Purpose: This study aimed to develop a comprehensive framework to enable the identification of risks pertaining to data security, privacy and confidentiality when using medical Internet of Things (IoT) devices.

Design/methodology/approach: A qualitative, non-empirical study was undertaken to identify data-related risks when using medical IoT devices using a systematic literature review and two governance frameworks.

Findings/results: Within the medical field, risks of using IoT are concentrated around data security, privacy and confidentiality throughout the data lifecycle prevalent within each layer of the IoT architecture. A comprehensive framework was developed to identify these risks at each layer within the architecture in order to facilitate sound information technology (IT) and data governance.

Practical implications: This research documents evidence of the risks posed by IoT devices within the medical field particularly pertaining to IoT data. It provides those charged with governance with a tool to identify all significant risks in this field that is compliant with Health Insurance Portability and Accountability Act and Control Objectives for Information and related Technology 2019.

Originality/value: This research provides a comprehensive framework that can be used by those in charge of governance including IT specialist for risk identification during implementation for sound IT and data governance of medical IoT devices using recognised benchmarks. The use of the benchmarks ensures that all significant risks are identified, compared to previous research that identified risks in an ad hoc manner.

Subscribe to our newsletter

Get specific, domain-collection newsletters detailing the latest CPD courses, scholarly research and call-for-papers in your field.

South African Journal of Business Management    |    ISSN: 2078-5585 (PRINT)    |    ISSN: 2078-5976 (ONLINE)