By Arleen Thukral, MS, CCE, CHTM
In the HTM world, we must keep abreast of the myriad ways to troubleshoot within the operating system (OS) environments of a vast spectrum of medical devices. Serving as intermediaries between computer hardware and users, OSes are a collection of software that manages the computer hardware resources and provides common services for computer programs.
The kernel is the essential center of a computer operating system, the core that provides basic services for all other parts of the OS. On most systems, it is one of the first programs that loads on startup after the bootloader. It handles memory and peripherals, like keyboards, monitors, printers, and speakers. The kernel’s critical code is usually loaded into a protected area of memory, which prevents it from being overwritten by applications or other minor parts of the operating system.
Typical computer systems today use hardware-enforced rules that direct programs to access specific data. The processor monitors the execution and stops a program that violates a rule. Another approach is to use language-based protection, in which the kernel will allow code to execute that has been produced by a trusted language compiler. Kernel designs differ in how they manage these system calls and resources.
Linux Versus Windows
A discussion of operating systems would be remiss without discussing the differences between Linux and Windows. Representing the most significant difference between the two programs, Linux provides access to all users to alter the code to the very kernel that serves as the foundation of the Linux OS.
In addition, with Linux, users are free to modify the software and use and even republish or sell it, as long as the code is made available. You can download a single copy of a Linux distribution or application and install it on as many machines as you like.
On the other hand, with a Microsoft license, you can do none of the above. You are bound to the number of licenses you purchase, so if you purchase 10 licenses, you can legally install that OS or application on only 10 machines unless you purchase an Enterprise license.
Both systems offer support. With Linux, you can assess forums or purchase support contracts, like Red Hat and Novell. However, when you use the peer support inherent in Linux, you do fall prey to time. You might have an issue with something and send out an email to a mailing list, but suggestions are left up to chance—potentially taking days to come, in some cases.
With Windows, you can purchase any network interface card and have the guarantee that any piece of hardware will work with the operating system. With Linux, you may need to more selective with getting the OS to communicate with your modem, for example. However, this issue of hardware support is slowly becoming nonexistent.
With Linux, you have a centralized location where you can search for, add, or remove software. For example, with package management system Synaptic, you can open up one tool, search for an application or group of applications, and install that application without having to do any web searching or purchasing. With Windows, you must know how to find the software you want to install, download the software or put the CD into your machine, and run the executable.
Lastly, Linux allows for multilayered run levels, while Windows only has a single-layered run level. With Windows, getting to the command line in safe mode is difficult, and you still may not have the tools to fix a problem. With Linux, even in command line, you can install a tool to troubleshoot. This is especially useful for administering a Linux server from the command line as you can run the startx command.
It is important to be aware of these differences as you work your way around troubleshooting medical devices on Windows or Linux OS.
Some of the latest medical devices are built on Windows 10, which offers multifactor authentication. This can allow clinicians to login with iris or face recognition to medical devices with supported cameras. In addition, administrators can set up policies for automatic encryption of sensitive data, selectively block applications from accessing encrypted data, and enable Device Guard—a system that allows administrators to enforce a high security environment by blocking the execution of software that is not digitally signed by a trusted vendor or Microsoft.
Device Guard is designed to protect against zero-day exploits and runs inside a hypervisor so that its operation remains separated from the operating system itself.
Handheld and Embedded Operating Systems
As more medical devices are becoming portable and have limited random access memory (RAM) and read-only memory (ROM) resources, CEs and BMETs need to become familiar with embedded operating systems. Embedded OSes have a narrow scope tailored to a specific application in order to achieve the desired operation ideal for small devices, such as Site Rite ultrasounds.
Although there are several embedded operating systems for personal digital assistants, including Windows Embedded Compact (CE), EPOC and PalmOS, I will discuss Windows CE here. Windows CE is optimized for devices that have minimal memory; a Windows CE kernel may run with 1 MB of memory.
Devices are often configured without disk storage and may be configured as a “closed” system that does not allow for end-user extension (burn to ROM). The fundamental unit of execution is the thread, simplifying the interface and improving execution time. The latest version of Microsoft CE includes support for Bluetooth, 802.11b, and other mobile phone technologies.
Windows 10 IoT
Recognizing the need for increased security in HIPAA environments, Microsoft has added a number of features for healthcare to Windows 10 IoT (successor to Windows CE). The system has tools that enable clinicians to view an electronic medical record alongside a home health app, business intelligence functions for visualizing quality-of-care data, and Power Map for combining a healthcare provider’s information with population health statistics.
Windows 10 IoT includes embedded lockdown features that can be used to secure a device to make the Windows OS completely invisible behind an application. One of the most important features in the embedded channel is the unified write filter, which can protect the device from unwanted changes to the disk. Once users activate this filter, new data will be only written in RAM and not to the physical hard disk, so all changes will not affect hard disk and will be gone after restart.
In cases like a database, where a file or a folder must be updated on the disk, exclusions for specific files or folders can be created. There is also a servicing mode available that lets users update device with an activated filter. Servicing mode restarts the device into an unprotected mode. During this, the unified write filter is deactivated, and there will be a full-screen screensaver that users cannot exit. When finished, it will restart again, and the filter will protect the device again.
Other Operating Systems
ThreadX is a real-time operating system, and its name is derived from the fact that threads are used as executable modules—with the letter “X” representing context switching. Welch Allyn vital sign monitors utilize ThreadX OS, which is ideal due to its picokernel multitasking design, event notification, and priority inheritance.
Moreover, in real-time computing, priority inheritance is a method for making sure when a job blocks one or more high-priority jobs, it ignores its original priority assignment and executes its critical section at an elevated priority level.
I hope this information helps you as you troubleshoot within different OS environments.
Arleen Thukral, MS, CCE, CHTM is a VISN 20 biomedical engineer at VA NorthWest Healthcare Network in Seattle. Questions and comments can be directed to email@example.com.