Vendors must prioritize connected device security as popularity rises

Connected devices such as fitness trackers and digital voice assistants are gaining popularity with consumers, but the challenge for health IT is how to secure these devices.

CES 2017 featured plenty of booths displaying health-related devices, including fitness and sleep trackers, heart monitors, smart beds and digital voice assistants. Vendors were eager to demonstrate and discuss their innovations with the passing crowds, and consumers were interested in leveraging technology in their daily activities. However, connected device security remains a top concern for health IT and is likely to come under more scrutiny as these devices become part of the physician and patient conversation.

With an estimated 48 million fitness trackers sold in 2016 according to CES organizers, there is an incredible amount of interest in wearable devices. Physicians are prescribing these devices to patients who want to track and monitor their daily activities to adjust their lifestyle. However, there are concerns about connected device security. While data about daily eating or fitness activities may not qualify as elements of a medical record, CES vendors introduced products that go beyond basic fitness tracking, such as heart rate monitoring and home-based virtual assistants that help with medication reminders. These devices capture or interact with data that is part of a patient's health record.

Royal Philips' Health Watch
Royal Philips' smartphone-connected Health Watch, seen at the CES 2016 conference, is part of a personal health program and is also HIPAA-compliant.

Connected devices and HIPAA compliance

Software solutions used in healthcare that interact with a patient's health record must comply with HIPAA requirements. If there is a lack of visibility over connected device security practices, many in health IT will opt out of creating integrations between the EHR and wearable devices.

While many devices that interact or collect data from consumers have basic security practices in place, some vendors have taken the appropriate steps to ensure their wearable devices and systems meet HIPAA requirements. For example, Fitbit wearables provide HIPAA compliant capabilities because much of the data the devices track is considered protected health information. However, not all vendors entering the wearable space are concerned with HIPAA. Many are focusing on a global market in which HIPAA is not relevant.

One interesting trend at CES was virtual assistants that are embedded in cars, refrigerators, and even lamps. The technology can help us order groceries, set reminders and check the weather. In a healthcare scenario, companies are building integrations so these same systems can let a patient schedule her next doctor's appointment or check her lab results by speaking a command at home. Virtual assistants such as Alexa, Cortana and Siri will face the same questions and concerns around HIPAA. It will be up to connected device vendors to decide whether they are willing to take the appropriate steps to balance security, privacy policies and HIPAA requirements.

Next Steps

Security concerns abound with IoT medical devices

Five tips for reducing connected device security risks

Connected medical devices present challenges for health IT

Dig Deeper on Mobile health systems and devices