COVID-19 Home Monitoring Tools Pose Patient Privacy, Safety Risks

August 14, 2020 - The COVID-19 pandemic spurred the rapid adoption of remote patient monitoring tools to support patient care in light of social distancing needs. But the accelerated development of these technologies potentially increased risks to patient safety and privacy, among other regulatory concerns. 

Published in Nature Medicine, a group of Harvard University researchers assessed the adoption of these home monitoring technologies amid the pandemic and needed interventions to ensure patient safety and compliance with regulatory requirements, privacy laws, and Emergency Use Authorizations (EUAs). 

The study defined home monitoring technology as products used for monitoring without direct supervision from a healthcare professional and that collects healthcare-related data. Remote patient monitoring tech is included, while a telehealth visits were not considered for the purposes of the study. 

The researchers sought to determine ways to balance the need for these technologies, while preserving patient privacy and safety. 

“The current COVID-19 pandemic has... accelerated the rate at which artificial intelligence and technologies are being integrated into healthcare in order to decrease exposure among healthcare and non-healthcare workers,” researchers wrote. 

“The development of home monitoring technologies during this pandemic is being expedited to keep up with the demand,” they added. “In particular, for better control of the spread of COVID-19, contact-tracing and warning apps have been implemented in several countries.” 

Privacy concerns are prevalent with home monitoring technologies as they collect health-related data and require adequate security to ensure autonomy and maintain trust. Researchers stressed that without trust, patients won’t use these crucial platforms. 

Further, US privacy laws only “somewhat” address privacy questions of these platforms, which has created a blind spot that “would allow these companies to freely share the data they collect on people.” 

“Some uses may be bona fide and largely beneficent, such as providing data to contact-tracing programs to better manage a crisis, but other uses may be more objectionable, such as commercializing the data gathered from patients,” researchers explained. 

For the researchers, the issue is the manner in which some home monitoring tools are classified by the FDA. While some platforms are classified as medical devices and subject to FDA review, others are not and are therefore not scrutinized by the FDA. 

These devices include apps to monitor food consumption and other tools chosen by patients. HIPAA also lacks regulations for third-party apps, chosen by patients and not associated with their healthcare provider. 

However, regulatory pathways are crucial during pandemics given the need for rapid innovation, without adding unnecessary risk. Previously, a host of industry stakeholders have raised similar concerns around the rise of COVID-19 contact tracing apps – the Google and Apple partnership, in particular. 

"The FDA has recently clarified that it does not consider most software systems and apps for public health surveillance to be medical devices,” researchers explained. “The FDA noted products that are intended to track contacts or locations associated with public health surveillance are usually not subject to FDA regulation since they generally do not fulfill the medical-device definition.” 

“Consequently, the determination of whether the software function is considered a medical device is always made on a case-by-case basis,” they added. 

Meanwhile, the Department of Health and Human Services issued three Emergency Use Authorization (EUA) Declarations for medical devices for in vitro diagnostics, respiratory protective devices, and alternative products used as medical devices amid the national emergency. 

The FDA has also issued several EUAs and more are expected in the future, including home monitoring technologies. But in doing so, these EUAs have also added significant risks to patient privacy and safety, including that some are uncleared or unapproved medical devices or have been approved or an uncleared or unapproved use. 

“The FDA assesses these devices on the basis of four criteria only. In particular, one of the criteria is that there is a reasonable belief that the device may be effective in treating, diagnosing, or preventing COVID-19,” researchers explained. “Thus, the issuing of an EUA does not suggest that the product is safe or effective for monitoring.”  

"Another criterion for authorization is the performance of a risk/benefit analysis, and it is difficult to determine where to draw the cut-off for authorization on the basis of this type of analysis,” they added. “Regulators should always make such decisions carefully and thoroughly, even in times of crisis.... When issuing an EUA, the FDA can waive certain requirements that usually help to reduce risks.” 

As the initial requirements were developed to prevent harm to the end user and reduce risks of device manufacturing, researchers stressed that those making any EUA home monitoring devices build in as many safeguards as possible to ensure that the product not only effectively supports the COVID-19 response, but does so in a way to maintain patient safety. 

Home monitoring tech risks also include false-positive and false-negative results and an overreliance on data outputs without asking for medical advice. And as some are not consider medical devices by the FDA, if a COVID-19 tracing device fails to notify a user of a potential exposure, it could result in further spread of the virus. 

Researchers stressed that many of these risks could easily be reduced if device manufacturers and developers take an ethical approach, providing more than “reasonable assurance that the product is safe and effective.” 

A systems view is also needed for remote tech, which requires vendors to consider the context in which the tech will be deployed and an assessment of the potential challenges caused by the environment, as well as how the device will interact with the user to ensure the success of the device. 

“Home monitoring technologies represent a new and potentially problematic incursion into the privacy of people,” researchers wrote. “Because of the heightened privacy expectations, especially in the users’ home, it is important that technology companies, healthcare providers, and public-health officials operate with the highest ethical standards, in particular when the existing privacy regulations do not apply.” 

“The rapid development of new products also poses challenges ranging from safety and liability to privacy,” they concluded. “The motto ‘ethics by design, even in a pandemic’ should guide makers in the development of home monitoring products to combat this public-health emergency.”