MedCity Influencers

Navigating the nuances of the Internet of Medical Things

The Internet of Medical Things is fascinating because its relative infancy means that many regulatory and compliance controls and practices are still in their nascent stages.


Earlier this year, Gartner released a forecast for the Internet of Things (IoT) predicting that 8.4 billion connected things will be in use worldwide in 2017 and that total spending on endpoints and services will reach almost $2 trillion this year. This forecast is certainly encouraging, but due to the prevalence and influence of the Internet of Things in almost all business arenas, it’s not wholly surprising. What is quite eye-opening is the massive growth potential of certain emerging sub-sectors of the IoT – with one of those being the Internet of Medical Things (IoMT).   

The IoMT market, which stood at $22.5 billion in 2016, is expected to grow at an impressive compound annual growth rate of 26.2 percent to reach $72 billion by 2021, according to analyst and research firm Frost & Sullivan. For some perspective on that $72 billion projection, that’s roughly the same size as forecasts for the virtual reality market – which is generating a lot more buzz than the IoMT. And in addition to healthcare industry stalwarts such as Medtronic and Philips, tech giants like Apple, IBM and Cisco are currently developing applications for the IoMT. So, considering all of this economic promise for the IoMT, it’s worth taking a deeper look at the sector and the opportunities and challenges it presents.    

At the heart of it, the IoT (and its accompanying sub-sectors like the IoMT) is about the transmission and transfer of data and information between things (with those “things” including devices, machines, objects, people and even animals). As such, organizations building products for the IoT need to make considerations to ensure that the information being shared across the IoT ecosystem is transmitted securely, reliably and quickly. This isn’t breaking news, as these are boxes that need to be checked when almost any internet-connected technology is being developed.

What’s unique about the IoMT, however, is it involves connecting an ecosystem, which includes medical devices and clinical systems, whose data falls under HIPAA (Health Insurance Portability and Accountability Act) requirements. Due to the requirements of this unique ecosystem, there are two specific considerations that organizations such as medical device manufacturers must make or else they not only risk losing out on business opportunities, but they could also put their customers at great personal risk.


The first of these considerations is cyber security. As I mentioned above, ensuring that products are secure is in no way a new concept in any technology arena, but in the healthcare industry, the information and data being handled is highly sensitive and needs to be kept confidential at all costs. Indeed, according to Don Jackson, director of threat intelligence at cyber security company PhishLabs, health credentials stolen by hackers can fetch up to $10 each on the black market, which is about 10 or 20 times the value of a U.S. credit card number.

If a medical device manufacturer compromises a patient’s protected health information (PHI), the results can be catastrophic: the patient has to endure the many hardships that come along with the theft of their most personal information, and the manufacturer is subject to a litany of penalties, including hefty fines and even criminal charges due to non-compliance with HIPAA. Thankfully for organizations in the IoMT sector, the U.S. Food and Drug Administration has published various documents providing guidance on the management of cyber security in medical devices (such as this one), as it acutely understands the severity of the issue.   

A final note related to security: medical device manufacturers need to place patient information privacy as a top – if not the highest – priority. Title II of the Health Insurance Portability and Accountability Act of 1996 outlines procedures and policies to maintain privacy and security of a patient’s individual health information, while establishing civil and criminal penalties for violation of this privacy and security.     While cyber security controls primarily aim to keep intruders outside of the castles that house patients’ PHI, privacy controls must be put in place to restrict access to that information to only “covered entities” as defined by HIPAA.

Data integrity

The second major consideration that needs to be made by organizations in the IoMT space is data integrity, which refers to the accuracy and consistency of collected and stored data. For example, many users of wearable fitness devices such as Fitbit trackers often complain that the data their devices is feeding back to them is inaccurate, such as heartbeat readings that can be incorrect by tens of beats – which is a significant amount. While this is problematic, data integrity takes on an even more critical role when the data is being used to diagnose or outline treatment for a patient. Case in point: if the readings from an IoT-connected blood pressure monitor are inaccurate, and a care provider prescribes their patient the wrong type or amount of medication based on that data, the outcomes could be extremely problematic for the patient.

Ensuring cyber security and data integrity will also be largely determined by the degree of sophistication of the medical devices’ underlying technologies, such as the performance of their operating systems and intuitiveness of their user interfaces – as well as these devices’ compatibility with one another. Nurses in ERs work in some of the most high-pressure environments in any industry, and they’re not software engineers – so the technology they’re depending upon had better be fast, reliable and user-friendly to support these care providers who are making critical decisions in the blink of an eye.

IoMT continues to evolve

Beyond the concepts explained above, the IoMT is fascinating because its relative infancy means that many regulatory and compliance controls and practices are still in their nascent stages. Highly influential agencies in the healthcare industry, such as the FDA, are understandably still determining how to help guide organizations to ensure that those organizations – and the patients they serve – are getting the most out of the IoMT. And this is true not just from a domestic perspective but also on a global scale, as the European Union (EU) will also play a critical role in determining the path of the IoMT.

Regardless of the uncertainties around how American and European regulators will guide the passage of the IoMT, one thing we can know for sure is that the IoMT will continue to play a more significant role in everybody’s lives – no matter who we are, where we live or which industry we represent. If you have thoughts on the IoMT and how it will evolve over the upcoming critical developmental years, please feel free to share them in the comments section below, or drop me a line.   

Photo: Pixtum, Getty Images

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.