means of example, sensor technologies, which physicians use for a variety of
purposes in medical care, have the opportunity to be implanted and connected
to external devices, improving real time monitoring as a patient continues in
her daily life. 19 In order to remotely monitor patients, sensors transfer a large
volume of health data and identifiable health information via the open Web,
potentially increasing the data’s exposure to misuse. 20
It is critical to understand which technologies the digital health
marketplace includes in order to determine appropriate recommendations for
protecting patients and consumers. Practically speaking, digital health
medical devices can be grouped by technological characteristics and type of
implementation (See Table 1). 21 Implanted devices may be network-aware or
not, such as an implanted device that is controlled remotely or continuously
sends health data to another system versus a device that is calibrated prior to
implantation. 22 Implanted devices can also include manufacturer-operated
applications (such as a mobile app or a Web-based app) and data storage
(such as a database). 23
Non-implanted devices, by contrast, may aid in performing a medical
procedure or diagnostics, but do not pervasively interact with the body. Non-implanted devices may include only the device used to perform a procedure,
or devices can be connected to an information system that contains software
to collect personal information about a patient and the procedure. 24 Devices
with software can be configured as network-aware and may transfer data to
a hospital data center or to a manufacturer’s data center or cloud provider. 25
Wearables receive information from an individual and provide
DigitalHealth/ default.htm (last updated Aug. 30, 2016) [hereinafter Digital Health].
19. Ashraf Darwish, The Impact of Implantable Sensors in Medical Applications, 2
AUSTIN J. BIOSENSORS & BIOELECTRONICS 1016, 1016 (2016), http://austinpublishinggroup.
20. Gunawardhana, supra note 4 (explaining that when data is exposed to the Internet,
absent cybersecurity controls, outside parties could change data, resulting in inaccurate
treatment, or hackers could steal data, such as identifiable personal information, and use it for
21. See generally Digital Health, supra note 18.
22. Cybersecurity for Medical Devices and Hospital Networks: FDA Safety
Communication, U.S. FOOD & DRUG ADMIN., http://www.fda.gov/MedicalDevices/Safety/
AlertsandNotices/ ucm356423.htm (last updated Oct. 9, 2014).
23. E. T. van der Velde et al., Integration of Data from Remote Monitoring Systems and
Programmers into the Hospital Electronic Health Record System Based on International
Standards, 20 NETH. HEART J. 66, 68 (Jan. 10, 2012).
24. CLAUDIOBECCHETTI&ALESSANDRONERI,MEDICALINSTRUMENTDESIGN AND
DEVELOPMEN T: FROM REQUIREMENTS TO MARKET PLACEMENTS 20 (2013), http://media.wiley.
25. MELISA BOCKRATH, MEDICAL DEVICES BEGIN TO DRIFT INTO CLOUD, KELLY SERVICES
8 (ebook), http://www.kellyocg.com/uploadedFiles/Content/Knowledge/Ebooks/Medical%