HIPAA Requirements and IoT Challenges
There’s no question that IoT will radically shift the healthcare experience. There are examples available on the market today that are simplifying chronic care management and moving care outside the four walls of the traditional medical office. Collecting data in consumer’s homes or workplaces will help healthcare providers understand an individual’s health more holistically, select appropriate treatment plans, change plans as time progresses, and predict future health events. Healthcare can utilize technology to cut ever-rising costs while improving health outcomes in patients, which benefits consumers and the industry alike. In fact, about 60% of healthcare organizations have introduced IoT into their infrastructure by some means.
Despite their advantages, MIoT devices also have their downsides. One of the main challenges introduced by the growth of MIoT devices is compliance with the requirements of the Health Insurance Portability and Accessibility Act (HIPAA). These challenges include:
- IoT Insecurity: IoT devices are notoriously insecure. These devices commonly include weak, default, and hardcoded passwords, contain exploitable vulnerabilities, and violate cybersecurity best practices. When patient medical data is collected, processed, and stored on these insecure devices, it makes it difficult for healthcare providers to meet the data security and privacy requirements of HIPAA compliance and further increases the probability of data breach.
- Business Associates: HIPAA’s requirements are not restricted to medical providers. It also covers “business associates” or third-party organizations that provide services to healthcare providers that bring them into contact with patient health data. IoT devices commonly make use of cloud-based infrastructure for data processing and storing, meaning that the manufacturers, cloud service providers, etc. of MIoT devices must also maintain compliance with HIPAA. Otherwise, the data security and HIPAA compliance status of their customers may be compromised.
All healthcare technology, especially IoT, should be built from the ground-up with the highest HIPAA security regulations in mind.