Premium
Ethical and Legal Implications of Remote Monitoring of Medical Devices
Author(s) -
COHEN I. GLENN,
GERKE SARA,
KRAMER DANIEL B.
Publication year - 2020
Publication title -
the milbank quarterly
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 1.563
H-Index - 101
eISSN - 1468-0009
pISSN - 0887-378X
DOI - 10.1111/1468-0009.12481
Subject(s) - health insurance portability and accountability act , internet privacy , raw data , context (archaeology) , general data protection regulation , documentation , confidentiality , computer science , information privacy , data collection , accountability , digital health , relay , software portability , data protection act 1998 , computer security , health care , business , political science , law , sociology , social science , power (physics) , physics , quantum mechanics , paleontology , biology , programming language
Policy Points Millions of life‐sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user‐downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device‐collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices.Context Millions of life‐sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user‐downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored. Methods Using pacemakers and implantable cardioverter‐defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records. Findings Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device‐collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the “little sister” of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device‐derived data. Conclusions Current health privacy legislation incompletely supports patients’ normative claims for access to digital health data.