Wearable medical devices are expected to have a major impact on the healthcare sector, but data security will remain a concern.
However, despite well documented security risks, worldwide revenues of wearable medical devices are expected to explode from $2.8 billion in 2014 to $8.3 billion in 2019, according to analyst firm Mordor Intelligence.
The potential benefits that wearables in the healthcare sector offer are many. They are expected, for example, to enable patients to have constant access to their complete health records. In this way, patients can share information in real-time with physicians, insurance companies, and other parties. Massive volumes of data transferred from wearables could be a goldmine of valuable information for researchers and clinicians.
Wearables will also represent a significant shift in how patients transfer, access, and ultimately control data shared with physicians, representing a great change in patient-doctor relationships. “Traditionally, 80% of the time the doctor has controlled your information and 20% of the time you have. But with wearables, consumers will have much more control of their information and what they choose to do with it,” Mick Coady, principal, U.S. health services for PricewaterhouseCoopers (PwC), said. “The patients as well as the physicians will arrive at the doctor’s office much more informed via wearables.”
However, security risks and concerns will have to be resolved if wearables will realize their potential in the marketplace.
As is the case when any kind of personal data is shared, security risks are involved when the data is transferred over networks and when third parties store the information on their databases.
"The reality is that wearables and mobile health/wellness/fitness applications do involve security risks in data storage and data movement that increases risks of security breaches,” Greg Caressi, senior vice president of healthcare and life sciences for Frost and Sullivan, said.
Among the two major security risks, information transferred from devices to databases pose the least threat. This is because the data transferred will largely consist of incomplete information about the patient when the wearable transfers it. Individual data points about blood pressure, glucose levels, or other specific health-related information usually does not pose a significant threat if intercepted by a hacker individually.
“[Data thieves] are probably not going to want or need only a portion of your medical information that is coming off wearables, such as heart rate, calorie intake, or oxygenation in the blood,” Coady said. “What is the relevance of it being associated with your name and your record in totality that could be used to commit fraud or identity theft?”
Data thieves will thus likely not be as interested in stealing less-valuable information about very specific patient data. But a database that a healthcare service or insurance company manages that has complete medical history information that wearables have uploaded over the course of time is a much more lucrative target. “It is your name and record in totality that is of value,” Coady said.
Often overlooked, data collected on a massive scale for research purposes also represent a major security threat.
“Privacy and security are paramount when it comes to patient data and the data collected in a clinical trial. Any data captured from wearable devices used for clinical trials must be highly secure,” Kara Dennis, vice president, chief of staff, Medidata Solutions, said. “While there is still a lot of hard work ahead to understand the best ways to use wearable devices in clinical trials and to understand how mobile health data relates to traditional clinical measures, we’re excited by the potential of wearable, consumer-grade device. They should provide more comprehensive, nuanced insight into the health status of patients and the progression of disease.”
The good news is that existing laws, mandates, and regulations such as HIPAA should largely cover the encryption of data transfer and storage of wearable medical devices.
“Physicians and insurance companies have had a few years to become compliant and to abide by the laws in place, etc.,” Coady said. “So while wearables are a new technology that consumers are adopting, the parties storing the information have had a few years under their belt to properly store the data in a reasonably secure way that is compliant with existing laws, mandates, and regulations.”
Considering the potential benefits that wearables offer the healthcare industry, device makers, third-party medical service providers, and consumers will likely accept the security threat the devices pose on a massive scale--if vendors, healthcare providers, and other parties involved can demonstrate that they can adequately protect the data.
"I think that like other data risks we encounter in the financial and employment worlds, we will be willing to trade off these risks for the benefits we are likely to accrue. Most wearable and telehealth solutions involve major gains for the individual in insight into their health, enable them to better self-manage their health, and add in the value of convenience that the brick-and-mortar healthcare world does not provide,” Caressi said. “More than most of the security risks we encounter, wearables are something we ultimately control as a choice we make individually, so individuals will be able to decide ourselves if the risk is worth it for themselves. While there will eventually be some scare articles that come out when a significant security breach occurs, and it will have a small impact on the drive to add personal sensors to our daily lives, I don't think it will derail the wearable movement over the long term."