As we have seen in recent weeks, hackers have become very comfortable intruding in on our personal lives by exploiting the dozens of devices we have connected to the internet. There is even a podcast that hacks into in-home security cameras when the show is on the air and talks to the homeowners. I suppose the podcast host thinks this is funny and constitutes “good content” for the show but, in reality, this clearly shows how dangerous the Internet of Things has become.
What we thought was a fun personal assistant for our home that would help us play music or turn on the lights without us having to move has proved to be a portal into our homes and our lives that can be accessed any time of the day or night. In order to function as designed, devices such as Alexa or Google Home have to be listening all the time which means they are always on, which means the portal is open all the time. These devices are like the modern day “doggie door” to our homes; the bad guys can come and go anytime they like.
The Internet of Things presents interesting issues for health care providers. As the individuals who receive services or their families/guardians adopt the new technology the protection of personally identifiable information becomes more difficult. Does the “always on” device allow someone to overhear a conversation between the individual and the health care provider that contains sensitive protected health information? Does the camera that is there just so the family can see how their loved one’s day is going give a hacker an opportunity to observe the delivery of health care services including personal care to the individual?
It is just a matter of time before every health care provider is faced with a request for permission to install an Alexa, Google Home, Amazon Echo or some other device that allows an individual to interact with the internet in this manner. It is important for providers to consider how they want to address such situations. Developing policies and procedures now is far better than waiting until that request comes in because typically the device has already been purchased or even installed in the individual’s room by the time someone thinks to let the provider know. Our world is going to become more and more connected and providers who take the time to consider the issues presented by the Internet of Things will be better prepared to ensure PHI is properly protected.