HIT Think: Healthcare industry must address IoT security in its planning
Editor’s Note: The below piece, written by Deanna Murray, Industry Insights at DISYS, appeared in Health Data Management. View the original article here.
The internet of Things has unlocked a significant source of benefits within the healthcare industry through applications that touch nearly every aspect of daily care for patients. The IoT is being used to keep even the smallest of patients safe and healthy, while others in healthcare are using it to keep track of inventory, manage schedules, track patient history and provide necessary references.
However, some observers of healthcare IT are cautious about IoT, worried about the possibility of security breakdowns because there are so many devices connected to patients. Still, there’s significant potential for these devices to assist the healthcare industry in improving customer service, daily operations and the overall bottom line.
To gain full benefit from this technology, healthcare organizations must develop security procedures around the use of the IoT to ensure that potential risks don’t outweigh those long-term benefits.
Recent advancements in the use of IoT technology are having significant cost-cutting impact throughout the healthcare industry. In 2015, it was reported that the IoT saved an estimated $6 billion within the healthcare industry. Furthermore, through 2018, the industry is expecting to save more than $100 billion with the use of various forms of connected technology.
But adapting to achieve the potential of IoT requires many key decision makers to rise above skepticism about potential pitfalls of using IoT and preconceived notions about existing sources of data. “Welcoming the importance of the IoT means giving up the singular idea that providers are the only touchpoint a patient interacts with to determine healthcare needs and habit,” says Tim Kirby, vice president of healthcare consulting services at Digital Intelligence Systems. “Stepping back slightly, while still maintaining the valuable personal patient/provider connection, can prove to be a juggling act.”
While there is no doubt the patient/provider experience is essential to overall patient health, embracing IoT and all it has to offer can clearly give providers and healthcare companies a deeper look into their patient base and enable more managed, personalized care.
In healthcare, IoT can streamline the most mundane of tasks and automates arduous ones. Have 400 IV pumps? Make a configuration change on the server and watch it propagate out through IoT connections. Have six patients requiring 24×7 monitoring? Place a monitoring camera in a patient’s room and one centralized tech can watch six patients in six separate locations. Radio Frequency Identification technology alerts healthcare personnel if a patient wanders out of an approved zone. Even vent hoods over cafeteria kitchen grills can send an email informing you there is grease build-up causing a potential fire hazard.
The IoT has brought many exciting advances to healthcare, improving patient experiences, increasing the quality of care provided, as well as updating and streamlining healthcare operations. Proper planning and processes will ensure these advantages are not offset by data-breaches or HIPAA violations.
Securing the IoT in a healthcare environment requires communication and understanding. Executive leadership must understand that with these tremendous advantages comes additional responsibility. Agreement must be reached that any device requiring connectivity be vetted prior to purchase. Baseline requirements should be established around antivirus, patching and routing. In addition, departments that have traditionally run their own shops now need to partner with IT in discussions regarding purchasing, and later, deploying connected devices. These internal partnerships are essential to successfully enable the benefits of IoT, while maintaining secure environments.
Healthcare needs to enter into agreements with partners that require devices to be connected and also require those devices and services to be updated with state-of-the-art security. They also should require that all updates are tested and verified for cyber safety before being put into use within their specific facilities.
Given the nature of healthcare data and potential legal liability for resulting data breaches, the “Internet of Things” at healthcare institutions and the contracts that cover them need to constitute a “Security of Things.”
Because IoT technologies are developing and maturing rapidly, the industry stands to benefit greatly from the vast intelligence allowing for improvements in performance and innovation.