1 Introduction

According to a report by the Centers for Medicare and Medicaid Services [CMS] (https://www.cms.gov), the United States spent nearly $3.6 trillion dollars on health care in 2018. This amount is about 17.7% of the nation’s GDP. Assuming a steady increase, this expenditure would be nearly $4 trillion dollars in 2020. Hence, it is important to understand the various trends that will affect the future of health care.

The journey to future health care will involve advances mainly in three dimensions (see Fig. 1): (1) advances in health care technology; (2) advances in health care delivery; and (3) advances in computer science and information technology. Advances in health care technology include breakthroughs in the human genome project, pharmaceuticals and nutraceuticals, and medical devices. In health care practice, we have novel methods developed for better disease management, evidence-based health care across the continuum of care, and mind–body medicine. Innovations in computer science and information technology are helping us handle and understand the vast amount of health information (we will use the word IT to denote computer science and information technology). These innovations in health IT (HIT) are being fueled by increases in computational power and storage capacity, mobile personal computing and communication devices (mPCDs), cloud computing, artificial intelligence, networking, and biometrics. Several studiesFootnote 1 have pointed out that properly implemented HIT could result in significant savings and improved health care. We briefly describe three revolutions that are important to health care in the twenty-first century.

Figure 1:
figure 1

Various paths leading to 21st century health care (Inspired by Jack Corley).

Full size image

The Internet Revolution. The Internet, which has spanned several networks in a broad range of domains, is having a significant impact on every aspect of our lives. The next generation of networks will utilize a wide variety of resources with significant sensing capabilities. Such networks will extend beyond physically linked computers to include multimodal-information from physical, biological, cognitive, semantic, and social networks. Mobilizing these interlinked networks necessitates a paradigm shift involving symbiotic networks of people (social networks), smart medical devices, and smart phones or mobile personal computing and communication devices (mPCDs) to create future net-centric societies. These specialized devices—and the network—will be constantly sensing, monitoring, and interpreting the environment, and often are referred as comprising the Internet of Things (IoT). The symbiosis of IoT and social networks—which is also known as Internet of Everything (IoE)—will have significant implications for the way health care is delivered in the United States. And, telemedicine will be aided by advancements in IoE34,35.

The Omics Revolution. The Human Genome project has provided us with a fairly comprehensive map of the human genome, the study of which is called genomics. This mapping has led to the development of a wide variety of technologies for profiling a person’s DNA. We are moving toward being able to provide the complete genetic profile of a person in a cost-effective manner. Genomics, along with the evolving fields of proteomics, which is the study of the functions of all expressed proteins and protein networks and metabolomics involving “the rapid, high throughput characterization of the small molecule metabolites found in an organism,” is changing the practice of medicine. The integration of various “omics” to understand a biological system was the primary focus of an initiative on Precision Medicine in the USFootnote 2 Essentially, this integration consists of gathering comprehensive sets of data that define and quantify the elements of a particular biological system and computationally analyzing them to establish functional and dynamic connections. The premise is that no molecule in biology acts alone. There are thousands of cause-and-effect interactions that can occur. Understanding those interactions and their effect on the biological system is enabled through massive integration of experimental data and theoretical insights.

Artificial Intelligence Revolutions. Artificial Intelligence (AI) is concerned with the development of computer programs that emulate the intelligence of humans, i.e., AI is deeply concerned with the understanding of human problem-solving strategies and incorporating (or simulating) these strategies into computer programs32. Since the 1950s when the term AI was coined, there has been considerable progress in this area. The 1980s was dominated with the rise of knowledge-based systems, which is also called “the first wave or revolution”39. Advancements in computer hardware facilitated multilayered neural networks, which led to significant improvements in machine learning for certain classes of problems in 2000s. This was the “second wave or revolution.” Now, we are witnessing the “third wave,” which will include a combination of neural networks and knowledge structures. This third wave or revolution will further aid in the transformation of health care.Footnote 3 AI is being used extensively in many health care applications40,44.

The above technologies have to operate in context and would require organizing them into a system to provide comprehensive health care. To map the intersection between the needs of medical care and the future health care infrastructure, we offer the P4 medicine concept pioneered by Leroy Hood17, Institute of Systems Biology, to the P9 concept.Footnote 4 The Elements of the P9 concept of health care include:

  1. 1.

    Personalized. Personalized medicine involves tailoring/customizing treatment to each individual.

  2. 2.

    Predictive. Based on the information in the EHRs (electronic health records) and genomic data, we should be able to determine an individual’s susceptibility to particular diseases.

  3. 3.

    Preventive. Instead of treating a disease when it inflicts a person, machine learning and decision analytic tools can be used to develop strategies to prevent onset of disease.

  4. 4.

    Participatory. The patient should actively participate in the diagnosis and the treatment of his/her medical condition.

  5. 5.

    Pervasive. The health care should be provided anytime, anywhere, and at any location.

  6. 6.

    Precise. Once data and information are gathered, then decision-analytic tools can be used to precisely determine the cause of a disease and to recommend appropriate therapeutic actions.

  7. 7.

    Privacy-preserving. Appropriate measures should be taken to ensure that processing of patient data minimizes problems for patients.Footnote 5

  8. 8.

