Seize the full potential of medical and healthcare technology by understanding its risks, says Craig Mounser, senior development underwriter, Travelers 

Craig Mounser

The growing network of internet-connected devices known as the Internet of Things (IoT) may transform the medical and healthcare sectors more than any other industry. From wearable devices that track a person’s steps, to ingestible electronic pills that monitor and transmit vital signs, IoT technology has the potential to deliver improvements across the healthcare system, allowing people to live longer, healthier lives. 

But just as this technology promises life-changing advancements, it poses risks by challenging the safety and security standards that govern medical and healthcare products. Technology executives who understand how to manage these risks can better protect their companies as they pursue market opportunities.

Three categories of opportunity

The greatest opportunities for IoT devices in medicine and healthcare fall into three categories. Connected medical devices for chronic conditions and remote care promise to streamline the delivery and management of healthcare for patients and their providers. Personal health and wellness products help people monitor their daily activity levels and other measures of fitness. IoT technology for the broader healthcare ecosystem helps providers manage patient information, improve safety, and handle repetitive administrative tasks that consume large amounts of time but deliver comparatively little medical value.

Evolving technology requires risk protection

Amid these benefits, there is potential for harm. If IoT software, component parts or finished devices fail to work as intended, a patient can be injured, sensitive personal health information may be stolen, and third parties may suffer losses for which they hold the technology company liable. To best manage these exposures, technology companies should carefully consider an IoT device’s potential to cause bodily injury, technology errors and omissions, and cyber risk.

Fortunately, they can take protective actions. For one, they should develop appropriate quality and risk management systems that reduce the likelihood of problems and suggest corrective steps when they occur. Building such systems requires conducting robust hazard analyses, design reviews and tests to understand how a product can pose risks, then developing clear instructions with conspicuous warning labels to help users avoid those risks.

Further, as cyber crime becomes increasingly sophisticated, companies must ensure their IoT devices have built-in cyber security. A breach of a device designed to deliver medication or monitor a facility’s conditions could cause serious consequences for patients or property. Consider consulting IT security professionals about such protective measures as application security patches, encryption, remote erase features, identity management, custom security levels and backward compatibility to ensure any new algorithms continue to accept data from existing devices.

Even well-designed products may fail to perform as expected and cause unfortunate side effects that generate costly liability claims. Companies can manage their exposure to technology errors and omissions risk by contractually transferring risk where possible. Using contract provisions such as limitation of liability, damage caps, disclaimers or limitations of warranty, entire agreement clauses, or contractual risk transfer and defence/indemnity provisions can help.

Insurance can safeguard

Finally, while it is impossible to predict how and when IoT devices may fail to function, insurance can provide an additional safeguard. As technology companies develop holistic plans to manage and minimise the unique risks IoT devices can create, insurance can protect against potential liability, identify hidden exposures and help a company continue to focus on innovation as the medical and healthcare sectors evolve.