The present invention is compatible and complementary with the elements disclosed in the following pending applications: “Medical System Having Improved Telemetry,” filed Jul. 19, 1999, Ser. No. 09/356,340; “System and Method for Transferring Information Relating to an Implantable Medical Device to a Remote Location,” filed on Jul. 21, 1999, Ser. No. 09/358,081; “Apparatus and Method for Remote Troubleshooting, Maintenance and Upgrade of Implantable Device Systems,” filed on Oct. 26, 1999, Ser. No. 09/426,741; “Tactile Feedback for Indicating Validity of Communication Link with an Implantable Medical Device,” filed Oct. 29, 1999, Ser. No. 09/430,708; “Apparatus and Method for Automated Invoicing of Medical Device Systems,” filed Oct. 29, 1999, Ser. No. 09/429; “Apparatus and Method for Remote Self-Identification of Components in Medical Device Systems,” filed Oct. 29, 1999, Ser. No. 09/429,956; “Apparatus and Method to Automate Remote Software Updates of Medical Device Systems,” filed Oct. 29, 1999, Ser. No. 09/429,960; “Method and Apparatus to Secure Data Transfer From Medical Device Systems,” filed Nov. 2, 1999, Ser. No 09/431,881 “Implantable Medical Device Programming Apparatus Having An Auxiliary Component Storage Compartment,” filed Nov. 4, 1999, Ser. No. 09/433,477; “Remote Delivery Of Software-Based Training For Implantable Medical Device Systems,” filed Nov. 10, 1999, Ser. No. 09/437,615; “Apparatus and Method for Remote Therapy and Diagnosis in Medical Devices Via Interface Systems,” filed Dec. 14, 1999, Ser. No. 09/460,580; “Virtual Remote Monitor, Alert, Diagnostics and Programming For Implantable Medical Device Systems” filed Dec. 17, 1999, Ser. No. 09/466,284; “Instrumentation and Software for Remote Monitoring and Programming of Implantable Medical Devices (IMDs), filed Dec. 2, 1999, Ser. No. 60/172,937; “Application Proxy For Telecommunication-enabled Remote Medical Access Instruments,” filed Dec. 23, 1999, Ser. No. 60/173,081; “Information Network Scheme For Interrogation Of Implantable Medical Devices (IMDs),” filed Dec. 24, 1999, Ser. No. 60/173,064; “Medical Device GUI For Cardiac Electrophysiology Display And Data Communications,” filed Dec. 24, 1999, Ser. No. 60/173,065; “Integrated Software System For Implantable Medical Device Installation And Management,” filed Dec. 24, 1999, Ser. No. 60/173,082; “Dynamic Bandwidth Monitor And Adjuster For Remote Communications With A Medical Device,” filed Dec. 24, 1999, Ser. No. 60/173,083 “Large-Scale Processing Loop For Implantable Medical Devices (IMDs),” filed Dec. 24, 1999, Ser. No. 60/173,079; “Chronic Real-Time Information Management Systems For Implantable Medical Devices (ilVIDs),” filed Dec. 24, 1999, Ser. No. 60/173,062; “Automatic Voice and Data Recognition For Medical Device Instrument Systems,” filed Dec. 24, 1999, Ser. No. 60/173,071 “Central Switchboard to Facilitate Remote Collaboration With Medical Instruments,” filed Dec. 24, 1999, Ser. No. 60/173,080; “System Of Notification Of Recalled Components For A Medical Device” filed Dec. 29, 1999, Ser. No. 09/474,694; “A Communications System For An Implantable Device And A Drug Dispenser” Dec. 30, 1999, Ser. No. 09/475,709; “User Authentication In Medical Systems Device,” filed Dec. 30, 1999, Ser. No. 60/173,822; “Automated Invoicing Based On Medical System Usage,” filed Dec. 30, 1999, Ser. No 60/173,824; which are all incorporated by reference herein in their entireties.
Medical devices, particularly implanted medical devices, require occasional and at times, chronic adjustments based on therapy and diagnostic needs of the patient. The therapy and diagnostic parameters that need adjustments may involve the decisions of doctors, nurses, Medtronic field service personnel, patients, members of the patient's family or representative, as the case may be. Further, the parameters to be adjusted, or the software to be implemented, in a medical device via an instrument such as a programmer or instruments, would require various levels and hierarchies of expertise. Misadjustment of the parameters could endanger the patient's life. Accordingly, there is need to limit access to these instruments to primarily protect the patient's privacy and well being.
Therapy regimen, and chronic patient and care treatment, via implanted medical devices would require timely decisions by physicians qualified to assess the patient's conditions and dispense proper medical care. Further, implanted medical devices (IMDs) must be monitored on a regular or chronic basis to make adjustments of certain parameters or settings responsive to changes in a patient's condition or based on factors internal to the IMD. IMDs may also contain logic devices such as digital controllers which may need to undergo firmware or software upgrades or modifications. Further, various users, including doctors, nurses, Medtronic field personnel and the patient, may occasionally want to review physiologic data or patient information stored in IMDs to evaluate the performance of the device and review patient history as needed. Current practice provides operations in which software and instructions installed in an IMD could be modified responsive to patient diagnostic and therapeutic conditions.
Instruments such as programmers, PSAs, ETPs and similar devices are becoming ubiquitous. Specifically, as the segment of the population with IMDs increases, health care cost management would require various home monitors and instruments to be available at the disposal of patients for managing the operations of the IMDs, either by the patients, nurses or doctors, as the case may be. For example, the patient may be remotely instructed to adjust certain parameters without intervention of the physician. Similarly, in the case of a chronic patient, a nurse may be assigned to visit the individual at home so that the nurse may make qualified decisions to adjust or modify the operations of the IMD based on a review of diagnostic and therapeutic parameters retrieved from the device. While empowering patients and other qualified personnel is a viable economic option to reduce the cost of health care, user verification, user authorization and access control will clearly be needed to provide a secure and safe management of implanted devices in patients. Specifically, all peripheral and major devices that are used in downlinking to the IMD may potentially be a source of security and privacy breach unless protected by a security system.
There are several user authentication systems. Specifically, some implement biometric identification to control access to customize computer systems data. For example, some computers require fingerprint data to access users' sensitive information.
In this regard, PCT publication WO2000/22581 to Bromba, M., discloses an identification device with a sensor having an authentication surface with biometric features. A comparator compares detected biometric features of a part of the authentication surface of an authorized person or persons to determine the relative position of the sensor detected biometric features within the authentication surface. The computing device then computes an identification code which identifies the person detected by the sensor.
Similarly, U.S. Pat. No. 5,401,561 to Borus et al, discloses identification characteristics formed as optical markings with radiation provided by a light source. The marking is in an optically transparent housing or surface or other area for at least a part of the wavelength range within the sensitivity range of the human eye and for a further part outside the human eye sensitivity range.
PCT publication WO2000/43960 to Frischholz, R., discloses a recognition system that is based upon medical data, obtained for example, from fingerprints or eyes. The method involves acquisition of data by scanning with a camera, for comparison with reference data. In order to prevent misuse, the reference data is based upon several samples from different positions. The user has to move a hand or eyes to form an object on the screen that would provide adequate data input to the controller. Similarly, PCT publication WO2000/021021 to Frischholz, R., discloses a face detecting system in which the images of a face model could be generated for identification purposes.
PCT publication WO2000/026823 to Garfinkle, N., discloses an individual medical record protection method for protecting medical records prepared in a doctors office or hospital. Specifically, the invention relates to a process by which a person authorized by the patient inputs personal identification and biometric codes to a database that checks if the biometric and Id number are in accord with that stored in the database. Upon confirmation, access is granted to a particular record that uses the Id code and the data is transmitted to the requesting site.
Accordingly, the use of biometrics for identification and authorization of users based on data associated with a stored key is well known in the art. However, the implementation of biometric recognition systems to enable access to instruments in data communication with IMDs, presents new and non-obvious biometric implementation. Specifically, the implementation of biometric recognition systems to provide a layered and hierarchal access to instruments and IMDs on expertise and need, reduces opportunities for tampering, manipulation, error and harm to the patient. Accordingly, it is preferable to provide specific access to IMDs via instruments such as programmers, PSAs and other instruments, home monitors and programmers to doctors, nurses, Medtronic technicians and patients or patients' representatives, to enable safe monitoring and content specific adjustment or modifications of implanted medical devices.