Innovation in mobile health impacts law

By Nicolas Terry

terry Terry

There is a health care revolution going on in your pocket and on your wrist, and it is one for which the legal system is ill-prepared. Health law often lags behind shifts in clinical practice and organizational structures. Notwithstanding, current law maps reasonably well to major tenets of traditional health care, including the regulation of medical devices and the duties of providers to protect patient information. In other words, health law seems up to the task of regulating health care’s business-as-usual model.

Mobile health is poised to upset that model. Notoriously, health care is relatively immune to traditional market forces and is more difficult to disrupt than other industries. Instead, change has been reliant on massively compromised and politically fraught interventions, such as the Affordable Care Act. Mobile health offers a different, parallel path. Most of its apps and wearables do not support existing models of health care. Rather, developers are delivering the consumer-centric aesthetic and functionality that health care policymakers are now beginning to conceptualize.

Of course, for many of the tens of thousands of health apps in the Apple and Android stores, that remains an exaggeration. Health care is not going to be upended by an app that provides access to your medical record. Rather, the revolution began when first generation fitness trackers evolved into true wellness apps, and apps that monitor and help manage chronic conditions became more sophisticated. Just around the corner are apps that diagnose, even suggest, treatments.

In sum, mobile health promises better and more personalized care combined with improved convenience and lower cost. However, health law’s contribution to this new health care ecosystem has been minimal. The U.S. Food and Drug Administration (FDA) has pursued a regulation-light approach to medical app approval. A 2013 non-binding guidance (revised in 2015) stated that most health apps (such as fitness trackers) would not face regulation. In contrast, the FDA will regulate apps that convert a smartphone into what otherwise would be a regulated device (for example, by plugging in an accessory blood pressure cuff) or apps that perform “patient-specific analysis” and provide “diagnosis or treatment recommendations.”

The latter may be the most interesting and potentially the most revolutionary type of app, capable of doing things no conventional health provider can (or doing them faster and cheaper). The apps are always on, monitoring the patient (or the pre-patient) 24/7, and are highly context-aware with knowledge of place, temperature, surroundings and, increasingly, of people and things around us. Also, many apps are very smart, leveraging sophisticated, cloud-based analytics.

What is unclear is whether the current regulatory environment is promoting or thwarting innovation. For example, the Apple Watch is capable of measuring pulse oximetry and, theoretically, capable of alerting some patients to dangerous symptoms. However, the watch was released with this functionality disabled. It is possible that the quality of its measurements would not have satisfied regulators. Equally, questions as to device regulation or liability exposure could have been relevant to that decision. If regulatory or liability indeterminacy is the issue, then mobile health innovation may be at risk.

While device regulation applies to manufacturers and not health care providers, health privacy regulation works in reverse. The HIPAA privacy and security rules apply to traditional health care providers such as doctors and hospitals. If a hospital (or its business associate) builds an app to access its electronic medical record or patient portal, HIPAA likely applies. However, the vast majority of health apps are not curated, sold or implemented by HIPAA “covered entities”; they are built by technology companies and sold through app stores. As a result, much of the fitness and health data collected by mobile apps and wearables has very thin legal protection. The Federal Trade Commission might intervene if a developer breaches its own privacy policy. Beyond that, eventuality users must hope that Apple enforces the rules (such as a ban on using health data for advertising) built into its developer agreements.

A legion of other legal issues surrounds mobile health. How “good” at diagnosis can an app get before state licensing boards ask awkward questions about the “practice of medicine”? What will be the impact of app-based clinical trials on drug development? Could a doctor be liable for recommending an app or a hospital liable for maintaining an app formulary? At this time, lawyers involved in health care and mobile technologies are struggling to fill a very real and growing legal vacuum.•


Nicolas Terry is the Hall Render Professor of Law & Executive Director, Hall Center for Law and Health at Indiana University Robert H. McKinney School of Law. His “The Week in Health Law” podcast is at and he is @nicolasterry on Twitter.

Please enable JavaScript to view this content.

Story Continues Below