Health Information Management: Experts Weigh in on IoT & Data Privacy

The health information manager needs to explain how health information technology works, where the data is collected and managed internally and externally, and anticipate the effects of federal and state regulations.

Julie Pursley Dooling, MSHI, RHIA, CHDA, FAHIMA, Director of HIM Practice Excellence at the American Health Information Management Association (AHIMA)

When it comes to the mainstream applications of bleeding-edge technological advancement, the healthcare industry is often on the front line. For such a massive and complex institution, it’s been remarkably adept at integrating things like big data into actionable and practical solutions. Those actionable and practical solutions, however, have to grapple with some fundamental frictions and philosophical issues: primarily, data privacy and data security. The advent of the internet of things (IoT) means the challenges and the opportunities will multiply even further.

Advancements in IoT represent a boon to healthcare—so much so that it’s already begun to earn its own side-designations: the internet of healthcare things (IoHT) and the internet of medical things (IoMT). Real-time monitoring and alerts on connected devices can notify care providers in the event of heart failure, asthma attack, or even a fall. Wearable devices can record and transmit vital signs like heart rate, blood pressure, oxygen levels, and blood sugar. All of this data can then be fed into an electronic health record (EHR) that travels with the patient between different medical settings.

“There is tremendous demand for health information technology that is integrated seamlessly into how we live our lives,” says Julie Pursley Dooling, MSHI, RHIA, CHDA, FAHIMA, a director of HIM Practice Excellence at the American Health Information Management Association (AHIMA). “Consumers want easy access to their complete health information picture on their mobile devices.”

More and more, advancements in health IoT are giving people that access. The future is speeding it up, and providing a startling amount of granularity: ingestible sensors (ePills) that are capable of acting as diagnostic devices from within a body; nano-devices that can monitor human physiology and deliver drugs to targeted cells; and virtual clinics and telehealth options that can connect care providers to patients across great distances.

The Challenge of Protecting Health Data Privacy

As data of higher quantity and fidelity is recorded, it’s possible to provide better care and perform better medical research. But health data has always had a contentious relationship with the concept of privacy. With further IoT integration, the problem may be further exacerbated.

“This is a complex issue for healthcare to solve,” Pursley Dooling says. “While privacy and security are top of mind for most individuals today with rising numbers of data breaches and cybersecurity concerns, the need for data looms closely behind.”

According to Dr. Mohammad Bajwa, program chair of the health informatics administration program at the University of Maryland Global Campus (UMGC), the security question is baked into the tech itself, as each individual device in the IoT becomes a potential point of vulnerability.

“IoT devices transmit data wirelessly,” Dr. Bajwa says. “They, being very small, do not possess enough computing power to encrypt data, although some medical grade cell phones and devices have started to do so. They also are not equipped with updating security patches. The health data, both in the transient and stationary forms, can be accessed, hacked, modified, corrupted, and rendered unusable.”

To combat this, major IoT players like Cisco, IBM, Intel, and Google are investing heavily in the security aspects of their IoT devices, with particular attention to the healthcare space. One possible avenue lies in blockchain technology, where the data is collected in a highly encrypted, decentralized ledger. But in a multi-vendor market, with many rushing into IoT device production, the cause for concern remains.

“With the right design and implementation, IoT can mitigate data interoperability and data privacy issues,” says James Robertson, program director of Cyber DevOps at UMGC. “However, often timelines are shortened to get products to the market quicker without critical security features in place.”

Robertson recommends that health data managers look to stackable certifications and other credentials to shore up technical know-how. This opens up internal lines of defense, where managers are able to check that a facility’s fleet of sensors is operating on the principle of least privilege. They can also implement processes to log activities and events, then monitor those logs for unusual behavior such as duplicate unique device identifiers or elevations in privilege.

“Managers will also need to stay current with technology trends including AI/ML, data analytics, and IoT security best practices associated with protecting and securing sensitive data and test results,” Robertson says.

Policy Approaches to Protecting Health Data

But it’s not all about the tech. Another line of defense comes at a policy level: AHIMA and other industry partners advocate for modernizing the 1996 Health Insurance Portability and Accountability Act (HIPAA), which would improve patient access to records, and also protect health data in an advancing application programming interface (API) market.

“There is much discussion in the industry today on how access and privacy can co-exist,” Pursley Dooling says.

