H.810, the Healthcare Device Interface solely utilizes Bluetooth LE and USB to facilitate communication between healthcare devices, such as personal health devices (PHDs), point-of-care devices (PoCDs), and health and fitness (H&F) devices, or a healthcare gateway. The healthcare service interface supports exchanging data between healthcare services or with a healthcare gateway based on HL7 FHIR.⁵¹

Figure 3.

Healthcare end-to-end reference architecture.

Secure interoperability standards are the foundation of SPPI. These standards were developed collaboratively across healthcare providers, regulatory authorities, payers, academia, and manufacturers.^19,47 Among others, the author contributed to standards for insulin pumps,^52,53 CGMs,^54,55 and cybersecurity^48,49,56 as well as their alignment between the standardization organizations.

However, an interoperability design approach does not demonstrate implementation support and practical usage. Therefore, this article uses publicly available information combined with the author’s hands-on experience in creating interoperable solutions to provide real-world examples.

Results

To reach organizational interoperability, organizations must develop capabilities as described in Table 2. Any organization building healthcare solutions requires a certain maturity in these organizational capabilities. However, integrating system elements in an open ecosystem is much easier when they are designed for interoperability from the concept phase onward. This is where the created interoperability design approach called SPPI comes in. The SPPI design facilitates the creation of interoperable system elements suitable for closed and open ecosystems.

Table 2.

Capabilities for Organizational (Level 4) Interoperability Over the System Life Cycle.

System life cycle phases according to the ISO/IEC/IEEE 15288 standard for system life cycle processes.⁵⁷

Enterprise frameworks like the Open-Group Architecture Framework (TOGAF)⁵⁸ for enterprise interoperability, NIST Cybersecurity Framework (CSF)⁵⁹ for enterprise security architecture, Scaled Agile Framework (SAFe)⁶⁰ for business agility, and business process management for healthcare (BPM +Health)⁶¹ for clinical knowledge interoperability.

Standards of care like from the American Diabetes Association (ADA)³ and the European Association for the Study of Diabetes (EASD).⁶²

For more details, see Table 3.

Information visualization standards like the standard ambulatory glucose profile (AGP) report.³

For more details, see the book “The Craft of MBSE.”⁶³

Table 3.

Secure Interoperability Standards for Health Information Exchange (HIE) Supporting iPDM.

Interface		Healthcare device		Healthcare service
Interoperability	Standards	Wired interface^a	Wireless interface^b	Application programming interface^c
Organizational (level 4)	Identifier	Unique device identification (UDI)	Unique device identification (UDI)	ISO object identifier (OID) National patient identifier National provider identifier Unique device identification (UDI)
Semantic (level 3)	Terminology^d	ISO/IEEE 11073-10101 medical device communication (MDC) codes	Bluetooth SIG assigned numbers	HL7 FHIR specification—code systems
Structural (level 2)	Content^e	ISO/IEEE 11073 PHD/PoCD family of standards For diabetes devices: • ISO/IEEE 11073-10417 device specialization—glucose meter • ISO/IEEE 11073-10425 device specialization—continuous glucose monitor • ISO/IEEE 11073-10419 device specialization—insulin pump For other observations: • ISO/IEEE 11073-10206 device interoperability—abstract content information model	Bluetooth SIG medical/sport and fitness profiles For diabetes devices: • Bluetooth SIG glucose profile (GLP) • Bluetooth SIG continuous glucose monitoring profile (CGMP) • Bluetooth SIG insulin delivery profile (IDP) For other observations: • Generic health sensor profile (GHSP)	HL7 FHIR specification—resources
Foundational (level 1)	Security and privacy	ISO/IEEE 11073-40101 cybersecurity—processes for vulnerability assessment ISO/IEEE 11073-40102 cybersecurity—capabilities for mitigation	ISO/IEEE 11073-40101 cybersecurity—processes for vulnerability assessment Bluetooth SIG authorization control profile (ACP) (application layer security) Bluetooth SIG core specification (transport layer security)	HL7 FHIR Specification—security and privacy
	Transport	ISO/IEEE 11073-20601 personal health device communication—optimized exchange protocolUSB-IF personal healthcare device class (PHDC) specification	Bluetooth SIG core specification—host and controller protocol layers	HL7 FHIR specification—RESTful API

HIE of observations.

HIE of observations, settings, and commands.

HIE of clinical, diagnostics, including observations, medications, workflow, and financial.

These terminology standards build on the corresponding content standards.

These content standards build on the corresponding transport, security, and privacy standards.

The following provides an overview of the various organizational capabilities listed in Table 2.

Planning: From organizational vision through goals, decision-makers must provide guidance to build interoperable solutions. Roadmapping then shows where the organization is today, where it wants to be, and the steps to reach those goals. An SPPI plan supports this by outlining the processes for developing and maintaining interoperable system elements throughout the system life cycle. To increase partnering capabilities, the SPPI plan should also include standard clauses for legal agreements.

