We have multiple factors driving the extensive use of consumer medical devices and apps as part of the patient care process. The ubiquity, power, and low cost of smartphones, smart watches, and fitness devices means that they can often do the same work as more complex medical devices. The drive by providers and payors to increase compliance with care regimens, combined with a need to drive down costs, leads to their use in the care process. While this comes with significant benefits, there are also significant concerns with privacy and security. Many of these devices were never meant to be used to output data to an Electronic Health Record. To address these issues, we need to discuss what the issue is, what manufacturers can do, and what organizations can do to protect themselves. Governance and review processes will be discussed as methods we can use to address multiple security issues. We will also discuss basic steps organizations can take to protect themselves against common attacks.
Speaker: Mitchell Parker, MBA, CISSP, Executive Director, Information Security & Compliance, Indiana University Health