Medical devices, from wearable health trackers to pacemakers and telehealth visits, have become increasingly prevalent. Addressing concerns about data privacy and risk management is essential with the amount of personal data collected through these devices rising. While the Health Insurance Portability and Accountability Act (HIPAA) has long been considered the primary regulation for patient personal health information data, the Food and Drug Administration (FDA) and the Healthcare Supply Chain Association (HSCA) have enacted new guidelines that aim to hold medical device manufacturers accountable for data privacy and risk management. The chapter concludes that these legal regulations individually touch upon essential aspects of patient data privacy and medical device safety; however, their combined influence provides a more substantial base to hold medical de-vice manufacturers responsible for risk management and data protection.
TopIntroduction
The rapid advancements in technology and medical devices, along with the increased interoperability of systems, services, and devices, have significantly improved patient care and lowered healthcare costs (Hein, 2022). Medical devices often save lives by performing critical functions that cannot be compromised without jeopardizing direct patient care. However, the growing number of cyber incidents is directly proportional to the increased availability of consumer data generated by the adoption of medical devices and telemedicine (McKeon, 2021). In 2022, the amount of medical data collected from these devices was observed to have increased by 100% every three months, with the wearables market expected to reach a value of $195 billion by 2027 (Hein, 2022). Medical devices provide essential care, yet the continued cybersecurity threats that saturate the medical device industry raise concerns about the use of medical devices and patient data privacy. Research often focuses on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as the primary privacy regulation for patient personal health information data (Annas, 2003; Rights (OCR), 2008). However, the Food and Drug Administration (FDA) and Healthcare Supply Chain Association (HSCA) have enacted new guidelines to hold medical device manufacturers accountable for data privacy and risk management (Hein, 2022; McKeon, 2021). This research reviews the literature relevant to new regulations regarding medical devices and patient safety data privacy related to the manufacturer's responsibilities beyond HIPAA.
The healthcare industry has become increasingly reliant on digital systems and tools to enable the delivery of patient care (Reilly, 2019; Sweeney, 2020). The rapid adoption of digital technologies has exposed the healthcare sector to a growing array of cybersecurity threats and increased the risk of data breaches (Reilly, 2019; Sweeney, 2020). A key factor contributing to the prevalence of cybercrime within the healthcare sector is the proliferation of data (Reilly, 2019; Sweeney, 2020). Healthcare organizations generate and store vast amounts of sensitive patient data, including medical records, payment information, and other personal data (Reilly, 2019; Sweeney, 2020). As such, the healthcare industry has become a target for cybercriminals seeking to access and exploit this data (Reilly, 2019; Sweeney, 2020).
The development of connected medical devices has enabled the provision of medical care to a larger population with a greater degree of accuracy and efficiency (Ponemon Institute, 2018). In the past few years, connected medical devices have become increasingly vulnerable to security risks, particularly those related to cyber-attacks (Ponemon Institute, 2018). According to the 2018 Global State of Cybersecurity in Healthcare Organizations report from the (Ponemon Institute, the number of security incidents involving connected medical devices increased by more than 10 percent in the last four years (Ponemon Institute, 2018).
Connected medical devices are a rapidly growing technology in the healthcare sector, with a wide range of applications, including medical diagnostics, medical imaging, and medical monitoring Ponemon Institute, 2018). Using such devices has enabled healthcare providers to access and analyze patient data more quickly and accurately, improving patient outcomes Ponemon Institute, 2018). However, the interconnected nature of these devices also makes them vulnerable to cyber-attacks, which can compromise the security of patient data and the functioning of the medical devices themselves (Ponemon Institute, 2018).