• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

Wearable Medical Devices Can Raise Issues for Healthcare Professionals

Article

How data privacy, cybersecurity, ethics and malpractice intersect.

wearables privacy,wearables risk,hipaa wearables,wearable technology

Wearable technology has many benefits but also brings privacy concerns.

More than 100 million Americans are battling chronic diseases such as diabetes, high blood pressure and heart disease, but exciting new technology is being employed to improve the treatment of these conditions. Healthcare professionals are increasingly likely to suggest that patients wear a medical device to monitor their condition.

Such devices and the sophisticated apps that support them are believed to improve care by providing constant monitoring that could potentially save lives. Their use may also reduce healthcare costs by slashing the need for office visits that would otherwise be necessary to monitor a patient’s progress. Wearable medical devices may provide data that can help healthcare professionals understand how a single patient’s multiple chronic conditions interact and support research efforts through anonymized data.

>> READ: Wearable Technology Is the Future of Healthcare

However, the use of wearable medical devices gives rise to several important legal issues that healthcare professionals should consider before recommending them. Below is a broad overview of a few things that healthcare professionals should consider as the use of these tools expands.

Wearable Technology and Data Privacy

Data privacy concerns are paramount. A disparate assortment of state and federal laws imposes requirements on the disclosure of, and occasionally use of, health information. Providers should familiarize themselves with all applicable laws and ensure their practices conform to applicable requirements.

Privacy compliance obligations may require that a physician limit access to the streaming patient data to nurse practitioners, physician assistants or other clinicians who are also providing care. Providers also need to ensure that accurate and timely documentation is added to the patient’s electronic health record (EHR). Providers should explain to their patients what data are being collected and how they will be used before securing the patients’ informed consent.

Wearable Technology and Cybersecurity

The collection of the electronic health data from wearable technology not only requires compliance with federal and state privacy laws relating to notice and consent, but it also raises a risk that an internet-connected device could be vulnerable to cyberattacks.

The U.S. Food and Drug Administration (FDA) is keenly focused on this risk and has issued guidance for pre-market and post-market management of cybersecurity in medical devices. Device manufacturers are responsible for providing security updates to their software to address vulnerabilities, and when these updates do not impact device functionality or their intended use, the updates do not require FDA review. But where a cyber security vulnerability poses a uncontrolled risk of patient harm, the product could be recalled.

In the event of a recall related to cybersecurity or another product malfunction, healthcare professionals must be prepared to address them in a timely manner. They should establish a procedure to update patients’ devices with new versions of software, monitoring applications to notify patients of recalls. Although a device manufacturer traditionally has a duty to warn consumers about a recall, healthcare professionals likely have the strongest ongoing contact with affected patients, and they should be prepared to use that relationship to facilitate recalls for their patients. In the event of an update or recall, they should implement these procedures and thoroughly document the steps they have taken to notify all affected patients.

>> LISTEN: Wearables Are Saving Human Lives. Can They Save Hospitals Too?

Just last month, the FDA released a cybersecurity “playbook” for healthcare delivery organizations. The “playbook,” which was developed in cooperation with MITRE Corporation, aims to enhance the ability of healthcare organizations to respond to any cyberattack or incident that affects medical devices. In addition to responding to vulnerabilities in connected medical devices, healthcare delivery organizations and healthcare professionals must also scrutinize their own data security practices. To protect data being relayed from a patient’s monitoring device, healthcare professionals should regularly take steps to ensure the security of their computer networks, install and regularly update anti-virus programs and firewalls and implement password policies that require extensive passwords and regular password changes.

Wearable Technology and Medical Ethics

Providers who incorporate wearable medical devices into their patient treatment plans should also take pains to comply with all fraud and abuse laws. This means they should avoid accepting anything of value in exchange for recommending the use of a wearable medical device. The U.S. Department of Justice and whistleblowers regularly bring false claims act suits against healthcare professionals alleging they violated the Anti-Kickback Statute by accepting remuneration in exchange for recommending the use of a device covered by the federal healthcare programs.

As of Jan. 1, 2018, Medicare provides coverage for a monthly recurring reimbursement for remote patient monitoring services. Healthcare professionals should implement thorough compliance measures to ensure their billing for remote patient monitoring is compliant with the requirements of insurers and federal healthcare programs like Medicare or Medicaid and to prevent False Claims Act exposure.

Wearable Technology and Medical Malpractice

Finally, a number of unanswered questions about wearable medical devices may also shape future malpractice cases. It is currently universally unclear when the monitoring of a wearable medical device creates a physician-patient relationship requiring a duty of care. In addition, it is universally unclear whether, and in what circumstances, a physician’s decision to use — or not use — a wearable medical device in a treatment plan could constitute a breach of that duty of care. Moreover, once a wearable device is being worn, malpractice questions could arise about whether the data were timely and accurately reviewed. Providers should monitor developments in this area of the law for guidance on these issues.

The Takeaway

Wearable medical devices have the potential to significantly shape the practice of medicine and the regulatory landscape that covers it. As providers continue to incorporate them into their treatment plans, they should do so with a clear eye on the relevant legal and regulatory requirements. Open questions about the scope of potential liability related to the use of wearable medical devices and fast-developing regulatory guidance require continued monitoring.

Stephanie L. Carman and Rebecca H. Umhofer are attorneys who work for Hogan Lovells.

Get the best insights in healthcare analytics directly to your inbox.

Related

Healthcare, Wearables and the Fourth Industrial Revolution

How Telemedicine Helps Victims Heal After Tragedies

The Long-Term Effects of Participating in Reddit’s Mental Health Communities

Related Videos
Image: Ron Southwick, Chief Healthcare Executive
Related Content
Image credit: ©tippapatt - stock.adobe.com

Healthcare mergers may face more questions about cybersecurity

April 18th 2024
Article

In the wake of the Change Healthcare attack, regulators may look more closely at protections for data privacy as they examine deals, experts say.

The rise of third party cyberattacks in healthcare | Data Book podcast

The rise of third party cyberattacks in healthcare | Data Book podcast

March 11th 2024
Podcast

Dan Dodson, the CEO of Fortified Health Security, talks about the risks to hospitals, AI in attacks and defense, and what health systems can do to protect themselves.

Image credit: American Hospital Association

Change Healthcare cyberattack: Health leaders ask Congress for help with cybersecurity

April 17th 2024
Article

During a House panel hearing on the attack, hospital and health industry leaders urge lawmakers to help deal with attacks from ransomware groups.

Hospitals face evolving threats from cyberattacks | Data Book podcast

Hospitals face evolving threats from cyberattacks | Data Book podcast

December 7th 2023
Podcast

Michael Hamilton, founder and chief information security officer of Critical Insight, talks about trends in attacks and emerging threats in the coming year.

Image: Ron Southwick, Chief Healthcare Executive

Change Healthcare cyberattack: Lawsuits emerge, and more are coming

April 5th 2024
Article

Several suits have already been filed and others are expected due to the ransomware attack that has affected hospitals and providers nationwide.

Image: Ron Southwick, Chief Healthcare Executive

American Hospital Association CEO talks about Change Healthcare ransomware attack and cybersecurity

April 4th 2024
Article

Rick Pollack discussed the cyberattack and its ramifications at the Hospital + Healthcare Association of Pennsylvania Leadership Summit.

© 2024 MJH Life Sciences

All rights reserved.