医疗器械远程监测的伦理和法律问题
Ethical and Legal Implications of Remote Monitoring of Medical Devices.
机构信息
Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School, Harvard University.
Richard A. and Susan F. Smith Center for Outcomes Research in Cardiology, Beth Israel Deaconess Medical Center, Harvard Medical School.
出版信息
Milbank Q. 2020 Dec;98(4):1257-1289. doi: 10.1111/1468-0009.12481. Epub 2020 Oct 20.
UNLABELLED
Policy Points Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Our analysis of health privacy laws indicates that most US patients may have little access to their own digital health data in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation and the California Consumer Privacy Act grant greater access to device-collected data. Our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices.
CONTEXT
Millions of life-sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user-downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored.
METHODS
Using pacemakers and implantable cardioverter-defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records.
FINDINGS
Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device-collected data when the processing of personal data falls under the GDPR's territorial scope. The California Consumer Privacy Act, the "little sister" of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device-derived data.
CONCLUSIONS
Current health privacy legislation incompletely supports patients' normative claims for access to digital health data.
未加标签
政策要点 数以百万计的维持生命的植入设备收集和传输大量的数字健康数据,越来越多地使用用户下载的智能手机应用程序通过制造商服务器将数据中继到临床医生。我们对健康隐私法的分析表明,根据《健康保险流通与责任法案》隐私规则,大多数美国患者在美国可能几乎无法访问自己的数字健康数据,而欧盟一般数据保护条例和加利福尼亚州消费者隐私法案则赋予了更大的数据访问权限收集设备的数据。我们的规范分析主张始终允许患者访问其植入设备收集的原始数据。
背景
数以百万计的维持生命的植入设备收集和传输大量的数字健康数据,越来越多地使用用户下载的智能手机应用程序通过制造商服务器将数据中继到临床医生。患者是否对这些设备收集的数据拥有法律或规范上的权利,特别是在超出其病历中总结的原始、细粒度格式的数据,仍未得到充分探索。
方法
使用起搏器和植入式心脏复律除颤器 (ICD) 作为临床模型,我们概述了数据收集、中继、检索和记录的临床生态系统。我们考虑了美国和欧洲隐私法规对患者访问摘要或原始设备数据的法律影响。最后,我们评估了提供患者访问病历中呈现的摘要以外的数据的伦理论点。
发现
我们对适用健康隐私法的分析表明,根据《健康保险流通与责任法案》隐私规则,美国患者在美国可能几乎无法访问设备制造商收集和持有的原始数据,而欧盟一般数据保护条例 (GDPR) 当个人数据的处理属于 GDPR 的管辖范围时,对设备收集的数据给予更大的访问权限。加利福尼亚州消费者隐私法案,即 GDPR 的“小妹妹”,也赋予了加利福尼亚州居民更大的权利。相比之下,我们的规范分析主张始终允许患者访问其植入设备收集的原始数据。智能手机应用程序越来越多地参与这些数据的收集、中继、检索和记录。因此,我们认为智能手机用户协议是澄清设备衍生数据的法律和道德主张的一个新兴但可能未被充分利用的机会。
结论
当前的健康隐私立法不完全支持患者对数字健康数据的访问的规范主张。
Zotero 插件