Out-Law News 2 min. read
07 Nov 2014, 3:13 pm
The Information Commissioner's Office (ICO) has published a survey in an effort to gather views on the types of medical devices currently being used in the UK and how it impacts on the collection and use of personal information.
"We are examining the use of medical devices in the NHS and healthcare sector, including how the technological profile of devices has evolved, the use of mobile devices and medical apps," the ICO said. "We are interested in how these devices are integrated into the wider healthcare technological landscape, and to help us we are seeking the views of the professionals who administer and support medical devices, and of data protection and compliance specialists, and other interested stakeholders."
The ICO said that the information provided in the survey would help inform its team of auditors, who deliver free data protection audits or participate in advisory visits to organisations.
However, data protection law and digital health expert Matthew Godfrey-Faussett of Pinsent Masons, the law firm behind Out-Law.com, said the survey is likely just to be the start of the ICO's increasing focus on digital health initiatives.
"With the new EU Data Protection Regulation inching closer and further changes in the regulation of medical devices at EU level also on the horizon, the ICO will need to be on the front foot in developing and revising its guidance in real time," Godfrey-Faussett said. "The exponential take up of lifestyle apps by the smartphone and tablet generation and the roll out of monitoring and treatment apps in the healthcare sector mean that a very large proportion of the population will have a real interest in the way that their most sensitive data is gathered, used and stored."
"This survey is a signal that the ICO is going to be doing a lot more in this area. Those developing and launching digital health apps and related solutions need to be proactive in monitoring the ICO’s position as it develops, in order to minimise the cost and delay associated with compliance redesign work," he said.
In the US, a government watchdog outlined concerns about the security of medical devices and said it would be devoting greater scrutiny to this area next year.
In its work plan for 2015 (90-page / 3.52MB PDF), the Office of Inspector General (OIG) for the US Department of Health and Human Services (DoHHS) said it would determine whether "oversight of hospitals’ security controls over networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety".
It said that the link between "computerised medical devices", including dialysis machines, radiology systems and medication dispensing systems, and electronic patient medical records and the wider health network creates "a growing threat to the security and privacy of personal health information".