    Protective. Safety measures should be taken to avoid any harm to the patient by any means, and we need to ensure the security of information and computer systems.

  9. 9.

    Priced reasonably. The cost of the health care should be affordable.

The common thread running through these requirements is the need for information to be gathered, processed and made available to different points of care, while incorporating the safety, privacy and affordability of the system of care. Given the sources of information are varied and scattered, a seamless interoperable information flow is required to address the medical decision-making needs. Any long term sustainable digital health care infrastructure operating in the future will have to address the P9 elements in its design and implementation, within the social constraints and regulations for handling health information.

It is imperative that the information generated in the health care enterprise is digitally encoded with the right semantics, archived for efficient storage and retrieval, scalable, and transportable reliably, securely, efficiently without any information loss. Meeting these requirements will result in an efficient and effective health care system with the ability to create new knowledge through data analytics and machine learning techniques. In Sect. 2, we propose an abstract architectural framework for a smart networked system and society that will satisfy above conditions. The architecture identifies the role of a set of different information technology components to provide various services. A case study of potential personalized health care for an asthma patient—focusing on the salient aspects of the combination of technologies in the framework—is provided in Sect. 3. We discuss a research agenda to realize a smart health care framework in Sect. 4. This discussion is followed by a presentation of ongoing work at NIST in Sect. 5.

The paper attempts to be as comprehensive as possible in developing the relationship between the P9 and the different components of information infrastructure, standards, information modeling, interoperability, and testing regimes. However, it does not claim to cover all developments in this evolving discipline of health care informatics, as we are witnessing a rapid growth in this field.

2 From Internet of Things to Smart Networked Systems and Societies

In this section, we describe the development of a framework, starting with the Internet of Things, that will allow us to implement the P9 paradigm.

Internet of Things. The Internet of Things (IoT) is a term that is being used to denote a network—typically via the Internet—of IoT devices and systems that constantly monitor the environment and can result in “intelligent actions.”Footnote 6 These devices can range from simple sensors to complex cyber-physical systems (CPS) such as automobiles and buildings. We provide a clarification on the use of the term CPS. One commonly used definition for CPS is provided at the US. National Science Foundation’s website,Footnote 7 which places an emphasis on embedded systems and the tight coupling between hardware and software.Footnote 8 An architectural framework is provided in CPS8. A special issue of the Journal of the Indian Institute of Science, Vol. 93, No. 3, Jul-Sept. was dedicated to CPSs. Several research challenges were outlined in a report from a summit held in 2008 and sponsored by the US National Science Foundation.

Several interpretations of IoT are in vogue. For example, ITU (International Telecommunication Union) and IERC (IoT-European Research Cluster) define IoT as “a global network infrastructure with self-configuring capabilities based on standard and interoperable communication protocols where physical and virtual things have identities, physical attributes and virtual personalities, use intelligent interfaces and are seamlessly integrated into the information network”45. Note that for a device to be called an IoT device it has to be connected to the Internet. Many cyber-physical systems may not be connected to the Internet, which means a CPS need not necessarily be an IoT system. Figure 2 shows the various components of IoT. Figure 3 shows an example of IoT in a health care setting.

Figure 2:
figure 2

Internet of Things/cyber physical systems.

Full size image
Figure 3:
figure 3

IoT/CPS example in a hospital room.

Full size image

Cooperative Cyber-Physical Systems. Cooperative Cyber-physical systems (CCPSs) extend IoT/CPS and will play an increasingly important role in the next generation industrial systems. These systems extend IoT/CPS by adding a control and decision-making layer (see Fig. 4). Again, several interpretations of CCPSs exist in the literature.

Figure 4:
figure 4

Cooperative cyber physical systems.

Full size image

Examples of CCPSs include the following (we assume all devices are connected to the Internet): (1) smart cars, which drive on their own and communicate with each other; (2) networked medical devices, which coordinate and communicate with each other; (3) smart infrastructure, where smart sensors will be embedded in various infrastructure elements such as bridges, aircraft, buildings, parking lots, and will facilitate automated decision making; (4) robot swarms, which will aid in defense, homeland security, and rescue missions.

Cyber-Physical Human Systems. When humans take an active role in IoT devices or CPSs we have Cyber-physical Human Systems (CPHSs). These systems can be viewed as socio-technical systems, with a symbiotic joint cognitive relationship between humans and the cyber-physical systems16. A schematic of a CPHS is shown in Fig. 5. Examples of such systems in health care include:

  • Medical robots for the elderly care. There is a considerable demand for health care services for the elderly, in particular support for in-home care. It is conceivable that one or more household robots can help the elderly in various tasks, including responding to emergency situations such as a fall or an impending stroke.

  • Remote patient monitoring. Using telehealth infrastructure and CPS/IoT devices, especially for premature birth infant care and elderly at home22,31 will aid in better quality health care. Telehealth has become an important part of the COVID-19 response to facilitate physical distancing.

  • Intelligent health care transportation: The recent COVID-19 pandemic has uncovered the challenge of sending patients to a hospital that has appropriate care facilities. There have been cases of ambulances going from hospital to hospital to find a bed. A cyber-physical human system could centrally assign the patient to a facility where care is available.

Figure 5:
figure 5

Cyber-physical human systems.

