The Era of Wearable Medical Devices and mHealth: Protecting Patients and Providers

Implementing physical safeguards is important as health care delivery is becoming more mobile. Movable devices containing patient data, such as external hard drives, mobile phones, and laptops, should be physically secured. These devices can be lost or stolen easily. Although encryption can prevent data from being accessed readily, encryption alone is not a fail-safe.

As diabetes management and the delivery of health care services are changing with technological developments, providers are able to serve patients better. With the technological developments come new security challenges of which providers must be aware. Their duties to patients and how they meet those duties require providers to make ongoing risk assessments and take reasonable steps to manage those risks. Doing so protects patients’ expectations that their data will be kept confidential and helps providers meet their obligations. It is exciting to consider the future advances in technology while minimizing risks to confidentiality.

Katherine E. Britton, Esq, is an attorney in Dallas, Texas. Britton handles civil litigation and probate cases, as well as counseling on employment and privacy law matters and is part of the American Diabetes Association Attorney Advocacy Network. Britton has a JD from The John Marshall Law School in Chicago, where she was an editor on The John Marshall Review of Intellectual Property Law and from Tulane University, where she completed BA degrees in economics and political science.

Jennifer D. Britton-Colonnese, MSN, FNP-BC, CDE, is a board-certified family nurse practitioner and a certified diabetes educator. She currently works as an inpatient diabetes consultant and sees patients in a Boston practice.

References

1. Dawson S. Data privacy rules hinder mobile phone healthcare. Thomson Reuters Foundation Web site. http://www.trust.org/item/20130625074016-vba1w/?source=hpeditorial. Published June 25, 2013. Accessed December 18, 2015.
2. TrapX Labs. Anatomy of an attack: Medical device hijack (MedJack). http://deceive.trapx.com/AOAMEDJACK_210_Landing_Page.html. Published May 7, 2015. Accessed December 18, 2015.
3. Radcliffe J. Hacking medical devices for fun and insulin: Breaking the human SCADA system. https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf Accessed December 18, 2015.
4. Comments of AT&T Inc. at Workshop to Explore Privacy and Security Implications of the Internet of Things. Federal Trade Commission Web site. https://www.ftc.gov/sites/default/files/documents/public_comments/2013/07/00004-86142.pdf. Published May 31, 2013. Accessed December 18, 2015.
5. Cloud Adoption & Risk Report Q2 2015. Skyhigh Web site. http://info.skyhighnetworks.com/WPCARRQ22015FinancialServices_WP-CARR-Q1-2015_Download_White.html?Source=website&LSource=website. Accessed December 18, 2015.
6. Brandt v Medical Defense Association, 856 SW2d 667 (Mo 1993). http://biotech.law.lsu.edu/cases/Medmal/BRANDT_v_MEDICAL_DEFENSE.htm. Accessed December 18, 2015.
7. What physicians need to know about telemedical liability. AMA Wire. February 11, 2015. http://www.ama-assn.org/ama/ama-wire/post/physicians-need-telemedical-liability. Accessed December 18, 2015.
8. Mobile Oil Corporation v Rubenfeld, 339 NYS2d 623, 632 (1972), Restatement (Second) of Torts § 874.
9. Pottinger v Pottinger, 605 NE2d 1130 (Ill App. 1992). https://www.courtlistener.com/opinion/2211635/pottinger-v-pottinger. Accessed December 18, 2015.
10. McCormick v England, 494 SE2d 431 (SC Ct App. 1997). https://www.courtlistener.com/opinion/1357541/mccormick-v-england. Accessed December 18, 2015.
11. 45 CFR at pts. 160 and 164. Summary of the HIPAA Privacy Rule. U. S. Department of Health and Human Services Web site. http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary. Accessed December 18, 2015.
12. Flynn L, Huth C, Trzeciak R, Buttles P. Best practices against insider threats in all nations. Cybersecurity Summit (WCS), 2012 Third Worldwide. 2013;doi:10.1109/WCS.2012.6780874. 
13. Regents of the University of California v Superior Court of Los Angeles County, 2013 BL 284796 (Cal Ct App, No. B249148, 2013). http://www.bloomberglaw.com/public/desktop/document/THE_REGENTS_OF_THE_
    UNIVERSITY_OF_CALIFORNIA_Petitioner_v_THE_SUPE?1449522303. Accessed December 18, 2015.