Close Server: KOPWWW05 | Not logged in


Welcome to Health Care POV | sign in | join
Boardroom Buzz

Cybersecurity: New Area for Mobile Medical App Compliance, Part 1

Published February 2, 2016 11:41 AM by Silas Gossman

[Editor’s Note: this blog was originally written by Andy Miller]

A two-part series examining regulatory compliance to raise awareness around cybersecurity risks.

Regulatory compliance. While this phrase may strike an ominous tone for many traditional mobile app software companies, it is familiar territory for veterans in the mobile medical app space. It is unlikely the software developers behind the first calorie counting app gave regulatory compliance much thought. Applications, after all, have been a source of convenience, entertainment and education for years. However, as mobile apps have grown more integrated and mobile device sensor technology has become more sophisticated, that calorie counting app may be transformed into a tool for treating obesity, diabetes and sleep disorders. Smart software developers have come to realize that mobile medical apps are a way to future profits as well as a benefit to patients.

That is where the regulatory compliance piece of the puzzle comes in. We are all now familiar with the FDA and their Guidance on Mobile Medical App regulation, issued this past February. In my opinion, the guidance leaves far too many apps essentially unregulated. However, it does corral the applications posing the greatest patient risk and provides app developers with a pathway to obtain clearance before being marketed.

However, simple regulatory compliance is only part of the picture. Providing assurance of mobile medical application security is as essential to delivering a safe and effective product as is functional and performance testing. What good is a mobile medical app if it cannot upload health information to its central server securely? What if the app is compromised, leading to a breach of patient health information? Or even worse, what if an app is subject to hacking, and as a result the patient medical device it connects to can be somehow manipulated? Now we are speaking of actual patient harm.

Some potential cybersecurity risks to medical devices include:

-          Breaches of protected health information

-          Stolen financial information and identity theft

-          Loss of device availability at a time of need

-          Compromised device performance and malfunctions

-          Theft of device intellectual property

My intent is not to scare anyone, but rather, raise awareness. App developers likely rely on clinical and technical experts to ensure they have mitigated risk and met their functional and performance requirements. The question becomes whether or not these developers have analyzed the cybersecurity risks posed by, and to, their applications. The FDA requires that cybersecurity be addressed in 510(k) filings, but like much of the agency’s guidance, the requirement is described at a high level. It is left up to the app developer to essentially self-police based on an analysis of cybersecurity risks – and therein lies the problem.

[Editor’s Note: this blog was originally written by Andy Miller]

A two-part series examining regulatory compliance to raise awareness around cybersecurity risks.

Regulatory compliance. While this phrase may strike an ominous tone for many traditional mobile app software companies, it is familiar territory for veterans in the mobile medical app space. It is unlikely the software developers behind the first calorie counting app gave regulatory compliance much thought. Applications, after all, have been a source of convenience, entertainment and education for years. However, as mobile apps have grown more integrated and mobile device sensor technology has become more sophisticated, that calorie counting app may be transformed into a tool for treating obesity, diabetes and sleep disorders. Smart software developers have come to realize that mobile medical apps are a way to future profits as well as a benefit to patients.

That is where the regulatory compliance piece of the puzzle comes in. We are all now familiar with the FDA and their Guidance on Mobile Medical App regulation, issued this past February. In my opinion, the guidance leaves far too many apps essentially unregulated. However, it does corral the applications posing the greatest patient risk and provides app developers with a pathway to obtain clearance before being marketed.

However, simple regulatory compliance is only part of the picture. Providing assurance of mobile medical application security is as essential to delivering a safe and effective product as is functional and performance testing. What good is a mobile medical app if it cannot upload health information to its central server securely? What if the app is compromised, leading to a breach of patient health information? Or even worse, what if an app is subject to hacking, and as a result the patient medical device it connects to can be somehow manipulated? Now we are speaking of actual patient harm.

Some potential cybersecurity risks to medical devices include:

-          Breaches of protected health information

-          Stolen financial information and identity theft

-          Loss of device availability at a time of need

-          Compromised device performance and malfunctions

-          Theft of device intellectual property

My intent is not to scare anyone, but rather, raise awareness. App developers likely rely on clinical and technical experts to ensure they have mitigated risk and met their functional and performance requirements. The question becomes whether or not these developers have analyzed the cybersecurity risks posed by, and to, their applications. The FDA requires that cybersecurity be addressed in 510(k) filings, but like much of the agency’s guidance, the requirement is described at a high level. It is left up to the app developer to essentially self-police based on an analysis of cybersecurity risks – and therein lies the problem.

You Might Also Like...

Advanced Analytics

Reimagining the power of data

Quality Metrics and Readmissions

Study finds current, customized medication learning tools improve performance

Building a Predictive Readmissions Model

The use of big data to address issues in healthcare

Big Data and Healthcare

Leveraging medical claims data while safeguarding consumer privacy

posted by Silas Gossman

0 comments

leave a comment



To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the image, reload the page to generate a new one.

Captcha
Enter the security code below:
 

Search

About this Blog

Keep Me Updated