Hostname: page-component-7c8c6479df-27gpq Total loading time: 0 Render date: 2024-03-28T16:05:43.773Z Has data issue: false hasContentIssue false

Assessing the Thin Regulation of Consumer-Facing Health Technologies

Published online by Cambridge University Press:  01 January 2021

Abstract

This article addresses the data protection and product safety regulatory models currently applied to consumer-facing health technologies. It explains how the design and structures of existing data protection and safety regulation in the U.S. have resulted in exceptionally thin protection for the users of consumer-facing devices and products that rely on or that facilitate consumer collection or aggregation of health and wellness data. It also examines some appealing legislative alternatives to the current thin model used in the U.S. and suggests a framework for prioritizing ameliorative regulation. To better understand existing regulatory models, their deficiencies, and how they should be reformed, the article employs an analytical model describing these regulatory systems across two axes. The vertical axis describes the quantity or depth of regulation, such as, for example, the strictness of the rules imposed by the regulatory model. The horizontal axis describes the reach of the regulation, the behaviors, products, or industries to which the regulation applies.

Type
Symposium Articles
Copyright
Copyright © American Society of Law, Medicine and Ethics 2020

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

See generally Terry, N.P. and Gunter, T. D., “Regulating Mobile Mental Health Apps,” Behavioral Sciences & the Law 36 (2018):136-144; Huckvale, K., Torous, J., and Larsen, M.E., “Assessment of the Data Sharing and Privacy Practices of Smartphone Apps for Depression and Smoking Cessation” JAMA Network Open 2, no. 4 (2019).CrossRefGoogle Scholar
Commission Regulation 2016/679 of Apr 27, 2016, On the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 1.Google Scholar
Gramm-Leach-Bliley Act, Pub. L. No. 106-102, § 501, 113 Stat. 1338, 1436–37.Google Scholar
45 C.F.R. § 160.102(b).Google Scholar
LabMD, Inc., “In the Matter of,” available at <https://www.ftc.gov/enforcement/cases-proceedings/102-3099/labmd-inc-matter> (last visited January 29, 2020) (the overlap with HIPAA was not at issue in LabMD, Inc. v. Federal Trade Commission, 894 F.3d 1221 (11th Cir. 2018)).+(last+visited+January+29,+2020)+(the+overlap+with+HIPAA+was+not+at+issue+in+LabMD,+Inc.+v.+Federal+Trade+Commission,+894+F.3d+1221+(11th+Cir.+2018)).>Google Scholar
Section 5(a) Federal Trade Commission Act, 15 USC § 45.Google Scholar
See, e.g., Tressler, C., “FTC Presses Aura Over Blood Pressure App,” available at <https://www.consumer.ftc.gov/blog/2016/12/ftc-presses-aura-over-blood-pressure-app> (last visited January 29, 2020).+(last+visited+January+29,+2020).>Google Scholar
See, e.g., Federal Trade Commission, “Wyndham Settles FTC Charges It Unfairly Placed Consumers’ Payment Card Information at Risk,” available at <https://www.ftc.gov/news-events/press-releases/2015/12/wyndham-settles-ftc-charges-it-unfairly-placed-consumers-payment> (last visited January 29, 2020).+(last+visited+January+29,+2020).>Google Scholar
See generally Terry, N., “Regulatory Disruption and Arbitrage in Healthcare Data Protection,” Yale Journal of Health Policy, Law & Ethics 17, no. 1 (2017): 143-208, 152-54.Google Scholar
Pub. L. No. 110-233, 122 Stat. 881 (2008).Google Scholar
“United States Consumer Product Safety Commission,” available at <https://www.cpsc.gov> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Federal Communications Commission, “Equipment Authorization,” available at <https://www.fcc.gov/engineering-technology/laboratory-division/general/equipment-authorization> (last visited January 31, 2020); see, e.g., 47 CFR § 2.907. Other regulatory agencies on the horizontal axis include the National Highway Traffic Safety Administration (motor vehicles) and the United States Environmental Protection Agency (some poisons, such as pesticides).+(last+visited+January+31,+2020);+see,+e.g.,+47+CFR+§+2.907.+Other+regulatory+agencies+on+the+horizontal+axis+include+the+National+Highway+Traffic+Safety+Administration+(motor+vehicles)+and+the+United+States+Environmental+Protection+Agency+(some+poisons,+such+as+pesticides).>Google Scholar
E.g., lead-containing paint, 16 C.F.R. Part 1303.Google Scholar
E.g., some type of trampoline, United States Consumer Product Safety Commission, “Super Jumper Recalls Trampolines Due to Fall and Injury Hazards,” available at <https://www.cpsc.gov/Recalls/2019/Super-Jumper-Recalls-Trampolines-Due-to-Fall-and-Injury-Hazards> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Terry, supra note 9.Google Scholar
21 U.S.C. § 321(h).Google Scholar
See generally Food & Drug Administration, U.S. Department of Health and Human Services, “Software as a Medical Device (SaMD),” available at <https://www.fda.gov/medical-devices/digital-health/software-medical-device-samd> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See, e.g., Food & Drug Administration, U.S. Department of Health and Human Services, “Direct-to-Consumer Tests,” available at <https://www.fda.gov/medical-devices/vitro-diagnostics/direct-consumer-tests> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Food & Drug Administration, U.S. Department of Health and Human Services, “FDA In Brief: FDA Takes New Steps to Advance Risk-based Regulation of Digital Health Tools,” available at <https://www.fda.gov/news-events/fda-brief/fda-brief-fda-takes-new-steps-advance-risk-based-regulation-digital-health-tools> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See, e.g., Food & Drug Administration, U.S. Department of Health and Human Services, “Clinical and Patient Decision Support Software: Draft Guidance for Industry and Food and Drug Administration Staff,” available at <https://www.fda.gov/media/109618/download> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
21 U.S.C. § 360j(o)(1)(B).Google Scholar
Food & Drug Administration, U.S. Department of Health and Human Services, “Digital Health Innovation Action Plan,” available at <https://www.fda.gov/downloads/MedicalDe-vices/DigitalHealth/UCM568735.pdf> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Food & Drug Administration, U.S. Department of Health and Human Services, “Digital Health Software Precertification (Pre-Cert) Program,” available at <https://www.fda.gov/MedicalDevices/DigitalHealth/DigitalHealthPreCertProgram/default.htm> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Terry, N. and Wiley, L.F., “Liability for Mobile Health and Wearable Technologies,” Annals of Health Law 25, no. 2 (2016): 62-97, 86-89 (2016); see also Steinberg, J., “Fitbit Sleep-Tracker Settlement Slated for September Hearing,” available at <https://news.bloombergenvironment.com/product-liability-and-toxics-law/fitbit-sleep-tracker-settlement-slated-for-september-hearing> (last visited January 31, 2020).Google Scholar
Food & Drug Administration, U.S. Department of Health and Human Services, “FDA’s Role in Regulating Medical Devices,” available at <https://www.fda.gov/medical-devices/home-use-devices/fdas-role-regulating-medical-devices> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Drummond, M., Tarricone, R., and Torbica, A., “Economic Evaluation of Medical Devices,” available at <https://oxfordre.com/economics/view/10.1093/acrefore/9780190625979.001.0001/acrefore-9780190625979-e-105> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See, e.g., Food & Drug Administration, U.S. Department of Health and Human Services, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff,” available at <https://www.fda.gov/media/119933/download> (last visited January 31, 2020); see generally Food & Drug Administration, U.S. Department of Health and Human Services, Cybersecurity, available at <https://www.fda.gov/medical-devices/digital-health/cybersecurity> (last visited January 31, 2020).+(last+visited+January+31,+2020);+see+generally+Food+&+Drug+Administration,+U.S.+Department+of+Health+and+Human+Services,+Cybersecurity,+available+at++(last+visited+January+31,+2020).>Google Scholar
Food & Drug Administration, U.S. Department of Health and Human Services, “Medical Device Safety Action Plan: Protecting Patients, Promoting Public Health,” available at <https://www.fda.gov/about-fda/cdrh-reports/medical-device-safety-action-plan-protecting-patients-promoting-public-health> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Federal Trade Commission, “Mobile Health Apps Interactive Tool,” available at https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Terry, N., “Big Data Proxies and Health Privacy Exceptionalism,” Health Matrix 24, no. 1 (2014): 65-108.Google Scholar
See, e.g., Van Wagenen, , “Medical Device Vulnerabilities Continue to Plague the Industry,” available at <https://healthtech-magazine.net/article/2018/12/medical-device-vulnerabilities-continue-plague-industry> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Terry, N., “Of Regulating Healthcare AI and Robots,” Yale Journal of Law and Technology 21, no. 3 (2019), available at <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3321379> (last visited January 31, 2020).Google Scholar
Commission Regulation 2016/679 of Apr 27, 2016, On the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 33.Google Scholar
Commission Regulation 2016/679 of Apr 27, 2016, On the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 35.Google Scholar
Cal. Civ. Code §§ 1798.100 to 1798.198.Google Scholar
Cal. Civ. Code §§ 1798.140(b), 1798.140(k).Google Scholar
Cal. Civ. Code §§ 1798.105-125.Google Scholar
Cal. Civ. Code § 1798.145(c).Google Scholar
See, e.g., Lindsey, N., “Google, Other Tech Companies Trying to Dilute CCPA with AdTech Exemption,” available at <https://www.cpomagazine.com/data-protection/google-other-tech-companies-trying-to-dilute-ccpa-with-adtech-exemption/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Murphy, K., “California Privacy Law Sets National Agenda as Federal Talks Fizzle,” available at <https://www.politico.com/states/california/story/2019/08/08/california-privacy-law-sets-national-agenda-as-federal-talks-fizzle-1126208> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Lapowsky, I., “Get Ready for a Privacy Law Showdown in 2019,” available at <https://www.wired.com/story/privacy-law-showdown-congress-2019/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Committee on Commerce, Science & Transportation, U.S. Senate, “Hearings: Examining Safeguards for Consumer Data Privacy,” available at <https://www.commerce.senate.gov/public/index.cfm/2018/9/examining-safeguards-for-consumer-data-privacy> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See, e.g., 740 ILCS 14/1; Tex. Bus. & Com. Code § 503.001; RCW 19.375 et seq.Google Scholar
