Need for Cyber Security in Mobile Healthcare

By Dr. William F. Harvey ,CMIO at Tufts Medical Center.

Dr. William F. Harvey ,CMIO at Tufts Medical Center.

In today's world, mobile healthcare is emerging to be the most significant trend in the field of Medical Technology. Devices have appeared, which are used by people to monitor their health in their home. In addition to devices, there are mobile applications as well, which, along with IoT devices, help people interact with healthcare systems and manage their illness.

There are, however, particular bottlenecks that prevent the adoption of mobile healthcare on a global scale. One bottleneck is the technology itself. Most people in the US having chronic diseases are above the age of 50-55. That generation is a little less tech-savvy than the younger ones. But then, most older people have smartphones nowadays. So that issue is rapidly resolving itself. Another more significant issue is that of cybersecurity. Inputting health-related information in any computerized system represents vulnerability concerning privacy. As stewards of large amounts of medical data, we feel additional responsibility that mobile apps that we recommend to our patients are secure from a cybersecurity standpoint.

"As stewards of large amounts of medical data, we feel additional responsibility that mobile apps that we recommend to our patients are secure from a cybersecurity standpoint"

But this responsibility is challenging to assess by the doctor or patient. E.g., a patient asks a doctor's opinion about an app thatthey wish to use to monitor their diabetes. The doctor would evaluate the app based on the information it provides and how useful the information is to the patient. Both are ill-informed about whether the app would be able to protect the patient's privacy. Thus, a cybersecurity professional is required to help them.

The criteria for selecting a cybersecurity organization varies from organization to organization. Our criteria depend upon where the data is stored and whether it's encrypted when transmitted across the internet. Our requirements also depend on the nature of storage location, no. of people with access to it, and whether they employ third-party software vendors. If they do, those third-party vendors are evaluated as well. So, a cascade of evaluations and approvals are needed depending on how these applications are storing data.

A lot of startups in medical technology don't pay enough attention to cybersecurity. This often ends up being the reason why we can't work with them even though they have a good product. I would advise them to think about cybersecurity form the outset. They can rely on third-party cybersecurity organizations to evaluate their software and include necessary safeguards.

Technology development is most effective if a consumer or healthcare provider is at the forethought of development. Quite often, people from the technology industry try to build a product without close enough connection to the healthcare field. This results in the creation of something which is either not needed or not beneficial to healthcare. Also, people seeking healthcare want certain things and tools to improve their health. If the technology industry doesn't deeply engage with its consumers, it will most likely build something that doesn't adequately fit their needs.

Newer trends in medical technology are aiming to move healthcare out of the four walls of a large hospital. Urgent care clinics, mobile healthcare, and telemedicine are helping patients seek healthcare in their homes or close to their homes. They now seek healthcare based on services provided in an area. This challenges healthcare systems to assure the patient's health record as they go places. It is hard for patients, too, as they need to keep all doctors updated on their health. So, we may see more of personalized health records where patients can take their records around with them to other doctors. Traditionally, the medical record was thought to be "owned" by the hospital or doctor who wrote it down. Now, the ownership will go to the patient.