Legal: Reconciling various legal aspects, such as the protection of personal health information (PHI) and the right of individuals to access their data, is crucial.^64,65 Furthermore, the necessary agreements depend on the risk the system element poses. For example, to read out the logbook of a blood glucose meter, may not require a legal agreement between organizations. On the contrary, an interoperable AID system with system elements from two or more organizations necessitates legal agreements to protect the user and the participating organizations’ business interests.

Design: Manufacturers develop system element interfaces according to interoperability standards. The interface control document (ICD) is a mandatory deliverable according to the SPPI plan. The ICD offers an overview of a system element’s data communication interfaces, its security measures, and the application of interoperability standards. During the development process, Software Development Kits (SDKs) for stacks, operating systems, and services speed up the implementation and reduce mistakes. This is followed by in-field updates, which support incremental improvements to released system elements.

Testing: Manufacturers test system element interfaces against interoperability standards and test tools. The SPPI plan defines what each partner has to do for his own system element and the combination. Depending on the system element risk for the user and how much functionality of the user interface from one system element is transferred to another (eg, patch pump warnings displayed on a smartphone app), combined system design verification and validation are required (see Figure 4). Generally, manufacturers of regulated healthcare system elements must conduct quality assurance assessments with each release and at regular intervals (ie, due care). In addition, manufacturers can use certified quality assurances as evidence in regulatory filings and for customers.

Figure 4.

Design verification and validation strategy for independent, modular system element and system integration testing.

Foundational: Provides the environment to create and maintain system elements in an open ecosystem. Secure interoperability standards are the foundation of SPPI. Members of the working groups from IEEE 11073, Bluetooth SIG, and HL7 Devices created interoperability standards. Table 3 lists ISO/IEEE 11073 standards that are FDA-Recognized Consensus Standards²⁰ and European Standards,²⁹ making them directly usable in regulatory filings. Bluetooth’s implementations of the corresponding ISO/IEEE 11073 standards are the Bluetooth profiles. In addition, implementation guides^66,67 and quality assurance reduce the initial hurdle and help overcome misinterpretations of standards. While regulations and standards for security and privacy are an important starting point, ongoing quality assurance must establish processes (ie, due diligence). Moreover, identity and access management (IAM) must be established for both users (eg, OpenID Connect) and system elements (eg, X.509 certificates), which enforces security and privacy in a zero-trust environment.

Interoperability standards are broadly supported. For example, operating systems,^68-70 vendors,^71-75 and quality assurance programs^76,77 support the healthcare device interface over USB or Bluetooth LE. The USB-IF Compliance Program and the Bluetooth Qualification Program enforce foundational interoperability. On top of that, a few diabetes management solutions are certified products, reaching semantic interoperability.^33,34

The healthcare service interface with FHIR is also supported by operating systems, services, and SDKs.^78-80 To ensure interoperability, a testing framework⁸¹ and several testing platforms exist.⁸² At the time of writing, two healthcare services for diabetes management had publicly declared their FHIR interface.⁸³

Discussion

Although the lack of interoperability is a critical obstacle in healthcare, manufacturers still create system elements with proprietary interfaces. Furthermore, both proprietary and standardized interfaces must address security and privacy concerns. Therefore, this article introduces an interoperability design approach called SPPI. Secure Plug and Play Interoperability enables up to organizational interoperability with its reference architecture (see Figure 3), organizational capabilities (see Table 2), and selection of secure interoperability standards (see Table 3).

In contrast to the reference architecture in ITU-T H.810, a healthcare device can be a PHD, PoCD, or H&F device (see Figure 3). These devices have distinct purposes, users, and regulatory considerations. Nevertheless, for an open ecosystem that should support the complete patient journey from early screening over diagnostics to monitoring and therapy, there is a need to have a reference architecture that enables data exchange between all of them. In addition, the proposed SPPI architecture combines multiple services into the healthcare service because a gateway can communicate with all of them.

Table 3 lists an aligned selection of HIE standards that enable end-to-end interoperability from a device over a gateway to a service. The Bluetooth health device profile (HDP),⁸⁴ an alternative to the listed healthcare device interface standards, is not used because iOS and Android do not support HIE over Bluetooth Classic. Even when Bluetooth GHSP⁸⁵ supports generic upload of observations, Bluetooth CGMP and IDP are selected for diabetes devices because GHSP does not support configuring CGMs or commanding insulin pumps. On the contrary, GHSP has the advantage of using MDC codes, which the FHIR code systems support. Nonetheless, this does not save gateway developers from the need to implement transcoding from the device to the service interface and mapping vital signs into Logical Observation Identifiers Names and Codes (LOINC).⁸⁶ For the service interface, FHIR⁵¹ was preferred over HL7 v2⁸⁷ because more countries are selecting FHIR as the HIE format of choice for electronic health records (EHRs).^65,88-90

To achieve organizational interoperability (see Table 2), the challenges depicted in Figure 5 must be overcome. The following paragraphs discuss these and how SPPI helps to overcome them.^91,92

Figure 5.

Interoperability challenges and how SPPI helps to overcome them.

Often raised challenges are that interoperability means “loss of control” and “security challenges.” This “fear” is unfounded when an IAM for users and system elements is in place. There are also security and privacy standards (see Table 3) that support the design and implementation of application layer security (ie, end-to-end security from the sending to the receiving application). It is particularly important to use proven security algorithms according to standards, which were checked by different people and organizations, instead of “homebrew” solutions. Moreover, open ecosystems do not have greater security challenges than closed because of Kerckhoffs’s principle stating cryptosystems should be secure, even if everything about the system is public knowledge except the key.⁹³

Another counterargument is “delayed productivity” because of a presumed “steep learning curve” and “more effort.” However, creating and maintaining proprietary interface specifications, test cases, test tools, and so on is also an effort. As developers use external standards, this effort decreases, making alignment easier against agreed standards, and allowing asset reuse. Furthermore, test-driven development against the interoperability test tools de-risks the development, verification, and external certification. Altogether, this reduces time to market risks.

Standards may raise “antipathy” because they are “not invented here” and therefore are not optimized for the manufacturer-specific use cases. Thus, standards are perceived as overengineered. However, interoperability standards scale without the need to re-design interfaces from scratch when the initial use cases must be extended. Consensus standards can achieve this by considering different viewpoints that aim for broader use case coverage and robustness. It is also about saving time by not reinventing the wheel. The selected HIE standards also support proprietary extensions to enable new innovative solutions that are not covered by standards, ensuring at least structural interoperability.

Teams that want to use secure interoperability standards may face the criticism of “high costs” and “no unique selling point” resulting in “no priority and no budget.” However, the “sunk costs” of a proprietary interface (eg, development costs) may prevent the manufacturer from later extending the ecosystem when they want to scale with external partners. Using interoperability standards reduces the burden for organizations to enter open ecosystems because not every proprietary interface must be implemented from scratch. Ultimately, organizations can focus on developing unique selling points and innovative solutions instead of reinventing HIE.

In addition, manufacturers are facing many challenges, and there is “no time to look into” interoperability standards or “incomplete knowledge” results in “unawareness.” However, it is more effort to onboard and train new internal people and external partners on proprietary interfaces from scratch compared with when they already have knowledge about established standards. Moreover, for those who see a standard the first time it is an investment into the future. Therefore, this article intends to provide an overview of how to achieve interoperability using SPPI with references to detailed information.

With a presumption of “no benefits” comes a “lack of willingness” in using interoperability standards. With a differentiated look at interoperability as described above, the benefits of SPPI are:⁴⁷

Enhance the confidence of patients, caregivers, HCPs, and regulatory authorities in the ability of interoperable system elements to function as intended while maintaining security.

Simplify the regulatory review process by implementing common definitions across manufacturers and using quality assurance certifications as evidence.

Reduces the effort for system integrators to change system elements and ultimately avoids vendor lock-in.

Reduces the cost of care for payers by providing proven secure interoperability, thus easing implementation and ongoing maintenance.

Help manufacturers to reduce implementation efforts, de-risk development, and improve time to market by reusing assets and focusing on innovations.

Furthermore, all participants in the open ecosystem can benefit from the network effect. Interoperability has the effect of making the network (ie, ecosystem) bigger, which increases the value of the network to users. Interoperability achieves this by increasing potential connections and attracting new participants to the network, further expanding the network.⁹⁴

An overview cannot describe all aspects of SPPI. Therefore, the references can be consulted for further information. Since organizations have to consider various aspects to participate successfully in an open ecosystem, further research and standardization should address the remaining gaps. For example, the Bluetooth GHSP should be accompanied with a “General Health Actor,” which covers command and control functionalities between gateways and devices. This, combined with standardizing the exchange of configurations from services to gateways via FHIR, could further streamline the number of HIE standards for diabetes management.

Conclusions

Interoperability is a critical enabler for diabetes management and the digital transformation of healthcare in general. At the same time, manufacturers face a variety of interoperability challenges while maintaining adequate security. To overcome these challenges, this article introduces an interoperability design approach called SPPI. Selecting secure interoperability standards suitable for diabetes management reduces the difficulties associated with numerous HIE standards. Security standards and IAM enforcement mitigate security & privacy challenges. In addition, implementation guides and quality assurance programs address standard misinterpretations and prevent incompatibility. Overall, secure interoperability standards with test specifications, test tools, and quality assurance programs are available to build interoperable solutions from one or more manufacturers.

