Readers Write: The Internet of Things Can Revolutionize Healthcare, But Security is Key

The Internet of Things Can Revolutionize Healthcare, But Security is Key
By David Ting

The Internet of Things (IoT) holds tremendous promise in healthcare, potentially enabling a digital health revolution and support the future of care delivery.

Gartner estimates that approximately 3.9 billion connected things were in use in 2014. This number is expected to increase to 25 billion by 2020, a growth trajectory that will surely impact the healthcare industry, which is already being flooded with devices for generating valuable patient data.

However, the transformative potential of the IoT won’t be realized for healthcare unless data integrity and security are built into the foundations of the IoT movement.

The IoT’s network of IP-connected computers, sensors, and devices allows care providers and patients to share information to a transformative degree by:

• Giving care providers access to a greater number of devices for accessing protected health information (PHI).
• Allowing patients to generate real-time biometric data with low-cost devices and applications.
• Changing the nature of encounters with care givers from episodic to real time.

For clinical staff, the ability to interact with EMRs or other applications containing PHI from any device is invaluable, especially in creating a push vs. pull dynamic for access to patient information and health records. Today’s care providers are highly mobile and the IoT can provide the ability to seamlessly use connected devices within a single session.

For patients, the IoT offers the ability to participate in their own care. Specific patient opportunities include:

• Generating valuable health information from wearables and home health devices.
• Allowing real-time voice, video, and data streaming for telemedicine.
• Enabling more active patient engagement. Instead of requiring patients to take initiative to look up records or set appointments, messages can be proactively sent to patients informing them about updates or other relevant information

Some of these changes are already taking place on a small scale. But for the IoT to reach its full potential in healthcare, identity and data integrity will become critical as PHI moves from the hospital to the edge of patient care delivery, especially to assuage consumer concerns about privacy and security.

The data generated by a series of connected devices can only be captured, aggregated, analyzed, and put to meaningful use on a broad scale if the identities of providers and patients are verified. The data being generated, collected, and shared through networked devices must be protected with strong, usable authentication methods.

For providers, authentication is required to meet compliance and privacy regulations. If security considerations are baked into the IoT infrastructure, wearables or others devices can be assigned to particular users and leveraged to verify their identity. Similarly, proximity awareness technologies can simplify the user authentication process to access various devices and applications.

Patient authentication is also essential in the IoT paradigm because it ensures the correct information is being generated by and shared with the correct patient. Creating a one-to-one link between patients and their medical records can establish a foundation for additional forms of patient identification. As with providers, devices will become part of the digital credential set for patients, necessitating a secure enrollment process to bind one or more devices to unique patient identities.

Constructing the necessary infrastructure to properly manage and optimize the proliferation of connected devices in healthcare starts with security. A strong security strategy includes authentication technologies and processes to verify patient and provider identities to ensure that devices can only be used by authorized users. The communications channels between the devices within the IoT must also be secure to ensure the integrity of the information passing through them.

Putting these security building blocks in place will help create a closed-loop system in which patients and providers can securely interact in a more engaging, meaningful way. 

David Ting is chief technology officer for Imprivata.