Protecting patients in today’s connected world.
February 2022 – The Journal of Healthcare Contracting
By Todd Ebert
The widespread adoption of telemedicine and rapid shift to virtual operations during the COVID-19 pandemic has underscored the important role that information technology, software, and medical devices can play in improving patient care. However, the increased use of connected medical devices and software as a service (SaaS), the adoption of wireless technology, and overall increased medical device and service connectivity to the internet significantly increase the risks of cybersecurity incidents. As evidenced by recent cyberattacks, medical devices and services are vulnerable to cybersecurity threats that could jeopardize patient health, safety, and privacy.
Protecting against cyber threats is a shared responsibility among all healthcare stakeholders. As the sourcing and purchasing partners to America’s acute and non-acute care providers, healthcare group purchasing organizations (GPOs) are committed to helping providers harness the benefits of technology to care for their patients while guarding against cyber threats. As part of that commitment, the Healthcare Supply Chain Association (HSCA), which represents the nation’s leading GPOs, released key cybersecurity considerations to help healthcare stakeholders address cyber vulnerabilities while promoting the use of innovative technologies through:
- Cybersecurity Training and Software: Includes designating an information technology security officer, maintaining updated anti-virus software, and implementing role-appropriate cyber training and assessments
- Equipment Acquisition Standards and Risk Coverage: Includes ensuring compliance with regulatory standards for purchasing medical devices and updating legacy devices, providing insurance policies to cover cybersecurity risks, and validating devices by testing manufacturer claims
- Data Encryption: Includes encrypting personal authentication data as well as any confidential or sensitive information when practical
- Information Sharing & Standards Organizations: Includes participating in Information Sharing and Analysis Organizations (ISAOs), certifying that suppliers of network-accessible medical devices, software and services are compliant with current FDA guidance documents, and ensuring that manufacturers provide a Manufacturer Disclosure Statement for Medical Device Security
In today’s connected world, ensuring the safety and security of medical devices and technologies is more important than ever. GPOs will continue to work closely with healthcare delivery organizations, service providers, and medical device manufacturers to enable first-class patient care while safeguarding patient health, privacy, and safety.