Healthcare Information Security

Cybersecurity News

Patient Safety Concerns Driving Medical Device Security Investment

Medical device security and patient data privacy are two of the areas in which the healthcare industry is investing to curb the costs of adverse patient safety events.

medical device security

Source: Thinkstock

By Fred Donovan

- Medical device security and patient data privacy are two of the areas in which the healthcare industry is investing to curb the costs of adverse patient safety events, according to a study by Frost & Sullivan.

Other areas of investments include medication safety, antibiotic resistance, patient diagnostics safety, sepsis prevention, and emergency department (ED) admissions.

The investment is being driven by the high cost of adverse patient safety events, which Frost estimated at $317.9 billion for the US and Western European healthcare systems in 2016. This cost is expected to increase at a compound annual growth rate of 3.2 percent, reaching $383.7 billion in 2022.

“The industry will witness increasing consolidation with large medtech companies gearing towards provision of targeted solutions for areas such as antibiotic resistance, sepsis, pressure ulcers, and unnecessary ED admissions,” commented Frost & Sullivan Industry Analyst Anuj Agarwal.

Around 15 percent of hospital expenditure could be attributable to addressing safety failures in the United States, with a higher percentage in Germany, Spain and Italy, according to Frost.

“About 17 percent of all hospitalizations in the US are affected by one or more adverse patient safety events. The fact that 30-70 percent of those adverse events are potentially avoidable makes it imperative to prevent them from happening,” Agarwal said.

Frost & Sullivan predicted that by 2022, patient safety will transition from an ancillary to a core value proposition for healthcare providers.

The healthcare industry is expected to increase integration between medtech and digital health technologies, such as data analytics and remote monitoring and surveillance, to enhance patient safety.

The process of implementing analytics and artificial intelligence to improve the processes, systems, and culture in healthcare industry requires high amounts of data from competing systems with significant limitations on information sharing, Frost noted.

In recent public comments, the College of Healthcare Information Management Executives (CHIME) recommended that healthcare cybersecurity be included as a focus area of a health innovation and investment public-private workgroup HHS is proposing to set up.

CHIME said that cybersecurity threats in healthcare are increasing costs for the industry and creating patient safety and data privacy concerns.

“The privacy and security of patient data — as well as the federal and state regulations governing such information — must be considered as new innovations and technologies are incorporated into healthcare delivery systems,” CHIME noted.

In April, the FDA issued a medical device safety action plan. As part of the plan, the FDA is considering mandating that device makers build in a capability to update and patch device security into product design and to provide data on this capability to the agency as part of the device’s premarket submission.

Device makers would also be required to provide a “software bill of materials” to the FDA as part of premarket submission. This would enable device customers and users to better manage their network assets and be aware of which devices may have vulnerabilities as well as assist in postmarket mitigation efforts.

The FDA intends to update its premarket guidance on medical device cybersecurity to protect against moderate risks, such as ransomware, and major risks, such as remote exploitation of devices that results in a catastrophic attack on many patients.

The agency is also considering new postmarket authority to require firms to adopt policies and procedures to coordinate disclosure of vulnerabilities as they are identified.

The FDA is examining what steps it can take to spur innovation in medical devices. The agency’s Breakthrough Device Program could be used to improve patient access to innovative new devices and patient safety at the same time. In addition, a similar program just for innovations in device safety is under consideration.

The agency is also working to establish a National Evaluation System for Health Technology (NEST), which would be a surveillance and evaluation system operated by a public-private partnership.

The action plan describes how the FDA would support development of NEST. As part of its fiscal year 2019 budget, the agency is seeking additional funding to turn NEST into a more active surveillance tool.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...