A Health Informatics Course on Security and Privacy of Wearable and Implantable Medical Devices
Abstract
As wearable and implantable medical devices become fundamental to remote patient monitoring and precision medicine, the associated security and privacy risks demand urgent attention. These devices are increasingly targeted by cybercriminals, potentially endangering patient safety and data integrity. Specifically, it has been documented that vulnerabilities in medical devices have been exploited to alter device behavior or interfere with clinical treatment delivery. Despite these known vulnerabilities, wearable and implantable medical devices have become integral to modern patient care, offering innovative ways to monitor, manage, and even remotely treat various health conditions. These devices are essential to remote patient monitoring and precision medicine; the real-time data they capture is increasingly integrated into electronic health records (EHRs) to support clinical decision-making and enhance workflow efficiency. At the same time, most medical and healthcare students around the nation are not well educated to deal with cybersecurity issues. Subsequently, medical and healthcare students should understand the vulnerabilities associated with wearable and implantable devices, the risks they pose, and the importance of regulatory compliance, including the Health Insurance Portability and Accountability Act (HIPAA). To address this, we developed an experiential learning course titled Security and Privacy of Wearable and Implantable Medical Devices, designed for advanced undergraduate and graduate students in health and medical fields. The course immerses students in real-world challenges through lectures, labs, and project-based learning, leveraging wearable devices such as FitBitTM to analyze and interpret real-time personal health data. The curriculum covers critical topics including data security, privacy, HIPAA compliance, data visualization, interoperability, and real-world cyberattack case studies. The learning objectives align with the Commission on Accreditation for Health Informatics & Information Management Education (CAHIIM) standards and Miller’s Pyramid of Clinical Competence to ensure industry-relevant competencies and progressive skill development. Interactive lectures were designed to promote engagement and featured expert guest speakers from health information technology (IT) and cybersecurity sectors. Case-based discussions encouraged students to consider the implications of cyberattacks on patient safety and health outcomes. The lab component offered a structured environment for technical practice, such as configuring wearable devices, extracting and visualizing data, and evaluating the security of data transmission. Lab assignments played a central role in reinforcing the key concepts introduced in lectures and assigned readings. By combining didactic instruction with applied learning and real-world examples, the class components provided a robust experiential learning that mirrors current challenges faced by healthcare professionals in digital environments. Throughout the 16-week semester, students explored the challenges of integrating wearable technologies into mainstream healthcare systems with enhanced security. One of the key lessons learned was the importance of grounding theoretical cybersecurity principles in authentic, hands-on experiences. Students responded positively to the practical use of wearable technology, and wearing the FitBitTM devices, which provided a tangible connection to privacy risks and data security concerns that might otherwise remain abstract or symbolic. Another important takeaway was the value of interdisciplinary learning. The mix of students from undergraduate pre-health majors, graduate students in health informatics disciplines, and medical trainees enriched class discussions and broadened the scope of learning.
A Health Informatics Course on Security and Privacy of Wearable and Implantable Medical Devices
As wearable and implantable medical devices become fundamental to remote patient monitoring and precision medicine, the associated security and privacy risks demand urgent attention. These devices are increasingly targeted by cybercriminals, potentially endangering patient safety and data integrity. Specifically, it has been documented that vulnerabilities in medical devices have been exploited to alter device behavior or interfere with clinical treatment delivery. Despite these known vulnerabilities, wearable and implantable medical devices have become integral to modern patient care, offering innovative ways to monitor, manage, and even remotely treat various health conditions. These devices are essential to remote patient monitoring and precision medicine; the real-time data they capture is increasingly integrated into electronic health records (EHRs) to support clinical decision-making and enhance workflow efficiency. At the same time, most medical and healthcare students around the nation are not well educated to deal with cybersecurity issues. Subsequently, medical and healthcare students should understand the vulnerabilities associated with wearable and implantable devices, the risks they pose, and the importance of regulatory compliance, including the Health Insurance Portability and Accountability Act (HIPAA). To address this, we developed an experiential learning course titled Security and Privacy of Wearable and Implantable Medical Devices, designed for advanced undergraduate and graduate students in health and medical fields. The course immerses students in real-world challenges through lectures, labs, and project-based learning, leveraging wearable devices such as FitBitTM to analyze and interpret real-time personal health data. The curriculum covers critical topics including data security, privacy, HIPAA compliance, data visualization, interoperability, and real-world cyberattack case studies. The learning objectives align with the Commission on Accreditation for Health Informatics & Information Management Education (CAHIIM) standards and Miller’s Pyramid of Clinical Competence to ensure industry-relevant competencies and progressive skill development. Interactive lectures were designed to promote engagement and featured expert guest speakers from health information technology (IT) and cybersecurity sectors. Case-based discussions encouraged students to consider the implications of cyberattacks on patient safety and health outcomes. The lab component offered a structured environment for technical practice, such as configuring wearable devices, extracting and visualizing data, and evaluating the security of data transmission. Lab assignments played a central role in reinforcing the key concepts introduced in lectures and assigned readings. By combining didactic instruction with applied learning and real-world examples, the class components provided a robust experiential learning that mirrors current challenges faced by healthcare professionals in digital environments. Throughout the 16-week semester, students explored the challenges of integrating wearable technologies into mainstream healthcare systems with enhanced security. One of the key lessons learned was the importance of grounding theoretical cybersecurity principles in authentic, hands-on experiences. Students responded positively to the practical use of wearable technology, and wearing the FitBitTM devices, which provided a tangible connection to privacy risks and data security concerns that might otherwise remain abstract or symbolic. Another important takeaway was the value of interdisciplinary learning. The mix of students from undergraduate pre-health majors, graduate students in health informatics disciplines, and medical trainees enriched class discussions and broadened the scope of learning.
Comments
This is the abstract version. The full paper adjusted based on the reviewers' comments will be posted to JCERP shortly.