Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016. This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S. The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich. Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.

1. Collecting
Big
Data
via
the
Internet
of
Things,
overcoming
regulatory
and
other
limitations.
Dov
Greenbaum
JD
PhD

2. Zvi
Meitar
Institute
The
Institute
aims
to
examine
the
Legal
Ethical
and
Social
Implications
of
New
and
Emerging
Technologies
with
a
focus
on
issues
relating
to
Disruptive
Technology.

3. Zvi
Meitar
Institute

4. Four
Facets
of
the
Institute

5. IoT
The
IoT includes
consumer-­‐facing devices,
as
well
as
products
and
services
that
are
not
consumer-­‐
facing,
such
as
devices
designed
for
businesses
to
enable
automated
communications
between
machines.
For
example,
the
term
IoT can
include
the
type
of
Radio
Frequency
Identification
(“RFID”)
tags
that
businesses
place
on
products
in
stores
to
monitor
inventory;
sensor
networks
to
monitor
electricity
use
in
hotels;
and
Internet-­‐connected
jet
engines
and
drills
on
oil
rigs.
Experts
estimate
that,
as
of
this
year,
there
will
be
25
billion
connected
devices,
and
by
2020,
50
billion.

6. IoT
The Internet of Things is the network of physical objects that
contain embedded technology to communicate and sense or
interact with their internal states or the external
environment.

7. IoT
The
Internet
of
Things
(IoT),
which
excludes
PCs,
tablets
and
smartphones,
will
grow
to
26
billion
units
installed
in
2020
representing
an
almost
30-­‐fold
increase
from
0.9
billion
in
2009,according
to
Gartner,
Inc.
Gartner
said
that
IoT product
and
service
suppliers
will
generate
incremental
revenue
exceeding
$300
billion,
mostly
in
services,
in
2020.
It
will
result
in
$1.9
trillion
in
global
economic
value-­‐add
through
sales
into
diverse
end
markets.

8. IoT

10. FTC’s
Regulatory
Approach
to
the
IoT
“The
only
way
for
the
Internet
of
Things
to
reach
its
full
potential
for
innovation
is
with
the
trust
of
American
consumers.
“We
believe
that
by
adopting
the
best
practices
we’ve
laid
out,
businesses
will
be
better
able
to
provide
consumers
the
protections
they
want
and
allow
the
benefits
of
the
Internet
of
Things
to
be
fully
realized.
FTC
Chairwoman
Edith
Ramirez

11. FTC’s
Regulatory
Approach
to
the
IoT
• Security
and
Minimal
Data
Collection
• Consumer
Notice
of
Data
Collection
• Consumer
Choices
re:
Data
Collection
Critics
see
this
as
too
overbearing,
less
-­‐permissionpreferring
more
innovation

12. Its
not
Just
the
Americans

13. IoT with
some
health
benefits:
Quantified
Self

14. Quantified
Self
with
a
very
ambitious
health
orientation:
The
Snyderome

15. A
bit
more
mainstream:
IoT-­‐MD
Succinctly:
the
IoT-­‐MD
provides
an
environment
where
a
patient’s
vital
parameters
get
• transmitted
by
medical
devices
• via
a
gateway
onto
secure
cloud
based
platforms
• where
it
is
– stored,
– aggregated
and
– analyzed.
Today,
it
has
become
increasingly
possible
to
remotely
monitor
a
patient’s
health
with
the
use
of
network
of
sensors,
actuators
and
other
mobile
communication
devices:
the
Internet
of
Things
for
Medical
Devices
(IoT-­‐MD).

16. Early
adopter
of
IoT-­‐MD?

17. Obama’s
PMI
• Creation
of
a
voluntary
national
research
cohort:
NIH,
in
collaboration
with
other
agencies
and
stakeholders,
will
launch
a
national,
patient-­‐powered
research
cohort
of
one
million
or
more
Americans
who
volunteer
to
participate
in
research. Participants
will
be
involved
in
the
design
of
the
Initiative
and
will
have
the
opportunity
to
contribute
diverse
sources
of
data—including
medical
records;
profiles
of
the
patient’s
genes,
metabolites
(chemical
makeup),
and
microorganisms
in
and
on
the
body;
environmental
and
lifestyle
data;
patient-­‐generated
information;
and
personal
device
and
sensor
data

18. Obama’s
PMI

19. A
growing
market
for
IoT-­‐MD:
Telemedicine
“Telemedicine
is
the
use
of
medical
information
exchanged
from
one
site
to
another
via
electronic
communications
to
improve
a
patient’s
clinical
health
status.
Telemedicine
includes
a
growing
variety
of
applications
and
services
using
two-­‐way
video,
email,
smart
phones,
wireless
tools
and
other
forms
of
telecommunications
technology.”

