Editor’s Note: Ingrid Oakley-Girvan, Ph.D., M.P.H. is an epidemiologist trained at Stanford. She is the VP of Strategy at Medable, a Palo Alto-based health platform start-up.
A new study in the Journal of the American Medical Association (JAMA) finds that many health apps may be sharing patients’ health data without their knowledge. Four-fifths of 211 diabetes apps examined did not have privacy policies. And in January 2016, Fitbit was slapped with a class-action lawsuit alleging that its heart rate monitoring technology is inaccurate. Fitbit’s technology works by using LED light to monitor blood flow through a user’s wrist, and algorithms then determine the heart rate.
Similar technology can be found in the Apple Watch and other fitness trackers. The JAMA study and FitBit lawsuit highlight issues of privacy and accuracy in health apps. Physicians and consumers would like to rely on digital health wearables and apps, but these products don’t always reach the proper privacy and clinical standards.
The next decade will see a rise in digital health companies–the companies that succeed will need to create clinically-tested, consumer-facing products that offer interoperability with EHR/EMRs. Given that much of the growth in mHealth will be outside the United States (Europe is forecast as the largest mHealth market, according to BCC Research), mHealth developers will need to adhere to European Commission standards and privacy rules, too.
There are now around 165,000 health-related apps that run on one or the other of the two main smartphone operating systems, Apple iOS and Google’s Android. Most of these apps are of the wellness variety; a large majority of them are rarely utilized. But more and more pharma companies, device makers, and startups are developing apps that are companion apps for drugs (the pharma concept of going “beyond the pill”), aim to predict events, or spare health providers and insurers expensive hospital admissions. Digital healthcare “disruptors” often believe they can jump over existing regulations.
Healthcare isn’t Uber. “The problem with conflating a disruptive innovation with any breakthrough that changes an industry’s competitive patterns is that different types of innovation require different strategic approaches,” says the influential business thinker Clayton M. Christensen.
For long-term success in mHeaIth, companies need to understand the unique complexities of healthcare, especially as we move into the Internet of Things (IoT) to the Internet of Life.
In the United States, health privacy regulations have become a major factor for developers. Privacy regulation has been dictated by HIPAA, the Health Insurance Portability and Accountability Act of 1996. HIPAA is United States legislation that provides data privacy and security provisions for safeguarding medical information.
The U.S. Department of Health & Human Services understands the growing popularity of mHealth: “With the increasing use of and continued advances in health information technology, individuals have ever expanding and innovative opportunities to access their health information electronically, more quickly and easily, in real time and on demand. Putting individuals ‘in the driver’s seat’ with respect to their health also is a key component of health reform and the movement to a more patient-centered health care system.”
We are entering another stage, too, the IoT, which will use artificial intelligence (AI) and other technology to help people on their journey to optimal health. New technology is creating even more complexity. In mid-April, FaceBook CEO Mark Zuckerberg announced his company’s intentions of using crowd-sourcing and AI as an important factor in disease diagnosis.
Given the borderless nature of digital technology, health app developers must consider global regulation. Mobile is global, and so are health products such as pharmaceuticals. So companies trying to make sure they can sell products globally must understand and integrate regulatory parameters into their offerings; therefore, it’s essentially to understand HIPAA and the European Union’s forthcoming General Data Protection Regulation (GDPR). GDPR also addresses export of personal data outside the EU as the architects wanted to give citizens control of their personal data and simplify the regulatory environment for international business by unifying regulation. Widespread adoption is supposed to happen by next year. HIPAA and the GDPR are just two examples of the many regulations, globally.
Given the complexities of these regulations, many developers and population health researchers are using APIs and secure cloud platforms, such as Medable, to comply with the bumpy health app roadmap. It’s much less expensive (time, fines, innovation costs) for researchers and companies to dilute risk at scale.
Randomized clinical trials have long been the gold standard to determine if therapeutics or interventions improve life for the user. These trials are conducted in several phases, first demonstrating safety, feasibility and finally efficacy. They also follow specific rules regarding patient privacy and data sharing. After all, research participants volunteer and trust that their private information will not be disclosed.
Without this voluntary participation, hundreds of thousands of research projects and clinical trials would never have taken place leaving medical and scientific knowledge mired in ancient times. In this new frontier of digital data collection on a previously unknown scale, measurement accuracy and privacy compliance will be critical to quality data and accurate conclusions.
To make scientific strides, it’s imperative that we create and use tools that allow scientists to harness health apps for global good.
For app developers, products that aren’t considered accurate or HIPAA compliant will not be integrated with the EHR/EMR and physicians won’t prescribe them diminishing their value and forever losing the opportunity to collect time dependent health data that could save people from poor health and early mortality.
It’s important that we get this right. The population is aging, and there are fewer healthcare workers. There is an onslaught of monitoring products hitting the market that have great potential. In the last five years, technologists have been proclaiming that they can “fix healthcare” through advancing technologies such as AI. At the same time, the concept of healthcare privacy continues to be redefined, as are the methods of studying this new and unprecedented volume of population health data. If we get it right, “fixing healthcare” will be the disruptive side effect. If we get it wrong, people’s information will be exposed unduly and the outcomes may be misleading, and in some cases, fatal.
Featured image credit: Proteus Digital Health
Opinions expressed by HIT Consultant Contributors are their own.