ABSTRACT
Introduction
Medical device (MD)-integrated (I) electronic medical record (EMR) (MDI-EMR) poses cyber threats that undermine patient safety, and thus, they require effective control mechanisms. We reviewed the related literature, including existing EMR and MD risk assessment approaches, to identify MDI-EMR comprehensive evaluation dimensions and measures.
Areas covered
We searched multiple databases, including PubMed, Web of Knowledge, Scopus, ACM, Embase, IEEE and Ingenta. We explored various evaluation aspects of MD and EMR to gain a better understanding of their complex integration. We reviewed numerous risk management and assessment frameworks related to MD and EMR security aspects and mitigation controls and then identified their common evaluation aspects. Our review indicated that previous evaluation frameworks assessed MD and EMR independently. To address this gap, we proposed an evaluation framework based on the sociotechnical dimensions of health information systems and risk assessment approaches for MDs to evaluate MDI-EMR integratively.
Expert opinion
The emergence of MDI-EMR cyber threats requires appropriate evaluation tools to ensure the safe development and application of MDI-EMR. Consequently, our proposed framework will continue to evolve through subsequent validations and refinements. This process aims to establish its applicability in informing stakeholders of the safety level and assessing its effectiveness in mitigating risks for future improvements.
Article highlights
MDI-EMR has transformed healthcare services. However, it is vulnerable to cyber threats, posing risks to patient and information security, necessitating the implementation of effective control mechanisms.
The limitations of existing frameworks emphasize the need for a holistic evaluation framework to effectively assess MDI-EMR.
Evaluating cyber threats to medical devices can be achieved through risk assessment, including risk analysis, risk evaluation, threat categorization and risk monitoring and control.
We have proposed a new framework designed to evaluate cyber threats to MDI-EMR comprehensively.
Declaration of interests
The authors have no relevant affiliations or financial involvement with any organization or entity with a financial interest in or financial conflict with the subject matter or materials discussed in the manuscript. This includes employment, consultancies, honoraria, stock ownership or options, expert testimony, grants or patents received or pending, or royalties.
Reviewer disclosures
Peer reviewers on this manuscript have no relevant financial or other relationships to disclose.
Author contribution statement
All authors should have (1) substantially contributed to the conception and design of the review article and interpreting the relevant literature, and (2) been involved in writing the review article or revised it for intellectual content.