Original Research - Special Collection: Corporate Governance

IoT medical device risks: Data security, privacy, confidentiality and compliance with HIPAA and COBIT 2019

Na-ella Khan, Riaan J. Rudman
South African Journal of Business Management | Vol 56, No 1 | a4796 | DOI: https://doi.org/10.4102/sajbm.v56i1.4796 | © 2025 Na-ella Khan, Riaan J. Rudman | This work is licensed under CC Attribution 4.0
Submitted: 15 July 2024 | Published: 19 February 2025

About the author(s)

Na-ella Khan, School of Accountancy, Faculty of Economic Management Sciences, Stellenbosch University, Cape Town, South Africa
Riaan J. Rudman, School of Accountancy, Faculty of Economic Management Sciences, Stellenbosch University, Cape Town, South Africa

Abstract

Purpose: This study aimed to develop a comprehensive framework to enable the identification of risks pertaining to data security, privacy and confidentiality when using medical Internet of Things (IoT) devices.

Design/methodology/approach: A qualitative, non-empirical study was undertaken to identify data-related risks when using medical IoT devices using a systematic literature review and two governance frameworks.

Findings/results: Within the medical field, risks of using IoT are concentrated around data security, privacy and confidentiality throughout the data lifecycle prevalent within each layer of the IoT architecture. A comprehensive framework was developed to identify these risks at each layer within the architecture in order to facilitate sound information technology (IT) and data governance.

Practical implications: This research documents evidence of the risks posed by IoT devices within the medical field particularly pertaining to IoT data. It provides those charged with governance with a tool to identify all significant risks in this field that is compliant with Health Insurance Portability and Accountability Act and Control Objectives for Information and related Technology 2019.

Originality/value: This research provides a comprehensive framework that can be used by those in charge of governance including IT specialist for risk identification during implementation for sound IT and data governance of medical IoT devices using recognised benchmarks. The use of the benchmarks ensures that all significant risks are identified, compared to previous research that identified risks in an ad hoc manner.


Keywords

IoT; data governance; health-care; HIPAA; COBIT 2019

JEL Codes

M42: Auditing

Sustainable Development Goal

Goal 9: Industry, innovation and infrastructure

Metrics

Total abstract views: 2964
Total article views: 8460

 

Crossref Citations

1. Intrusion Detection in Internet of Medical Things Using Digital Twins—A Review
Tony Thomas, Ravi Prakash, Soumya Pal
Computers, Materials & Continua  vol: 84  issue: 3  first page: 4055  year: 2025  
doi: 10.32604/cmc.2025.064903

2. Evaluating actor engagement in healthcare innovation ecosystems: a management tool for SME participation
Chibuike Mbanefo, Sara Grobbelaar
Social Sciences & Humanities Open  vol: 12  first page: 102206  year: 2025  
doi: 10.1016/j.ssaho.2025.102206

3. The State of Practice About Security in Telemedicine Systems in Chile: Exploratory Study
Gaston Marquez, Michelle Pacheco, Priscilla Vergara, Felix Liberona, May Chomalí, Eric Rojas
JMIR Medical Informatics  vol: 13  first page: e77395  year: 2025  
doi: 10.2196/77395