In-home IoMT allows people to transmit medical data from their home to other locations such as their primary care provider or a hospital. For instance, remote patient monitoring (RPM) is the use of medical devices to transmit metrics such as blood pressure or oxygen saturation from recently discharged patients to their hospital for review by their doctors. This can reduce hospital readmissions by catching issues before they become serious.
Telehealth—the use of communication technologies for remote healthcare services—provides further flexibility by allowing recently discharged patients to resolve minor issues by remotely connecting with their doctors.
The use of IoMT devices along with telehealth can also be useful for ongoing care outside of the patient setting. For example, personal emergency response systems (PERS) can track events—such as a fall or heart attack—to automatically call for help. PERS can provide security to at-risk people such as seniors that want to live at home without compromising their safety.
On-body IoMT is the use of wearable medical devices that are connected to remote tracking or monitoring systems. Unlike in-home IoMT, on-body IoMT can often be used outside of the home as people live their normal lives.
Consumer on-body IoMT devices are wearable devices that anyone can buy to track health metrics for both personal use and for sharing with healthcare providers. In addition to tracking a standard metric, such as heart rate, these devices can be early warning signs for more serious health conditions. For example, the Apple Watch can warn users about irregular heart rhythms.
Clinical on-body IoMT devices are like the consumer devices but afford a wider array of sensor options. For instance, glucose sensors can be worn by diabetic patients to alert them to fluctuations in glucose levels. Many of these devices can share data directly with a patient’s doctors to ensure they get fast and accurate treatment.
Community IoMT is the use of IoMT devices throughout a broader town or geographic area. For example, mobility services are devices used to track patients while in transit in a vehicle. Similarly, emergency response intelligence systems are used by paramedics and first responders to track patient metrics outside of the hospital setting.
In addition to mobile and emergency care, community IoMT also involves technologies that enable remote services. For example, point of care devices can be used by healthcare providers in non-traditional medical settings such as a field hospital, and kiosks can be used to dispense medicines to people in areas with limited or no access to traditional infrastructure.
Suppliers may also use IoMT devices in logistics to help in the transport of healthcare goods or medical equipment. For instance, sensors can monitor temperature- or pressure-sensitive shipping containers to ensure that quality is maintained throughout the shipping process.
IoMT comes with some unique legal, regulatory, technical, and privacy challenges, mainly because the IoMT ecosystem has so many stakeholders, including:
When IoMT devices generate and share data, it is not always clear who legally owns that data. For example, if a city-owned medical device captures data from a patient, stores the data in a third-party cloud application, and shares the data with a private healthcare organization … who owns the data? The city? The patient? The software provider? The healthcare organization?
There are many ways the different parties can use and share the data. The owner may have the right to destroy the data, which can be complicated in a distributed network where data is potentially replicated many times.
Due to the sensitivity of medical data, there is significant regulation about how and where it can be used, along with specifications about how the technology should be secured. For instance, the FDA released comprehensive guidance about the Management of Cybersecurity in Medical Devices.
The European Union, the United Kingdom, and organizations such as the Association for the Advancement of Medical Instrumentation and the European Commission, released additional guidance and regulation around these devices.
However, even with all the regulations and guidance issued, 66% of respondents in the Deloitte study said they believe that the regulatory framework will not catch up with what is possible today for another five years.
Given the distributed nature of IoMT infrastructure, the devices and software systems must be able to communicate securely with one another. However, the protocols and security standards for these types of integrations change constantly. This can cause compatibility issues as new technologies are introduced if older systems cannot keep up to date with these changes.
Privacy and security challenges
IoMT data typically flows through the public Internet and is exposed to more security threats than are present in a firewalled private network. This threat is compounded by the fact that the data is shared among many systems, providing multiple attack vectors.
OEMs must use industry best practices around security, and administrators should use the latest encryption protocols, using unique and complex passwords for access and validating the SSL certificates of remote systems.
Getting it right: How to secure IoMT devices
There are many variables at play in IoMT security, and there is no simple way to secure all medical devices against all types of threats. However, a basic first step is to ensure that you know which medical devices exist on your network, and the types of threats that may impact them.
Ordr recommends a zero trust network security model, in which communication among devices is controlled by strict access control and authentication to ensure traffic is coming from where you think it is. Ordr Systems Control Engine (SCE) can enable visibility and security of all your connected medical devices. Try a demo of Ordr to learn how to keep your IoMT devices—and the data they collect and share—safe and secure.