Anna Rudawski of A&O Shearman writes*:
Wearable tech is everywhere: smart rings that track our every move, medical devices that can time and dose meds, luxury smartwatches… But as we obsess over our step counts and sleep scores, bigger questions arise. Are unseen eyes—doctors, developers, data brokers—also watching? Who’s protecting our data, and what boundaries—if any—exist at this rapidly expanding digital frontier?
Here, we clarify the complex and evolving U.S. regulatory framework around medical devices and wearables. We also explore their associated privacy and cyber risks—and explain the responsibilities of developers and end-users.
The default assumption in the U.S. is that all health data is regulated by the Health Insurance Portability and Accountability Act (HIPAA). However, in reality, health data privacy is regulated by a patchwork of federal laws, agency rules, and a maze of state regulations. HIPAA is just one piece of a much bigger, messier puzzle.
Read more at JDSupra, because it’s not just HIPAA to know about and the FDA and FTC also have significant roles.
*Erica Cook co-authored this article.