52 comments

[ 0.32 ms ] story [ 32.3 ms ] thread
Just not sure how many people care that much about their health/fitness, to want to buy a device to monitor it constantly. I can see it as a possible/likely feature of an iWatch, but is that really such a compelling reason to buy one, regardless of how superior the interface / features are?
Monitoring constantly in the background is exactly what people want, in fact its what society want and your doctor want, it's what humanity want.

The number of applications for this kind of data is infinite.

The concept of data donors will be a reality very soon.

I agree entirely! I'd love to be able to track my bloodsugar all the time if I were a diabetic. Or my cortisol, so i know what triggers my stress better.

However, keeping this data private is terribly important. If it were made known that Jobs had cancer, or might have been looking to see if he did, then you can predict what the stock market would do. The privacy issue here cannot be understated

It certainly isn't what your doctor wants.

The stock objection to constant mass monitoring is that many people are living with the symptoms of serious diseases without the actual disease. Doctors are concerned there will be so many false leads it would lead to a sort of cried wolf situation, where when someone finally is actually ill they won't believe it.

That concern clearly isn't baseless, but it's also short term thinking.

Which is why they should be proponents of this since it will allow them to confirm their objection :)
Wouldn't a constant stream of data allow for more realistic baseline measurements to be set?
(comment deleted)
There are already a number of products out there like this. Check out https://neumitra.com/ here in Boston for a watch that monitors many of your vitals.

If you'd told me in 2000 that everyone would be carrying a always wirelessly internet connected computer with light, video, barometric, acceleration, voice, and gyroscopic sensors, I'd have thought it nuts. Given that, what's a little skin conductivity, pulse, and blood pressure sensing package?

Of course, the bigger problem, is do you trust Google/FB/Apple with all your health data in a time when health benefits are one's most volatile expense? You KNOW others will poach and abuse such data.

$1500 for a watch that I am not quite sure what it does. I read through the FAQ on the website, I am still not sure what it does. I need more proof of efficacy before I shell out that kind of money.
That's my startup! Sounds like we need better FAQs, thanks!

We've benchmarked against $20,000 clinical research equipment for skin conductance with established research collaborators. So right now we're more a research device but working hard to bring the price down without compromising accuracy. We'll follow that same approach as we add sensors.

That watch is a basis watch ($200) missing an optical heart rate sensor.
We've optimized for data quality as I'm a data-oriented neuroscientist with a family history of mental health concerns. So our skin conductance is research grade and we've worked hard to be as thin and comfortable as possible.

That said, I'm really glad to see that Basis has been validating theirs as a sleep device. More validation is a good thing!

You'll have to pry my FitBit Force from my arm (at least until the iWatch comes along). I would love if it was part of an Apple device, and would instantly drop $200/$300 for a combination iWatch & fitness device.
Everybody has a body. And one look at recent trends in food service shows you the move people are making to (psuedo) healthy alternatives. I think this will be huge and personally can't wait.
At Neumitra, we were surprised by how quickly the data gets boring. So we've been pushed to build data integration into most things you do on your phone. We show how music pumps you up or cools you down, how some people really are difficult to talk to, and how places cause and relieve stress. To us, these are the killer apps of health metrics - how the ways you live your life affects how you feel.
I don't see it the same way. Everywhere I go I see people consuming health and fitness products, from easy fad diets to high end sports equipment it seems to me that people have an insatiable appetite for it. Not everyone of course, but in the UK alone the Health and Fitness industry is worth £3.6 billion. I shudder to think what the medical equipment industry is worth. I suspect that whoever can marry the two in a way that is acceptable to consumers will effectively have a license to print money.
Wonder if Jobs was involved in this stuff before he died. One of the reasons that pancreatic cancer is so serious is that it tends not to manifest itself until it's too late to treat.

This fact, and the scope for devices that provide early warnings about serious health issues but that integrate well into the user's life (something Apple have traditionally been good at), is something he'd likely have been thinking about.

(Disclaimer: Totally uninformed speculation)

Not particular relevant, but Jobs had a particularly early diagnosis (edit: and one of the few treatable forms of pancreatic cancer) but ignored his doctors recommendations for almost a year. It is very likely this cost him his life.

http://en.wikipedia.org/wiki/Steve_Jobs#Health_issues

(I doubt this is related to the business initiative, it's probably the fragmented market and fat margins in medical devices)

I had a similar thought the other day. Taking into account the stories about his character, I could easily imagine him looking around in the hospital and decreeing every bit of hardware and software to be a "peice of shit" (excuse the language, I'm paraphrasing). Add to that his own personal experience with his health, it would be hard to imagine Mr Jobs resisting the urge to put Apple's talent to the task.
The "Steve Jobs" biography by Walter Isaacson specifically mentioned that Steve spent a good portion of his time in the hospital designing superior interfaces for the medical devices that surrounded him.
Maybe I'm wrong but it wasn't so much designing as it was complaining about the design of various devices around him. I remember something about a face mask and the pulse reader on his finger. I'm not sure though. It came off as he was being a bit difficult rather than offering up design suggestions.
Many people think health is where the money will be or already is. The population ages, we are getting richer, cannot really eat more, don't seem to want to work much less, so we don't have more time for holidays, and health, for many, is priority #1. So that's where the money will go.
Just like we have blood donors perhaps we should think about trying to promote the idea of data donors.

The value of continues streams of health data for the advance of medicine cannot be underrated.

At Neumitra we're building around a data co-op model. It's a data cooperative.

You don't have to share your data but when you do we can better show how you relate to others. So if you tell us you have high blood pressure, we can show how you relate to others with high blood pressure. If you don't, then we can't.

All of our technologies are being built to assume no data sharing too. In that case, we just show how you compare to yourself.

Curious to hear feedback...

EDIT: If you disagree with the data co-op, please say so!

(comment deleted)
Keep in mind it's standard to do medical research and fiercely guard privacy (HIPAA). At Neumitra, we build-in anonymity before we get a single bit of data.
> At Neumitra, we build-in anonymity before we get a single bit of data.

How do you do this? Have you asked people to try de-anonymizing your anonymous data?

Sorry a bit of self promotion. We started a similar concept in 2009 and we launched our mHealth app in 2010 [0]. AFAIK we were the first or one of the first to do it.

We are collaborating with some amazing researchers, but we have run into a few bureaucratic issues. Some of the institutions we have worked with or been trying to work with, are keep pushing for IP ownership which makes the process more challenging at times.

[0] http://techcrunch.com/2010/01/10/asthmamd-helps-asthma-suffe...

edit: typos.

I wonder if ads are reaching saturation, now the next major online money-making shift will be geared towards the healthcare sector. The healthcare sector seems largely unexplored in most app ecosystems.
Healthcare is a place where there should be competition and openness that will make these devices cheap for everyone. Apple is known for the high premiums and ruthless lock-ins. Plus, they have a huge stash of cash to lobby the FDA and other regulators. At least that's was the case under Jobs' leadership, otherwise I think this is rather worrying.
Apple is also known for bringing technologies that other companies couldn't to the mass market. Maybe they are worth a premium for this reason. The healthcare industry has never been known for its budget friendliness...
Is he wearing a black shirt and bluejeans on purpose?
From 4 years working leading teams in an electronic medical software shop, I urge consumers to not assume that vendors will be good stewards of personal data. forget the boilerplate and assurance that data will only be used in an anonymous way.

1. Never admit to social drinking or smoking. It goes on your permanent record, even at just a mom and pop style clinic with paper records.

2. Above all, never admit to recreational use of marijuana. Maybe that's an obvious statement in some parts of the world, but living in Austin, it's eye-opening to see how minor drug use is something to be proud of.

To preemptively address concerns about HIPAA laws, etc, being adequate protection and that this comment is pure paranoia, two things:

1. Snowden. Enough said.

2. I'm personally aware of a massive DB of client data solely given to the QA department for purposes of debugging a particularly nasty bug mysteriously vanishing from the lockdown where it was supposedly safely stored. There are insiders keenly aware of how profitable it is to acquire and sell medical data...

In summary, you can no longer assume confidentially between health providers/monitors and patient interactions, to the detriment of all involved.

EDIT:

In order to provide some actionable information instead of just warnings:

When I left the industry 6 years ago, it was still binding for a patient to explicitly say that certain information must be kept confidential and not shared with any party besides the physician handling the interaction. By all means, if you have experience with 10 years of using crank, it's highly relevant to provide that info to your HC provider. You just may want to get assurances that the information will be kept strictly confidential. Good luck -- the doctors and staff legitimately want to help; it's just the data miners that want to extract much profit from you as possible.

I agree, if everything is stored in the iCloud.

But the reason I love Apple's ecosystem is that you don't (yet) need the cloud for anything. TouchID works offline and even USB contact/calendar sync is coming back. I assume an iWatch would have a Lightning port to charge it, so why not sync it with your Mac running 10.10 at the same time? Is this wishful thinking in 2014?

TouchID was never meant to be stored at the cloud level and is in fact isolated on the hardware side to prevent easy retrieval of the data.

From Apple's page on Touch ID Security [1]

"Secure Enclave

Touch ID doesn't store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can't be used to match against other fingerprint databases."

[1]http://support.apple.com/kb/HT5949?viewlocale=en_US&locale=e...

> From 4 years working leading teams in an electronic medical software shop, I urge consumers to not assume that vendors will be good stewards of personal data. forget the boilerplate and assurance that data will only be used in an anonymous way.

Thanks. I'm concerned that practices are now using these custom Facebook-style portals for communicating between doctors-patients and viewing medical records and test results with even companion smartphone apps (https://www.healow.com/app.html).

One called eClinicalWeb.com (https://www.google.com/search?q=eClinicalWeb.com) provided by a company called eClinicalWorks comes to mind that many now use. With no oversight and total disregard that people working in the social space have for user data and privacy, I'm terrified that these small medical software shops are just as negligent.

Sadly, this is the most cynical view, that while valid, I have no choice but to fight against to see medical progress. I also work in this area and after a decade as a publishing neuroscientist where we were bound by HIPAA rules and my universities were liable if there was a breach.

I care greatly, and so my company does, about ensuring anonymity and learning from the data as much as possible, if participants continue to share. We assume anonymity before we touch one bit of data. And users always have the option of using our products without sharing anything at all.

To add another datapoint: I work for a large medical device manufacturer. We often need patient databases for debugging problems in the field. Although everyone who gets access to the raw data is HIPAA trained periodically (if your training expires, so do your data access credentials) we have implemented a "download database" feature that scrubs all patient identifying data before it's transmitted over the line.

Sure, there may be some edge cases where we need that ID stuff (haven't come across it in the years we've been doing this), but the point is that we take patient confidentiality very seriously (and the business takes being dinged for a HIPAA violation just as seriously).

It may sound fluffy and Pollyanna-like, but it's hard to be successful in this field without genuinely caring about the patient at the other end of your software.

I absolutely agree with you. Medical progress depends on sharing information between service providers and those researches, etc that can produce actionable results from such data.

I'm trying to give the (necessary) counterpoint: small scale stewards or medical data (often) tend to take an approach of handling patient data centered on cutting costs. Having worked in both the financial and medical industries, I can attest firsthand how there is a (frighteningly widespread) disregard for privacy information.

> To preemptively address concerns about HIPAA laws, etc, being adequate protection

Broadly speaking, HIPAA does three things:

1. It ensures that you (as a patient) have some rights regarding accessing your own data and records.

2. It requires that entities who collect data on you ("covered entities") go through certain procedures when storing and sharing your data

3. It requires certain procedures if and when data is breached.

It does not require covered entities to obtain consent before sharing your data with other companies[0]. It is often necessary to share data with outside entities in order to provide medical care[1]. All it does is mandate a certain legal structure around that sharing of data.

In other words, your data is already being transmitted in ways that you likely aren't aware of. (Whether or not you view this as good/bad, necessary/superfluous is a matter of opinion, but there are a lot of misconceptions about what HIPAA actually does for patients).

Less known is the more recent HITECH act[2], passed as part of the 2009 stimulus. It provides additional restrictions and regulations, but most of those are around the security of transportation and storage of patient data (and the penalties for noncompliance), not around patient consent.

(Obligatory: I am not a lawyer, I am not your lawyer, and this is not legal advice.

[0] https://en.wikipedia.org/wiki/Hipaa#Privacy_Rule

[1] http://www.hhs.gov/ocr/privacy/hipaa/understanding/covereden...

[2] https://en.wikipedia.org/wiki/Health_Information_Technology_...

While technically correct, I think you're glossing over the "legal structure around sharing" bit. In order to share data, there has to be a Business Associates Agreement in place (commonly referred to as a BAA for readers not in the industry.) one of the things that HITECH did was mandate that BA's are ALSO liable for data breaches in the same way covered entities are (provided data is breaches in their custody, of course). This means a BA has to maintain all of the same training and compliance requirements, including physical and logical security and auditing requirements.
> BA's are ALSO liable for data breaches in the same way covered entities are (provided data is breaches in their custody, of course). This means a BA has to maintain all of the same training and compliance requirements, including physical and logical security and auditing requirements.

Yes, but none of that matters if your concern is limiting who actually has (legal) access to your data, which I believe was the original concern.

Business associates may be liable for data breaches, but OP's concern seems to include the fact that the covered entities don't even have to receive consent from the patient before sending data to the business associate in the first place ("In summary, you can no longer assume confidentially between health providers/monitors and patient interactions, to the detriment of all involved.").

Although I hear you and think your concerns are 100% correct I refuse to believe it wont change.

Personally I am hoping that we will see some sort of crypto-protocol which will embed medical documents into it to ensure control with where it is.

It would require some lobbying to make these the only kind of valid documents but I believe things like that will be here before we know it.

Agreed.

I designed, implemented, and supported 5 regional health information exchanges. 80 hospitals, plus clinics, insurers, labs, scripts, etc.

There is no privacy. HIPAA is inadequate.

I've posted about this before. TL;DR: Until we have globally unique identifiers for all patients, their records cannot be encrypted and must be stored plaintext. Otherwise you won't be able to match patient identities (and their records) across systems.

I wouldn't call HIPAA inadequate. It's poorly specified. There's a great deal of fire-and-brimstone to the penalties for violating it, while leaving an enormously vague IDE of exactly what is going to garner a penalty. It has the effect of discouraging any kind of innovative movement in the space or requiring a great deal of capital investment to cover ones bases.

Totally agree wrt to the global ids, however. That would solve a lot of problems with record location, but relys on patients using them. In general I don't think they're altogether politically tenable.

[street cred: I've worked in medical off and on for fifteen years, and built one of the largest biosurveillance networks in the country. If you went to an ER in a city of any size in Texas, your (fully anonymized) data almost certainly passed through that database. I should note that this was for public health purposes, which are exempted from the BAA requirements under HIPAA.]