IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019
Purpose: This study aimed to develop a comprehensive framework to enable the identification of risks pertaining to data security, privacy and confidentiality when using medical Internet of Things (IoT) devices. Design/methodology/approach: A qualitative, non-empirical study was undertaken to identi...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
AOSIS
2025-02-01
|
| Series: | South African Journal of Business Management |
| Subjects: | |
| Online Access: | https://sajbm.org/index.php/sajbm/article/view/4796 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850071727593226240 |
|---|---|
| author | Na-ella Khan Riaan J. Rudman |
| author_facet | Na-ella Khan Riaan J. Rudman |
| author_sort | Na-ella Khan |
| collection | DOAJ |
| description | Purpose: This study aimed to develop a comprehensive framework to enable the identification of risks pertaining to data security, privacy and confidentiality when using medical Internet of Things (IoT) devices.
Design/methodology/approach: A qualitative, non-empirical study was undertaken to identify data-related risks when using medical IoT devices using a systematic literature review and two governance frameworks.
Findings/results: Within the medical field, risks of using IoT are concentrated around data security, privacy and confidentiality throughout the data lifecycle prevalent within each layer of the IoT architecture. A comprehensive framework was developed to identify these risks at each layer within the architecture in order to facilitate sound information technology (IT) and data governance.
Practical implications: This research documents evidence of the risks posed by IoT devices within the medical field particularly pertaining to IoT data. It provides those charged with governance with a tool to identify all significant risks in this field that is compliant with Health Insurance Portability and Accountability Act and Control Objectives for Information and related Technology 2019.
Originality/value: This research provides a comprehensive framework that can be used by those in charge of governance including IT specialist for risk identification during implementation for sound IT and data governance of medical IoT devices using recognised benchmarks. The use of the benchmarks ensures that all significant risks are identified, compared to previous research that identified risks in an ad hoc manner. |
| format | Article |
| id | doaj-art-1e234512607741f8ae923c7b51ceaad3 |
| institution | DOAJ |
| issn | 2078-5585 2078-5976 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | AOSIS |
| record_format | Article |
| series | South African Journal of Business Management |
| spelling | doaj-art-1e234512607741f8ae923c7b51ceaad32025-08-20T02:47:14ZengAOSISSouth African Journal of Business Management2078-55852078-59762025-02-01561e1e1710.4102/sajbm.v56i1.47961438IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019Na-ella Khan0Riaan J. Rudman1School of Accountancy, Faculty of Economic Management Sciences, Stellenbosch University, Cape TownSchool of Accountancy, Faculty of Economic Management Sciences, Stellenbosch University, Cape TownPurpose: This study aimed to develop a comprehensive framework to enable the identification of risks pertaining to data security, privacy and confidentiality when using medical Internet of Things (IoT) devices. Design/methodology/approach: A qualitative, non-empirical study was undertaken to identify data-related risks when using medical IoT devices using a systematic literature review and two governance frameworks. Findings/results: Within the medical field, risks of using IoT are concentrated around data security, privacy and confidentiality throughout the data lifecycle prevalent within each layer of the IoT architecture. A comprehensive framework was developed to identify these risks at each layer within the architecture in order to facilitate sound information technology (IT) and data governance. Practical implications: This research documents evidence of the risks posed by IoT devices within the medical field particularly pertaining to IoT data. It provides those charged with governance with a tool to identify all significant risks in this field that is compliant with Health Insurance Portability and Accountability Act and Control Objectives for Information and related Technology 2019. Originality/value: This research provides a comprehensive framework that can be used by those in charge of governance including IT specialist for risk identification during implementation for sound IT and data governance of medical IoT devices using recognised benchmarks. The use of the benchmarks ensures that all significant risks are identified, compared to previous research that identified risks in an ad hoc manner.https://sajbm.org/index.php/sajbm/article/view/4796iotdata governancehealth-carehipaacobit 2019 |
| spellingShingle | Na-ella Khan Riaan J. Rudman IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 South African Journal of Business Management iot data governance health-care hipaa cobit 2019 |
| title | IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 |
| title_full | IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 |
| title_fullStr | IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 |
| title_full_unstemmed | IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 |
| title_short | IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019 |
| title_sort | iot medical device risks data security privacy confidentiality and compliance with hipaa and cobit 2019 |
| topic | iot data governance health-care hipaa cobit 2019 |
| url | https://sajbm.org/index.php/sajbm/article/view/4796 |
| work_keys_str_mv | AT naellakhan iotmedicaldevicerisksdatasecurityprivacyconfidentialityandcompliancewithhipaaandcobit2019 AT riaanjrudman iotmedicaldevicerisksdatasecurityprivacyconfidentialityandcompliancewithhipaaandcobit2019 |