At Internet of Things hearing, industry groups petition Congress for light regulatory touch

By Jonah Comstock
The App Association Executive Director Morgan Reed The App Association Executive Director Morgan Reed

Yesterday the US House of Representatives Judiciary Committee held a hearing about the Internet of Things, and though the conversation was broad and far-reaching, mobile health and healthcare connectivity did hold some floor time. Both Morgan Reed, executive director of ACT The App Organization and Gary Shapiro, CEO and President of the Consumer Electronics Association, spoke about health in their testimonies.

Shapiro listed a number of different facets of the the Internet of Things that CEA has seen over the past few years, and ended the litany with a reference to mobile health tools.

"I am especially excited about how the IoT will help us care for our older loved ones in years to come," he said in his prepared remarks. "As our population advances in years, and the number of caregivers shrinks, smart home devices enable seniors to live independently and comfortably at home, retaining their quality of life into their golden years. Connected devices can remind seniors to take their medication, refill their prescriptions, and help prevent accidental over- or underdoses."

Reed, meanwhile, focused his talk entirely on the mobile health segment, describing how, in the future, "rather than a yearly update on one’s vitals in a doctor’s office, sensors will empower people to share it with a care team, have it incorporated in a cloud-based health record, or shown on a dashboard app in just a few taps." Services like Microsoft HealthVault, Apple Health, and Apple ResearchKit are already moving in that direction, he said. Yet as of now, few doctors are willing to prescribe these tools to patients, because of regulatory uncertainty.

"Questions about privacy, security, reimbursement, and government regulation meet to create an environment where companies are worried about making devices more medically relevant, and physicians worry about the impact on their practices," Reed said. "Patients and care providers must also know that their information is private and secure. Industry best practices around the treatment of sensitive health data, as well as a commitment from government to support these practices, are important to establish trust and push this industry forward."

Both Shapiro and Reed advocated a loosening of federal regulations, and a shift toward industry self-regulation. In particular, Reed questioned the Electronic Communications Privacy Act (ECPA) which allows the government to search electronic information without a warrant after 180 days, including HIPAA-protected health information. This makes it hard for companies to secure patients' trust, Reed said, since they can't guarantee they won't have to give up their information to the government. Shapiro added that it's a competitive disadvantage for global companies who can choose to operate in other countries in order to keep their data safer.

"The success of mobile health is founded on trust," Reed said in his remarks. "To establish trust, our companies must be able to keep sensitive health data secure and private. While there’s currently no legislation on encryption, we ask that you take seriously any government efforts that would require companies to put citizens’ data at risk."

In the wider sphere of data privacy, Reed and Shapiro extolled the virtues of industry self-regulation. Shapiro said the legislative focus should be on transparency, so that patients can give data to companies if they wish to and if it's in their best interests, but will never have their data used without their knowledge.

"If you put too much of a line around privacy, you're trading off opportunities for new services that businesses will provide," Shapiro said. "I think what companies need to provide is transparency, and then consumers will make a reasoned decision about what they're willing to give up in return for [some benefit]. I think it's premature for Congress to draw the line, but having the discussion is really important. I think there should be a national consensus and people should have the freedom to share data. The FTC has taken a case-by-case approach and that's a good approach because this is a quickly evolving area. ...My recommendation is we let it play out a little and if we're going to legislate we do it in a specific way."

Congresswoman Judy Chu asked Shapiro how industry-led regulation would circumvent the "fox guarding the henhouse" problem of companies regulating in their own self-interest as opposed to in the interest of the public. Shapiro responded that the government should give industry the chance to self-regulate, but certainly be ready to step in if they fail.

"It is true that a lot is going on vertically," Shapiro said. "We have our own wireless health company group that is focusing on creating rules that everyone can live by, in part because it's the right thing to do and in part because there's Congress which will create rules if they don't. ... My point isn't that this isn't a legitimate area for government conversation. It's that there's so much happening from an innovation point of view, there's different directions we can go in. And if industry goes in the wrong direction we're perfectly confident that the government will be there."