A Communication and Information Technology Infrastructure for Real Time Monitoring and Management of Type 1 Diabetes Patients Marios Skevofilakas, Stavroula G. Mougiakakou, Konstantia Zarkogianni, Erika Aslanoglou, Sotiris A. Pavlopoulos, Andriani Vazeou, and Christos S. Bartsocas, Konstantina S. Nikita
Abstract—This paper is focused on the integration of stateof-the-art technologies in the fields of telecommunications, simulation algorithms, and data mining in order to develop a Type 1 diabetes patient's semi to fully – automated monitoring and management system. The main components of the system are a glucose measurement device, an insulin delivery system (insulin injection or insulin pumps), a mobile phone for the GPRS network, and a PDA or laptop for the Internet. In the medical environment, appropriate infrastructure for storage, analysis and visualizing of patients’ data has been implemented to facilitate treatment design by health care experts.
T
I. INTRODUCTION
YPE 1 diabetes also known as juvenile diabetes and often also called insulin-dependent diabetes is a disease usually diagnosed in children and young adults. Diabetes causes inability of the patient’s pancreas to produce enough insulin, a hormone needed to convert glucose into energy by helping it enter the body’s cells. Type 1 diabetes accounts for 3% of all new cases of diabetes each year. There is one new case per every 7,000 children per year. In 2006, according to the World Health Organization (WHO), 171 million people worldwide suffer from diabetes mellitus. Moreover, incidences are increasing rapidly, and it is estimated that by the year 2030, this number will double. Diabetes is in the top 10 of the most significant diseases in Manuscript received April 16, 2007. This work was supported in part by the General Secretariat of Research and Technology / Ministry of Development (Greece). M. Skevofilakas is with Faculty of Electrical and Computer Engineering, National Technical University of Athens, 9 Heroon Polytechneiou Str. 15780 Zographou, Greece (e-mail:
[email protected]). S. G. Mougiakakou is with Faculty of Electrical and Computer Engineering, National Technical University of Athens, 9 Heroon Polytechneiou Str. 15780 Zographou, Greece (phone: +30 210 772 2968; fax: +30 210 772 3557; e-mail:
[email protected]). K. Zarkogianni is with Faculty of Electrical and Computer Engineering, National Technical University of Athens, 9 Heroon Polytechneiou Str. 15780 Zographou, Greece (e-mail:
[email protected]). E. Aslanoglou is with DATAMED S.A. HEALTHCARE INTEGRATOR, Kifissias Av. & 71 Grammou str., 15124 Marousi, Greece (e-mail:
[email protected]). S. Pavlopoulos is with Faculty of Electrical and Computer Engineering, National Technical University of Athens, 9 Heroon Polytechneiou Str. 15780 Zographou, Greece (e-mail:
[email protected]). K. Nikita is with Faculty of Electrical and Computer Engineering, National Technical University of Athens, 9 Heroon Polytechneiou Str. 15780 Zographou, Greece (e-mail:
[email protected]). A. Vazeou is with the Department of Pediatrics, Faculty of Nursing, University of Athens at P&A Kyriakou Children's Hospital, Athens, Greece (e-mail:
[email protected]). C. S. Bartsocas is with the Department of Pediatrics, Faculty of Nursing, University of Athens at P&A Kyriakou Children's Hospital, Athens, Greece (e-mail:
[email protected]).
the developed world, and is constantly gaining in significance. Furthermore, having Type 1 diabetes significantly increases the long-term risk of developing several other serious conditions. Specifically, statistics confirm that Type 1 diabetes patients are prone to develop heart diseases due to bad blood circulation, kidney disease, eye complications, neuropathy, feet and skin complications, gastro paresis and depression [1]. II. SYSTEM ARCHITECTURE AND FUNCTIONALITY In Fig. 1 the overall architecture, as well as communication pathways, of the implemented system are shown. We define three main modules in our system: i) the Patient Module (PM), which is consisted of the insulin infusion pump, the Mobile Supporting Unit (MSU) and Front-end Interface components, ii) the Decision Support Module (DSM), which interacts with the Diabetes Electronic Medical Record Management (DEMRM) component and iii) the backbone module consisted of the Insulin Infusion Advisory System (IIAS) component and the back office server components, which include a central DataBase (DB), a remote DB, a Data Warehouse (DW) an application and a WEB server [2]. The PM implements the core functionality of the system that can be viewed from the patient side. The MSU gives the patient the ability to store information regarding his nutritional and exercise habits. This information combined with measurements that are taken either by conventional finger-stick glucose meters (three to four times per day), or Continuous Glucose Monitoring System (CGMS) is sent to the backbone module module via HTTPS over GPRS. This information is fed to the IIAS component raising events that force the DSM to output predictions concerning insulin infusion rates. DSM’s servers continuously monitor the insulin pump’s functionality and provide application front-end interfaces to monitor the pumps. Both the glucose level measurements and estimated insulin rates by IIAS component are sent to the central DB server. The outputs of IIAS are visualized on the DEMRM front-end component. The Diabetes Future Complications Decision Support (DFCDS) component is designed to periodically subscribe for data to the central publisher DB using SQL Server Integration Services (SSIS).
infusion rates, patient’s meals and exercise habits. Simple Avkon GUIs have been implemented allowing for DB manipulation directives such as creation, connecting to and deletion of local DB, creation and deletion of tables, index creation, SQL data manipulation and querying. For the overall implementation the Model- ViewController design pattern has been used to provide maximum interoperability on different Symbian platforms. Communication between the mobile device and the central DB server is established on demand using end – to – end HTTP Symbian APIs while use of SSL-128bit over GPRS ensures security during transmission of patient’s critical information.
Fig. 1. Overall system architecture and communication pathways.
The DFCDS component is responsible for the prediction of diabetes – related complications and redirects output to the central database component. Predictions on possible complications are displayed on the DEMRM front-end. A. DEMRM Component The DEMRM component and it’s connectivity with the rest system is presented in Fig. 2. The DB designed and implemented on SQL Server 2000 is ICD9 compliant concerning the knowledge entity of the diabetes disease. The front-end management application was created using Microsoft’s Active-X document migration technologies that enable the application to execute remotely using a common browser. Care has been taken so that patient information can be intelligibly provided to the users of the implemented system. Smart graph visualization has been implemented allowing health care professionals to quickly evaluate a patient’s clinical state. B. MSU Component The MSU component was designed and implemented using C++ APIs on a Symbian OS. A wide research has been done concerning integrated Symbian Database Management System engines, mobile connectivity issues and mobile user interfaces. The user interfaces implemented fall into two wide categories:
Fig. 2. Core architecture and connectivity of the DEMRM component.
i) DEMRM data visualization and ii) data input interfaces for information concerning glucose measurement, insulin
C. IIAS Component The IIAS uses data about measured blood glucose levels, insulin infusion rates, carbohydrate contained in meal, and provide outputs regarding insulin pumps infusion parameters. The IIAS is based on a closed-loop system able to manipulate the gluco-regulatory process of Type 1 diabetes patient. The system is comprised by two modules: i) a hybrid glucose-insulin model, and ii) a Nonlinear Model Predictive Control (NMPC) strategy. More specifically: 1) Hybrid Glucose-Insulin Metabolism Model: The model (Fig.3), which is able to make short-term glucose predictions, is based on the combined use of one Compartmental Model (CM), type of mathematical model, and a Neural Network (NN). The CM estimates the glucose input into the blood from the gut, in response to carbohydrate intakes. The output of the CM along with the most recent glucose measurement and previous insulin intake are passed to the NN, which provides prediction of short-term glucose levels. The NN is Recurrent NN (RNN) trained with the Real Time Recurrent Learning (RTRL) algorithm [3, 4]. 2) Non-linear Model Predictive Control: The NMPC is a control algorithm, capable of handling systems with large delays and noise [5]. The core of the control algorithm is the aforementioned hybrid glucose-insulin metabolism model, which provides the predicted outputs of the system to be controlled (Fig. 4). The NMPC is based on an optimizer which computes, at each sample time, the future control movements, that minimize an appropriate cost function. The cost function encompasses the differences between the model predictions and the desired performance over a time horizon. The objective of the control law is to drive future model outputs y NN (t + j ) close to a reference level.
especially in a real time medical decision support system tightly coupled with a patient’s treatment is of major importance due to the sensitivity of the domain. Confidentiality of information available and quality of care is strongly interrelated. Guarantee that personal clinical information will not be altered, misused or tampered with, is of great importance in keeping patient’s confidence in the healthcare system. Availability and integrity are also of great importance. The used security framework is based on a component design approach [7] that is comprised by the following four main components.
Fig. 3. Hybrid glucose-insulin metabolism model. u
p + -
NMPC
z-1
z-1
RNN
CM
y
Patient with Type 1 Diabetes
yNN
Glucose Absorption from the Gut
A. Platform Component Role-based security was implemented into the system by defining three different views of the front-end management system acting as a transparent filter through separate types of users. Three basic roles were defined as user types. The Patient Role allows the patient to remotely access information concerning his current treatment status as well as any information stored in the DEMRM component.
Hybrid Glucose- Insulin Metabolism Model
Fig. 4. General architecture of the closed- loop system. u: subcutaneous insulin, y: subcutaneous glucose, yNN: glucose predictions from RNN, p: reference level.
D. DFCDS Component DFCDS is based on Cross Industry Standard for Data Mining (CRISP-DM) and on methodologies for business intelligence and data warehousing projects, proposed by the Kimball Group. Fig. 5 shows the overall infrastructure proposed for the DFCDS. The DW retrieves fine grained data from the central DB using an SSIS agent. The main SSIS package is consisted of three sub-packages: i) the data fetching and preparation sub-package, ii) the mining algorithm training sub-package and iii) the maintenance subpackage. The SSIS sub-package created is responsible not only for fetching the desired data to the warehouse, but also for the data preparation. The mining algorithm sub-package is responsible for feeding the fresh view of the DW onto the mining models and retraining, and finally the maintenance sub-package is responsible for table optimizations and periodic back-ups. The data fetching and preparation subpackage is designed to automatically trigger itself in time periods that will be defined by health care professionals. The mining algorithm sub-package is synchronized to trigger after the data import and preparation sub-package concludes. The maintenance sub-package performs daily incremental and weekly complete backups. Queries are sent from the front-end applications to the warehouse’s mining model using Object Linking Embedding for Data Mining (OLEDBDM) and the Data Mining Extensions (DMX) for SQL. III. SECURITY DESIGN AND IMPLEMENTATION Security in the field of health care IT projects and
Fig. 5. Core architecture and connectivity of the DFCDS component.
The Health Care Professional Role gives access to the patient information in the DEMRM component. Each health care professional is tightly coupled with certain patients and can only view and alter his patients’ clinical information. An auditing mechanism ensures recording of every change made. This poses a strong security mechanism for intentional or non-intentional mal-alteration of information. Furthermore, the health care professional is provided with a smart interface to interact with the IIAS. Extreme caution has been taken to protect the patient from erroneous insulin infusion doses. Whenever the IIAS estimations are out of predefined ranges, instructions cannot be forwarded to the infusion pump without the health expert’s approval. He also has the ability to enable reporting for all or part of the decision made by system. The Administrator Role allows knowledge administrators to import new knowledge entities in the system. New medications and diseases can be imported to the system for future use by health care professionals. Furthermore new user and their roles can be defined. User authentication is achieved at a DB scope through the usual username – password scheme. Hashing algorithms are
implemented for secure transmission of user data. User oriented data views provide further security by restricting access to specific medical data only to relevant users. In hardware level a high level of redundancy is achieved using technologies such as Redundant Array of Inexpensive Disks (RAID) with hard disk mirror imaging. On-line Transaction Processing (OLTP) and On-Line Analytical Processing (OLAP) algorithms reside on different server machines to avoid interference between usual transactions on the patient object and decision support algorithms [8]. B. Network Component This research resulted in the implementation of a system with increased extranet traffic consisting of critical data. IPSec on the network layer and Secure Socket Layer (SSL) on the transport layer are used to ensure secured communication between the remote servers. SSL over General Packet Radio Service (GPRS) ensures secure transmission from the MSU. HTTPS is the protocol relied on to deliver secure transmission via the DEMRM component. The central DB is protected using a router with specific access lists as well an application layer firewall – Intrusion Detection System (IDS) that continuously monitors network traffic [9]. C. Physical Component – Securing Access The physical security component's main role is to prevent unauthorized users to physically contact the system's devices. Furthermore, this subcomponent has to deal with the possibility of a natural disaster or possible lack of energy resources. Critical systems of the proposed project will operate in controlled environments, safe from intrusion [10]. D. Policy Component - Designing Guidelines Establishing security policies, guidelines and procedures is a critical step towards securing an infrastructure and its information [8, 9]. Policies set the overall tone and define how security is perceived by senior management inside the organization. The National Institute of Standards and Technology (NIST) divide policies into three broad categories: • Management: Policies that define security roles and responsibilities within an organization. They also define how policies themselves are created, revised and retired. • Operational: Policies that deal with the operational aspect of the organization. Examples include physical security and employee training. • Technical: Policies that apply to the IT infrastructure. Security policies will be designed and applied during the pilot test of the proposed IT infrastructure in such a way that they will protect confidential, proprietary and sensitive information from unauthorized disclosure, modification, theft or destruction. IV. CONCLUSION – FUTURE WORK The information and telecommunications infrastructure that has been presented provides continuous monitoring of diabetes patients using GPRS and IP based networks.
Furthermore, the implemented system provides a state of the art medical record management of Type 1 diabetes mellitus utilizing smart data acquisition and visualization technologies combined with semi to fully automated decision support systems. The current stage of the project concerns the evaluation of the IISS component, using data from Type 1 diabetes patients who are using CGMS, aiming at accuracy optimization. Furthermore, the overall system is under evaluation from healthcare professionals and it is planned to be clinically tested in the near future. Additional work is required for system extension to 3G networks in order to exploit the available bandwidth and provide extended visualization capabilities to the mobile devices. Finally, the platform will be pilot tested and clinically evaluated in a true healthcare environment under the surveillance of our medical experts. REFERENCES [1]
The Diabetes Control and Complications Trial Research Group, “The Effect of Intensive Treatment of Diabetes on the Development and Progression of Long-Term Complications in Insulin-Dependent Diabetes Mellitus,” New England Journal in Medicine, vol. 329, no. 14, pp. 977-986, 1993. [2] Dail Magee, Karen Szall, Kathy Harding, 2003, Analyzing Requirements and defining Microsoft .NET Solution Architectures, MCAD/MCSD Exam 70-300, Microsoft press. [3] R. Williams, D. Zipser, “A Learning Algorithm for Continually Running Fully Recurrent NN,” Neural Computation, vol. 1, 1989. [4] R. Williams, D. Zipser, “Gradient Based Algorithms for Recurrent NN and their Computational Complexity,” Back-propagation: Theory, Architectures and Applications, Hillsdale, NJ: Erlbaum, 1995. [5] D. W. Clarke, C. Mohtadi, P. S. Tuffs, ‘‘Generalized predictive control- Part I, The basic algorithm,” Automatica, vol. 23, pp. 137148, 1987. [6] Kimball Group 2006, The Microsoft Data Warehouse Toolkit, With SQL Server 2005 and the Microsoft Business Intelligence Studio. [7] Rudi van de velde, Patrice Degoulet, 2003, Clinical information systems a component-based approach, Springer publishing [8] Victor Oppleman, Oliver Friedrichs, Brett Watson, 2005, Extreme exploits, Symantec security response, McGraw Hill press [9] Michael Gregg, David Kim, 2005, Iside network security assessment, guarding your IT infrastructure,SAMS publishing [10] Mike Pastore, Emmett Dunaley, 2005, CompTIA Security+, exam SYO -101, SYBEX.