Considerations Around IoMT Devices in the Home
IoMT devices have the potential to extend care into the home, but the infrastructure to support them often isn’t robust enough. When Seattle Children’s did a big push to manage asthma remotely, some patients lacked reliable access to cellular connections, meaning that devices would send data one moment and stop the next.
Not all patients spoke English, which sometimes led to misunderstandings about how to use and care for devices. Patients’ families had to mail the devices back in to get replacements, which led to gaps in data.
The health system was unable to send engineers to the remote locations to provide tech support. This meant that the organization didn’t have visibility into the patients’ networks or security.
Another common challenge is reimbursement for home healthcare initiatives. The reimbursement is often not enough to cover the program, meaning that hospitals are losing money on home healthcare.
“If we could build a team to send to people’s homes, that would be great. The hospital at home initiative is great and the outcomes are great, but many hospitals are withdrawing these services,” Chaudry said.
Changes must be made on the payer side to ensure the future success of home healthcare programs. Making those changes can result in better patient outcomes and fewer in-person follow-up visits.
EXPLORE: El Camino Health CIO Deb Muro reflects on security leadership in healthcare.
Reining in Healthcare Complexity to Boost IoMT Device Security
IoMT devices are often managed by biomedical or clinical engineering teams. However, as more medical devices are connected to the network, teams must collaborate, Douglas said. Not doing so can lead to network vulnerabilities and confusion about what’s on the network.
To improve security compliance, Seattle Children’s moved its biomedical engineering team under the IT department. This organizational structure makes governance and architectural review easier, Chaudry said. He said that healthcare organizations should form governance groups if they haven’t already.
“We’re not trying to do command and control, but a device isn’t just a device anymore. It’s a mini computer,” he said.
Douglas said that the healthcare industry is heavily regulated yet lacks governance that ensures that manufacturers are bringing devices to market safely and securely.
Chaudry agreed. While the Food and Drug Administration does have standards regarding how medical devices are built, many of these devices are still running Windows 7.
“How can we allow such devices to provide lifesaving treatment? The software is not regulated, which is something that needs to be looked at on the federal level,” he said.
Chaudry asked Douglas why manufacturers and security companies don’t collaborate to provide IoMT devices that come built with security in mind.
“If we had a standardized approach on how to bring devices to market, we would see interesting collaboration,” Douglas said. He said that Palo Alto Networks is lobbying for this, but it’s not an easy process.
The relationship between healthcare organizations and medical device manufacturers can be adversarial, Chaudry said, especially since the specific markets can be small.
“We are in a situation where we have no power. This is a patient safety issue, and now everything is becoming software-driven,” he said. “I’m not saying we should choke the industry from innovation, but we have to give standard protocols. If you check the boxes, then you’re good to go, and if you don’t, then you’re not. If you’re not running the latest version of an OS, then no chance.”
Keep this page bookmarked for our ongoing coverage of CHIME23. Follow us on X (formerly Twitter) at @HealthTechMag and join the conversation at #CHIME23.