FDA confirms 'very light touch' regulation for Apple Watch, other wearables

Posted:
in Apple Watch edited March 2015
Wearable devices that collect and collate personal health data, such as the forthcoming Apple Watch, are unlikely to fall under the thumb of the U.S. Food and Drug Administration as long as manufacturers stay away from medical diagnosis, an agency representative said this week.




"We are taking a very light touch, an almost hands-off approach," FDA associate director for digital health Bakul Patel told Bloomberg. "If you have technology that's going to motivate a person to stay healthy, that's not something we want to be engaged in."

Patel's statement tracks with guidelines that the agency released for comment in January, when it revealed that it would not seek to regulate wearables marketed under the "general wellness" umbrella.

Under those guidelines, wearable manufacturers would be allowed to make claims that their device could help with issues such as weight management, physical fitness, relaxation or stress management, mental acuity, self-esteem, sleep management, or sexual function. Claims of diagnosis or treatment of specific diseases, such as obesity, eating disorders, anxiety, autism, muscle atrophy, or erectile dysfunction, would subject the device to FDA scrutiny.

"We are focusing only on the higher end of technology," Patel added. "What are benefits to public health against the risks to public health? We always try to balance that."

While both Apple and Google have met with FDA representatives about their respective wearable programs, the agency remains worried about the potential for a disconnect between Silicon Valley and Washington, given that the market generally outpaces bureaucratic change. To address that, the FDA will hire a new senior-level liaison to improve relations and communications, with the goal of enabling innovation while keeping the public safe.

"We have to be confident in what we are getting," Patel said. "The trajectory is there [for diagnosis via biometric monitoring] and all signals are headed that way, but by the same token the research and science should get us that confidence. It boils down to will it work or not."
«1

Comments

  • Reply 1 of 21
    jm6032jm6032 Posts: 147member
    Quote:

    Originally Posted by AppleInsider View Post





    ...Under those guidelines, wearable manufacturers would be allowed to make claims that their device could help with issues such as weight management, physical fitness, relaxation or stress management, mental acuity, self-esteem, sleep management, or sexual function...



     

    Wow! What an advertisement!

  • Reply 2 of 21
    john.bjohn.b Posts: 2,720member

    What about HIPPA laws?

  • Reply 3 of 21
    Quote:

    Originally Posted by John.B View Post

     

    What about HIPPA laws?


    What about them?

  • Reply 4 of 21
    jm6032jm6032 Posts: 147member
    Quote:

    Originally Posted by John.B View Post

     

    What about HIPPA laws?


    As anantksundaram asked, "What about them?" I don't believe they apply to data you gather about yourself and subsequently record whether this recording is done an a piece of paper or on an electronic device. If you choose to share your data, that's a decision you can make--post it on facebook if you wish.

  • Reply 5 of 21
    blastdoorblastdoor Posts: 1,918member

    I suspect the capability of these devices to act as diagnostic tools will come first, and the permission to make the claim will come second. 

  • Reply 6 of 21
    prolineproline Posts: 191member
    All well and good for the manufacturers who will carefully avoid anything that looks like diagnosis, but what happens when customers and third parties use the info for diagnosis? Just having 24 hour heart rate monitoring is enough to catch certain arrhythmias, so we're about to find out...
  • Reply 7 of 21
    gatorguygatorguy Posts: 20,603member
    jm6032 wrote: »
    As anantksundaram asked, "What about them?" I don't believe they apply to data you gather about yourself and subsequently record whether this recording is done an a piece of paper or on an electronic device. If you choose to share your data, that's a decision you can make--post it on facebook if you wish.
    The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant. Of the larger cloud services only Apple and Dropbox are non-compliant so I'd imagine at some point in the near future they'll fall in line.
  • Reply 8 of 21
    Quote:
    Originally Posted by jm6032 View Post
    As anantksundaram asked, "What about them?" I don't believe they apply to data you gather about yourself and subsequently record whether this recording is done an a piece of paper or on an electronic device. If you choose to share your data, that's a decision you can make--post it on facebook if you wish.


     

     

    Quote:
    Originally Posted by Gatorguy View Post

    The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant.

    Also, I think that HIPAA is enforced by the Dept of HHS. The FDA has nothing to do with it.

  • Reply 9 of 21
    gatorguygatorguy Posts: 20,603member

    Also, I think that HIPAA is enforced by the Dept of HHS. The FDA has nothing to do with it.
    Actually it's the Office of Civil Rights AFAIK
  • Reply 10 of 21
    jm6032jm6032 Posts: 147member
    Quote:

    Originally Posted by Gatorguy View Post





    The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant.

    Yes, but this data is not gathered by Apple. It is gathered by you using Apple devices.

  • Reply 11 of 21
    gatorguygatorguy Posts: 20,603member
    jm6032 wrote: »
    Yes, but this data is not gathered by Apple. It is gathered by you using Apple devices.
    The other cloud providers don't gather it either. They're storage services. :\

    Where it could possibly matter whether the cloud service is compliant is if some of the parties use Apple's iCloud to store identifiable health data.

    EDIT: Forgot to mention that the onus would be on the provider storing health data there and not Apple themselves. That's perhaps the reason Apple refuses to sign a Business Associate Agreement (BAA) which would then make them potentially liable too.
  • Reply 12 of 21
    robin huberrobin huber Posts: 3,262member
    As usual, Apple will not be the first, but it will be the most financially successful in the wearables arena. The good news for competitors and also-rans is that Apple's rising tide will float all boats. Brace yourselves for the Popeil "wrist medical center" that will stimulate hair growth and make your dick hard.
  • Reply 13 of 21
    jmc54jmc54 Posts: 202member



    A little hazy about what arrhythmias it would catch as the watch can only record rate. For instance, is the rate 140 because you went up a flight of stairs or because your in rapid atrial fibrillation or ventricular tachycardia? Is your rate 40 because your taking a dump(valsalva), having a heart attack or just very healthy!

    Quote:

    Originally Posted by proline View Post



    All well and good for the manufacturers who will carefully avoid anything that looks like diagnosis, but what happens when customers and third parties use the info for diagnosis? Just having 24 hour heart rate monitoring is enough to catch certain arrhythmias, so we're about to find out...

  • Reply 14 of 21
    jmc54jmc54 Posts: 202member
    Quote:

    Originally Posted by jm6032 View Post

     

    Yes, but this data is not gathered by Apple. It is gathered by you using Apple devices.




    HIPPA doesn't come into play on any level. That law protects information obtained by a health care provider and limits sharing that information to other health care providers on a need to know basis and with the patients permission. A while back I embarked on a weight loss program as my blood pressure 164/104  and my heart rate was over 90bpm and I displayed an image of my blood pressure cuff with the readings.  6 months later I posted the results after dumping about 60lbs. These were posted on facebook and no HIPPA laws were violated.

  • Reply 15 of 21
    gprovidagprovida Posts: 247member
    I think the issue of privacy is important for devices. Specifically, NO app can access, use, send, ... without the owners specific permission. It is not something buried in a license agreement legalize and I think should have an expiration date with another request for permission, perhaps after 60 or 90 days. Additionally, the ownership of the data remains with the person and any use beyond specifically agreed would require permissions.

    Inherent in HIPAA etc., is this ownership and control issue. I wish other personal data had even a fraction of this level of protection.

    Regarding FACEBOOK mentioned, I think if someone wants to publish their personal information in FACEBOOK, GOOGLE , in local and national newspapers, etc., that is their choice, dumb choice but theirs none the less. The emphasis is on informed consent and choice.

    This degree on privacy and protection would drive Google, Facebook, etc., nuts since their business model is to get this info from people and then sell it.
  • Reply 16 of 21
    gatorguygatorguy Posts: 20,603member
    jmc54 wrote: »

    HIPPA doesn't come into play on any level. That law protects information obtained by a health care provider and limits sharing that information to other health care providers on a need to know basis and with the patients permission. A while back I embarked on a weight loss program as my blood pressure 164/104  and my heart rate was over 90bpm and I displayed an image of my blood pressure cuff with the readings.  6 months later I posted the results after dumping about 60lbs. These were posted on facebook and no HIPPA laws were violated.
    gprovida wrote: »
    I think the issue of privacy is important for devices. Specifically, NO app can access, use, send, ... without the owners specific permission. It is not something buried in a license agreement legalize and I think should have an expiration date with another request for permission, perhaps after 60 or 90 days. Additionally, the ownership of the data remains with the person and any use beyond specifically agreed would require permissions.

    Inherent in HIPAA etc., is this ownership and control issue. I wish other personal data had even a fraction of this level of protection.

    I don't think you understand the HIPAA obligations. For those that fall under the requirements the choice of storage and whether a chosen cloud service can offer a BAA showing their compliance is only part of it.

    If you use a 3rd party app on your iDevice that collects and retains personally identifiable health information that app developer has the obligation to secure your data which has nothing to do with whether you personally decide to publish the results yourself. YOU don't have to follow HIPAA protection rules. That health provider or developer does. Some states like Cali and Texas go even further than HIPAA does.

    So what types of things does the Apple developer need to consider when it comes to HIPAA (in the US)? The primary ones are:

    -Uploaded data must be encrypted to HIPAA standards.
    -While stored on the server, your data must be encrypted to HIPAA standards.
    -How the developer recovers data from the cloud service must be encrypted to HIPAA standards.
    -All data the developer downloads from the cloud must be encrypted to HIPAA standards.

    This is in addition to the cloud service provider offering a BAA. Most do. A couple do not.
    gprovida wrote: »
    This degree on privacy and protection would drive Google, Facebook, etc., nuts since their business model is to get this info from people and then sell it.
    Incorrect. :\

    By the way, while Facebook most assuredly knows who you are and likely what you look like along with your friends and family and what they look like Google may not know much at all about the real you.

    I know in my case Google thinks I'm nearly 10 years younger than I really am and seriously misses on several of my interests. Makeup and Cosmetics? Hardly. Bicycles and Accessories? Don't own a bike. Celebrities and Entertainment news? Couldn't care less about celebrities. What I'm surprised they don't know about are my interests in graphics design and photography, both being things I search for nearly every day but that Google doesn't seem to be aware of. :???: Try it for yourself and see if they're really "tracking you" like you imagine they do.

    On the other hand I have a very basic Facebook account. No personal information given other than my name when I signed up. I didn't allow my contacts to be shared with them and gave no details on my age, location, friends or interests. No images have ever been uploaded nor have I ever made a single post there. Yet nearly every week I get emails from Facebook asking if I know so and so, and in nearly every case I do. So unless my friends and business acquaintances also opted out Facebook got the connection to me from them. They still "know" who I am. I can't even opt out of that.
  • Reply 17 of 21
    geekmeegeekmee Posts: 319member
    gatorguy wrote: »
    The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant. Of the larger cloud services only Apple and Dropbox are non-compliant so I'd imagine at some point in the near future they'll fall in line.

    Can you elaborate on "HIPAA non-compliant"... Apple already has stated 'We don't see your data'....which avoids what HIPAA issues are all about: other people seeing your data.
  • Reply 18 of 21
    gatorguygatorguy Posts: 20,603member
    geekmee wrote: »
    Can you elaborate on "HIPAA non-compliant"... Apple already has stated 'We don't see your data'....which avoids what HIPAA issues are all about: other people seeing your data.
    I already elaborated. Apple won't offer a BAA to those developers or health providers wishing to use iCloud for storing med data meaning iCloud isn't considered HIPAA compliant. . They are one of two large cloud providers who won't do so with the other being Dropbox. Cloud services from companies like Microsoft, Amazon, Google, Box, Carbonite and others do offer HIPAA-compliant processing services.

    If you want to understand for yourself just do a search:
    "iCloud not HIPAA compliant"

    You'll get several links that discuss it. As I suggested earlier I personally think Apple will soon change their mind on BAA's.
  • Reply 19 of 21
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Geekmee View Post





    Can you elaborate on "HIPAA non-compliant"... Apple already has stated 'We don't see your data'....which avoids what HIPAA issues are all about: other people seeing your data.



    I think this will come into play pretty quickly as your health provider is bound to launch an app sooner or later or already has.

  • Reply 20 of 21
    The app is already on your phone controlling your health data
Sign In or Register to comment.