home health security

Security

Hackers Could Threaten Home Health Monitoring Devices

, , , , , , , , , , , ,

home health security

Patients have long used simple health monitoring devices, like a bathroom scale, to track their vital signs at home. Now, thanks to the ubiquity and ease of mobile computing, along with the increasing sophistication of home health monitoring devices, a physician no longer has to wait until a patient’s appointment to review this data with patients.

Partners Healthcare’s Center for Connected Health announced in June that they have begun to add data automatically from patients’ home health monitoring devices – such as weight, blood pressure, and glucose level – into their electronic health record (EHR).

Linking home health monitoring devices to EHR systems also increases the risk of security breaches and errors.

Data from home monitors made by various manufacturers is compiled through Alere Connect and added to the patient’s EHR, where doctors can view it. Patients can also log onto a patient portal to look at their information.

In June, a National Health Policy Institute report on technologies that can improve care of patients with chronic diseases noted that home health monitoring devices that transmit data to physicians can reduce emergency department visits and hospitalizations.

However, linking home health monitoring devices to EHR systems also increases the risk of security breaches and errors, said Ken Bradberry,chief technology officer of Healthcare Provider Solutions at Xerox. Bradberry recently discussed some of the concerns raised by wireless transmission of remote patient data into EHRs.

First of all, the information transmitted to the EHR may not be accurate, Bradberry noted.

“With this level of complexity, there can be potential misuse or misconfigurations,” he said.

Although some home health monitoring devices are simple, many others are complex, he said, and patients may attach or use them incorrectly, with user error leading to incorrect data in the EHR.

69 percent of health care organizations reported that they did not provide secure connections for the transmission of data from wireless medical devices. 

In addition, remote health care monitoring devices that transmit information to EHRs or other computer systems at hospitals and physician offices are tempting targets for hackers, noted Bradberry. Hackers are generally not interested in stealing information about a patient’s glucose level or blood pressure; what they usually are after is the information embedded in the monitor itself, like the patient’s name and address, as well as other identifying information that can be used in identity theft.

Data breaches are a growing problem for health care systems, according to a 2013 Ponemon Institute study on patient privacy and data security. According to the study, 94 percent of health care organizations have experienced at least one breach in data security in the past two years. It costs an average of $2.4 million over two years to repair data leaks, the report said. However, 69 percent of health care organizations also reported in the study that they did not provide secure connections for the transmission of data from wireless medical devices.

Hackers may also try to maliciously “create chaos by disrupting devices,” said Bradberry.

Remote health care monitoring devices that transmit data are tempting targets for hackers.

For example, if hackers broke into the system for transmitting information from remote health monitoring devices to EHRs, said Bradberry, they could  block the transmission of data from home heart monitors, thus triggering multiple false alarms about patient cardiac arrests and creating confusion.

Ultimately, even though health care systems may contract with third-party vendors for the maintenance of home health monitoring devices, the responsibility for securing the data lies with the health system’s information technology department, Bradberry said. Any health system that integrates data from home health monitoring systems must have the staff and financial resources to manage the use of such devices and ensure secure transmission of the data, he said.

Otherwise, he noted, “you are giving access to a database from a mobile device you may not have control over.”

“You have to have a very solid IT foundation and understand how to connect and monitor mobile health devices in this overall IT management plan.”

He suggested some best practices in integrating data from home health monitoring devices into health care organizations’ EHR systems.

  • Expectations should be clearly defined on what sort of information the devices will gather and how that information will be used.
  • The IT department should be very familiar with the remote monitoring devices, and develop standards for the type of devices that are used.
  • Health care system IT departments should integrate the security and monitoring of these devices into the overall IT management plan.

“You have to have a very solid IT foundation and understand how to connect and monitor mobile health devices in this overall IT management plan. Practices should all be very consistent,” said Bradberry. “Don’t make it an island.”