Footnotes

Acknowledgements

The author thanks the members of the IEEE 11073 PHD/PoCD Working Groups, Bluetooth SIG Medical Device Working Group, and HL7 Devices Working Group for their countless efforts and support toward secure interoperability standardization. A special thanks goes to Ali Khan, Beate Buss, Bernd Schneidinger, Catalin Raduta, Chris Kelsey, Craig Carlson, Diederik den Hartog, Gabriele Chemnitius, Hans Jensen, Lane Desborough, Martin Rosner, M. Isabel Tejero-Taldo, Ralf Panse, Sabine Doerhoefer, Sheraz Docrat, Tapani Otala, Victor Fernandez Castano, and Wolfgang Handel for their constructive feedback on this article.

Abbreviations

ACP, authorization control profile; ADA, American Diabetes Association; AGP, ambulatory glucose profile; AID, automated insulin delivery; API, application programming interface; CGM, continuous glucose monitor; CGMP, continuous glucose monitoring profile; EASD, European Association for the Study of Diabetes; EHR, electronic health record; FDA, Food and Drug Administration; FHIR, Fast Healthcare Interoperability Resources; GHSP, generic health sensor profile; GLP, glucose profile; H&F, health and fitness; HCP, healthcare provider; HDP, health device profile; HIE, health information exchange; HL7, Health Level Seven International; IAM, identity and access management; ICD, interface control document; IDP, insulin delivery profile; IEEE, Institute of Electrical and Electronics Engineers; iPDM, integrated Personalized Diabetes Management; ISO, International Organization for Standardization; ITU, International Telecommunication Union; LoAs, letter of authorizations; LOINC, Logical Observation Identifiers Names and Codes; MBSE, model-based systems engineering; MDC, medical device communication; PHI, personal health information; PHD, personal health device; PHDC, personal healthcare device class; PoCD, point-of-care device; QAAs, quality assurance agreements; QMS, quality management system; SLAs, service-level agreements; SDKs, software development kits; SDOs, standards development organizations; SIG, special interest group; SPPI, Secure Plug and Play Interoperability; USB-IF, USB Implementers Forum.

Declaration of Conflicting Interests

The author(s) declared the following potential conflicts of interest with respect to the research, authorship, and/or publication of this article: Christoph Fischer is an employee of Roche Diabetes Care GmbH.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Christoph Fischer

References

Magliano

Boyko

. IDF Diabetes Atlas 10th Edition Scientific Committee (IDF Diabetes Atlas 2021 [online]). 10th ed. Brussels, Belgium: International Diabetes Federation; 2021. https://diabetesatlas.org/atlas/tenth-edition. Accessed July 18, 2024.

World Health Organization (WHO). Fact sheet: the top 10 causes of death [online]. 2020. https://www.who.int/news-room/fact-sheets/detail/the-top-10-causes-of-death. Accessed July 18, 2024.

American Diabetes Association (ADA). Standards of care in diabetes—2024 [online]. 2023. https://diabetesjournals.org/care/issue/47/Supplement_1. Accessed August 4, 2024.

Kulzer

Daenschel

, et al. Integrated personalized diabetes management improves glycemic control in patients with insulin-treated type 2 diabetes: results of the PDM-ProValue study program. Diabetes Res Clin Pract. 2018;144:200-212.

Polonsky

Fisher

Schikman

, et al. Structured Self-monitoring of blood glucose significantly reduces A1C levels in poorly controlled, noninsulin-treated type 2 diabetes. Diabetes Care. 2011;34:262-267.

Weissmann

Mueller

Messinger

Parkin

Amann-Zalan

. Improving the quality of outpatient diabetes care using an information management system: results from the observational VISION study. J Diabetes Sci Technol. 2016;10:76-84.

Mora

Buskirk

Lyden

Parkin

Borsa

Petersen

. Use of a novel, remotely connected diabetes management system is associated with increased treatment satisfaction, reduced diabetes distress, and improved glycemic control in individuals with insulin-treated diabetes: first results from the personal diabetes management study. Diabetes Technol Ther. 2017;19(12):715-722.

Brotons

CEA

. Benefits of a blood glucose data reader device in the management of type 2 diabetes mellitus: primary care nurses perspective. Poster Presentations at Advanced Technologies and Treatments for Diabetes (ATTD) 5th International Conference; 2012; Barcelona, Spain.

Hinnen

Buskirk

Lyden

, et al. Use of diabetes data management software reports by healthcare providers, patients with diabetes, and caregivers improves accuracy and efficiency of data analysis and interpretation compared with traditional logbook data: first results of the Accu-Chek Connect Reports Utility and Efficiency Study (ACCRUES). J Diabetes Sci Technol. 2015;9(2):293-301.

10.

Silk

. Diabetes device interoperability for improved diabetes management. J Diabetes Sci Technol. 2016;10:175-177.

11.

May

. Open vs. closed data ecosystems in healthcare [online]. Datavant. August 16, 2018. https://medium.com/datavant/open-vs-closed-data-ecosystems-in-healthcare-176a4fc9c453. Accessed August 1, 2024.

12.

