The health care industry has seen a jump in the number of medical devices that use wireless technology. With this rapid technologic development comes concern about the safety, security and privacy of patients. There is specific concern in this regard with respect to the following commonly used devices: Implantable Medical Devices (IMDs), External Medical Devices, and Portable Devices.[i]
Last year a security researcher successfully demonstrated how an outside breach of a wireless insulin pump allows for the hacker to shut off or alter the settings of the device. This poses a serious risk for those with portable and implantable medical devices that are controlled via wireless technology. In addition to a breach of control of these devices, the risk of malware on such FDA-approved medical devices is also a concern. In the event that an FDA-approved medical device is infected with a malware virus, patching and securing that device may force device makers to go through the approval process all over again.
Advances in wireless technology in medicine, which have rapidly increased the use of portable devices, pose opportunities for improved clinical decision making, but also unique issues relating to privacy and loss of medical information. Specifically, Apple’s iPad is being used by doctors to discuss healthcare information such as clinical tests, x-rays, and lab results in real time. One concern lies within the risk of virus on these devices, others relate to access and control by an undesired third party. In an attempt to promote further guidance on mobile medical apps, President Obama signed new legislation on July 9th that gives the FDA clearance to continue developing mobile health regulations.[ii] We can expect to see a final draft of guidelines from the FDA for mobile medical apps by this fall.
As federal agencies continue to work towards regulations to avoid privacy and security issues, we might look toward health care providers and medical device manufacturers as additional resources for prevention. With the increased risk of data corruption and third party control, and the financial and overall burden these security risks will bring, there is an increasing need for compliance programs relating directly to this issue. The world of medicine will continue to change as we see more aggressive advances in technology, and health care providers and medical device manufacturers must do their part in protecting against attendant risks and vulnerabilities.
[i] United States Department of Homeland Security. (n.d.). Attack Surface: Healthcare and Public Health Sector.
[ii] Food and Drug Administration Safety and Innovation Act, S. 3187, 112th Congress (2011-2012).