The protections required for safety, security, and privacy of health information across various information systems and medical devices are becoming increasingly complex. Since medical devices are connected to hospital wireless networks, they are often vulnerable to hacking attempts.1 The US Food and Drug Administration (FDA) recognized the problem in the Food and Drug Administration Safety and Innovation Act (FDASIA) report in 2014, proposing a "strategy and recommendations on an appropriate, riskbased regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication. Fundamental privacy and security are a challenge for many healthcare organizations that may need assistance to address the potential vulnerabilities, particularly where networks include medical devices.3 The increase in vulnerability arises from the nature of computer networks that demand plug-in methods of construction together with interconnectivity and seamless integration of multiple information systems involved in patient care. Studies show that implantable devices, such as an implantable cardioverter defibrillator (ICD), are potentially susceptible to malicious attacks that violate the privacy of patient information and medical telemetry-and may experience malicious alteration to the integrity of information, including patient data in therapy settings. The goals between security, privacy, safety, and utility of devices in situ (in their natural position) may be at odds with one another.5 Standards to Address Safety, Security, and Privacy of Medical Device Information The key to enabling patient safety is standardization.6 The new standard published by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC),...
|Number of pages||3|
|Journal||American Health Information Management Association, Journal of|
|Publication status||Published - Apr 2017|
- medical devices
- safety,security and interoperability
- integrated health information