How Healthcare CIOs and Clinical Engineering Join Forces in Healthcare Cybersecurity
Eddie Myers is Crothall Healthcare's Program Manager for Cybersecurity Solutions.
Mon Jul 27 2020
As medical technology evolves, devices are becoming more interconnected with the data that they collect. In order to automate more features and improve the quality of patient care, many medical devices have custom computing capabilities incorporated into their design, requiring clinical engineers to consider device security when creating and managing new medical equipment.
Clinical engineers need to work together with CIOs and IT departments to develop innovative devices while protecting valuable healthcare information and regulating who can access protected health data. While the idea of managing a network of devices is relatively new to clinical engineers, incorporating cybersecurity measures into their product management process is becoming more and more common. Here's how you can nurture successful product development and support your hospital's cybersecurity efforts by cultivating collaboration between your hospital's IT professionals and clinical engineers.
Focus on Risk Management
Cybersecurity is an important concept in healthcare for two key reasons: protecting private health information and ensuring devices function properly. In an unprotected network, security breaches can put patients at risk of identity theft, and hackers can use malware to take full control of medical devices. Clinical engineers rely on IT departments to help them strategize on the appropriate way to manage the risks associated with device software and network support.
When collaborating on a new device or service, CIOs, IT security teams and clinical engineers should discuss how the product design and implementation either reduces or increases the risk of a cyberattack or information breach. All network devices have some level of risk, but the ability to instantaneously store and transmit unique patient data can provide a vastly superior quality of healthcare to patients than older medical technologies. Clinical engineers can consider ways to manage the risk of a cyberattack through security measures that they learn from their IT department.
Electronic health records are a convenient way to transmit data between medical devices and networks but also pose a large risk in terms of cybersecurity. Clinical engineers need to understand how to interact with their patients' digital health information safely, and part of that process requires assessing risk from an IT standpoint in addition to the perspective of the user. IT professionals can use their technical expertise to help clinical engineers create an overall strategy for protecting vulnerabilities in medical technology.
Collaborate on Infrastructure Requirements
Clinical engineers are responsible for implementing medical technology, while IT professionals are traditionally in charge of the infrastructure that supports that technology. However, as medical technology becomes more service-oriented, the technical infrastructure itself is becoming an essential part of its implementation.
CIOs, IT security teams, and clinical engineers can take advantage of their different backgrounds by deciding what different medical devices need in terms of software, hardware, and network resources. Clinical engineers can communicate patient needs with the IT department, who can then help meet those networking and security needs.
Share Team Expertise
As the healthcare system adapts, experienced healthcare professionals are an essential resource for organizations trying to keep up with the changing technological landscape. Look for people within your current staff who have specialized IT expertise, and encourage them to mentor and train clinical engineers as they collaborate. Clinical engineers that have strong soft skills from their experience by interacting with vendors and patients can share these skills with IT professionals interested in learning about business strategy. Creating a culture that celebrates sharing knowledge can build a collaborative environment essential for adapting to new technology and keeping it secure.
Develop Best Practices for Support
Clinical engineers' infrastructure and IT professionals infrastructure is slowly converging into the same system. While clinical engineers have significant expertise in maintaining medical technology and providing customer support for network issues, security concerns typically involve knowledge of IT strategies. CIOs can use their background in IT to create a general framework for troubleshooting medical devices, that they can then share with clinical engineers. Collaborating on product maintenance strategies can help institutions develop best practices that evolve with the technology they support.
Prepare for Increased Demand
Incorporating clinical engineering and data science together can be more efficient in the long run, but healthcare systems have to go through a transition phase in order to get the full benefits of IT and clinical engineering convergence. While IT professionals help train clinical engineers to prepare them for working with network technology, the department's overall workload will increase. CIOs should determine the main goals of clinical engineers and then prioritize IT assignments based on those needs. Consider outsourcing other elements of IT work to allow staff to focus on cybersecurity and help manage demand increases.
Develop Interdepartmental Accountability
Emphasize that both IT professionals and clinical engineers share responsibility in creating and maintaining security measures for new applications of medical technology. Aligning IT strategy with clinical outcomes can help every person on a team understand that their overall goal in the workplace extends beyond their specific responsibilities. Encourage mutual communication by asking for feedback on how each department could better support the other while merging their projects.
Migrate Legacy Systems
Legacy systems are healthcare devices with outdated software or hardware, that usually lack the standard expectations for clinical technology. A legacy system might have software from a company that no longer supports that device, a homemade interface that can't interact with other medical devices, or could use a non-standard programming language that makes it incompatible with updates.
Clinical engineers have the opportunity to strengthen overall security by phasing legacy systems out and incorporating streamlined network technology. Replacing a legacy system with new medical equipment requires an in-depth understanding of what processes the old system performed and how they can be improved. Clinical engineers gather this information, then collaborate with IT on developing the necessary infrastructure for an update. They can then help IT professionals create comprehensive and secure network support by developing an implementation plan and creating a strategic timeline for replacing legacy systems with new technology.