All’s Not Well with Health Wearables and Fitness Trackers
Are Indian consumers sharing sensitive information unknowingly by using health trackers, asks Shalini Seetharam.
The fitness wearables market in India has grown exponentially in recent months through a spurt in homegrown companies developing wearables, and a steady increase in the sale and demand of such devices. Global leaders in fitness wearables brands such as Fitbit and Jawbone have entered this competitive market.
Health and fitness wearable devices are strategically marketed to the tech-savvy and fitness-conscious, with promises of providing insights into their lifestyle practices and dispensing health suggestions based on personalised data collection.
Data from fitness devices can help healthcare trend-tracking and public health policy-making, and consequently, improve health outcomes. Already, major technology majors such as Apple, Google and Samsung are developing devices to bridge the gap between mere fitness tracking and the delivery of medical care.
In India, with technology-enabled public health delivery initiatives such as e-health under the current government’s Digital India initiative, we may see wider use of cheaper health trackers in the foreseeable future.
However, major device security vulnerabilities and data privacy issues have been detected in leading fitness trackers and their accompanying applications. With several users and a number of medical practitioners choosing to rely on these devices for personal fitness and health tracking, which display newer security risks each day, the lack of stringent regulation is disconcerting.
Functional, Privacy and Security Concerns
Wearable devices are equipped with numerous sensors that are designed to perform a range of functions. Embedded multi-sensor trackers can detect and document information ranging from step counting, sleep monitoring and calorific intake to heart rates of the users. Consumer health wearables that can be purchased directly without a prescription can even track blood pressure, temperature, sleep patterns and mental well-being.
Over time, fitness wearables will host more user information, including medical data, which if fraudulently accessed, may be misused in several ways. This is compounded by the fact that devices are increasingly becoming interconnected with other hardware, storing data on the cloud and foregoing visual displays, which considerably increases the risk of unauthorised access and data leakage.
this is a cause of concern for anybody
who values personal privacy, it is even more significant when the data in
question is personally identifying and sensitive, as is the case with health
Fitness Wearables Are Not Medical Devices
One major reason driving the sales of fitness wearables globally has been the possibility of employing them in the health sector to monitor medical conditions. But medical practitioners are not always able or willing to use consumer-derived data from fitness wearables which may not be reliable and valid for medical purposes.
This is because the manner in which fitness wearables record data is not standardised in the same way that collection of data by conventional medical devices is. Medical devices are tested and validated using standard regulated processes for medical use, and the data generated by them is treated as protected healthcare information in most countries.
Why Should Indian Consumers Care?
In India, medical devices are regulated by the Central Drugs Standards Control Organisation (CDSCO) under the Ministry of Health and device manufacturers of conventional medical devices are legally obligated to protect personally identifying data. However, as fitness wearables are not ‘medical devices’ they are not subject to the same regulatory standards.
While provisions of Information Technology Act, 2000 and Information Technology Rules, 2011 are applicable to manufacturers of fitness wearables or aggregators of corresponding data, this might not be a strong framework of regulation with regards to data privacy and security.
Wearable technology makes a token appearance in the draft policy on standards for the Internet of Things (IOT) architecture, but no other explicit reference exists in policy or law in India.
It is only a matter of time till someone suggests the use of cheap fitness and health devices for widespread public health tracking in India. The data generated by these devices while possibly leading to enhanced care can also put sensitive health information of patients at the risk of misuse on account of their cyber and device vulnerabilities.
In a country where the right to privacy is itself being debated and there is no robust data protection law, it is vital that privacy and security concerns surrounding these devices are preemptively alleviated before their use is mainstreamed in the healthcare sector.
(The writer is a Research Fellow at the Vidhi Centre for Legal Policy. This is a personal blog and the views expressed above are the author’s own. The Quint neither endorses nor is responsible for the same.)
(The Quint is available on Telegram. For handpicked stories every day, subscribe to us on Telegram)
Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.