Are You Prepared?
I recently read a great article comparing the GDPR regulations – which are going to be enforced starting in May – to HIPAA. A few things are clear from this article:
- While there is overlap, they each have disparate measures in place
- In most cases, GDPR is a further continuation of what HIPAA started
- Any connected medical device manufacturer, vendor or solution provider will have to support both measures on the same devices
- All of this is most likely going to evolve over time
That last bullet is the one that will give medical device companies the most heartburn but the various GDPR components are also incredibly challenging – especially for medical devices. It is no longer sufficient to rely on a secure network or environment – the actual devices have to be protected at the point of collection. While this makes perfect sense from a regulation perspective, modern security options are HEAVY and cost a LOT of money to implement.
What are these companies going to do?
A New Option
Fortunately, the GDPR enforcement, right now, is focused mainly on ensuring companies are moving towards compliance. it is not until 2019 that fines come into place. For manufacturers, this is not much relief given the number of products already on the market that need to be overhauled and processed through expensive recalls/site visits to meet compliance.
I have talked quite a bit about how Bear can be added to these devices to support any current regulations and any changes made down the road. I have talked about how Bear can be added without forcing an application “modernization” efforts and how Bear works seamlessly on existing customer networks.
What I have not discussed is how Bear can lessen the pain for reaching compliance on existing product architectures.
The main challenge for most security is that they require an Internet connection in order to provide any sense of privacy. Adding in a Wifi transmitter is expensive and can drastically reduce battery longevity and where a device can be used. Bear, on the other hand, works across any type of communication and can operate on whatever is in place today. This is great news for Bluetooth- or RF-enabled devices as well as devices that cannot get out to the Internet. Even for Internet-connected devices, Bear runs at a fraction of the overhead of anything else on the market.
These medical device companies are being forced to support a major new series of regulations, and HIPAA changes are, at most, 3-5 years away. Customers are demanding the same levels of privacy and yet nobody is willing to pay more money. In order to lessen the burden of these changes, security has to adapt to these new tight environments, only implement what is required and do so without impacting current functionality.
Only then will these medical device providers succeed.