Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Collecting	
  Big	
  Data	
  via	
  the	
  Internet	
  
of	
  Things,	
  overcoming	
  regulatory	
  
and	
  other	
  limi...
Zvi	
  Meitar	
  Institute
The	
  Institute	
  aims	
  to	
  examine	
  the	
  Legal	
  Ethical	
  
and	
  Social	
  Impli...
Zvi	
  Meitar	
  Institute
Four	
  Facets	
  of	
  the	
  Institute
IoT
The	
  IoT includes	
  consumer-­‐facing devices,	
  as	
  well	
  
as	
  products	
  and	
  services	
  that	
  are	
...
IoT
The Internet of Things is the network of physical objects that
contain embedded technology to communicate and sense or...
IoT
The	
  Internet	
  of	
  Things	
  (IoT),	
  which	
  excludes	
  PCs,	
  tablets	
  and	
  
smartphones,	
  will	
  g...
IoT
FTC’s	
  Regulatory	
  Approach	
  to	
  the	
  IoT
“The	
  only	
  way	
  for	
  the	
  Internet	
  of	
  
Things	
  to	
...
FTC’s	
  Regulatory	
  Approach	
  to	
  the	
  IoT
• Security	
  and	
  Minimal	
  Data	
  Collection
• Consumer	
  Notic...
Its	
  not	
  Just	
  the	
  Americans
IoT with	
  some	
  health	
  benefits:	
  
Quantified	
  Self
Quantified	
  Self	
  with	
  a	
  very	
  ambitious	
  
health	
  orientation:	
  The	
  Snyderome
A	
  bit	
  more	
  mainstream:	
  IoT-­‐MD
Succinctly:	
  the	
  IoT-­‐MD	
  provides	
  an	
  environment	
  where	
  a	...
Early	
  adopter	
  of	
  IoT-­‐MD?
Obama’s	
  PMI
• Creation	
  of	
  a	
  voluntary	
  national	
  research	
  cohort:
NIH,	
  in	
  collaboration	
  with	
...
Obama’s	
  PMI
A	
  growing	
  market	
  for	
  IoT-­‐MD:
Telemedicine
“Telemedicine	
  is	
  the	
  use	
  of	
  
medical	
  information...
Chronic	
  Disease	
  Management
Another	
  area	
  ripe	
  for	
  IoT-­‐MD:
Chronic	
  Disease	
  Management
ALSO:	
  	
  Developing	
  Nation	
  Health	
  Care
“Telemedicine	
  is	
  
the	
  use	
  of	
  medical	
  
information	
 ...
Problems	
  with	
  Unregulated	
  Innovation	
  in	
  the	
  
IoT-­‐MD
• Privacy	
  
• Hacking/Safety
• Interoperability	...
Regulating	
  the	
  IoT-­‐MD
Mixed	
  bag.
Sporadic	
  FDA	
  regulation
For	
  purposes	
  of	
  this	
  guidance,	
  CD...
Medical	
  Device	
  Data	
  Systems	
  
Medical	
  Device	
  Data	
  Systems	
  (MDDS)	
  are	
  hardware	
  or	
  
softw...
Medical	
  Device	
  Data	
  Systems	
  
The	
  United	
  States	
  Food	
  and	
  Drug	
  
Administration	
  (FDA)	
  iss...
Cybersecurity	
  Regulation
Cybersecurity
More	
  Related	
  Regulation
FDA	
  MMA	
  Regulation	
  is	
  Limited
The	
  FDA	
  defines	
  a	
  ‘mobile	
  medical	
  app’	
  as	
  a	
  mobile	
 ...
MMAs	
  for	
  FDA	
  discretionary	
  regulation
The	
  problem:	
  	
  What	
  is	
  collecting	
  all	
  this	
  information?
The	
  problem:	
  	
  What	
  is	
  collecting	
  all	
  this	
  information?
Multiple	
  Platforms
There	
  are	
  thousands	
  of	
  apps…
Health is the fastest growing of all app categories, and the number of
health and...
Too	
  many	
  apps:	
  MMA’s
MMA’s	
  – What	
  was	
  submitted	
  to	
  the	
  
FDA	
  will	
  likely	
  quickly	
  change…
Who	
  is	
  developing	
  MMA’s?
Who	
  is	
  developing	
  MMA’s?
MMAs	
  are	
  not	
  the	
  only	
  things	
  collecting	
  our	
  vitals
Data	
  Integrity
“As it is right now, all the wearable gear out
there is marching to its own tune, doing its
own thing, a...
Hardware	
  &	
  Software	
  Variability
Software	
  Variability	
  
https://en.wikipedia.org/wiki/Android_version_history
Software	
  Variability	
  
https://en.wikipedia.org/wiki/IOS_version_history
Further	
  Lack	
  of	
  Standardized	
  Hardware
http://smartphoneworld.me/hello-­‐world-­‐2/
Further	
  Lack	
  of	
  Standardized	
  Hardware
https://testingmobileapps.wordpress.com/2016/02/17/smartphones-­‐sensors...
Privacy	
  and	
  hijacking	
  of	
  data
Lack	
  of	
  Encyption in	
  general…
Malicious	
  Attackers
http://holykaw.alltop.com/cyber-­‐crime-­‐statistics-­‐and-­‐trends-­‐infographic
Hackers
More	
  Hacking
Even	
  More	
  Hacking
IoT Standards
Standards
Proposed	
  Solution:	
  Something	
  in	
  the	
  middle
Proposed	
  Solution:	
  Something	
  in	
  the	
  middle
Top	
  down	
  regulatory	
  v.	
  Bottom	
  	
  up	
  industry	...
The	
  Middle	
  Layer	
  can	
  be	
  configured	
  to:
Dynamically	
  enforce	
  appropriate	
  industry	
  
determined	...
The	
  Middle	
  Layer	
  can	
  be	
  configured	
  to:
Enforce	
  industry	
  standards:
Passively: by	
  rejecting	
  d...
For	
  example:	
  The	
  Middle	
  Layer	
  can	
  be	
  
configured	
  to	
  provide:
1. Enforced	
  Standards	
  either...
For	
  example:	
  The	
  Middle	
  Layer	
  can	
  be	
  
configured	
  to	
  provide:
1. A	
  secure	
  Centralized	
  R...
Summary
• The	
  IoT and	
  the	
  IoT-­‐MD	
  have	
  created	
  a	
  new	
  
and	
  emerging	
  reality	
  that	
  will	...
Summary
• FDA,	
  FTC	
  and	
  other	
  regulators	
  are	
  misguided	
  
in	
  their	
  attempts	
  to	
  regulate	
  t...
Summary
• Nevertheless	
  there	
  remain	
  real	
  concerns	
  that	
  
call	
  out	
  for	
  some	
  form	
  of	
  gove...
Summary
• Potential	
  solution	
  could	
  be	
  technological
• Some	
  sort	
  of	
  middleware/middle	
  layer…
– That...
Thank	
  You
Proposed	
  Solution:	
  Something	
  in	
  the	
  middle
Remember	
  the	
  V-­‐chip?
Obama’s	
  PMI
• The	
  Precision	
  Medicine	
  Initiative,	
  a	
  bold	
  new	
  research	
  effort	
  to	
  revolution...
Telemedicine
Problems
Less	
  of	
  an	
  issue	
  for	
  large	
  data	
  sets…
Who	
  is	
  developing	
  MMA’s?
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"
Upcoming SlideShare
Loading in …5
×

Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"

421 views

Published on

Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.

This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.

The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.

Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.

