Electronic Health Reporter

Guest post by Paddy Padmanabhan, CEO, Damo Consulting.

Gartner has estimated that some 6.4 billion connected things will be in use by the end of 2016, with some 5.5 million new things getting connected every day. There’s been a clear boom in health and fitness wearables, with healthcare consumers investing in tracking devices – sometimes with their employer’s encouragement – and the MedTech industry has jumped on this in a big way.

Fascinating IoT applications are being developed today, often through unlikely partnerships. For example, medical devices company Medtronic is developing an application that transmits wearables data to the IBM Watson cognitive computing and predictive analytics platform. And Swiss pharma company Novartis is joining hands with Qualcomm to develop an internet-connected inhaler that can send information to a cloud-based big data analytics platform for healthcare providers to use in treating patients. These are exciting examples of how technology and analytics can support personalized medicine.

However, there are a couple of big issues that the IoT movement has to contend with when it comes to the Medical Internet of Things (IoT). These issues concern us as consumers, and they also concern our employers and our healthcare providers equally.

Data security: The medtech industry is widely seen as unprepared for the security risk and vulnerability to hacking that their devices can cause for the rest of the healthcare system. This has immediate repercussions for consumers who may be unaware of the exposure of their personal medical information to cybercriminals. In addition, as healthcare providers start using medical information from these interconnected devices in a cloud-based environment, their enterprise IT, specifically electronic health record (EHR) systems, could be seriously compromised and vulnerable to hackers. And this brings us to the other, emerging issue that is beginning to get some attention in the exchange of IoT data.

Privacy and legal concerns: While there are undisputable benefits for healthcare consumers as physicians gain access to medical information from a range of connected devices, there is a real threat to privacy as well. We start with the question of who owns the data. State law in the U.S varies when it comes to this question, and device makers and other software providers may lay claim to the data which can be used against consumers. At the same time, collecting personal data through devices imposes a set of legal requirements on enterprises, starting with proper disclosures about the collection and use of the information.

Many healthcare providers are leery of collecting any IoT data because of a combination of these factors. In my recent conversations with CISO-level executives, I sensed a real concern around the potential for these connected devices to do harm to enterprises through cyberattacks. In addition, there may be unexpected consequences of collecting this data, such as employers being held accountable for wrongfully using the data in termination-related lawsuits.

Increasingly, these complex issues are drawing the attention of regulators who are mandated to protect consumer interests and safeguard privacy. Indeed, this may cause a dilemma to medical device manufacturers who want to provide consumers with a rich experience on the one hand but also need to comply with FDA rules and complex requirements. The recent case of FDA intervention in the case of lab test company Theranos is also a cautionary tale for companies looking to play “fast and loose” with new technologies that may put consumers at risk.

Eventually, all these challenges will need to be overcome, simply because the potential benefits of using IoT data for improving health and wellness far exceed the downsides and risks. However, the challenge we face is that technology is evolving at an explosive pace and the regulatory and legal infrastructures are unprepared for the sudden increase in complexity that all this causes. We are going to see very interesting times ahead.