At its core, the Internet of Things (IoT) is a simple concept: inter-connected devices capable of producing and exchanging data. Yet when applied to an industry such as healthcare, IoT immediately starts to take on a life of its own.
The more devices are added to this massive web of consumer products, sensors and medical equipment, the more complex compliance issues become. In fact, some compliance officers may be hesitant to move forward with an IoT strategy because its associated risks are so different from traditional systems.
Of course, many chief compliance officers (CCOs) may not realize it’s already too late. Most healthcare organizations are bound to IoT through smart devices such as tablets, and via less-noticeable technologies like blood analyzers, resource location sensors, medication dispensing systems and more. The genie is already out of the bottle.
Since the decision to participate has already been made for many providers, the next choice is how to address IoT: as a compliance liability, or as an asset to supporting effective risk management and improved patient outcomes.
Smart devices can connect patients to their physicians’ offices.
Securing the Internet of Things in a healthcare setting
IoT devices certainly come with some compliance risks. After all, the more sources of data generation there are, the more opportunities there are for data breaches. Industry leaders and regulators haven’t ignored this risk.
Legal services provider Martindale-Hubbell reported that, in 2015, IoT received quite a lot of notice from the federal government. The Federal Trade Commission and the Department of Commerce released reports delving into the unique cybersecurity challenges presented by IoT. For the healthcare industry, compliance with the Health Insurance Portability and Accountability Act (HIPAA) and subsequent Health Information Technology for Economic and Clinical Health Act (HITECH) have been of key concern.
According to Business.com, 44 percent of all data breaches in 2013 occurred in medical companies. For an industry under attack, IoT might seem like too big of a security risk. Handled correctly, however, a secure system provides more advantages than risks. Just as compliance efforts mitigate other risk factors, so too can they effectively manage IoT.
“Major data breaches frequently occur at healthcare organizations.”
CCompliance measures such as internal audits must address IoT security if they are to be comprehensive. Compliance Week reported that a survey of internal audit needs revealed that IoT ranked among the top priorities for internal audits in Q4 of 2016.
Organizations that routinely perform internal audits on all compliance risks not only stand to gain peace of mind, but may protect and augment their financial outcomes.
Integration is another piece of the puzzle. IoT security protocols must address legacy hardware risks. The Wall Street Journal reported many organizations attempt to cut costs by adapting legacy sensors to IoT. While the practice can significantly reduce the initial financial investment, it may open the system up to threats such as data theft and identity spoofing — major concerns for HIPAA compliance. However, an IoT system secured by knowledgeable professionals can actually boost compliance measures elsewhere.
Recent changes brought about by the introduction of the Medicare Access and CHIP Reauthorization Act (MACRA) require organizations to send reporting data to the Centers for Medicare and Medicaid (CMS) if the organizations are to receive positive payment adjustments. IoT devices could help collect valuable data that helps physicians assess and track the severity of their patients chronic conditions, indirectly supporting their MACRA-related reporting initiatives.
For example IoT connected devices could help a practice complete the “Use of tools to assist patient self-management” improvement activity.
Likewise, consumer IoT products could help physicians stay engaged with their patients, thus reducing readmission rates and avoiding Medicare penalties. For instance, setting reminders to take medication as calendar entries, then following up with a phone call from the provider is an easy way to support medication adherence.
The consumer side of the Internet of Things
On the consumer side, IoT has endless capabilities. A quick look at IoTlist shows the myriad possibilities that already exist within the marketplace. Personal healthcare devices such as activity monitors, glucose monitors, scales, etc. could significantly boost the amount of personalized data available to patients and physicians alike. Securely integrating this data into existing care plans can provide another source of data that’s highly cost effective to collect and helps measure adherence, progress towards goals, etc.
There’s no doubt that IoT is here to stay. IBM reported that by 2020, the market for IoT devices is expected to be worth between $6 and $9 trillion. In the face of this exponential growth, data security compliance must be a top priority. On the consumer side of the industry, it’s important to raise awareness of security risks.
“The IoT market could be worth $9 trillion by 2020.”
The average consumer may not realize that his or her smartwatch could be hacked by a malicious party. IBM cited security awareness as a top challenge for the industry moving forward. CCOs may need to train their staff on the risks associated with connecting personal devices to the organization’s digital network.
CCOs and other leaders in the healthcare industry can’t brush off the consumer side of IoT as an unrelated market. In fact, many consumer IoT devices, such as smartphones and activity monitors can already interact with enterprise systems. As technology company Cisco noted, a consumer IoT gadget could potentially serve as the Trojan horse into a larger infrastructure. If, for instance, a user connects his infected device to an enterprise email system, there’s potential for the malware to enter the organization’s internal network. Similarly, smart assistants like Amazon Echo, Google Assistant and Microsoft Cortana will make hands free interactions possible which is great for efficient workflow and even for infection control. The problem is that these IoT devices, like the others, expand the “attack surface” that a hacker can exploit with malware.
Threats like these will continue to be a part of the struggle to adopt IoT technology. However, any new piece of technology may come with such risks. It’s up to innovators to shut down security breaches as they occur and allow the technology to expand into exciting new realms.
What’s next for healthcare and the Internet of Things?
Already, many organizations are connected to IoT. Similarly, many homes are connected via smart assistants, smart appliances, wireless sound systems, even network enabled light bulbs. Financial blog The Motley Fool predicted that, in the coming years, IoT’s network will become even more dense. Rather than only a few devices within an organization or a single device at home, dozens of objects will have IoT capabilities.
For compliance, this will mean more security challenges – but it also means even more opportunities to engage with patients and physicians. Looking ahead, IoT will bring a personalization and patient engagement to healthcare that has never been seen before.
Imagine a patient walking into his doctor’s office and connecting his device to the office’s EHR system. His activity levels of the past several weeks are automatically uploaded, including average steps taken, heart rate levels, sleep patterns and more. This level of detail is only achievable within a secure IoT setting. If the industry can keep up with compliance measures, patients and physicians could gain a world of life-saving innovations.