My colleague, Ryan Kh of Smart Data Collective and I recently spoke with some experts at a conference on the intersection of big data and healthcare. We have heard many technology enthusiasts preach about the tremendous benefits the IoT brings to the healthcare sector. Unfortunately, there are also some downsides that must be addressed. The biggest concern is the security risks associated with new IoT devices. The growing risk of IoT security breaches coincides with the Global Data Protection Requirement, a set of EU regulations designed to safeguard consumer data.
What Changes Have the IoT and the GDPR Created for Healthcare Providers?
These changes are forcing healthcare providers to create new cybersecurity solutions. Here are some things that health care providers must know.
GDPR Places New Burden on Healthcare Providers… Even in the United States
The GDPR has created a host of challenges for organizations around the world. Many United States healthcare providers believe they are immune to these new regulations, but they may find themselves on the wrong side of a GDPR lawsuit.
A trio of legal experts from McDermott Will & Emory have written about the implications of the GDPR for U.S. healthcare providers. They pointed out that healthcare providers outside of the EU may be subject to these policies under a couple of scenarios. The most likely reason is that they will need to deal with healthcare tourism.
David Goldstein of Health Options Worldwide (HOW) points out that the United States has become a major destination for medical tourism. Over 4,000 people from Central Europe traveled to a single medical provider, the Farjo Medical Centre, in 2010. This healthcare provider could be expected to comply with any regulatory policies of the GDPR.
How likely is it that the EU would penalize an American healthcare provider for failing to comply with the GDPR? It is still too early to tell. However, they are legally liable for adhering to the letter of the law, since it has a reaching impact beyond EU borders. The good news is that many domestic regulations can help them meet compliance standards. Using a HIPAA cloud hosting service is one of the best solutions.
IoT Devices Significantly Increase the Risk of Security Breaches
The healthcare sector will be transformed by the IoT more than any other sector. One study estimates that 30% of all IoT devices will be dedicated to healthcare in the next seven years.
The healthcare sector has a good reason to invest in the IoT. It is expected to save healthcare providers over $100 million in 2018 alone. However, it also carries its own set of risks.
Security breaches are a major concern for healthcare providers around the world. The IoT has increased the risks of these breaches considerably.
Network World contributor Jon Gold delved into some of these issues in a post last year. He mentioned that most IoT devices are connected to other units that don’t have any security safeguards built into them. This means that data is freely exchanged between IoT devices on a regular basis.
One of the major risks of the healthcare IoT infrastructure is that devices can’t even be authenticated. Rogue users can bring their own devices into the network and pilfer data at their leisure.
HIPAA has not found an effective set of reforms yet. This is yet another example of technology evolving more quickly than the law. Without adequate regulatory protocols in place, healthcare providers will need to take proper precautions on their own. Failing to take these actions leaves patients vulnerable to identity theft and countless other risks.
Healthcare Providers Must Urgently Tackle IoT Risks and Meet GDPR Compliance
Dealing with security risks is going to be more important than ever before. Healthcare providers must prepare for the serious legal and reputational hazards that will come with security breaches. They must also prepare to deal with the changes of the GDPR. This is going to force them to make some major reforms in the near future.