Full size image

Cyber-Physical Social Systems or Smart Networked Systems and Societies. Social networks, such as Facebook and Twitter, primarily connect people to one another. The rise of social media networks in medicine has exploded in recent years. These include networks such as Patients-like me, Diabetes mine, twitter feeds, National Institutes of Health (NIH) podcasts, and others. When these networks are combined with IoT devices/CPSs, we have Smart Networked Systems and Societies (SNSS), also known as Cyber-physical Social Systems (CPSS)33 (see Fig. 6). An overview of the above appeared in an article41 that provided two Internet of Things (IoT) perspectives. The first perspective was a research agenda for the IoT to ensure the development of a trusted, secure, reliable, and interoperable net-centric computing environment. The second perspective discussed IoT as a human agent extension, and complement.Footnote 9

Figure 6:
figure 6

Smart networked system and societies.

Full size image

In this section, we have identified the technologies that can support the P9 requirements for a health care system. To accomplish this support, we would need different technologies to collect, organize, disseminate, and interact with patients as well as serve patients in a privacy-preserving and secure IT environment as per the P9 needs. The technologies and their composition are described along with the tools used for combining different aspects of the P9 needs. For example, the devices and software can be embedded in a patient’s watch, in a car or a hospital ward to monitor vital signs and provide personal alerts from personalized (P1), predictive (P2) and preventive (P3) needs. The “omics” revolution has provided the ability to create a more precise picture of the patient, thereby enhancing measurements at the gene level. These innovations form a set of interconnected Cooperative Cyber-physical Systems that provide the service.

The above systems go beyond connecting the individual, to their doctors, health care providers, insurance agencies, pharmacies, and other medical services. Here the information flows are taking place on the Internet of information architectures to provide precise (P5) information to the patient and caregivers from a decision-analytics perspective. To provide patient care services across time and space, pervasive care (P6), requires that access to medical information be available on-demand through the (P4) infrastructure. This access forms the core of Cyber-physical Human Systems.

For the system to be participatory (P4), it has to be able to interconnect different parts of systems from the wearable or other personal devices to the medical record in order to provide the means for patients to record/report the state of their physical being, such as temperature and blood pressure. The patients also should be able to exchange data with their doctors and other patients, and to participate in patient groups through social media and social networks, such as Patients-like-me and disease-specific groups. These arrangements would constitute the interconnected cyber-physical and social networks or a Smart Networked Systems and Society (SNSS). The features of privacy-preserving (P7) and protective (P8) aspects are foundational system characteristics that would be embedded throughout the system.

A case study using this approach to design an initial prototype implementation of SNSS architecture is described for community centered smart services to manage city garbage collection systems. This work combines the different components of the above architecture, social networks, and sensors with city services43. In the next section, we present a similar but slightly expanded case study focused on addressing personalization needs in health care.

3 Case Study

We illustrate the above SNSS framework with a case study provided by Ramesh Jain, University of California, Irvine. The case study illustrates the potential for SNSS architecture to provide Personalized (P1), Predictive (P2), Preventive (P3), Pervasive (P4), Participatory (P5) and Precise (P6) information to an asthma patient for real time medical intervention in the context of the state of his/her health and physical environment. To provide this service, we need to use a number of sources of information and devices. They would need to satisfy the requirements of safety for the patient using the devices (Protective—P8) while maintaining privacy (P7) and at a reasonable price (P9). We do not address elements P7 through P9 in this case study directly, but we assume that they have been addressed adequately. (See section on Research issues for additional comments on them). We will choose three technological components and their composition of an SNSS to provide real-time medical advice on preventive measures to an asthmatic person.

The case study has three components: (1) Health persona: managing personal health through mPCDs/personal health monitoring devices; (2) Integrated health record: integration of personal medical records with genomic information and health persona; and (3) Medical resource allocation on demand. Finally, we integrate all of these components in the case to provide service to an asthma patient.

Health persona: An illustration of Health Persona is shown in Fig. 7. Essentially, the Health Persona for an individual consists of information that comes from various sensors: logical, fitness tracking, and physiological sensors. Logical sensors may include calendars, food intake information, and other inputs. Fitness tracking sensors, such as Apple Watch, Fitbit, and similar sensors monitor physical activity. Several companies are providing integrated sensor devices for home use (e.g., Mysignals from Libelium measures fifteen different biometric parameters). Physiological sensors collect information from various passive body measurements, such as heart rate, respiration rate, and oxygen saturation. All of this sensor information manifests as various events: life events, food events (see24), kinetic events, physiological events, and psychological events (see6), which essentially provide knowledge or event graphs. From a compilation of the data, one ultimately can obtain an individual’s Health Persona.

Figure 7:
figure 7

Health persona.

