Increasing attention is being given to various facets of healthcare-related cybersecurity by industry, the public, and regulators. From preventing malicious interference with medical devices to securing the appropriate privacy and integrity of patient records, the health care industry and other vested interests need to be closely involved in cybersecurity matters. And when industry and federal regulators are involved, NGO watchdogs are also involved.
Cyber watchdogs can play an important role in helping ventilate medical cybersecurity issues. For example, the Director of the Center for Democracy and Technology’s Health Privacy Project recently pointed out that “many privacy and security laws in place – such as HIPAA – were enacted at least a decade ago, and they ‘don’t incorporate the challenges posed by newer technologies.’” The CDT official was quoted at a mobile device health conference where an FDA official discussed forthcoming agency “guidance,” aka regulation, for certain mobile medical aps.
As FISMA Focus has noted, private sector cybersecurity is going to eventually be regulated, one way or another. The key question still to be answered is whether the regulation will benefit from a modern statutory framework or be cobbled together within existing legal authorities. A related question concerns the efficacy and economic efficiency of the regulations.
Privacy and other consumer watchdogs will play an influential role in determining the effectiveness, and the costs, of cybersecurity regulation in its various forms. What remains to be seen is whether various NGOs use their expertise for constructive purposes. With respect to CDT and mobile health, the answer is clearly yes. When NGOs don’t recognize legitimate public safety and economic security needs, however, the answer is different.
The Electronic Frontier Foundation (EFF) is an example of a highly skilled, influential watchdog organization, active on medical privacy issues, that has the potential contribute to improved cybersecurity.
Watchdog Watch will be tracking and reporting on cybersecurity-related work by EFF and other NGOs.
- See FDA: mHealth pending guidelines not just about ‘cool’ apps