Friday, December 6, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

With Great Power Comes Great Responsibility – To Keep Your Patients Safe

by Mohan Ponnudurai
December 9, 2014
in Compliance
With Great Power Comes Great Responsibility – To Keep Your Patients Safe

As the Internet of Things (IoT) movement continues to gain momentum, several industries stand to contribute to and benefit from the trend’s popularity. One such industry is health care; however, as many have recently vocalized, the main concern about IoT is the security aspect, or lack thereof. According to recent PwC research, 47 percent of health care providers have already begun prescribing connected patient products, such as wearable patient monitoring and medical devices, but only 53 percent of them have implemented security controls. Medical and technological advancements come with great power, and with great power comes great responsibility – the responsibility to ensure the safety of patients.

The evolution of technology in the health care industry has sparked skepticism among the key decision makers of compliance regulations, igniting what are now known as HIPAA and HITECH, two acts implemented by the U.S. Department of Health and Human Services to ensure the protection of health care information while also allowing the innovation of new technologies. These efforts have not only expanded the scope of privacy and security defenses, but also increased the potential legal liability for non-compliance. Unfortunately, most scenarios are taken on a case-by-case basis, which has resulted in less rigorous enforcement of the acts upon medical device manufacturers at a time when new information technology is being developed on a daily basis.

To address this new connected reality, the FDA has comprised a set of recommended guidelines manufacturers and health care providers can and should adhere to in order to safeguard both the patients and their data. These guidelines are not yet mandated, and until they are, manufacturers must take it upon themselves to be as proactive as possible. One suggestion by the FDA is to conduct internal audits to identify the vulnerabilities and threats involved and assess the potential impact of these threats and vulnerabilities on both the device and its end user. There are two kinds of security threats: one related to patient data and privacy, and the other related to implanted device security. It’s important to be vigilant and conduct routine internal security audits throughout the development processes of these connected devices to ensure the manufacturer is operating in compliance with the established regulations so nothing falls through the cracks. Moreover, interconnection between device communications and software should be constantly checked against hacker ability to ascertain whether the combination of solutions are safe from unscrupulous parties.

Similarly, manufacturers should implement a mechanism such as a corrective and preventative action (CAPA) system to help proactively identify and shed light onto any problems that may arise, notifying the appropriate stakeholders in a timely manner. Having such a system in place allows organizations to appropriately log and manage quality issues and in turn, guarantee the quality and safety of their devices before they hit store shelves or doctors’ offices.

Another proactive step manufacturers can take is to ensure the safety and quality of such connected medical devices addresses the human error factor involved in any manufacturing process. Organizations may want to consider updating the standard operating procedures employees carry out on a daily basis. Such changes might include adding steps so that employees do not unintentionally connect said devices to an open internet connection, use unscanned thumb drives to update the devices or leave open sessions on the devices, thus allowing viruses or malicious codes into the devices.. The information that lives on these devices, as well as access to these devices, can pose a tremendous threat if hacked. For instance, in 2011, one hacker proved that several wireless insulin pump models were extremely vulnerable to attacks, bringing to light the possibility of a fatal dosage being triggered by an over-the-air attack. Such situations are unlikely, but technically feasible for someone with enough time, motivation and ill will.

The saying “better safe than sorry” rings especially true when it comes to the health care industry and even more so for medical devices. Connect those medical devices to the Internet and the saying becomes more of a rule. Operators should always be on the lookout for warning signs. For example, high data traffic between the device and the hub could be an indicator that the data is being accessed through external sources that are likely not authorized to open the files. Additionally, manufacturers should keep track of processing times to measure performance deprivation that could point toward a denial-of-service virus or malware. Common sense points to lower probability of these kinds of hacking or malware introductions due to the low financial value of such attacks; however, it is possible for unscrupulous parties to engage in these actions that threaten patient safety and jeopardize patient privacy.

Lastly, manufacturers and suppliers should strongly consider implementing a system that provides proactive tasks and corrective actions and manages the scheduling of these events to notify the appropriate people and hold them accountable, such as an enterprise quality management solution or EQMS. Suppliers should be part of this critical system instead of managing their own system separately. These systems can allow an organization to achieve end-to-end traceability and visibility into all stakeholders so that action can be taken in a proactive and timely manner to prevent issues such as device recalls.

Taking a proactive approach can mean more than just avoiding a recall. When a product has the potential to have an extreme impact on the health and safety of consumers, manufacturers should place quality above all else. The fact of the matter is that the Internet was made for sharing information – not with security in mind. When we create these devices, we must keep in mind the vulnerabilities that come with the technological advancements. Until the FDA issues mandated regulations around connected medical devices, it is crucial that manufacturers and health care providers alike take preventive and vigilant action to protect patients. That should be their priority!


Tags: internal audit
Previous Post

Consequences of a Data Breach: Lessons from Wyndham Worldwide

Next Post

Bobby Keys, the Rolling Stones and Establishing Trust

Mohan Ponnudurai

Mohan Ponnudurai headshot 7-9-14Mohan Ponnudurai is an industry solution director at Sparta Systems Inc.,a global leader in enterprise quality management software (EQMS) solutions. With over 20 years’ experience,Mohan helps both the company and its clients in the high tech manufacturing (including medical device), oil and gas (energy and services) and electronics sectors understand industry trends, needs and requirements.

Mohan earned his Bachelor’s Degree in Engineering from McGill University in Montreal, Canada, and MBA from the University of Tampa, Florida. In 2013, he was awarded the Supply & Demand Chain Executive “Pros to Know” Award for his exceptional leadership in Sparta Systems’ alignment with industry trends while helping clients understand changes in regulatory and business environments.

Mohan is also an active participant at industry conference speaking engagements, white paper/article/blog authorship, analyst roadshows and product/solution thought leadership.

Connect with Mohan:

Mohan Ponnudurai
Sparta Systems, Inc.
2000 Waterview Drive, Suite 300
Hamilton, NJ
08691

[email protected]

Related Posts

job candidates awaiting inerview

An Unconventional Interview Question: “Do You Have an HR Department?”

December 5, 2019
closeup of magnifying glass on gray background

DiCianni’s Idea: How It All Got Started

December 4, 2019
woman's hand touching beam of light on digital blue screen

The Evolution of Compliance

December 3, 2019
"fire drill" words beside flashing strobe

How M&A Benefits from Independent Assessment

November 20, 2019
Next Post
Bobby Keys, the Rolling Stones and Establishing Trust

Bobby Keys, the Rolling Stones and Establishing Trust

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • Iconix Brand Group, Inc., Neil R. Cole and Seth Horowitz December 5, 2019
    SEC Charges Iconix Brand Group and Former Top Executives with Accounting Fraud
  • Lester Burroughs December 5, 2019
    SEC Charges Connecticut Man with Defrauding Retail Investors
  • SBB Research Group LLC, et al. December 4, 2019
    SEC Charges Hedge Fund Adviser and Top Executives with Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights