Implantable Active Medical Devices: Risk and Opportunity in the Health Care Data Enterprise

Implantable medical devices are one of the most successful elements of our modern medical environment and are responsible for millions of interventions that have extended life and quality of life for many people over the last several decades. Current and planned active devices can transmit information about the patient to either the patient, healthcare provider, or medical device company (or some combination of all three).  

Implantable cardiac devices are a great example of this — e.g., Medtronic has a number of implantable heart monitors that monitor a patient’s heart rate and transmit the information back to Medtronic’s clinical network so physicians can analyze the data. The device will alert the patient and the physician immediately if the patient’s heart rate is outside normal parameters. Implantable insulin pumps are another popular device category. The implantable pump automatically detects blood sugar levels and dispenses insulin as needed (eliminating the need to do finger-prick blood sugar reads and then manually inject insulin). The data for the insulin pumps is usually stored on the pump itself and not kept long term, but that will likely change.

This data is mostly transmitted via wireless networks and is used through a variety of applications and platforms to treat the individual patient, then discarded (i.e., not kept long-term). And yet, all this data, generated across many patients for long periods of time, has real applications that require long-term secure, compliant data storage so it can be aggregated and analyzed for research purposes.  

Major cybersecurity risks to this data are already being detected. The U.S. Food and Drug Administration published draft guidance in October 2018 encouraging health care delivery organizations, manufacturers, users and data customers to manage security risks associated with these devices and their generated data. While device manufacturers have clear opportunities and risks to manage regarding their data and relevant networks, hospital systems are also a potential threat vector for cyber intrusions and loss of sensitive data related to these devices and patient care.

The use of implantable medical devices presents incredibly complex challenges to the healthcare enterprise. The healthcare industry needs the right data infrastructure, both to address regulatory requirements and to support long-term, secure medical device data collection and storage. The right data infrastructure — including HIPAA-compliant, HITRUST-certified data centers — can also manage risk, enable improved health outcomes, and facilitate new opportunities and revenue models.

DP Facilities, Inc. is 100% U.S.-citizen-owned and operated. Our flagship data center, Mineral Gap — located in Wise, Virginia (also known as “The Safest Place on Earth”) — is HITRUST CSF® certified, demonstrating that Mineral Gap’s BMS, EPMS, SOC, and NOC systems have met key regulations and industry-defined requirements in colocation, including hybrid cloud, for healthcare and is appropriately managing risk, including HIPAA compliance. Mineral Gap is the first concurrently maintainable designed and constructed Tier III data center in Virginia, certified by Uptime Institute for 99.98-percent availability. Mineral Gap is simply one of the top data centers in the US.