Better Rehabilitation, Faster Recovery

Wearable Devices Offer a Wealth of Information – But How Do Healthcare Providers Know They’re Secure?

June 5th 2019 in Medical Devices
wearable medical devices

Wearable technology—which a decade ago seemed to be for fitness enthusiasts only—is being adopted by various industries at an astonishing rate, with the overall market for wearables expected to reach $51.6 billion by 2022.

Much of this growth is being driven by healthcare, now that there is ample evidence that the devices can help patients adhere to medication schedules, recover faster from procedures and better track their health.

A growing number of hospitals and clinics want to send patients home with a wearable device, but find they must choose from dozens of available options. It’s difficult to tell which wearables can safely store and transmit sensitive health information, and which have been blessed by regulators for actual medical use.

Fortunately, there are steps that any healthcare provider can take before making purchasing decisions to ensure that any wearable device is up to the task of collecting, storing and sharing medical information.

Understanding FDA Classifications

Instead of simply trusting marketing language from wearable device makers, confirm that the device you are considering is registered with the FDA.

The first step in this process is determining whether the device has been deemed a minimal-risk application.

According to the FDA, “minimal risk” apps are only intended for one or more of the following:

  • helping users self-manage their condition without providing specific treatment suggestions
  • providing users with simple tools to organize and track their health information
  • providing easy access to information related to health conditions or treatments
  • helping users document, show or communicate potential medical conditions to providers
  • automating simple tasks for health care providers
  • enabling users or providers to interact with Personal Health Records (PHR)
  • enabling users or providers to interact with Electronic Health Record (EHR) systems
  • transferring, storing, displaying or converting format of medical device data

As most wearables are used for monitoring, they will likely fall in the minimal risk use-case category. The FDA focuses its regulatory oversight on a small subset of apps that may impact the performance or functionality of currently regulated medical devices or may independently pose a greater risk to consumers if they don’t work as intended. 

The FDA classifies medical devices into three categories based on the risk the devices pose to consumers, intended use, and indications for use. Class I devices — the classification of most wearables — are considered low risk and subject to the least regulatory controls. 

Medical device manufacturers, regardless of classification, will need to register their company and list the devices they market in the FDA’s device registration and listing database. A simple search on the FDA website should yield appropriate results.

The FDA also publishes a list of excluded devices, or those that don’t require approval.

Understanding HIPAA Compliance

HIPAA laws, which govern the collection, storage and sharing of identifiable medical information, are strict, and no provider wants to fall afoul of them. These laws govern how information such as social security numbers and medical history is handled safely.

After learning all you can about the maker of a wearable device on the FDA’s website, look for information on the company website regarding HIPAA compliance. If the information is not available, call or email the company and ask questions about the way they handle data. Don’t be afraid to get technical and expect detailed answers.

How exactly does your application store data?
How is the data encrypted as it moves from one device to another and when it is stored?

The company should not shy away from these questions. A company you can trust will offer convincing, detailed answers.

Ask whether the company has ever been audited by a third party for HIPAA compliance. If it has, you can request that report.

Understanding the FTC Act

Technology companies make bold claims. But unfortunately, some claims by wearable technology companies about HIPAA compliance and FDA clearance have been found to be untrue.

The FTC Act prohibits deceptive or unfair acts or practices. It is illegal to make deceptive or misleading claims to consumers.

As such, it is important that the company you engage with have a good reputation and that their marketing message doesn’t over promise on what the wearable device can do.

Companies offering wearables that protect patient data should also have white papers published in scientific journals and relevant magazines demonstrating the validity and the security of the device. A good way to check is via online scholarly databases such as ResearchGate, Google Scholar, IEEE, PubMed and ScienceDirect.

There are a lot of great wearable devices on the market today, and many of these can help patients achieve better health outcomes. Many can help hospitals and clinics run more efficiently but reading websites and marketing claims won’t be enough when it comes to purchasing decisions. You need to know the makers of the device will be able to keep protected medical information secure. The information you need to make the right decision is at your fingertips – you just need to know where to look.

At MIO, we create wearable technologies for research and health and fitness, so we have a deep understanding of the regulations associated with collecting, storing and sharing medical information. Contact us to help you with your wearable decisions.