EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Patient informed consent, ethical and legal considerations in the context of digital vulnerability with smart, cardiac implantable electronic devices

Leanne N S Torgersen, Stefan M Schulz, Ricardo G Lugo and Stefan Sütterlin

PLOS Digital Health, 2024, vol. 3, issue 5, 1-17

Abstract: Advancements in digitalisation with cardiac implantable electronic devices (CIEDs) allow patients opportunities for improved autonomy, quality of life, and a potential increase in life expectancy. However, with the digital and functional practicalities of CIEDs, there exists also cyber safety issues with transferring wireless information. If a digital network were to be hacked, a CIED patient could experience both the loss of sensitive data and the loss of functional control of the CIED due to an unwelcome party. Moreover, if a CIED patient were to become victim of a cyber attack, which resulted in a serious or lethal event, and if this information were to become public, the trust in healthcare would be impacted and legal consequences could result. A cyber attack therefore poses not only a direct threat to the patient’s health but also the confidentiality, integrity, and availability of the CIED, and these cyber threats could be considered “patient-targeted threats.” Informed consent is a key component of ethical care, legally concordant practice, and promoting patient-as-partner therapeutic relationships [1]. To date, there are no standardised guidelines for listing cybersecurity risks within the informed consent or for discussing them during the consent process. Providers are responsible for adhering to the ethical principles of autonomy, beneficence, non-maleficence, and justice, both in medical practice generally and the informed consent process specifically. At present, the decision to include cybersecurity risks is mainly left to the provider’s discretion, who may also have limited cyber risk information. Without effective and in-depth communication about all possible cybersecurity risks during the consent process, CIED patients can be left unaware of the privacy and physical risks they possess by carrying such a device. Therefore, cyber risk factors should be covered within the patients’ informed consent and reviewed on an ongoing basis as new risk information becomes available. By including cyber risk information in the informed consent process, patients are given the autonomy to make the best-informed decision.Author summary: Cardiac implantable electronic devices (CIEDs) allow patients opportunities for improved autonomy and quality of life. However, CIEDs possess cyber safety issues and patients may not be aware of these risks. As there has not been a case made public yet of a patient with a CIED becoming victim to a cyber attack, one could rationalise these cyber attacks as presently being only speculative in nature. However, the chance of such an attack occurring is increasing as these devices possess known cyber vulnerabilities, which have been published for over a decade. In addition, to date, there are no standardised guidelines for identifying cybersecurity risks within the informed consent or for discussing them during the consent process. With these safety concerns, we theorise: (1) Cyber risk scenarios are difficult to plan for as they constitute an “ambiguous threat” and result in ineffective protective measures; (2) cyber threats can impair trust in the device, the treatment plan and the patient provider relationship; and (3) the perceived threat to CIED patients is elevated because CIEDs are mobile with the patient, the threat can not be quantified, and the cyber risk stress to the patient can be higher than from a technical malfunction. Institutions and providers that have not informed their CIED patients about cybersecurity risk(s) are implicitly altering patients’ risk perceptions and treatment choices. From conducting a literature search and review, we discuss our findings and provide suggestions to the ever-increasing safety challenges with cybersecurity and the emerging “patient-targeted threat” to CIED patients. We assess the ethical implications and propose solutions for continued adherence to patient-centered care (PCC) practices and for validation of the informed consent process and content.

Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://journals.plos.org/digitalhealth/article?id=10.1371/journal.pdig.0000507 (text/html)
https://journals.plos.org/digitalhealth/article/fi ... 00507&type=printable (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:plo:pdig00:0000507

DOI: 10.1371/journal.pdig.0000507

Access Statistics for this article

More articles in PLOS Digital Health from Public Library of Science
Bibliographic data for series maintained by digitalhealth ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-05-31
Handle: RePEc:plo:pdig00:0000507