Addressing medical ethical issues around health devices

With the advent of the Internet of Things and the rise of connected healthcare devices, medical professionals can collect, analyze and share enormous amounts of patient data. By making access to information easier and more efficient, these new technologies are helping practitioners provide a higher standard of care.

But any device that collects and stores data carries the risk for that information to be lost or stolen. Where individuals' private health data is concerned, the ramifications of a breach could be high, and practitioners may share some of the liability. Education and preparation are essential in mitigating these risks and using healthcare devices smartly.

Medical devices and cybersecurity

Whenever a patient's data is shared or linked without their knowledge, there are legal and ethical issues for health professionals to consider. Security is paramount for any equipment used in patient treatment and monitoring, like MRI scanners, infusion pumps and blood pressure monitors. It's also essential for laptops and mobile devices used by healthcare professionals in day-to-day activities. Any internet-connected device that can upload patient data to an electronic health record system is vulnerable to hacking or tampering.

The increasing popularity of patient-owned healthcare devices presents another potential security risk. Fitness trackers and smartwatches—especially ones that allow owners to share data on social media—could compromise sensitive medical data.

As with any wireless technology, practitioners and users need to be cautious about protecting data gathered or shared through medical devices. This is especially important for medical devices that are older or haven't been updated with the latest software patches.

Understanding the potential threats

Security breaches, data inaccuracies, violations of privacy and implementation errors are all potential issues inherent in the broader use of connected medical devices.

The US Department of Homeland Security has issued warnings about hackers inserting malware into implanted cardiac defibrillators. This malware preys on unencrypted wireless protocols to change the device settings. The National Cybersecurity Center of Excellence has issued similar warnings about wireless infusion pumps.

Similarly, fitness trackers and other geolocation-based devices contain security flaws that have allowed hackers to access sensitive information. This information often included the app users' locations, names and addresses.

As technology continues to rapidly progress, new ethical issues arise. Both AI and 4D printing are becoming increasingly important in the medical field. With new possibilities for piracy and hacking, risk management procedures must be routinely revisited.

What practitioners can do

Healthcare professionals play a central role in mitigating the potential financial risks and avoiding the legal and medical ethical issues that arise from the loss of stolen patient information. There are several practical steps you can take to ensure the devices used to improve patients' lives are secure.

• Set up strong institutional privacy and security policies regarding patient data—and put them in writing. Employees at your practice should understand that they may be held accountable for the misuse of any patient information.
• Create a standardized workflow that ensures everyone knows their tasks and roles assigned in protecting patient information. Review this workflow regularly to identify areas for improvement.
• Assign user access through an administrator. Base permissions access on the practitioners' pre-established, identified duties and the information they need to carry out monitoring or treatment.
• Enable encryption and two-factor authentication on all mobile devices used to share patient information. Consider additional security features such as antivirus software, firewalls and intrusion detection software.
• Make patients aware of their role in securing their devices. Let them know to register their devices with the manufacturer, keep operating systems updated and stay vigilant for any unusual activity on the device.
• Consider purchasing a business liability insurance policy that covers your organization in the event that medical devices are lost, stolen or breached. These policies can also help cover losses from business interruptions that result from a cybersecurity incident.
• Identify system weaknesses. Creating simulated scenarios to assess an organization's cyber vulnerability can reveal weaknesses without compromising patients' personal information.

Minimizing the risk of unauthorized data access is essential to keeping patients safe and your practice protected. By being aware of possible legal and ethical issues surrounding the broader use of medical devices, health professionals can secure the devices they use to advance healthcare delivery and improve patients' lives.