With discussions on consumer data privacy again reaching a head amongst the lay press and lawmakers, it isn’t too far a stretch to wonder whether the data collected continuously through health and fitness wearables is receiving appropriate scrutiny.
During a wearables-focused panel discussion held yesterday at PULSE: The Atlantic Summit on Health Care in Boston, top names from Fitbit, Empatica, and UnitedHealth Group each said that these devices are not exempt from the ongoing conversation concerning data collection and privacy.
“We really need to invest in privacy and security, and also be incredibly transparent with people about what’s being shared with whom, so that they can make the right decisions about what they want to do with their data,” John Moore, medical director at Fitbit (and previously the cofounder and CEO of Twine Health before its recent acquisition), said during the panel.
Recent months have certainly highlighted data security openings across healthcare, with hospitals and their troves of patient data becoming an increasingly appealing target to hackers.
Consumer fitness and health devices weren’t off the hook either, as Strava’s fitness app was recently shown to not only betray the locations of US military bases and patrol routes, but also allow anyone to de-anonymize user-shared data to reveal names, speeds, and heart rates. In 2016, Fitbit itself was the target of a cyberattack that collected email address, usernames, and, of note, user GPS data.
While keeping users’ recorded data safe already poses a formidable challenge for Fitbit and other fitness device companies, the increasing movement to integrate both consumer and medical grade wearables into regular care only raises the stakes, stressed Tom Beauregard, chief innovation officer at UnitedHealth Group.
“I would say it’s something we have to learn about, right? It’s one thing to track steps and motivate people from a wellness perspective, it’s another when you’re looking at [it] with a CGM, or depression levels,” Beauregard said during the session.
Continuous monitoring through fitness and medical wearables gives researchers the opportunity to being used to identify new clinical insights on chronic diseases, and offers care teams a chance to observe and correct patient behaviors that could be impacting their health, Rosalind Picard, a professor at MIT Media Lab and the cofounder and chief scientist of Empatica, which makes an FDA-cleared seizure-detecting watch, explained. As the technologies and analyses behind these devices continue to advance, though, she warned that it will become easier and easier for third parties to identify the name behind the numbers.
“We have to let people know that … we can not only identify your heart rate and respiration from your motion activity while you think you’re not moving, we can identify you, in small groups,” she said. “Even data that you think doesn’t have your name, address, or whatever on it can actually be used to identify you. So, I think we need policy, too, about not re-identifying data that looks de-identified.”
Consumers and patients who are generally unaware of the data they’re generating may be one hurdle for the wearables industry, but the greater challenge may be those who know where the data is going and simply don’t trust device makers, insurers, or others to handle it appropriately. Here, Beauregard noted interesting trends that his group has seen during their own trials and rollouts of the devices.
“If it’s a parent who has a child with Type 1 diabetes or asthma, those fill up very quickly. Parents want help and they’re willing to accept that kind of monitoring because it’s real-time disease management,” he said. “When it’s adults, like a Type 2 diabetic or another sort of chronic condition, we do find that the participation rates are a little bit lower. There’s a different level of focus when it’s you versus your kid, and a different level of paranoia, for a lack of a better word, in terms of how that data is being used.”
Patients’ willingness to share their data also seems to change depending on who they are speaking with, Beauregard continued, as having the primary care physician be the one to suggest wearing a continuous monitoring device is much better received by patients than having the an insurance company solicit their consent.
“There’s ways to do both, but we really have to understand how to engage consumers in this in a way in which they trust that the data is being used to their benefit,” he said.
Currently, UnitedHealth Group incorporates trackers, including Fitbit devices, into wellness programs like Motion, which looks to win over more skeptical plan members by offering a monetary reward for healthy behaviors. Ideally, though, Beauregard said that the best way for his company and others to win over hesitant consumers is to prove that these devices can drive improved care without any drawbacks, privacy or otherwise.
“A program like Motion is really important, and it’s on the wellness side of the spectrum, but really where digital health, connected models need to go is toward the 40 percent of the population that have chronic conditions,” he said. “What we really need to get to are models for people who have chronic conditions where there’s disease management occurring, and that’s looking at their day-to-day results and then doing outreach as appropriate, either through the physician or through nurses like we have at Optum. From my perspective, that’s the real promise of digital health — it’s trying to engage people with chronic conditions, not just the folks that are just naturally interested in wellness and health.”
