One area where IoT devices are already making an impact is healthcare, where gadgets such as continuous glucometers for people with diabetes, scales, heart rate, and blood pressure monitors have already been deployed. While some question the accuracy of the current generation of devices, there is little doubt they will improve over time. While accuracy is not the biggest hurdle facing the adoption of IoT in healthcare, trickier issues including questions regarding privacy, security, defining the standards of care, and ultimately changing behaviors – in consumers and in healthcare professionals – remain.
In theory, connected healthcare devices will make it easier for caregivers to make more accurate diagnoses, improve the quality of care, and reduce costs; but there are tradeoffs. The biggest being privacy concerns, as the devices are compiling large amounts of data – much of which is considered private. Whilst accessing this data is critical for healthcare professionals, questions about who owns the data, whose responsibility it is to protect the data, and what happens if there is a data breach, persist.
On the surface, much of the information collected is individual data points, so without the ability to analyze, much of it is of little value. Whilst caregivers and insurers must first obtain authorization to analyze the data, some experts question whether current privacy guidelines offer adequate protection.
In the US alone, there are numerous legislative gaps. For example, HIPAA (Health Insurance Portability and Accountability Act) was enacted when the consumer internet was still in its infancy and the Consumer Privacy Bill of Rights attempted to address some of the prior law’s shortcomings. While the latter extends the protections of the former, HIPPA’s privacy rule was never intended to serve as the healthcare industry’s measuring stick for privacy protection. The result is that Private Health Information (PHI) created under the 20-year-old act is not covered by the more current law.
The US is not the only country with such issues, and in many countries, privacy protections are either outdated or non-existent – leaving patients extremely vulnerable. Another issue arises in countries with multiple layers of government (e.g. Australia, Germany, Switzerland, and the US) as gaps are created between various state and federal laws. The challenge is not only which statute takes precedent, but what happens when the data is collected in one state and analysis or treatment occur in another.
Consent is also a tricky question. For example, where does it begin and end? And what, exactly, is the patient consenting to? Insurance companies may want to use private data to prove the accuracy of their actuarial tables, while a drug company might want to use the information to confirm the efficacy of a certain dosage pattern. Whilst APIs (Application Program Interfaces) can be implemented, these agreements can be cumbersome – when was the last time anyone read their iTunes’?
Not to be overlooked is the question of data ownership. In its broadest terms, IoT is all about collecting data, be it monitoring soil moisture levels, or your health, the goal is the same – collect tremendous volumes of data, analyze that data, and make actionable predictions about what is going to happen next. While we have become reliant on connected devices, very few of us question who actually owns the data being collected. Awareness plays a key role in defining who has ownership and want that means; this only goes so far as indemnity plays an important role in defining security protocols.
In many ways, health information is more important that your credit history. So much so that one of the presentations at the 2015 Healthcare Information and Management Systems Society (HiMMS) spoke about how the lack of security standards is jeopardizing development of IoT in healthcare. According to Lorie Wigle, vice president and general manager IOT Security Solutions for the Intel Security Group, “managing and reducing these security concerns requires a change in how we design, develop, and regulate connected healthcare devices.”
This include baking security into the earliest steps in the design and manufacturing processes, sharing best practices (e.g. open-source libraries), and then promoting collaboration among manufacturers, health-care professionals, as well as privacy and security experts. If the industry fails to define common protocols for security, then governments will feel the need to fill the void and the end result will be a spider’s web of regulations.
Defining Standards of Care
A critical aspect of all healthcare practices, standards of care not only define what is acceptable, they are also a legal matter, such as malpractice. Furthermore, there can be multiple standards of care applicable for a certain ailment and applications depend on the situation, available resources, and physician preference.
One barrier to the widespread adoption of IoT devices in healthcare is the absence of care channels. Whilst the devices can collect, transmit, and store data, this information is largely incompatible with traditional health records. As such, physicians are unaware or unwilling to use the information that is being collected. In chronic care instances, the challenge is connecting the “connected” devices to each other. Until this happens, patients and doctors will lack visibility in the care and management of such conditions, leaving them to rely on analog standards of care.
In acute care scenarios, today’s devices can only create data. As such, the devices are reliant on doctors to analyze the mountains of data to map out the best course of action. This creates a barrier to widespread adoption, as many doctors will be overwhelmed by the sheer amount of information. Until devices can link with artificial intelligence and other tools, doctors will be reticent to support wholesale adoption.
Not to be overlooked is the importance of changing behaviors, patients, and physicians. Whilst the rise of wearables (eg Apple Watch and Fitbit) have introduced users to connected health devices, the applications are still in their infancy and the devices themselves are fairly limited in scope.
The next generation of devices will most likely include subdermal implants and other low-frequency transmitters, which will be connected to monitoring devices. By extension, these local devices will probably be connected to the cloud. While developers are working on implanted glucometers, the current generation of devices have a useful life of 3 to 6 months – requiring repeat visits to swap out the meters. Even if early adopters flock to the devices, physicians will be unlikely to accept the information collected at face value. Thus, widespread adoption will lag as little value is seen in the data.
While hurdles such as privacy, security, standards of care, and behaviors remain, connected healthcare promises to revolutionize the entire industry. Continued improvement in the technology, and more importantly the acceptance of the technology, will drive adoption. With higher adoption rates, the promises more accurate diagnoses, improved quality of care, and reduced costs will become a reality.
ALSO READ: On the mysterious Jargon File, the original Hacker Dictionary.
(1) Source: Cousin, Mathias, Castillo-Hi, Tadashi, and Snyder, Glenn. Deloitte University Press. Devices and Diseases: How the IoT is Transforming Medtech. http://goo.gl/M8A58Q. Retrieved 13 April 2016.
(2) Source: Nerdery. How the Internet of Things Will Affect Privacy and Security in Health Care. http://goo.gl/qT4ePk. Retrieved 13 April 2016.
(3) Source: Cousin, Mathias, Castillo-Hi, Tadashi, and Snyder, Glenn. Deloitte University Press. Devices and Diseases: How the IoT is Transforming Medtech. http://goo.gl/M8A58Q. Retrieved 13 April 2016.
(4) Source: Niewolny, David. NXP. How the Internet of Things Is Revolutionizing Healthcare. October 2013. P. 4 https://goo.gl/nb7B0f. Retrieved 13 April 2016.
(5) Source: Chamberlain, Bill. IBM Center for Applied Insights. Healthcare Internet of Things: 18 trends to watch in 2016. https://goo.gl/4ZazvW. Retrieved 13 April 2016.