Upload
the-petrie-flom-center-for-health-law-policy-biotechnology-and-bioethics
View
202
Download
0
Embed Size (px)
Citation preview
Collecting Big Data via the Internet of Things, overcoming regulatory and other limitations.
Dov Greenbaum JD PhD
Zvi Meitar Institute
The Institute aims to examine the Legal Ethical and Social Implications of New and Emerging Technologies with a focus on issues relating to Disruptive Technology.
IoTThe IoT includes consumer-‐facing devices, as well as products and services that are not consumer-‐facing, such as devices designed for businesses to enable automated communications between machines. For example, the term IoT can include the type of Radio Frequency Identification (“RFID”) tags that businesses place on products in stores to monitor inventory; sensor networks to monitor electricity use in hotels; and Internet-‐connected jet engines and drills on oil rigs.
Experts estimate that, as of this year, there will be 25 billion connected devices, and by 2020, 50 billion.
IoT
The Internet of Things is the network of physical objects thatcontain embedded technology to communicate and sense orinteract with their internal states or the externalenvironment.
IoT
The Internet of Things (IoT), which excludes PCs, tablets and smartphones, will grow to 26 billion units installed in 2020 representing an almost 30-‐fold increase from 0.9 billion in 2009, according to Gartner, Inc. Gartner said that IoT product and service suppliers will generate incremental revenue exceeding $300 billion, mostly in services, in 2020. It will result in $1.9 trillion in global economic value-‐add through sales into diverse end markets.
FTC’s Regulatory Approach to the IoT
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers.
“We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.
FTC Chairwoman Edith Ramirez
FTC’s Regulatory Approach to the IoT
• Security and Minimal Data Collection• Consumer Notice of Data Collection• Consumer Choices re: Data Collection
Critics see this as too overbearing, less -‐permissionpreferring more
innovation
A bit more mainstream: IoT-‐MD
Succinctly: the IoT-‐MD provides an environment where a patient’s vital parameters get • transmitted by medical devices • via a gateway onto secure cloud based platforms • where it is
– stored, – aggregated and – analyzed.
Today, it has become increasingly possible to remotely monitor a patient’s health with the use of network of sensors, actuators and other mobile communication devices: the Internet of Things for Medical Devices (IoT-‐MD).
Obama’s PMI• Creation of a voluntary national research cohort:NIH, in collaboration with other agencies and stakeholders, will launch a national, patient-‐powered research cohort of one million or more Americans who volunteer to participate in research. Participants will be involved in the design of the Initiative and will have the opportunity to contribute diverse sources of data—including medical records; profiles of the patient’s genes, metabolites (chemical makeup), and microorganisms in and on the body; environmental and lifestyle data; patient-‐generated information; and personal device and sensor data
A growing market for IoT-‐MD:Telemedicine
“Telemedicine is the use of medical information exchanged from one site to another via electronic communications to improve a patient’s clinical health status. Telemedicine includes a growing variety of applications and services using two-‐way video, email, smart phones, wireless tools and other forms of telecommunications technology.”
Problems with Unregulated Innovation in the IoT-‐MD
• Privacy • Hacking/Safety
• Interoperability • Accessibility • Usability/reusability• standardization
Regulating the IoT-‐MDMixed bag.Sporadic FDA regulation
For purposes of this guidance, CDRH defines general wellness products as products that meet the following two factors: (1) are intended for only general wellness use, as defined in this guidance, and (2) present a very low risk to users’ safety.General wellness products mayinclude exercise equipment, audio recordings, video games, software programs and other products that are commonly, though not exclusively, available from retail establishments …that do not make any reference to diseases or condition.
Medical Device Data Systems
Medical Device Data Systems (MDDS) are hardware or software products that transfer, store, convert formats, and display medical device data. An MDDS does not modify the data or modify the display of the data, and it does not by itself control the functions or parameters of any other medical device. MDDS are not intended to be used for active patient monitoring.Examples of MDDS include:• software that stores patient data such as blood
pressure readings for review at a later time;• software that converts digital data generated by a
pulse oximeter into a format that can be printed; and
• software that displays a previously stored electrocardiogram for a particular patient.
Medical Device Data Systems The United States Food and Drug Administration (FDA) issued a final guidance document describing the Agency’s intention not to enforce regulatory controls applicable to medical device data systems (MDDS), medical image storage devices, and medical image communication devices, due to the low risk such devices pose to patients and their importance in advancing digital health. The guidance, which finalizes draft guidance issued by the Agency in June 2014, reflects FDA’s continued efforts to apply a risk-‐based framework that avoids over-‐regulation of certain low-‐risk medical software products
On February 15, 2011, the FDA issued a regulation down- classifying MDDS from Class III (high-risk) to Class I (low-risk)(“MDDS regulation”)
Class I devices are subject to general controls under the Federal Food, Drug, and Cosmetic Act (FD&C Act). Since down-classifying MDDS, the FDA has gained additional experience with these types of technologies, and has determined that these devices pose a low risk to the public. Therefore, the FDA does not intend to enforce compliance with the regulatory controls that apply to MDDS devices, medical image storage devices, and medical image communications devices.
FDA MMA Regulation is LimitedThe FDA defines a ‘mobile medical app’ as a mobile app that is intended to either
– Be used as an accessory to a regulated medical device; or– Transform a mobile platform into a regulated medical device.
What is a regulated medical device? The FDA guidance states that:
When the intended use of a mobile app is for:• the diagnosis of disease or other conditions,• or
– the cure, – mitigation, – treatment, or – prevention of disease,
• or is intended to affect the structure or any function of the body of man, the mobile app is a device.
There are thousands of apps…
Health is the fastest growing of all app categories, and the number ofhealth and fitness apps has more than doubled over the last 2 years.The Apple App Store and Google Play each feature more than100,000 health apps.
HealthTap provided doctorswith access to a special appreview dashboard wherethey could find, download,try, and review all health andmedical apps.
http://venturebeat.com/2015/01/21/doctors-‐tap-‐myfitnesspal-‐weight-‐watchers-‐as-‐top-‐health-‐apps/
Data Integrity
“As it is right now, all the wearable gear outthere is marching to its own tune, doing itsown thing, and grabbing data in its own waywith marginal accuracy. By and large, theseare closed ecosystems or proprietaryapplications within an open architecture thathave limited scalability”
http://www.phonearena.com/news/Samsungs-‐Voice-‐of-‐the-‐Body-‐ is-‐an-‐open-‐hardware-‐and-‐software-‐platform-‐for-‐personal-‐health-‐monitoring_id56601
Further Lack of Standardized Hardware
https://testingmobileapps.wordpress.com/2016/02/17/smartphones-‐sensors-‐list/
Malicious Attackers
http://holykaw.alltop.com/cyber-‐crime-‐statistics-‐and-‐trends-‐infographic
The Middle Layer can be configured to:
Dynamically enforce appropriate industry determined standards by being the primary and preferred gateway for data to travel through from patient to providerAlternatively one of a handful of government approved IoT-‐MD health data gateways (compare with credit reporting agencies)
The Middle Layer can be configured to:
Enforce industry standards:
Passively: by rejecting data that doesn’t meet those standards
Or
Actively: interacting with IoT-‐MD devices through to modify the data such that it meets the standards
For example: The Middle Layer can be configured to provide:
1. Enforced Standards either via conversion of data to a standardized format or not accepting data that doesn’t conform.
2. Enforced and standardized encryption by not accepting data that is not encrypted by the standard
3. Enforcing calibration of sensors/adding fudge factors to standardize the sensors
For example: The Middle Layer can be configured to provide:
1. A secure Centralized Repository for the data, accessible by both designated health care providers and the patient themselves
2. The ability to track who is accessing the data to enforce some semblance of privacy and control by the patient of their data
Summary
• The IoT and the IoT-‐MD have created a new and emerging reality that will be of substantial benefit to patients and other consumers of healthcare– Telemedicine– Chronic disease management–Medicine in developing nations– Quantified self and other tracking of vitals and health related data
Summary
• FDA, FTC and other regulators are misguided in their attempts to regulate this industry– Too many applications– Too many novice companies– Too many software and hardware versions
Summary
• Nevertheless there remain real concerns that call out for some form of government intervention – Privacy – Hacking/Safety– Interoperability – Accessibility – Usability
Summary
• Potential solution could be technological• Some sort of middleware/middle layer…– That provides
• Safety• Encryption• Data collection and data retention Standardization• Tracking• Centralized data repositories
Obama’s PMI• The Precision Medicine Initiative, a bold new research effort to revolutionize how
we improve health and treat disease.• Launched with a $215 million investment in the President’s 2016 Budget, the
Precision Medicine Initiative will pioneer a new model of patient-‐powered research that promises to accelerate biomedical discoveries and provide clinicians with new tools, knowledge, and therapies to select which treatments will work best for which patients.
• Most medical treatments have been designed for the “average patient.” As a result of this “one-‐size-‐fits-‐all-‐approach,” treatments can be very successful for some patients but not for others.
• This is changing with the emergence of precision medicine, an innovative approach to disease prevention and treatment that takes into account individual differences in people’s genes, environments, and lifestyles.
• Precision medicine gives clinicians tools to better understand the complex mechanisms underlying a patient’s health, disease, or condition, and to better predict which treatments will be most effective.