20. Chronic
Disease
Management

21. Another
area
ripe
for
IoT-­‐MD:
Chronic
Disease
Management

22. ALSO:
Developing
Nation
Health
Care
“Telemedicine
is
the
use
of
medical
information
exchanged
from

23. Problems
with
Unregulated
Innovation
in
the
IoT-­‐MD
• Privacy
• Hacking/Safety
• Interoperability
• Accessibility
• Usability/reusability
• standardization

24. Regulating
the
IoT-­‐MD
Mixed
bag.
Sporadic
FDA
regulation
For
purposes
of
this
guidance,
CDRH
defines
general
wellness
products
as
products
that
meet
the
following
two
factors:
(1)
are
intended
for
only
general
wellness
use,
as
defined
in
this
guidance,
and
(2)
present
a
very
low
risk
to
users’
safety.
General
wellness
products
may
include
exercise
equipment,
audio
recordings,
video
games,
software
programs
and
other
products
that
are
commonly,
though
not
exclusively,
available
from
retail
establishments
…that
do
not
make
any
reference
to
diseases
or
condition.

25. Medical
Device
Data
Systems
Medical
Device
Data
Systems
(MDDS)
are
hardware
or
software
products
that
transfer,
store,
convert
formats,
and
display
medical
device
data.
An
MDDS
does
not
modify
the
data
or
modify
the
display
of
the
data,
and
it
does
not
by
itself
control
the
functions
or
parameters
of
any
other
medical
device.
MDDS
are
not
intended
to
be
used
for
active
patient
monitoring.
Examples
of
MDDS
include:
• software
that
stores
patient
data
such
as
blood
pressure
readings
for
review
at
a
later
time;
• software
that
converts
digital
data
generated
by
a
pulse
oximeter
into
a
format
that
can
be
printed;
and
• software
that
displays
a
previously
stored
electrocardiogram
for
a
particular
patient.

26. Medical
Device
Data
Systems
The
United
States
Food
and
Drug
Administration
(FDA)
issued
a
final
guidance
document
describing
the
Agency’s
intention
not
to
enforce
regulatory
controls
applicable
to
medical
device
data
systems
(MDDS),
medical
image
storage
devices,
and
medical
image
communication
devices,
due
to
the
low
risk
such
devices
pose
to
patients
and
their
importance
in
advancing
digital
health.
The
guidance,
which
finalizes
draft
guidance
issued
by
the
Agency
in
June
2014,
reflects
FDA’s
continued
efforts
to
apply
a
risk-­‐based
framework
that
avoids
over-­‐regulation
of
certain
low-­‐risk
medical
software
products
On February 15, 2011, the FDA issued a
regulation down-­ classifying MDDS from Class
III (high-­risk) to Class I (low-­risk)(“MDDS
regulation”)
Class I devices are subject to general controls
under the Federal Food, Drug, and Cosmetic
Act (FD&C Act). Since down-­classifying
MDDS, the FDA has gained additional
experience with these types of technologies,
and has determined that these devices pose a
low risk to the public. Therefore, the FDA does
not intend to enforce compliance with the
regulatory controls that apply to MDDS
devices, medical image storage devices, and
medical image communications devices
.

27. Cybersecurity
Regulation

28. Cybersecurity

29. More
Related
Regulation

30. FDA
MMA
Regulation
is
Limited
The
FDA
defines
a
‘mobile
medical
app’
as
a
mobile
app
that
is
intended
to
either
– Be
used
as
an
accessory
to
a
regulated
medical
device;
or
– Transform
a
mobile
platform
into
a
regulated
medical
device.
What
is
a
regulated
medical
device?
The
FDA
guidance
states
that:
When
the
intended
use
of
a
mobile
app
is
for:
• the
diagnosis
of
disease
or
other
conditions,
• or
– the
cure,
– mitigation,
– treatment,
or
– prevention
of
disease,
• or
is
intended
to
affect
the
structure
or
any
function
of
the
body
of
man,
the
mobile
app
is
a
device.

31. MMAs
for
FDA
discretionary
regulation

32. The
problem:
What
is
collecting
all
this
information?

33. The
problem:
What
is
collecting
all
this
information?

34. Multiple
Platforms

35. There
are
thousands
of
apps…
Health is the fastest growing of all app categories, and the number of
health and fitness apps has more than doubled over the last 2 years.
The Apple App Store and Google Play each feature more than
100,000 health apps.
HealthTap provided doctors
with access to a special app
review dashboard where
they could find, download,
try, and review all health and
medicalapps.
http://venturebeat.com/2015/01/21/doctors-­‐tap-­‐myfitnesspal-­‐weight-­‐watchers-­‐as-­‐top-­‐health-­‐apps/

36. Too
many
apps:
MMA’s

37. MMA’s
– What
was
submitted
to
the
FDA
will
likely
quickly
change…

38. Who
is
developing
MMA’s?

39. Who
is
developing
MMA’s?

40. MMAs
are
not
the
only
things
collecting
our
vitals

41. Data
Integrity
“As it is right now, all the wearable gear out
there is marching to its own tune, doing its
own thing, and grabbing data in its own way
with marginal accuracy. By and large, these
are closed ecosystems or proprietary
applications within an open architecture that
have limited scalability”
http://www.phonearena.com/news/Samsungs-­‐Voice-­‐of-­‐the-­‐Body-­‐is-­‐an-­‐open-­‐hardware-­‐and-­‐software-­‐platform-­‐for-­‐personal-­‐health-­‐monitoring_id56601

42. Hardware
&
Software
Variability

43. Software
Variability
https://en.wikipedia.org/wiki/Android_version_history

44. Software
Variability
https://en.wikipedia.org/wiki/IOS_version_history

45. Further
Lack
of
Standardized
Hardware
http://smartphoneworld.me/hello-­‐world-­‐2/

46. Further
Lack
of
Standardized
Hardware
https://testingmobileapps.wordpress.com/2016/02/17/smartphones-­‐sensors-­‐list/

47. Privacy
and
hijacking
of
data

50. Lack
of
Encyption in
general…

52. Malicious
Attackers
http://holykaw.alltop.com/cyber-­‐crime-­‐statistics-­‐and-­‐trends-­‐infographic

53. Hackers

54. More
Hacking

55. Even
More
Hacking

56. IoT Standards

57. Standards

58. Proposed
Solution:
Something
in
the
middle

59. Proposed
Solution:
Something
in
the
middle
Top
down
regulatory
v.
Bottom
up
industry
led

60. The
Middle
Layer
can
be
configured
to:
Dynamically
enforce
appropriate
industry
determined
standards
by
being
the
primary
and
preferred
gateway
for
data
to
travel
through
from
patient
to
provider
Alternatively
one
of
a
handful
of
government
approved
IoT-­‐MD
health
data
gateways
(compare
with
credit
reporting
agencies)

61. The
Middle
Layer
can
be
configured
to:
Enforce
industry
standards:
Passively: by
rejecting
data
that
doesn’t
meet
those
standards
Or
Actively:
interacting
with
IoT-­‐MD
devices
through
to
modify
the
data
such
that
it
meets
the
standards

62. For
example:
The
Middle
Layer
can
be
configured
to
provide:
1. Enforced
Standards
either
via
conversion
of
data
to
a
standardized
format
or
not
accepting
data
that
doesn’t
conform.
2. Enforced
and
standardized
encryption
by
not
accepting
data
that
is
not
encrypted
by
the
standard
3. Enforcing
calibration
of
sensors/adding
fudge
factors
to
standardize
the
sensors

63. For
example:
The
Middle
Layer
can
be
configured
to
provide:
1. A
secure
Centralized
Repository
for
the
data,
accessible
by
both
designated
health
care
providers
and
the
patient
themselves
2. The
ability
to
track
who
is
accessing
the
data
to
enforce
some
semblance
of
privacy
and
control
by
the
patient
of
their
data

64. Summary
• The
IoT and
the
IoT-­‐MD
have
created
a
new
and
emerging
reality
that
will
be
of
substantial
benefit
to
patients
and
other
consumers
of
healthcare
– Telemedicine
– Chronic
disease
management
– Medicine
in
developing
nations
– Quantified
self
and
other
tracking
of
vitals
and
health
related
data

65. Summary
• FDA,
FTC
and
other
regulators
are
misguided
in
their
attempts
to
regulate
this
industry
– Too
many
applications
– Too
many
novice
companies
– Too
many
software
and
hardware
versions

66. Summary
• Nevertheless
there
remain
real
concerns
that
call
out
for
some
form
of
government
intervention
– Privacy
– Hacking/Safety
– Interoperability
– Accessibility
– Usability

67. Summary
• Potential
solution
could
be
technological
• Some
sort
of
middleware/middle
layer…
– That
provides
• Safety
• Encryption
• Data
collection
and
data
retention
Standardization
• Tracking
• Centralized
data
repositories

68. Thank
You

69. Proposed
Solution:
Something
in
the
middle

70. Remember
the
V-­‐chip?

71. Obama’s
PMI
• The
Precision
Medicine
Initiative,
a
bold
new
research
effort
to
revolutionize
how
we
improve
health
and
treat
disease.
• Launched
with
a
$215
million
investment
in
the
President’s
2016
Budget,
the
Precision
Medicine
Initiative
will
pioneer
a
new
model
of
patient-­‐powered
research
that
promises
to
accelerate
biomedical
discoveries
and
provide
clinicians
with
new
tools,
knowledge,
and
therapies
to
select
which
treatments
will
work
best
for
which
patients.
• Most
medical
treatments
have
been
designed
for
the
“average
patient.”
As
a
result
of
this
“one-­‐size-­‐fits-­‐all-­‐approach,”
treatments
can
be
very
successful
for
some
patients
but
not
for
others.
• This
is
changing
with
the
emergence
of
precision
medicine,
an
innovative
approach
to
disease
prevention
and
treatment
that
takes
into
account
individual
differences
in
people’s
genes,
environments,
and
lifestyles.
• Precision
medicine
gives
clinicians
tools
to
better
understand
the
complex
mechanisms
underlying
a
patient’s
health,
disease,
or
condition,
and
to
better
predict
which
treatments
will
be
most
effective.

72. Telemedicine

74. Problems
Less
of
an
issue
for
large
data
sets…

75. Who
is
developing
MMA’s?