Klonoff

Aaron

Tian

Espinoza

. Principles of interoperability of diabetes devices [published online ahead of print August 5, 2024]. J Diabetes Sci Technol. doi:10.1177/19322968241268235.

13.

Sherr

Heinemann

Fleming

, et al. Automated insulin delivery: benefits, challenges, and recommendations. A consensus report of the Joint Diabetes Technology Working Group of the European Association for the Study of Diabetes and the American Diabetes Association. Diabetologia. 2023;66:3-22.

14.

FDA. Design considerations and pre-market submission recommendations for interoperable medical devices: guidance for industry and food and drug administration staff [online]. September, 2017. https://www.regulations.gov/docket/FDA-2015-D-4852. Accessed July 18, 2024.

15.

European Parliament and the Council. Medical Device Regulation (MDR) [online]. EU 2017/745. April 5, 2017. http://data.europa.eu/eli/reg/2017/745/oj. Accessed July 18, 2024.

16.

MedTech Europe. Interoperability standards in digital health—a White Paper from the medical technology industry. October, 2021. https://www.medtecheurope.org/resource-library/interoperability-standards-in-digital-health-a-white-paper-from-the-medical-technology-industry. Accessed July 18, 2024.

17.

OECD. Health in the 21st century: putting data to work for stronger health systems [online]. OECD. November 21, 2019. https://www.oecd-ilibrary.org/social-issues-migration-health/health-in-the-21st-century_e3b23f8e-en. Accessed July 18, 2024.

18.

HIMSS. Interoperability in healthcare [online]. 2020. https://www.himss.org/resources/interoperability-healthcare. Accessed July 18, 2024.

19.

IEEE Standards Association. What are standards? Why are they important? [online]. 2021. https://standards.ieee.org/beyond-standards/what-are-standards-why-are-they-important. Accessed July 18, 2024.

20.

FDA. Recognized consensus standards: medical devices database [online]. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/search.cfm. Accessed July 18, 2024.

21.

FDA. Medical devices; clinical chemistry and clinical toxicology devices; classification of the integrated continuous glucose monitoring system [online]. Federal Register. February 18, 2022. https://www.federalregister.gov/documents/2022/02/18/2022-03504/medical-devices-clinical-chemistry-and-clinical-toxicology-devices-classification-of-the-integrated. Accessed November 7, 2024.

22.

FDA. Medical devices; general hospital and personal use devices; classification of the alternate controller enabled infusion pump [online]. Federal Register. February 4, 2022. https://www.federalregister.gov/documents/2022/02/04/2022-02369/medical-devices-general-hospital-and-personal-use-devices-classification-of-the-alternate-controller. Accessed November 7, 2024.

23.

FDA. Medical devices; clinical chemistry and clinical toxicology devices; classification of the interoperable automated glycemic controller [online]. Federal Register. March 14, 2022. https://www.federalregister.gov/documents/2022/03/14/2022-05303/medical-devices-clinical-chemistry-and-clinical-toxicology-devices-classification-of-the. Accessed November 7, 2024.

24.

European Parliament and the Council. In Vitro Diagnostic Regulation (IVDR) [online]. EU 2017/746. April 5, 2017. https://eur-lex.europa.eu/eli/reg/2017/746/oj

25.

Medical Device Coordination Group. MDCG 2023—4 Medical Device Software (MDSW)—hardware combinations guidance on MDSW intended to work in combination with hardware or hardware components [online]. 2023. https://health.ec.europa.eu/document/download/b2c4e715-f2b4-4d24-af60-056b5d41a72e_en?filename=md_mdcg_2023-4_software_en.pdf. Accessed November 7, 2024.

26.

Medical Device Coordination Group. MDCG 2019-16 Rev.1 guidance on cybersecurity for medical devices [online]. 2020. https://health.ec.europa.eu/document/download/b23b362f-8a56-434c-922a-5b3ca4d0a7a1_en?filename=md_cybersecurity_en.pdf. Accessed November 7, 2024.

27.

Medical Device Coordination Group. MDCG 2019-11 Guidance on qualification and classification of software in regulation (EU) 2017/745—MDR and Regulation (EU) 2017/746—IVDR [online]. 2019. https://health.ec.europa.eu/document/download/b45335c5-1679-4c71-a91c-fc7a4d37f12b_en?filename=md_mdcg_2019_11_guidance_qualification_classification_software_en.pdf. Accessed November 7, 2024.

28.

Medical Device Coordination Group. MDCG 2021-5 Rev. 1 Guidance on standardisation for medical devices. 2024. https://health.ec.europa.eu/document/download/59ac4cb0-f187-4ca2-814d-82c42cde5408_en?filename=md_mdcg_2021_5_en.pdf. Accessed November 7, 2024.

29.

CEN/, CENELEC. Standards Database [online]. https://standards.cencenelec.eu/dyn/www/f?p=CEN:105::RESET::::. Accessed July 18, 2024.

30.

