Collecting  Big  Data  via  the  Internet  of  Things,  overcoming  regulatory  and  other  limitations.

Dov  Greenbaum  JD  PhD

Zvi  Meitar  Institute

The  Institute  aims  to  examine  the  Legal  Ethical  and  Social  Implications  of  New  and  Emerging  Technologies  with  a  focus  on  issues  relating  to  Disruptive  Technology.

Zvi  Meitar  Institute

Four  Facets  of  the  Institute

IoTThe  IoT includes   consumer-­‐facing devices,  as  well  as  products  and  services  that  are  not  consumer-­‐facing,  such  as  devices  designed  for  businesses   to  enable  automated  communications  between  machines.  For  example,  the  term  IoT can  include  the  type  of  Radio  Frequency  Identification  (“RFID”)  tags  that  businesses   place  on  products  in  stores  to  monitor  inventory;  sensor  networks  to  monitor  electricity  use  in  hotels;  and  Internet-­‐connected   jet  engines  and  drills  on  oil  rigs.

Experts  estimate  that,  as  of  this  year,  there  will  be  25  billion  connected  devices,  and  by  2020,  50  billion.

IoT

The Internet of Things is the network of physical objects thatcontain embedded technology to communicate and sense orinteract with their internal states or the externalenvironment.

IoT

The  Internet  of  Things  (IoT),  which  excludes  PCs,  tablets  and  smartphones,  will  grow  to  26  billion  units  installed  in  2020  representing  an  almost  30-­‐fold  increase  from  0.9  billion  in  2009, according  to  Gartner,  Inc.  Gartner  said  that  IoT product  and  service  suppliers  will  generate  incremental  revenue  exceeding  $300  billion,  mostly  in  services,  in  2020.  It  will  result  in  $1.9  trillion  in  global  economic  value-­‐add  through  sales  into  diverse  end  markets.

IoT

FTC’s  Regulatory  Approach  to  the  IoT

“The  only  way  for  the  Internet  of  Things  to  reach  its  full  potential  for  innovation  is  with  the  trust  of  American  consumers.

“We  believe  that  by  adopting  the  best  practices  we’ve  laid  out,  businesses  will  be  better  able  to  provide  consumers  the  protections  they  want  and  allow  the  benefits  of  the  Internet  of  Things  to  be  fully  realized.

FTC  Chairwoman  Edith  Ramirez  

FTC’s  Regulatory  Approach  to  the  IoT

• Security  and  Minimal  Data  Collection• Consumer  Notice  of  Data  Collection• Consumer  Choices  re:  Data  Collection

Critics  see  this  as  too  overbearing,  less  -­‐permissionpreferring  more  

innovation

Its  not  Just  the  Americans

IoT with  some  health  benefits:  Quantified  Self

Quantified  Self  with  a  very  ambitious  health  orientation:  The  Snyderome

A  bit  more  mainstream:  IoT-­‐MD

Succinctly:  the  IoT-­‐MD  provides  an  environment  where  a  patient’s  vital  parameters  get  • transmitted  by  medical  devices  • via  a  gateway  onto  secure  cloud  based  platforms  • where  it  is  

– stored,  – aggregated  and  – analyzed.

Today,  it  has  become  increasingly  possible  to  remotely  monitor  a  patient’s  health  with  the  use  of  network  of  sensors,  actuators  and  other  mobile  communication  devices:  the  Internet  of  Things  for  Medical  Devices  (IoT-­‐MD).

Early  adopter  of  IoT-­‐MD?

Obama’s  PMI• Creation  of  a  voluntary  national  research  cohort:NIH,  in  collaboration  with  other  agencies  and  stakeholders,  will  launch  a  national,  patient-­‐powered  research  cohort  of  one  million  or  more  Americans  who  volunteer  to  participate  in  research. Participants  will  be  involved  in  the  design  of  the  Initiative  and  will  have  the  opportunity  to  contribute  diverse  sources  of  data—including  medical  records;  profiles  of  the  patient’s  genes,  metabolites  (chemical  makeup),  and  microorganisms  in  and  on  the  body;  environmental  and  lifestyle  data;  patient-­‐generated  information;  and  personal  device  and  sensor  data

Obama’s  PMI

A  growing  market  for  IoT-­‐MD:Telemedicine

“Telemedicine  is  the  use  of  medical  information  exchanged  from  one  site  to  another  via  electronic  communications  to  improve  a  patient’s  clinical  health  status.  Telemedicine  includes  a  growing  variety  of  applications  and  services  using  two-­‐way  video,  email,  smart  phones,  wireless  tools  and  other  forms  of  telecommunications  technology.”

Chronic  Disease  Management

Another  area  ripe  for  IoT-­‐MD:Chronic  Disease  Management

ALSO:    Developing  Nation  Health  Care

“Telemedicine  is  the  use  of  medical  information  exchanged  from

Problems  with  Unregulated  Innovation  in  the  IoT-­‐MD

• Privacy  • Hacking/Safety

• Interoperability  • Accessibility  • Usability/reusability• standardization

Regulating  the  IoT-­‐MDMixed  bag.Sporadic  FDA  regulation

For  purposes  of  this  guidance,  CDRH  defines  general  wellness  products  as  products  that  meet  the  following  two  factors:  (1)  are  intended  for  only  general  wellness  use,  as  defined   in  this  guidance,  and  (2)  present  a  very  low  risk  to  users’  safety.General  wellness  products  mayinclude  exercise  equipment,  audio  recordings,  video  games,  software  programs  and  other  products  that  are  commonly,  though  not  exclusively,  available  from  retail  establishments    …that  do  not  make  any  reference  to  diseases  or  condition.

Medical  Device  Data  Systems  

Medical  Device  Data  Systems  (MDDS)  are  hardware  or  software  products  that  transfer,  store,  convert  formats,  and  display  medical  device  data.  An  MDDS  does  not  modify  the  data  or  modify  the  display  of  the  data,  and  it  does  not  by  itself  control  the  functions  or  parameters  of  any  other  medical  device.  MDDS  are  not  intended  to  be  used  for  active  patient  monitoring.Examples  of  MDDS  include:• software  that  stores  patient  data  such  as  blood  

pressure  readings  for  review  at  a  later  time;• software  that  converts  digital  data  generated  by  a  

pulse  oximeter  into  a  format  that  can  be  printed;  and

• software  that  displays  a  previously  stored  electrocardiogram  for  a  particular  patient.

Medical  Device  Data  Systems  The  United  States  Food  and  Drug  Administration  (FDA)  issued  a  final  guidance  document  describing  the  Agency’s  intention  not  to  enforce  regulatory  controls  applicable  to  medical  device  data  systems  (MDDS),  medical  image  storage  devices,  and  medical  image  communication  devices,  due  to  the  low  risk  such  devices  pose  to  patients  and  their  importance  in  advancing  digital  health.  The  guidance,  which  finalizes  draft  guidance  issued  by  the  Agency  in  June  2014,  reflects  FDA’s  continued  efforts  to  apply  a  risk-­‐based  framework  that  avoids  over-­‐regulation  of  certain  low-­‐risk  medical  software  products  

On  February  15,  2011,  the  FDA  issued  a  regulation  down-­ classifying  MDDS  from  Class  III    (high-­risk)  to  Class  I  (low-­risk)(“MDDS  regulation”)

Class  I  devices  are  subject  to  general  controls  under  the  Federal  Food,  Drug,  and  Cosmetic  Act  (FD&C  Act).    Since    down-­classifying  MDDS,  the    FDA  has  gained  additional  experience  with  these  types  of  technologies,  and  has    determined  that  these  devices  pose  a  low  risk  to  the  public.  Therefore,  the  FDA  does  not  intend  to  enforce    compliance  with  the  regulatory  controls  that  apply  to  MDDS  devices,  medical  image  storage  devices,  and  medical  image  communications  devices.  

Cybersecurity  Regulation

Cybersecurity

More  Related  Regulation

FDA  MMA  Regulation  is  LimitedThe  FDA  defines  a  ‘mobile  medical  app’  as  a  mobile  app  that  is  intended  to  either  

– Be  used  as  an  accessory  to  a  regulated  medical  device;  or– Transform  a  mobile  platform  into  a  regulated  medical  device.

What  is  a  regulated  medical  device?  The  FDA  guidance  states  that:

When  the  intended  use  of  a  mobile  app  is  for:• the  diagnosis  of  disease  or  other  conditions,• or  

– the  cure,  – mitigation,  – treatment,  or  – prevention  of  disease,  

• or  is  intended  to  affect  the  structure  or  any  function  of  the  body  of  man,  the  mobile  app  is  a  device.

MMAs  for  FDA  discretionary  regulation

The  problem:    What  is  collecting  all  this  information?

The  problem:    What  is  collecting  all  this  information?

Multiple  Platforms

There  are  thousands  of  apps…

Health is the fastest growing of all app categories, and the number ofhealth and fitness apps has more than doubled over the last 2 years.The Apple App Store and Google Play each feature more than100,000 health apps.

HealthTap provided doctorswith access to a special appreview dashboard wherethey could find, download,try, and review all health andmedical apps.

http://venturebeat.com/2015/01/21/doctors-­‐tap-­‐myfitnesspal-­‐weight-­‐watchers-­‐as-­‐top-­‐health-­‐apps/

Too  many  apps:  MMA’s

MMA’s  – What  was  submitted  to  the  FDA  will  likely  quickly  change…

Who  is  developing  MMA’s?

Who  is  developing  MMA’s?

MMAs  are  not  the  only  things  collecting  our  vitals

Data  Integrity

“As it is right now, all the wearable gear outthere is marching to its own tune, doing itsown thing, and grabbing data in its own waywith marginal accuracy. By and large, theseare closed ecosystems or proprietaryapplications within an open architecture thathave limited scalability”

http://www.phonearena.com/news/Samsungs-­‐Voice-­‐of-­‐the-­‐Body-­‐ is-­‐an-­‐open-­‐hardware-­‐and-­‐software-­‐platform-­‐for-­‐personal-­‐health-­‐monitoring_id56601

Hardware  &  Software  Variability

Software  Variability  

https://en.wikipedia.org/wiki/Android_version_history

Software  Variability  

https://en.wikipedia.org/wiki/IOS_version_history

Further  Lack  of  Standardized  Hardware

http://smartphoneworld.me/hello-­‐world-­‐2/

Further  Lack  of  Standardized  Hardware

https://testingmobileapps.wordpress.com/2016/02/17/smartphones-­‐sensors-­‐list/

Privacy  and  hijacking  of  data

Lack  of  Encyption in  general…

Malicious  Attackers

http://holykaw.alltop.com/cyber-­‐crime-­‐statistics-­‐and-­‐trends-­‐infographic

Hackers

More  Hacking

Even  More  Hacking

IoT Standards

Standards

Proposed  Solution:  Something  in  the  middle

Proposed  Solution:  Something  in  the  middle

Top  down  regulatory  v.  Bottom    up  industry  led

The  Middle  Layer  can  be  configured  to:

Dynamically  enforce  appropriate  industry  determined  standards  by  being  the  primary  and  preferred  gateway  for  data  to  travel  through  from  patient  to  providerAlternatively  one  of  a  handful  of  government  approved  IoT-­‐MD  health  data  gateways  (compare  with  credit  reporting  agencies)

The  Middle  Layer  can  be  configured  to:

Enforce  industry  standards:

Passively: by  rejecting  data  that  doesn’t  meet  those  standards

Or

Actively:  interacting  with  IoT-­‐MD  devices  through  to  modify  the  data  such  that  it  meets  the  standards  

For  example:  The  Middle  Layer  can  be  configured  to  provide:

1. Enforced  Standards  either  via  conversion  of  data  to  a  standardized  format  or  not  accepting  data  that  doesn’t  conform.

2. Enforced  and  standardized  encryption  by  not  accepting  data  that  is  not  encrypted  by  the  standard

3. Enforcing  calibration  of  sensors/adding  fudge  factors  to  standardize  the  sensors

For  example:  The  Middle  Layer  can  be  configured  to  provide:

1. A  secure  Centralized  Repository  for  the  data,  accessible  by  both  designated  health  care  providers  and  the  patient  themselves

2. The  ability  to  track  who  is  accessing  the  data  to  enforce  some  semblance  of  privacy  and  control  by  the  patient  of  their  data

Summary

• The  IoT and  the  IoT-­‐MD  have  created  a  new  and  emerging  reality  that  will  be  of  substantial  benefit  to  patients  and  other  consumers  of  healthcare– Telemedicine– Chronic  disease  management–Medicine  in  developing  nations– Quantified  self  and  other  tracking  of  vitals  and  health  related  data

Summary

• FDA,  FTC  and  other  regulators  are  misguided  in  their  attempts  to  regulate  this  industry– Too  many  applications– Too  many  novice  companies– Too  many  software  and  hardware  versions

Summary

• Nevertheless  there  remain  real  concerns  that  call  out  for  some  form  of  government  intervention  – Privacy  – Hacking/Safety– Interoperability  – Accessibility  – Usability

Summary

• Potential  solution  could  be  technological• Some  sort  of  middleware/middle  layer…– That  provides

• Safety• Encryption• Data  collection  and  data  retention  Standardization• Tracking• Centralized   data  repositories

Thank  You

Proposed  Solution:  Something  in  the  middle

Remember  the  V-­‐chip?

Obama’s  PMI• The  Precision  Medicine   Initiative,  a  bold  new  research  effort  to  revolutionize  how  

we  improve  health  and  treat  disease.• Launched  with  a  $215  million  investment  in  the  President’s  2016  Budget,  the  

Precision  Medicine   Initiative  will  pioneer  a  new  model  of  patient-­‐powered  research  that  promises  to  accelerate  biomedical   discoveries  and  provide  clinicians  with  new  tools,  knowledge,  and  therapies  to  select  which  treatments  will  work  best  for  which  patients.

• Most  medical  treatments  have  been  designed   for  the  “average  patient.”  As  a  result  of  this  “one-­‐size-­‐fits-­‐all-­‐approach,”  treatments  can  be  very  successful   for  some  patients  but  not  for  others.

• This  is  changing  with  the  emergence  of  precision  medicine,  an  innovative  approach  to  disease  prevention  and  treatment  that  takes  into  account  individual  differences  in  people’s  genes,  environments,  and  lifestyles.

• Precision  medicine   gives  clinicians   tools  to  better  understand  the  complex  mechanisms   underlying  a  patient’s  health,  disease,  or  condition,  and  to  better  predict  which  treatments  will  be  most  effective.

Telemedicine

Problems

Less  of  an  issue  for  large  data  sets…

Who  is  developing  MMA’s?