Full size image

Integrated medical record: A patient’s visit to a physician or hospital is frequently documented in an Electronic Health Record (EHR) or Electronic Medical Record (EMR). In addition to administrative data, the EHR has progress notes, vital signs, history and physical, diagnosis, medications, immunizations, diagnostic data (including clinical laboratory and medical imaging), and other relevant information. Currently, most EHRs don’t have genomic information. For example, a genetic variation of the CYP2C9 gene has implications for warfarin dosing, as stated in9: “individuals of European ancestry who carry one or two copies of CYP2C9*2 or *3 are more sensitive to warfarin—they require lower doses and are at a greater risk of bleeding during warfarin initiation.” However, the result of the relevant genetic study is unlikely to be included in the EHR of a patient for whom a physician is prescribing warfarin. Another genomic example pertains to the SARS-CoV-2 virus. A number of people who are exposed to the virus do not show any symptoms or may have mild symptoms. One study at the Asian Institute of Gastroenterology in India has shown that this virus is unlikely to enter a human cell if the person has a TMPRSS2 gene mutation46. As these examples illustrate, it is important to include a patient’s genomic information in his/her EHR. Figure 8 shows a Personal Health Record, which can be generated from an EHR, genomic information, and Health Persona information.

Figure 8:
figure 8

Personal health record.

Full size image

Medical advice on demand—A SNSS exemplar: Once there is a Personal Health Record (PHR), then a SNSS can be built for a particular health intervention. An example is shown in Fig. 9. The top part of the figure (a) shows an aggregation of sensor data—both physical and social, including location information. This aggregation is achieved by the EventShop system for sensing and interpreting observations37. The bottom part of the figure (c) shows the Health Persona and the PHR. The middle part (b) shows an AI inference engine, which takes in input from environmental data and the PHR and performs situational awareness to respond with medical advice.

Figure 9:
figure 9

Example of an SNSS framework.

Full size image

Contextualizing SNSS for Asthma: We illustrate the SNSS exemplar framework for an Asthma App on an mPCD. A related application with a similar scope is reported by Jaimini et al.19, and Stripelis et al.42 present a scalable data integration and analysis technique for sensor data of pediatric asthma. Let us assume that a runner is jogging in the city of Irvine. Physical sensors such as air quality measurement sensors will be constantly monitoring air quality around Irvine (Fig. 10a). Several people around the area are coughing and they enter this information via a social media app (e.g., Facebook) (Fig. 10b). The Global Situation Detection system (developed using EventShop37) will take this input and, along with the location information (Fig. 10c) of a person running in that area, and it will be noted and sent to the Resource Matcher. Meanwhile, from the runner’s Health Persona (Fig. 10d) and his/her PHR data (which are extracted from their EHR), the Personal Eventshop determines that the person is prone to asthma (Fig. 10e). This information is fed into Resource Matcher, along with the location information. The Research Matcher is a rule-based expert system that merges the information from multiple sources and triggers a rule that generates medical advice, as shown in Fig. 10 f. In this case, the runner is immediately warned to move inside as the air quality is not favorable for their asthma.

Figure 10:
figure 10

SNSS instantiation for asthma.

Full size image

This example is just one instance of providing health care advice real-time for persons with asthma. One can imagine many such cases, not just in the personal setting for an individual, but also in managing changing conditions of patients in a hospital to inform the medical professional as needed.

4 Research Opportunities

The development of a trusted, secure, reliable, and interoperable net-centric health care computing environment will need technologies that can assure a flexible and scalable system. The system should support implementation of diverse and robust privacy requirements, thus enabling the trusted and meaningful growth of net-centric infrastructures for the benefit of all. We believe there are several research opportunities in this area. Research opportunities are grouped into the five areas; (1) system architecture, (2) device research and development, (3) software, (4) protocols, guidelines and policies, and 5) data handling and analysis. We discuss these five groups in Sects. 4.14.5. In Sect. 4.6, we focus on providing various kinds of support to realize these research opportunities. Then, we expand on two areas—modeling and interoperability—in Sects. 4.7 and 4.8, respectively.

4.1 System Architectures

Identify architectures and control strategies. A smart and connected health care system could be realized in several ways. It will be useful to define a common framework or platform for the research community. This task would involve identifying (and perhaps defining) different architectures and associated components, including appropriate control strategies. One such example framework for telemonitoring using smart phones can be found in2. By design, we need to ensure that all P9 elements of health care provision requirements are met by the health care infrastructure.

Analyze and predict the behavior of large net-centric societies. Understanding the complex nature and measuring the performance characteristics of the networks involved in SNSS are essential. This information can aid in the design of fault-tolerant resilient networks. One potential research area could focus on creating algorithms that combine mathematical, statistical, and computational techniques in order to signal incipient changes in large-scale networked systems, and then evaluate those algorithms as a measurement to predict onset of phase transitions in these systems. Another research area could target the development of resilient networks in case of a failure. For example, the Swarming Micro Air Vehicle Network (SMAVNET) project aims at developing swarms of flying robots that can rapidly create communication networks in case of a major natural disaster (e.g., Fukushima tsunami in 2011) that could disrupt the network infrastructure.Footnote 10 The issue of pervasiveness (P3) of care requires stable and ad-hoc networks to deal with different contexts of care including disasters.

Develop strategies for dealing with physical and social sensors/actuators. We will have two types of sensors and actuators: (1) physical and (2) social. Physical sensors/actuators will be hardware/software-based47 while the social sensors/actuators would involve networks of humans36. One needs to develop a clear terminology for dealing with both physical and social sensors/actuators, in addition to developing test methods for evaluating sensor quality. Time synchronization and power management strategies for physical systems also need to be developed. Further, we need to figure out how to handle socio-physical—symbiosis of social and physical—sensors/actuators in health care. These technologies are critical in the acquisition of information and composition of hardware-software systems for both pervasive (P3) and personalized care (P4).

