Building a Foundation on Security and Compliance

Table of Contents:

  • Building a Foundation on Security and Compliance
Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Recent high-profile security breaches in the retail, finance, and insurance industries underscore the need for organizations to keep data secure across a wide network of devices and systems accessed by customers, vendors, and remote workers.

In the healthcare industry particularly, concerns over protecting sensitive patient data are heightened as organizations introduce more Internet-connected devices and deploy cloud environments to store and manage information. As these devices share more data across networks, IT professionals and medical device designers are faced with the challenge of how to keep this data secure. Medical devices, especially those that record patient data for remote-monitored outpatient care, must function as designed while adhering to FDA regulations and HIPAA laws governing privacy and security.

The FDA, in particular, has focused on educating and guiding healthcare professionals, including IT staff, as technology disrupts healthcare. The FDA released guidelines on cybersecurity in medical devices last year, yet many healthcare organizations utilizing cutting-edge technology still lack understanding about how to support these devices while also maintaining compliance.

Results from the U.S. Department of Health and Human Services’ 2012 pilot program testing the industry’s compliance with HIPAA’s Privacy Rule, Security Rule, and Breach Rule standards were not encouraging. Most organizations in the pilot program did not conform to HIPAA standards, and two-thirds of organizations failed to perform a comprehensive, accurate security risk assessment. According to the report, the most common cause of non-compliance was organizations were “unaware of the requirement.”

A new round of HIPAA audits is launching later this year, this time covering not just healthcare organizations but also hundreds of business associates. The expanded audits will serve as another test for the healthcare industry and those that do business with it, and put added pressure on medical device designers and manufacturers, and the IT professionals supporting them, to meet compliance standards or face fines.

An area of concern governed by HIPAA that must be considered by medical device vendors and healthcare IT staff is how they’re remotely accessing their technology and devices to perform regular maintenance and support.

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Please or Register to post comments.

What's Contributors' Corner ?

Guest contributors submit their opinions and knowledge about the Medical Design space


Ruthann Browning

Ruthann Browning is a 28-year veteran of process equipment and automation. She currently handles Technical Sales in Automation in Comco’s western division and spearheads sales and marketing for...

Steve Schubert

Steve Schubert is VP, Business Development, for Advanced Machine & Engineering in Rockford, Ill. He has been with the company for more than 30 years.
Blog Archive
Newsletter Signup
Connect With Us

Sponsored Introduction Continue on to (or wait seconds) ×