Tanya Vogt, executive officer of the SA Medical Technology Industry Association, said while having basic certification and guidelines on safety and performance for these devices,South Africa was behind the international risk curve when it came to legislation around recall and adverse events linked to medical devices. Credible manufacturers need some kind of regulatory approval, but even this did not help much when it came to the ability of hackers to access real-time monitoring of connective devices.
The seriousness of this risk has led to a working group was also created to allow for risk management, innovation and timely patient access to safe and effective medical devices.
Braam Oberholzer, head enterprise architect at Netcare, revealed that there were 15-million disclosed medical records globally in 2018, increasing to 32-million half way through this year. “The danger is from those wanting street cred in the hacker community or criminals wanting to make a living out of it,” he said. The best way to counter this was to use activity analysis software, "because there are people interested in this data not for fun".
Healthcare was an easy target with statistics from the dark web showing that “we’re dealing with comprehensive healthcare".
Oberholzer explained that the main purpose of criminal hackers of healthcare technology was identity theft. Medical data was relatively easy to hack in order to assemble an identity kit and forge documents which could fetch up to $20,000 on the black market.
Raymond Plotz, chief information officer for Mediclinic, Southern Africa and current chair of the Care Connect health information exchange, said technology was a powerful tool to address a fragmented healthcare system. He gave the example of a patient walking from one facility to another where nobody knew who he was and had no information about him. Because the ability to transfer information between facilities and practitioners was so vital, six central corporate healthcare role players came together four years ago to create a South African health information exchange in order to lower costs, increase efficiency and facilitate better patient outcomes.
They had to first overcome challenges around information exchange and privacy. He stressed that all care providers had to take full responsibility for clinical records and should never use any patient information for analysis without explicit individual consent. He said that the model, out of which his NGO, Care Connect was born, was tested in January by two pivotal partners, Mediclinic and Discovery, and would be piloted this October. It included clinical information, co-morbidities and chronic conditions and would be rolled out over the next two years. He said Care Connect would be open to both the public and private sectors.
