The proliferation of Internet of Things (IoT) devices is revolutionizing healthcare. Technology that collects and exchanges data wirelessly enables remote patient monitoring, asset tracking, automated contact tracing, and electronic hand hygiene monitoring. It can also be used to streamline clinical workflows and enhance patient care. 

IoT technology is increasingly common in hospitals, with continued growth expected. The number of IoT devices in hospitals is expected to double between 2021 and 2026, with nearly 4000 IoT devices in use by 2026 per smart hospital.  

Hospitals investing in IoT technology should choose systems that can mitigate cybersecurity risks and safeguard patient and provider data. Consider these three factors when evaluating IoT devices:

1. PHI privacy

Patient data is protected under federal law. Under the HIPAA Privacy Rule, protected health information (PHI), including patients’ names and identifying information as well as any data regarding patients’ health conditions or treatments, cannot be shared with unauthorized parties. 

To minimize the risk of data breaches and ensure HIPAA compliance, hospitals should consider IoT devices that do not interact with PHI or personal health data, unless necessary. By opting for devices that operate independently of PHI, hospital leaders can streamline the approval process, reduce paperwork, and expedite the implementation timeline while also assuring the safety and security of patient data. 

Some sophisticated IoT systems integrate with electronic medical records without touching PHI. The SwipeSense hand hygiene application, for instance, includes an Adaptive Room Modes feature that adjusts to clinical workflows. In isolation mode, the system allows extra time for providers to don and doff personal protective equipment. If C. diff mode, the system’s Real-Time Voice Reminder will tell staff to sanitize with soap and water (instead of alcohol-based hand sanitizer, which isn’t effective against C. diff). Adaptive room modes can be set either automatically or manually. 

2. Network segmentation & security

For maximum safety and security, IoT devices should not rely solely on hospital Wi-Fi networks. Instead, they should be isolated on a separate network, if possible, via an ethernet connection which can easily be set up and secured.

Hospital executives should prioritize IoT devices from companies that implement “security by design” and “security by default” principles, as recommended by ISACA, an international professional association focused on IT governance. These principles ensure that devices are built with robust security controls, undergo regular security testing, and receive frequent security patches. By selecting devices from vendors committed to best practices, hospitals can mitigate the risk of potential vulnerabilities. 

When possible, hospitals should choose devices that use industry-standard encryption protocols and tools to protect data and maintain privacy. 

The SwipeSense system uses ethernet connections and encrypts data, both in transit and at rest, so user information remains secure. 

3. Third-party certification: SOC2 compliance

One way to ensure the security of IoT devices is to look for products that are SOC2 certified. SOC2 certification involves independent verification and validation of security and compliance policies by third-party auditors. 

It’s not easy for companies to obtain SOC-2 certification, which means that those who have achieved it have demonstrated a deep commitment to cybersecurity. They’ve developed internal security controls and have proven that they manage data securely. SOC2 certification is assessed annually, so certified systems are up to date regarding best practices. 

The SwipeSense platform is SOC2 certified and compliant.

IoT devices can improve the efficiency and quality of patient care. To responsibly deploy these devices, hospital leaders must prioritize the security and protection of patient and provider data. Look for IoT technology that maintains PHI privacy, utilizes industry-standard encryption protocols and doesn’t rely on hospital Wi-Fi, and is SOC2 certified. 

Hospitals that make informed IoT purchasing decisions can confidently embrace the benefits of IoT devices.