Privacy and Security and the Internet of Things

internet of things In the future, everything will be connected.

That future is almost here.

internet of things In the future, everything will be connected.

That future is almost here.

Over a year ago, the Federal Trade Commission held an Internet of Things workshop and it has finally issued a report summarizing comments and recommendations that came out of that conclave.

As in the case of the HITECH Act’s attempt to increase public confidence in electronic health records by ramping up privacy and security protections for health data, the IoT report — and an accompanying publication with recommendations to industry regarding taking a risk-based approach to development, adhering to industry best practices (encryption, authentication, etc.) — seeks to increase the public’s confidence, but are doing it the FTC way: no actual rules, just guidance that can be used later by the FTC in enforcement cases. The FTC can take action against an entity that engages in unfair or deceptive business practices, but such practices are defined by case law (administrative and judicial), not regulations, thus creating the U.S. Supreme Court and pornography conundrum — I can’t define it, but I know it when I see it (see Justice Stewart’s timeless concurring opinion in Jacobellis v. Ohio).

To anyone actively involved in data privacy and security, the recommendations seem frighteningly basic:

build security into devices at the outset, rather than as an afterthought in the design process;

train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization;

ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers;

when a security risk is identified, consider a “defense-in-depth” strategy whereby multiple layers of security may be used to defend against a particular risk;

consider measures to keep unauthorized users from accessing a consumer’s device, data, or personal information stored on the network;

monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

consider data minimization – that is, limiting the collection of consumer data, and retaining that information only for a set period of time, and not indefinitely;

notify consumers and give them choices about how their information will be used, particularly when the data collection is beyond consumers’ reasonable expectations.

Stakeholders and FTC staff agreed that it is too soon for IoT-specific privacy and security legislation, and reiterated the agency’s the 2012 call for broad-based, flexible, technology-neutral data security and breach notification legislation. (See Health Populi for more on the IoT report.) The President seems to be in favor of strong, uniform, data privacy and security rules as well.

READ

Why Healthcare Apps Are A Revolution In The Healthcare Industry

Uniformity would be a good thing. As things stand now, the FTC and OCR have overlapping jurisdiction when it comes to enforcing privacy and security rules with respect to health data. (Oh, and let’s not forget about state attorneys general and, while we’re at it, private lawsuits, as vehicles for enforcement). While overlapping jurisdiction should not matter to those of us who are in compliance with the rules, the problem is that the rules (at least on the FTC side) are not necessarily clear. That issue is magnified because FTC enforcement can include long-term monitoring and reporting on remediation and compliance, and can drive a company out of business. (Consider the LabMD case, just for instance.)

In addition, the IoT report covers some of the same ground as the FDA’s recently-issued draft guidance entitled General Wellness: Policy for Low Risk Devices, which complements last year’s mHealth guidance.

When the federals put a stake in ground — as they have with all of these issuances — innovation can proceed because we all have a better sense of the contours of the regulatory landscape. The problem is that these are guideposts that can shift in unpredictable ways in the future, or that can easily disappear — like the landmarks disappearing under a blanket of heavy snow falling outside my window as I type this post.

Nevertheless, it is possible to plan for that inscrutable future by building products and services, and communicating with partners, consumers and regulators, in a way that honors public expectations and the policies underpinning the government’s various declarations about data privacy and security.

READ

How To Manage Mental Health As An Entrepreneur

everything is connected / shutterstock

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Here Are the Best Ways to Promote Your Business at the Next Health and Wellness Expo

How to Find the Best Hosting Provider for Your Medical Website

Will The Surge In Celebrity Surrogacy Change The Business Of Fertility?

What Would Medicare For All Mean For Healthcare Entrepreneurs?

Entrepreneurs Must Integrate Mission-Driven Strategic Investors

6 Healthcare Financial KPIs You Need for 2017

Determining the ROI on Aquatic Therapy in Your PT Practice

What Would Medicare For All Mean For Healthcare Entrepreneurs?

4 Strategic Approaches To Reducing Hospital Errors

Think Patients Are Bad At Communicating? Rethink Your Systems

8 Of The Most Bizarre Medical Malpractice Cases Out There

7 Tips To Make Sure Your Medical Practice Is Found Online

Healthcare Blockchain Technology: The Good, Bad, And Terrible

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

How Cryptocurrency Benefits Medical Billing Services

Why Blockchain In Healthcare Could Be A Game Changer For EHRs

Here’s Why The Lab Automation Market Is Growing

8 Of The Most Bizarre Medical Malpractice Cases Out There

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

6 Ways Mobile Applications Bring Value to Patients and Doctors

The Role Of The Internet Of Medical Things In Healthcare

All The Ingredients You Need For A Successful Health Insurance App

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

How Big Data Can Be Used To Prevent Fatal Heart Attack

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

Healthcare Blockchain Technology: The Good, Bad, And Terrible

5 Trends That Are Impacting The Healthcare Industry

How Doctors Can Use Mobile eHealth Apps To Monitor Their Patients

Here’s The Real Truth About Online Medical Services

5 Reasons Why Medical Device Machining Should Be Done By Professionals

Big Data: How Smart Medical Devices Can Change the Future of Healthcare

People Suffering From Hearing Loss Can Be Helped By Technology

Revolutionary Therapeutics For Neuroendocrine Carcinoma Are Underway

9 Medical Technologies Revolutionizing Healthcare

The Rise Of eHealth: Staying Relevant In The Digital Healthcare Paradigm

Here’s How Millennials Impact Clinical Research And The Health Sector

The Revolutionary Advent Of Precision Medicine In Cancer Treatment

Why The Psoriatic Arthritis Treatment Market Is Set To Grow

What To Expect At A Cannabis Vape Lounge

How Self-Determination Theory Can Improve Medical Students’ Motivation

How Medical Advancements Could Change Hepatitis B Diagnoses In 2019

Here’s Why The Lab Automation Market Is Growing

Can CBD Oil Lower Your Weight Or Improve Your Cholesterol?

Try These Delicious And Healthy Alternatives To Junk Food

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

Is It Time to See a Cardiologist?

Can Artificial Intelligence Diagnose Illnesses Better Than Other Methods?

The Complicated Rise of Interventional Cardiologists

How Big Data Can Be Used To Prevent Fatal Heart Attack

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

How a Meal Delivery Subscription Service Can Help You Reach Your Weight Loss Goals

7 Important Health-Related Reasons To Burn Excess Fat

The Weight Conscious Doctor: Why Sensitivity Matters

Top 5 Reasons Why you’re Not Losing Weight on Your Diet

4 Terrible Injuries That Can Happen Because of a Motorcycle Accident

Baby Boomer’s Guide to Dealing with Knee Problems

The Woes Of Modern Posture Struggles And Poor Furniture Support

What Is Scoliosis? 4 Ways To Treat It

Radiology as an Enterprise Model for Collaboration

Relationship Between Clinical Decision Support Systems (CDSS) & Radiology Must Evolve

Diagnostic Reading #33: Five Must-Read Articles from the Past Week

2015 CPT Coding Changes and Your Radiology Practice

Can CBD Oil Lower Your Weight Or Improve Your Cholesterol?

Try These Delicious And Healthy Alternatives To Junk Food

Take These Important Steps To Fight Periodontal Disease

Health Risks Associated With Substance Abuse To Know About

Try These Delicious And Healthy Alternatives To Junk Food

Important Key Benefits Of Turmeric To Know About

Here’s How To Trick Yourself Into Exercising More And Staying Motivated