The 19th century was about the Industrial Revolution. The 20th century, the Digital Revolution. As we march closer to the third decade of the 21st century, it is becoming clearer that this century’s revolution will be the Data Revolution. After all, companies are monetizing it, countries are weaponizing it and people are producing it.
In the medical space, this has fostered conflicting aims. The promise afforded by collecting and analyzing digital health data for insights into population health and personalized medicine is tempered by haziness on who owns and leverages that data.
But even as government actors struggle with the question of how to regulate data, technological progress marches on. Given the dizzying array of technological products claiming medical benefits hitting the marketplace, regulatory agencies have had to contemplate, and take, drastic steps to keep up. For instance, in the past two years the FDA has taken the following steps:
- In July 2016, the FDA clarified what constituted a “low-risk” device such as fitness trackers or mobile apps tracking dietary activity.
- In June 2017, new FDA Commissioner Scott Gottlieb outlined his vision for a more streamlined process for digital technologies which moves from a “case-by-case” approach to one that allows developers apply consistent safety standards to innovation.
- Just a month later, the FDA announced the pilot for a digital health pre-certification program for individual companies which allows those firms that demonstrate a “culture of quality and organizational excellence” and the need for minimal regulation to introduce products to be marketed as new digital health tools with less information communicated to the FDA, sometimes with no “premarket submission at all”.
- By September 2017, nine companies, including tech heavyweights Apple, Samsung and Alphabet-backed Verily, had been selected for the pre-cert process.
- On February 13, 2018, the FDA further specified that low-risk products would be evaluated by looking at the firm’s practices rather than the product itself and announced its intent to create a new Center of Excellence on Digital Health which would be tasked with establishing a new regulatory paradigm, evaluating and recognizing third-party certifiers and hosting a new cybersecurity unit to complement new advances.
With this flurry of activity, the FDA is clearly moving toward a principles-oriented and firm-based approach to regulating digital technologies. This means moving away from certifying medtech products to the producers.
From an efficiency standpoint, this is a logical and overdue re-orientation of regulatory purpose. If we live in and wish to foster an innovation economy, it stands to reason that government should seek to develop trust and relationships, with innovators large and small alike. Doing so can also theoretically ramp up competition in the marketplace by reducing the barriers to entry for smaller, nimbler, competitors who may have less time, and money, to navigate the byzantine FDA approval process for each medtech product before they go bust.
But the FDA has still punted on the elephant in the room – what do we do about the data collected and transmitted by these devices? Currently, we have disparate companies, agencies and medical facilities collecting reams of health data. But for what purpose? And to what end?
The truth is that governments the world over don’t seem to know how to answer that question. As noted by the Centre for International Governance Innovation (CIGI) when speaking about Canadian healthcare, “vast amounts of health data remain isolated and underutilized”. But why?
CIGI points to the lack of common standards that allow for even basic interoperability as the key culprit for current failures to leverage health data to derive insights into population health and to spur advances in personalized medicine. With information as a new driver of profit, companies are often disincentivized from bringing down the technological walled gardens which prevent the exporting of data for use in other applications, both in the U.S. and abroad. One only need to look at the interoperability mess created EHRs, a technology not regulated by the FDA.
However, there are other barriers at play as well. Legitimate concerns such as data privacy and cybersecurity plague the sharing of health data. In the U.S., this is compounded by an utter lack of governmental clarity on how to address these issues. Not only does the U.S. not have a single, centralized federal legislation related to data protection, various agencies (e.g. FTC, FCC, HHS, FDA) have legitimate and overlapping cases for jurisdiction when disputes arise, particularly when it comes to health data.
This poses numerous problems in regulation and questions abound, ranging from technical (what standards do we employ?), to legal (to what extent does which agency have jurisdiction?), to philosophical (what do we want to research with standardized health data?). In practice, we’re left with an absurd situation in which issues are punted between agencies and stakeholders are left unclear on where to turn for answers when it comes to how new technology deals with existing data. This has a knock-on effect on innovation with the FDA itself noting that the “current regulatory framework is not well-suited for driving the development of safer, more effective software-based devices, including the use of machine learning and artificial intelligence”.
With the U.S. failing to overcome a sectoral approach to regulation, there is no clear, singular voice tasked with guiding, educating and coordinating the public and private sectors on best practices. In fact, the hodge-podge of federal, state and local laws, regulations and rules relating to health data has created a confusing, and even contradictory, “alphabet soup of legislation” – that is, if the data is even regulated at all.
Simply put, continuing to do what we’re doing is a prescription for failure. It also seems both inefficient and naive to place faith in the private sector to bail us out of this mess. As noted previously, there are lucrative incentives to hoard health data rather than to figure out the fairest way to share and leverage it for the common good.
Instead, the time has come for real national leadership to address this issue. Health data should no longer be viewed as a byproduct of treatment or technology but instead as a key economic good to be contextualized, defined and regulated as part of an integrated national strategy and, ideally, tasked to a single national regulator. Doing so will allow all Americans the best shot at sharing in benefits of the proliferation of health data equitably.
And, as Americans know, all good revolutions are based on the promotion of freedom and equality. Why should the Data Revolution be any different?
Author’s Note: For a Canadian view of the need for a national data strategy, including in the healthcare sector, click here.
Jason Chung is the Law & Technology Editor at The Health Care Blog. He also writes on the intersection of health, technology and sports as the senior researcher and attorney at NYU Sports and Society, a think tank dedicated to the study of sports and social issues.