Last updated at Mon, 13 Jul 2020 15:14:51 GMT

In our latest episode of Security Nation, we spoke with Nina Alli, executive director of the Biohacking Village, to discuss cybersecurity in the healthcare industry, from the role of informed medical consumerism to the influence of citizen science on patient advocacy and care.

A growing interest in biomedical security

Nina segued her unlikely professional background—which includes military service, two graduate degrees, and a stint at the front desk of a convent—toward her current position as the executive director of the Biohacking Village. This is a role she’s maintained for five of the organization’s six operational years.

Her interest in biomedical security began when she was programming an electronic medical records system as an implementation specialist. Her then-employer—a 22-location, multi-specialty hospital system in New York—offered to fund her way through a master’s program. While in academia, she took to translational medicine, which navigates processes from bedside to bench and bench to bedside (“bench” meaning the lab).

It was also in school that Nina began to see the need for advocating for security in medicine—much to the chagrin of her professors, who dismissed or downplayed the influence of security on healthcare systems. While Nina struggled to find others who shared her love of electronic medical records, she eventually came to work with those who agreed with her about their importance.

The issue spans legal as well as technical realms: Nina points to the murkiness surrounding patient privacy, transparency, and medical access laws. The lack of objectivity makes it difficult for physicians, clinicians, and medical staff to agree on the right path forward for protocol implementation—not to mention whether those protocols necessarily align with the intentions of the government.

The promise of interoperability in electronic medical records

Tracing the problem back to its roots shows the promise of interoperability undergirded the development of electronic medical records. Interoperability would allow an OB/GYN and a cardiologist to communicate about patient care or allow EMTs to verify prescription allergies or patient blood type if a patient had to switch hospitals. This would make pertinent medical background accessible to healthcare workers across different fields as well as in different locations.

But problems arise when you have people transcribing medical records who lack any patient-facing experience. What makes for a good medical workflow in the minds of clinicians and non-clinicians can vary considerably. Once implemented, changes in practice can result in insecure data, medical billings rejections, or situations where someone could get hurt. In light of the potential for error, it’s incumbent upon patients to do their part, and learn how to take a share of responsibility for their own treatment.

Citizen science: The role of patient self-advocacy

Despite our present age of informed consumerism, people often think they can’t speak up for themselves in healthcare. What patient advocacy means has never been terribly controversial—most everyone would readily agree there’s a difference between a patient who self-advocates and someone without medical training attempting to bully their physician into prescribing the drug from the flashy commercial. It’s not that people are afraid to speak up and change the status quo—it’s that they don’t know how.

When a pacemaker is needed, for example, it’s not as if the surgeon offers the patient a couple pamphlets to pore over at their leisure before selecting the appropriate medical device. Usually, it’s about getting to the operating suite, ASAP—and saving the questions for later. Life is unpredictable, and people needn’t be blamed for ignorance about medical devices. But we could all stand for continued education, if only to gain comfort and fluency in medical terminology.

The same goes just as much for others with greater expertise. It can be a humbling experience to recognize that you cannot speak with authority on one subject just because you’ve been educated elsewhere. But that “huh, I really do know nothing” moment of realization can be refreshing, too—a cue to take a breath and listen. Because all our voices are needed to ensure patient safety isn’t sacrificed.

Listen to the full podcast

Rapid7 would like to extend a big thank you to Nina for sharing her story and insights into the technical side of healthcare. Listen to the podcast in its entirety and make sure you subscribe so you don’t miss future episodes of Security Nation.