Planning to Protect Patient’s Medical Records, Including Data from Wearables, Ingestibles, and Other New Medical Technologies

I was fortunate to be invited to attend and participate in a recent closed session conference at the National Cancer Institute (NCI) on Precision Medicine, Wearable Technology and Big Data Informatics.  A multidisciplinary group of clinicians, biologists, technology developers, and data scientists from government, industry and academia presented the state of the science in wearable, implantable, and external sensor technologies and associated data acquisition/analysis with the goal of developing an integrated strategy to address the needs of cancer patients.The devices discussed at the event included implantable and ingestible devices that can continuously monitor patients and provide real-time data to help clinicians determine the efficacy and effectiveness of treatments and medication.  Additional data can be harvested from wearable technologies such as smart phones, watches and movement trackers to help caregivers monitor issues such as fatigue after therapy sessions. For all of their promise in improving patient care, these new devices also present new risks that health care providers need to address.  As I have stressed in earlier blogs about the importance of protecting electronic medical data, including electronic medical records, the data that these devices will be continuously sending to providers needs to be safeguarded from data breaches.  Such breaches could be especially catastrophic for people whose lives are already turned upside down by illness. The healthcare sector can take key steps to address the vulnerability of this new data stream in order to mitigate the possibility of cyber-attacks and data breaches.Recognize that the healthcare industry is being targeted by sophisticated data thieves and create a culture of knowledge that protects patient data in every possible wayDevelop and execute robust training programs to raise awareness of when data can be at risk and what can be done to protect itEducate the clinical, operation and administrative staff on new topics and strategies such as social engineering Improve Information Technology (IT) and security operations, perhaps by upgrading to IT and security systems that utilize newer technologyHire staff with security skills.  Many healthcare organization lack the necessary talent and spending in this areaInvest in layers of security given the continuous introduction of new medical devices and Internet of Medical Things connected devices Develop and continually test and practice a Disaster Recovery Plan (DRP) that includes robust backup and restore functions.I am optimistic that in tandem with our adoption of new medical technologies such as implantables, ingestibles, and wearables that the healthcare sector will be able to implement these technologies in a way that supports our patients’ needs for data security.Sam Hanna, MBA, CISA, CBCP, CRISC is the program director for the Masters of Science in Management of Health Informatics Analytics (HealthInformatics@GW) program at The George Washington University.  Prior to this role, he held leadership positions at global professional services firms where he was responsible for creating and leading large multidisciplinary health industries practices, as well as an investment portfolio in new technologies, solutions and startups.  He is a frequent speaker and writer on topics related to entrepreneurship and innovation, health IT, analytics, and the intersection of translational sciences and the business of health.  He can be reached at [email protected]