clock menu more-arrow no yes

Dear Health Care, the Internet Is Here to Stay

The health-care industry is being flooded with devices for generating valuable patient data.

lucadp/Shutterstock

While most other industries have enjoyed a decades-long marriage with the Internet, in health care, we’re still in the “getting to know you” phase, working to establish a level of trust. Understandably, there are major concerns in our industry surrounding data integrity, both in and outside of the firewall.

Even as health care and the Internet continue their awkward slow dance (Jonathan Bush of Athenahealth likes to poke fun, with respect to health care, “that Internet thing is going to be big!”), the Internet of Things is already upon us. And while almost all (physicians are on the fence about the worth of some of the data and their ability to be present with it) appreciate the IoT’s tremendous promise in health care toward enabling a digital health revolution and the future of care delivery, as an industry, we must get the security piece right.

Gartner estimates that approximately 3.9 billion connected things were in use in 2014. This number is expected to increase to 25 billion by 2020, a growth trajectory that will surely impact the health-care industry, which is already being flooded with devices for generating valuable patient data. It is my belief that as consumers become more and more comfortable with sharing data through wearables (a market expected to reach $35 billion on its own by 2020), our industry will get used to the idea of sharing personal health information.

However, the transformative potential of the IoT won’t be realized for health care unless data integrity and security are built into the foundations of the IoT movement. Other industries, that are further along in this journey, have struggled with how to establish a continuity of trust that the data is accurate and secure. Through security measures that are built into apps like Venmo, we now see broad acceptance of IoT in mobile payments. Innovations like Amazon Dash, which allows consumers to order their favorite products from Amazon with literally the push of a button by automatically charging an Amazon Prime account, continue to push the envelope.

The charge in health care is clear: We must implement similar security technologies in order for IoT to be fully realized. There is no question that the IoT’s network of IP-connected computers, sensors and devices allows care providers and patients to share information to a transformative degree.

But in order to get there, the data generated by a series of connected devices can only be captured, aggregated, analyzed and put to meaningful use on a broad scale if the identities of providers and patients are verified. The data being generated, collected and shared through networked devices must be protected with strong, usable authentication methods.

To be clear, I don’t foresee a dark future where (absent security) medical devices like pacemakers are routinely hacked from afar like the attack depicted in the Showtime series “Homeland” that resulted in the vice president meeting his end. But we need to manage for that, as well.

Where I am focused is the more regular usage of technology. Imagine a world where your monthly health-plan fee could be discounted for healthy behavior like not smoking, averaging eight hours of sleep a night, or drinking the recommended amount of water. Yes, some companies have begun programs like this, but the data is largely self-reported and therefore open to manipulation. Now imagine a world where those data points are tracked by a sensor and sent automatically to the health plan — no paperwork for you! We are not far from that reality, but secure, reliable data is needed.

For providers, authentication is required to meet compliance and privacy regulations (we have HIPAA to consider). Ensuring that it’s your doctor accessing your medical data, not a nosy fellow patient who enters the room after your appointment, is key.

Patient authentication is also essential in the IoT paradigm because it ensures that the correct information is being generated by and shared with the correct patient. Creating a one-to-one link between patients and their medical records can establish a foundation for additional forms of patient identification. As with providers, devices like Fitbit or the Apple Watch will become part of the digital credential set for patients, necessitating a secure enrollment process to bind one or more devices to unique patient identities.

Constructing the necessary infrastructure to properly manage and optimize the proliferation of connected devices in health care starts with security. Putting these security building blocks in place will help create a closed-loop system in which patients and providers can securely interact in a more engaging, meaningful way.


David Ting is the co-founder and chief technology officer of health IT security company Imprivata. Reach him @Imprivata.

This article originally appeared on Recode.net.

Sign up for the newsletter The Weeds

Understand how policy impacts people. Delivered Fridays.