Letter from Elizabeth Warren, U.S. Senator from Massachusetts; Patty Murray, U.S. Senator from Washington; and Tina Smith, U.S. Senator from Minnesota; to Scott Gottlieb, Commissioner, U.S. Food and Drug Administration, and Jeffrey Shuren, Director, Center for Devices and Radiological Health, U.S. Food and Drug Administration, available at <https://www.warren.senate.gov/imo/media/doc/2018.10.10%20Letter%20to%20FDA%20on%20regulation%20of%20sof-ware%20as%20medical%20device.pdf> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Food & Drug Administration, U.S. Department of Health and Human Services, “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) - Discussion Paper and Request for Feedback, 3,” available at <https://www.fda.gov/media/122535/download> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Melendez, S. and Pasternack, A., “Here Are the Data Brokers Quietly Buying and Selling Your Personal Information,” available at <https://www.fastcompany.com/90310803/here-arethe-data-brokers-quietly-buying-and-selling-your-personal-information> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
15 U.S.C. §§ 1681–1681x.Google Scholar
Melendez, S., “A Landmark Vermont Law Nudges Over 120 Data Brokers Out of the Shadows,” available at <https://www.fastcompany.com/90302036/over-120-data-brokers-inch-out-of-the-shadows-under-landmark-vermont-law> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
H.B.764, 2017-2018 Gen. Assemb. 74th Biennial Sess. (Vt. 2018).Google Scholar
Terry, N., “Navigating the Incoherence of Big Data Reform Proposals,” Journal of Law, Medicine, & Ethics 43, no. 1 (2015): 44-47, 44.CrossRefGoogle Scholar
Apple, “Privacy,” available at <https://www.apple.com/privacy/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Apple, “Sign in with Apple,” available at <https://developer.apple.com/sign-in-with-apple/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Apple, “Apple Card: Privacy and Security,” available at <https://www.apple.com/apple-card/privacy-security/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Harwell, D., “Is Your Pregnancy App Sharing Your Intimate Data with Your Boss?” available at <https://www.washington-post.com/technology/2019/04/10/tracking-your-pregnancy-an-app-may-be-more-public-than-you-think/?> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
WomenHelpWomen, “Euki App,” available at <https://abortionpillinfo.org/en/page/378/euki-app> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
See generally Zuboff, S., “Big Other: Surveillance Capitalism and the Prospects of an Information Civilization,” Journal of Information Technology 30, no. 1 (2015): 75-89.CrossRefGoogle Scholar
See generally Sloan, R.H. and Warner, R., “Beyond Notice and Choice: Privacy, Norms, and Consent,” Journal of High Technology Law 14, no. 2 (2014): 370-407, at 390.Google Scholar
Apple, “Improving Siri’s Privacy Protections,” available at <https://www.apple.com/newsroom/2019/08/improving-siris-privacy-protections/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Cal. Civ. Code § 1798.105 (a).Google Scholar
Google, “Advertising Policies: Healthcare and medicines,” available at <https://support.google.com/adspolicy/answer/176031> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Purdue, M., “Apple Introduces New Call Blocking Software with iOS 13 to Combat Robocalls,” available at <https://www.usatoday.com/story/tech/2019/06/06/apple-combats-robo-calls-call-block-features-ios-13-software/1361696001/ (last visited October 4, 2019).Google Scholar
Piper, K., Exclusive: Google Cancels AI Ethics Board in Response to Outcry, available at <https://www.vox.com/future-perfect/2019/4/4/18295933/google-cancels-ai-ethics-board> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Comstock, J., Apple Adds Mandatory IRB Ethics Review to Researchkit Guidelines, available at <https://www.mobihealthnews.com/43045/apple-adds-mandatory-irb-ethics-review-to-researchkit-guidelines> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Terry and Wiley, supra note 25.Google Scholar
Apple, Apple Announces Three Groundbreaking Health Studies, available at <https://www.apple.com/newsroom/2019/09/apple-announces-three-groundbreaking-health-studies/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar
Bowen, S. and Khoury, M.J., Consumer Genetic Testing Is Booming: But What are the Benefits and Harms to Individuals and Populations?, available at <https://blogs.cdc.gov/genomics/2018/06/12/consumer-genetic-testing/> (last visited January 31, 2020).+(last+visited+January+31,+2020).>Google Scholar