Published in: Healthcare
  • Be the first to comment

  • Be the first to like this

Dov Greenbaum, "Avoiding Regulation in the Medical Internet of Things"

  1. 1. Collecting  Big  Data  via  the  Internet   of  Things,  overcoming  regulatory   and  other  limitations. Dov  Greenbaum  JD  PhD
  2. 2. Zvi  Meitar  Institute The  Institute  aims  to  examine  the  Legal  Ethical   and  Social  Implications  of  New  and  Emerging   Technologies  with  a  focus  on  issues  relating  to   Disruptive  Technology.
  3. 3. Zvi  Meitar  Institute
  4. 4. Four  Facets  of  the  Institute
  5. 5. IoT The  IoT includes  consumer-­‐facing devices,  as  well   as  products  and  services  that  are  not  consumer-­‐ facing,  such  as  devices  designed  for  businesses  to   enable  automated  communications  between   machines.   For  example,  the  term  IoT can  include  the  type  of   Radio  Frequency  Identification  (“RFID”)  tags  that   businesses  place  on  products  in  stores  to  monitor   inventory;  sensor  networks  to  monitor  electricity   use  in  hotels;  and  Internet-­‐connected  jet  engines   and  drills  on  oil  rigs. Experts  estimate  that,  as  of  this  year,  there  will   be  25  billion  connected  devices,  and  by  2020,  50   billion.
  6. 6. IoT The Internet of Things is the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.
  7. 7. IoT The  Internet  of  Things  (IoT),  which  excludes  PCs,  tablets  and   smartphones,  will  grow  to  26  billion  units  installed  in  2020   representing  an  almost  30-­‐fold  increase  from  0.9  billion  in   2009,according  to  Gartner,  Inc.   Gartner  said  that  IoT product  and  service  suppliers  will   generate  incremental  revenue  exceeding  $300  billion,  mostly   in  services,  in  2020.  It  will  result  in  $1.9  trillion  in  global   economic  value-­‐add  through  sales  into  diverse  end  markets.
  8. 8. IoT
  9. 9. FTC’s  Regulatory  Approach  to  the  IoT “The  only  way  for  the  Internet  of   Things  to  reach  its  full  potential  for   innovation  is  with  the  trust  of   American  consumers. “We  believe  that  by  adopting  the   best  practices  we’ve  laid  out,   businesses  will  be  better  able  to   provide  consumers  the  protections   they  want  and  allow  the  benefits  of   the  Internet  of  Things  to  be  fully   realized. FTC  Chairwoman  Edith  Ramirez  
  10. 10. FTC’s  Regulatory  Approach  to  the  IoT • Security  and  Minimal  Data  Collection • Consumer  Notice  of  Data  Collection • Consumer  Choices  re:  Data  Collection Critics  see  this  as  too  overbearing,   less  -­‐permissionpreferring  more   innovation
  11. 11. Its  not  Just  the  Americans
  12. 12. IoT with  some  health  benefits:   Quantified  Self
  13. 13. Quantified  Self  with  a  very  ambitious   health  orientation:  The  Snyderome
  14. 14. A  bit  more  mainstream:  IoT-­‐MD Succinctly:  the  IoT-­‐MD  provides  an  environment  where  a  patient’s  vital   parameters  get   • transmitted  by  medical  devices   • via  a  gateway  onto  secure  cloud  based  platforms   • where  it  is   – stored,   – aggregated  and   – analyzed. Today,  it  has  become  increasingly   possible  to  remotely  monitor  a   patient’s  health  with  the  use  of   network  of  sensors,  actuators  and   other  mobile  communication   devices:  the  Internet  of  Things  for   Medical  Devices  (IoT-­‐MD).
  15. 15. Early  adopter  of  IoT-­‐MD?
  16. 16. Obama’s  PMI • Creation  of  a  voluntary  national  research  cohort: NIH,  in  collaboration  with  other  agencies  and  stakeholders,   will  launch  a  national,  patient-­‐powered  research  cohort  of   one  million  or  more  Americans  who  volunteer  to  participate   in  research. Participants  will  be  involved  in  the  design  of  the   Initiative  and  will  have  the  opportunity  to  contribute  diverse   sources  of  data—including  medical  records;  profiles  of  the   patient’s  genes,  metabolites  (chemical  makeup),  and   microorganisms  in  and  on  the  body;  environmental  and   lifestyle  data;  patient-­‐generated  information;  and  personal   device  and  sensor  data
  17. 17. Obama’s  PMI
  18. 18. A  growing  market  for  IoT-­‐MD: Telemedicine “Telemedicine  is  the  use  of   medical  information  exchanged   from  one  site  to  another  via   electronic  communications  to   improve  a  patient’s  clinical  health   status.   Telemedicine  includes  a  growing   variety  of  applications  and  services   using  two-­‐way  video,  email,  smart   phones,  wireless  tools  and  other   forms  of  telecommunications   technology.”
  19. 19. Chronic  Disease  Management
  20. 20. Another  area  ripe  for  IoT-­‐MD: Chronic  Disease  Management
  21. 21. ALSO:    Developing  Nation  Health  Care “Telemedicine  is   the  use  of  medical   information   exchanged  from
  22. 22. Problems  with  Unregulated  Innovation  in  the   IoT-­‐MD • Privacy   • Hacking/Safety • Interoperability   • Accessibility   • Usability/reusability • standardization
  23. 23. Regulating  the  IoT-­‐MD Mixed  bag. Sporadic  FDA  regulation For  purposes  of  this  guidance,  CDRH  defines   general  wellness  products  as  products  that  meet   the  following  two  factors:  (1)  are  intended  for  only   general  wellness  use,  as  defined  in  this  guidance,   and  (2)  present  a  very  low  risk  to  users’  safety. General  wellness  products  may include  exercise  equipment,  audio  recordings,   video  games,  software  programs  and  other   products  that  are  commonly,  though  not   exclusively,  available  from  retail  establishments     …that  do  not  make  any  reference  to  diseases  or   condition.
  24. 24. Medical  Device  Data  Systems   Medical  Device  Data  Systems  (MDDS)  are  hardware  or   software  products  that  transfer,  store,  convert   formats,  and  display  medical  device  data.   An  MDDS  does  not  modify  the  data  or  modify  the   display  of  the  data,  and  it  does  not  by  itself  control   the  functions  or  parameters  of  any  other  medical   device.  MDDS  are  not  intended  to  be  used  for  active   patient  monitoring. Examples  of  MDDS  include: • software  that  stores  patient  data  such  as  blood   pressure  readings  for  review  at  a  later  time; • software  that  converts  digital  data  generated  by  a   pulse  oximeter  into  a  format  that  can  be  printed;   and • software  that  displays  a  previously  stored   electrocardiogram  for  a  particular  patient.
  25. 25. Medical  Device  Data  Systems   The  United  States  Food  and  Drug   Administration  (FDA)  issued  a  final  guidance   document  describing  the  Agency’s  intention   not  to  enforce  regulatory  controls  applicable   to  medical  device  data  systems  (MDDS),   medical  image  storage  devices,  and  medical   image  communication  devices,  due  to  the   low  risk  such  devices  pose  to  patients  and   their  importance  in  advancing  digital  health.   The  guidance,  which  finalizes  draft  guidance   issued  by  the  Agency  in  June  2014,  reflects   FDA’s  continued  efforts  to  apply  a  risk-­‐based   framework  that  avoids  over-­‐regulation  of   certain  low-­‐risk  medical  software  products   On  February  15,  2011,  the  FDA  issued  a   regulation  down-­ classifying  MDDS  from  Class   III    (high-­risk)  to  Class  I  (low-­risk)(“MDDS   regulation”) Class  I  devices  are  subject  to  general  controls   under  the  Federal  Food,  Drug,  and  Cosmetic   Act  (FD&C  Act).    Since    down-­classifying   MDDS,  the    FDA  has  gained  additional   experience  with  these  types  of  technologies,   and  has    determined  that  these  devices  pose  a   low  risk  to  the  public.  Therefore,  the  FDA  does   not  intend  to  enforce    compliance  with  the   regulatory  controls  that  apply  to  MDDS   devices,  medical  image  storage  devices,  and   medical  image  communications  devices .  
  26. 26. Cybersecurity  Regulation
  27. 27. Cybersecurity
  28. 28. More  Related  Regulation
  29. 29. FDA  MMA  Regulation  is  Limited The  FDA  defines  a  ‘mobile  medical  app’  as  a  mobile  app  that  is  intended  to   either   – Be  used  as  an  accessory  to  a  regulated  medical  device;  or – Transform  a  mobile  platform  into  a  regulated  medical  device. What  is  a  regulated  medical  device?  The  FDA  guidance  states  that: When  the  intended  use  of  a  mobile  app  is  for: • the  diagnosis  of  disease  or  other  conditions, • or   – the  cure,   – mitigation,   – treatment,  or   – prevention  of  disease,   • or  is  intended  to  affect  the  structure  or  any  function  of  the  body  of  man,   the  mobile  app  is  a  device.
  30. 30. MMAs  for  FDA  discretionary  regulation
  31. 31. The  problem:    What  is  collecting  all  this  information?
  32. 32. The  problem:    What  is  collecting  all  this  information?
  33. 33. Multiple  Platforms
  34. 34. There  are  thousands  of  apps… Health is the fastest growing of all app categories, and the number of health and fitness apps has more than doubled over the last 2 years. The Apple App Store and Google Play each feature more than 100,000 health apps. HealthTap provided doctors with access to a special app review dashboard where they could find, download, try, and review all health and medicalapps. http://venturebeat.com/2015/01/21/doctors-­‐tap-­‐myfitnesspal-­‐weight-­‐watchers-­‐as-­‐top-­‐health-­‐apps/
  35. 35. Too  many  apps:  MMA’s
  36. 36. MMA’s  – What  was  submitted  to  the   FDA  will  likely  quickly  change…
  37. 37. Who  is  developing  MMA’s?
  38. 38. Who  is  developing  MMA’s?
  39. 39. MMAs  are  not  the  only  things  collecting  our  vitals
  40. 40. Data  Integrity “As it is right now, all the wearable gear out there is marching to its own tune, doing its own thing, and grabbing data in its own way with marginal accuracy. By and large, these are closed ecosystems or proprietary applications within an open architecture that have limited scalability” http://www.phonearena.com/news/Samsungs-­‐Voice-­‐of-­‐the-­‐Body-­‐is-­‐an-­‐open-­‐hardware-­‐and-­‐software-­‐platform-­‐for-­‐personal-­‐health-­‐monitoring_id56601
  41. 41. Hardware  &  Software  Variability
  42. 42. Software  Variability   https://en.wikipedia.org/wiki/Android_version_history
  43. 43. Software  Variability   https://en.wikipedia.org/wiki/IOS_version_history
  44. 44. Further  Lack  of  Standardized  Hardware http://smartphoneworld.me/hello-­‐world-­‐2/
  45. 45. Further  Lack  of  Standardized  Hardware https://testingmobileapps.wordpress.com/2016/02/17/smartphones-­‐sensors-­‐list/
  46. 46. Privacy  and  hijacking  of  data
  47. 47. Lack  of  Encyption in  general…
  48. 48. Malicious  Attackers http://holykaw.alltop.com/cyber-­‐crime-­‐statistics-­‐and-­‐trends-­‐infographic
  49. 49. Hackers
  50. 50. More  Hacking
  51. 51. Even  More  Hacking
  52. 52. IoT Standards
  53. 53. Standards
  54. 54. Proposed  Solution:  Something  in  the  middle
  55. 55. Proposed  Solution:  Something  in  the  middle Top  down  regulatory  v.  Bottom    up  industry  led
  56. 56. The  Middle  Layer  can  be  configured  to: Dynamically  enforce  appropriate  industry   determined  standards  by  being  the  primary  and   preferred  gateway  for  data  to  travel  through   from  patient  to  provider Alternatively  one  of  a  handful  of  government   approved  IoT-­‐MD  health  data  gateways   (compare  with  credit  reporting  agencies)
  57. 57. The  Middle  Layer  can  be  configured  to: Enforce  industry  standards: Passively: by  rejecting  data  that  doesn’t  meet  those   standards Or Actively:  interacting  with  IoT-­‐MD  devices  through  to   modify  the  data  such  that  it  meets  the  standards  
  58. 58. For  example:  The  Middle  Layer  can  be   configured  to  provide: 1. Enforced  Standards  either  via  conversion  of   data  to  a  standardized  format  or  not   accepting  data  that  doesn’t  conform. 2. Enforced  and  standardized  encryption  by  not   accepting  data  that  is  not  encrypted  by  the   standard 3. Enforcing  calibration  of  sensors/adding  fudge   factors  to  standardize  the  sensors
  59. 59. For  example:  The  Middle  Layer  can  be   configured  to  provide: 1. A  secure  Centralized  Repository  for  the  data,   accessible  by  both  designated  health  care   providers  and  the  patient  themselves 2. The  ability  to  track  who  is  accessing  the  data   to  enforce  some  semblance  of  privacy  and   control  by  the  patient  of  their  data
  60. 60. Summary • The  IoT and  the  IoT-­‐MD  have  created  a  new   and  emerging  reality  that  will  be  of  substantial   benefit  to  patients  and  other  consumers  of   healthcare – Telemedicine – Chronic  disease  management – Medicine  in  developing  nations – Quantified  self  and  other  tracking  of  vitals  and   health  related  data
  61. 61. Summary • FDA,  FTC  and  other  regulators  are  misguided   in  their  attempts  to  regulate  this  industry – Too  many  applications – Too  many  novice  companies – Too  many  software  and  hardware  versions
  62. 62. Summary • Nevertheless  there  remain  real  concerns  that   call  out  for  some  form  of  government   intervention   – Privacy   – Hacking/Safety – Interoperability   – Accessibility   – Usability
  63. 63. Summary • Potential  solution  could  be  technological • Some  sort  of  middleware/middle  layer… – That  provides • Safety • Encryption • Data  collection  and  data  retention  Standardization • Tracking • Centralized  data  repositories
  64. 64. Thank  You
  65. 65. Proposed  Solution:  Something  in  the  middle
  66. 66. Remember  the  V-­‐chip?
  67. 67. Obama’s  PMI • The  Precision  Medicine  Initiative,  a  bold  new  research  effort  to  revolutionize  how   we  improve  health  and  treat  disease. • Launched  with  a  $215  million  investment  in  the  President’s  2016  Budget,  the   Precision  Medicine  Initiative  will  pioneer  a  new  model  of  patient-­‐powered   research  that  promises  to  accelerate  biomedical  discoveries  and  provide  clinicians   with  new  tools,  knowledge,  and  therapies  to  select  which  treatments  will  work   best  for  which  patients. • Most  medical  treatments  have  been  designed  for  the  “average  patient.”  As  a  result   of  this  “one-­‐size-­‐fits-­‐all-­‐approach,”  treatments  can  be  very  successful  for  some   patients  but  not  for  others. • This  is  changing  with  the  emergence  of  precision  medicine,  an  innovative   approach  to  disease  prevention  and  treatment  that  takes  into  account  individual   differences  in  people’s  genes,  environments,  and  lifestyles. • Precision  medicine  gives  clinicians  tools  to  better  understand  the  complex   mechanisms  underlying  a  patient’s  health,  disease,  or  condition,  and  to  better   predict  which  treatments  will  be  most  effective.
  68. 68. Telemedicine
  69. 69. Problems Less  of  an  issue  for  large  data  sets…
  70. 70. Who  is  developing  MMA’s?

×