4.2 Research into Novel Medical Devices and Measurements

A plethora of new medical devices, which are dependent on mPCDs, are being introduced into the health care environment on a regular basis. For example, there are many low-cost devices that transform a smart phone into a device for detecting cervical cancer.Footnote 11 A search on the Internet would produce a considerable number of IoT-based medical devices that are being developed.Footnote 12 Al-Turjman et al.1 provide a review of several medical devices, with an emphasis on machine learning, used in practice. Hussain et al.18 provide a review of smart phone applications from performing a focused search in several major publication databases. Novel blood tests are being developed that can detect a multitude of diseases21. Research is needed to bring these types of tests into a mobile environment.

Wearable and implantable sensors are very important in the SNSS ecosystem. In an attempt to have a global standard for communication among such sensors, IEEE (Institute of Electrical and Electornic Engineers) published the Body Area Network Standard (i.e. IEEE 802.15.6) in 2012. A Body Area Network (BAN) is a radio communication protocol for short range, low power and highly reliable wireless communication for use in close proximity to, or inside of, a human body. BAN is poised to be a promising interdisciplinary technology with novel use cases in IoT-Health25. An attractive set of applications such as electrocardiogram (ECG), temperature, respiration, heart rate, blood pressure, and blood oxygen monitoring can be offered by radio-enabled wearable medical sensors. Similarly, novel applications such as smart pills for precision drug delivery as well as glucose monitors, blood pressure sensing systems, and eye pressure sensors for glaucoma patients can become reality using implantable sensor nodes with wireless control28. In addition to developing innovative design methodologies to address the protective requirements (P8), tools and techniques need to be developed to measure the safety and efficacy of these devices—at both the software and the hardware levels.

4.3 Software Systems

Implement robust software assurance techniques. Software quality assurance is an important consideration in mPCDs and other health care devices (personal and patient care) for several reasons. As with any computational device, the code should be robust and should be resistant to intrusion, attack, or misuse (P7, P8). New features and capabilities, such as streaming media and personal payment, are being added continuously. These new capabilities can interact with existing, well-understood capabilities in unexpected ways, producing vulnerabilities which may result in medical disasters. Further, apps are often written with high-level builder support and make use of large-scale libraries. The developer may only write a tiny fraction of the code that ultimately makes up the app. Thus, it is challenging for even conscientious developers to deliver apps with a high degree of assurance. Assurance of software is critical to ensure the protective (P8) elements of patient care. Injuries to patients on somedevices have been reported, leading to research into trustworthiness of devices 13.

4.4 Protocols, Guidelines and Policies

Investigate imaging standards. Point of care (POC) diagnostic capabilities could include several imaging modalities—remote endoscopic, ultrasound, microscope, microarrays, MRI (Magnetic Resonance Imaging), etc. Research in smart imaging would involve both hardware and AI-based software. AI-based software that is being developed at NIST for dealing with images of considerable size can be found at https://isg.nist.gov/deepzoomweb/software. Smart imaging devices would produce data in a wide variety of formats, which would require appropriate standards and test methods at both point of care and at the health care facilities. Examples of where standards and test methods would be needed include: transmission of image/video; evaluating performance of mobile device displays; optical characterization and measurement needs of new technologies, such as augmented reality, virtual reality, google-glasses; testing POC imaging algorithms; and metrics for comparison of imagining technologies. Advances in these areas would support personalized (P1), predictive (P2), preventive (P3) and precise (P6) elements of SNSS for health care.

Develop protocols and policies for information security and privacy. Health care data and information need to be transmitted (from mPCDs and other devices) in a trusted and secure manner, within and across networks. New protocols may be required for such information exchange. Research is needed to study the impacts and interactions of GPS (Global) Positioning System) tracking, wireless transmissions, unusual permissions requested by mPCD software apps, battery depletion, excessive CPU consumption, the camera, the microphone, the OS stack, identity authentication, and the numerous open-source and commercial mPCD software apps (and how to best vet them for operational security and privacy policies). The NIST internal reports 82283 and 825911 provide guidelines on how manufacturers and users can mitigate cybersecurity risk for IoT devices. These reports provide additional guidelines to the cybersecurity frameworks developed by NIST. Another important resource is the NIST Privacy Framework (see https://www.nist.gov/privacy-framework). The privacy framework provides “a common language for understanding, managing, and communicating privacy risk with internal and external shareholders.” The cybersecurity-related privacy events are depicted as protect (Protect-p), detect, respond, and recover. Other privacy risks are also described in the NIST Privacy Framework document. If one were to use the data generated by multiple sources for learning about health care trends then one needs to look into differential privacy10. The references above address the privacy (P7) and protective (P8) concerns, and also the participatory (P4) issue, as people would know what data they are sharing and what control they have over the data.

Establish guidelines for network security. Medical devices convey sensitive personal information. The IETF (Internet Engineering Task Force) Manufacturer Usage Description (MUD) standard20 provides a means for manufacturers to declare their required network access by means of a MUD profile. MUD allows devices to be protected from illegal access as well, thus dealing with P8 concerns. NIST has developed an implementation of this standard that could be used30 to produce a toolkit for networks. However, software bill of materials (SBOM) support needs to be integrated with MUD to allow device owners to better administer or monitor devices. Medical device access control requirements can be translated into MUD rules. A GUI (Graphical User Interface) could be used to simplify this process with specialized tags for access control specific to the device.

