5 Point Digital Health Checkup

In the broadest sense, digital health encompasses everything related to human physiology and health that can be captured and managed digitally. A simple fax transmission or digital thermometer can be considered “digital health” even though the technology itself has been around for decades. Similarly, telehealth services are often lumped into the “digital health” category even though the underlying technology can be as simple as a phone call with a healthcare provider (cellular or otherwise).

Since fitness and wellness often fall into the general health category – the bright line of demarcation is getting fuzzier every year. That exact fuzziness also represents a good starting point in our 5 point checkup.

Personal or Clinical Use: More and more people are counting everything from miles run and steps walked to calories consumed (or burned) and more complex biometrics like heart, respiration or metabolism rate. As consumers, we may be enamored with a particular device or technology (including its outright purchase), but what if that conflicts with a clinical study, doctor recommendation or subsequent FDA approval? More importantly, shouldn’t we rightfully own the data our own bodies generate? Hugo Campos has been fighting for the rights of his implantable cardiac defibrillator (ICD) for several years (TedX talk here) and while there has been some recent progress – it’s not a complete victory (more here). At the exact time that we need (and expect) more direct and active patient engagement, the slow and carefully calculated response of a leading device manufacturer like Medtronic MDT +0.81% amounts to a black-eye for the entire medical device/digital health industry. The first question here should really be where is the data headed?

Safety and Security: The annual Black Hat event concluded just this last week in Las Vegas. Sadly, this year’s conference was overshadowed by the untimely death of globally recognized White Hat – Barnaby Jack (Washington Post coverage here). Last year Barnaby used a clear Plexiglas mannequin to demonstrate how an insulin pump could be hacked from 300 feet away (and deliver a lethal dose of insulin). This year, he was scheduled to demonstrate how an implantable cardiac defibrillator (ICD) could be remotely controlled to deliver a potentially lethal shock. The point here is that these devices (and apps) have life-and-death safety (and security) requirements. The security profile embedded in these devices (and apps) need to reflect that critical attribute (where appropriate). The fact that even one ICD or insulin pump can be hacked and then controlled remotely suggests there is ample room for improvement in this one category alone.

Accuracy: Let’s take the single most common and well known digital healthcare device – the digital thermometer. These have been around for decades; are in wide retail circulation and are relatively cheap.

Medical research has not determined an exact correlation between oral, rectal, ear (tympanic), and armpit (axillary) temperature measurements. Plastic strip thermometers have some uses, but they are not recommended for general home use. WebMD – April, 2011

A quick web sampling suggests this priority for temperature accuracy: rectal (#1), oral (#2), axillary (#3) and then tympanic (#4). Since the forehead only measures skin (not body) temperature – most of the medical references I’ve seen advise against its use for temperature readings and yet at least one of the newer devices (called the Scout – and still in development by Scanadu) appears to be targeting the forehead as the primary collection point for body temperature (among other things). The point here is that many of these high-profile devices – while technically exciting (with the added aura of new) still have a long way to go to prove clinical efficacy and safety. The FDA will sort some of this out – but since a tympanic-only temperature sensor (ie: the Braun we own) is already FDA approved – how can consumers distinguish between what’s clinically ideal or preferred and what’s really designed for consumer appeal or convenience?

Privacy: Many of the newer devices and applications are “cloud based” which often require an account and login for collecting and then managing the data over a period of time. Assuming a fairly high degree of “security” (say data level encryption with dual authentication and SSL), what about actual privacy of data? With a purely web-based consumer business model, the temptation to “sell” de-identified health data is everywhere. The trouble is – de-identified data can be re-identified.

Latanya Sweeney, PhD, a professor of government and technology and director of the Data Privacy Lab at Harvard University in Massachusetts, took a database of 1,130 de-identified participants of a genomic surveillance study and correctly re-identified 241 participants. amednews – May 2013

That refers to privacy around Personal Health Information (PHI), but what about even more personal data privacy?

Sexual Activity Tracked by Fitbit Shows Up In Google Search Results – TechCrunch – July 3, 2011

Yikes! It’s easy to say that mistakes will happen with first generation devices, and I’m sure that Fitbit has made the necessary corrections, but how do we establish safeguards for consumers and the digital health industry more globally?

Business Model: This isn’t just about reimbursement or cost – it’s about rights, responsibilities, and yes, liability. Contrary to the notion that healthcare has many misaligned incentives (which it most definitely does), reimbursement is still a viable way to appropriately assign (and confer) rights, responsibilities and liability. It’s a perfectly acceptable business model to simply charge consumers directly – but as a consumer – I have a reasonable expectation that the data collected by devices advertised for clinical conditions will be useful beyond just personal interest. Today, that’s just not as clear as it should be.

One example here is the high profile AliveCor smartphone case for measuring single-channel electrocardiogram (ECG) rhythms. While a prescription is required (in the U.S.) to purchase the AliveCor device, the consumer is expected to pay for the $200 device with no real path for reimbursement. That's all fairly clear, so there’s no real issue there (and consumers can use a qualified health savings account to pay for the device), but that’s where the clinical questions begin. Who’s responsible for interpreting the results – and when? Is the cardiologist (who originally prescribed the device) responsible for interpreting tests that are remotely administered by consumers? How often – and is he liable for an error either in the way the test was self-administered or with data transmission? This exact debate heated up earlier this year when cardiologist Dr. Wesby Fisher posed these (and similar questions) on his blog here.

Each of the 5 points in our digital health checkup represents a