Tully J, Coravos A, Doerr M, Dameff C. (2020). Connected medical technology and cybersecurity informed consent: A new paradigm. Journal of Medical Internet Research. 22(3): e17612. doi: 10.2196/17612
In this viewpoint discussion, the authors propose the development of cybersecurity-informed patient consent to address the potential risks to patients (physical harm, compromised private health information) from connected medical technologies (e.g. wearable activity trackers, mobile apps, implantable medical devices, telemedicine platforms). Given the potential health and privacy repercussions of cybersecurity breaches or device malfunction, patients deserve full knowledge of possible consequences from any cybersecurity vulnerabilities involved in use of a digital tool in treatment before they consent to treatment. Implementation of cybersecurity-informed consent addresses 3 main challenges: (1) Cybersecurity illiteracy, (2) Risk-benefit troubleshooting ratio, e.g. Patching (software updates) may fix or improve existing software, but also introduce a small yet serious risk of accidental software corruption that could cause a medical device to malfunction and endanger the physical health of the patient, and (3) Unique risk, e.g. software properties that enable innovation (e.g. functionality updates, new features) also spawn new vulnerabilities. Clinicians who use connected medical technologies may benefit from educational interventions on cybersecurity (e.g. modules, tool kits, simulations). Future research could explore which cybersecurity-informed consent approach best suits the novel challenges presented by connected medical technologies.