Privacy and Security and the Internet of Things

internet of things In the future, everything will be connected.

That future is almost here.

internet of things In the future, everything will be connected.

That future is almost here.

Over a year ago, the Federal Trade Commission held an Internet of Things workshop and it has finally issued a report summarizing comments and recommendations that came out of that conclave.

As in the case of the HITECH Act’s attempt to increase public confidence in electronic health records by ramping up privacy and security protections for health data, the IoT report — and an accompanying publication with recommendations to industry regarding taking a risk-based approach to development, adhering to industry best practices (encryption, authentication, etc.) — seeks to increase the public’s confidence, but are doing it the FTC way: no actual rules, just guidance that can be used later by the FTC in enforcement cases. The FTC can take action against an entity that engages in unfair or deceptive business practices, but such practices are defined by case law (administrative and judicial), not regulations, thus creating the U.S. Supreme Court and pornography conundrum — I can’t define it, but I know it when I see it (see Justice Stewart’s timeless concurring opinion in Jacobellis v. Ohio).

To anyone actively involved in data privacy and security, the recommendations seem frighteningly basic:

build security into devices at the outset, rather than as an afterthought in the design process;

train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization;

ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers;

when a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk;

consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network;

monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely;

notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers’ reasonable expectations.

Stakeholders and FTC staff agreed that it is too soon for IoT-specific privacy and security legislation, and reiterated the agency’s the 2012 call for broad-based, flexible, technology-neutral data security and breach notification legislation. (See Health Populi for more on the IoT report.) The President seems to be in favor of strong, uniform, data privacy and security rules as well.

READ

How Webinars and Online Courses Are Helping to Make Healthcare Greener

Uniformity would be a good thing. As things stand now, the FTC and OCR have overlapping jurisdiction when it comes to enforcing privacy and security rules with respect to health data. (Oh, and let’s not forget about state attorneys general and, while we’re at it, private lawsuits, as vehicles for enforcement). While overlapping jurisdiction should not matter to those of us who are in compliance with the rules, the problem is that the rules (at least on the FTC side) are not necessarily clear. That issue is magnified because FTC enforcement can include long-term monitoring and reporting on remediation and compliance, and can drive a company out of business. (Consider the LabMD case, just for instance.)

In addition, the IoT report covers some of the same ground as the FDA’s recently-issued draft guidance entitled General Wellness: Policy for Low Risk Devices, which complements last year’s mHealth guidance.

When the federals put a stake in ground — as they have with all of these issuances — innovation can proceed because we all have a better sense of the contours of the regulatory landscape. The problem is that these are guideposts that can shift in unpredictable ways in the future, or that can easily disappear — like the landmarks disappearing under a blanket of heavy snow falling outside my window as I type this post.

Nevertheless, it is possible to plan for that inscrutable future by building products and services, and communicating with partners, consumers and regulators, in a way that honors public expectations and the policies underpinning the government’s various declarations about data privacy and security.

READ

Stressing Employee Sleep and How It Can Impact Your Practice, Hospital, and Overall Productivity

everything is connected / shutterstock

ICD-11 – The Next-Generation Coding System

5 Ways to Use Texting in Healthcare Marketing and Engagement

When The Doctor Is Hurting: Ergonomic Solutions For Medical Professionals

Choosing a medical courier: 5 things you must consider

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

How to Monetize Mobile Healthcare Apps

When The Doctor Is Hurting: Ergonomic Solutions For Medical Professionals

Stressing Employee Sleep and How It Can Impact Your Practice, Hospital, and Overall Productivity

Are Patients Being Informed Of Alternatives To Medication?

Enhancing Cultural Competency In Healthcare Settings

Encouraging Use Of Respite Care: A Guide To Supporting Caregivers

A Kid-Friendly Hospital: Promoting Child Life Services

How Technology Affects Doctor-Patient Relationship?

5 Key Features of Healthcare Websites in 2018

What Is Interoperability and Why Is It Important in Healthcare?

Facebook Reported to Have Attempted to Acquire Users’ Medical Records

Organization fined $418,000 for business associate HIPAA breach

Dissatisfaction with Billing Companies Starts with Lack of Clarity of What is Expected

What Is Interoperability and Why Is It Important in Healthcare?

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

mHealth: The New Future of Healthcare

How Technology-Enabled Communications Drive Use of Routine Services and Revenue

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

Patient-Generated Health Data: a Shift in Care Delivery?

How Financial Barriers are Slowing Down Telehealth Adoption

How can Healthcare Professionals Manage their Reputation Online

How to Handle Negative Physician Reviews and Feedback

5 Effective Ways to Market Healthcare to Millennials

Truth From Comedy: ZDogg Does for Medicine What Late Night Is Doing for Politics

How Technology Affects Doctor-Patient Relationship?

Minimizing Data Chaos in the Healthcare Industry

5 Key Features of Healthcare Websites in 2018

Emerging Diabetes Technology Promises to Make Life Easier

5 Life-Changing Assistive Technologies for the Visually Impaired

How AI Influences the Plastic Surgery

Healthcare Meets Technology: Future-Ready 2018 Innovations

Degenerative Disc Disease: Comparing Lumbar Artificial Disc Replacement to Spinal Fusion

Emerging Diabetes Technology Promises to Make Life Easier

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Meeting The Healthcare Demands of an Aging Population

Application and Challenges of IoT in Healthcare

Minimizing Data Chaos in the Healthcare Industry

How a New Patient Experience Model Will Drive the Future of Connected Healthcare?

Vitiligo: Why it Happens to You, and How to Treat it?

Top 3 Ways to Gain Muscle Mass Fast

Healthcare Data Breaches: What Are the Risks?

Nixed NHS Procedures Spark Concern for Varicose Vein Patients

Taking Care of the Small Things Now Is Easier Than Ever

What Types of Treatments Shrink Cancerous Tumors?

Understanding Dysphagia Risk Factors and Developing a Management Plan

How Big Data Can Be Used To Prevent Fatal Heart Attack

Peripheral Vascular Stenting to 2020

In Praise of FDA Collaboration: The Cardiac Safety Example

The Role of Ultrasound Guidance in Heart Valve Procedures

Understanding Alzheimer’s Disease: What’s Next? [Infographic]

Why Primary Care Physicians Are the Next Phase in CCRC Care

The Dos and Don’ts of Handling Elderly Patients

Five Fields In Healthcare That Are Quickly Growing

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

Starting a New Eating Plan? What you Need to Know about Macro and Micronutrients

Should You Recommend Bariatric Surgery to Obese Patients?

Do it like Disney: Developing Orthopedic Centers of Excellence

Lessons on Building a Great Ortho Team from The Avengers

What Orthopedic Patients Want this Holiday Season

Use The Force: 4 Ways to Improve Orthopedic Service Lines

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

4 Ways to Stay Healthy While Working in Healthcare

The Truth About Depression and Anxiety in Your Nursing Staff

Developing a Sound Relapse Prevention Plan After Discharge

Understanding Dysphagia Risk Factors and Developing a Management Plan

How to Increase Height with Food and Exercises

How to Make Your Hair Look Thicker and More Voluminous

6 Ways to Make Sure You’re Detoxing Properly