FREEDOM AND SAFETY
In the special wards of Shanghai’s Public Health Clinical Center, nurses use smart thermometers to check the temperatures of COVID-19 patients. Each person’s temperature is recorded with a sensor, reducing the risk of infection through contact, and the data is sent to an observation dashboard. An abnormal result triggers an alert to medical staff, who can then intervene promptly. The gathered data also allows medics to analyse trends over time.
The smart thermometers are designed by VivaLNK, a Silicon-Valley based startup, and are a powerful example of the many digital products and services that are revolutionizing healthcare. After the Internet of Things, which transformed the way we live, travel and work by connecting everyday objects to the Internet, it’s now time for the Internet of Bodies. This means collecting our physical data via devices that can be implanted, swallowed or simply worn, generating huge amounts of health-related information.
Some of these solutions, such as fitness trackers, are an extension of the Internet of Things. But because the Internet of Bodies centres on the human body and health, it also raises its own specific set of opportunities and challenges, from privacy issues to legal and ethical questions.
As futuristic as the Internet of Bodies may seem, many people are already connected to it through wearable devices. The smartwatch segment alone has grown into a $13 billion market by 2018, and is projected to increase another 32% to $18 billion by 2021. Smart toothbrushes and even hairbrushes can also let people track patterns in their personal care and behaviour.
For health professionals, the Internet of Bodies opens the gate to a new era of effective monitoring and treatment.
In 2017, the U.S. Federal Drug Administration approved the first use of digital pills in the United States. Digital pills contain tiny, ingestible sensors, as well as medicine. Once swallowed, the sensor is activated in the patient’s stomach and transmits data to their smartphone or other devices.
In 2018, Kaiser Permanente, a healthcare provider in California, started a virtual rehab program for patients recovering from heart attacks. The patients shared their data with their care providers through a smartwatch, allowing for better monitoring and a closer, more continuous relationship between patient and doctor. Thanks to this innovation, the completion rate of the rehab program rose from less than 50% to 87%, accompanied by a fall in the readmission rate and programme cost.
The deluge of data collected through such technologies is advancing our understanding of how human behaviour, lifestyle and environmental conditions affect our health. It has also expanded the notion of healthcare beyond the hospital or surgery and into everyday life. This could prove crucial in fighting the coronavirus pandemic. Keeping track of symptoms could help us stop the spread of infection, and quickly detect new cases. Researchers are investigating whether data gathered from smartwatches and similar devices can be used as viral infection alerts by tracking the user’s heart rate and breathing.
At the same time, this complex and evolving technology raises new regulatory challenges.
In most countries, strict regulations exist around personal health information such as medical records and blood or tissue samples. However, these conventional regulations often fail to cover the new kind of health data generated through the Internet of Bodies, and the entities gathering and processing this data.
In the United States, the 1996 Health Insurance Portability and Accountability Act (HIPPA), which is the major law for health data regulation, applies only to medical providers, health insurers, and their business associations. Its definition of “personal health information” covers only the data held by these entities. This definition is turning out to be inadequate for the era of the Internet of Bodies. Tech companies are now also offering health-related products and services, and gathering data. Margaret Riley, a professor of health law at the University of Virginia, pointed out to me in an interview that HIPPA does not cover the masses of data from consumer wearables, for example.
Another problem is that the current regulations only look at whether the data is sensitive in itself, not whether it can be used to generate sensitive information. For example, the result of a blood test in a hospital will generally be classified as sensitive data, because it reveals private information about your personal health. But today, all sorts of seemingly non-sensitive data can also be used to draw inferences about your health, through data analytics. Glenn Cohen, a professor at Harvard Law school, told me in an interview that even data that is not about health at all, such as grocery shopping lists, can be used for such inferences. As a result, conventional regulations may fail to cover data that is sensitive and private, simply because it did not look sensitive before it was processed.
Identifying and protecting sensitive data matters, because it can directly affect how we are treated by institutions and other people. With big data analytics, countless day-to-day actions and decisions can ultimately feed into our health profile, which may be created and maintained not just by traditional healthcare providers, but also by tech companies or other entities. Without appropriate laws and regulations, it could also be sold. At the same time, data from the Internet of Bodies can be used to make predictions and inferences that could affect a person’s or group’s access to resources such as healthcare, insurance and employment.
James Dempsey, director of the Berkeley Center for Law and Technology, told me in an interview that this could lead to unfair treatment. He warned of potential discrimination and bias when such data is used for decisions in insurance and employment. The affected people may not even be aware of this.
One solution would be to update the regulations. Sandra Wachter and Brent Mittelstadt, two scholars at the Oxford Internet Institute, suggest that data protection law should focus more on how and why data is processed, and not just on its raw state. They argue for a so-called “right to reasonable inferences”, meaning the right to have your data used only for reasonable, socially acceptable inferences. This would involve setting standards on whether and when inferring certain information from a person’s data, including the state of their present or future health, is socially acceptable or overly invasive.
Apart from the concerns over privacy and sensitivity, there are also a number of practical problems in dealing with the sheer volume of data generated by the Internet of Bodies. The lack of standards around security and data processing makes it difficult to combine data from diverse sources, and use it to advance research. Different countries and institutions are trying to jointly overcome this problem. The Institute of Electrical and Electronics Engineers (IEEE) and its Standards Association have been working with the US Food & Drug Administration (FDA), National Institutes of Health, as well as universities and businesses among other stakeholders since 2016, to address the security and interoperability issue of connected health.
As the Internet of Bodies spreads into every aspect of our existence, we are facing a range of new challenges. But we also have an unprecedented chance to improve our health and well-being, and save countless lives. During the COVID-19 crisis, using this opportunity and finding solutions to the challenges is a more urgent task than ever. This relies on government agencies and legislative bodies working with the private sector and civil society to create a robust governance framework, and to include inferences in the realm of data protection. Devising technological and regulatory standards for interoperability and security would also be crucial to unleashing the power of the newly available data. The key is to collaborate across borders and sectors to fully realize the enormous benefits of this rapidly advancing technology.
Xiao Liu ,