Recent years reflect medical device manufacturers shifting value from just hardware, or even hardware and software. Hardware, software, and data are all now being monetized in the era of the Internet of Things. Data-rich IoT medical devices – pumps, monitors, wearables, tablets, and more – span a wide range of functions to support healthcare, diagnostics, and observation.
As the use of these devices grows rapidly, so does the need for device manufacturers to manage them well. Not only must they be updated to deliver the correct care to patients and their medical providers, but they must also be protected from cybersecurity risks.
When those tasks are handled most efficiently, there’s an additional upside for manufacturers: Usage data captured through the licensing process can be analyzed to help grow revenue and drive innovation in the healthcare field. Medical device manufacturers must have a clear vision of how to manage and secure IoT devices – and the software running in them – in order to monetize them effectively and improve their profitability.
Why Focusing on Security Is an Important Step
Simply put: Devices can be hacked. The software supply chain is constantly under attack. The frequency and sophistication of exploits – and their ultimate impacts on organizations – continue to rise. The exposure to risk of vulnerabilities is growing across industries. In the medical field, not only is it good business to secure IoT devices, it is an absolute must for protecting patients’ lives.
IoT medical device security is increasingly regulated to help customers stay current and secure. The Health Insurance Portability and Accountability Act (HIPAA) requires device manufacturers to minimize the risk of shipping products with unpatched vulnerabilities to customers. Additionally, the U.S. Food & Drug Administration’s Medical Device Safety Action Plan specifies steps that medical device manufacturers must comply with in order to reduce attack surfaces, control access to software and data, and keep software and firmware updated. The FDA’s cyber regulations are primarily focused on medical devices with cybersecurity risks (networked, containing software, etc.).
Medical device manufacturers must build the capability to patch device security into a product’s design. Data about this capability must also be provided to the FDA as part of the device’s pre-market submission, demonstrating reasonable assurance cybersecurity procedures and testing, including the creation of software bills of materials (SBOMs). Post-market requirements also apply, including monitoring, identifying, and addressing cybersecurity vulnerabilities and exploits.
Contemporary Efficiencies in Managing and Updating Devices
Within the healthcare industry, complex IoT devices may require compatibility or dependency checks before a software update. In the past, there may have been little visibility or insight into software or firmware versions on devices. Technicians often needed to manually verify hardware compatibility before performing updates.
Consider the case of a supplier of software for critical medical device imaging, such as MRI machines. Older approaches included significant amounts of manual distribution of media. Field engineers were required to perform installations and updates – requiring travel time to hospitals and medical centers, at great expense. Software installations, entitlement checks, and license activations, performed manually, all drove costs up. With more contemporary approaches that heavily rely on automated device updates, the expertise of skilled field service engineers can be leveraged where they are most needed, leaving more routine services to be automated.
Now, as the number of devices used in hospitals and for various services grows, manual processes are likely to break. Automation is necessary. The process can now be streamlined and automated with a centralized IoT monetization platform. An automated process of delivering updates to organizations and the devices entitled to receive them improves their security stance, while also providing the digital infrastructure that can transform business for device manufacturers. Results include:
- Improving the speed of digital delivery of installations, updates, entitlements, and licenses
- Supply chain efficiency
- Optimizing field engineer visits to be aligned with the services that are most dependent on their knowledge
- Flexibility for the introduction of updates, even moving from yearly to daily, as appropriate
- Easily maintained service-level agreements (SLAs)
- Reduced variable costs
- Integration between systems, including quoting, order management, entitlement management, and electronic software container delivery, such as through Kubernetes deployment techniques to update entire applications
A complete view of all devices provides data about each customer, entitlements, the installed software, all update transactions, and notifications. These insights and the corresponding analytics provide an audit trail that helps the compliance process by showing the success (or failure) of an update, if each install was complete, and date and time stamp.
Automation Drives Monetization
Healthcare-as-a-service is turning to subscription, pay-per-use, and pay-per-outcome monetization models that help device manufacturers’ businesses grow. Knowing exactly what software is running where provides important data that can help drive profitability.
The automation provided by an IoT monetization platform can deliver valuable data. Insights include: how users are accessing applications or devices, what they’re enabled to do with that software, transactional data that isn’t personally identifiable information (PII) on the usage of those products, and metrics about how well updates and patches have held on various installations.
An automated end-to-end process, based on subscription and other entitlement information, helps stop revenue leakage that otherwise can occur if updates are delivered to non-eligible customers.
A central IoT monetization platform can also interface with backend systems (such as CRM, quoting, order management).
The resulting data available through a centralized monetization approach includes conditional notifications about IoT device data. This can be used to provide medical device manufacturers with upsell indicators, renewal risk indicators, customer and product growth indicators, and customized notifications that can help automate and optimize the quote to cash (Q2C) process.
Monitor, Then Monetize
A medical device manufacturer that wants to monetize data yielded from its products may choose to offer subscription monetization models or models that are pay-per-use or based on other usage criteria. Device manufacturers can begin optimizing how their devices are monetized by looking at the big picture of how to secure the devices and operationalize them efficiently.