Consumer technologies in healthcare - what are the security challenges?

Consumer-oriented technologies and services have already established a foothold in healthcare. If you visit a modern medical establishment you will see personal electronic devices (PEDs) being used. There may be some strictly controlled zones where usage is not permitted, but the days when hospitals and doctors surgeries imposed a blanket ban on mobile phones and cameras have passed.

Consumer technologies can improve patient care, reduce costs and allow healthcare organisations to offer new services. In surgery waiting rooms, you’ll see advertisements for online healthcare services including online appointment booking from mobile devices.  Before and after surgery, it is not uncommon for the responsible consultant to use a digital camera to photograph the relevant part of the body for future reference. An interesting example of consumer technology assisting with patient care is the use of Kinnect sensors (originally designed as a video game accessory) to assist with rehabilitation of stroke patients.

The market for wearable technology with healthcare functionality is also growing. Activity trackers (and their converse “sleep quality monitors”) are increasingly being used to monitor health and fitness metrics.  These devices typically incorporate sensors that measure the wearer's pulse rate, respiration rate, body temperature and blood pressure. Many users of wearable technologies are uploading their personal measurements to cloud service providers and sharing them with others.

Another common trend is people using search engines to find out about medical conditions and treatments.  During consultations, medical professionals are increasingly spending time commenting on consumer-oriented healthcare information.

Is any of this a problem? Essentially consumer-oriented technologies and services present healthcare with three challenges:

1.    Clinical safety
2.    Privacy and personal data protection
3.    Information security and privacy education

The top challenge is to ensure that clinical safety isn’t compromised. PEDs may be a vector for disease agents. Routine hand-sanitisation will not control infections if PEDs are not also properly cleaned. So, is the full cost of providing and using disinfectant wipes for PEDs being factored into infection control budgets?

It is vital that diagnostic mistakes are not made as a result of adoption of consumer technology. Doctors must be aware that patients’ descriptions of their symptoms may have been influenced by unreliable internet searches. Also, just because patients make certain informal measurements using PEDs, the clinical diagnostic process shouldn’t be affected. Diagnostic measurements relevant should always be obtained directly by the clinician using regulated medical devices, which have been correctly calibrated.

The second challenge is ensuring privacy, both for patients and medical staff. Consumer technologies often blur the boundary between public and private information. Arguably the most controversial wearable technology is Google Glass. This product continuously captures and stores a video and audio stream and allows the user to interact with Google services. It’s not hard to imagine the severe legal implications of such a product being used without peoples’ consent.

The third challenge is to ensure that all healthcare staff, patients and visitors have a foundation level of awareness and knowledge of how to manage information security and privacy.  In fact, this is key to ensuring privacy and clinical safety. To achieve this broad awareness, a critical mass of competent and motivated security and privacy practitioners is needed.

Pursuing a path of certification can help healthcare professionals get to grips with the security and privacy challenges posed by consumerisation. Note that a credential like the Healthcare Information Security and Privacy Practitioner (HCISPP) certification developed by (ISC)2 does not require candidates to have any prior technology or medical qualifications, but at least one year of healthcare domain experience.

Tim Williams, healthcare security and privacy consultant & (ISC)2 volunteer

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon