Should You Have Unfettered Access to Your Implanted Medical Device Data?

There was a very interesting story in the Wall Street Journal that looked at the inability of patients who have implanted medical devices such as defibrillator implants to gain access to the raw information the devices are sending out.  According to the story, the device manufacturers say that rules by the U.S. Food and Drug Administration (FDA) require that the information be only sent to the patients’ hospitals or doctors, who are in fact the device manufacturers’ end-item customers. If a patient want’s to get access to the raw device data, they are told that they have to get it from their healthcare provider.

At first blush, this doesn’t sound entirely unreasonable.  The device manufacturers argue that the data from a medical device like a defibrillator isn’t in a “useful format” that patients could understand anyway, and that if they were to try make it so, it would (a) require FDA approval and (b) cost the manufactures a lot of money, which they don’t want to spend. They also argue that they haven't seen any customer demand for such information.

The FDA, the Journal article states, generally “supports patient access” to medical device information, but only if it is in a format that is presented in a way that provides “proper interpretation and explanation,” like that delivered by a doctor. In other words, don’t count on the FDA to approve broad patient access to medical device information in “useful format” or not.

Many doctors support the FDA’s position, arguing that getting access to device information – especially raw information - might cause “cause anxiety or even harm if a patient misunderstood the signals.”  

However, there are other incentives also at work keeping patients from accessing raw or even interpreted medical device information. As I mentioned, the doctors and hospitals are the device manufacturers’ actual customers. If a patient wants their implanted device information, the patient is likely going to have get an appointment and pay whatever fee the doctor or hospital charges. A bit of mutual back-scratching there.

Furthermore, a doctor or hospital usually doesn’t get the devices' raw data themselves anyway: device manufacturers only send output summaries to them. In addition, even if a doctor or hospital wanted to provide raw data to their patients, it might not be possible anyway.  Device manufacturers typically make doctors and hospitals sign contracts that restrict use of the devices’ raw data. The manufacturers can do that because raw data from an implanted device is not considered to be medical record information under the 1996 Health Insurance Portability and Accountability Act (HIPAA) which gives a patient the right to access their medical information held by their healthcare provider.

It also turns out that the device manufacturers are exploring business opportunities to sell “the data to health systems or insurers that could use it to predict diseases and possibly lower their costs.”  It therefore behooves the manufacturers to keep access to their device data as restricted as possible.

Even more concerning is the other ideas device manufacturers are contemplating. The WSJ says that Medtronic , for example, “is developing a matchstick-size monitor, implantable without surgery, that could track measures such as heart rate and arrhythmia that can predict heart disease.” With such a device, Medtronic “envision(s) a future where employers might require insured workers with a family history of heart disease to have the device implanted or face higher insurance premiums.”

Of course, if that "vision" became the norm, I wouldn’t doubt that the next step would be for employers to start insisting that all of their insured employees have non-surgically implantable devices to check on a whole host of health factors, such as drug and alcohol use (why require random testing when you can monitor a person 24 hours a day?), the amount of sleep they are getting (drowsy workers may be a safety hazard), etc.

The only problem with Medtronic’s vision of the future, of course, is that the auto manufacturers may beat them to the punch.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement