IoT Devices for EMS: What First Responders Need to Know

As an EMS first responder, you’re on the front lines of the medical field, providing urgent care in critical situations. With the introduction of a dedicated first responder cellular network in the U.S., EMS communication systems are expanding to embrace greater functionality and potential for sharing information more quickly and easily.   Technology is evolving to keep pace and provide EMS personnel with connected devices, routers, and other equipment that will help save lives.   “We’re about to enter a new phase in our healthcare intervention efforts, and it will change how EMS is practiced,” writes Kevin McGinnis, a member of the First Responder Network Authority Board of Directors and longtime EMS system builder. “It will involve telemedicine and information sharing to help us bring greater clinical and operational decision-making into the field.”   But, as always, the rush of new products to the market brings potential risks. According to a Poneman report, 89 percent of healthcare entities experienced data breaches in 2016. Without adequate security measures in place, connected devices are vulnerable to cyber attacks.   Private data such as patient records, hospital communications and vehicle locations could be hacked, and unauthorized users could remotely access and control unprotected devices.  

As you choose the devices and equipment that will best fit the needs of your EMS system, here are a few topics to discuss with your solutions provider to ensure the continued success of your mission critical work.

 

1. Ask questions about security.

  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) legislates data privacy for all patients, making security a top priority in healthcare.   Introducing additional connected devices into your EMS system creates potential doorways for data breaches and cyber attacks unless you take adequate security measures.   Here are a few security questions to discuss with your systems integrator to make sure patient data remains secure:  

• Does the device ensure an auditable trail of data?EMS personnel must keep careful records of patient information, incorporating all findings into electronic patient care records (ePCRs). Patients’ lives depend on accurate transmission of this data to their healthcare team, so make sure your devices ensure storage of all collected information, with no missing links in the trail.
• Is data backed up frequently? If the device is connected to the Cloud, chances are data backups are happening constantly. But what happens when you’re in the field and your connection is interrupted? Make sure your systems integrator can explain how data is stored, transmitted, and backed up on remote servers.
• How do I activate the device’s security features, such as encryption and password protection?IoT devices intended for use in healthcare should include adequate security features such as data encryption and password protection. Make sure you understand how these features work and ensure that they are enabled before using your device in the field. Changing passwords might be an inconvenience, but it’s a necessity for ensuring data security, so make a habit of it.
• Does the device have Universal Plug and Play (UpnP), and if so, how do I turn it off? A feature that automatically connects your device to the internet or other devices in the area, UpnP makes your device vulnerable to hackers who could access it via the discoverable network it’s joined without your knowledge. If your device has this feature, disable it.
• How can I ensure that the device is up to date on system updates and security patches? Updating your IoT device regularly is the best way to avoid data vulnerability. This helps to eradicate firmware and software bugs, and ensures that your device always has the newest features available from the manufacturer.
• Does the device (or its components) have a history of connectivity glitches? Such glitches can initiate unintended data migration, creating a vulnerability to breaches that might not be easy to trace.

 

2. Ensure that sustainable, reliable manufacturers source key components.

  A device is the sum of its parts, and key components cannot afford to fail in mission critical situations. Most devices have at least one primary component that’s easy to recognize—for example, the sensor, lens, and image processor on a body cam. In a piece of connected clothing, it might be the sensor that records the wearer’s vital signs.   Another essential piece of the device is its data card or cellular module. If a device’s connection fails, the patient data it has gathered becomes useless. And if the connection module lacks adequate security features, it could be vulnerable to cyber attacks.   To guard against device failure and security risks, make sure that all key components are sourced from reliable manufacturers—preferably companies that are veterans in the M2M technology market. And ask about supply sustainability in the event of international trade wars or other shipping complications.   Does the component supplier have an alternate product source if the primary manufacturing facility becomes inaccessible? Will they be there when you need replacement parts, or will they have vanished from the market?  

3. Vet the device’s dependability.

  One way you can evaluate a device’s readiness for use in the field is by asking about the testing it’s been through prior to entering the market. Here are a few certification and ruggedness testing standards to consider:  

• AT&T FirstNet Certification. AT&T, along with the First Responder Network Authority Device Team, is at work to review products prior to use on the network. “The FirstNet Device Approval Program is built upon AT&T’s industry-leading, standards-based wireless device testing and certification program,” writes Joe Martinet, director of devices at the First Responder Network Authority. It’s a multi-level testing process that vets first responder devices and gateways for safety and reliability.
• MIL-STD-810 Resiliency Testing. A series of performance guidelines designed by the U.S. military to ensure resiliency, MIL-STD-810 is the gold standard for determining ruggedness, and the testing process observes a device’s response to a wide range of conditions and situations in 24 categories, including low pressure, extreme temperatures, fog, rain, dust, and more. If your device claims to be ultra-rugged, ask your solutions provider if it has passed MIL-STD-810 testing.

 

4. Remind your solutions provider about the time-intensive nature of your work.

  As an EMS provider, you work under the knowledge of a “Golden Hour”—the sooner you reach trauma victims and connect them with definitive care, the better their chance of survival. IoT technology can help maximize that Golden Hour in many ways, but if a health monitor, smartphone, or other connected device fails in the midst of an emergency, your patients’ lives are put at risk.   Cyber attacks are another source of worry for healthcare IoT, as demonstrated by the 2017 WannaCry ransomware attack that took down IT systems at many of the UK’s National Health Service organizations, among other entities around the world.   A 2018 report from the Royal Academy of Engineering warns of potential IoT vulnerabilities, especially in healthcare, and encourages more collaboration among engineers, software developers, systems integrators, and users to boost cybersecurity and guard against attacks. IoT devices should be built to be dependable, able to be restored to connection quickly if they do experience a service interruption, and secure by default.   “We cannot totally avoid failures or attacks, but we can design systems that are highly resilient and will recover quickly,” says Professor Nick Jennings, lead author of the report.  

The Bottom Line: Know Your Device, Inside and Out

  Seek assurance that the device and all of its key components are vetted for dependability, ruggedness, and security.   Take time to learn about security features, including passwords and encryption, and find out how to reboot and recover data in case of device failure.   The better you know your device, the better it can serve you as you focus on delivering the best patient care as quickly as possible.