In an era of wrist worn wearables and other emerging wearable technologies, the American Bar Association has published an article examining some of their legal ramifications.
The rise of ambient computing
AI-powered wearables include smart watches, fitness trackers, glasses, headsets, knee braces, ear buds, implanted devices, rings and other patient-centred wearable health devices. For example, Apple Watch has a built-in electrocardiogram monitoring heart rhythms and atrial fibrillation. Smart sweat sensors can detect dehydration and inflammation biomarkers in patients.
Digital health implications
Wearable health devices are useful in empowering users to monitor their own health and to broaden access to medical knowledge. They can be a relevant and helpful input in telemedicine enabling doctors to download information from patients. As the functions in wearables continue to expand, the interplay between wearables and digital health is facing increased regulatory scrutiny.
Some legal issues to consider arising from wearable technology include:
- Liability: Wearable manufacturers failing to detect a health risk could become liable if the user becomes ill or suffers harm. Software programs were previously considered a service or good rather than a product, so benefited from a lower liability than product liability. However, if wearable AI software programs cause injury – such as with autonomous vehicles and robotic surgeries – if there is a product defect it will likely be subject to product liability. Wearable manufacturers could be held liable for insufficient warning labels, punitive damages and class actions.
Apart from wearable manufacturers, a physician receiving data from a patient’s wearable could also be liable under medical malpractice if s/he fails to provide reasonable care to mitigate a pending health problem indicated in the patient’s data. To date there is minimal case law on a physician’s duty to monitor a patient’s wearable data.
- Privacy: wearable AI devices rely on large datasets. In the US, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law mandating national standards on privacy (and security) to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. HIPAA, however, only covers data streamed to the patient’s physician. Data not sent to the physician is not protected by HIPAA and therefore not afforded the same privacy protections.
- Security: Cybercriminals and hackers can target data storage. Wearable devices usually have fewer security protections and updated firewalls compared to a laptop, smartphone or web-based storage site. For example, MyFitness Pal was hacked in 2018, exposing the data of up to 150 million users subsequently sold on the dark web.
- Data accuracy: Data needs to be accurate to be reliable especially in digital health. False positives can lead to unnecessary testing and overtreatment and mislead physicians when making a diagnosis. In 2017, a Stanford study found seven wearable fitness trackers poorly estimated calories burned. FDA approval is not currently required for most wearables. FDA approval is only required for wearables used to diagnose or treat specific, identified diseases.
- Bias: AI-based algorithms used in healthcare, facial recognition systems, criminal sentencing and employment can produce discriminatory results when data collected and used to train algorithms are biased.
Wearable devices as medical devices
The more pertinent issue is arguably the regulatory classification of wearables. FDA approval is not currently required for most wearables. FDA approval is only required for wearables used to diagnose or treat specific, identified diseases. The FDA has cybersecurity guidance for wearables classified as medical devices: a device manufacturer must implement a risk management program.
The ABA paper suggests that the FDA should explore implementing regulatory approvals and monitoring for a wider range of wearables including those that measure wellness or lifestyle factors. But the ABA also suggests a more ‘light handed’ approach where wearable manufacturers would self-certify by answering questions about their product and make them available for consumers and physicians.
The regulatory position could be much stricter in Australia. The Therapeutic Goods Administration (TGA) is responsible for classifying and regulating medical devices. Earlier this year the TGA consulted on amending classification rules for software-based products. Whilst the TGA does not regulate merely health and lifestyle apps or wellness devices, software products become a medical device when they are intended to perform a medical function such as providing information to monitor a disease, specifying a treatment or are controlling a hardware medical device.
Previously, medical devices with software have been self-regulated Class I devices. Amendments re-classify software under four categories to ensure they are subject to appropriate scrutiny and manufacturing safeguards: (i) software intended for screening and diagnosing a disease/condition; (ii) software intended for monitoring the progression of a disease; (iii) software intended for recommending treatment; and (iv) software intended for providing therapy via the provision of information. The new classification rules will now also consider the harm that could be caused by incorrect information and this can affect the classification of the software. Exemptions may also apply if the inappropriate use of software would not result in significant harm.
Apps meeting the definition of a medical device require TGA certification. For example, smart phone apps calculating insulin doses based on a patient’s blood glucose levels are caught by TGA regulations. Software, however, that merely enables individuals to keep track of their health information (e.g. asthma attacks, blood pressure) are not medical devices.
As wearables become more mainstream in digital health and with AI developments increasing their functions and use, the lines between software as medical devices and purely health and lifestyle apps are starting to blur. With the accelerating pace of medical technology post-COVID, treating a broad range of medical software-enabled devices in the same way as traditional medical devices could be the proverbial ‘square peg in a round hole’, and impair the process of innovation.