What security worries HIT managers should have about the Internet of healthcare things

In this two-part blog series, I will discuss how the Internet of Things is impacting healthcare and provide best practices for data security and device management. It can be difficult to keep pace with the advances in Healthcare technology. Today, IT departments are reinventing their infrastructure to support a complex array of devices, huge volumes […]

In this two-part blog series, I will discuss how the Internet of Things is impacting healthcare and provide best practices for data security and device management.

It can be difficult to keep pace with the advances in Healthcare technology. Today, IT departments are reinventing their infrastructure to support a complex array of devices, huge volumes of data, and network accessibility. This evolution has introduced new data security concerns and compliance challenges for Healthcare executives.

The Internet of Things (IoT) is the latest disruptive technology trend to throw a scalpel in the works for Healthcare IT management. This ambiguous term attempts to sum up the growing network of automated machines and devices that didn’t traditionally have internet connections. Today these components operate in the cloud, sharing information with each other in an effort to manage the environment around them.

We can’t discuss the Internet of Things without considering the big data that it generates. And we can’t discuss big data, particularly in healthcare, without considering data security. While the IoT makes it possible to collect and analyze large data streams faster and more accurately, for Healthcare IT it means a much longer (and ever-growing) list of devices to manage and secure.

Do healthcare “things” need connectivity?
The healthcare industry already benefits from the advent of the IoT with new use cases surfacing every month. Medical device manufacturers are reinventing even the humblest of devices and in many instances internet connectivity is one of the enhancements.
Connecting routine medical devices to each other and to the cloud provides incredible potential for a multitude of applications. Wearable and in-home devices can monitor a patient’s health and remotely connect them with doctors.

Healthcare professionals can have instant access to electronic health records and receive alerts about changes in patient condition. For example, a nurse may only record a patient’s vital signs three or four times per day but networked machines can send a constant stream of patient data to a server around the clock. And if a baseline result deviates, the device can alert the nurse.
Using big data analytics and algorithms, trends and correlations from these data streams can be analyzed to determine more accurate diagnoses and treatments, improving patient experiences and outcomes.

What are the security implications of the IoT?
The IoT has had its share of bad press exposing vulnerabilities in seemingly innocuous devices such as fridges, traffic lights and baby monitors. By giving an IP address to an everyday device, we are creating a gateway for hackers. The number of genuinely malicious IoT attacks is negligible but if heart monitors and other vital medical equipment are exposed to the same vulnerabilities, things will become much more serious.

Sponsored Post

Physician Targeting Using Real-time Data: How PurpleLab’s Alerts Can Help

By leveraging real-time data that offers unprecedented insights into physician behavior and patient outcomes, companies can gain a competitive advantage with prescribers. PurpleLab®, a healthcare analytics platform with one of the largest medical and pharmaceutical claims databases in the United States, recently announced the launch of Alerts which translates complex information into actionable insights, empowering companies to identify the right physicians to target, determine the most effective marketing strategies and ultimately improve patient care.

Aside from the risk to patient health, the IoT in Healthcare has the potential to create significant risk to the business relative to data security. If data security is breached, a Healthcare organization is exposed to heavy fines and possible class-action suits, the outcome of which could jeopardize the financial stability of the organization.

To maintain their reputation, Healthcare organizations must be trustworthy, ethical, and financially viable. This means they must take measures to ensure all devices connected to their networks are managed and secured – whether it is a mobile phone, a laptop, a heart monitor or a room thermostat.

How will HIPAA and HITECH affect IoT devices?
The Internet of Things emerged at an inflection point in the data security landscape. In 2013, HIPAA-HITECH regulations were revised, raising the potential cost of a data breach substantially and placing responsibility for personal health information (PHI) records solely in the hands of the Healthcare organization – even if the PHI is handled by business associates or subcontractors.

Data security is firmly at the forefront of Healthcare IT discussions. The typical penalty for each breached identity is $1,000 with most data breaches involving thousands of individual PHI records. Organizations can no longer argue that the cost of data security compliance outweighs the potential monetary damages.

If IoT devices are not secure, they open the door for hackers to access your network and jeopardize your data security. One suspected breach could leave you open to some serious penalties. HIPAA has sharp teeth now and its bite could send an organization to the E.R. – or the morgue!

When should IT take action?
The era of IoT is here – 2014 was tipped by analysts to be a transformative year for the IoT. IT Healthcare professionals will fight a futile battle if they try to resist the change or waste time predicting what’s next. Their time will be better spent preparing to accommodate future devices and being flexible enough to adequately manage and secure them.

Check in next week for tips on how you can prepare for and manage all the new connected “things.”

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.