No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

With Great Power Comes Great Responsibility – To Keep Your Patients Safe

by Mohan Ponnudurai
December 9, 2014
in Compliance
With Great Power Comes Great Responsibility – To Keep Your Patients Safe

As the Internet of Things (IoT) movement continues to gain momentum, several industries stand to contribute to and benefit from the trend’s popularity. One such industry is health care; however, as many have recently vocalized, the main concern about IoT is the security aspect, or lack thereof. According to recent PwC research, 47 percent of health care providers have already begun prescribing connected patient products, such as wearable patient monitoring and medical devices, but only 53 percent of them have implemented security controls. Medical and technological advancements come with great power, and with great power comes great responsibility – the responsibility to ensure the safety of patients.

The evolution of technology in the health care industry has sparked skepticism among the key decision makers of compliance regulations, igniting what are now known as HIPAA and HITECH, two acts implemented by the U.S. Department of Health and Human Services to ensure the protection of health care information while also allowing the innovation of new technologies. These efforts have not only expanded the scope of privacy and security defenses, but also increased the potential legal liability for non-compliance. Unfortunately, most scenarios are taken on a case-by-case basis, which has resulted in less rigorous enforcement of the acts upon medical device manufacturers at a time when new information technology is being developed on a daily basis.

To address this new connected reality, the FDA has comprised a set of recommended guidelines manufacturers and health care providers can and should adhere to in order to safeguard both the patients and their data. These guidelines are not yet mandated, and until they are, manufacturers must take it upon themselves to be as proactive as possible. One suggestion by the FDA is to conduct internal audits to identify the vulnerabilities and threats involved and assess the potential impact of these threats and vulnerabilities on both the device and its end user. There are two kinds of security threats: one related to patient data and privacy, and the other related to implanted device security. It’s important to be vigilant and conduct routine internal security audits throughout the development processes of these connected devices to ensure the manufacturer is operating in compliance with the established regulations so nothing falls through the cracks. Moreover, interconnection between device communications and software should be constantly checked against hacker ability to ascertain whether the combination of solutions are safe from unscrupulous parties.

Similarly, manufacturers should implement a mechanism such as a corrective and preventative action (CAPA) system to help proactively identify and shed light onto any problems that may arise, notifying the appropriate stakeholders in a timely manner. Having such a system in place allows organizations to appropriately log and manage quality issues and in turn, guarantee the quality and safety of their devices before they hit store shelves or doctors’ offices.

Another proactive step manufacturers can take is to ensure the safety and quality of such connected medical devices addresses the human error factor involved in any manufacturing process. Organizations may want to consider updating the standard operating procedures employees carry out on a daily basis. Such changes might include adding steps so that employees do not unintentionally connect said devices to an open internet connection, use unscanned thumb drives to update the devices or leave open sessions on the devices, thus allowing viruses or malicious codes into the devices.. The information that lives on these devices, as well as access to these devices, can pose a tremendous threat if hacked. For instance, in 2011, one hacker proved that several wireless insulin pump models were extremely vulnerable to attacks, bringing to light the possibility of a fatal dosage being triggered by an over-the-air attack. Such situations are unlikely, but technically feasible for someone with enough time, motivation and ill will.

The saying “better safe than sorry” rings especially true when it comes to the health care industry and even more so for medical devices. Connect those medical devices to the Internet and the saying becomes more of a rule. Operators should always be on the lookout for warning signs. For example, high data traffic between the device and the hub could be an indicator that the data is being accessed through external sources that are likely not authorized to open the files. Additionally, manufacturers should keep track of processing times to measure performance deprivation that could point toward a denial-of-service virus or malware. Common sense points to lower probability of these kinds of hacking or malware introductions due to the low financial value of such attacks; however, it is possible for unscrupulous parties to engage in these actions that threaten patient safety and jeopardize patient privacy.

Lastly, manufacturers and suppliers should strongly consider implementing a system that provides proactive tasks and corrective actions and manages the scheduling of these events to notify the appropriate people and hold them accountable, such as an enterprise quality management solution or EQMS. Suppliers should be part of this critical system instead of managing their own system separately. These systems can allow an organization to achieve end-to-end traceability and visibility into all stakeholders so that action can be taken in a proactive and timely manner to prevent issues such as device recalls.

Taking a proactive approach can mean more than just avoiding a recall. When a product has the potential to have an extreme impact on the health and safety of consumers, manufacturers should place quality above all else. The fact of the matter is that the Internet was made for sharing information – not with security in mind. When we create these devices, we must keep in mind the vulnerabilities that come with the technological advancements. Until the FDA issues mandated regulations around connected medical devices, it is crucial that manufacturers and health care providers alike take preventive and vigilant action to protect patients. That should be their priority!


Previous Post

Consequences of a Data Breach: Lessons from Wyndham Worldwide

Next Post

Bobby Keys, the Rolling Stones and Establishing Trust

Mohan Ponnudurai

Mohan Ponnudurai

Mohan Ponnudurai headshot 7-9-14Mohan Ponnudurai is an industry solution director at Sparta Systems Inc.,a global leader in enterprise quality management software (EQMS) solutions. With over 20 years’ experience,Mohan helps both the company and its clients in the high tech manufacturing (including medical device), oil and gas (energy and services) and electronics sectors understand industry trends, needs and requirements. Mohan earned his Bachelor’s Degree in Engineering from McGill University in Montreal, Canada, and MBA from the University of Tampa, Florida. In 2013, he was awarded the Supply & Demand Chain Executive “Pros to Know” Award for his exceptional leadership in Sparta Systems’ alignment with industry trends while helping clients understand changes in regulatory and business environments. Mohan is also an active participant at industry conference speaking engagements, white paper/article/blog authorship, analyst roadshows and product/solution thought leadership. Connect with Mohan: Mohan Ponnudurai
Sparta Systems, Inc.
2000 Waterview Drive, Suite 300
Hamilton, NJ
08691 mohan.ponnudurai@spartasystems.com

Related Posts

executive data security retro concept

Executive Digital Hygiene: The Threat Is Coming From Inside the C-Suite

by Staff and Wire Reports
June 29, 2022

Never mind the risk of a board member leaving a folder of sensitive documents in the back of a taxi....

farm silo leaning over

Big Benefits of Advanced Tech for FinCrime Compliance Don’t Kick in Until Silos Are Toppled

by Sujata Dasgupta
June 29, 2022

Companies increasingly have the advanced tools to combat financial crime, but as industry specialist Sujata Dasgupta explains, the fragmented nature...

snooping on private data

Survey: Leaders Claim to Be Ready for State Privacy Laws; Few Actually Are.

by Staff and Wire Reports
June 29, 2022

With state laws looming, where do companies actually stand today? A Womble Bond Dickinson survey examined current corporate preparedness along...

gene therapy supply chain abstract concept

Where in the World Is Joe’s Blood?

by Joe Slota
June 29, 2022

Cell and gene therapy is revolutionizing healthcare. But its efficacy relies on good old-fashioned supply chain management. Good luck with...

Next Post
Bobby Keys, the Rolling Stones and Establishing Trust

Bobby Keys, the Rolling Stones and Establishing Trust

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance Decision-Making DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring Ransomware RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT