FDA confirms 'very light touch' regulation for Apple Watch, other wearables
Wearable devices that collect and collate personal health data, such as the forthcoming Apple Watch, are unlikely to fall under the thumb of the U.S. Food and Drug Administration as long as manufacturers stay away from medical diagnosis, an agency representative said this week.
"We are taking a very light touch, an almost hands-off approach," FDA associate director for digital health Bakul Patel told Bloomberg. "If you have technology that's going to motivate a person to stay healthy, that's not something we want to be engaged in."
Patel's statement tracks with guidelines that the agency released for comment in January, when it revealed that it would not seek to regulate wearables marketed under the "general wellness" umbrella.
Under those guidelines, wearable manufacturers would be allowed to make claims that their device could help with issues such as weight management, physical fitness, relaxation or stress management, mental acuity, self-esteem, sleep management, or sexual function. Claims of diagnosis or treatment of specific diseases, such as obesity, eating disorders, anxiety, autism, muscle atrophy, or erectile dysfunction, would subject the device to FDA scrutiny.
"We are focusing only on the higher end of technology," Patel added. "What are benefits to public health against the risks to public health? We always try to balance that."
While both Apple and Google have met with FDA representatives about their respective wearable programs, the agency remains worried about the potential for a disconnect between Silicon Valley and Washington, given that the market generally outpaces bureaucratic change. To address that, the FDA will hire a new senior-level liaison to improve relations and communications, with the goal of enabling innovation while keeping the public safe.
"We have to be confident in what we are getting," Patel said. "The trajectory is there [for diagnosis via biometric monitoring] and all signals are headed that way, but by the same token the research and science should get us that confidence. It boils down to will it work or not."
"We are taking a very light touch, an almost hands-off approach," FDA associate director for digital health Bakul Patel told Bloomberg. "If you have technology that's going to motivate a person to stay healthy, that's not something we want to be engaged in."
Patel's statement tracks with guidelines that the agency released for comment in January, when it revealed that it would not seek to regulate wearables marketed under the "general wellness" umbrella.
Under those guidelines, wearable manufacturers would be allowed to make claims that their device could help with issues such as weight management, physical fitness, relaxation or stress management, mental acuity, self-esteem, sleep management, or sexual function. Claims of diagnosis or treatment of specific diseases, such as obesity, eating disorders, anxiety, autism, muscle atrophy, or erectile dysfunction, would subject the device to FDA scrutiny.
"We are focusing only on the higher end of technology," Patel added. "What are benefits to public health against the risks to public health? We always try to balance that."
While both Apple and Google have met with FDA representatives about their respective wearable programs, the agency remains worried about the potential for a disconnect between Silicon Valley and Washington, given that the market generally outpaces bureaucratic change. To address that, the FDA will hire a new senior-level liaison to improve relations and communications, with the goal of enabling innovation while keeping the public safe.
"We have to be confident in what we are getting," Patel said. "The trajectory is there [for diagnosis via biometric monitoring] and all signals are headed that way, but by the same token the research and science should get us that confidence. It boils down to will it work or not."
Comments
...Under those guidelines, wearable manufacturers would be allowed to make claims that their device could help with issues such as weight management, physical fitness, relaxation or stress management, mental acuity, self-esteem, sleep management, or sexual function...
Wow! What an advertisement!
What about HIPPA laws?
What about HIPPA laws?
What about them?
What about HIPPA laws?
As anantksundaram asked, "What about them?" I don't believe they apply to data you gather about yourself and subsequently record whether this recording is done an a piece of paper or on an electronic device. If you choose to share your data, that's a decision you can make--post it on facebook if you wish.
I suspect the capability of these devices to act as diagnostic tools will come first, and the permission to make the claim will come second.
The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant.
Also, I think that HIPAA is enforced by the Dept of HHS. The FDA has nothing to do with it.
The only place I could see it having any possible significance is if Apple's iCloud services store health data gathered by it. Apple's service is not HIPAA-compliant.
Yes, but this data is not gathered by Apple. It is gathered by you using Apple devices.
Where it could possibly matter whether the cloud service is compliant is if some of the parties use Apple's iCloud to store identifiable health data.
EDIT: Forgot to mention that the onus would be on the provider storing health data there and not Apple themselves. That's perhaps the reason Apple refuses to sign a Business Associate Agreement (BAA) which would then make them potentially liable too.
A little hazy about what arrhythmias it would catch as the watch can only record rate. For instance, is the rate 140 because you went up a flight of stairs or because your in rapid atrial fibrillation or ventricular tachycardia? Is your rate 40 because your taking a dump(valsalva), having a heart attack or just very healthy!
All well and good for the manufacturers who will carefully avoid anything that looks like diagnosis, but what happens when customers and third parties use the info for diagnosis? Just having 24 hour heart rate monitoring is enough to catch certain arrhythmias, so we're about to find out...
Yes, but this data is not gathered by Apple. It is gathered by you using Apple devices.
HIPPA doesn't come into play on any level. That law protects information obtained by a health care provider and limits sharing that information to other health care providers on a need to know basis and with the patients permission. A while back I embarked on a weight loss program as my blood pressure 164/104 and my heart rate was over 90bpm and I displayed an image of my blood pressure cuff with the readings. 6 months later I posted the results after dumping about 60lbs. These were posted on facebook and no HIPPA laws were violated.
Inherent in HIPAA etc., is this ownership and control issue. I wish other personal data had even a fraction of this level of protection.
Regarding FACEBOOK mentioned, I think if someone wants to publish their personal information in FACEBOOK, GOOGLE , in local and national newspapers, etc., that is their choice, dumb choice but theirs none the less. The emphasis is on informed consent and choice.
This degree on privacy and protection would drive Google, Facebook, etc., nuts since their business model is to get this info from people and then sell it.
I don't think you understand the HIPAA obligations. For those that fall under the requirements the choice of storage and whether a chosen cloud service can offer a BAA showing their compliance is only part of it.
If you use a 3rd party app on your iDevice that collects and retains personally identifiable health information that app developer has the obligation to secure your data which has nothing to do with whether you personally decide to publish the results yourself. YOU don't have to follow HIPAA protection rules. That health provider or developer does. Some states like Cali and Texas go even further than HIPAA does.
So what types of things does the Apple developer need to consider when it comes to HIPAA (in the US)? The primary ones are:
-Uploaded data must be encrypted to HIPAA standards.
-While stored on the server, your data must be encrypted to HIPAA standards.
-How the developer recovers data from the cloud service must be encrypted to HIPAA standards.
-All data the developer downloads from the cloud must be encrypted to HIPAA standards.
This is in addition to the cloud service provider offering a BAA. Most do. A couple do not.
Incorrect.
By the way, while Facebook most assuredly knows who you are and likely what you look like along with your friends and family and what they look like Google may not know much at all about the real you.
I know in my case Google thinks I'm nearly 10 years younger than I really am and seriously misses on several of my interests. Makeup and Cosmetics? Hardly. Bicycles and Accessories? Don't own a bike. Celebrities and Entertainment news? Couldn't care less about celebrities. What I'm surprised they don't know about are my interests in graphics design and photography, both being things I search for nearly every day but that Google doesn't seem to be aware of. :???: Try it for yourself and see if they're really "tracking you" like you imagine they do.
On the other hand I have a very basic Facebook account. No personal information given other than my name when I signed up. I didn't allow my contacts to be shared with them and gave no details on my age, location, friends or interests. No images have ever been uploaded nor have I ever made a single post there. Yet nearly every week I get emails from Facebook asking if I know so and so, and in nearly every case I do. So unless my friends and business acquaintances also opted out Facebook got the connection to me from them. They still "know" who I am. I can't even opt out of that.
Can you elaborate on "HIPAA non-compliant"... Apple already has stated 'We don't see your data'....which avoids what HIPAA issues are all about: other people seeing your data.
If you want to understand for yourself just do a search:
"iCloud not HIPAA compliant"
You'll get several links that discuss it. As I suggested earlier I personally think Apple will soon change their mind on BAA's.
Can you elaborate on "HIPAA non-compliant"... Apple already has stated 'We don't see your data'....which avoids what HIPAA issues are all about: other people seeing your data.
I think this will come into play pretty quickly as your health provider is bound to launch an app sooner or later or already has.