Establish guidelines for a testing facility for devices and software. In order to test the various standards, protocols, devices, and software testing methods that are developed, a testing facility should be established that would allow simulation of real-world scenarios and creation of new sensing and monitoring techniques for all the connected devices. Testing facilities are an important resource to ensure protective (P8) aspects of safety or devices and software, in addition to studying other aspects of P9 elements.

4.5 Data Handling and Analysis

Facilitate seamless interoperability. A considerable amount of data passes through the network and should be converted into higher abstractions that can be used in appropriate reasoning. This transmission requires the development of standard terminologies that capture objects and events. Creating and testing such terminologies will aid in effective recognition and reaction in a network-centric situation awareness environment. The goals would be to: (1) identify a methodology for development of terminologies for multimodal data (or ontologies); (2) along with stakeholders, develop appropriate terminologies (ontologies); (3) develop testing methods for these terminologies; and (4) demonstrate interoperability for smart health care. We will discuss this area further in the next section. Pervasiveness (P5) cannot be achieved without addressing the fragmentation of information through federation of a set of inter-operable information bases. This requirement also addresses personalized care (P1) for prediction (P2) and precision (P6). Interoperability issues will be further discussed in Sect. 4.7.2.

Analyze data and identify patterns. As we noted above, social networking and advances in sensors, storage architectures and high-speed Internet are resulting in massive amounts of data—big data—being generated. The “big data” issue can be viewed along seven dimensions: (1) volume, (2) velocity, (3) variety, (4) veracity, (5) value, (6) viewpoint, and (7) visualization. Interpretation, manipulation, and interoperability of data are some of the major concerns facing the data deluge problem. Standard methods for data collection and monitoring need to be developed. Analysis of the data for identifying appropriate patterns would facilitate better situational assessment. This kind of analysis may require development of new operators for analyzing spatio-temporal data/information, in addition to developing methods for ensuring data quality. Further research needs to be conducted on developing and testing algorithms for categorization, pattern recognition, statistical learning, and associated artificial intelligence techniques, in addition to developing better methods for visualization of data and information. For a review of the existing challenges, techniques, and future directions for computational health informatics in the big data age, with a structured analysis of the historical and state-of-the-art methods, see12. An additional aspect that needs to be addressed is the issue of algorithmic bias and ethics to ensure non-discriminatory diagnosis and treatment when AI is used. This consideration is very important in ensuring trust in the system23. The predictive component (P2) for the SNSS health care network will be successful only with extensive advancement in this area of research.

4.6 Provide Support for Acceleration of P9 Medicine

The United States’ National Institutes of Health (NIH) prefers to use the word precision medicine instead of personalized medicine that we described earlier. NIH, which funds considerable P9 research in the US, defines precision medicine asFootnote 13 “an emerging approach for disease treatment and prevention that takes into account individual variability in genes, environment, and lifestyle for each person”. There are several dedicated companies, such as Strand Genomics (https://strandls.com/) in India, illumina (https://www.illumina.com/) and 23andme (https://www.23andme.com/?mkpc=true) in the US, and Beijing Genomics Institute (https://en.genomics.cn/) in China, that provide genome sequence information and other bioinformatic analyses. Organizations such as the European Bioinformatics Institute (https://www.ebi.ac.uk/) and the Japanese Bioinformation and DNA Data Bank of Japan (DDBJ) Center https://www.ddbj.nig.ac.jp/index-e.html provide open source tools and data for bioinformatics research. Several research centers in the US, such as the Halicioglu Data Science Institute (https://datascience.ucsd.edu/), the Broad Institute (https://www.broadinstitute.org/), and the Institute for Systems Biology (https://isbscience.org/), to cite a few, are doing considerable work on generating various forms of bioinformatics data. The above list is by no means comprehensive and is provided to illustrate technology trends. Hence, the development of standards for integrating all bioinformatic data (structure and behavior) is needed. This endeavor would involve the development of: (1) standards and testing tools for integrating genomic data and metadata into EHRs; (2) reference databases and associated storage and retrieval techniques; and (3) a modeling language for describing and organizing the library of models and a language for capturing the bioinformatics analyses and computational processes. Progress in the above efforts are critical to predictive (P2), pervasive (P5) and precise (P6) elements of care delivery.

The SNSS framework needs to be integrated with the entire health care ecosystem. We will need to address additional research issues, such as integration with home care; smooth access to various elements of a national (and perhaps international) health information network, including health care hubs; seamless access to medical knowledge-bases; and developing metrics for quality of care.

4.7 Modeling and Interoperability

We focus on two aspects of research and development goals here: modeling and interoperability of various sensors, devices, and humans. The underlying cyber-infrastructure for the SNSS has to address modeling and interoperability issues in order for the smart network to be realized. Research in modeling and interoperability standards is one of the corner stones for developing and sustaining the digital health care SNSS in the long run.

