As health Internet of Things innovation accelerates, regulators try to keep up
Individuals are increasingly wearing health and fitness technology such as Fitbit and the Microsoft Band. They’re also using consumer medical devices such as blood pressure and glucose monitors at home. As this recent Computerworld article points out, by using these devices, consumers are consenting to their data being collected, but they don’t necessarily know where it’s being stored or if their privacy is being protected.
We’re also seeing a convergence of the consumer health market with traditional healthcare. For example, a doctor might prescribe that a patient exercise more and ask the patient to wear a fitness tracking device that sends data to the doctor for compliance monitoring.
In addition to the increase in consumer devices, there’s been a surge in the number of medical devices used in clinics and hospitals-from ingestible sensors and cameras to MRIs. In fact, IDC projects that the worldwide Internet of Things (IoT) market in healthcare will grow from US$131 billion in 2014 to US$313 billion by 2018.
With the exponential increase in device-born data, health providers are collecting more Protected Health Information (PHI) that’s subject to regulations than ever before.
In other words, IoT offers incredible new opportunities for innovation in healthcare-and it raises new questions and unknowns.
How can health providers ensure that when they use apps and devices targeted to consumers as part of their healthcare services they’re still maintaining compliance with regulations around PHI? How can consumers feel confident that the information that’s being collected and shared by their consumer devices is protected? And how can device and app developers that are creating health IoT solutions build in the appropriate security features to address these questions?
What’s more, health organizations are increasingly being targeted by cybercriminals. And in many of the recent cyberattacks against health organizations, information such as patients’ social security and credit card numbers were compromised. That means beyond PHI, health organizations also need to protect the Personally Identifiable Information (PII) that’s in their operational and financial systems.
As innovation accelerates and cybercriminals become more sophisticated, regulatory bodies around the world are trying to keep up-a number of approaches are currently being debated. The EU’s Article 29 Working Party issued a new opinion on IoT. In a separate report, an EU privacy watchdog argued that an extra onus should be placed on developers of mobile apps in the health market to protect people’s privacy. In the US, the Online Trust Alliance (OTA) recently announced that it’s leading an initiative to develop a security, privacy and sustainability trust framework for IoT devices. OTA’s vision is to use this framework as the basis for a potential certification program for IoT devices and their manufacturers. These are just a few examples of the regulatory approaches being discussed for IoT.
At Microsoft, we’re deeply committed to being at the forefront of addressing new regulations. For example, we were the first major cloud provider to adopt the world’s first international standard for cloud privacy, ISO/IEC 27018. To help health organizations and consumers feel confident that their information is being safeguarded, we build security and privacy into our cloud and mobile solutions from the ground up.
From a technology and infrastructure standpoint, Windows 10 will offer capabilities such as hardware-based security for better malware protection and elimination; secure corporate identity; protection for data wherever it is; more secure per-app connection for mobile workers; and more.
And we earn our customers’ and partners’ trust in the Microsoft cloud by addressing four fundamental areas: control, privacy, security, and transparency.
Stay tuned for more on cybersecurity in health from Neil Jordan in an upcoming blog. In the meantime, please let us know if you have any questions or need help with your strategy for data protection and security. We’d also love to hear your stories. How are you taking advantage of IoT as a consumer or health leader? What are your privacy and security concerns? Let us know via email, Facebook, or Twitter.