Abstract
The Internet of Medical Things (IoMT) is a rapidly expanding network of medical devices, sensors, and software that exchange patient health data. While IoMT supports personalized care and operational efficiency, it also introduces significant privacy risks, especially when handling sensitive health information. Data Identification and Classification (DIC) are therefore critical for distinguishing which data attributes require stronger safeguards. Effective DIC contributes to privacy preservation, regulatory compliance, and more efficient data management. This study introduces SDAIPA (SDAIA-HIPAA), a standardized hybrid IoMT data classification framework that integrates principles from HIPAA and SDAIA with a dual risk perspective-uniqueness and harm potential-to systematically classify IoMT health data. The framework's contribution lies in aligning regulatory guidance with a structured classification process, validated by domain experts, to provide a practical reference for sensitivity-aware IoMT data management. In practice, SDAIPA can assist healthcare providers in allocating encryption resources more effectively, ensuring stronger protection for high-risk attributes such as genomic or location data while minimizing overhead for lower-risk information. Policymakers may use the standardized IoMT data list as a reference point for refining privacy regulations and compliance requirements. Likewise, AI developers can leverage the framework to guide privacy-preserving training, selecting encryption parameters that balance security with performance. Collectively, these applications demonstrate how SDAIPA can support proportionate and regulation-aligned protection of health data in smart healthcare systems.