4.7.1 Modeling

As we mentioned in the previous section, a considerable amount of data passes through the smart health care network, and it should be converted into higher abstractions that can be used in appropriate reasoning. This process requires the development of standard terminologies used to capture and describe objects and events. Moreover, such terminologies must align with the intended semantics of generic and domain-specific concepts. Creating and testing such terminologies will aid in effective recognition and reaction in a network-centric environment. This effort involves identifying a methodology for development of terminologies (or ontologies); developing appropriate ontologies, both foundational (such as time, situation, events) and domain specific; developing testing methods for these ontologies; demonstrating interoperability for selected domains (e.g., health care, situational awareness); and using these ontologies in decision making.

Sensors are an embedded part of the sensing and processing infrastructure of the health care IoT, resulting in many “Big Data” challenges related to semantic heterogeneity. Data can be hard to use when data are in different formats, use inconsistent naming conventions, and are often provided at a low level of abstraction that makes it difficult to integrate with other knowledge bases.Footnote 14 To address these challenges, the Semantic Sensor Network Ontology (SSNO) was developed by W3C SSN-XG (W3C Semantic Sensor Network) to help process and understand sensor information, and to allow the discovery, understanding, and querying of sensor data. SSNO is an ontology for describing networked sensors and their output by introducing a minimal set of classes and relations centered on the notions of stimuli, sensor, and observations. The ontology includes different operational, device-related, and quality of information attributes that are related to sensing devices, and it describes the operational range, battery power, and environmental ranges that are specified for sensor devices. Physical device sensor ontologies should be integrated with social network sensor ontologies. Combined, these components form socio-physical sensor ontologies. Several extensions to SSNO to deal with health care can be found at the 2015 Ontology Summit webpage.Footnote 15 In addition to various extensions to sensor ontologies, we must also address other ontologies, such as time to capture dynamic behavior of the system, unit ontologies, and event ontologies for encoding life events and activities.

Recently, the use of category theory (CT) for modeling systems for IoT/CPS4 is being explored at NIST. CT38 is the mathematical study of compositionality, which concerns the composition of systems from parts described using different formalisms, with applications in both the theory of computing and the theory of databases. By uniting these two elements CT provides critical infrastructure for SNSS and AI applications across a wide range of domains. One of the major challenges for applying AI in practice is identifying and assembling the data needed to train an algorithm, especially when those data are derived from multiple independent sources48.Footnote 16 CT provides sophisticated constructions for bridging incompatible datasets and for migrating data based on these relationships, providing a basis and methodology for assembling the underlying information that AI relies on. This approach will also work for addressing interoperability between software systems. Additionally, CT encourages type safety, which allows the shape of various data sets to be explicitly described in a way that supports design-time verification of learning algorithms (type checking) and automated support capabilities for developers (e.g., code hinting/completion). Breiner et al.5 provide an overview of the role CT can play in the modeling of complex engineered systems. This area is only now emerging and has significant potential for addressing the interoperability of tools and data using formal conceptual models. Goguen14, points out the Achilles heel of validation and verification of software systems can be addressed through the use of algebraic structures for clarity and formality of specification of the conceptual model of the system.

4.7.2 Interoperability

The creation of an integrated health care information infrastructure depends on all parties that are involved in the health care enterprise—consumers, health care professionals and providers, researchers, and insurers—and on having systems, tools, and information that are complete, correct, secure, and interoperable. The basis for achieving this outcome rests with the availability of health care information standards that are complete, implementable, and testable, and that contribute to interoperability. The information-flows in a health care enterprise are documented in an National Research Council report26.

The adoption of standards for information interchange will facilitate integration of disparate health care systems. However, implementations of health care data integration should not simply be geared to support human readability of medical reports, but also should incorporate the formalism and details necessary for proper computer interpretation of health care information, such as those proposed in HL7’s (Health Level Seven International) clinical document architecture (CDA) standard. Such measures would prevent the loss of information during data interchange that may otherwise occur due to differences in terms and codes and their semantics in the various health care vocabularies. Health care institutions would then be able to deal transparently with information obtained from external agencies as well as that generated by in-house health care information systems. Their applications could perform data mining of patient medical records for health care quality metrics, identify patients across populations for timely medical interventions, and check for compliance with preventive-service protocols.Footnote 17

The focus of current efforts by CMS has been on Electronic Health Records, but medical devices and sensors (discussed earlier)—which are essential to the practice of modern medicine—have not historically been designed to interconnect with other devices. Medical device data standards and guidelines, security vulnerabilities, and compatibility with legacy software/hardware are needed. “Plug-and-Play” device interoperability can enable device-device interoperability,Footnote 18,Footnote 19 the creation of complete and accurate electronic health records, and the cost-effective development of innovative third-party medical applications to enhance knowledge and safety. In the next section, we review the types of interoperability and some existing standards.

