Patient Access to Health Device Data: Toward a Legal Framework

I. Glenn Cohen, Daniel B. Kramer, Julia Adler-Milstein, Carmel Shachar (eds.), Digital Health Care Outside of Traditional Clinical Settings: Ethical, Legal and Regulatory Challenges and Opportunities, Cambridge University Press (forthcoming 2024).

16 Pages Posted: 10 Aug 2022 Last revised: 19 Aug 2023

See all articles by Charles Duan

Charles Duan

American University Washington College of Law

Christopher Morten

Columbia Law School

Date Written: March 8, 2023

Abstract

The connected at-home healthcare device industry is booming. Wearable health trackers alone constituted a $21 billion market in 2020, anticipated to grow to $195 billion by 2027. At-home devices now purportedly make it possible to diagnose and monitor health conditions such as sleep apnea, diabetes, and fertility automatically, immediately, and discreetly. By design, these devices produce a wealth of data that can inform patients of their health status and potentially even recommend life-saving actions.

But patients and their healthcare providers often lack access to this data. Manufacturers typically design connected at-home devices to store data in cloud services run by the manufacturers themselves, requiring device owners to register accounts and accept terms of use and limitations that the manufacturers impose. A recent survey of 222 mobile app families associated with wellness devices found that 64.4% “did not report sharing any data” with other apps or services. A parent testified in Congress of how lack of data access impaired his daughter’s ability to manage Type I diabetes, and patients with sleep apnea have had to circumvent technological device locks to extract data on their own sleep. Many medical and wellness devices that patients use for in-home diagnosis and monitoring—which we simply call “health devices”—lock patients into manufacturers’ ecosystems. This limits patients’, and society’s, ability to tap into the full value of the data, despite the extensive individual and social benefits that access could provide.

The problem here is not solely technical; it is also legal. Existing law in the United States provides patients no guarantee of access to their data when it is generated and stored outside the traditional healthcare system. The Health Insurance Portability and Accountability Act (HIPAA) provides patients a legally enforceable right of access to copies of their electronic health records, and, in recent years, the Department of Health and Human Services (HHS) has moved to make this right enforceable and meaningful. But as HHS itself has observed about health devices and other “mHealth” technologies, manufacturers “are not obligated by a statute or regulation to provide individuals with access to data about themselves,” so patients with data on such devices “may not have the ability to later obtain a copy.”

This chapter begins by identifying the individual and societal benefits of patient access to health device data. It then addresses the arguments for restricting such access, especially those based on intellectual property laws and policies. We conclude such arguments are ultimately doctrinally and normatively unconvincing, such that they should not dissuade legislatures and federal agencies from legislating or regulating rights of access. We then consider what can and should be done to create a robust, administrable right of patients to access health device data that protects all stakeholders’ interests, and we offer a nascent framework that draws from other regimes for patient and consumer access to personal information. We hope the framework will guide legislatures and regulators as they begin to address this important issue.

Suggested Citation

Duan, Charles and Morten, Christopher, Patient Access to Health Device Data: Toward a Legal Framework (March 8, 2023). I. Glenn Cohen, Daniel B. Kramer, Julia Adler-Milstein, Carmel Shachar (eds.), Digital Health Care Outside of Traditional Clinical Settings: Ethical, Legal and Regulatory Challenges and Opportunities, Cambridge University Press (forthcoming 2024)., Available at SSRN: https://ssrn.com/abstract=4186107 or http://dx.doi.org/10.2139/ssrn.4186107

Charles Duan

American University Washington College of Law ( email )

4300 Nebraska Ave NW
Washington, DC 20016
United States

Christopher Morten (Contact Author)

Columbia Law School ( email )

435 West 116th St
NEW YORK, NY 10027

HOME PAGE: http://www.law.columbia.edu/faculty/christopher-morten

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
105
Abstract Views
644
Rank
467,822
PlumX Metrics