Thinking Through the Consequences of IoT in Healthcare

By Brian Sterud, VP, CIO, Faith Regional Health Services 

In healthcare, the Internet of Things (IoT) and its security has been an ongoing topic of discussion, as highlighted in a recently published article in HealthITSecurity. IoT has, and will continue, to change the world that we live in. From a consumer perspective, it seems almost every device has become “connected” and can be managed from our smartphones. The agriculture industry continues to transform with inexpensive sensors on both equipment and plants. Self-driving cars are on the road today in certain parts of the country. Last, but not least, I recently read about a coffee cup that is smartphone enabled, thereby eliminating that gross final swallow of lukewarm java.

The technology around us is opening many doors that we could have never envisioned. However, a quote my staff hears from me frequently, “every decision comes with a consequence,” comes to mind.  Initially, this quote may appear to be rooted in a conservative approach. However, in my case, it is quite the opposite. I strive to ensure that we all understand the tradeoff that occurs in the decisions we make every day. The intention isn’t to eliminate our risks, rather, it is to acknowledge that no cake was made without cracking a few eggs.

IoT in healthcare presents at least as much opportunity as any other industry. Alongside that potential is the threat to patient care that can occur when things go awry. Our industry is wrestling with the proper way to unlock these efficiencies, yet ensure that patient care is not compromised. We learned through WannaCry and Petya that many devices are not properly patched or managed. The FDA is working to help address many of these issues, but it also involves partnering with our vendors. There needs to be collaboration among providers, suppliers and the regulatory bodies. In the meantime, we need to address our security risks and make decisions on whether or not to implement certain technology. There are ways that we can mitigate risks and, in other cases, we may need to eliminate risks. 

The HealthITSecurity article references survey results in which 47 percent of technology professionals do not consider their organization’s leader to be digitally literate. I count myself lucky enough to work in an organization that doesn’t fall into that category. Our organization’s CEO and leaders are very digitally literate. In the past, it seemed that CIOs were the ones bringing new technology to their organizations. Recently, I find myself as the voice of reason as leaders bring new technology ideas to the forefront. There are technology solutions for almost any problem that is encountered and leaders become aware of these solutions. In my case, I am educating users on what is possible or not possible based on our current systems and infrastructure. 

The article further expands that leadership is hesitant over IoT devices. I suspect that the lack of digital literacy exacerbates the conservative approach to IoT. As an industry, we have a lot to learn about how to effectively protect our patients and their data when it comes to IoT. I look forward to working on a progressive approach that allows these devices to be leveraged while keeping our patients safe. Although our risk profile relative to patient safety needs to be conservative, we need to understand there are ways to continue moving forward while maintaining patient safety.

It is important to understand the “consequences of all our decisions” and to provide the support necessary to achieve success. There is no magic bullet, as the article states, and that acknowledgement alone should be able to guide many of our decisions. I’m excited about the iterations of technology that will allow us to more efficiently care for our patients while maintaining a focus on security.


More AEHIS News Volume 2, No. 1:

Looking to contribute to the AEHISecurity Newsletter? Email your contributions to [email protected].