One can view interoperability in a layered manner. (See29). At the lowest level we have technical interoperability, which includes protocols for secure data transfer (e.g., TCP/IPFootnote 20). Above this level is syntactic interoperability, which consists of languages (e.g., XMLFootnote 21) and protocols (e.g., HL7 v2Footnote 22) for encoding content (such as DICOMFootnote 23 for images), and terms (e.g., WBC/leukocyte) used in the syntactic sentences. Semantic interoperability goes beyond syntax and provides semantics or meanings associated with terms used in syntactic interoperability (e.g., LOINC,Footnote 24 SNOMED,Footnote 25 IEEE 11073). For example, a leukocyte is a white blood cell (WBC), of which there are many types, and a lymphocyte is one such type. When a WBC laboratory test is performed on a blood specimen, you get the WBC count, which has a value and a unit. This information is encoded in HL7 v2 in something close to the following:

  • OBX|4|NM|26464–8^Leukocytes [#/volume] in Blood^LN^^^^^^Leukocytes [#/volume] in Blood||105600|{cells}/uL^cells per microliter^UCUM|4300 to 10800|HH|||F||. T

The string “LN” in the HL7 message indicates that the code (26464–8) used is a LOINC code, and information about this code can be found in the LOINC code system.Footnote 26 Depending on the value of WBC/leukocyte test result, you can deduce various diseases, e.g., leukemia. This conclusion requires reasoning at the semantic level. Finally, we have organizational process-level interoperability where workflow and other process models can be harmonized across health care facilities via standards27.

The table in Appendix A provides an overview of representative standards in health care; note that, in an ideal case, Sender 1 and Sender 2 can be interchanged. For a detailed review of current state-of-the-art see15. A lot of the entries in the table refer to HL7 standards. HL7 Version 2.x is the most common implementation, while HL7 Version 3 (including CDA) uses an object-oriented approach, and HL7 FHIRFootnote 27 uses a web service model.Footnote 28 Independent health care institutions can submit orders and referrals via HL7 for health care services for their patients. DICOM standards enable the interchange of information between imaging systems and facilitate remote access for physicians at their clinic. DICOM is purely syntactic, but semantic versions, which also provide terminology (e.g., interpretation of mammograms), are being developed. With standards-based integration of information systems and authenticated remote access to reports and images, physicians can have access to the radiologist’s report as well as the diagnostic images for review and patient counseling.

The current standard for medical device data is ISOFootnote 29/IEEE 11073. The ISO/IEEE 11073 family of standards is designed for communicating information from bedside monitors of hospitalized patients, but there is a lack of similar standards for ambulatory patients in non-critical care facilities. Various standards for wireless medical devices can be found at the Food and Drug Administration’s website.Footnote 30 One concern with the current standards, as discussed above, is that these standards deal mostly with syntactic issues. Furthermore, even where well-developed terminologies are defined, due to the disparate nature of the vocabularies (medical terminologies) in various EHRs development of tools and techniques for semantic interoperability is needed and should include relevant mappings between such vocabularies.

5 NIST’s Role

To enable a robust health IT infrastructure, NIST’s researchers are collaborating with various stakeholders on standards, testing, certification, security and privacy, usability, and emerging technologies. Our conformance testing infrastructure supports EHR meaningful use testing and certification. NIST is enabling interoperability throughout the health IT network via its advanced testing tools and techniques. We leverage security specifications and apply them within the context of health care. Our usability studies improve the effectiveness and efficiency of health IT products. Additionally, we support emerging technologies such as smart health care, personalized and precision medicine, medical image quality, telemedicine, content-based access to EHRs, and body area networks Further details of our work in Health IT can found at NIST’s Health IT website.Footnote 31

6 Summary

In this paper we described a framework called Smart Networked Systems and Societies (SNSS), which harnesses the power of sensors and information sources with a strongly-emerging participatory nature combined with the collective knowledge and intelligence of society. SNSS can be viewed as the Seventh Paradigm of computational thinking, where the Fourth Paradigm dealt with data science, the Fifth Paradigm with the web and distributed innovation, and the Sixth Paradigm with knowledge networks and visualization.

We described a case study of a comprehensive, participatory health care system that illustrates the SNSS framework. The goal of the digital health care system was described along nine dimensions: (1) personalized; (2) predictive; (3) preventive; (4) participatory; (5) pervasive (including point of care); (6) precise; (7) privacy-preserving; (8) protective; and (9) priced reasonably. A number of research and development issues to create a digital infrastructure for the above goal were described, with an emphasis on modeling, the need for standards, and interoperability of the system.

The framework presented in this paper is a multi-level, interlinked, networked structure that provides a comprehensive view of sensing/actuating of the physical world, such as Internet of Things/Cyber-Physical Systems, which are in turn embedded in human work and organizational environment giving rise to Cyber Physical-Human Systems. All of these elements interact with a socially networked media system, creating a holistic system (SNSS) of information exchanges and participatory decision-making. The issues of legal boundaries, organizational structures, and rules that operate within the scope of digital transformation is outside the scope of this paper.

The digital health care case study not only identifies the multiple levels of this framework but also the underlying issues in realizing the vision presented in this paper. These issues include inter-operability of systems, modeling of domain in terms of ontologies, standards for privacy and security, data exchange, testing of new medical devices, testing the underlying software systems, and composition of the systems. A role that NIST is playing in the realization of this vision in the US at the national scale is also explained11. We expect the comprehensive treatment of dimensions of designing and implementing a digital health infrastructure outlined in this paper will be a useful guide for health care researchers, planners, and information technologists. We also note that there are several federal government agencies that have funding programs to support some of the above research opportunities we described in this paper.Footnote 32 One such example is the Smart and Connected Health program at the US National Science Foundation.Footnote 33