Using COVID-19 Home Monitoring Technologies and Issues on Patient Safety and Privacy

A group of researchers from Harvard University investigated the technologies being used in COVID-19 home monitoring. A variety of technologies were created to cut down the possibility of being exposed to SARS-CoV-2 and diagnose signs or symptoms immediately to give interventions that enhance patient safety and restrict infecting others. A home monitoring technology is defined as a product that monitors and records health-related information of a patient in his/her home with no (direct) supervision by a medical specialist. Patients in their homes use these technologies to monitor signs of COVID-19. Smartwatches and mobile applications connected wirelessly to networks and send health data.

The recently published study in Nature Medicine discusses a number of issues related to patient safety and privacy when using these home monitoring tools. The technologies gather and send sensitive health information and, therefore, there must be applicable security protections that ensure the confidentiality of private information. A lot of these home monitoring technologies were created speedily and that has presented problems that were not completely addressed.

Their research affirmed that interventions were necessary to make sure of patient safety and compliance with privacy laws, regulatory guidelines, and Emergency Use Authorizations (EUAs). Though the United States has privacy laws, privacy concerns are only addressed to some degree. There is a loophole that allows a company to collect health data and freely share that with other entities. Although there are legitimate reasons for sharing the information, for contact tracing, for instance, other potential uses are worrisome like commercializing patient data.

One of the primary issues with these technologies is the classification set by the Food and Drug Administration (FDA). Some are classified as medical devices and must undergo FDA review. But others aren’t regarded as medical devices and escape the scrutiny of the FDA. At present, most home monitoring technologies aren’t classified as medical devices and are not under the FDA’s control. The FDA noted that products intended to monitor contacts or locations connected with public health monitoring normally do not fall under FDA regulation given that they usually don’t satisfy the medical-device description.

HIPAA requires patients privacy protections which includes home monitoring technologies. However, HIPAA is only applicable if the technology is made available by a HIPAA-covered entity. When a patient opts to utilize home monitoring technologies without the instruction of a HIPAA-covered entity, the privacy protection required by HIPAA will not apply.

On February 4, 2020, the Secretary of Health and Human Services (HHS) proclaimed COVID-19 to be a countrywide public health emergency and passed three Emergency Use Authorization (EUA) Declarations associated to medical devices that covered:

  • in vitro diagnostics for SARS-CoV-2 diagnosis and/or detection
  • personal respiratory protective devices
  • medical devices, in general, which include substitute products that are utilized as medical devices like home monitoring devices

The FDA has likewise released a number of EUAs for home monitoring devices and more will likely be further issued.

The researchers warn about the potential risk of authorizing home monitoring devices by means of the EUA pathway. The medical devices are uncleared or unapproved devices or cleared or approved for uses that are uncleared or unapproved; hence issuing a EUA doesn’t mean the product is safer or beneficial for monitoring. Other devices are authorized by performing a risk/benefit analysis. With this method, it is hard to ascertain where to draw the line for authorization. Regulators must always be careful and thorough in making such decisions, even in moments of crisis.

The researchers furthermore noted that whenever issuing a EUA, it is up to the FDA whether to waive particular requirements that normally help to lower risks related to the manufacture of devices and avert harm to the end-user. The researchers suggest incorporating many safeguards in the manufacturers of the devices to ensure patient safety and privacy protection.

Using these monitoring devices may also pose a risk of giving false positive and false negative results, which means a failure in correctly diagnosing symptoms of COVID-19. In turn, delayed treatment could have life-threatening outcomes. A false negative finding may also contribute to a person not self-quarantining, and possibly infecting others.

Lowering the risks related to these technologies is feasible if the developers follow an ethical process and give reasonable guarantees that their devices are safe and efficient. Vendors should additionally take into account the circumstance in which their products will be used and must evaluate the potential difficulties brought on by the environment and the way users interact with the devices to ensure the success of their products.

As a best practice, device manufacturers must try to integrate HIPAA’s specifications, like encryption, in the design of their home monitoring tools even if HIPAA is not directly applicable to their products.

The researchers advise that the HHS ought to create guidance addressing the minimum cybersecurity requirements during the COVID-19 pandemic, to help quickly implement new products while at the same time making sure proper safeguards are put in place to abate cyber attacks and give a rapid response to any identified vulnerabilities.

Home monitoring technologies can help lower personal contacts among people and exposure to COVID-19. However, the fast creation of new products also presents problems such as safety and patient privacy. Makers should follow the ‘ethics by design, even in a pandemic’ motto in creating home monitoring products to fight this public health emergency.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA