Patient medical devices and monitors (collectively “PMDs”), particularly implantable PMDs, generally require periodic interrogation by programmers or personal communicators (collectively PMD interrogation devices, or “PIDs”) to retrieve recorded patient physiometry and parametric data and to perform device programming. Conventionally, interrogation and programming have been limited to in-clinic or hospital settings using inductive or near proximity telemetry. The visual and physical closeness of the patient, caregiver, and PID provide assured identification and authorization. “Identification” refers to knowing the positive identity of the person that is performing the procedure. “Authorization” refers to the patient granting permission to that person to perform with the procedure. Physical identification and authorization minimized, the chances of interrogation or programming being misdirected to the wrong PMD or being performed without permission or covertly, for instance, through a stolen or altered programmer,
PMDs have become increasingly capable and autonomous as onboard processing, data storage, and battery efficiency have improved. PMDs can now use radio frequency (RF) telemetric or similar long range interrogation interfaces. As the range of RF interrogation interfaces can be up to several meters, visual and physical identification can be ineffective. RF interrogation thus opens the possibility of unauthorized programmers being used for interrogation or programming, either without permission through a stolen, modified, or non-manufacturer programmer, or by innocent mistake, such as where a physician interrogates the wrong device, such as a PMD located in an adjacent room.
Consequently, to ensure patient safety, the identity of a PID and the authority of that PID to interrogate or program a PMD should be confirmed whenever the PID is not readily visible or located nearby. For example, an implantable PMD might be located in a different room than an RF-telemetry capable PID, even though the patient and caregiver are physically in the same room. As a further example, a patient might have an at-home PID, such as a personal communicator, that his caregiver seeks to remotely interrogate from his clinic. Although neither the caregiver's identity nor his authorization to interrogate is in question, the caregiver must still ensure that the correct PID is interrogating the receiving PMD. In both situations, the identity and authority of the PID itself are unknown to and unconfirmed by the PMD and patient safety cannot be assured.
Hybrid approaches to identification and authorization are inadequate. For example, patient consent and authorization can be obtained conventionally through wanded inductive telemetry, after which interrogation or programming can proceed using RF telemetry. However, duplicative interfaces are needed and fewer of the benefits afforded by long range interrogation are enjoyed, such as interrogation or programming performed entirely outside of a clinic or hospital.