By Jason Colton and Deanna Murray
The Internet of Things (IoT) – the reality that everyday objects have network connectivity and allow the sending and receiving of data – is having global impact on every industry.
While observers of the IoT are cautious about the possibility of security breakdowns due to so many connected devices, it would be remiss for any industry to avoid the topic of how it can impact and improve customer service. Not to mention, a recent Forbes’ article estimates the IoT within healthcare to be a $117 billion industry by 2012.
This is even more significant in healthcare now, as patients are wearing more devices holding vital information on physical activity, eating habits, physical ailments (as in wearable medical devices) and even sleeping habits.
Many healthcare entities have been hesitant to acknowledge that Electronic Health Records (EHR) are just one small piece in what should be an extensive vision of how to leverage data and strategic assets: The EHR is just one access point of information that can give insight into a patient’s health.
Welcoming the importance of the IoT means giving up the singular idea that providers are the only touchpoint a patient interacts with to determine healthcare needs and habits. While there is no doubt the patient/provider experience is essential to overall patient health, embracing IoT and all it has to offer can clearly give providers and healthcare companies a deeper look into their patient base and allow for more managed, personalized care.
In healthcare, IoT streamlines the most mundane of tasks and automates arduous ones. Have 400 IV pumps? Make a configuration change on the server and watch it propagate out. Have 6 patients requiring 24×7 monitoring? Place a monitoring camera in their room and 1 centralized tech can watch 6 patients in 6 locations. RFID (Radio Frequency Identification) technology allows for easy patient tracking, (allowing) alerting nurses (to be aware) if a patient wanders out of an approved zone. Even vent hoods over cafeteria kitchen grills can send an email to inform(ing) you there is grease build-up causing a potential fire hazard.
HIMSS 2015, where more than 60 vendors – including several with top technology playing into IoT – saw a glimpse of an industry catching on to the important partnership IoT and healthcare companies can have. That partnership, when monitored and administered properly, can play into a continuum of care leveraging real-time data and results empowering all parties to address health proactively instead of reactively.
The IoT has brought many exciting advances to healthcare, improving patient experiences, increasing the quality of care provided, as well as updating and streamlining healthcare operations. Proper planning and processes will ensure these advantages are not offset by data-breaches or HIPAA violations.
An article published in March of 2015 on the HIMSS website, outlines three ways the IoT is improving healthcare at its core. These improvements, from operations to patients to leadership, all play into IoT’s role in the patient care cycle. The improvements mentioned are:
Operational Efficiency: The IoT, through equipment, trackers and smart hospitals hooked up to the cloud, allows visibility into assets, providing real-time information to the people and transactions that require them.
Improved Patient Care: The IoT allows healthcare access to what is needed in real-time to improve patient experiences. As a bonus, the IoT makes it easy to integrate data from consumer devices such as fitness bands, into hospital systems which help organizations gather more data and deliver better care.
But on the flip side, as organizations latch on to the benefits of rapid connectivity through multiple devices, the IoT also poses security challenges – far beyond what was previously experience Institutions must ask serious questions in regards to the safety of these connected devices to makes sure their sensitive data is safe.
Some things to consider are:
- Is the data transmitted through these connected devices send data securely and store it adequately?
- Do these devices accept software security updates that address threats and eminent risk?
- Do they have backdoor entry points that could allow for a large data breach?
- Is the way these devices connect to an institution’s network putting sensitive data at risk?
- Are the API’s used to connect these devices secure?
When you take into account IoT devices transmit and receive information at an extremely fast rate and usually do not require human interaction to do so, these questions and their answers become vital to data and records security.
Securing the IoT in a Healthcare environment requires communication and understanding. Executive leadership must understand that with these tremendous advantages comes additional responsibility. Agreement must be reached that any device requiring connectivity be vetted prior to purchase. Baseline requirements should be established around antivirus, patching, and routing. In addition, departments that traditionally ran their own shop should now partner with IT in discussions regarding purchasing, and later, deploying connected devices. These internal partnerships are essential to successfully enable the benefits of IoT, while maintaining secure environments.
But how do you do that? For those who have tried to tell a clinical leader that they cannot purchase the newest surgical robot until it has been vetted by IT, you understand the politics that can invade this discussion. Building good clear processes, being open with communication, and sharing examples of security failures are methods that have helped me succeed in getting stakeholders to “buy-in” to securing the IoT. Examples such as the Target credit card hack, which was initiated through a facilities system, will help skeptics gain an understanding of how a small, unsecured, connected system can create large vulnerabilities, and in the case of healthcare, the opportunity for HIPAA violations.
In this arena, before taking advantage and reaping great benefit from IoT, healthcare services companies will need to invest considerable time in encryption, password and data protection and also investigating in vendor-verified devices. These forms of protection, often referred to in healthcare IT circles as ‘basic healthcare security hygiene’ will go a long way in fending off malicious attacks through third-party devices inside and outside a facility’s doors.
In sum, Healthcare needs to enter into agreements with partners that require devices to be connected and also require those devices and services to be updated with state-of-the-art security. They also should require that all updates are tested and verified for cyber safety before being put into use within their specific facilities.
Given the nature of healthcare data and potential legal liability for resulting data breaches, the ‘Internet of Things’ at healthcare institutions and the contracts that cover them need to constitute a ‘Security of Things.’
For many years, healthcare has been behind the curve in its innovation. It has played catchup to other industries when it comes to its implementation and access of patient data and has even had to endure government mandates forcing it to upgrade paper records into an electronic format.
With how rapidly IoT technologies are developing and maturing, the industry stands to benefit greatly from the vast intelligence allowing for improvements in performance and innovation.
Where healthcare needs to be as an industry, is beyond the thought process that IoT devices are just gadgets or fads for consumer pleasure and self-monitoring. These wearables that have latched onto millions of waistbands, wrists and necklines across the globe are beyond novelties. They are clear ways for the industry to step up its game when it comes to information gathering and provide more efficient care – which leads to higher profits and most importantly, a healthier, happier consumer.
Jason Colton is a DISYS Fellow and Deanna Murray is a DISYS Project Insights.