The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum.
While medical device makers are starting to do a better job of addressing “security by design” principles in their products – in large part due to enhanced cybersecurity requirements from the U.S. Food and Drug Administration – these manufacturers are often still lagging in how they approach privacy, Hesse said.
“Privacy by design does not have the same level of attention,” he said.
“Your systems engineering team should be designing for privacy by establishing a data life cycle for use cases. What data do we have? Where is it going? How is it being used? This activity really drives privacy requirements and ultimately the design of the system – and needs to be built into your development process just as cybersecurity had been. Privacy is trying to catch up from a device perspective on how integrated it is in the overall development process.”
In this interview with Information Security Media Group (see audio link below photo), Hesse also discussed:
- Emerging issues involving artificial intelligence and machine learning-enabled medical devices and health IT;
- Evolving privacy regulatory considerations – including in the U.S and in the European Union – for medical devices and health IT;
- Steps manufacturers can take to better integrate “privacy by design” practices in the development of new products.
Hesse has more than 15 years of medical device and healthcare information systems experience. Previously, he was in a leadership role in Becton, Dickinson and Co.’s diabetes division and before that, he led a modernization program of Medtronic’s CareLink platform. He also has deep development experience in robotics and automation systems.