Downey

O’Donnell

Melvin

Quigley

. A European regulatory pathway for Tidepool loop following clearance in the United States. Diabet Med. 2024;41(4):e15246.

31.

Medical Device Coordination Group. MDCG 2021-24 Guidance on classification of medical devices [online]. 2021. https://health.ec.europa.eu/system/files/2021-10/mdcg_2021-24_en_0.pdf. Accessed November 8, 2024.

32.

Klonoff

Ayers

Abdel-Malek

. FDA interoperability designation—creating options for people with diabetes and pump companies: regulatory, technological, and commercial perspectives [published online ahead of print September 10, 2024]. J Diabetes Sci Technol. doi:10.1177/19322968241271304.

33.

Personal Connected Health Alliance. Continua certified product showcase [online]. https://www.pchalliance.org/product-showcase?title=&field_manufacturer_tid=All&field_product_type_tid=All&field_transport_type_tid=All&field_product_capability_tid=All&field_product_category_tid=1140&field_design_guideline_version_tid=All&field_health_category_tid=All&field_certified_date_value%5Bvalue%5D%5Bdate%5D=&field_certified_date_value_1%5Bvalue%5D%5Bdate%5D=&field_countries_value=All&field_commercially_available_value=All. Accessed July 19, 2024.

34.

Bluetooth

SIG

. Qualification Workspace—Product Search [online]. Search in database for terms “diabetes”, “Abbott” “Acon Laboratories”, “ARKRAY”, “Ascensia Diabetes Care”, “DexCom”, “F. Hoffmann-La Roche AG”, “Medtronic”, “LifeScan” “SD BIOSENSOR”, and “Ypsomed”. Semantic (Level 3) Interoperability with Bluetooth profiles supported by “F. Hoffmann-La Roche AG” (Remark: Member Login required to see ICS Details including profile support). https://qualification.bluetooth.com/MyProjects/ListingsSearch. Accessed July 19, 2024.

35.

FDA. Manufacturer and User Facility Device Experience (MAUDE) Database [online]. Search in database for product problem “communication or transmission problem”. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/search.cfm. Accessed July 18, 2024.

36.

FDA. Class 2 device recall of medtronic MiniMed 508 insulin pump and MiniMed Paradigm series insulin pump systems [online]. 2019. https://www.fda.gov/news-events/press-announcements/fda-warns-patients-and-health-care-providers-about-potential-cybersecurity-concerns-certain. Accessed July 18, 2024.

37.

FDA. Class 2 Device Recall of Medtronic MiniMed 600 series insulin pump systems [online]. 2022. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfres/res.cfm?id=196205

38.

FDA. Class 1 Device Recall of t:connect mobile app [online]. 2024. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfres/res.cfm?id=206914. Accessed July 18, 2024.

39.

CVE. CVE-2019-9506 Bluetooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation (KNOB) [online]. 2019. https://www.cve.org/CVERecord?id=CVE-2019-9506. Accessed July 18, 2024.

40.

ASSET Research Group. SweynTooth: unleashing Mayhem over Bluetooth low energy [online]. 2020. https://asset-group.github.io/disclosures/sweyntooth. Accessed July 18, 2024.

41.

CVE. CVE-2020-26558 Bluetooth LE secure pairing vulnerability [online]. 2021. https://www.cve.org/CVERecord?id=CVE-2020-26558. Accessed July 18, 2024.

42.

ASSET Research Group. BrakTooth: causing Havoc on Bluetooth link manager [online]. 2021. https://asset-group.github.io/disclosures/braktooth. Accessed July 18, 2024.

43.

CVE. CVE-2022-25836 Pairing mode confusion attack [online]. 2022. https://www.cve.org/CVERecord?id=CVE-2022-25836. Accessed July 18, 2024.

44.

CVE. CVE-2023-24023 BLUFF [online]. 2023. https://www.cve.org/CVERecord?id=CVE-2023-24023. Accessed July 18, 2024.

45.

CVE. CVE-2024-3077 Crash BLE victim device with Zephyr RTOS [online]. 2024. https://www.cve.org/CVERecord?id=CVE-2024-3077. Accessed July 18, 2024.

46.

HL7 International. Statement to the global community from HL7 International on the paper “Playing with FHIR: Hacking and securing FHIR APIs” [online]. 2021. https://blog.hl7.org/statement-to-the-global-community-from-hl7-international-on-the-paper-playing-with-fhir-hacking-and-securing-fhir-apis. Accessed July 18, 2024.

47.

Fischer

Hamming

. IEEE PHD Cybersecurity Standards Roadmap [online]. April 30, 2019. https://ieeexplore.ieee.org/document/8703258. Accessed July 18, 2024.

48.

ISO/IEEE 11073—40101:2022 International Standard—Health informatics — Device interoperability Part 40101: foundational — Cybersecurity — Processes for vulnerability assessment [online]. IEEE. March 18, 2022. https://ieeexplore.ieee.org/document/9738537. Accessed July 18, 2024.

49.

ISO/IEEE 11073—40102:2022 International Standard—Health informatics — Device interoperability Part 40102: foundational — Cybersecurity — Capabilities for mitigation [online]. IEEE. March 18, 2022. https://ieeexplore.ieee.org/document/9738540. Accessed July 18, 2024.

50.

ITU-T

.810 Interoperability design guidelines for personal connected health systems: introduction [online]. ITU-T. September 29, 2019. https://handle.itu.int/11.1002/1000/14113. Accessed July 18, 2024.

51.

HL7 International. HL7 standards—section 1c: FHIR [online]. https://www.hl7.org/implement/standards/product_section.cfm?section=12. Accessed August 4, 2024.

52.

ISO/IEEE 11073—10419:2019 International Standard—Health informatics — Personal health device communication Part 10419: device specialization — Insulin Pump [online]. IEEE. April 12, 2019. https://ieeexplore.ieee.org/document/8686397/. Accessed July 31, 2024.

53.

Insulin Delivery Profile (IDP) [online]. Bluetooth SIG. https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=idp&filter=. Accessed July 31, 2024.

54.

ISO/IEEE 11073—10425:2019 International Standard—Health informatics — Personal health device communication Part 10425: device specialization — Continuous Glucose Monitor (CGM) [online]. IEEE. March 29, 2019. https://ieeexplore.ieee.org/document/8675785/. Accessed July 31, 2024.

55.

Continuous Glucose Monitoring Profile (CGMP) [online]. Bluetooth SIG. https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=cgmp&filter=. Accessed July 31, 2024.

56.

Authorization Control Profile (ACP), [online]. Bluetooth SIG. https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=acp&filter=. Accessed July 31, 2024.

57.

ISO/IEC/IEEE 15288:2023 International Standard—Systems and software engineering — System life cycle processes [online]. IEEE. May 16, 2023. https://ieeexplore.ieee.org/document/10123367/. Accessed July 31, 2024.

58.

The Open Group Architecture Forum. The TOGAF® Standard, 10th Edition [online]. 2022. https://shop.opengroup.org/c220. Accessed August 4, 2024.

59.

National Institute of Standards and Technology. The NIST Cybersecurity Framework (CSF) 2.0 [online] (Report No.: NIST CSWP 29). Gaithersburg, MD: National Institute of Standards and Technology; 2024. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf. Accessed August 4, 2024.

60.

Scaled Agile Framework. SAFe 6.0 Framework [online]. Scaled Agile Framew. https://scaledagileframework.com/. Accessed August 4, 2024.

61.

Lario

Soley

White

, et al. The Business Process Management for Healthcare (BPM+ Health) Consortium: motivation, methodology, and deliverables for enabling clinical knowledge interoperability (CKI). J Am Med Inform Assoc. 2024;31:797-808.

62.

European Association for the Study of Diabetes (EASD). Statements & guidelines [online]. https://www.easd.org/guidelines/statements-and-guidelines.html. Accessed August 4, 2024.

63.

Weilkiens

Vinarcik

Fischer

. The Craft of MBSE [online]. Fredesdorf, Germany: MBSE4U; 2023. http://leanpub.com/craft-of-mbse. Accessed December 24, 2023.

64.

Information Blocking [online]. HealthIT.gov. https://www.healthit.gov/topic/information-blocking. Accessed July 31, 2024.

65.

European Parliament and the Council. Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the European Health Data Space (EHDS) [online]. May, 2022. https://health.ec.europa.eu/ehealth-digital-health-and-care/european-health-data-space_en. Accessed July 19, 2024.

66.

Bluetooth

SIG

. Personal health devices transcoding whitepaper [online]. October, 2015. https://www.bluetooth.com/bluetooth-resources/personal-health-devices-transcoding. Accessed July 18, 2024.

67.

HL7 FHIR. Personal health device implementation guide [online]. May, 2022. https://hl7.org/fhir/uv/phd. Accessed July 18, 2024.

68.

Microsoft. Windows app development documentation [online]. https://learn.microsoft.com/en-us/windows/apps. Accessed July 19, 2024.

69.

Apple. Apple developer documentation—Core Bluetooth framework [online]. https://developer.apple.com/documentation/corebluetooth. Accessed July 19, 2024.

70.

Google. Android developers—connectivity—Bluetooth low energy [online]. Google Dev. https://developer.android.com/develop/connectivity/bluetooth/ble/ble-overview. Accessed July 19, 2024.

71.

Bluetooth

SIG

. Product database [online]. Search in database for Bluetooth chips/modules vendors “Nordic Semiconductor”, “Silicon Labs”, “Texas Instruments”, “STMicroelectronics”, “Infineon Technologies”, “NXP Semiconductors”, “Telink”, “Renesas”, and “Onsemi”. https://qualification.bluetooth.com/Listings/Search. Accessed July 19, 2024.

72.

LTIMindtree. EtherMind IEEE-11073 Stack [online]. https://www.ltimindtree.com/services/customer-success/product-engineering-services/wireless-ip-engineering-services/ethermind-ieee-11073. Accessed July 19, 2024.

73.

Nordic Semiconductor. Connected health [online]. https://www.nordicsemi.com/Applications/Connected-Health. Accessed July 19, 2024.

74.

Texas Instruments. Medical & healthcare design resources [online]. https://www.ti.com/applications/industrial/medical-healthcare. Accessed July 19, 2024.

75.

NXP Semiconductors. Secure Healthcare Solutions [online]. https://www.nxp.com/applications/industrial/secure-healthcare-solutions:HEALTHCARE-MEDICAL. Accessed July 19, 2024.

76.

USB-IF. Compliance Program [online]. https://www.usb.org/compliance. Accessed July 19, 2024.

77.

Bluetooth

SIG

. Qualify Your Product [online]. https://www.bluetooth.com/develop-with-bluetooth/qualification-listing. Accessed July 19, 2024.

78.

Computational Health Informatics Program. About SMART [online]. SMART Health IT, 2019. https://smarthealthit.org/about-smart-2. Accessed July 19, 2024.

79.

Google. Open Health Stack [online]. Google Dev. https://developers.google.com/open-health-stack. Accessed July 19, 2024.

80.

Firely. The official .NET SDK for HL7 FHIR [online]. https://fire.ly/products/firely-net-sdk. Accessed July 19, 2024.

81.

HL7 FHIR. Testing FHIR [online]. https://www.hl7.org/fhir/testing.html. Accessed July 19, 2024.

82.

HL7 FHIR. Testing Platforms [online]. 2023. https://confluence.hl7.org/display/FHIR/Testing+Platforms. Accessed July 19, 2024.

83.

Firely. The FHIR collaboration platform—SIMPLIFIER.NET [online]. Search Term “diabetes” Diabetes Care Co. “Abbott” “Acon Lab. “ARKRAY” “Ascensia Diabetes Care” “DexCom” “F Hoffmann- Roche AG” “Medtronic” “LifeScan” “SD BIOSENSOR” Declar. Implement. Guide “F Hoffmann- Roche AG” “ESYSTA Digit. Diabetes Care” Found. https://simplifier.net. Accessed July 19, 2024.

84.

Health Device Profile (HDP) [online]. Bluetooth SIG. https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=HDP&filter=. Accessed July 19, 2024.

85.

Generic Health Sensor Profile (GHSP) [online]. Bluetooth SIG. https://www.bluetooth.com/specifications/specs/?types=specs-docs&keyword=ghsp&filter=. Accessed July 19, 2024.

86.

Regenstrief Institute, Inc. Logical Observation Identifiers Names and Codes (LOINC) [online]. https://loinc.org. Accessed July 31, 2024.

87.

HL7 International. HL7 Standards—Section 1d: Version 2 (V2) [online]. https://www.hl7.org/implement/standards/product_section.cfm?section=13. Accessed August 2, 2024.

88.

CMS. Fact Sheets: CMS interoperability and prior authorization final rule CMS-0057-F [online]. 2024. https://www.cms.gov/newsroom/fact-sheets/cms-interoperability-and-prior-authorization-final-rule-cms-0057-f. Accessed July 19, 2024.

89.

Bundesministerium der Justiz. Sozialgesetzbuch (SGB) Fünftes Buch (V)—Gesetzliche Krankenversicherung—§ 373 Spezifikationen zu den offenen und standardisierten Schnittstellen für informationstechnische Systeme in Krankenhäusern und in der pflegerischen Versorgung; Gebühren und Auslagen; Verordnungsermächtigung [online]. https://www.gesetze-im-internet.de/sgb_5/__373.html. Accessed July 19, 2024.

90.

Trusted Exchange Framework Common Agreement (TEFCA) [online]. HealthIT.gov. https://www.healthit.gov/topic/interoperability/policy/trusted-exchange-framework-and-common-agreement-tefca. Accessed November 5, 2024.

91.

Fischer

. Interoperability: standardization doesn’t solve the interface problem. Or Does It? Connect Health Conference; 2016; Washington, DC.

92.

Fischer

. Ecosystem transformation through secure plug & play interoperability. 48th Annual Conference of the IEEE Industrial Electronics Society IECON’2022; 2022; Brussels, Belgium.

93.

Petitcolas

FAP

. Kerckhoffs’ principle. In: Van Tilborg

HCA

Jajodia

, eds. Encycl Cryptogr Secur [online]. Boston, MA: Springer; 2011:675-675. http://link.springer.com/10.1007/978-1-4419-5906-5_487. Accessed July 31, 2024.

94.

Shapiro

Varian

. Information Rules: A Strategic Guide to the Network Economy. Boston, MA: Harvard Business School Press; 1999.