About

TechNation is the primary monthly magazine and ultimate resource guide for over 12,000 medical equipment service professionals. Its diverse editorial and information helps biomedical, HTM, imaging and I.T. professionals keep their finger on the pulse of the healthcare technology community, helping advance their careers and further their profession.

Register Now: Modernizing HTM Economics | April 22
TechNation.TV | HTM Jobs | Right to Repair | Advertise
Subscribe

Future Roles and Job Descriptions

6 Mins Read

Future Roles and Job Descriptions

By Brian Bell

In the evolving landscape of healthcare technology, networking and cybersecurity is no longer a niche concern – it’s a critical component and every technician must understand how to work with teams who specialize in healthcare information systems (HIS). As more healthcare organizations integrate their biomedical equipment technician (BMET) and clinical engineering departments with healthcare information systems (HIS), the lines between service technician and cybersecurity responsibilities are increasingly blurred.

Today’s technicians and engineers must be equipped with the knowledge and skills to not only manage medical devices but also to safeguard them from evolving cyber threats. This shift raises important questions about how roles in healthcare technology management are changing and what expectations should be set for professionals at every level.

Drawing on the foundational work of the Association for the Advancement of Medical Instrumentation (AAMI), this article outlines best practices for healthcare technicians, from entry-level BMETs to senior clinical engineers with IT and systems integration expertise. While the specifics will vary by organization, these guidelines offer a starting point for building a robust cybersecurity talent framework that supports both device safety and patient data protection. It’s a team effort that requires continuous adaptation, collaboration, and education, ensuring that every member of the healthcare technology workforce is prepared to tackle the challenges ahead.

Why define?
As roles change rapidly with technology, job descriptions often lag. However, it’s important to continually assess job outlines, because if we are unable to articulate the new skills and knowledge needed – we will often lack a clear strategy to tackle the problem of an increasing talent gap. Of course, each local healthcare organization must adapt or modify to their need based on the local workforce, organizational structure, and national trends. In many cases, only a portion of the outlined responsibilities may be relevant, and in some cases, they may not be required at all. However, there has to be starting point to build on and develop robust expectations for our technicians of the future. Below is a list of best practices for cybersecurity, categorized by job levels and titles:

BMET 1: Entry-Level Technician

  • Implements basic cybersecurity defenses, such as password best practices and social engineering awareness. Ensure that user access to devices is controlled and that default passwords are changed in coordination with managers.
  • Ensures that all medical devices have up-to-date security patches and software updates. Document any security updates or patches applied to the devices in computerized maintenance software.
  • Performs regular checks to ensure antivirus software is installed and functioning when applicable.
  • Inventories and documents networking and security details of devices (such as static IP addresses). Maintains accurate records of all devices, including model numbers, serial numbers, and software versions.
  • Learns networking and security issues of medical devices through continual education courses.

BMET 2: Intermediate-Level Technician

  • Competently converses with networking and cybersecurity professionals on device safety.
  • Ensures medical devices are properly segmented within the network to prevent unauthorized access in coordination with IT departments.
  • Collaborates with IT to monitor network traffic for any signs of suspicious activity.
  • Knows and follows incident response procedures for suspected security breaches.
  • Assists in the investigation and remediation of cybersecurity incidents.
  • Promotes awareness of potential cybersecurity threats and how to mitigate them to fellow BMET and clinical staff.

BMET 3: Senior-Level Technician

  • Gains increased competency and experience on level 2 requirement.
  • Become an expert at device security and networking for their specialization.

HTM Manager

  • Leads efforts to develop and implement comprehensive cybersecurity policies and procedures for medical devices.
  • Assists in regular security audits and vulnerability assessments on medical devices.
  • Ensures that all devices and practices comply with relevant cybersecurity regulations and standards.
  • Stay updated on the latest regulatory changes and adjust practices accordingly.
  • Evaluates the cybersecurity practices of vendors and third-party service providers.
  • Ensure that all third-party devices and services meet the organization’s cybersecurity standards
  • Oversees the incident response process, ensuring thorough investigation and documentation. May assist in the forensic analysis of compromised devices to understand the root cause and prevent future incidents.
  • Stay informed about the latest cybersecurity threats and trends.
  • Leads efforts to continuously improve the organization’s cybersecurity posture.

Clinical Engineer with a Systems Integration/IT Focus:

  • Ensure that medical devices are integrated securely into the hospital’s IT infrastructure.
  • Implement advanced security measures like network segmentation, firewalls, and intrusion detection/prevention systems.
  • Develop and enforce cybersecurity policies and procedures for medical devices and their integration.
  • Stay informed about cybersecurity threats and trends, and update policies accordingly.
  • Ensure compliance with relevant cybersecurity regulations and standards (e.g., HIPAA, FDA guidelines, NIST frameworks).
  • Conduct audits and assessments to ensure compliance.
  • Implement encryption protocols for data transmission and storage.
  • Evaluates the cybersecurity practices of vendors and third-party service providers.
  • Ensures that all third-party devices and services meet the organization’s cybersecurity standards.
  • Includes cybersecurity requirements in contracts and service level agreements (SLAs).
  • Develop and maintain a robust incident response plan for medical device cybersecurity incidents.
  • Leads the investigation and remediation of cybersecurity incidents, including forensic analysis when necessary. Coordinates with IT and other relevant departments during incident response and recovery efforts.
  • Implements continuous monitoring of medical devices and network traffic to detect potential security threats.
  • Regularly reviews and updates cybersecurity measures to address new vulnerabilities and threats.
  • Provides ongoing training for clinical engineering staff on the latest cybersecurity best practices and threat awareness.
  • Promotes cross-departmental collaboration to ensure a unified approach to cybersecurity across clinical and IT teams.

By following these best practices tailored to each level, healthcare organizations can significantly enhance their cybersecurity efforts, protecting their medical devices and patient data from potential threats. By defining the need, management can also make a case for increases to salary bands and often justify increases in pay by documenting the shift to high-paid skills and knowledge. At least that is the hope, and as pay increases managers will be able to attract larger pools of talent and increase efficiency of their organizations. This article is adapted, with full permission from the author, from chapter 16 of Medical Device Networking and Cybersecurity: a technicians guide to networking and protective interconnected healthcare devices. The full book is found here – https://htm-workshop.com/shop/medical-device-networking-and-cybersecurity/

Brian Bell, Ph.D., teaches courses in engineering technology with a focus on biomedical engineering technology.
Share.

Related Posts

Add A Comment

Leave A Reply

X