Medical providers have continued to adopt newer forms of technology. These include cloud-based technologies and products from within the Internet of Things (IoT) market. Healthcare providers must maintain compliant with the value-based care model that is increasingly tied to their reimbursement. The smart medical products market is estimated to reach over $60 billion globally by 2024.
Julia Hesse is an attorney that practices in the realm of compliance with HIPAA (Health Insurance Portability and Accountability Act of 1996). She cites two key risks for healthcare providers that include the potential for claims of medical malpractice and other liability associated with breaches of sensitive data.
The Potential for Physician Liability
Hesse explains that healthcare providers should be cautious when implementing new technology without properly assessing the potential risk. One example is when a cardiologist begins using a new pacemaker device that is highly vulnerable. Could the physician themselves be liable if there is a breach in this way?
Several state Attorney Generals have been involved in legal settlement actions regarding privacy breaches. For example, the medical insurer Aetna has had to settle lawsuits in California, New Jersey, and Washington D.C. recently.
Legal Concerns Involving Cloud Technology
One major issue is the security associated with storing confidential patient data in the cloud. In most cases, the healthcare provider contracts with a cloud provider. Some of these third-parties are potentially not compliant with HIPAA. Hesse explains that healthcare providers must take the extra step to actually confirm that the vendor is compliant and maintains proper security standards.
Technology Addresses Chronic Patient Conditions
Data from the World Health Organization indicates that in 2017 there were approximately 40 million fatalities that resulted from chronic illnesses. The new wave of smart technology is marketed to specifically improve the treatment of those with chronic conditions. Most of these systems include new ways of storing patient records and are more compatible with existing systems. Overall, this technology allows providers to more effectively manage chronic conditions.
Five Key Threats and Vulnerabilities
Health record systems and medical devices have five primary vulnerabilities that have become apparent recently as follows:
- Hackers have begun transitioning their focus away from illegally accessing medical records and are seeking access to medical devices
- Mobile devices are apparently providing a gateway or entrance into the networks of medical providers
- Many of the older medical devices that are still commonly used were created long before today's security standards were developed
- Too many medical practitioners are so consumed with providing patient care that they ignore safety concerns
- Often the FDA will issue recommended security measures; however, they are not mandated and often ignored by manufacturers of medical devices who are focused on cost reduction
Outlook: Cyber Attacks and Data Breaches in Healthcare
A critical safety concern involves the susceptibility of implantable medical devices. The Advanced Medical Technology Association had been increasingly researching and educating manufacturers and healthcare providers about this concern. Associate Vice President Zach Rothstein says that those in the medical device market are becoming much more aware of the potential for problems. He feels that cybersecurity efforts must become a much greater priority.