By Phil Bradley-Schmieg
The UK Information Commissioner’s Office (ICO) has launched an informal survey of current practices relating to the use of data-enabled medical devices and apps.
The short and anonymous survey explores whether organisations have put in place specific policies and procedures, asset registers, IT security requirements for medical device procurement policies, information governance and incident response processes, and an “end of life” policy for defunct/decommissioned devices.
It also asks high-level questions about the technology being used, such as whether the devices can connect to the Internet, and about the use of medical apps, mobile phones, tablets and dictaphones.
Medical devices, which under EU law include both hardware and software being used for medical purposes, are becoming increasingly smart, and nowadays can generate or process significant quantities of very sensitive data about an individual’s health.
We’re increasingly seeing data protection and medical device regulators trying to get to grips with how to regulate e-Health. Hot topics range from wearable devices and the Internet of Things, to “software as a medical device” (SaMD), a broad category of “medical device” that can includes mobile or desktop apps — or even spreadsheets.
As e-Health gets smarter, medical device and data protection regulators are increasingly going to find themselves having to regulate different and sometimes overlapping aspects of the same technology. Working together harmoniously will be an important challenge.
What’s more, the EU is currently hard at work revising the regulatory frameworks around both EU data protection and medical devices. As a result, regulators, businesses and healthcare organisations across the EU are likely to face significant changes in the compliance environment in the not-so-distant future.
As new rules and technologies emerge, regulators will have to be well-informed and sensitive when it comes to regulating the healthcare sector, to avoid hindering patient care and medical progress with impractical, ill-informed attitudes and guidance.
If these issues are important to you, we strongly encourage you to follow both our InsidePrivacy and InsideMedicalDevices blogs for coverage of the latest developments in privacy, data protection and medical device regulation in the EU, U.S., China and elsewhere.