On top of security issues, healthcare information managers need to help design and implement data standards for the numerous vendor-specific devices their facility uses, and then create protocols for the interoperability of those devices and the data they record. Yet another issue is data overload: as IoT devices become smaller and more ubiquitous, the amount of data they put out becomes practically unfathomable to the human mind. Today’s health information managers find themselves at the forefront of an incredibly complex, but also incredibly promising field.

“An open and positive communication style is critical,” Pursley Dooling says. “The health information manager needs to explain how health information technology works, where the data is collected and managed internally and externally, and anticipate the effects of federal and state regulations.”

Dr. Bajwa holds that many health information managers should begin transitioning towards health informatics, building skills in data analytics, statistics, and computer programming. AHIMA seems to agree, having introduced the Certified Health Data Analyst (CHDA) certification, which has strong components of data analytics, interpretation, visualization, and reporting. These skills may be a pivot for some health information managers, but they’re skills in high demand as health IoT brings in an unforeseen level of data and devices to the healthcare ecosystem.

“The industry will continue to be fast-paced and ever-changing,” Pursley Dooling says, in her advice to aspiring health information managers. “Aspire to be a lifelong learner.”

Featured Experts in Health IoT and Data Privacy

Julie Dooling

Julie Dooling is a director with the American Health Information Management Association (AHIMA). Previously, Dooling served in roles, including medical transcription service owner, HIM manager, and sales executive. She held the office of president for her state component association and currently serves on two academic advisory councils. This diverse background has allowed her to focus on the overall integrity of health information. In her role at AHIMA, Julie serves as a representative to members and industry partners; providing subject matter expertise, support and thought leadership. Julie is a published author, contributor, and public speaker.

Mohammad Bajwa

Dr. Mohammad Bajwa is a professor and the program chair of the health informatics administration program at the University of Maryland Global Campus. He earned his PhD in biochemistry from the University of Wales, and he also holds two master’s degrees: one in health information management and one in computer and information systems. Dr. Bajwa’s academic and management experience spans more than three decades.

Prior to joining UMGC, Bajwa served as an international faculty member in the United Kingdom, Iraq, Pakistan, and the Philippines. He’s served as the CEO of a biotechnology company, authored numerous academic publications and professional articles, and made presentations at several national and international conferences. An active participant in his local AHIMA chapter, he maintains the CDHA designation (and about a dozen others). In a prolific career of service to the field, Bajwa has won the British Council award for doctoral studies and the International Research Award for postdoctoral studies, as well as institutional development awards from the American, Canadian, and Pakistani governments.

James Robertson

Dr. James Robertson is the program director Cyber DevOps at the University of Maryland Global Campus, where he teaches advanced database, software security, and programming courses. He earned his master’s in electro-optical engineering from the University of Dayton, and his EdD in education from Towson University. His areas of expertise include software vulnerability testing, database design, and cloud computing and cloud security.

Prior to joining UMGC in 2001, Dr. Roberston worked as a principal consultant for Oracle and other industry vendors in designing and developing database and software applications. In addition to his academic duties, he presents papers and publications in conferences and technical discussions across the United States.

Program Spotlight: The University of Maryland Global Campus

The University of Maryland Global Campus has an online master of science in health informatics administration that’s designed to give graduates expertise in three key areas of healthcare: healthcare administration, health information systems and technology, and management and leadership. The curriculum was developed with input from top employers, and it’s continually updated under the direction of an advisory board of industry leaders to cover emerging areas in the healthcare information landscape.

The program consists of 36 credits and features projects with real data sets and guest speakers in the industry. Core classes include the following subjects: foundations of information security and assurance; health data management; the application of information technology in healthcare administration; relational database systems; and IT acquisitions management. Upon graduation, students will have learned how to apply advanced knowledge of EHR systems, medical coding, and IT systems security and interoperability. They will also feel secure in designing and implementing both health informatics systems and health informatics policy.

UMGC’s health informatics administration program is certified by the Commission for Health Informatics and Information Management Education (CAHIIM). It’s also an approved education partner of the Healthcare Information and Management Systems Society (HIMSS). Graduates of this program are eligible to take relevant certification exams at both HIMSS and the American Health Information Management Association (AHIMA).

Matt Zbrog
Matt Zbrog Writer

Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about emerging topics in medical technology, particularly the modernization of the medical laboratory and the network effects of both health data management and health IT. In consultation with professors, practitioners, and professional associations, his writing and research are focused on learning from those who know the subject best. For, he’s interviewed leaders and subject matter experts at the American Health Information Management Association (AHIMA), the American Society of Clinical Pathology (ASCP), and the Department of Health and Human Services (HHS).