Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    

Navigating the Risks of New Healthcare Technologies


The appetite among healthcare providers for new technologies is voracious. The benefits are obvious: Individual providers and facilities want to improve care and increase convenience and reputations. New technology, however, involves risks - both to patients and in working through internal "glitches." The potential for hacking and loss of security, privacy and access increases these risks.

In considering new technologies and associated risks, it is helpful to categorize by how soon they become available.

The Near-Term: Connected Devices/IOT.

Devices that are connected to an open network are "connected devices." When those devices can then communicate with each other via the internet, they become part of the Internet of Things (IOT).

  • What it Does: Just about everything. Relevant devices include monitors in hospitals, wearables and machines to auto-administer therapies or track real-time health data.
  • Why We Want It: Connected devices and the medical IOT (mIOT) are not only part of a larger increase in telehealth, but also can increase efficiencies, reduce costs and improve care for those with chronic conditions. Connection to a network permits timely monitoring, easier delivery of software, and utilization of health-related applications by patients.
  • What's the Problem? Imagine receiving a text that your pacemaker has been hacked, and if you don't pay bitcoin into a foreign account, it will be turned off at midnight. The potential risks are as varied as the imagination. Often older technologies are retrofitted to connect to the internet without having security "baked in."
  • What Do I Do Now? You can think of the security risks of connected devices/mIOT as a manufacturing issue, a vendor issue, or a security issue. In fact, it's all three:
  • Manufacturing processes for medical devices must ensure that security is implemented from the ground up, particularly for devices with software that can be connected.
  • Vendor assessments must be robust and ongoing.
  • Devices should be included in an overall compliance program to assess, test (including pen tests) and monitor security.

The Mid-Term:
Artificial Intelligence/Machine Learning.1

Our ability to function and understand the world around us depends on our capacity to find and use patterns in our environment. AI/ML is a collection of different methods for permitting machines to do the same - learn on their own.

  • What it Does: To simplify, it takes input, gives potential responses, receives feedback and refines its responses. For example, show a machine enough pictures of fish, and it can identify a fish in a picture that it has never seen before.
  • Why We Want It: There is a correlation between how many humans are on this planet and the rate of innovation.2 To oversimplify, the more brains, the more likelihood that one of them will belong to Einstein. AI/ML allows computers to supplement humans in innovation. AI is not an incremental change but a changing of eras in which machines begin undertaking tasks that humans may not even understand. For the most optimistic, AI/ML has the potential to help create a frictionless, evolved society.
  • Where's the Singularity? You've seen the movies. Before our new overlords take over,3 there are near-term concerns. For example, the inability to know whether we're interacting with a human or a bot. Authentication, spoofing, phishing and other issues are rife.
  • What Do I Do Now? In the short term, authentication and authorization controls are required. Multi-factor authentication is a good fix. In addition, old-fashioned human contact can help. Policies that require phone calls in some circumstances (such as unexpected requests for access to data) can save headaches.

The Long-Term: Distributed Ledger Technology (Blockchain).

You likely know this from Bitcoin, but its potential for the healthcare industry is far beyond cryptocurrency.

  • What it Does: DLT connects numerous machines to increase the security and reliability of information. In addition, it drives the sharing of information and completion of transactions without a centralized authority.
  • Why We Want It: Blockchain is already impacting supply chain and other use cases and could make the counterfeiting of pharmaceuticals impossible. It could make medical records immediately available and completely secure (don't expect this in the short-term) and create "smart contracts" that are self-enforcing.
  • What's the Problem? Blockchain is slow, energy-intensive and limited (contrary to popular imagination, medical records may never be stored on a distributed ledger). Also, blockchain is software and thus subject to the imperfections of designers. Individuals can take advantage of flaws, and there is a threat of "51 percent attacks" where a limited number of actors control the entire blockchain.
  • What Do I Do Now? A good percentage of healthcare entities are considering jumping into DLT, but it's important to keep in mind the risks, as well. Consider whether to have an open or restricted (permissioned) network. If restricted, how limited, and is there a threat of a 51 percent attack? Also, consider whether the ledger should be anonymous or identified, and whether private or public (i.e., no centralized management). Each of these decisions should be based not only on the business but also the potential security of the network's members.

Machines are getting smarter faster ... and keeping up with threats will become increasingly difficult until, at some point, we rely on machines to protect us from other machines. Until then, healthcare industry professionals have a responsibility to implement technology wisely.

1 Some may note that placing AI/ML in the Mid-Term understates its current impact. We place it here because the growth of AI/ML is likely to be exponential, replacing the current drizzle of ML with a hurricane of AI in the future.

2 See, for example,

3 01010011 01001111 01010011

Roy Wyman is a partner of Nelson Mullins Riley & Scarborough LLP in Nashville, co-chair of Nelson Mullins' Cybersecurity and Privacy Industry Group and is a member of the Healthcare Regulatory and Transactional team. He can be reached at or (615) 664-5362.


Nelson Mullins


Related Articles:

Recent Articles

AMA Issues Checklist for the Transition to E/M Office Visit Changes

The American Medical Association (AMA) is helping physician practices integrate fundamental changes to the coding and documentation of evaluation and management (E/M) office visit services that account for nearly $23 billion in Medicare spending.

Read More

AHA's Maryjane Wurth To Retire In 2020; Michelle Hood To Join The Association

Maryjane Wurth, the American Hospital Association's (AHA) executive vice president and chief operating officer (COO), will retire next year after a long and distinguished career in the hospital association field.

Read More

Tennessee Sees Fewer Infant Deaths In 2018

Infant Mortality Data Dashboard Now Available

Read More

Amedisys Expanding Commitment to End-of-Life Care for Veterans

Third Largest Hospice Provider Cared for 5,540 Dying Veterans Last Year

Read More

AMA Applauds Relief from Documentation Burden in New Medicare Rule

Many physicians will have reduced documentation beginning in 2021

Read More

Oncology Innovation in Nashville

From personalized medicine to innovation in GI care, Middle Tennessee oncology leaders share promising news.

Read More

Critical Insights into Nashville Health

For the first time in nearly two decades, Nashville has a countywide assessment providing insights into the health and well-being of the community.

Read More

Physician Spotlight: Leading with Compassion

Hospice care is so much more than simply pain management. Compassus CMO Dr. Kurt Merkelz focuses on helping patients live fully until the end.

Read More

The Oncology Care Model Value Proposition

The American Journal of Managed Care® hosts meetings across the country to help oncology practices understand and navigate the value-based care landscape at the intersection of quality and efficiency.

Read More

Tennessee Falling Short on Cancer-Fighting Public Policies

A 2019 ACS CAN report shows the state is falling short on public policies to fight cancer.

Read More

Email Print



AI, Artificial Intelligence, Augmented Intelligence, Blockchain, Cybersecurity, Distributed Ledger Technology, DLT, Hacking, Healthcare Technology, Machine Learning, ML, Nelson Mullins, Roy Wyman
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: