How Connected Medical Devices Can Protect PHI by Design

Smart, connected medical devices are transforming patient care—but they’re also creating new protected health information (PHI) exposure points at every turn. As soon as a device identifies a patient, logs an event or syncs with a cloud platform, it inherits real responsibilities around privacy, safety and compliance. Meeting expectations for PHI protection on medical devices requires more than patching issues after launch. It requires getting medical device security right from the start. 

Where PHI Gets Exposed in Connected Devices 

Most PHI exposures in medical devices don’t come from sophisticated cyberattacks or headline-grabbing breaches. They come from the ordinary, everyday ways devices collect, store and move data—often in places manufacturers never meant to handle sensitive information at all. Here are the most common exposure points we see across connected devices: 

• On-device storage: Devices routinely store PHI in local memory: readings, timestamps, event histories, alarm logs, audit trails, temporary caches. When this data isn’t encrypted or properly protected, it can be accessed by anyone with physical access to the device or through service interfaces that remain active in the field. 
• Data moving across networks: Device data flows through wireless channels, hospital networks, mobile apps and cloud servers. Any time PHI travels between systems, it’s vulnerable to interception, misrouting or visibility through misconfiguration—especially in complex clinical environments with mixed security practices. 
• Access pathways that stay open: Service ports, factory accounts, debug modes and shared credentials may be intended for development or maintenance, but if they remain enabled in production, they can expose PHI through unintended access. 
• Cloud and app ecosystems: Once PHI leaves the device, it enters an ecosystem of APIs, dashboards, analytics platforms and third-party integrations. Each connection point increases the chances of misconfigured permissions, excessive data sharing or unclear responsibility for protecting patient information. 
• Lifecycle transitions: PHI exposure doesn’t just happen during clinical use. Shipping, installation, field service, loaner pools and end-of-life disposal all create opportunities for sensitive data to surface unexpectedly—especially if data sanitization steps aren’t consistently applied. 

As connectivity and data use increase, so do the opportunities for that data to leak in routine, predictable ways. This is why secure-by-design thinking matters. Once manufacturers understand where PHI lives and how it moves, they can build in the protections that keep it from leaking in the first place. 

Rising Regulatory Expectations for PHI Protection on Medical Devices 

As connected devices take on more of the work of collecting, storing and transmitting PHI, regulators have expanded their expectations accordingly. Protecting patient data is now an essential part of demonstrating that a device is safe, effective and ready for real-world deployment. 

FDA has made this especially clear. Recent cybersecurity guidance and Section 524B requirements treat cybersecurity—and by extension PHI protection—as a core element of device safety. Manufacturers are now expected to: 

• follow a secure product development lifecycle, 
• provide a Software Bill of Materials (SBOM), 
• maintain patchability and vulnerability management plans, and 
• document how the device protects data across its full lifecycle. 

As proposed changes to the HIPAA Security Rule move forward, manufacturers should anticipate even greater emphasis on strong access controls and technical safeguards for electronic PHI (ePHI). 

While not mandatory, the NIST Cybersecurity Framework and related documents have become the de facto playbook for structuring device cybersecurity. They emphasize risk-based, lifecycle-oriented controls that align closely with how PHI moves through connected technologies. 

Protecting PHI Across the Medical Device Lifecycle 

Protecting PHI isn’t something that can be added at the end of development. It has to be designed in from the start. Because PHI shows up differently at each phase of a device’s life, manufacturers need a lifecycle mindset that considers where sensitive data originates, how it moves, where it accumulates and how it should be controlled. Security-by-design means thinking about PHI not just as a compliance requirement, but as a core design input that shapes architecture, engineering decisions and postmarket strategy.  

Each stage of the medical device lifecycle presents its own opportunities to either prevent or introduce risk. 

• Design and Architecture: Manufacturers need to understand exactly how PHI will enter the device, what data elements qualify as PHI, where that information will travel and how long it needs to live. Mapping these data pathways early—and minimizing PHI collection and retention wherever possible—prevents costly redesigns later and sets the foundation for secure-by-design development. 
• Development: Once the architecture is set, the focus shifts to building the controls that protect PHI in practice. That includes encrypting stored and transmitted data, implementing strong authentication, disabling debug or service interfaces, and ensuring logs don’t accidentally capture sensitive information. Technical execution at this stage determines whether PHI stays protected once the device leaves the lab. 
• Verification and Validation: Manufacturers must confirm that PHI is only stored where intended, that temporary and cached data is properly cleared, that the device remains secure under degraded or unusual operating conditions and that interoperability doesn’t introduce new exposure points.  
• Deployment and Clinical Use: Real-world environments introduce unpredictable risks. Devices may be configured quickly, connected to complex networks or maintained by multiple teams. Secure defaults, clear configuration guidance and the ability to patch vulnerabilities over time are essential.  
• End-of-Life and Decommissioning: PHI risk doesn’t end when a device stops operating. Data can persist in internal storage, removable media or system logs long after clinical use has ended. Manufacturers must provide validated wipe and sanitization procedures—consistent with standards like NIST 800-88—to ensure no PHI travels with a returned, resold or discarded device. 

These lifecycle considerations form the core of a defensible PHI protection strategy that satisfies FDA expectations, aligns with NIST guidance and supports emerging HIPAA updates. They also ensure that PHI is safeguarded not just in the device’s design, but everywhere the device goes and everything it touches throughout its life. 

At Battelle, we help medical device manufacturers put security-by-design into practice across the entire medical device lifecycle. Our medical device design and development teams work alongside clients from the earliest design concepts through development, testing, deployment and end-of-life planning to ensure PHI protection is intentional, consistent and built into every decision. By integrating robust architectural choices upfront and validating them throughout the lifecycle, we help manufacturers avoid late-stage rework, strengthen regulatory readiness and deliver connected devices that protect both patient data and patient trust from day one. 

Talk to a medical device expert.