Medical devices and systems represent a growing risk with respect to the security of the medical data they contain. Hospitals and similar healthcare organizations typically have 300% to 400% more medical equipment than IT devices and two trends are contributing to the increasing significance of this security risk:
- Medical devices and systems are being designed and operated as special purpose computers … more features are being automated, increasing amounts of medical data are being collected, analyzed and stored in these devices.
- There has been a rapidly growing integration and interconnection of disparate medical (and information) technology devices and systems where medical data is being increasingly exchanged.
To address these concerns, HIMSS convened its Medical Device Security Work Group to provide a coordinated effort on this issue. The charter of this Work Group, under the guidance of the HIMSS Privacy & Security Steering Committee is to:
- Identify both the security issues associated with medical devices & systems and the best practices available to address those issues
- Evaluate the issues of security threats and vulnerabilities that affect medical devices, both the provider and the equipment manufacturer's responses and responsibilities, and the legal and regulatory framework in which these issues must be addressed
- Coordinate with similar groups and committees, in HIMSS and other organizations, to capitalize on existing efforts and realize the economies of collaboration
- Prepare and endorse white papers, guidance documents, comments and recommendations on medical device security issues and practices for addressing those issues
- Educate HIMSS membership and the industry on the implications of medical device security through the publications, tools, resources and educational programs found in this focus area of HIMSS Web site.