Abstract

Remote implantable or wearable medical devices (RMDs) include networking. Devices monitor important areas but are vulnerable to breaches in the devices, networks, or healthcare facility. The impact ranges from loss of privacy and exposure of personal data to disruption of critical life-sustaining systems. This study employed a qualitative exploratory method documenting medical and information technology professionals’ perceptions regarding responsibility for security and privacy of remote implantable or wearable medical devices. Participants included personnel from medical facilities and device manufacturers, medical practitioners, and healthcare information technology. The concerns and themes were an inconsistent awareness of cyber security threats among physicians, presumption that these devices were secured by “someone else,” networking vulnerabilities, and lack of identified responsibility for remote medical device security and privacy. This exploratory study documented participants’ perceptions regarding who is responsible for end-to-end privacy and security of remote implantable or wearable medical devices. The findings revealed no definitive answer to this question. Additional research and recommendations are warranted. Future research analyzing medical practitioner awareness will yield additional data. The relationships between device manufacturers and medical practitioners regarding security, privacy, and risk disclosures could also yield further insight. Comprehensive research regarding regulations pertaining to RMDs will be helpful to public policy and regulatory bodies.