Thursday, September 15, 2022
Patient Access to Health Device Data: Toward a Legal Framework
Charles Duan (Cornell University), Christopher Morten (Columbia University), Patient Access to Health Device Data: Toward a Legal Framework, SSRN (2022):
The connected at-home healthcare device industry is booming. Wearable health trackers alone constituted a $21 billion market in 2020, anticipated to grow to $195 billion by 2027. At-home devices now purportedly make it possible to diagnose and monitor health conditions such as sleep apnea, diabetes, and fertility automatically, immediately, and discreetly. By design, these devices produce a wealth of data that can inform patients of their health status and potentially even recommend life-saving actions.
But patients and their healthcare providers often lack access to this data. Manufacturers typically design connected at-home devices to store data in cloud services run by the manufacturers themselves, requiring device owners to register accounts and accept terms of use and limitations that the manufacturers impose. A recent survey of 222 mobile app families associated with wellness devices found that 64.4% “did not report sharing any data” with other apps or services. A parent testified in Congress of how lack of data access impaired his daughter’s ability to manage Type I diabetes, and patients with sleep apnea have had to circumvent technological device locks to extract data on their own sleep. Many medical and wellness devices that patients use for in-home diagnosis and monitoring—which we simply call “health devices”—lock patients into manufacturers’ ecosystems. This limits patients’, and society’s, ability to tap into the full value of the data, despite the extensive individual and social benefits that access could provide.
The problem here is not solely technical; it is also legal. Existing law in the United States provides patients no guarantee of access to their data when it is generated and stored outside the traditional healthcare system. The Health Insurance Portability and Accountability Act (HIPAA) provides patients a legally enforceable right of access to copies of their electronic health records, and, in recent years, the Department of Health and Human Services (HHS) has moved to make this right enforceable and meaningful. But as HHS itself has observed about health devices and other “mHealth” technologies, manufacturers “are not obligated by a statute or regulation to provide individuals with access to data about themselves,” so patients with data on such devices “may not have the ability to later obtain a copy.”
This chapter begins by identifying the individual and societal benefits of patient access to health device data. It then addresses the arguments for restricting such access, especially those based on intellectual property laws and policies. We conclude such arguments are ultimately doctrinally and normatively unconvincing, such that they should not dissuade legislatures and federal agencies from legislating or regulating rights of access. We then consider what can and should be done to create a robust, administrable right of patients to access health device data that protects all stakeholders’ interests, and we offer a nascent framework that draws from other regimes for patient and consumer access to personal information. We hope the framework will guide legislatures and regulators as they begin to address this important issue.
https://lawprofessors.typepad.com/healthlawprof_blog/2022/09/patient-access-to-health-device-data-toward-a-legal-framework.html