Cassandra - With Positives of Health and IOT Devices Comes Potential Data Misuse for Users (2): The Ethical Minefield

By Graham K. Rogers

The Apple Watch ECG feature shows the importance of wearable devices to the health of users. There are, however, risks from data misuse or loss and these may increase. As user data could be misused they need to be aware of risks but more protections should be built into services.

The biggest passive collector of data is my Apple Watch. I have had every version of this device and while I used it initially mostly as a messaging conduit (and still do), its health tracking features have matured considerably. When the Apple Watch 4 was announced I was excited for two specific reasons: Fall Detection; and the ECG feature which has only jut been rolled out for users in the USA this week.

When it appears in other countries depends on the authorities in those states (and Apple's pressure), although with an early report of a user's experience, some countries may begin to recognise the value of this feature as a guide.

One of the first to try out the ECG feature was wise enough to re-test himself when his Apple Watch produced a worrying result, even trying it on his wife (result - normal), but he kept finding an A-fib reading. He then took the right step by seeking medical advice. He did indeed need medical attention. In the first article I saw (Peter Cao, 9 to 5 Mac), the doctor is quoted as saying, that he "thought we would see an upswing this week. I didn't expect it first thing this morning". Like my own experience with the blood-glucose testing device, such results should only be treated as warnings and Apple is at pains to point this out.

A couple of years ago, as well as the Withings Blood Pressure monitor, I tested a QardioArm Blood Pressure Monitoring Device. With a spare device, I passed this on to my mother while on vacation as she was being tested regularly wearing a monitoring device for days at a time. She would visit the surgery and data would be downloaded to a PC. She mentioned then that she would be able to check herself and send the results by email, but the medical staff were apologetic and said that they were not set up for this.

Withings Blood Pressure Monitor (left) and Qardio Blood Pressure Monitor

Earlier this year, however, they asked her to bring the device in so that they could check calibration. It passed and now if there is a problem detected at home, she can contact the doctor for an appointment, saving time and use of equipment.

Home testing and Wearable devices have become more important in health care. This month, some of my students working on Senior Year Projects outlined a GPS-based device for patients with Alzheimer's disease that allows families to monitor them if they become lost. Another group is working on a wearable device that sends an alarm if a child strays too far from the parents. A couple of years ago another group of students worked on a fall-detection project for those at home.

The idea of Fall Detection is close to my heart as my mother has had a series of falls in recent years. Most were misjudgements. On a couple of occasions the effects were serious, but fortunately she was not alone. Fall detection is aimed at people like her and has already helped people in other circumstances, enabling calls for help to be made via the phone connection.

Years ago when in the UK Police I broke into a house where an old lady lived. She had fallen downstairs and had laid on the cold stone floor all night. She was taken to hospital in time because a neighbour noticed she had not appeared as usual. There was no Apple Watch then of course, but she (and my mother) are perfect targets for such technology.

I have set up my Apple Watch to record movement, heart rate, stand hours and other passive inputs. I also record exercise using the Workout App. All the data is recorded in the Health App on the iPhone as well as being accessible on the Apple Watch itself. With other input from the Nokia/Withings monitoring devices and the Sleep Cycle app, I am able to have a fairly good picture of my day to day condition, but I am keenly aware that I should have more, like calorie, sugar and water intakes. These are less easy to set up for automatic recording.

I also recognise that the Health App (initially) and then the Apple Watch made me far more aware of my shortcomings (weight, exercise and more) and that the ability to monitor these actively and passively have increased my awareness of my physical well-being. This was brought home to me by a medical problem a few months back when I was able to track weight loss after a short illness. Surgery fixed the problem and I was able to monitor the subsequent weight gain and maintain this at a more acceptable level.

A number of students and staff where I work are also now using the Apple Watch and, while they use it mainly for recording exercise, they are including heart rate and other inputs to build a picture of their physical condition. Chance Miller (9to5mac) reports also that health insurance providers offering Apple Watch-based incentives to clients noted that users improved their exercise, with "an average of 34 percent more activity". Healthy clients means fewer payouts for insurance companies of course, but it also means that fewer medical personnel are tied up with unnecessary processes, a problem Dr Milani had outlined when I spoke to him.

Apple Watch 4 and Health Monitoring - Images courtesy of Apple

While examining this increase in the use of devices to monitor health, it appears that as well as obvious benefits, there are clear downsides. The tip of the iceberg is the use of an app for the vibrator: with data being sent to the developer (at that time), there could be a risk for the information to be made widely available. The recent and unrelated hacking of data from Marriott is a warning that any data online could be at risk: Starwood Hotels guest database of about 500 million customers was stolen (Zack Whittaker, TechCrunch). The Sleep Number mattress records and transmits more data than some would be happy with, while the patient using the CPAP breathing machine that shares information with his insurance company is obviously unhappy with the implications.

It does not stop there, although I and others fret about the risks to users, NBC News (Adiel Kaplan, Kalen Goodluck, Kaitlin Sullivan and Pauliina Siniauer) report that the very companies who should be protecting the users are lobbying for a loosening of controls. While this article examines product safety, it is only a small step to the data safety. Companies are just as responsible for patient information as they are for the medical technology: more closely related these days. Claire Novorol (Forbes) also sees the link between devices and data, sounding a warning about how developments have the potential to add to the risks for patients.

Also commenting in a Tweet about the growing use of the iPad in medicine, Sameer Habib writes, ". . . I run a multi-provider medical practice, all of our providers are 100% iPad based. They see patients in office, in nursing homes, and hospitals and use their iPads for all their visits. Vastly increases patient satisfaction!" This mirrors the potential that Dr Milani was able to relate to me back in 2016.

Some domestic (IOT) devices also record data and there have been one or two tales concerning the way users have been monitored with conversations stored by the respective Google and Amazon devices. As well as lights that are controlled by my iOS devices, I am able to monitor conditions (e.g temperature) in my home and a careful examination of this might reveal when I am in the condo. Motion sensors and IOT locks may also store data: useful and revealing.

The idea that users simply trust the device and the developer or service provider and click on Yes or Accept has severe implications. Developers, manufacturers and service providers may need to make, No, the default in the way that Apple nags users who try to delete a file or erase a disk: Are you really sure?

Users rarely read the Terms & Conditions. I illustrate this with my Computer Engineering students and point out some of the things they sign up for with Facebook, Google and other major handlers of their data, including allowing them (in some cases) to share data with law enforcement agencies.

There must be clearly stated information on who any data might be sent to when signing up with an app, or for a service online. It is useless hidden in the wordiness of Terms & Conditions. Any such permission needs to be brief and clear. It should be be brought to the user's attention during the sign-up process, not once but several times - at the risk of nagging - with separate panels for each potential data recipient, including (but not only) developer, doctor, manufacturer and insurance company. And government.

See also: Part 1 - With Positives of Health and IOT Devices Comes a Potential Data Minefield for Users: The Value of Devices

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)